BBT Wants to Brief FCC’s Video Security Committee

Beyond Broadband Technology (BBT), the cable consortium that has developed a downloadable security platform for set-tops and other video devices, wasn’t asked to participate on an FCC-appointed committee that will start the pursuit of a successor the CableCARD, but it still wants its voice to be heard.

In a letter to that group – called the Downloadable Security Technology Advisory Committee – on Friday (February 13), BBT CEO and CTO Bill Bauer proposed to give the DSTAC or any relevant sub-committee a “full technical briefing” so they can weigh and explore “the unique aspects and challenges in the development of a true ‘technology and platform neutral’ security system such as BBT's…”

BBT, which works primarily with small cable operators, sought but failed to secure spot on the DSTAC, which will hold its first meeting next Tuesday (February 17). The FCC recently appointed a group of 18 execs and specialists from companies and organizations that include Comcast, Public Knowledge, AT&T, TiVo, Amazon, Evolution Digital and the Motion Picture Association of America.

The DSTAC was formed soon after the STELAR Act became law on Dec. 5, 2014, activating a provision that will sunset the FCC’s current ban on set-tops with integrated security after a year. The DSTAC will help the FCC to identify and recommend  a “platform-neutral software-based downloadable security system”  aimed at promoting competitive availability of navigation devices – something that the CableCARD failed to do. The DSTAC must file a report with the Commission by September 4, 2015.

The BBT and the American Cable Association, meanwhile, have argued that the makeup of the committee underrepresents the interests of smaller, independent MVPDs.

Holding that no members of the current DSTAC committee have been fully briefed on the technical and security details of BBT’s technology, Bauer said the organization would be willing to share those security details “under appropriate safeguards, which are consistent with the Federal Advisory Committee Act.”

Among the points made by Bauer in the letter, he stressed that any recommended technology should work with both one- and two-way transport platforms, since “at least a third or more” of the current MVPD universe delivers serves on unidirectional plant, and any selected approach should likewise be backwards compatible with legacy systems.

Update: To clarify that, BBT noted that the one-way issue involves not just the residual of older, smaller DBS systems, but also DBS and the possible addition of video platforms of digital broadcast channels. 

Bauer also identified what he sees as the “most difficult hurdle” for any cross-industry standard for software-downloadable security – the current prevalence of proprietary public/private key security schemes and the tricky aspects of indemnification – i.e. who’s on the hook if the system is cracked.

“An additional major stumbling block is the associated almost impossible expectation of indemnity,” Bauer wrote. “These intractable issues can be ameliorated by development of a system that does not require a ‘trusted authority’ and allows fully individualized, user controlled software data encryption and conditional access downloadability.”

Arguing that the notion of “unbreakable” security is pure fantasy, Bauer also suggested that the DSTAC should favor technologies that are “nimble and recoverable” and support a design that keeps the “threat targets” small, versus one that would face industry- or nationwide vulnerabilities.