Europe's "Broadcast Flag" dangers

Part of my work with EFF is representing the interests of some commercial Free Software projects at a standards-specifying body called DVB, which sets digital television standards for Europe, Australia and parts of Asia and Latinamerica. The committees I work on are the ones concerned with DVB's DRM scheme, called CPCM (Content Management Copy Protection). This week, the co-chairs of the CPCM committees presented our work to the public at the DVB World conference in Dublin. Wendy Grossman, a columnist for The Inquirer, a British tech site, wrote an excellent report on CPCM and the risks she sees arising from it:

CPCM is intended to create a trusted system analogous to Microsoft's trusted computing platform – now known as Next Generation Secure Computing Base. Commercial content is acquired from a broadcast, data stream, or shrink-wrapped medium. It comes wrapped in metadata known as USI (for Usage State Information) that specifies how the content may be used: for example, how many times it might be viewed, how long it can be kept available, whether it can be copied, how it may be output, and so on. Knowing that increasingly people will have many networked devices from which they want to access "their" content, CPCM creates an Authorized Domain – loosely, a household – that recognizes these restrictions and within which the content is allowed to flow freely. So what about those 30 monks? Are they a household for the purpose of watching last week's Desperate Housewives?

The effort to create CPCM goes into such scenarios. There are, in the draft, according to Mark Jeffrey from Microsoft, provisions for merging domains (marriage), splitting domains (divorce), frequent arrivals and departures (business travelers or kids of divorced parents), and many others. Simply, whenever you turn on a CPCM-compliant device, it looks around for a domain. If none exists, it creates one with a unique ID number; if it finds one, it joins after negotiating a series of tests that are meant to be "transparent" to the user. These devices are all peers, so that if the first one is not present the domain continues to operate just the same. The system is intended to cover only commercial content from trusted sources; personally generated content remains outside it.

Even so, CPCM systems will likely behave differently from what we're used to. For example, the European Broadcasting Union's Phil Laven explained that tomorrow's HDTV set top boxes will stream only to protected devices. Within USI, according to the presentation by Chris Hibbert, who works at Disney and chairs the DVB copy protection effort, will be ways of signalling if content is restricted to a particular geographical area or the location where it's received, and whether it may be exported to non-CPCM systems such as the many proprietary systems currently in use. He mentioned specifically older analog protection systems which may be authorized, but it seems clear from what he said that one effect will be to plug the analog hole. Of course: an analogue copy of protected content could be redigitised without its copy protection and redistributed.

This sounds an awful lot like what's known as "selectable output control". SOC, along with the down-resolution of broadcast pictures, has already been explicitly rejected in the US by the Federal Communications Commission (DOC) to "ensure that consumer expectations regarding the functionality of their digital cable ready televisions and products are met."