W3C Declares DRM In-Scope For HTML

FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.

Reality vs idealism

[Agelmar]

It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences. DRM on the web is already a reality, largely using Flash or Silverlight (see e.g. Hulu, Netflix). However, both of these platforms face problems -- Silverlight in particular seems to have a rather uncertain future, Flash availability on tablets and mobile in general is largely non-existant. The poster asks us to "please use other applications when necessary" - is this really a good answer? That is going to lead to even less interoperability, and I would argue it hurts the web at a time when it's already fighting a serious battle against native apps that generally offer developers better control (of UI, no random GC pauses, actual threading models, etc). It's easy to say "DRM will harm the web", it's a bit harder to foresee what the eventualities of telling people "please go away and use native apps" are.

I expect this is likely not going to be a popular response, but in short please realize that this is not as simple as saying "DRM is bad". Yes, DRM sucks but I'd argue that in the long run, having a hobbled web platform losing out to native apps (see e.g. iOS) is going to suck more.

Re:Reality vs idealism

[kthreadd]

Are you talking about iOS apps?

Re:Reality vs idealism

DRM has its place, but we also have to be careful about when and how we use it. For example: I would argue that DRM is valuable for ebook lending (e.g. through libraries). However, it doesn't have a place when the goods are sold (e.g. violates the doctrine of first sale).

In the context of the Internet, we must also be careful. One of the advantages of the current structure is openness. That openness allows adaptability to different circumstances. DRM opposes that because anyone who has the keys can reopen the Internet, so those keys will be carefully guarded. This would result in vendors be marginalized, from the application to the system software level. Not only does this limit options for the market as a whole, it limits options for specialized products (e.g. accessible web browsers, utilities for people who don't have access to broadband due to location/affordability).

Re:Reality vs idealism

No. HTML, Hyper Text Markup Language, is a standard for describing documents. It is NOT the place to implement or enforce Digitally Restricted Media(DRM). Other applications already exist for this purpose and new application will also follow that can all be integrated into your HTML document if you insist on using it. But it belongs in an external application, not HTML.

Re:Reality vs idealism

DRM being bad is a not a "idealism". It's not some persons *opinion*. It's not like arguing about whether Inception was a good movie (it was).

DRM is faulty *by design*. This is a mathematical truth. And you either accept that truth, or you live in denial. This isn't a "weelllll, it's really annoying for business". Ok, so what? Gravity is really annoying for the American Airlines. Those are the breaks.

The hardware, at the most bottom layer (assembly), has the instruction: mov eax, ebx. This instruction copies data freely. All digital hardware has an equivalent function. You cannot do anything with computers without this basic function.

When you hold a computer, you are physically holding this magical copy instruction. This copy instruction does not know about copyright, or rights holders, or fair use, or DRM, or business models. It simply duplicates a digital value. No computer could exist without it.

So, how do you propose to remove this function, without destroying the computer in the process? It's, ultimately, impossible. You can make things very difficult -- that's fine! Because all you need is one bored determined hacker to break it (which must always be possible, as long as computers exist), and "unlock" the media. Then it will be traded freely.

The only way to stop it is to destroy the computer. Destroy the `mov ax, bx` instruction, that freely copies digital data. But the computer provides so much *other* value, that you can't do that either.

So you just have to live with it. And the sooner you realize that, and realize that this isn't about "idealism", but instead about a mathematical truth that people are living in denial about, the sooner you stop propagating this delusion that DRM is some sort of "solution". It's snake oil. Get over it. I know it sucks. It sucks for me too -- I make music. It sucks. Adapt, or die.

Re:Reality vs idealism

[ByOhTek]

What exactly would you consider a better technology?

Pure HTML is nothing more than an SGML derivative, like XML, and for the use of formatting, is not bad.
CSS, as a way of taking some of the ambiguity and potential for different interpretations on formatting, is also not bad.
JavaScript... OK, yeah, this language could be better. It has a lot of nifty features that can do more harm than good, and is missing one or two nice features (like good type identification, rather than prototype checking, which can have quirks in different browsers).

