Defend the Open Web: Keep DRM Out of W3C Standards

jrepin writes "There's a new front in the battle against digital restrictions management (DRM)technologies. These technologies, which supposedly exist to enforce copyright, have never done anything to get creative people paid. Instead, by design or by accident, their real effect is to interfere with innovation, fair use, competition, interoperability, and our right to own things. That's why we were appalled to learn that there is a proposal currently before the World Wide Web Consortium's HTML5 Working Group to build DRM into the next generation of core Web standards. The proposal is called Encrypted Media Extensions, or EME. Its adoption would be a calamitous development, and must be stopped."

Not putting in DRM isn't going to eliminate DRM

[YesIAmAScript]

It's not going to knock DRM off the web.

So why not put in a way for it to be done in a standard fashion?

Putting the ability to serve DRM content into HTML is not going to close the web.

Re:Not putting in DRM isn't going to eliminate DRM

[slackware+3.6]

A standardised DRM means everyone will use it.
If everyone uses a different standard it slows the spread of DRM and makes it more difficult for those who wish to use it.

Re:Not putting in DRM isn't going to eliminate DRM

[Shikaku]

Can't we just make an IE/Firefox/Opera/Chrome add-on and be done with adding the DRM? If people want it they can install it themselves.

Re:Not putting in DRM isn't going to eliminate DRM

[Jah-Wren+Ryel]

A standardised DRM means everyone will use it.

In no way do I support the idea of DRM in the HTML5 standard.

But... There is an upside to having everyone standardize on one form of DRM -- once it is cracked it is cracked for everything

I don't think that comes anywhere near balancing out the societal costs of ubiquitous DRM, but it ain't completely bad.

Re:Not putting in DRM isn't going to eliminate DRM

[Dahamma]

The problem is that the standard DOESN'T do it in a standard fashion. It only opens a standardized CONNECTION to DRM implementations.

Wait, so it's an open standard allowing any pluggable DRM implementation, and people are claiming to be against it in the name of open standards?

Honestly, do you know what preventing DRM in HTML5 is going to do? It's going to keep the existing PC DRM solutions (Flash and Silverlight) alive and competing with HTML5 for a long time. Put proper DRM in HTML5 and both of those technologies are effectively done (and good riddance!)

Re:Not putting in DRM isn't going to eliminate DRM

[tlhIngan]

A standardised DRM means everyone will use it.
If everyone uses a different standard it slows the spread of DRM and makes it more difficult for those who wish to use it.

No, it doesn't. We already have proof of it. In the form of flash video with DRM, and silverlight video, with DRM. Both were extremely popular, and everyone had Flash and Silverlight installed so they could watch their DRM'd videos.

Now, is this a better outcome than having it as a standardized system? Consider all the flash vulnerabilities and silverlight vulnerabilities - everyone had to have them installed after all.

And no, your opinion on DRM is not going to matter - if people provide useful content DRM'd like this, people will just install whatever.

And frankly - what really keeps someone from taking Firefox and modifying the EME handler to instead of playing it in a video box, dumping the unencrypted content to a hard drive? Putting them in the HTML spec means the browser handles it, and honestly, I trust the browser vendors more than Flash or Silverlight. At least the browser gives you control.

Re:Not putting in DRM isn't going to eliminate DRM

[AmiMoJo]

It would seem to exclude open source software from essential web standards though, which is clearly bad. You can't implement a secure rendering path in open source software, can't hide secure decryption keys in it (even commercial BluRay players find that hard).

It's bad enough that we have to deal with Flash.

Re:Not putting in DRM isn't going to eliminate DRM

[andrew3]

Suppose a user sends me a threatening message on some site online. With DRM I can't save it. Suppose I want to save a video so I can play it later (maybe I need to play it offline for my assignment work). Again, if it's DRM'd I can't do that. I don't want my computer to work against me, and I don't think that should be a "standard".

Perhaps the better question is why should DRM be a standard? Why should computers disobey their owners for the sake of corporate greed? Why do media companies pretend that the world will end if DRM isn't added to HTML5?

It might also help to read what media companies have proposed for HTML5 DRM. The BBC wants to be able to take legal action against anyone that bypasses the DRM (even if the user isn't infringing copyright itself).

