Re: [Discuss-gnuradio] how they can effectively outlaw the GNU Radio

[Seth David Schoen]

ed writes:

> At 10:34 AM 2/28/02 -0800, Steve Schear <address@hidden> wrote:
> 
> >I'm not sure how they can effectively outlaw the GNU Radio as long as the 
> >basic code is fully unbundled and offered as a signal processing 
> >instrument test set construction kit (i.e., it doesn't come packaged with 
> >any "demodulators" and such).  All "add-ons" should be in a separate code 
> >set, maybe in different open source support group.  This, of course, 
> >requires GNU Radio to support dynamically linked modules and scripting, as 
> >has been discussed.
> 
> if you're not sure, then take a few minutes to read:
> 
> U.S.C. Title 18, Section 1029:
> http://www.usdoj.gov/criminal/cybercrime/usc1029.htm
> (and if you think the "intent to defraud" clause disqualifies you, then 
> you've never met a determined federal prosecutor.)
> 
> The Digital Millennium Copyright Act of 1998 also contains some wonderfully 
> vague language:
> www.loc.gov/copyright/legislation/dmca.pdf
> 
> there are probably other federal--and many state--statutes that could apply.

Hi Ed,

We're actually talking about new legislation or regulation which is
going to be proposed, which is much more specific than these statutes.

This is the current draft of the requirements which would be imposed
by that regulation, although this is a crummy text version produced by
"catdoc", which had some trouble with the original Word version.  I'm
afraid that the industries working on this consider it extremely unusual
for someone not to be a Microsoft Word user.


Requirements for the Protection of

Unencrypted Digital Terrestrial Broadcast Content

Against Unauthorized Redistribution

Discussion Draft

February 15, 2002

[X.]??Requirements.

 Definitions.

``Authorized Digital Output'' [definition to come:  DTCP and
HDCP-protected outputs and possibly other outputs to be specified (with
any language necessary to invoke such outputs correctly);  specify how
digital outputs protected by other technologies will be included in the
future].

``Authorized Recording Method for Removable Media'' [definition to come:
CPRM and DVHS and possibly other technologies to be specified (with any
language necessary to invoke such recording technologies correctly);
specify how other protection technologies for making recordings on
removable media will be included in the future].

``Broadcast Flag'' means the ATSC Redistribution Control descriptor
described in ATSC Standard A/65A: Program and System Information
Protocol for Terrestrial Broadcast and Cable, 31 May 00, Amendment 3, 15
October 01.

.

 to comply with the Compliance Requirements and to be manufactured in
accordance with Robustness Requirements.

``Demodulation Function'' means the [narrowest] component, or set of
components, that perform(s) 8-VSB [, 64-QAM or 256-QAM] demodulation of
Unencrypted Digital Terrestrial Broadcast Content (e.g., a demodulation
chip).

``Downstream Product'' means a product (including but not limited to a
hardware device, software application or combination thereof), other
than a Peripheral, that is capable of accessing in usable form
Unscreened Content or Marked Content passed to such product via a Robust
Method, where the manufacturer of such product has committed in writing
that such product will comply with the Compliance Requirements and be
manufactured in accordance with the Robustness Requirements.

``Hardware'' means a physical device, including a component, that
implements in a Covered Product any of the content protection
requirements set forth in the Compliance Requirements and that (i)?does
not include instructions or data other than such instructions or data
that are permanently embedded in such Covered Product or (ii)?includes
instructions or data that are not permanently embedded in such Covered
Product where such instructions or data have been customized for such
Covered Product and such instructions or data are not accessible to the
end user through the Covered Product.

(b)(2).

``Peripheral'' means, with respect to a Covered Product, a product to
which such Covered Product passes, or directs to be passed, Unscreened
Content or Marked Content, where such Covered Product exercises sole
control (such as by using a cryptographic protocol), in compliance with
the Robustness Requirements, over the access to such content in usable
form in such product. 

 and is designed to ensure that such content may be accessed in usable
form by such other product only if the manufacturer of such other
product has committed in writing that such product will comply with the
Compliance Requirements and be manufactured in accordance with the
Robustness Requirements.

.

``Software'' means the implementation in a Covered Product of any of the
content protection requirements set forth in the Compliance Requirements
through any computer program code consisting of instructions or data,
other than such instructions or data that are included in Hardware.

``Unencrypted Digital Terrestrial Broadcast Content'' means the content
of the [primary] video signal broadcast by a digital television station
in compliance with the digital broadcast television transmission
standard set forth in 47 C.F.R. Section 73.682(d), without encrypting or
otherwise making the signal available through a technical means of
conditional access, and includes the content of such signal when
retransmitted [in an unencrypted form] by a digital broadcast or by a
conditional access delivery system.

(2).

