Defend the Open Web: Keep DRM Out of W3C Standards

jrepin writes "There's a new front in the battle against digital restrictions management (DRM)technologies. These technologies, which supposedly exist to enforce copyright, have never done anything to get creative people paid. Instead, by design or by accident, their real effect is to interfere with innovation, fair use, competition, interoperability, and our right to own things. That's why we were appalled to learn that there is a proposal currently before the World Wide Web Consortium's HTML5 Working Group to build DRM into the next generation of core Web standards. The proposal is called Encrypted Media Extensions, or EME. Its adoption would be a calamitous development, and must be stopped."

Not putting in DRM isn't going to eliminate DRM

[YesIAmAScript]

It's not going to knock DRM off the web.

So why not put in a way for it to be done in a standard fashion?

Putting the ability to serve DRM content into HTML is not going to close the web.

Re:Not putting in DRM isn't going to eliminate DRM

[slackware+3.6]

A standardised DRM means everyone will use it.
If everyone uses a different standard it slows the spread of DRM and makes it more difficult for those who wish to use it.

Re:Not putting in DRM isn't going to eliminate DRM

[Jah-Wren+Ryel]

A standardised DRM means everyone will use it.

In no way do I support the idea of DRM in the HTML5 standard.

But... There is an upside to having everyone standardize on one form of DRM -- once it is cracked it is cracked for everything

I don't think that comes anywhere near balancing out the societal costs of ubiquitous DRM, but it ain't completely bad.

Re:Not putting in DRM isn't going to eliminate DRM

[Dahamma]

The problem is that the standard DOESN'T do it in a standard fashion. It only opens a standardized CONNECTION to DRM implementations.

Wait, so it's an open standard allowing any pluggable DRM implementation, and people are claiming to be against it in the name of open standards?

Honestly, do you know what preventing DRM in HTML5 is going to do? It's going to keep the existing PC DRM solutions (Flash and Silverlight) alive and competing with HTML5 for a long time. Put proper DRM in HTML5 and both of those technologies are effectively done (and good riddance!)

Re:Not putting in DRM isn't going to eliminate DRM

[AmiMoJo]

It would seem to exclude open source software from essential web standards though, which is clearly bad. You can't implement a secure rendering path in open source software, can't hide secure decryption keys in it (even commercial BluRay players find that hard).

It's bad enough that we have to deal with Flash.

Re:Not putting in DRM isn't going to eliminate DRM

[andrew3]

Suppose a user sends me a threatening message on some site online. With DRM I can't save it. Suppose I want to save a video so I can play it later (maybe I need to play it offline for my assignment work). Again, if it's DRM'd I can't do that. I don't want my computer to work against me, and I don't think that should be a "standard".

Perhaps the better question is why should DRM be a standard? Why should computers disobey their owners for the sake of corporate greed? Why do media companies pretend that the world will end if DRM isn't added to HTML5?

It might also help to read what media companies have proposed for HTML5 DRM. The BBC wants to be able to take legal action against anyone that bypasses the DRM (even if the user isn't infringing copyright itself).

Re:Not putting in DRM isn't going to eliminate DRM

[peppepz]

The same thing could be said for the whole internet. Why put "art" on a separate plane? Everything that you can access on the internet has value. Books, news articles, scientific papers, software applications. Yet the internet has been developed to be open, and it was a success.

People who want closed communication channels can already build them, and the onus is on them to specifiy and maintain them outside the open web.

EME will not give "people that prefer to pay for exclusive non-corporate art a standard way to get that", because it doesn't specify a real encryption method. It's just a standard hook allowing portions of web pages to be decrypted by non-standard binary plugins. In fact, besides Google and Apple, it's being proposed by Adobe. They don't want us to get rid of flash, they want, respectively, one more reason to put "works only with Chrome" banners, a way to put the lockdown of flash into iPhones without having to implement the whole plugin, and a way to keep selling binary plugins without having the burden of having to maintain a presentation layer that with the advent of HTML5 has become less attractive.

Re:Not putting in DRM isn't going to eliminate DRM

[peppepz]

There is no standardization of DRM going on. What is being standardized is just a plugin scheme, like the one allowing Flash to be embedded inside web browsers. Once hackers crack, say, Google's "SecurChrome browser", sites will be able switch to Adobe's "Bolt plugin" or Apple's "iLockedDown platform", or just require customers to upgrade to "SecurChrome 2.1 SP3" which will be using a new encryption method or will implement a new kind of surveillance.

Re:Not putting in DRM isn't going to eliminate DRM

So "the last thing" we want is to let poor people have access to culture and education?? Even if it does not cost anyone a penny to just give it away since they were not going buy it anyways? Yes, lock them in cages and set up overseers with whips to make the lazy bastards work! And we can only pay them to enough to make the ends meet.