Re:Not putting in DRM isn't going to eliminate DRM

They should release free work, get a following, and then get their next project funded beforehand from this following. Donations also welcome from people who enjoy the result. Problem solved.

Re:Not putting in DRM isn't going to eliminate DRM

[peppepz]

The same thing could be said for the whole internet. Why put "art" on a separate plane? Everything that you can access on the internet has value. Books, news articles, scientific papers, software applications. Yet the internet has been developed to be open, and it was a success.

People who want closed communication channels can already build them, and the onus is on them to specifiy and maintain them outside the open web.

EME will not give "people that prefer to pay for exclusive non-corporate art a standard way to get that", because it doesn't specify a real encryption method. It's just a standard hook allowing portions of web pages to be decrypted by non-standard binary plugins. In fact, besides Google and Apple, it's being proposed by Adobe. They don't want us to get rid of flash, they want, respectively, one more reason to put "works only with Chrome" banners, a way to put the lockdown of flash into iPhones without having to implement the whole plugin, and a way to keep selling binary plugins without having the burden of having to maintain a presentation layer that with the advent of HTML5 has become less attractive.

Re:Not putting in DRM isn't going to eliminate DRM

[peppepz]

There is no standardization of DRM going on. What is being standardized is just a plugin scheme, like the one allowing Flash to be embedded inside web browsers. Once hackers crack, say, Google's "SecurChrome browser", sites will be able switch to Adobe's "Bolt plugin" or Apple's "iLockedDown platform", or just require customers to upgrade to "SecurChrome 2.1 SP3" which will be using a new encryption method or will implement a new kind of surveillance.

Re:Not putting in DRM isn't going to eliminate DRM

So "the last thing" we want is to let poor people have access to culture and education?? Even if it does not cost anyone a penny to just give it away since they were not going buy it anyways? Yes, lock them in cages and set up overseers with whips to make the lazy bastards work! And we can only pay them to enough to make the ends meet.

Re:Not putting in DRM isn't going to eliminate DRM

[peppepz]

Encryption standards are being specifically excluded by the EME proposers because they're not in their interest. It's not a first step, it's a final one. Read for yourself W3C's plublic html mailing list archives to hear directly from the protagonists who wants to do what.

Re:Not putting in DRM isn't going to eliminate DRM

[Pi1grim]

Because DRM shall be cracked. Deal with it. So it will not stop the pirates. But it will annoy the consumers. I don't want to help corporations come up with better ways of infridging on my rights to backup, store or copy (for fair use ends) the information, that I legally obtained. I don't want crappy spyware being a standart and implemented in every browser. What I do want, though, is to be able to view/play/listen to the art that I legally obtained, give it to my children and not depend on some vendor, that I bought it from to not go out of business rendering my collection of art useless and nothing but a bunch of random bytes, as I would be unable to crack the DRM legally in US.
Wallmart music store buyers learned the lesson. Others will soon enough.

Re:Not putting in DRM isn't going to eliminate DRM

[hairyfeet]

Because you will have no choice but to ban Linux or lock it down? Frankly I've been predicting this one for a couple of years, its why both Apple and MSFT were quick to jump on H.26X over WebM or Theora because they both know the future is locked down media that the masses want and FOSS by its very design isn't DRM friendly.

But the reason why it can't work on Linux without some sort of code signing and/or hardware based enforcement is actually rather simple, for DRM to work it has to have some way to trust the system is enforcing its rules. with Apple and MSFT the kernel can't be altered by the user therefor the DRM can see that the kernel isn't altered and "trust" it for lack of a better term. With FOSS you can recompile any part of the system to "lie" to the DRM and say "Sure its going straight to the screen, no worries" while in actuality the "screen" is really a file. This again was by design as RMS made the GPL to be USER not developer friendly, if the developers like it fine and if not tough shit because ultimately with FOSS the user has the most rights.

So while I can see why many are getting their panties in a twist as this will make media content pretty much limited to the big three (I predict Google will lock down Android so they can play the content, Google has been very careful to only allow GPL V2 which has the TiVo loophole) I hate to say this but...you deserve it. I'm sorry but you do, when the public made Apple the biggest corp on the planet while they had some of the most user unfriendly policies you said to the corps "Hey we'll put up with anything that is hip and shiny" and now they are just giving you what you voted for with your dollars. See how MSFT has become a bad Apple clone, everyone is tripping over themselves to crank out iPad ripoffs, hell even Canonical has gotten in on the game with UbuntuPhone.