Everything else is a non-standard and/or proprietary add-on.

Can you think of a better alternative out there that fulfills all the same needs? About the only thing I can think of doing to improve it is replace JavaScript with python (mostly to fix the missing features), Java or C# - and then tweak CSS and HTML a bit to add a few extra features.

By the way, the needs of HTML, as far as I can observe:
To present data on a wide variety of systems, where presenting the data accurately is more important than minor (and even major) variances in formatting, as may be called for by the platform presenting the document(s).

Re:Reality vs idealism

[petermgreen]

Open standards and DRM are fundamentally incompatible. If you know how to decode something to display it to the user you also know how to decode it and save the results of that decoding to a file. Therefore any standard that includes drm will either be trivially broken (see conventional pdf "usage restrictions") or not truely open.

Re:Reality vs idealism

[the_B0fh]

Because you will get royally fucked over. That is why DRM sucks. You will now hand your over identity in order to be able to browse sites, etc. Google, Facebook, etc will now know who you are. Anonymity will be gone forever. Your browser will report on you all the time. Do you know what are web bugs? Do you think the equivalent DRM'ed version will not be there? Except now, because of DRM, it will know exactly who you are.

And don't even think of using different browsers, etc. Because of DRM, you will establish an identity through each of them, or you won't get to use DRM encumbered crap.

Seriously, this is really fucked up.

Re:Reality vs idealism

[Agelmar]

The reality of DRM is that, absent having a TPM that enforces some sort of software integrity that reasonably ensures that the player is sending the video to a trusted display (TPM validating OS validating player software validating HDCP connection), you're going to be stuck with some security-by-obscurity closed source components, or "plugins". It's unfortunate but I can't honestly see a way around that without much larger changes (like trusted computing, but in a slightly less evil implementation hopefully). The "better alternative" to native apps then becomes allowing DRM to be done in the browser in the least intrusive manner possible -- that is, use as much of the browser's code as possible and have the plugin footprint be as small as possible. Today Flash and Silverlight are used not just for DRM but for the entire player application, ideally the player application could be mostly in HTML and using the browser's stack as much as possible, calling out to the DRM module only for either decryption or saying "Please composite this decrypted stream into that div".

Re:Reality vs idealism

[Phrogman]

I couldn't agree more. HTML is for marking up the content we want to serve on a webpage. It should not be a means to enforce corporate digital rights, particularly when we have seen other instances where enforcing those rights meant "deny by default". Implementing something like this will require even more monitoring of every web browser. I am already tracked enough by dozens of websites who do so without my permission, then sell the results to corporations.

Re:Reality vs idealism

Because cross-platform implies open standards so that everyone is able to implement it on his platform. OTOH, DRM implies a secret component, so that only licensees can implement it. So DRM will only be available on platforms which are popular enough that the implementation pays off the licensing cost (assuming he is even able to get a license). And it will be completely unavailable on open source platforms because it is incompatible with open source.

Re:Reality vs idealism

[h4rr4r]

Because how would they not be?

DRM requires that there is some secret that you do not share with me. This means the implementor would have to port it to every OS and architecture since no one else could.

Re:Reality vs idealism

[Cenan]

That only moves the point in the pipeline where you need to insert code to do the ripping. No matter what scheme is thought up, the end result will always be breakable, simply because you need to output unencrypted content to the end user. You don't even need to break the encryption or do anything at all, all that is needed is to intercept the unencrypted signal before it is presented to the end user. This has been shown time and time again.

Re:Reality vs idealism

[fuzzyfuzzyfungus]

The trouble is that the properties that make a DRM system actually useful(ie. some degree of robustness, enough information about their environment to 'rights manage' in some granular way, and so on) require fairly extraordinary powers over the client system.

The 'Encrypted Media Extension' itself doesn't; because it defines almost nothing(one 'baseline' encryption mechanism that is little more than a toy obfuscation system, along with standardization of some interfaces for asking the non-joke DRM module questions); but it is designed to plug into DRM systems that do, which is the only reason that it has any support at all.