 

[Note to BPDG:  it is assumed for purposes of technical evaluation that
the instrument promulgating the Compliance Requirements and Robustness
Requirements below would include provisions that specify the
circumstances under which the Compliance Requirements and Robustness
Requirements would apply.  Section X.2 is a placeholder for such
provisions.  Please see separate documents, prepared by studio
representatives to the drafting committee, on the one hand, and CE and
IT representatives to the drafting committee, on the other hand,
reflecting concepts that such representatives assume would be included
in such provisions.]

 Compliance Requirements:  Unscreened Content.

A Covered Product shall not pass, or direct to be passed, Unscreened
Content to any output except 

to an analog output; 

to an Authorized Digital Output; 

; or

where the stream containing such content has not been altered following
demodulation and such Covered Product outputs, or directs to be output,
such content to a Downstream Product solely within the home or personal
digital network environment, using a Robust Method.

A Covered Product shall not record or cause the recording of Unscreened
Content unless such recording is made using one of the following
methods:

a method that uses an encryption protocol, or other means at least as
effective, to uniquely associate such recording with a single Covered
Product so that such recording cannot be played on another product and
that no further usable copies may be made thereof except by such Covered
Product or 

for recordings made on removable media, an Authorized Recording Method
for Removable Media. 

 Compliance Requirements: Marked Content.

A Covered Product shall not pass, or direct to be passed, Marked Content
to any output except 

to an analog output; 

to an Authorized Digital Output; or 

.

A Covered Product shall not record or cause the recording of Marked
Content unless such recording is made using one of the following
methods:

a method that uses an encryption protocol, or other means at least as
effective, to uniquely associate such recording with a single Covered
Product so that such recording cannot be played on another product and
that no further usable copies may be made thereof except by such Covered
Product or

for recordings made on removable media, an Authorized Recording Method
for Removable Media. 

[Note:  No requirements or limitations are imposed by this Section?X
with respect to the output, recording, or other handling of content
other than Unscreened Content and Marked Content.]

).

 Robustness: Construction

.

Covered Products shall not include:

switches, buttons, jumpers or software equivalents thereof,

specific traces that can be cut, or

functions (including service menus and remote-control functions),

in each case by which the requirements of the Compliance Requirements
can be defeated, or by which compressed unencrypted Marked Content or
compressed unencrypted Unscreened Content in such Covered Products can
be exposed to output, interception, retransmission or copying, in each
case other than as permitted under this Section?X.,

Covered Products shall be manufactured in a manner that is clearly
designed to effectively frustrate attempts to discover or reveal any
secret keys or secret algorithms used to meet the requirements set forth
in this Section?X.

 Robustness: Data Paths.  Within a Covered Product, neither Unscreened
Content nor Marked Content shall be present on any user accessible bus
in unencrypted, compressed form.  A ``user accessible bus'' means a data
bus that is designed for end user upgrades or access, such as an
implementation of a smartcard, PCMCIA, Cardbus, or PCI that has standard
sockets or otherwise readily facilitates end user access.  A ``user
accessible bus'' does not include memory buses, CPU buses, or similar
portions of a device's internal architecture that do not permit access
to content in a form usable by end users.

[Note to reader:  The instrument promulgating these requirements could
also address the issues raised in Section?2.2 of the Robustness Rules
for DTCP (alerting manufacturers that the robustness requirements may be
modified in the future to require the protection of uncompressed data on
a user accessible bus, when it is technically feasible and commercially
reasonable to do so.)] 

 Methods of Making Functions Robust.  Covered Products shall be
manufactured using at least the following techniques in a manner that is
clearly designed to effectively frustrate attempts to defeat the content
protection requirements set forth below.

Distributed Functions.  Where compressed Unscreened Content or
compressed Marked Content is delivered from one portion of the Covered
Product to another portion of such Covered Product, whether among
integrated circuits, software modules, a combination thereof, or
otherwise, such portions shall be designed and manufactured in a manner
associated and otherwise integrated with each other such that such
Unscreened Content or Marked Content, as the case may be, in any usable
form flowing between such portions of such Covered Product shall be
reasonably secure from being intercepted or copied except as permitted
under the Compliance Requirements.

, portions of a Covered Product that implement in Software the content
protection requirements set forth in the Compliance Requirements shall:

 by a reasonable method including but not limited to: encryption,
execution of a portion of the implementation in ring zero or supervisor
mode, and/or embodiment in a secure physical implementation; and, in
addition, using techniques of obfuscation clearly designed to
effectively disguise and hamper attempts to discover the approaches
used.

 requires at a minimum the use of ``signed code'' or more robust means
of ``tagging'' operating throughout the code.

, the portions of a Covered Product that implement in Hardware the
content protection requirements set forth in the Compliance Requirements
shall:

 by any reasonable method including but not limited to (x) embedding any
secret keys or secret cryptographic algorithms used to meet the content
protection requirements set forth in the Compliance Requirements in
silicon circuitry or firmware that cannot reasonably be read or (y)
employing the techniques described above for Software.

