CableCARD: A Primer

Introduction

We know that you'd like nothing better than to get rid of that set-top box sitting on your DVD player. It's ugly, it's clunky, and it has its own remote. Extra cables snake about the back of your entertainment center, providing ideal conditions for some type of electrical fire, and the matte black box clashes with your brushed silver aesthetic. To top it all off, you have to pay for the privilege of using this thing—if you want digital cable, it's the only way to go.

The collective groans of anguish from cable box users across the country have at last reached the ears of the cable industry, which has a (federally mandated) plan to ease your pain. It's called CableCARD, and it promises to do away with set-top boxes forever. And though CableCARD has tremendous promise, it is still a mysterious technology even to most of the technorati. If you're a regular Ars reader, you've probably heard the term, you know what it means, but you're the tiniest bit confused about exactly how it works, how you can get one, and exactly why you might want one.

That's why we've prepared this handy guide to CableCARD. Once you're done reading it, you will know more about CableCARDs than anyone in the country, save the engineers who developed them.* You will learn what to tell your Uncle Wilbur when he asks if his new TV really needs to have a CableCARD slot, you'll know what new hardware to buy if you want to use a CableCARD with Vista, and you'll learn why your mother was right when she told you that patience is a virtue.

* Gross hyperbole. Still, you'll know a lot.

How we got here

CableCARDs have an intriguing pedigree. They come not from the cable industry, but from Congress, which in 1996 passed the massive Telecommunications Act and charged the FCC with (among other things) creating a more competitive market for third-party set-top boxes (STBs). Specifically, section 304 of the law directed the Commission to:

"assure the commercial availability to consumers of multichannel video programming and other services offered over multichannel video programming systems, of converter boxes, interactive communications equipment, and other equipment used by consumers to access multichannel video programming and other services offered over multichannel video programming systems, from manufacturers, retailers, and other vendors not affiliated with any multichannel video programming distributor." [emphasis added]

The question was, how exactly would this competitive market be created? The FCC's answer (PDF) was to force the cable companies to separate the two key features of a STB: navigation and security. This meant that, in theory, any manufacturer's navigation system (which includes anything that tunes and displays a cable feed; think a traditional set-top box, but also a TiVo) could be used with any cable provider's security system and that peace, love, and plug-and-play interoperability would reign from sea to shining sea.

The cable industry settled on a "point-of-deployment module," or POD, that would incorporate all the necessary security functions needed to create a "conditional access" system. The device would therefore be responsible for detecting whether a user was authorized to view certain content and then to decrypt that content if he or she was entitled to do so. Development of the POD was turned over to the research arm of the cable industry, CableLabs, based in a campus out in Louisville, Colorado.

The device that CableLabs designed was straightforward enough: a PCMCIA type II card responsible for decrypting protected MPEG video streams. Because "point-of-deployment module" was unlikely to get consumers queued up at Best Buy, the device was christened a "CableCARD." To give added impetus to the deployment of these new security devices, the FCC then banned cable companies from offering the traditional, "integrated" STB to customers at some date in the future (currently July 1, 2007, though it has shifted several times already).

To get the new CableCARDs into consumers' television sets, and to have them do something once they got in there, a massive engineering operation began. Motorola and Scientific-Atlanta (just acquired by Cisco, pending regulatory approval) built the cards, the cable companies prepared to deploy them, and the consumer electronics companies built the necessary hardware into their highest-end TVs. By late 2004, it was possible for an adventurous customer to track down a CableCARD-enabled TV and to cajole the cable company into sending out a technician (oh yes, a technician is required) with one of the magical cards. The beauty of the CableCARDs system came from what it did not have: another box cluttering up the living room, another remote control to misplace, and a high rental fee (CableCARDs typically go for a couple of bucks a month).

The first generation

Unfortunately, the first generation of CableCARDs (v1.0) had issues. Obviously, as with any new technology, there were growing pains as all the companies involved learned the ropes and support staff were brought up to speed, but CableCARD had a bigger problem than mere technical glitches—one that many consumers did not learn about until they experienced it firsthand: CableCARDs were one-way devices.

