Susan Crawford blog :: Main Page

This Month

Month Archive

September 2005
August 2005
July 2005
June 2005
May 2005

Year Archive

2007
2006
2005
2004
2003

Search Google

Main Page

« July 28 | August 01 »

Friday, July 29

SSSCA, CBDTPA, and BICCA: Acrimonious Acronyms

by Susan on Fri 29 Jul 2005 09:17 PM EDT

All three of these acronyms stand for federal legislative attempts to design digital devices and applications. The first two failed. The third has just been proposed.

So what are these things? The first, the 2001 Security Systems Standards and Certification Act, suggested that any "interactive digital device" (defined as "any machine, device, product, software, or technology, whether or not included with or as part of some other machine, device, product, software, or technology, that is designed, marketed or used for the primary purpose of, and that is capable of, storing, retrieving, processing, performing, transmitting, receiving, or copying information in digital form") needed to respect digital content restrictions and "certified security" technologies. Because standards for indicating digital content restrictions (and implementing them) didn't exist, industry was supposed to come up with them.

Many people didn't like the SSSCA, and it didn't pass.

Then, in 2002, the Consumer Broadband and Digital Television Promotion Act [pdf] was proposed by Sen. Hollings. It was aimed at protecting digital content and promoting broadband penetration, and it (like the SSSCA) addressed "digital media devices". The CBDTPA called for creation of security standards and encoding rules, and banned the sale of devices that didn't use "standard security technologies."

Many people didn't like the CBDTPA, and it didn't pass.

Then, in 2003, the FCC adopted its "broadcast flag" rule, which was aimed at protecting digital content and promoting the digital transition, and (like the SSSCA and CBDTPA) addressed a broad range of digital devices. The broadcast flag rule called for devices to respect encoded "flags" (markers) in digital content and to ensure that the content could not be transmitted over the public internet.

Many people didn't like the flag (including the DC Circuit), and it is not now the law.

Now, in 2005, Sen. Ensign has proposed the Broadband Investment and Consumer Choice Act. Indirectly, it aims to do the same thing that SSSCA, CBDTPA, and the flag tried to do. It says that a broadband service provider is not supposed to "prevent any person from utilizing equipment and devices in connection with lawful content or applications." Who decides what's lawful? The broadband provider does, apparently.

And BICCA gives broadband providers license to block anything that is unlawful in their view. Blocking content is fine when the provider is trying to prevent unlawful conduct. Making available only customized content and services is fine. Blocking based on whatever the provider's terms of service say is fine.

So here's how the logic runs: if the terms of service of a broadband service provider say "your access device must be authorized by us," that's fine. The device can be required to run only authorized applications. A device that's capable of running unauthorized applications would not be "lawful" under those terms of service (or those applications would not be "lawful"), and so the language saying "you can't prevent someone from using devices in connection with lawful applications" won't apply.

Attaching an unauthorized device to the network would be unlawful conduct, and so a provider under BICCA could demand that it not be attached (just as providers now demand that users not run mail servers or host web pages).

The whole point of BICCA is that it dismantles any interconnection obligations for broadband providers. These obligations go upwards -- so there's no requirement to allow all applications or content to be permitted or carried on the network. And they also go downwards -- so there's no requirement to allow all user devices to be attached to the network.

Unauthorized devices (such as untrustworthy PCs) would quickly become very unattractive to users. What's the point of owning something that isn't authorized to connect to any broadband network?

The missing link here is, of course, the incentive of the broadband providers to allow only authorized devices to connect to their networks. Why would they want to frustrate their customers? Well, if the only way they can get access to really great big media content (the kind of thing they think consumers really want) is to make deals with content companies to have "mini-Hollings" terms of service, I bet they'd do it. And law enforcement would like to have a regime of locatable, authorized devices in place as well. Gradually, incrementally, the world of "authorized devices" might narrow.

Our network, our devices.

Comments (3) | Permanent Link

blogs to read