Re:Not putting in DRM isn't going to eliminate DRM

[peppepz]

Encryption standards are being specifically excluded by the EME proposers because they're not in their interest. It's not a first step, it's a final one. Read for yourself W3C's plublic html mailing list archives to hear directly from the protagonists who wants to do what.

Re:Not putting in DRM isn't going to eliminate DRM

[Pi1grim]

Because DRM shall be cracked. Deal with it. So it will not stop the pirates. But it will annoy the consumers. I don't want to help corporations come up with better ways of infridging on my rights to backup, store or copy (for fair use ends) the information, that I legally obtained. I don't want crappy spyware being a standart and implemented in every browser. What I do want, though, is to be able to view/play/listen to the art that I legally obtained, give it to my children and not depend on some vendor, that I bought it from to not go out of business rendering my collection of art useless and nothing but a bunch of random bytes, as I would be unable to crack the DRM legally in US.
Wallmart music store buyers learned the lesson. Others will soon enough.

Re:Not putting in DRM isn't going to eliminate DRM

[hairyfeet]

Because you will have no choice but to ban Linux or lock it down? Frankly I've been predicting this one for a couple of years, its why both Apple and MSFT were quick to jump on H.26X over WebM or Theora because they both know the future is locked down media that the masses want and FOSS by its very design isn't DRM friendly.

But the reason why it can't work on Linux without some sort of code signing and/or hardware based enforcement is actually rather simple, for DRM to work it has to have some way to trust the system is enforcing its rules. with Apple and MSFT the kernel can't be altered by the user therefor the DRM can see that the kernel isn't altered and "trust" it for lack of a better term. With FOSS you can recompile any part of the system to "lie" to the DRM and say "Sure its going straight to the screen, no worries" while in actuality the "screen" is really a file. This again was by design as RMS made the GPL to be USER not developer friendly, if the developers like it fine and if not tough shit because ultimately with FOSS the user has the most rights.

So while I can see why many are getting their panties in a twist as this will make media content pretty much limited to the big three (I predict Google will lock down Android so they can play the content, Google has been very careful to only allow GPL V2 which has the TiVo loophole) I hate to say this but...you deserve it. I'm sorry but you do, when the public made Apple the biggest corp on the planet while they had some of the most user unfriendly policies you said to the corps "Hey we'll put up with anything that is hip and shiny" and now they are just giving you what you voted for with your dollars. See how MSFT has become a bad Apple clone, everyone is tripping over themselves to crank out iPad ripoffs, hell even Canonical has gotten in on the game with UbuntuPhone.

So while I wish it wasn't so, I personally screamed bloody murder at H.264 replacing Flash instead of an open codec like Theora or WebM honestly? its too late, you are wasting your breath, the masses have spoken and the future is gonna be glorified game consoles. The corps will decide what you can do and when you can do it and the masses will slurp it up because it means they never have to think or care about what they run and whether it has a viruses because mommy corp will take care of things for you. Frankly the future is REALLY gonna suck guys, the web that was free and open is gonna go the way of Gopher and BBS and in its place? A giant home shopping network. Man its fucking depressing but when people are willing to hand over billions to those that are control freaks like Apple...what do you expect?

Re:Not putting in DRM isn't going to eliminate DRM

[andrew3]

I just want to control my computer

that has nothing to do with DRM... learn a programming language

DRM is a system designed to prevent users from controlling their computer. DRM has everything to do with control.

there's nothing stopping people from using or downloading DRM-protected content... if you do it legally

Actually, there is. You must (a) run their software to do it (technical restriction), and (b) agree to a contract (legal restriction). "Use" is essentially defined by whoever wrote the software. The content is crippled so only one or a few programs can run it. And you can download a DRM'd file, but that would be useless on its own. The system that plays it could easily refuse to play it.

if you have a problem with that, it's pretty obvious that your preference is to download content illegally

No I don't. And you should also remember that fair use and fair dealing are legitimate uses of content which DRM inherently prevents.

I wouldn't create a program and not release the binary without the source code

that would be your choice, not the user's

Sure, but I think users should choose to only use free (-as in freedom) software.

the programmer/artist/musician/tv studio should have the choice whether to release their intellectual property freely or not...

I think I should be able to control my computer. I don't think a media company should be able to command my computer.

By "intellectual property" I would assume you are talking about a potentially copyrighted work, since "IP" is an umbrella for lots of other laws. Keep in mind that public domain works can be crippled with DRM as well, not just "IP".

Re:Not putting in DRM isn't going to eliminate DRM

[sjames]

Fine and dandy, but why should MY computer obey them rather than me? THEY didn't pay for it.

Re:Not putting in DRM isn't going to eliminate DRM

[Loki_666]

Wouldn't that be a wonderful thing? If free copies of cars could be created without cost? Just imagine how much money people would save! They are expensive items. They then could use that money for other things that they want/need.