Consider, for example, the BBC's little request list:

Unless it is 'sufficiently secure that there would be the possibility of legal action in the event of bypassing it.', no go.

Unless it 'securely identifies a type of device', no go(browser UA is explicitly noted as not being good enough)

Unless it allows 'identification of the context in which the content appears', no go.

And 'The ability to pass further restrictions to the graphics rendering path if available'.

A set of requirements like that is both a fairly stock summary of what a DRM system should be capable of to be worthy of the name and a set of demands that certainly aren't going to be met in any non-tivoized OSS implementation, and wouldn't even be particularly easy to meet on something that isn't a closed box.

Essentially, once the pointless little baseline case is immediately ignored by anybody who would ever actually use the system(since, if you don't want DRM, you won't want the hassle, and if you do, the baseline is far to pitiful to be worth anything), EME is a 'standard' for 'how to use javascript to talk to an entire black-box video rendering mechanism, upon which there will be enough demands that it will almost certainly be platform specific'. Pretty much exactly the same situation as having the video player stuck in a blob of Silverlight or Flash, except that (because this is HTML5, man) the wicked 'browser plugin' has been renamed a 'content decryption module'(which, as the spec notes, 'CDM implementations may return decrypted frames or render them directly, and 'CDM may use or defer to platform capabilities'). In all but name, it's the definition of a few javascript APIs for interacting with a black-box video path more or less identical(if not worse, given the more robust support for invoking the hardware-protected 'platform capabilities' now present on a lot of consumer gear, which something like Flash was always too dubiously competent to do in any serious way) to the plugin-based video player arrangements of the past.

Re:Reality vs idealism

[gl4ss]

are you suggesting we move movie decode to monitors? and then what about the open source browser being tweaked to save the stream to disk and replaying it... and to combat that the monitor would also need to have network - the whole thing would end up being running in the monitor. might just as well buy a tv with a binary only inaccessible properiaty content browser in which case there is nothing open about your content flow. DRM inherently depends on black boxes - sw or hw - and that is incompatible with open systems, be them hw or drm.

the tech is definitely a problem - it's in direct odds with anything open source being in the flow. you can already do crappy drm plugins(silverlight) for your browsers and stream via them(like netflix) so I fail to see what would be the point of trying to put this shit into the general open source portions of the browser.

remember the point isn't about controlling access to the media but controlling what the browser does with that media. and that needs total control over the browser - which means you wouldn't be able to compile your own.

Re:Reality vs idealism

[BrokenHalo]

If we're going to go down the path of the internet being used solely for the purpose of a marketplace, I suspect I will continue my pattern of diminishing usage of it as the years go by. I was there right at the beginning when it was ARPANET and MILNET (and yes, I am even older than that). I understand that DRM has legitimate purposes, but so far, what I have mostly seen is its use to lock in consumers and restrict or deny (I'm looking at Amazon here) legitimate use.

If I am put in a position where in order to purchase certain content, I have to accept DRM encoding, the very first thing I do before I use the file is strip the DRM out. I call this future-proofing, on the grounds that some content providers (Amazon again) have been known to "take back" content, and on the grounds that a digital file should be subject to the same restrictions as a physical book, CD, DVD or whatever.

But I digress: in the earlier years of the internet, I used to spend a (probably too-)large proportion of my life online. Nowadays, having moved away from urban centres and needing to devote more time to getting a life (growing vegies, raising chooks etc) - and with an enforced bandwidth and traffic limit, I find it easier to keep a more distant perspective. So I no longer spend so many hours trawling the net for things hitherto unknown, and actually spend a few more hours at night in bed with my wife.

Re:Reality vs idealism

DRM is a broken concept. If it is possible to read or display the data anywhere, then it is possible to make a copy of that data.

No DRM schema will ever work, even if you make custom hardware to enforce it. How has custom hardware helped out the XBox? just solder a mod-chip on the motherboard and now you can run unsigned code. as soon as someone else has physical access to the hardware you can't stop them from altering it.

