W3C Declares DRM In-Scope For HTML

FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.

Reality vs idealism

[Agelmar]

It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences. DRM on the web is already a reality, largely using Flash or Silverlight (see e.g. Hulu, Netflix). However, both of these platforms face problems -- Silverlight in particular seems to have a rather uncertain future, Flash availability on tablets and mobile in general is largely non-existant. The poster asks us to "please use other applications when necessary" - is this really a good answer? That is going to lead to even less interoperability, and I would argue it hurts the web at a time when it's already fighting a serious battle against native apps that generally offer developers better control (of UI, no random GC pauses, actual threading models, etc). It's easy to say "DRM will harm the web", it's a bit harder to foresee what the eventualities of telling people "please go away and use native apps" are.

I expect this is likely not going to be a popular response, but in short please realize that this is not as simple as saying "DRM is bad". Yes, DRM sucks but I'd argue that in the long run, having a hobbled web platform losing out to native apps (see e.g. iOS) is going to suck more.

Re:Reality vs idealism

No. HTML, Hyper Text Markup Language, is a standard for describing documents. It is NOT the place to implement or enforce Digitally Restricted Media(DRM). Other applications already exist for this purpose and new application will also follow that can all be integrated into your HTML document if you insist on using it. But it belongs in an external application, not HTML.

Re:Reality vs idealism

DRM being bad is a not a "idealism". It's not some persons *opinion*. It's not like arguing about whether Inception was a good movie (it was).

DRM is faulty *by design*. This is a mathematical truth. And you either accept that truth, or you live in denial. This isn't a "weelllll, it's really annoying for business". Ok, so what? Gravity is really annoying for the American Airlines. Those are the breaks.

The hardware, at the most bottom layer (assembly), has the instruction: mov eax, ebx. This instruction copies data freely. All digital hardware has an equivalent function. You cannot do anything with computers without this basic function.

When you hold a computer, you are physically holding this magical copy instruction. This copy instruction does not know about copyright, or rights holders, or fair use, or DRM, or business models. It simply duplicates a digital value. No computer could exist without it.

So, how do you propose to remove this function, without destroying the computer in the process? It's, ultimately, impossible. You can make things very difficult -- that's fine! Because all you need is one bored determined hacker to break it (which must always be possible, as long as computers exist), and "unlock" the media. Then it will be traded freely.

The only way to stop it is to destroy the computer. Destroy the `mov ax, bx` instruction, that freely copies digital data. But the computer provides so much *other* value, that you can't do that either.

So you just have to live with it. And the sooner you realize that, and realize that this isn't about "idealism", but instead about a mathematical truth that people are living in denial about, the sooner you stop propagating this delusion that DRM is some sort of "solution". It's snake oil. Get over it. I know it sucks. It sucks for me too -- I make music. It sucks. Adapt, or die.

Re:Reality vs idealism

[ByOhTek]

What exactly would you consider a better technology?

Pure HTML is nothing more than an SGML derivative, like XML, and for the use of formatting, is not bad.
CSS, as a way of taking some of the ambiguity and potential for different interpretations on formatting, is also not bad.
JavaScript... OK, yeah, this language could be better. It has a lot of nifty features that can do more harm than good, and is missing one or two nice features (like good type identification, rather than prototype checking, which can have quirks in different browsers).

Everything else is a non-standard and/or proprietary add-on.

Can you think of a better alternative out there that fulfills all the same needs? About the only thing I can think of doing to improve it is replace JavaScript with python (mostly to fix the missing features), Java or C# - and then tweak CSS and HTML a bit to add a few extra features.

By the way, the needs of HTML, as far as I can observe:
To present data on a wide variety of systems, where presenting the data accurately is more important than minor (and even major) variances in formatting, as may be called for by the platform presenting the document(s).

Re:Reality vs idealism

[petermgreen]

Open standards and DRM are fundamentally incompatible. If you know how to decode something to display it to the user you also know how to decode it and save the results of that decoding to a file. Therefore any standard that includes drm will either be trivially broken (see conventional pdf "usage restrictions") or not truely open.

Re:Reality vs idealism

[the_B0fh]

Because you will get royally fucked over. That is why DRM sucks. You will now hand your over identity in order to be able to browse sites, etc. Google, Facebook, etc will now know who you are. Anonymity will be gone forever. Your browser will report on you all the time. Do you know what are web bugs? Do you think the equivalent DRM'ed version will not be there? Except now, because of DRM, it will know exactly who you are.

And don't even think of using different browsers, etc. Because of DRM, you will establish an identity through each of them, or you won't get to use DRM encumbered crap.

Seriously, this is really fucked up.