So while I wish it wasn't so, I personally screamed bloody murder at H.264 replacing Flash instead of an open codec like Theora or WebM honestly? its too late, you are wasting your breath, the masses have spoken and the future is gonna be glorified game consoles. The corps will decide what you can do and when you can do it and the masses will slurp it up because it means they never have to think or care about what they run and whether it has a viruses because mommy corp will take care of things for you. Frankly the future is REALLY gonna suck guys, the web that was free and open is gonna go the way of Gopher and BBS and in its place? A giant home shopping network. Man its fucking depressing but when people are willing to hand over billions to those that are control freaks like Apple...what do you expect?

Re:Not putting in DRM isn't going to eliminate DRM

[Pi1grim]

You, sir, are so misguided I don't know where to start.
Computer is not "a free ticket to whatever you want off the internet", this is where you are right. The only place where you are right.

Computer is a machine. In my possession, the one that I bought for my purposes. And I want to be in control of it. Because it is a machine, a tool that I use to achieve certain goals. Computer is a tool to work with information, this is the only thing it's good at. I don't want anybody telling me what I can and can't do with it or crippling it's functionality. DRM is crippling my computer to prevent me from exercising my rights as a consumer to backup a copy in case of a computer malfunction or watch on any other device that I own. It is designed to make me pay several times for the same thing.

Binary code is not DRM in any of it's form. It doesn't prevent me from copying it, disassemble it or running it after the company, that produced the binary is bankrupt and erased from history.

And yes, I dislike DRM, I don't use it, and as hell don't want it as a standart in a browser. If corporations want to cripple my browser and PC and make it work for their ends, not mine - they can struggle with it themselves, frustrating users more. Community has no stakes in it and should not waste it's resources trying to sugar-coat the poisonous pill that they are trying to make us swallow.

Re:Not putting in DRM isn't going to eliminate DRM

[FredAndrews]

DRM actually restricts what people can do, so it hardly encourages creativity. You might argue it helps support a revenue model to reward creativity but this is a separate matter. If people can not exercise fair use rights then this limit creativity. If people are restricted in how they use the content in their own privacy then entire ecosystems are eliminated that produce innovative ways to better use content in your own privacy.

Re:Not putting in DRM isn't going to eliminate DRM

[andrew3]

I just want to control my computer

that has nothing to do with DRM... learn a programming language

DRM is a system designed to prevent users from controlling their computer. DRM has everything to do with control.

there's nothing stopping people from using or downloading DRM-protected content... if you do it legally

Actually, there is. You must (a) run their software to do it (technical restriction), and (b) agree to a contract (legal restriction). "Use" is essentially defined by whoever wrote the software. The content is crippled so only one or a few programs can run it. And you can download a DRM'd file, but that would be useless on its own. The system that plays it could easily refuse to play it.

if you have a problem with that, it's pretty obvious that your preference is to download content illegally

No I don't. And you should also remember that fair use and fair dealing are legitimate uses of content which DRM inherently prevents.

I wouldn't create a program and not release the binary without the source code

that would be your choice, not the user's

Sure, but I think users should choose to only use free (-as in freedom) software.

the programmer/artist/musician/tv studio should have the choice whether to release their intellectual property freely or not...

I think I should be able to control my computer. I don't think a media company should be able to command my computer.

By "intellectual property" I would assume you are talking about a potentially copyrighted work, since "IP" is an umbrella for lots of other laws. Keep in mind that public domain works can be crippled with DRM as well, not just "IP".

Re:Not putting in DRM isn't going to eliminate DRM

[sjames]

Fine and dandy, but why should MY computer obey them rather than me? THEY didn't pay for it.

Re:Not putting in DRM isn't going to eliminate DRM

[andrew3]

some people do want access to DRM protected content

Some people want access to content and will do just about anything to get it. That doesn't mean they want DRM itself.