It only requires a single person to break your DRM for DRM free versions of your data to leak out. and many times DRM free versions are available before the official version is even released, meaning insiders were involved, so they can't even secure their own facilities.

In the end DRM is only punishing the honest customers and degrading their experience, it isn't even slowing down the "pirates".

Re:Reality vs idealism

[devent]

No it is possible: with legislation. That is why the BBC is calling for legal sanctions.
This will result in invading your privacy at home just like any DRM:

However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it.

Television is generally a more expensive medium than music to produce due to the amount of labour involved, and therefore for consumers to purchase. Business models that enable content to be available to them on a temporary (or rental) basis are usually able to do so at significantly lower cost than would be the case for permanent copies.

That is definite not true on the Internet. "Television" on the Internet is cheaper then permanent copies. Once the infrastructure is in place, you just pay for the bandwidth.

An example of this effect in action can be seen with the BBC’s iPlayer – by limiting the window of availability, the BBC is able to make content available for no additional fee to UK licence fee payers.

Yes because the current copyright model is broken. If the copyright terms were not astronomical high, the producers wouldn't be so greedy and would not impose artificial limitations by hiking up prices for unlimited availability. That is the only reason public entities like the BBC needs to artificial limit availability. There are no real cost in making a video available once or unlimited on the iPlayer.

We require the ability to securely identify a type of device, and enable or disable video playback based upon the answer.

Goodbye free operating system and free browsers. I can see a future where Mozilla needs to negotiate a license with the BBC (or any other producer) to be able to play their videos.

The ability to pass further restrictions to the graphics rendering path if available.

Goodbye your privacy, goodbye open source. Now every component needs to be verified that it is "trusted".

Instead, the high-quality video content that the broadcast industry produces will be made available only to closed devices and application stores where such security can be implemented.

It's just the same anyway. Either you close up the Web with DRM or you use closed solutions like Flash or Silverlight. What is the advantage for the Web again? There is no way under those conditions from the BBC that an open source browser like Firefox or open source system like Linux can operate.

Re:Reality vs idealism

[AvitarX]

But if the browser is allowed to be open, then you've defeated the DRM.

the way I see this playing out is no movies or newspapers on Firefox or chromium. Google stands to save how much money with this? I imagine a large percentage of the people will go to chrome.

if the DRM is supposed to be any more effective than the no right click style JavaScript, its going to destroy the open source browser eco system. If It's simply meant to prevent the most casual of copying (this is actually what I think is a valid use of DRM, as realistically content is gonna get out anyway), then your plugin idea works, but good idea selling that.

Re:Reality vs idealism

[devent]

PS: Of course Richard Stallman was again all correct about cloud services: Cloud computing is a trap, warns GNU founder Richard Stallman

Now the DRM from the cloud services will be standardize. That will give legislators only more excuses to push such laws as the DMCA, SIPA or SOPA. "The proposed law will only make compliance with the W3C Media Source Extensions more easier. You do want your Youtube videos, no?"

Re:Reality vs idealism

[serviscope_minor]

I understand that DRM has legitimate purposes,

No it doesn't.

What it does is annoy the paying customer and serve as no impediment to the pirate.

Re:Reality vs idealism

[jellomizer]

DRM isn't fool proof. However it is a case of keeping the honest, honest.

How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

Are you willing to solder a chip to your hardware, risk breaking it?

Re:Reality vs idealism

[Catbeller]

Our browser engines will now become secrets. Cracking those secrets will be a felony worldwide.
This is the end of the world wide web. The network is now a commercial sanctuary, guarded by businesses for businesses.

I never understood why banks and such were even allowed to be on the web. It was obvious then, and now, insanely obvious, that they would envelope and digest the protocol, and make it their own. They should have stayed on their own closed lines. The web was not designed for secrets.

Except now, it will be.

Re:Reality vs idealism

[sootman]

Or, as Bruce Schneier so briefly and eloquently put it, "Trying to make bits uncopyable is like trying to make water not wet."