Re:Reality vs idealism

[Phrogman]

I couldn't agree more. HTML is for marking up the content we want to serve on a webpage. It should not be a means to enforce corporate digital rights, particularly when we have seen other instances where enforcing those rights meant "deny by default". Implementing something like this will require even more monitoring of every web browser. I am already tracked enough by dozens of websites who do so without my permission, then sell the results to corporations.

Re:Reality vs idealism

Because cross-platform implies open standards so that everyone is able to implement it on his platform. OTOH, DRM implies a secret component, so that only licensees can implement it. So DRM will only be available on platforms which are popular enough that the implementation pays off the licensing cost (assuming he is even able to get a license). And it will be completely unavailable on open source platforms because it is incompatible with open source.

Re:Reality vs idealism

[h4rr4r]

Because how would they not be?

DRM requires that there is some secret that you do not share with me. This means the implementor would have to port it to every OS and architecture since no one else could.

Re:Reality vs idealism

[BrokenHalo]

If we're going to go down the path of the internet being used solely for the purpose of a marketplace, I suspect I will continue my pattern of diminishing usage of it as the years go by. I was there right at the beginning when it was ARPANET and MILNET (and yes, I am even older than that). I understand that DRM has legitimate purposes, but so far, what I have mostly seen is its use to lock in consumers and restrict or deny (I'm looking at Amazon here) legitimate use.

If I am put in a position where in order to purchase certain content, I have to accept DRM encoding, the very first thing I do before I use the file is strip the DRM out. I call this future-proofing, on the grounds that some content providers (Amazon again) have been known to "take back" content, and on the grounds that a digital file should be subject to the same restrictions as a physical book, CD, DVD or whatever.

But I digress: in the earlier years of the internet, I used to spend a (probably too-)large proportion of my life online. Nowadays, having moved away from urban centres and needing to devote more time to getting a life (growing vegies, raising chooks etc) - and with an enforced bandwidth and traffic limit, I find it easier to keep a more distant perspective. So I no longer spend so many hours trawling the net for things hitherto unknown, and actually spend a few more hours at night in bed with my wife.

Re:Reality vs idealism

DRM is a broken concept. If it is possible to read or display the data anywhere, then it is possible to make a copy of that data.

No DRM schema will ever work, even if you make custom hardware to enforce it. How has custom hardware helped out the XBox? just solder a mod-chip on the motherboard and now you can run unsigned code. as soon as someone else has physical access to the hardware you can't stop them from altering it.

It only requires a single person to break your DRM for DRM free versions of your data to leak out. and many times DRM free versions are available before the official version is even released, meaning insiders were involved, so they can't even secure their own facilities.

In the end DRM is only punishing the honest customers and degrading their experience, it isn't even slowing down the "pirates".

Re:Reality vs idealism

[devent]

No it is possible: with legislation. That is why the BBC is calling for legal sanctions.
This will result in invading your privacy at home just like any DRM:

However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it.

Television is generally a more expensive medium than music to produce due to the amount of labour involved, and therefore for consumers to purchase. Business models that enable content to be available to them on a temporary (or rental) basis are usually able to do so at significantly lower cost than would be the case for permanent copies.

That is definite not true on the Internet. "Television" on the Internet is cheaper then permanent copies. Once the infrastructure is in place, you just pay for the bandwidth.

An example of this effect in action can be seen with the BBC’s iPlayer – by limiting the window of availability, the BBC is able to make content available for no additional fee to UK licence fee payers.

Yes because the current copyright model is broken. If the copyright terms were not astronomical high, the producers wouldn't be so greedy and would not impose artificial limitations by hiking up prices for unlimited availability. That is the only reason public entities like the BBC needs to artificial limit availability. There are no real cost in making a video available once or unlimited on the iPlayer.

We require the ability to securely identify a type of device, and enable or disable video playback based upon the answer.

Goodbye free operating system and free browsers. I can see a future where Mozilla needs to negotiate a license with the BBC (or any other producer) to be able to play their videos.

The ability to pass further restrictions to the graphics rendering path if available.

Goodbye your privacy, goodbye open source. Now every component needs to be verified that it is "trusted".

Instead, the high-quality video content that the broadcast industry produces will be made available only to closed devices and application stores where such security can be implemented.

It's just the same anyway. Either you close up the Web with DRM or you use closed solutions like Flash or Silverlight. What is the advantage for the Web again? There is no way under those conditions from the BBC that an open source browser like Firefox or open source system like Linux can operate.

Re:Reality vs idealism

[devent]

PS: Of course Richard Stallman was again all correct about cloud services: Cloud computing is a trap, warns GNU founder Richard Stallman

Now the DRM from the cloud services will be standardize. That will give legislators only more excuses to push such laws as the DMCA, SIPA or SOPA. "The proposed law will only make compliance with the W3C Media Source Extensions more easier. You do want your Youtube videos, no?"