Re:Not putting in DRM isn't going to eliminate DRM

[Loki_666]

Wouldn't that be a wonderful thing? If free copies of cars could be created without cost? Just imagine how much money people would save! They are expensive items. They then could use that money for other things that they want/need.

But if you can replicate cars at no cost, then you could probably replicate just about anything at no cost, and then, that is heading down the road to utopia, where anyone can have just about anything they way for free. Awesome. Of course, there is a danger in such a society as well, that of the Lotus Eaters, but that's a problem for tomorrow. The economics of scarcity still dominate the minds of those who run businesses. They need to realize in the age of the internet and electronic good, they need to change to the economics of unlimited supply, which requires a completely different business model.

Re:Not putting in DRM isn't going to eliminate DRM

[spongman]

Yay, free cars.

But until the star-trek utopia arrives the people that used to make those cars now need a new job...

Re:Not putting in DRM isn't going to eliminate DRM

[progician]

Let me break down for you:

1) "You have never owned a song."

Sure, but we're talking about a recording of a song, not the song itself. The song obviously belongs to the artist as long as her copyright holds, but the copies of the recording is a different matter. It is produced by no additional cost, no additional effort by the artist. It is not produced and not distributed by the artist, so she can't claim rights over it.

2) DRM isn't about the artists anyway, but about big publishers who has the budget to pay for such a abomination (both for the legislation and buying the technology) and the legal department to enforce it. DRM is supposed to bring back the scarcity of physical items in to the world of copying, that is, digital technology. It is breakable, but it reduces the users computer in to a shopping mall terminal. This fills any computer nerd like me with a growing anger that the average user don't understand the basic concept of digital computing, and that is being exploited here. This is akin to illiteracy, that would be supported, lobbied and legally enforced by large corporations only for their profit motif.

3) "Artists actually want to qualify their buyers. "
Well, what they want, and what they deserve is two thing. As long as the item they are trying to sell contains their own effort, that's their choice. However, once they release something in the public, like putting a painting on public square, it would be just stupid if they seek court order against people taking photos of it. Similarly, once they release their music, film, book in the public in any form, it's just as ridiculous to try to control copies of the original.

4) "We now get to the core value proposition to you of why an artist made that song, and why you feel he should continue to make songs."

No, that is not at core of this issue. I don't think anybody minds if musicians get paid for what they are doing as longs as it is valued by their audience. The problem is twofold here:

First, making free copies paid for, and for this goal, misleading the general public, pushing through laws that deny the nature of a technology, cripple devices is criminal, deceptive and wasteful. The only people who benefit of this are the publishers and their consumers are, consciously or not, but on the bad end of the deal.

Second, it isn't really the artist and his income that we're talking about. But publishers reducing their cost converging to zero, and they lobby laws in order to keep up with the revenue stream. This is called fraudulent behaviour, it is distortion of the market, indeed, it is a money they get for only successful lobbying, not for what they are producing. And compared to the income need of a single artist, or a band, or even a film, they are massively needy middleman without any justification. The whole idea of instant communication makes them completely useless: artist can promote their work for their potential audience so easily, that they could do it even without using external labour. So they turned in to a massive legal department to maintain a revenue stream without doing any worthy labour. They are indeed socially counter-productive just like any mafia that collects protection money from shopkeepers and they are no better.

Dude, you're just sick if you defend this scheme.

Re:Not putting in DRM isn't going to eliminate DRM

[progician]

What free market are you talking about? DRM is not a technical concept, it is a legal one thus has more to do to politics than to market.

Re:Not putting in DRM isn't going to eliminate DRM

[cheekyjohnson]

Screw paying the artist.

Who says the artist will be paid if he/she uses DRM? Even if DRM worked, I don't think it justifies the controlling, harmful nature of DRM.

But I really have no idea where the guy said that artists shouldn't be paid.

Re:Not putting in DRM isn't going to eliminate DRM

[progician]

Gee. People just don't get do they? These pesky nerds can't understand that economics of of physical copies must be preserved at all cost. Because economics doesn't change, does it? It is the same as it was in a century or two ago. Or a thousand years ago.

Wake up man! Things are changing all the time. If people don't get your "economics" perhaps it is so because it is not beneficial or useful any more. I guess, the world of computers must be scary for you. All those copy with not price tag on them. Gee.

