Internet freedom groups urge W3C to keep DRM out of HTML A coalition of organizations led by the Free Software Foundation has petitioned the Worldwide Web Consortium (W3C) to reject the Encrypted Media Extensions (EME), a proposed expansion of the HTML spec that would create a standard digital rights management (DRM) mechanism for the web. In an open letter addressed to W3C director …
"Did they change it to "Free Content" and I just never noticed?"
There is nothing about not wanting DRM that implies that all content must be free - if you keep poking that straw man the Tin Woodsman's going to bitch-slap you.
The thing about DRM is that it is not possible to have a DRM system that can be implemented in Free software - if a Free program can decrypt the content to display it, it can decrypt it for any other purpose, and that goes against the basic concept of DRM.
So if you allow DRM, you insure that Free software will always be the bastard-red-headed-stepchild under the stairs - never allowed access to anything other than the moldy breadcrusts that Big Media throws its way.
You can create content and make it available without DRM and still charge for it. You just have to make GOOD content that people want; a skill that Big Media is rapidly forgetting.
No, it's simpler than that. Any DRM system *must* have the decryption key on the user's system as well as the encrypted content. The only way that the key can be protected is by some form of obfuscation. Even if protected by other system or application keys, the application has to be able to unbundle the key.
Open source software can never be certified for implementing a DRM system, because there is no way to hide the system for hiding the key, without massively obfuscating the code for doing so - something that would simply not get checked into the system. There would somewhere have to be a binary blob implementing the DRM, but that is not compatible with the GPL. It is compatible with *other* open source licences, but the FSF's purpose is to promote GPL.
So we have an impasse. Hollywood won't release its content officially without DRM, but GPL software cannot implement DRM, and it offends the sensibilities of other contributors to the W3C.
And you, Mike Dimmick, are confusing the GPL for a free software license. Want to open source your software but don't want to release the private keys required to operate it? Easy - use a license that wasn't written by an anarchist. There's no incompatibility between MIT or Apache and effective DRM, for example.
This isn't a case of a conflict between open standards and rights management, it's a conflict between the GPL and the real world.
No, you can't have an open system and DRM because, by definition, DRM stops you doing what you want and thus YOU are no longer in charge of your computer.
You could have a propitiatory 'blob' that hides the DRM key, but than you have to trust it absolutely (if root) or at least with your own account's information which in practice is quite a lot. See http://xkcd.com/1200/
Then of course the "big media" will not accept that unless it also relies on a closed path to the video/audio card so you can't intercept the decrypted data en-route to the display. See for example one of the reasons why Vista was so crap:
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html
But this is a far bigger issue than media streaming, this also opens the doors to all future web sites being in lock-down mode so you can skip adverts, copy data if you want/need, etc. Therefore I am 100% behind the free software movement here as the web should not, in fact, must not become a closed system otherwise we are all going to live in the anus of a DRM's facebook in future.
And that is too hideous to be allowed just so Netflix, etc, can dance to Hollywood's tune.
There are plenty of good reasons not to allow the EME. As is argued by those fighting it, it does go against the core principals of the W3C and an open interoperable standards based web.
I'm opposed to DRM anyway, because it just doesn't do the job its supposed to. But if they have to have it let them keep it as a browser plugin like they do now.
The FSF and other legitimate organisations might have been able to successfully win that argument, but as soon as the various pirate parties signed their names to it they more than likely ensured that the EME will be sanctioned and ratified.
The open web needs DRM, as horrible as that sounds. Expecting the media cartels to give away their media in a freely redistributable format is just not going to happen.
I realise music's gone DRM-free in the most part but I just can't see it happening with video. I'd love it to, don't get me wrong. Ideally I'd like to be able to go to an online store and download a film, documentary, TV series or something, in a decent container/codec, to playback on any device I own, would be amazing. I'd probably pay almost the same amount for that as I would for physical media, maybe more! I just can't be bothered with physical media any more. I have so little spare time and so little storage space that I want to be able to watch my media anywhere, without internet connection, on any device, whenever I want.
But while streaming services are around and you have to be tied to the internet, I'd happily take an open and cross platform DRM system over Silverlight any day of the week.