This may not sound like a big deal until you realize what CableCARDs cannot do. They cannot display an interactive program guide (though they can display a basic, noninteractive guide to what's showing), they do not provide pay-per-view options, video on demand is out, and any interactive services (such as Time Warner's "eBay on TV" service currently in beta down in Texas) are a no go. Worse yet, hardware with a CableCARD v1.0 slot will not be compatible with CableCARD v2.0 devices, which will be two-way. Or, more exactly, it will be compatible, but only in unidirectional mode, which means that it will get no benefit from the newer card. (The 2.0 spec (PDF) is set, but don't expect to see any shipping televisions that support it until 2007—and even that may be optimistic.)

Furthermore, current CableCARDs are also single-stream, meaning they can only decrypt one channel at a time. Most DVR makers (like TiVo) want multistream capability so that they can display one show while recording another, and the single-stream limitation of CableCARD has been a particular thorn in TiVo's side for some time. (They have since signed a software-only deal with Comcast that will put their software on an "integrated" DVR, and they have also toyed with plans to release a two CableCARD DVR of their own that would overcome the single-stream limitation.) Picture-in-picture is also out.

To sum up then, CableCARDs have led to the introduction of the first television sets that are Digital Cable Ready (DCR). Much like STBs for analog cable mostly disappeared once televisions were cable ready (unless you wanted premium channels or pay-per-view, of course), digital STBs are likely to be swallowed by televisions in the same way. CableCARD provides the security, your TV provides the navigation interface. Pretty simple, really.

But come on—this is Ars, and this wouldn't be an Ars article unless we spent some time frolicking among the technical specifications and bounding through the protocols. We won't do anything too mentally taxing, but for those who want to get their learn on, keep reading. (Those of you who would rather jump straight to the big-picture analysis can skip to the next section.)

What it is and how it works

To understand exactly how a CableCARD works, let's start at the beginning. While self-provisioning could become a reality, all cable companies currently require a technician visit to install a CableCARD. You did know there was going to be a technician visit, right? (As Comcast, one of the largest cable companies, tells Ars, "This is consistent with our approach to many new products because it provides our employees with 'real-world,' hands-on experience that helps us offer the best customer experience as possible. Moving forward, we're evaluating self-install options for CableCARDs.")

Though some consumers believe that the purpose of such visits is simply to bill them US$40 for having someone shove a card in a slot, the reality is a bit more complicated. Both the CableCARD and the "host" device (TV, TiVo, PC, STB, etc.) have their own unique keys that are recorded by the technician, who then calls this information back to the main office, where it is entered into the computers at the "headend" of the cable line. These unique keys provide more security for the cable company but less freedom for the consumer, since encrypted channels can only be decoded by a registered CableCARD/host combination. Basically, this means that a CableCARD cannot be moved between televisions without a technician visit.

Once these keys are recorded, the CableCARD is "hit" by the cable company, which simply means that it is remotely programmed with information about what channels and services you have paid for and are entitled to watch. This is done by sending an Entitlement Management Message (EMM) from the headend to the CableCARD. An EMM is an out-of-band transmission (it sends data over low frequencies not reserved for cable channels) that authorizes a specific CableCARD to decode a specific set of services (HBO, etc.) to a specific host. Once this is done, the CableCARD is ready to go. To explain how it works, let's follow a typical cable signal from the headend to your screen.

The "headend" is a series of computers and equipment that compress, encrypt, and modulate the video signals, which are usually passed along a fiber optic line to your local node, at which point the signal is carried on coaxial cable. That cable eventually winds its way into your home, where it attaches to the back of your television set. There the signal is split into two parts, the in-band and out-of-band, and decoded by separate receivers. We've already touched on some out-of-band signals above, so now we'll follow the in-band signal, which is where most of the action is.

