kfogel: I'll be afk for a moment, but you should present your summary schoen: ok - In the past, cable TV was like phones used to be. No consumer choice, instead, you rent (not own) your set-top-box from the cable company, and you get whatever they provide. - In the late 1990s, the FCC recognize that this was anti-competitive, and told the industry to do something about it - The FCC passed specific rules to make this happen. - The rules never really got implemented. Instead, the industry stalled for time, went away, and came up with a standard "to comply with and implement" the rules, except that it was really a way to get more DRM than the FCC intended into the set-top-boxes. - What the industry did was interpret "interoperability" as "interoperable DRM", with a liiittttle clause making the DRM mandatory :-). - The industry formed a standards body to approve this standard. - The current state of affairs is: there is only that one standard available, for those seeking to comply with the FCC's rules, and only that one standards body to certify you. - So, while there may be some inter-vendor competition now, there is no real competition when it comes to the DRM you get. schoen: okay, that's a VERY high-level overview, and I stupidly did not take detailed enough notes when we talked, so if I'm missing an important point, please forgive me & set me aright. let me see I think that's basically right but I don't quite agree with the sequence of events * kfogel nods and the description of the role of the FCC so the entity that recognized that this was a problem was actually Congress ! thanks so congress instructed fcc to do sthg? the policy of creating a more competitive alternative arises in the Telecommunications Act of 1996 passed by Congress in 1996 and signed by Clinton I can try to find the language schoen: thanks. No need for exact language right now -- in a 45 minute presentation that I'm sharing w/ someone else, I won't have time to go into the exact language of any bills. I just want to get the basic facts right. See, I'm not *totally* irresponsible :-). section 304 of the Act (Only because I have you, apparently...) *nod* I'll mention that, in case anyone in the audience wants to look into it more. schoen: the basic point I'm trying to get across to them is that even when governments have the right idea, they don't have the energy/expertise/attention to prevent dedicated industry reshaping of the intended regulatory effect. hmm.. something smells to al gore here niko: global warming is UNPROVEN. It's a HOAX by the ANTI-SMOKING crowd. DON'T BELIEVE THE HYPE. :-) sorry, I seem to be having some network troubles so, section 304 of the Telecommunications Act of 1996 created 47 USC 549 http://www.law.cornell.edu/uscode/html/uscode47/usc_sec_47_00000549----000-.html that is the entirety of the guidance that the FCC was given a multichannel video programming distributor (MVPD) is the regulatory category that an entity like a cable provider falls into now the only thing there that relates to "security" is this little paragraph: (b) Protection of system security The Commission shall not prescribe regulations under subsection (a) of this section which would jeopardize security of multichannel video programming and other services offered over multichannel video programming systems, or impede the legal rights of a provider of such services to prevent theft of service. now there is a completely plausible explanation of this -- considering that DRM basically didn't even _exist_ when the 1996 Act was written -- that "security" means preventing "theft of service" (getting access to cable without paying for it) schoen: aaaaaha good catch, yes and that the FCC was thus not to adopt a regulation that undermined "security" against "theft of service" right well, it's not such a good catch; EFF was lobbying on this back in 2000 :-) Are you implying that the industry wilfully transformed that allowance for protection into an allowance for DRM? yes, I am implying that you can read the documents where they did it thank you, that's a good thing to point out to peopel and where the FCC let them get away with it uh-huh now on the other side, it is possible to argue that the FCC was given discretion to decide what "security" means, and they did decide and they decided, perhaps, that in our modern digital environment, "security" was allowed to mean something more than just "theft of service" this is where they endorsed it originally http://www.eff.org/IP/broadcastflag/?f=20000918_fcc_hdtv_rule.html you can of course find this document on the FCC's site so the structure of what happened was that the industry came up with a technology (and licensing regime) that it asserted would be an appropriate solution to achieve the purposes of section 304 of the Act then there was endless bickering over this and some revisions and further negotiations and the FCC has really not demanded many substantive modifications to what the industry came up with which in my opinion is exactly what Congress hoped would happen -- that the industry would figure this out through private-sector negotiation they have often suggested that this is how things should go in the telecommunications industry CALEA is a classic example CALEA? where Congress said that networks should be wiretappable the phone network in particular they said that law enforcement should define a wishlist (within certain parameters) and that industry should invent a standard that met that wishlist and then the FCC would approve that standard and then it would have the force of law CALEA is a little clearer about the idea that this is what is desired and it did happen sort of that way, with EFF and CDT periodically suing to try to disrupt the process and achieve greater privacy protections and at one point the industry even fought law enforcement in court a bit anyway, back to Plug and Play it appears to me that Congress wanted the industry to invent something and then the FCC to approve it and that did pretty much happen, although it has REALLY taken a long time I mean REALLY because most people still can't use CableCard or don't know it exists and the Act was enacted over 10 years ago good point there was an interim period where the consumer