Re:Reality vs idealism

[serviscope_minor]

I understand that DRM has legitimate purposes,

No it doesn't.

What it does is annoy the paying customer and serve as no impediment to the pirate.

Re:Reality vs idealism

[jellomizer]

DRM isn't fool proof. However it is a case of keeping the honest, honest.

How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

Are you willing to solder a chip to your hardware, risk breaking it?

Re:Reality vs idealism

[bzipitidoo]

DRM is 100% nonsense. Such schemes are bait for suckers who persist in thinking that ideas and laws for material goods are applicable to data, the ones that use the term "intellectual property" disingenuously. Of course authors deserve compensation. But being fair to content creators does not mean we should accept costly measures to prop up business models that are clearly broken. Abandon the Internet? Submit to inspections by piracy police paid for by ourselves? Ridiculous! The honesty most lacking is not the people's, it's the proponents of these copy protection schemes.

How much work are you willing to do to watch that movie for free

You're thinking of it wrong. It's not how much work any one person is willing to do, it's how much work we all are willing to do. Amortized over a world population of about 7 billion, the amount of work required to break DRM is trivial. Only takes one crack to break the DRM for everyone.

Is it worth trying different patches made by people of questionable ethics

The people with the more questionable ethics are the ones trying to impose DRM. I'm more worried about what their unpatched software does than the viruses that could be present in cracks. Remember the Sony BMG rootkit fiasco? The Turbotax boot sector mod? Windows Genuine Advantage, particularly the false positives it raised against legitimate installs? Ernie Ball's experience with the BSA? And once again, you're looking at it wrong. How long can a crack with a trojan go undetected? Only takes one person out of those billions to discover the problem. As soon as it's found out, it's game over for that trojan.

Are you willing to solder a chip to your hardware, risk breaking it?

I'm not willing to buy that hardware in the first place.

Re:Reality vs idealism

[jbolden]

It is not banks that are driving this. What banks what is generic HTML with security. Brokerages pretty much the same. Banks want your session to be secure, they are very well setup for securing their network against you.

Consumer entertainment is what is driving DRM.

Make those with the money pay

It seems like it should be incumbent upon those that want to restrict your freedoms to bear the full burden of that cost. That is, we do not help them develop a standard for this, and force them to do all the work necessary for their restrictions to try to propagate in the browser ecosystem via plugins, extensions, custom applications, etc.

I would never go so far as to restrict *their* ability to do so, but we should never EVER encourage such behaviour in open standards.

The standards committees should be spending their time (and money) developing technologies that would help people, rather than hinder them.

Trust Us

[overshoot]

Well, so much for open-source W3C-compliant browsers.

HTML is fine, its all the crap on top of it

Flash, Java, Silverlight, take your pick.

As the world wide web has grown it has gotten more information and become LESS usable thanks to all of the crap loaded onto it.
Yes, I know I am falling into the old-school "Back in the day..." crowd here, but seriously- I have a 100mb internet connection now and compared to my old-school 14,400 modem back in the 90s average page load times are.... about the same.
The information I am able to find and use is also about the same.
The useless crap I have to sift through is now HUGE on the other hand, and it actually takes more time to find relevant information. I have to move past all the bad video posts, Twitter crap and asinine Facebook pages. And I haven't even mentioned the BS sites that do nothing but redirect seaarch terms to advert delivery pages.

Hell, I would rather go back to text-based internet browsing than be forced to "migrate to decent user interface technologies."
It's a web PAGE, pal. It should look and work like a PAGE.

Re:BBC not calling for legal sanctions

[OzPeter]

In other words there should be a "copyright" field in the metadata, so there is no doubt about it.

Ah .. so they finally want to implement the (almost) ten year old RFC 3514 IPv4 header!

HTMLMediaElement is ALREADY part of HTML

[AwaxSlashdot]

The proposal is to extend HTMLMediaElement (which is an ALREADY existing part of HTML) so it supports DRM in a standard way.
HTMLMediaElement is a specific DOM element that correspond to media elements (audio, video) and extends the standard element with media specific features: play, pause, length, volume, etc ...

The proposal is to recognize that DRMs are an widespread feature used in conjunction with media elements. As such, it is worth standardizing.

If the DOM accepts having play/pause features on a media element, it could also support DRM methods on a specialization of this element.

As you said, the implementation and enforcement of DRM is EXTERNAL to the DOM/HTML. Have you read the proposal ? I guess you didn't because the ONLY thing this proposal adds is a bunch of events and methods to allow javascript to provide the key to decrypt an encrypted flow.