But if you can replicate cars at no cost, then you could probably replicate just about anything at no cost, and then, that is heading down the road to utopia, where anyone can have just about anything they way for free. Awesome. Of course, there is a danger in such a society as well, that of the Lotus Eaters, but that's a problem for tomorrow. The economics of scarcity still dominate the minds of those who run businesses. They need to realize in the age of the internet and electronic good, they need to change to the economics of unlimited supply, which requires a completely different business model.

Re:Not putting in DRM isn't going to eliminate DRM

[bWareiWare.co.uk]

I am afraid you are confused.
SSL and safely storing bank documents are jobs for encryption and this works very well. Basically you send a lockable chest to your bank but retain the key, they put your documents into it, close the lock, and send it back. Ensuring that only your key can open it. This is absolutely vital to modern society, but isn't a type of DRM.
DRM usually requires encryption, but also something else. The content producers send their content in a locked box and then try and send the key to your computer in a way where the computer can use it open the box and play back the content but you can't use it to open the box and take the content out. This is obviously logically impossible, which is why you are always hearing of DRM schemes being broken just to watch a film (conversely if you could break a modern encryption system you could literally steal all the money in every bank in the world).
So logically you can't actually implement DRM in closed source software, but with sufficient obfuscation you can get close (Intel literally burns some of the key into a special chip on your motherboard which makes finding it extremely hard). If you are open about what you code is and dose, that includes telling people where you hare trying to hide the key, making the game of hide and seek a bit shorter.

Re:Let em do it...

[Dahamma]

Yeah, but counting "the number of sites" using Silverlight or Flash is silly. Netflix is one of those sites, and it's the single largest streaming video, DRM, and bandwidth user on the planet by a huge margin.

If HTML5 adopted a studio-approved DRM solution Netflix (and most other streaming providers) would drop Silverlight and Flash in a heartbeat. There is definitely something to be said for that...

Must *NOT* be stopped.

[Guspaz]

Look, I don't care if YOU don't want to use DRM'd services like Netflix, but some of us DO, and we'd like to be able to use these sorts of services without proprietary plugins like Silverlight dictating what operating systems we can use it on.

I'm a realist. DRM is idiotic and useless, but the people holding the cards are too dumb to realize that. If that means that I have to accept unobtrusive and transparent DRM to view content because of that, so be it. DRM done right doesn't get in the user's way, and a standardized form of DRM will help keep it from getting in the way. This needs to happen.

Re:Must *NOT* be stopped.

[peppepz]

Look, I don't care if YOU don't want to use DRM'd services like Netflix, but some of us DO, and we'd like to be able to use these sorts of services without proprietary plugins like Silverlight dictating what operating systems we can use it on.

Sorry, but it's YOU who want to use DRM'd services who must not drag other people into paying the price of your DRM. And by paying the price I mean the added complexity which I will pay to develop, the computational overhead which I will pay with my energy bill, and above all, the platform lockdown which is necessary to support a minimally meaningful DRM subsystem which I will find in the devices I bought. Define all the standards you want, but don't put them into HTML.

I'm a realist. DRM is idiotic and useless, but the people holding the cards are too dumb to realize that. If that means that I have to accept unobtrusive and transparent DRM to view content because of that, so be it. DRM done right doesn't get in the user's way, and a standardized form of DRM will help keep it from getting in the way. This needs to happen.

Then as a realist you need to know that EME is nothing like that! EME does not specify a single standard, but rather an unified framework allowing binary-only plugins or incompatible binary-only browser implementations dictate what parts of HTML pages you're allowed to save on your PC, depending on who you are, what you're doing and what operating system you're running. In other words, it's just like the Flash plugin without the presentation layer. And unlike Flash, it won't be possible to implement it with open source code.

Re:NO

[Microlith]

No, you'll have 1000 crappy DRM modules running in the background, exposing you to all of their flaws and limiting you to the platforms they support.

This solves no real problems, except to shift them from Flash/Silverlight to an unknown, black-box module.

Re:I'm for it.

[quadrox]

There are many people like you who think that steam is DRM done right. But by the very definition, DRM is always a burden to the legitimate purchaser, and only to him, it can therefore never be done right.

Sure steam works pretty well, but I can tell you it really does not agree with me that valve reserves the right to forbid me access at any time for any reason. Yes I know, valve is not evil (in that particular sense) and won't just disable my account on a whim. But it makes no difference - for all I care Valve could be led by heavenly saints, but when I make a purchase the seller should not have any right at all to hinder me in making use of my purchase. There cannot be any argument about this, it is just wrong.

DRM is evil. By accepting DRM you are making life harder for everyone else, because you show the companies that they can get away with it. This truly is a black and white issue, there can be no neutral stance on it.