Re:Reality vs idealism

[bzipitidoo]

DRM is 100% nonsense. Such schemes are bait for suckers who persist in thinking that ideas and laws for material goods are applicable to data, the ones that use the term "intellectual property" disingenuously. Of course authors deserve compensation. But being fair to content creators does not mean we should accept costly measures to prop up business models that are clearly broken. Abandon the Internet? Submit to inspections by piracy police paid for by ourselves? Ridiculous! The honesty most lacking is not the people's, it's the proponents of these copy protection schemes.

How much work are you willing to do to watch that movie for free

You're thinking of it wrong. It's not how much work any one person is willing to do, it's how much work we all are willing to do. Amortized over a world population of about 7 billion, the amount of work required to break DRM is trivial. Only takes one crack to break the DRM for everyone.

Is it worth trying different patches made by people of questionable ethics

The people with the more questionable ethics are the ones trying to impose DRM. I'm more worried about what their unpatched software does than the viruses that could be present in cracks. Remember the Sony BMG rootkit fiasco? The Turbotax boot sector mod? Windows Genuine Advantage, particularly the false positives it raised against legitimate installs? Ernie Ball's experience with the BSA? And once again, you're looking at it wrong. How long can a crack with a trojan go undetected? Only takes one person out of those billions to discover the problem. As soon as it's found out, it's game over for that trojan.

Are you willing to solder a chip to your hardware, risk breaking it?

I'm not willing to buy that hardware in the first place.

Re:Reality vs idealism

[jbolden]

It is not banks that are driving this. What banks what is generic HTML with security. Brokerages pretty much the same. Banks want your session to be secure, they are very well setup for securing their network against you.

Consumer entertainment is what is driving DRM.

Re:Reality vs idealism

[Microlith]

it is a case of keeping the honest, honest.

So punishing the honest while doing nothing against the dishonest.

How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

For those willing, all they have to do is wait. Eventually it will be released sans DRM.

Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

If I'm forced to use an OS I cannot trust, then probably.

Make those with the money pay

It seems like it should be incumbent upon those that want to restrict your freedoms to bear the full burden of that cost. That is, we do not help them develop a standard for this, and force them to do all the work necessary for their restrictions to try to propagate in the browser ecosystem via plugins, extensions, custom applications, etc.

I would never go so far as to restrict *their* ability to do so, but we should never EVER encourage such behaviour in open standards.

The standards committees should be spending their time (and money) developing technologies that would help people, rather than hinder them.

Trust Us

[overshoot]

Well, so much for open-source W3C-compliant browsers.

Re:Trust Us

[xaxa]

Well, so much for open-source W3C-compliant browsers.

The linked BBC email says:

Previous discussions on the W3C mailing list have looked at if the CDM itself should be defined or mandated to be open-source. We do not believe this would be helpful, primarily because it is difficult to see how an open-source CDM would have any hope of staying secure for any length of time at all. However, we would evaluate any open-source solution that did come along fairly against our criteria, and hope that adoption of a standard like the Encrypted Media Proposal will increase the amount of vendors offering CDM modules from the number of plug-in vendors that exist today as there would be a lower cost of entry. This may enable an open-source solution that we have not yet conceived to come to market.

That suggests a fundamental misunderstanding of encryption.

On another point, the BBC mentions the revenue from selling DVD and audio recordings -- the profit from this is £182M. That compares to £3606M of income from license payers, at £145.50 each, thus about 25M licenses are sold. If every licence-payer paid an extra £7 we wouldn't need to protect that content. (Have I calculated that correctly?)

(Other broadcasters with different funding models might still want this system.)

HTML is fine, its all the crap on top of it

Flash, Java, Silverlight, take your pick.

As the world wide web has grown it has gotten more information and become LESS usable thanks to all of the crap loaded onto it.
Yes, I know I am falling into the old-school "Back in the day..." crowd here, but seriously- I have a 100mb internet connection now and compared to my old-school 14,400 modem back in the 90s average page load times are.... about the same.
The information I am able to find and use is also about the same.
The useless crap I have to sift through is now HUGE on the other hand, and it actually takes more time to find relevant information. I have to move past all the bad video posts, Twitter crap and asinine Facebook pages. And I haven't even mentioned the BS sites that do nothing but redirect seaarch terms to advert delivery pages.