There needs to be a DRM system that's authored and discussed sensibly in an open environment, by adults, with a technical background, ending up with me being able to play back media on any device/platform I choose. Otherwise you just know all the media cartels will continue to pump horrible proprietary browser plugins everywhere.
I agree, but with two provisos:
1. The default must of course be no DRM.
2. The DRM mechanism must allow *individuals* (or small groups) a low-cost low-hassle way to use it. That's because the way to destroy the various evil DRM empires is not to steal content - it's to allow creators to manage the sale of their own creations without needing a big bad bloodsucker to "help" them. That means a DRM system that anybody can use to protect their own stuff.
I disagree. The issue with DRM is when it becomes no longer supported and you can no longer use the content you paid for. DRM fundamentally doesn't work. The music industry worked that out. Blu-ray being cracked proves the point. That is why DRM must die and content people are willing to pay for must prevail. That is the correct business model these arseholes should follow.
I agree with your disagreements. I'm slightly astonished though... would you rather continue with Silverlight/Flash/whatever for possibly several more years in the hope that content providers will all eventually decide to just offer their content for free capture by everyone?
My point was that the media cartels have their heads so far up their ar$eholes that I'll welcome any efforts made to scrap proprietary plugins ASAP!
The development of a formalised cross-plaltform DRM spec can surely only be a good thing. Whether content providers use it or not, I don't really care, I'd love them to. But at the moment without any sort of open spec then there's even less of a chance that Silverlight and Flash will die.
Any DRM, even a supposedly "open" spec would still be implemented by closed source binary only plugins, there would be no improvement over the status quo and it may even become worse.
DRM simply doesn't work, it's only a level of obfuscation, and the more open that becomes the less obfuscated it is. The more information you have about how the scheme works, the easier it is to break, but any scheme is breakable its only a matter of time and motivation.
The problem is that it is extremely difficult (I don't like using the word "impossible") to develop a truly open DRM system. A traditional encryption system is built to protect content from a third party eavesdropper. The security of such a system (assuming it is properly designed) is solely dependent on secure key management. You can publish the algorithms/source code/specs all you want and the system remains secure as long as a user's keys remain secure. However, unlike a traditional encryption system, a DRM system is built to protect content from unauthorized use by *the intended recipient*, who by necessity MUST have a copy of the decryption keys. Secure key management is not enough to ensure that usage restrictions are actually enforced. Some level of obfuscation/code signing/etc is necessary to prevent the user from simply modifying his client to save the unencrypted content to disk. These techniques, by their very nature, cannot be implemented in open source or capital-F Free software. Hence the FSF's concern.
The danger with including DRM in open web specifications is that those specifications will inevitably become "open" in name only, and only people in the right club will be able to fully implement them - thereby defeating the entire point of having an open standard in the first place. DRM is probably the only thing that justifiably belongs in proprietary plugins, as it will inevitably be proprietary.
Unfortunately, batfastad, EME us not what you are looking for: it is not, in any way, "an open and cross platform DRM system". All it is is a set of new tags for invoking proprietary, service-specific, closed, browser plugins -- it is just a new "object" tag, but one which can claim that DRM is now endorsed by W3C. That is it. No change to the current "horrible proprietary browser plugins".
Silverlight will still be one of the (most popular) choices for the EME (although Microsoft might give it a new name). There certainly won't be any discussion "sensibly in an open environment, by adults, with a technical background, ending up with me being able to play back media on any device/platform I choose".
That is why the FSF and others are complaining about the proposal.
Easy. To try and stop legit subscribers being able to record the stream and then redistribute the content. Something Silverlight is annoyingly good at.
Yeah I disagree with that too, if you've paid for it then you should be permitted to record it if you want. IMO locked streaming services need to be significantly cheaper than non-streaming to justify the usage restrictions... but that's not going to happen.
Except you're not paying to own it. You're paying to watch it ONCE. The same as paying to go to the cinema does not entitle you to take a video camera in so you can watch it again and again.
If you want to own it then you pay more and buy a download, which is completely different from this streaming system and this article is irrelevant to.