In-band signals contain the content you want to watch, such as HBO or Discovery HD. They are packaged as MPEG-2 streams, and most will come encrypted. Each channel is given a few megahertz of bandwidth between 54 MHz and (typically) 750 MHz or 864 MHz on the coax cable, and the television's internal tuner locks onto whichever stream you have selected to watch. The tuned stream is then passed to a demodulater and is then ready for decryption—and this is where the CableCARD comes into the picture.

The demodulated, encrypted signal passes from the TV into the CableCARD, which first checks the EMMs to see if the user is authorized to view that channel (basic channels may not require an EMM). If so, the card then pulls something called an "Entitlement Control Message" (ECM) out of the in-band signal. The ECM is the key needed to decrypt the channel, and it is sent along the line every 100 ms in order to eliminate the delay often found when switching channels on older systems. The ECM is also rotated every few seconds in order to discourage hacking. The ECM is itself encrypted by a proprietary mechanism built into both the headend and the CableCARD, so when a CableCARD attempts to descramble a channel, it first decrypts the ECM, which then allows it to decrypt the MPEG-2 stream. (Special thanks to The Diffusion Group and their report on digital cable for helping clarify some of this information.)

So far, so good, right? Now we have a clear MPEG-2 stream ready for viewing—which is why the CableCARD re-encrypts the signal using the keys that it has already exchanged with the host device. This is to prevent hackers from using the CableCARD to decrypt the signal and then outputting it in a clear and easy-to-capture format. The newly-encrypted signal is passed to the host, which (if it's a TV) decrypts the signal using the shared key it has generated with the CableCARD and displays the stream for your viewing pleasure.

"But what about a DVR?" you ask, and with good reason. The cable company did not build all this encryption into the product only to see it thwarted by a digital video recorder that outputs an unencrypted HDTV signal to the television. Therefore, if the host device is not a display device, it is required to encrypt the video stream yet again for transmission to another device. This last type of encryption is "link encryption" such as HDCP, which Vista will also require between the PC and the monitor in order to display protected content in its full high resolution glory. It is likely that other operating systems (e.g., Mac OS X) as well as consumer electronics will use HDCP too.

Holy encryption, Batman! If we're using a DVR, the stream has now been encrypted three separate times, providing almost true end-to-end encryption. It's not complete, of course, because at some point a signal must be unscrambled (so that you can watch it), and most TVs have a slate of outputs. How to plug the final hole? CableCARD does this by sending Copy Control Information from the card to the host, which is required to abide by it (unless the maker wants its CableCARD license pulled). The system handles both digital and analog content, in both cases using a two-bit code (00, 01, 10, or 11). The CableCARD communicates directly with the CPU of the host device and lets it know what restrictions are in place for the current content. The digital side of things can prevent content from being copied altogether, if this is what the cable company wants, or it can allow a single copy, or even unlimited copying. The analog system is similar, but can dictate what level of Macrovision "split burst" protection must be applied to analog outputs.

The CableCARD v2.0 spec complicates this situation somewhat by providing up to 200Mbps of bandwidth between the host and the CableCARD to allow for multiple MPEG-2 streams from multiple tuners (new CableCARDs will support at least four streams, but you'll need a tuner in the host device for each stream). It also provides for an out-of-band transmitter in the host that can send information upstream to the headend, thus allowing for pay-per-view services, video on demand, and truly interactive programming. Whether such devices will ever become commonplace remains to be seen—because what's on the horizon today could spell the death blow for CableCARD tomorrow.

Good things come to those who wait

By now, you are probably wondering if CableCARD is for you. In order to answer that question, we first need to talk about future developments in the industry—developments that could well render the CableCARD obsolete.

One obvious development that we have already touched on is the future deployment of CableCARD v2.0 devices, which will be two-way and multistream. Hosts with a legacy CableCARD v1.0 interface will not work with the new cards, which means that if you buy a CableCARD-enabled television set today, it will never be capable of two-way services like pay-per-view without adding a digital set-top box—and if you had wanted one of those, you probably wouldn't have bought a CableCARD-ready TV in the first place.