Re:Not putting in DRM isn't going to eliminate DRM

[bWareiWare.co.uk]

I am afraid you are confused.
SSL and safely storing bank documents are jobs for encryption and this works very well. Basically you send a lockable chest to your bank but retain the key, they put your documents into it, close the lock, and send it back. Ensuring that only your key can open it. This is absolutely vital to modern society, but isn't a type of DRM.
DRM usually requires encryption, but also something else. The content producers send their content in a locked box and then try and send the key to your computer in a way where the computer can use it open the box and play back the content but you can't use it to open the box and take the content out. This is obviously logically impossible, which is why you are always hearing of DRM schemes being broken just to watch a film (conversely if you could break a modern encryption system you could literally steal all the money in every bank in the world).
So logically you can't actually implement DRM in closed source software, but with sufficient obfuscation you can get close (Intel literally burns some of the key into a special chip on your motherboard which makes finding it extremely hard). If you are open about what you code is and dose, that includes telling people where you hare trying to hide the key, making the game of hide and seek a bit shorter.

Re:Not putting in DRM isn't going to eliminate DRM

[geminidomino]

I'll just mention the OOXML clusterfuck, and refrain from commenting on "stupidity" and "glass houses."

Re:Not putting in DRM isn't going to eliminate DRM

[BrokenHalo]

No-one really wants DRM except for some of the bigger and nastier corporations. And as TFS mentioned, it does nothing to make sure the artists get paid for their work.

The best way to ensure that is for them to either distribute it themselves or to sell it through one of the less-evil marketplaces (for instance Magnatune comes to mind). I personally prefer the former, since I like the warm fuzzy I get from the feeling that I am paying the artist directly, but I completely understand if they can't be bothered with the learning curve involved.

Re:Not putting in DRM isn't going to eliminate DRM

[Ash+Vince]

No-one really wants DRM except for some of the bigger and nastier corporations. And as TFS mentioned, it does nothing to make sure the artists get paid for their work.

The best way to ensure that is for them to either distribute it themselves or to sell it through one of the less-evil marketplaces (for instance Magnatune comes to mind). I personally prefer the former, since I like the warm fuzzy I get from the feeling that I am paying the artist directly, but I completely understand if they can't be bothered with the learning curve involved.

I know that is the overwelming perspective you see on slashdot, but believe me there are plenty of people who want DRM who are not just big nasty corporations. Some people (myself included) see no problem with a technology that prevents unauthorised viewing, use or copying of something provided it does not interfere with legitimate users in any way.

If the DRM on DVD's let me watch a movie I had purchased in any country but simply stopped me creating copies for other people I would have no issues with it. Unfortunately they try and use DRM to restrict legitimate uses like playback in another country.

I actually resent when other people get something for free illegally when I had to pay for it to obtain it legally, if someone invented a perfect method of DRM that only stopped freeloading little jerks watching movies without paying for them but did not effect me (as a paying customer) at all I would be all for it.

Re:Not putting in DRM isn't going to eliminate DRM

[hazah]

I hate to break this to you, but the world isn't ideal and it's not how it works. Besides, the whole concept of telling people what they can or cannot *see* or *hear* is absolutely asinine. Only people who don't agree seem to be the same people who can't get it through their thick skulls that they're fighting human nature and reality as a whole.

Re:Not putting in DRM isn't going to eliminate DRM

[maxwell+demon]

I know that is the overwelming perspective you see on slashdot, but believe me there are plenty of people who want DRM who are not just big nasty corporations. Some people (myself included) see no problem with a technology that prevents unauthorised viewing, use or copying of something provided it does not interfere with legitimate users in any way.

It is impossible to have effective DRM which doesn't interfere with legitimate users.

Let me repeat: Impossible.

First, to enable everyone to watch content they paid for on any capable device they want to, the DRM would have to be implemented on every system under the sun. Remember why the CSS encryption of DVDs were cracked? No, not in order to enable people to distribute unauthorized copies of DVDs. Just in order to watch legally owned DVDs on Linux systems. If there's a legitimate thing which you may want to do with a DVD you own, it is to watch it, wouldn't you agree?