When I go to the Cinema, I am also paying for a huge screen, an advanced sound system, and I'm renting a comfortable seat in a nice theater. That Cinema/Theater has the right to stipulate you may not, for whatever reason, operate a video camera in their theater. That analogy fails.
When I watch content on TV, It's usually after it's been recorded on my Tivo. But I could have just as easily recorded it on a DVD-R or VCR. US Courts have ruled this "Fair Use." Same with radio. I can replay it as many times as I like. However, If I watch that same TV show on Hulu, et al, Hollywood is saying, "Whoa, fair use shouldn't apply here!"
Well, utterly ridiculous. Maybe it's time to stop all this nonsense and apply the fair use doctrine to "Broadcasts or digital Videos that are initially and primarily produced to be funded by advertising revenues or produced primarily through government funding and/or donations ."
is an example of exactly the kind of social engineering, public control and psychological manipulation I've posted about elsewhere that makes any kind of revolution or stand for freedom impossible in the modern age.
Those "Pirate parties" you dismiss with such glibness are people standing up for your freedom, privacy and civil rights. Your dismissing them as elements of the lunatic fringe, which is evident from the tone of your post, plays right into the hands of Big Business and Big Government and those who are constantly trying to take our liberties and rights away from us. That makes you as corrupt as they are.
I for one am right behind their efforts, not just because of the rights abuses DRM enables but because, by virtue of Bob being the same person as Mallory in the DRM Alice-Bob-Mallory cryptographic scenario, DRM is snake oil.
But you just keep cranking that propaganda handle, sunshine. Maybe some of your fellow sheep will even start to believe you after a while.
...Oh, I just noticed it's you, David W. Suprise sur-fucking-prise!
The name "Pirate Party" in itself doesn't help their cause though. I don't support the ability to "pirate" material purchased by others (which is what I understand pirating to mean). I do support the ability to use material I have purchased on devices I own. The "pirate" naming suggests an attitude which isn't likely to win them friends or supporters in the standards meetings.
" Your dismissing them as elements of the lunatic fringe"
Don't put words in my mouth.
The problem is one of appearances, not substance. And by *calling themselves* 'pirate' parties, *they* are the ones who play into the hands of Big Business and Big Government (though I'm not as sure about the latter as a demon in this particular case).
The problem is that middle-of-the-road sorts will *see them* as being extremists, if for no other reason than for their names. Fair? Of course not. But refusing to alter your tactics because you shouldn't have to is an excellent route to self-defeat.
Nice to know my reputation precedes me, but given your apparent total misunderstanding of my position on this issue, you might want to consider a reset; I'm not sure we actually disagree - at least not on substance.
For my part, I obviously need to recalibrate my level of subtlety - and you should probably consider inquiring a bit more deeply before rushing to dismiss anyone with an unclear point of view as a mortal enemy.
Furthermore, the FSF contends, because DRM schemes for the web are invariably implemented via proprietary browser plugins – such as the Silverlight plugin currently employed by Netflix – ratifying EME would pressure more users to accept non-free software in order to play media.
The entire point of EME is to minimize use of those proprietary plugins.
Currently, DRM schemes for the web are invariably implemented via proprietary plugins because there are no open systems for it.
With EME, some content providers may use the non-proprietary components for content rights management. Without it or something like it, none will.
There is no possible way to implement DRM in open source software.
This is a common fallacy. DRM can be implemented in open source software. However, the nature of open source means that any such DRM system can be cracked much more easily than a similarly strong proprietary DRM system. That doesn't prevent said implementation, however; it only deters it.
Hence, EME will either prevent OSS browsers from competing on the Web...
Really? Because DRM already exists in such sites as Amazon, NetFlix, LoveFilm, the BBC, Hulu, Vudu, et al. And yet the most popular browsers are primarily open-source.
Nothing in the EME spec prevents open source implementations of EME. The only potentially proprietary part of the spec is the Content Decryption Modules. Those can be either open- or closed- source.
..or will force them using a non-free plugin for EME content.
Which they already must do (and do do) for any DRM content.
EME is not going to change the code of the web overnight, or even over decades. Even the specification itself notes how complicated setting up proprietary DRM is.