The new cards should be available by the middle of 2006, according to Brian Dietz, Vice President of Communications for the National Cable & Telecommunications Association in Washington, D.C. The NCTA has filed a status report with the FCC anouncing that the cards (from Motorola, Scientific-Atlanta, and NDS) will be ready this year, though it is unclear whether consumer electronics devices will support them right away. As CableLabs (the group that developed them) tells Ars, "Two-way, multistream CableCARDs are currently being tested successfully at CableLabs and should be ready for deployment in [the second half] of 2006. The real question is the availibility of retail consumer devices that can take advantage of the features that these CableCARDs offer." That "availability of retail consumer devices" will be key, and analyst Gary Sasaki doesn't think we're going to see a usable CableCARD v2.0 system in 2006—and maybe not even in 2007. "Earlier hopes for 2007 were characterized as optimistic," he says, "and this is probably still true." So don't hold your breath—you could be holding it into 2008.

DCAS

But CableCARD v2.0 may not make much of a splash because of the development of a new technology referred to as the Downloadable Conditional Access System (DCAS), which will do away with CableCARDs altogether. In a nutshell, DCAS puts the security functions of a CableCARD into a software program that can be downloaded into any host device and then run. To enable this functionality, the cable industry is developing a specification called OCAP, the OpenCable Application Platform, which will eventually place standard APIs inside the host devices—in essence, making your television a computer. OCAP will enable cable companies to write not only security software but other applications (interactive games, video on demand systems, etc.) that will be able to run on any piece of OCAP-branded hardware. This is a great advantage (for the cable companies) over the current setup, which often requires them to write or tweak software for each STB. It also does away with the physical security component, which will cut costs (and means that consumers don't need to pay a monthly rental fee). And because all OCAP-enabled devices will be capable of two-way communication, they won't be subject to the drawbacks that currently affect CableCARDs.

DCAS is a big enough deal that the FCC has agreed to extend the ban on offering integrated set-top boxes (those with both navigation and security functions) if the cable industry can show that DCAS will work. In March 2005, the FCC wrote that "if downloadable security proves feasible, but cannot be implemented by July 1, 2007, we will consider a further extension of the deadline." This may in fact happen, because the NCTA is now reporting that DCAS will indeed work, but probably not until 2008. Brian Dietz tells me that "we [the NCTA] expect downloadable security to be supported nationwide by MSOs [cable companies] by July 2008. At that point, retail devices will be using DCAS too, so, going forward, retail devices will use DCAS rather than CableCARDs (everyone agrees DCAS is better and less expensive than cards).

DCAS also provides greater security for the cable industry, since it allows them to change their entire security structure by simply downloading new software into host devices. If a particular algorithm is cracked, it can simply be swapped out for another one. In addition, OCAP-based systems will have internal support for some kind of smart card (something akin to a SIM chip) that will function as a "last resort measure in case the DCAS system is really hacked to the core," according to Gary Sasaki.

So does this make CableCARDs obsolete the minute DCAS appears? No—not if you wait for CableCARD v2.0. CableLabs explained it to us when we contacted them about this issue:

Right now a retail DCR [Digital Cable Ready] TV is bound to a specific Conditional Access System (CAS) thru the CableCARD. In a DCAS device this binding occurs after a secure software download of a specific Conditional Access client. In laymen's terms, DCAS is equivalent to a downloadable CableCARD.

CableCARDs will also be supported for some time by the cable industry, even after DCAS becomes a reality.

If you do choose to wait on getting a CableCARD-ready TV, you'll be joining the rest of the market, which has largely yawned at the new technology to date. Consider the example of Comcast, my own local cable provider. Comcast tells Ars that at the end of the third quarter of 2005, the company had more than 21 million cable customers. Of those 21 million, just over 9 million subscribed to digital cable. Of that 9 million, how many were using CableCARDs to descramble their pristine digital picture? Only 50,000.

In addition to the lack of two-way features, current CableCARDs also command a price premium—not for the card itself, but for the host devices that accept it. Televisions with the CableCARDs slot still retail for a couple hundred dollars more than those without one, and they won't ever be capable of using two-way services. If you can wait for CableCARD v2.0 or for DCAS to arrive, you'll be in much better shape, and much more future-proof.