Another example: Taking a single screen shot from a movie is usually considered fair use. Therefore if the DRM scheme doesn't permit it, it will interfere with legitimate use. But if the DRM permits it, then it will be ineffective, because you could simply screenshot every single frame, and put those images together into a copy of the movie (of course, you'd also have to somehow copy/re-add the sound track).

Yet another example: As soon as the copyright ends, everyone should be able to use the work freely (that's the whole point of the copyright ending). However, the DRM will not end. And how exactly is it supposed to end at the right time, especially given that the end of copyright differs in different legislations, and may be changed at any time (OK, the copyright changes in the US are quite predictable: Just look when Mickey Mouse copyright would end, then the copyright period will be extended)? And if the scheme relies on an external server, it interferes with legitimate use in that you won't be able to watch the content any time you cannot reach the server, for whatever reason. Also, it wouldn't really solve the problem anyway, because what incentive would the company have to keep the server running after the work is out of copyright, if it only handles permissions anyway afterwards? And of course, what happens if the company goes bankrupt? Who is going to operate the server? Of course you could make your DRM so that if the server is unreachable, it is assumed that you have the right to play the content. That would remove the problems, but it also would remove any effectiveness: Just block access to the server at your router, and you have unlimited access.

So let me state the point again in all clearness:

Effective DRM which does not interfere with legitimate users is impossible.

Re:Not putting in DRM isn't going to eliminate DRM

[bWareiWare.co.uk]

That is precisely the problem. You could require that the doctor can only see your medical records in special bunker under the Pentagon, after he has submitted to a full cavity search and provided 20 forms of ID. It doesn't have any bearing on whether the next day he phones up his friendly drugs rep. to say he has an interesting new case. If you share information with someone it have to TRUST them to use it wisely, the is no technology that will help with that.
Sending records securely over the public Internet is a solved problem and most people manage to do this every day. Storing records securely is also solved, though this is less uniformly applied. Trying to give people information (digital or otherwise) and then controlling precisely what they do with that information is quite simply impossible.

Re:Not putting in DRM isn't going to eliminate DRM

[geminidomino]

Standardization is good, even when standards come from Microsoft

Not when the standards are incomplete, and the missing parts are kept locked up, like what happened with OOXML. Then you get "standards" without interoperability, which removes every benefit of the standard for everyone else while giving the crafter undue influence because of it.

Let em do it...

[Fluffeh]

It will just be another technology that ends up falling on it's face while sucking money out of the corporations while they try to get it adopted as the mainstream or most adopted technology. If they are good for all, they will get used. If they aren't, why on earth would a developer use them? Every W3C set of standards has a bunch of tags that no-one in their right mind uses - or they come up with great new ways to get what they want out of them. I mean as an example (though it never made it into W3C) but look at Silverlight, Microsoft tried to take the market away from Flash, invested heavily into Silverlight, no doubt paid a LOT of developers to use their stuff, I found for a while a bunch of free downloads that "asked" to install Silverlight along with their code.

Look at these stats:

According to statowl.com, Microsoft Silverlight has a penetration of 64.16% on May 2011. Usage on July 2010 was 53.54%, whereas Adobe Flash is installed on 95.26% of browsers, and Java support is available on 76.51% of browsers (May 2011); these statistics makes Adobe Flash the market leader in terms of penetration.[20] As of 26 August 2011, 0.3% sites are using Silverlight,[21] whereas site usage of Adobe Flash is around 27%.

Taken from http://en.wikipedia.org/wiki/Microsoft_Silverlight#Adoption

Re:Let em do it...

[Dahamma]

Yeah, but counting "the number of sites" using Silverlight or Flash is silly. Netflix is one of those sites, and it's the single largest streaming video, DRM, and bandwidth user on the planet by a huge margin.

If HTML5 adopted a studio-approved DRM solution Netflix (and most other streaming providers) would drop Silverlight and Flash in a heartbeat. There is definitely something to be said for that...

Re:Let em do it...

[AmiMoJo]

That wouldn't help free software though because you can't implement DRM at all securely and be open source. There will have to be some method of validating the client before the site trusts it, and clearly they wont trust anything you compiled yourself or an OS that doesn't implement a secure graphics path.