What EME does do is allow a basic encryption management system to be implemented in a standard way, and which can be implemented in open source. This allows content producers to better protect their content without resorting to proprietary components, and reduces the footprint of the proprietary component used by those who wish stronger protection.
Those who want super-strong DRM will never use open source for their content delivery for the very reason you state. So closing off proprietary components completely is no more an option than eliminating free components.
EME represents a practical compromise between two childish fundamentalist dogmas. That's why y'all are bitching about it so much.
I was intending to answer your points but your last paragraph convinced me it's really not worth the trouble.
Characterizing end-user digital freedoms as childish fundamentalist dogmas says it all about you.
Oh, by way, there is no compromise possible on freedom. To understand that, you could very well take a look at people dying for it right now somewhere on the planet.
Oh, by way, there is no compromise possible on freedom.
Every single person who doesn't reject the social contract disagrees with you. Compromising on freedom is the essence of law, and of any form of government other than complete anarchy.
Really, that has to be one of the dumbest slogans I've seen in years. And perching on a pile of corpses in an attempt to claim the moral high ground (especially in the name of "end-user digital freedoms", which in the context of this article would appear to constitute mostly cheap entertainment for the privileged) is not only unpersuasive but ugly.
No, that isn't the point of EME at all. The entire point of EME is to provide a W3C-approved veneer of a standards-based tag to invoke those same proprietary plugins. Microsoft's Silverlight will still be the most widely used EME.
As far as I know, no one is working on, let alone proposing to W3C, "non-proprietary components for content rights management".
And in this case I don't.
I can understand where they're coming from, DRM doesn't really work, it never really worked. It's only ever caused pain and hassle. But why is that?
Previously I'd have said its because 'sisters are doing it for themselves' (a song I now think is about the female orgasm) every tom dick and harry doing their own little bit of research, implementing their own DRM in their own way. It's almost like 1000 monkeys with 1000 typewritiers. Eventually they might write the completed works of shakespear. But take just one of those monkies and you might get an episode of family guy... a bad episode (by family guy standards)
If anything a unified DRM system which everyone is putting though into, and will be tested as part of a standard is something I'd be more willing to accept than something EA threw together. As much as people moan about DRM, there are some limited cases that it works (steam) and as much as pirates are concerned that they won't be able to rip the videos from youtube anymore, eventually it'll be possible.
I don't think they want DRM as a way to stop everyone, because they know it doesn't. But any level of DRM is enough to thwart 90% of the audience, that other 10% will get the goods no matter what you do to them. And lets face it, DRM could be good for other sources too, and in some ways it already exists.
What about images? How many people see a pic they like, and copy it without thinking of copyright? How many articles have we read of artists complaining that their photos or images have been used in newspapers or popular blogs without permission?
What about HTML5 games? On the one hand I'd love to create HTML5 games similar to flash, using the canvas tool etc. But on the other, I don't like the thought of my sourcecode being viewable by all and sundry.
Either way DRM will make it in. Lets face if, you have the FSF sqawking, but with no leverage. And on the other hand you have google / MS / netflix who have lots (of money) if they don't put a single standard into HTML, ten it just means that we'll have a dozen different, non standard formats produced by everyone else, which will just prove more disasterous.
Besides, the most likely scenario will be a set of standards for web browsers to follow to enable DRM, with some header command to turn on DRM for the following file types. The browser would act as the authentication device, and the standard just defines how the browser and server should act.
>> And in this case I don't.
Let me complete that sentence : And in this case I don't get it.
This proposed standard will change absolutely nothing - everyone will still use different DRM "solutions, and compatibility will be no better than it is now. All it means is that instead of just coding in that the stream uses (say) Silverlight, there'll be an HTML standard tag to say it's "Silverlight wrapped in a different standards sounding name". The stream will still need Silverlight, it'll still only play on platforms supported by Silverlight, you'll still need to install a Silverlight plugin (or something called a different name but is really just Silverlight packaged slightly differently).
Replace Silverlight with any other DRM scheme and the story is just the same.