electronics industry fought with the cable industry over many details of the standards and licensing but in terms of our core interest, the DRM issue you can read this document schoen: ah, that interim period is part of why you said this issue was exceedingly complex? yes http://www.eff.org/IP/broadcastflag/?f=20000918_fcc_hdtv_rule.html thanks "The July 2000 Report stated that cable operators met the July 1, 2000 deadline to have digital separate security modules available for customers, and also made available "build-to" specifications that would allow manufacturers of retailer-supplied boxes to manufacture and market host devices." HILARIOUS notice what year that is anyway: continuing to the DRM stuff starts at para 18 the CE industry, led by Bob Schwartz of HRRC, pushed a very radical line that makes perfect sense to me even today ? (the CE industry parties organized by HRRC here are referred to as "Circuit City") there is a thing called the Consumer Electronics Retailers Coalition anyway read that document starting at paragraph 18 it's not very long or very complicated you don't need to pay a lot of attention to the specific legal arguments just the positions that everyone advocated thankyouthankyouthankyou I am so irritated that we lost this the fact is that EFF at that time had one copyright lawyer and very little organizational experience with the issue oh EFF late-filed comments that were very general 1 week before this ruling came out I don't think one battle here or there is very significant; if the EFF learned from this, that may be the more important outcome. just talking about fair use in the abstract and not really engaging with the statutory language the way Circuit City did it helps that Circuit City's lawyer had been working in this field for a decade or more anyway the whole argument is set up there, including the broadcast flag-like "some content providers insist on DRM" argument the basic issue is paras 18-29 but you should read paras 18-32 you know what the FCC didn't even cite our comments because they were filed so late I just noticed that they only cite HRRC, not EFF oy you should also read the concurring statement by Commissioner Tristani at the very end it's depressing in retrospect Tristani does the then-conventional "hopefully, DRM will not undermine fair use" thing what I call the pious hope :-) I'm going to use that phrase. she feels bad because she supports fair use but she hopes that the industry will figure out a way to make it compatible with DRM now this whole issue got dragged out again a few years later because they had a debate over whether regulations should be placed on content providers themselves At some point, Congress may realize that the industry cannot be expected to design systems that safeguard properties which have no revenue significance for said industries. limiting how restrictively they could flag programming the FCC did choose to regulate the MVPDs in this way including satellite, which REALLY irritated the satellite companies because the satellite companies are not covered by section 304 of the Act at all and were not involved in any of the negotiations and wanted to derive an advantage with MPAA by being more restrictive than the cable companies :-) what Fred called the race to the bottom the FCC limited the uses of the flags? Interesting... that is, different kinds of distribution channels can compete for licensing by promising to be more restrictive of consumers ooooooh because MPAA has a lot of negotiating power but consumers have little and it's much more diffuse Fred talked a lot about this during the broadcast flag issue that race-to-the-bottom explanation is very succinct; I will use it. any would-be content distributor can say "hey, we can restrict consumers in a more fine-grained way than those guys" "you should license some stuff only to us and not to them" it's a very competitive market :-) schoen: I must to bed now. Thank you so much for your help. You and Peter and the EFF are getting maj0r sh0utz at the end of my talk. kfogel: well let me remark on something suer you don't have to read it right now sure that 2000 decision -- do read para 18 and on was the really big conceptual loss for us it was very consequential because they went ahead and actually implemented DRM in the system and the FCC did (later) approve the system as a satisfactory standard under section 304 of the Telecommunications Act which sort of means that it's the law for any cable company anywhere in the U.S. to offer the ability to achieve compatibility with that standard but the FCC did impose regulations to limit how restrictive the DRM could be in the sense that cable companies are not always allowed to flag programming with the most restrictive DRM metadata that exists it depends on what kind of programming it is (!) these are called "encoding rules" you can read about this at http://www.eff.org/IP/broadcastflag/FCC_PnP_Ruling.pdf which is a super-vast and complicated document oh it looks like that URL is broken schoen: np, I can search it up with the SIPs you've given me arrrr, I ought to be able to find the Report and Order it's called "Report and Order and Second Further Notice of Proposed Rulemaking" (there are a lot of FCC documents called that...) the discussion of the encoding rules starts at para 42 of that document it is very complicated and made MPAA pretty mad because they didn't just get to choose exactly what restrictions they wanted but! (this is not the first time the government has restricted DRM in this way; see 17 USC 1201(k)(2)) as far as I'm concerned it's still a major loss for us because there is DRM there at all consequently, no free software system can possibly interoperate lawfully with the U.S. digital cable standard with regard to pay TV content even though there are many pay TV systems in the world that are encrypted only to the point where it's verified whether you've paid schoen: that last point is exactly what I'm aiming at (since this is an audience of free software developers) and then in the clear afterward and those systems contain tamper-resistance only in the device that actually checks if you've paid and actually decrypts for example, most standards-based European pay TV is