Regional Control

[RedHackTea]

Stuff like this wouldn't be so bad if we didn't know how much an asshole these companies have always shown themselves to be in the past. Media stored on the cloud or a computer became fantastic for me because I didn't have to worry about a DVD working in the USA but then not working in another country. That means if you ever move to another country that you will have to re-buy every DVD in your collection. Fuck that. Now, I bet they'll add the same type of control here. You must buy a DRM for your specific country or even more ridiculous restrictions than this (like fast forwarding as mentioned in the article, etc.).

The rich get richer, and the poor get poorer. The free get freer, and the shackled get deader.

Re:Regional Control

[wagnerrp]

No. Stop thinking there is any silver lining to DRM. No open standard can EVER require DRM, as doing so would immediately mean they are no longer open. In order to properly implement a secure DRM mechanism, the entire code path from the time the content is decrypted to the time it shows up on the display must be secure. That's not secure from outside intruders, like ssh, mind you. That is secure from the user themselves. That means the DRM package, the browser, the kernel, the X11 server, the graphics drivers, the graphics firmware, and the display firmware must all be signed binaries. They don't necessarily need to be closed source, but they must be verified and signed as secure by the DRM licensing agency. They may as well be closed source, since the user will never be able to modify and recompile the source, and still be able to access DRM'd content. Once you cease being able to write or download and run your own unsigned software on your own computer, it ceases to be yours.

I'm for it.

The reality is that some apps (like Netflix) require DRM. Why not offer a standard way to do it?

Re:I'm for it.

[quadrox]

There are many people like you who think that steam is DRM done right. But by the very definition, DRM is always a burden to the legitimate purchaser, and only to him, it can therefore never be done right.

Sure steam works pretty well, but I can tell you it really does not agree with me that valve reserves the right to forbid me access at any time for any reason. Yes I know, valve is not evil (in that particular sense) and won't just disable my account on a whim. But it makes no difference - for all I care Valve could be led by heavenly saints, but when I make a purchase the seller should not have any right at all to hinder me in making use of my purchase. There cannot be any argument about this, it is just wrong.

DRM is evil. By accepting DRM you are making life harder for everyone else, because you show the companies that they can get away with it. This truly is a black and white issue, there can be no neutral stance on it.

NO

[technosaurus]

1 standard is better than 1000 crappy implementations - if you don't like it just disable it like you do any other browser option and you'll never be burdened with DRM'd content.

Re:NO

[peppepz]

1) There is no standard for encryption. It's just the plugin scheme which is being standardized, so you WILL have competing standards. Hint: Adobe is one of the proponents of this standard.
2) DRM can't be implemented by open-source applications, and it can be implemented only weakly on open platforms, so content providers will still have the option to tell you "sorry, you can only watch our site on non-jailbroken iPhones or non-rooted Samsung-branded Android phones" - in a standard way.
3) We're not talking about defining a standard for DRM, we're talking about putting DRM in the standard that EVERYONE has to implement in order to talk "the Web". So everyone is burdened by this proposal.

Re:NO

[Microlith]

No, you'll have 1000 crappy DRM modules running in the background, exposing you to all of their flaws and limiting you to the platforms they support.

This solves no real problems, except to shift them from Flash/Silverlight to an unknown, black-box module.

Must *NOT* be stopped.

[Guspaz]

Look, I don't care if YOU don't want to use DRM'd services like Netflix, but some of us DO, and we'd like to be able to use these sorts of services without proprietary plugins like Silverlight dictating what operating systems we can use it on.

I'm a realist. DRM is idiotic and useless, but the people holding the cards are too dumb to realize that. If that means that I have to accept unobtrusive and transparent DRM to view content because of that, so be it. DRM done right doesn't get in the user's way, and a standardized form of DRM will help keep it from getting in the way. This needs to happen.

Re:Must *NOT* be stopped.

[peppepz]

Look, I don't care if YOU don't want to use DRM'd services like Netflix, but some of us DO, and we'd like to be able to use these sorts of services without proprietary plugins like Silverlight dictating what operating systems we can use it on.