So the **ONLY** change is that the DRM vendors will have a veneer of standardisation given to them. So they can claim to be standards compliant - but in reality there will be absolutely no improvement for the user, none at all.
I agree that there needs to be some kind of "open" standards-based DRM system.
I do not like it. I wish that Hollywood etc. would trust their customers enough to do without it.
They will not. Not yet, anyway. This means we need some way to get rid of the proprietary DRM lock-in.
Flash was bad, but at least it was fairly cross-platform. Most systems had an implementation. It may have been crap (on Linux, for example), but at least it existed.
Silverlight is worse. Not surprising, really, when it's a Microsoft product, but everyone seems to be moving over to it, locking out a huge number of devices. AFAIK, only Windows, MacOS and Symbian(?!) are supported. So, no iPhone, no Android, and definitely no Linux.
Moving on, it is clear that if we must have DRM, we need an "open" standard DRM. A system which can be implemented on anything. It doesn't need to be FOSS, but it needs to be able to interoperate with FOSS, or anything else.
With this in mind, my concern is that web standards are not the right place for it, IMHO. But then again, I disagreed with adoption of H264 as the "standard" HTML5 video format.
I have given this some thought in the past, and I believe that graphics card drivers would be the best place to implement this (one way or another). Come up with an open specification which allows data to be passed to the video card, encrypted, and allow them to decrypt and display. This would be relatively trivial for them to implement (in software for older cards, hardware for new models) and would keep everything secure. It could even be made interoperable with HDCP, so a GFX card hooked up to a HDTV would just stream the content, and the TV does the work. Do the decoding at the furthest point along the line possible. This keeps content providers happy (their content is as protected as possible), and consumers happy (because they can play their content).
It would not keep die-hard FOSS nuts happy, but nothing will in this situation other than abandoning DRM, which isn't going to happen soon.
It would not keep "pirates" happy, but who cares about us them?
On a side note, I agree with others here that having the Pirate Parties join this fight only weakens the case. It's like the South Park episode where they were arguing over the flag (S4 E7 - Chef Goes Nanners).
If the EFF wins this round, the trickle of content off the web and into specific apps becomes a flood. Content distribution can occur directly to people's tablets, phones and PCs directly via apps written for that purpose. In the long run, good content thrives where there is revenue and the web so far has turned out to be a really rubbish medium when it comes to ensuring that the people who create the content get paid for it.
This post has been deleted by its author
The internet belongs to the people, it is of the people, for the people and it's not just just Hollywood that wants to lock the internet down - it's governments worldwide who hate the free flow of information going on between its citizens. Anyone who is for the lockdown of the internet (thru DRM or any limiting factor), or spying on its citizens, is part of the problem. Pick a side.
I wish DRM would die a quick death - recently my father's blu-ray refused to play a disc. Needed a firmware update - nope. Software update - yep but the software that came with the drive is no-longer supported. Latest version is a $100 "upgrade" . $100 to merely play the discs he has purchased.
When it becomes more difficult to be law abiding than a freetard then something is wrong with the system. When by being law abiding you are punished with a $100 fine to keep your property working as it was intended there is something wrong with the system.
Punishing your customers rarely makes good business sense - if that's how the system makes you treat your customers then your business will decline. DRM doesn't work for customers, doesn't stop the copyright infringers and will slowly kill your business. Let it die.
"When it becomes more difficult to be law abiding than a freetard then something is wrong with the system."
I completely agree with this one.
Just look at what happens when a PC game, for instance, is crippled by a DRM system. People crack it, cracked copies appear on torrents et al. People who have paid money for the game start getting the cracks, and people who were going to buy the game download it because it is easier.
The same thing happens with DVDs. My brother is religious, and refuses to just pirate material. But often, when he buys a DVD he downloads a copy from the internet, too. It is easier to handle, being just stored on his PC (from which he plays all his content), and it doesn't have all the mandatory viewing at the beginning telling him not to pirate stuff. Think about this: He buys the DVD, but still downloads a "pirate" copy because it's better (less hassle) than the DVD!
This is a broken system.