Be designed such that attempts to remove, replace, or reprogram Hardware
elements in a way that would compromise the content protection
requirements set forth in the Compliance Requirements in Covered
Products would pose a serious risk of rendering the Covered Product
unable to receive, demodulate, or decode Unencrypted Digital Terrestrial
Broadcast Content.  By way of example, a component that is soldered
rather than socketed may be appropriate for this means.

Hybrid.  The interfaces between Hardware and Software portions of a
Covered Product shall be designed so that the Hardware portions comply
with the level of protection that would be provided by a pure Hardware
implementation, and the Software portions comply with the level of
protection that would be provided by a pure Software implementation.

, it shall do so using a method designed to ensure that such content, in
any usable form, shall be reasonably secure from being intercepted or
copied when being so passed to such Peripheral or Downstream Product.

 shall be implemented in a reasonable method so that they:

Cannot be defeated or circumvented merely by using general-purpose tools
or equipment that are widely available at a reasonable price, such as
screwdrivers, jumpers, clips and soldering irons (``Widely Available
Tools''), or using specialized electronic tools or specialized software
tools that are widely available at a reasonable price, such as EEPROM
readers and writers, debuggers or decompilers (``Specialized Tools''),
other than devices or technologies whether Hardware or Software that are
designed and made available for the specific purpose of bypassing or
circumventing the protection technologies used to meet the requirements
set forth in this Section?X (``Circumvention Devices''); and

 such as would be used primarily by persons of professional skill and
training, but not including professional tools or equipment that are
made available only on the basis of a non-disclosure agreement or
Circumvention Devices.

[Note to reader:  The instrument promulgating the Compliance
Requirements and Robustness Requirements could include the ``New
Circumstances'' concepts reflected in Section 3.7 of the DTCP Robustness
Rules or Sections 6.2.4.3 and 6.2.5.5 of the CSS Procedural
Specifications (addressing new circumstances that may arise which, had
they existed at the time of design of a particular Covered Product,
would have caused such product to fail to comply with the Robustness
Requirements).]

This draft sets forth requirements to be imposed on certain products
that receive unencrypted digital terrestrial broadcast content to
protect such content against unauthorized redistribution outside of the
home or personal digital network environment.  The draft assumes that
the requirements will apply in the United States, although we anticipate
that the requirements could be modified, as necessary, for use in other
jurisdictions.   

 Where the requirements set forth in this document are implemented in
jurisdictions outside the United States, the definition of Broadcast
Flag would need to be revised to reflect the appropriate location for
the flag in the applicable digital broadcast television standard for
each such jurisdiction.

 The drafting committee reached consensus that a ``Demodulation
Function'' should be defined to describe a demodulation chip or
comparable component that performs demodulation, but has not yet reached
consensus as to the specific adjective to be used here.

 We anticipate that these requirements would need to be amended if, in
the future, new modulation standards replace those listed.  

 Downstream Products would be required under Section X.2 to comply with
the Compliance Requirements and Robustness Requirements (i.e., a failure
to comply with such requirements would be a violation of, and subject to
enforcement under, the instrument promulgating these requirements).  

 Products manufactured under such commitment would be required under
Section X.2 to comply with the Compliance Requirements and Robustness
Requirements (i.e., a failure to comply with such requirements would be
a violation of, and subject to enforcement under, the instrument
promulgating these requirements).

 Definition to be revised where the instrument promulgating these
requirements applies in jurisdictions outside the United States.  

 We anticipate that the instrument promulgating these requirements would
include a notice period before the obligations set forth herein become
effective in order to allow manufacturers reasonable time to redesign
their products.  We also anticipate that an appropriate provision would
be crafted so as to exempt these requirements from applying to products
that are specifically intended for professional video and broadcast use.


 Note that the definition of ``Peripheral'' requires that such content
cannot be accessed in usable form by any product other than the Covered
Product.

 Note that the definition of ``Peripheral'' requires that such content
cannot be accessed in usable form by any product other than the Covered
Product.

 It is not the intent of the drafting committee to generally incorporate
Downstream Products into X.4(a) or to override the limitations of
X.3(a)(4).

 See italicized note at the end of Section X.7.  It is anticipated that
if the Robustness Requirements are modified in the future to require
protection of uncompressed data on a user accessible bus, the
requirements of Section X.6(b) would also then be modified to apply to
uncompressed unencrypted content. 

 For avoidance of doubt, the provisions of X.6(b) prohibit inclusion of
such means by which such defeating or exposure can occur through
modification of the state of the Broadcast Flag.

21279416v11

21279416v11


-- 
Seth David Schoen <address@hidden> | Reading is a right, not a feature!
     http://www.loyalty.org/~schoen/   |                 -- Kathryn Myronuk
     http://vitanuova.loyalty.org/     |