Sorry, but it's YOU who want to use DRM'd services who must not drag other people into paying the price of your DRM. And by paying the price I mean the added complexity which I will pay to develop, the computational overhead which I will pay with my energy bill, and above all, the platform lockdown which is necessary to support a minimally meaningful DRM subsystem which I will find in the devices I bought. Define all the standards you want, but don't put them into HTML.

I'm a realist. DRM is idiotic and useless, but the people holding the cards are too dumb to realize that. If that means that I have to accept unobtrusive and transparent DRM to view content because of that, so be it. DRM done right doesn't get in the user's way, and a standardized form of DRM will help keep it from getting in the way. This needs to happen.

Then as a realist you need to know that EME is nothing like that! EME does not specify a single standard, but rather an unified framework allowing binary-only plugins or incompatible binary-only browser implementations dictate what parts of HTML pages you're allowed to save on your PC, depending on who you are, what you're doing and what operating system you're running. In other words, it's just like the Flash plugin without the presentation layer. And unlike Flash, it won't be possible to implement it with open source code.

The line in the sand...

[SwampChicken]

....has been drawn my fellow geeks.

I can't believe what I'm reading.

[kermidge]

When I see comments on the inclusion of Digital Restriction Management in Web standards couched in approving tones, I know that I must be getting old. To me the only valid use of DRM in the long term is as an answer to a trivia question on screwy 'net practices of the late 20th and early 21st centuries.

If in the interim DRM is deemed necessary for some things by some people then incorporate it in a desktop or browser widget as is currently done, say, for Netflix.

And no, I haven't any wonderful answers to all kinds 'good' questions on this, or any deep thoughts on this and the related larger issues; it's just my old fart reaction.

When I bought a book, it was mine. When I used a camera it wasn't locked in to one film manufacturer. Anything with an engine would happily use any brand of gasoline of the correct octane range. When I found that a DVD player/burner I had bought was region-locked, I half flipped. Ditto, when terms of 'sale' for a program I bought on CD forbade making an archive copy.

But then, when I went to see a movie at the theater the thought to bring a movie camera never crossed my mind.

Oh, yeah, just for grins: take Netflix for an example - it uses some kind of DRM, right? (Yeah, I know it does, 'cuz I had to fire up an vm of XP to install Silverlight - until an enterprising duo came up with a wonderful change to Wine that lets me use Netflix from my Ubuntu desktop.) So then, just how many of the protected movies on Netflix don't have torrent or magnet links somewhere? If the answer is few to none, then WTF is the use of having the DRM?

Re:Oh, the horror!

[Microlith]

All the DRM shills are out in force tonight.

You'll still need a plugin. Something has to decrypt the video stream, and that thing HAS to be closed source. Aiding and abetting DRM will simply give those who wish to use it even more power. So you will hasten the demise of Flash and Sliverlight, so what. You will introduce a browser-level means for encryption, which could readily (and if this goes in will be) used to force encryption on entire websites.

This solves ZERO problems. None. I suspect, rather, it will introduce even more closed binary modules on systems with even weaker cross platform support and even more security holes.

EME == Active-X on all web browsers

[knorthern+knight]

EME is proposed as an API, allowing "binary blobs" to execute. That's ***EXACTLY*** what Active-X does in Internet Explorer. Just like Active-X, the binary blobs won't be a complete stand-alone OS. Instead, they'll hook into your operating system, with high privileges. That means that the binary blobs will be OS-specific.

I can see compromised websites popping up with requests to load codec-XXX to "See Sexy Suzy Stripping". And there'll be a lot of idiots who'll fall for it.

What's next?

[ElusiveJoe]

Next thing they'll add will be DRM for web pages, so you won't be able to view the HTML code.

I mean, WTF? Millions of $$$ were invested in the web page, and now some greasy nerd can view it freely? Protect! Protect! Intellectual property!

No open source. +1

[leuk_he]

+1 to the open source part. The code may be opn source, but the builds need trusted clients you cannot put in the public domain.

That is my main objection. Only trusted (big) players will get the decryption keys. And DRM has the feature is starts to spread. It starts with dycrypting the stream, then the renderer needs to be trusted. Next the HDCP link to the screeen, and if there was an option to encrypt the screen to eyes link, someone will build it.

Open sourcing, and freely building, any of the components in the path will result in a leak of the content. the end result is that the entire environment gets getting more closed.