But I want it now!

That's not the whole story, of course. There are a couple of reasons why you might want a CableCARD today. First off, they do have a few advantages: no ugly box, fewer wires around your entertainment center, and a lower monthly rental fee. They will also allow you to explain to friends that you've "got a CableCARD in there" and then smile like the avant-garde consumer that you are.

And if you're sure you won't have the need for two-way services in the future—then go for it. Cable companies should continue to support them for quite some time, and if you do discover an insatiable thirst for pay-per-view movies, you can always bite the bullet and rent a STB. Not elegant, but at least your television investment isn't wasted.

But there is one intriguing use for current-gen CableCARDs that we have barely touched on yet, and that is using them with home theater PCs (HTPCs). Microsoft Vista will include CableCARD support, which means that you can turn your PC in a high definition DVR using a CableCARD. ATI has already announced one such product, an unnamed "OCUR" (Open Cable Uni-directional Receiver), at this year's CES, and they plan to be on the market with it when Vista launches. This is good news for all you fans of Media Center Edition, though it does have all the regular drawbacks of a CableCARD v1.0 product. Still, if you've been itching to get high definition video into your PC using something other than over-the-air signals, you'll have the opportunity later this year.

The downside of trying to get high definition video into your PC is that it's expensive. If you actually want to see that protected high resolution content, you'll also have the opportunity to buy a new monitor that will work with Windows Vista, and a brand-new PC. That's right—only new PCs from certified vendors will accept a CableCARD. You can forget about buying a copy of Vista and an OCUR to roll your own solution—as ATI told us, their product will only be available in OEM systems, no doubt because of the certification issue.

The other potential problem with waiting for Vista is that there's no guarantee that it will ever work with CableCARD v2.0. This may not be a big deal if you don't care about two-way features on the PC, but if you do want to record those pay-per-view movies or stream video on demand from your computer, you should be aware that the current agreement between Microsoft and the industry only covers the first generation of CableCARDs. Brian Dietz of the NCTA tells us, "The current arrangement with Microsoft covers linear one-way programming. It includes many adjustments of robustness rules and makes provision for the possibility that hackers will try to compromise the security. We will be working with them on two-way cable ready devices that could receive on-demand content. Beyond that we cannot comment."

Whether all this new technology will even allow you to move shows to your PSP or device of choice remains to be seen (but don't count on it). Apple, who may well have a similar plan in the works, has so far kept mum, but look for a CableCARD announcement from them in the next few months.

The bottom line

Set-top boxes aren't going away completely—not quite yet. They will linger on for years, adapting digital television signals (both over-the-air and cable) for use on legacy televisions. Given the frequency with which people such as my grandparents, for instance, buy new TVs, set-top boxes will have a long life.

But once CableCARD v2.0 (and then DCAS) arrive, the set-top box will eventually wither and die as new televisions and PCs absorb the components of the stand-alone boxes. The first generation of CableCARDs have some pretty massive drawbacks, so only get one if you fully understand the downsides of the technology and can live with them. Once CableCARD v2.0 is here in force, though, you can't go wrong with one, even if DCAS becomes a reality a week later.

In any case, get ready for the brave new world of total end-to-end encryption, which is just about here. You have to give the content providers credit for ingenuity, whatever you think of their plans. With the next generation of digital media products (including Blu-ray, HD DVD, and CableCARDs), the content and consumer electronics industries have joined forces to push mandatory encryption standards. They haven't done it through legislation, but through licensing—much as the consortium behind the DVD forced manufacturers to follow region encoding rules if they wanted a license to make the players.

Despite all the DRM technology being built into our TVs, PCs, and DVRs, copying and fair use will still be allowed so long as the content providers do not flag their material with the most draconian copy-control settings. With most of the technical decisions already made, it's increasingly important to let the content industry know how you feel about the restrictions they place on the media you purchase. Remind them that just because the technology exists, they aren't forced to use it.