>> recently my father's blu-ray refused to play a disc. Needed a firmware update - nope. Software update - yep but the software that came with the drive is no-longer supported. Latest version is a $100 "upgrade"
If I had any BR stuff (which I don't and don't plan to any time soon) then I'd just take the disk back as unplayable. It's sold as "Blueray", my player is "Blueray", therefore if the disk doesn't play in the drive which has played other titled fine so far then the disk isn't compatible and therefore (under UK law) is not fit for the purpose for which it was sold. The shop has to take it back, and then they'll have a disk that's been opened as so can't be stuck back on the shelf. By the time it's gone back through the supply chain, it'll have cost everyone more than the disk is worth.
If everyone, or at least a significant proportion stoof up like this, then the retailers would simply refuse to stock disks from the worst offenders and they in turn be forced to stop breaking stuff.
Of course, if it does turn out that the player is "faulty", then also under UK law the retailer that sold it is liable. If it's sold as capable of playing Blueray disks, and the Blueray standard allows for things the drive can't do, then the drive is not fit for purpose. The only limit is 6 years as civil cases cannot be started after that. If retailers find they are getting drives returned after 2, 3 or so years because the manufacturer has stopped providing upgrades, then they'll think twice about selling drives from those manufacturers.
If you don't have consumer protection laws in your country, then start lobbying your elected politicians. And if you do know anyone in these situations, find out what laws can be used - the more people that make this rubbish painful (=expensive) for the manufacturers, distributors, and retailers who support it, the better.
Again, find out what laws can be used, and USE THEM. Make such failings cost the manufacturers and vendors - it's the only language they understand.
Wake up sheeple.
Make a point by using your wallet:
Use Linux... Always
Cancel your Netflix / Hulu / Vudu / Pandora / TiVo and any other streaming media biz I forgot/don't know about. Let them know why.
Terminate your account with your ISP. Let them know why.
Use Pirate Boxes and plug servers. Get the mesh network going. It won't be easy at first, but once we take control back, WE can dictate the terms.
http://youtu.be/6cfIlBkDLTw
This discussion is taking place on a web made reasonably usable by things like open web standards, information sharing like on Wikipedia, Archive.org, Gutenberg.org, Linux, Apache, etc. The World Wide Web was erected by all of us together. Rent seekers, who withheld providing things to the web before *we* made it the rich thing it is today, are now seeking to rip us off and seize control of the web.
Organizations like the EFF have been fighting the good fight for decades and the forces of evil have been vigorously pursuing their agenda to seize control of *our* Internet.
Allowing DRM to gain a foothold will spell the death of the commons. It creates a mechanism whereby rent-seekers can seize control of everything. Rent seekers have shown an astonishing lack of regard for even the basic elements of human decency. The death of people like this is already possible in the hostile environment created by rent-seekers: http://en.wikipedia.org/wiki/Aaron_Swartz
DRM gives rent-seekers technical mechanisms to seize and withold information. They have already demonstrated a willingness to destroy things rather than allow them to fall into use without a tribute paid to them.
With 7,000,000,000 people on the planet, surely it makes no sense to withhold the world's information from every one of us so that a tiny handful of bad actors can enrich themselves by barring us from access to our cultural legacy.
Creators generally do *not* prosper because of the existing copyright regimes. They are duped into thinking they do, but they absolutely do not. The fact that copyright enthusiasts have to fight with such vigor and to use the full power of the state to enforce the alleged rights of rent-seekers should tell you something.
The majority of the population, insofar as it is allowed to make any kind of informed decision, has already voted *AGAINST* the rent seekers.
The only DRM system I routinely engage with is the BBC's iPlayer system. This depends on Adobe AIR. I can download files which (usually) expire after 30 days, which is plenty of time to watch them.
I have twice this year seen an Adobe AIR update make unusable the files which are stored on my hard drive, waiting to be viewed. Reinstalling from scratch is sometimes necessary to get things working at all.
The BBC has a pretty decent set of rules they apply. There is iPlayer software for all my devices. But the basic reliability is not there. And that turns BBC iPlayer into the biggest advert around for the benefits of digital content piracy. And who can claim that anyone loses money from pirated content being preferred to the BBC's free service?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