Hell, I would rather go back to text-based internet browsing than be forced to "migrate to decent user interface technologies."
It's a web PAGE, pal. It should look and work like a PAGE.

Re:BBC not calling for legal sanctions

[OzPeter]

In other words there should be a "copyright" field in the metadata, so there is no doubt about it.

Ah .. so they finally want to implement the (almost) ten year old RFC 3514 IPv4 header!

Time for a new Internet.

[blcamp]

Because this will break it beyond repair.

Reality vs idealism: in reality, DRM doesn't work

It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences.

It's not about the evilness of DRM, it's about the fact that it's useless. Has there been a DRM in history that has not been cracked? Why spend energy on a useless endeavour?

The people pushing for this may believe it's worthwhile and useful (or rather the content licensees do), but I think most people on Slashdot are clueful enough to know better.

So besides placating the studio executives, are there any valid (ideally technical) reasons why DRM should be pursued?

Re:BBC is calling for legal sanctions

[FireFury03]

"However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it."

Not sure why you would defend the BBC, but that is pretty much the definition of a sanction. In fact it states quite clearly that the BBC is less interested in about how good the DRM is [they expect it to be broken], but whether anti-circumvention provisions is protected by law e.g. DMCA. It is just focused on stopping the people forced to pay for service in the UK having unrestricted access to the content they paid for.

The BBC has a rather bonkers idea about DRM anyway. For example, HD Freesat receivers are required to implemtn DRM on their output (i.e. HDCP on the HD output, no analogue HD output, etc.), even though the DVB-S signal they are receiving is transmitted in the clear anyway. All it does is inconvenience legitimate consumers - anyone planning on copyright infringement is going to find it more trivial to record the raw DVB-S stream rather than an HDMI stream anyway.

Similarly, iPlayer's DRM is so weak as to be completely useless, and yet they still use it and therefore insist on using the terrible Flash player instead of making the video streams available in a standard format that would work on all platforms. (The flash player is so bad that I invariably just use get_iplayer and then play it with mplayer).

Do I see a hole in the DRM?

[MathFox]

Nothing in the "Encrypted Media Extension" specs prevents or forbids proxying of both the key and the encrypted media stream to an external "decryption and caching" service. And all of the usual "how do we prevent the plaintext from leaking from the user's machine" questions are still in full force. It is unlikely that the W3C will get "effective protection".

What happened to the W3C?

[fritsd]

Here, read this: http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0137.html, this person puts it very clearly: WTF is the W3C doing trying to *hinder* an open accessible web? DRM is against what their purpose in life as an organisation is.

Did "the Director" die, or something??

HTMLMediaElement is ALREADY part of HTML

[AwaxSlashdot]

The proposal is to extend HTMLMediaElement (which is an ALREADY existing part of HTML) so it supports DRM in a standard way.
HTMLMediaElement is a specific DOM element that correspond to media elements (audio, video) and extends the standard element with media specific features: play, pause, length, volume, etc ...

The proposal is to recognize that DRMs are an widespread feature used in conjunction with media elements. As such, it is worth standardizing.

If the DOM accepts having play/pause features on a media element, it could also support DRM methods on a specialization of this element.

As you said, the implementation and enforcement of DRM is EXTERNAL to the DOM/HTML. Have you read the proposal ? I guess you didn't because the ONLY thing this proposal adds is a bunch of events and methods to allow javascript to provide the key to decrypt an encrypted flow.

Re:Focus on the specifics. "DRM Bad" is dumb

[peppepz]

Lets focus on the specifics of EME. "DRM Bad" is a gross oversimplification.

Interesting, let's see.

I think we can all agree that HTTPS is a good idea - it lets us securely communicate with our bank etc.

Indeed, that's because HTTPS has nothing to do with DRM, besides the fact that both use encryption. HTTPS serves the user, and the user has full control over it.