currently that way you get a clear digital output after it's been verified that you are a paid-up subscriber to the particular channel you're trying to receive That's a useful point to make: that there is another way, and that some countries use other ways. ok must to bed, talk is tomorrow and it's important to be somewhat rested in 2000, the FCC definitively rejected the idea that section 304 should be interpreted to _require_ that the U.S. standard have this property and expressly permitted the industry to create a standard that intentionally lacked this property but the industry declined to do so? the industry has created this standard and the corresponding licensing regime oh * kfogel re-reads by "lacked this property" I mean "lacked the property of being unencrypted post-reception" gotcha I usually call this issue "post-reception content controls" thanks, I will use that phrase if you have "pre-reception content controls" it's what I would consider conditional access (CA) -- making people pay for the services "post-reception content controls" are DRM there is a strong school of thought in the pay TV industry that these are actually the same thing I think because they are totally unused to the idea of thinking of the post-reception hardware or software in terms of consumer hackability. the industry's licenses use the pre-reception controls as a legal hook to get people to agree through license (read the FCC's summary of Circuit City's argument) to keep certain secrets, and not to manufacture certain devices that would lack post-reception content controls there is a lot of multiple negation in talking about this for example, I recently wrote a filing to the FCC related to this It's the old "you agreed to the contract" trick just like with the Japanese digital tv standard you were telling me about, that Brazil adopted. in which I argue that they should reject a particular reason why MPAA asked them to decline to act on DTLA's request to overrule CableLabs's refusal to approve a DRM system that DTLA developed for use in conjunction with the CableLabs standard there are several other layers here schoen: that sentence alone I am incapable of parsing at this hour :-) to be more precise: DTLA says that the FCC must deny that CableLabs properly has discretion to deny approval of DTLA's system MPAA says that DTLA is wrong and we say that one of MPAA's arguments is wrong :-) Well, glad we've got *that* cleared up! :-) telecommunications lawyers deal with this kind of situation all day long :-) actually, now that I read it, it makes sense It takes a couple of careful reads, though CableLabs said the DRM system is not restrictive enough DTLA says it is and DTLA is saying "Who is CableLabs to decide, anyway?" but you really get into a kind of "not not not not not not not" situation and DTLA wants FCC to agree that CableLabs can't necessarily decide. "don't say it's OK for these people to forbid these people to do something that prevents these people from doing something that stops consumers from doing this but fails to stop them from doing that" or whatever And MPAA wants CableLabs to be able to decide, and for FCC to confirm that. And you disagree with MPAA. kfogel: that is correct :-) * kfogel revels in his newfound mastery of schoen's sentence ok really really to bed now good night! Thank you, Seth! sure thing I'm glad someone is interested in Plug and Play this does actually have quite a concrete effect on the design of things like TiVo I'm interested in it as part of a larger pattern (Rick Falkvinge is too, btw). you might ask: why does TiVo engage in Tivoization? answer: because they have to one reason would be: because CableLabs says that every device that will be approved to get the secrets needed to interoperate with a CableCard must be Tivoized yup if you make a device that isn't Tivoized, you can't get the secrets that convince a CableCard that you're an approved host device if the CableCard isn't convinced, it won't give you the keys you need to decrypt the pay TV programming that it knows how to decrypt even if it's otherwise convinced that the programming has been properly paid for! if we had won this issue, Tivo would not have a particularly conspicuous reason to Tivoize as it is, the DRM on digital cable is actually a major source of decisions by consumer electronics companies to build DRM into devices because of course the DRM infects the whole home CE network because devices with DRM will only talk to other devices with DRM MPAA knows this strategic point VERY well EFF should start using "DRM contagion" as a term for this phenomenon or some term that's basically how it works it's like DRM is a virus :-) I have called it "the infection caused by a single quantum of control" it's kind of like Seth Finkelstein's observations about Internet censorship ? * kfogel hears it as last thing before bed, really this time so Seth Finkelstein has pointed out that censorware needs to block stuff like language translation web sites which don't themselves contain any content that is the target of censorship but they incidentally allow users to escape from control mmmm, yeah if you're really trying to control what people can do, you end up having to restrict not only things that directly involve the behaviors you want to restrict, but also other things, if you're really trying to control what people can do, you end up having to restrict not only things that directly involve the behaviors you want to restrict, but also other things, seemingly unrelated, that might be useful as means of escaping from control thus censorware has ended up blocking lots of services that have the EFFECT of being useful as proxies even if they weren't specifically designed or advertised as proxies *nod* in a similar sense DRM has to block interoperability with anything that a user could modify I suspect this principle is older than the Internet. even if the thing the user could modify does not, by default, specifically contradict or undermine a DRM policy because the user could modify it, the user would be able to make it not enforce the DRM policy thus, interoperability with it must be blocked okay, must sign off, no more dawdling for me and it works kind of recursively -- good night g'night