They require a visit because they have to check to make sure they're installed only in authorized secure devices. If they let it into just one unsecured device, all their digital encrypted programming will be available for copying.
I have never delt with this so I wouldn't know. Is there any way for them to detect the transfer to another device? If not this is as stupid as half their other policies