What if our bank wants to send us a video message, or we want to watch one of our home videos we've stored on a cloud server? Well, we could use HTTPS for that. But HTTPS requires the server to encrypt the content as we're streaming it... that's probably OK for those scenarios, since there won't be more than one person downloading the same video at once.

Exactly. So far, no uses for DRM. Let's hear further.

Now suppose a video store offers to sell us a video. Of course we'd use HTTPS to send our credit card details to prevent them getting intercepted by hackers. The video store might let us download or stream the video over HTTPS. But HTTPS requires the server to encrypt the content as we're streaming it, and if lots of people are streaming the same video the server will be very busy. What's more, since the server has to send differently-encrypted data to different people, they can't use a CDN to spread the load (unless they load their private key into all the CDN boxes, which would be insecure). The solution is EME with the "Clear Key" encryption: the store encrypts the video file once, and tells us to stream the encrypted video file over plain HTTP from their CDN. They then send us the key over HTTPS. The browser uses that key to decrypt the file. Note that there's no "DRM" anti-consumer stuff here - the consumer's web browser has both the key and the encrypted data, and could save those if they wanted to. It's just protecting the data as it flows over the network, like HTTPS does.

What you described is no DRM. The server is giving the user full access to the media, by giving the key to him. They could as well store the media inside a password-protected zip file, serve it over plain HTTP, then send the password for that file to the user. It would have achieved the same level of security. The point is that no media company will use such a model for distribution, because a single user could give away his password to all the other users, making the system ineffective. In fact, no user's right is restricted by this model, there's no "black box" software or hardware involved, there are no encryption keys ureachable to the user, there's no personal information of the user stored inside the media. This is not DRM and this is not what people are afraid of.

Now, EME does also have hooks for a full DRM system. It doesn't specify a full DRM system - it's just hooks so your browser could include a DRM system if it wanted to. Rather than getting the clear key over HTTPS, the browser can get some encrypted data that's passed to the DRM system. The DRM system then does it's thing and decrypts the video, presumably applying copy protection as it does.

So after you've talked so much about completely irrelevant topics, you dismiss the actual problem with three lines and no argumentation. You're actually worsening my concerns, because not only you're telling us that EME will force all content consumers on the web to implement DRM and pay for its implementation and its computational overhead, but also you're giving us reason to believe that the specification will be incomplete, and every content publisher will be free to implement or license a different digital restriction management system based on those "hooks", forcing the users to choose what content they want to access, or to implement or license all of the competing systems, as is already happening with DRM systems for digital television broadcasting.

The sort of companies who are going

Reality

[Sloppy]

How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00? Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

Arrghh.. Really? People can still totally misunderstand the situation this badly, in 2013?

The people who endure the things that you're talking about, also pay. The fact that they paid for the DRMed media, is why they have DRMed media. Nobody does anything like what you're talking about, to avoid paying.

People who don't pay, don't go through any of that. How much work am I willing to do to watch that movie for free? NONE. The free content is what works on a computer without any patches, rebuilding, soldering, etc; it works under normal conditions with normal hardware and software. That's the smooth, reliable case, and since anyone and everyone can work on it, there are many players competing against each other to be The Best.

The non-free DRMed content, is the stuff where the computer is always abnormal in some regard. Either the computer is actively hostile to its user (i.e. the user just accepts the absurdity of the DRM-compatible players' artificial limitations and their general lack of competitive features), or it's schizophrenic and (possibly) unreliable, due to needing to [appear to] serve two masters (the case you seem to be harping on).

There's not even a grey area worth speaking of. It's not a matter of "some non-payers have to deal with DRM and some customers don't." These are truly all-or-nothing scenarios, where the exceptions are so rare that it's not worth speaking of. Everyone who makes use of pirated media, is free from having to deal with DRM bullshit while they use that media. And similarly, everyone who does struggle with DRM, is always working with a non-pirated copy, which was paid for, unless you're talking about some fringe case of shoplifting or something like that. Don't you understand that?

So it's not a matter of keeping the honest honest. It's a matter of punishing and discouraging the honest for the "crime"(?) of being honest, constantly tempting them with the promise of how much nicer and easier things will be, if they defect.