Slashdot Mirror
EFF Makes Formal Objection to DRM In HTML5
The Electronic Frontier Foundation (EFF) has filed a formal objection to the inclusion of DRM in HTML5, saying that a draft proposal from the W3C could hurt innovation and block access to people around the world. From their press page: '"This proposal stands apart from all other aspects of HTML standardization: it defines a new 'black box' for the entertainment industry, fenced off from control by the browser and end-user," said EFF International Director Danny O'Brien. "While this plan might soothe Hollywood content providers who are scared of technological evolution, it could also create serious impediments to interoperability and access for all."'
While I understand why they've taken this position, "The Internet" != "WWW". Increasingly content producers are publishing content through app stores because apps provide content creators with a piece of mind that distribution across the DRM free web does not.
We will get to see the result of the grand experiment of publishing content on the web versus through apps. Content follows the money. If there is more money to be generated distributing content over a DRM free web, that's where it will stay. But if there is more money to be made distributing it through locked down apps on locked down platforms - well there's no reason to think that people won't abandon any technology as quickly as they adopt it if the content that they want to view migrates somewhere else.
DRM is not an evolution, it is a forced through solution to keep content FROM evolving.
When you cant win, ad hominem.
Yeah, because the current scheme of using proprietary playback plugins that have their own set of security flaws and performance issues, if they exist at all for your platform of choice, isn't an impediment to interoperability at all.
Hollywood isn't going to go DRM free (yet). DRM as a standard in HTML5 is a better place then where we are today. These things must change over time. See: all the stores now selling DRM free music, which would have never happened if the stores of yesteryear hadn't first gotten the RIAA comfortable with digital distribution, then weaned them off the DRM teat.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
No, he's quite correct. Atleast in the case of movies content providers will never allow their content to be streamed without any sort of a DRM at all, they will flat out deny everyone access if it ever were to come to that. If W3C were to scrap the plans for HTML5 DRM the content providers would simply cling on to proprietary plugins and we'd be no better off than we are already. With the HTML5 DRM we could atleast shed all the excess weight provided by these plugins since only the part that decodes and displays the video would be proprietary, it wouldn't need to carry with it all the other features of these plugins along. And who knows? Maybe smaller proprietary binaries would be easier to reverse-engineer?
DRM as a standard in HTML5 is a better place then where we are today...stores of yesteryear hadn't first gotten the RIAA comfortable with digital distribution, then weaned them off the DRM teat.
I am confident that DRM should not be a standard, and the argument that DRM being dropped will happen because companies will get *comfortable*; They don't they would have you electronically chipped if they could get away with it. The reason why DRM was dropped was because customers simply were not happy with it.
I prefer if HTML includes provisions to allow optional cross-platform DRM instead of having to rely on plugins/stores/apps.
That would be fine if that was being proposed. However, what is being proposed is that HTML have a tag that calls something that will have to be written for each platform (and thus will only be written for those platforms the content producers consider worth their while to support) in order to decrypt video that is sent with DRM. Of course that thing that is called by the tag (it is no longer called a plugin, but it looks just like one except that it is called from a different place in the code) will be different for every content provider (unless we are lucky and they all decide to use a third party DRM module. Which is unlikely, since most of the content providers are likely to write their own DRM module which they will try to sell to everyone else).
The truth is that all men having power ought to be mistrusted. James Madison
I don't want to be slave of plugins.
I don't want to be slave of browsers.
I don't want anymore to be slave of ECOSYSTEMS making me have three or four platforms just to be able to access content.
I prefer if HTML includes provisions to allow optional cross-platform DRM instead of having to rely on plugins/stores/apps.
This proposal doesn't free you from plugins, or provide 'cross-platform DRM'. It just renames 'plugins' to 'content decryption modules' and provides absolutely no requirement as to how cross platform they are or aren't(indeed, they explicitly state 'CDM may use or defer to platform capabilities' and may handle all steps from decryption to actually drawing on the display).
This standard doesn't standardize the DRM, it just standardizes the interface for interacting with the DRM module...
The 'Content Decryption Module' itself is not part of the standard, and there are no requirements as to it being cross platform, consistent, transferable, or anything else except that it provide a few javascript interfaces to twiddle. That's it.
It's "Standardized" in the sense that Silverlight, Flash, and Java are "standardized" because they can all be embedded with the 'object' tag...
That sounds like replacing one plugin interface for another one.
As you say, nothing says content provider can't use DRM to stream movies, EFF are simply arguing that DRM should have no place in a standard.
I personally have no problem with that. Open standards should be about ensuring as wide a interoperability as possible and DRM goes directly against that.
The other thing to note is that the DRM being talked about is not a DRM implementation, it's a common interface for DRM plugins, so we still have lots of different proprietary DRM plugins and we will still be no better off than we are now..
These comments are my personal opinions and do not necessarily reflect the opinions of the other voices in my head.
No, they would just stick with what we have today.
HTML5 DRM cannot be implemented by any FOSS. If the blob returns video directly instead of writing to some DRM path like windows has it would be useless.
So this adds nothing, netflix would still be limited to close source operating systems.
Sure there is, the decryption module can only output to some sort of content protected path. Otherwise recording its output would be trivial.
That sounds like replacing one plugin interface for another one.
It is, yes, but with e.g. Flash or Silverlight you get a large, fat binary that's supposed to do quite a lot of things -- animations, window handling, 3D, network protocols and so on -- and that means a lot of used system resources and a larger surface for malicious attacks. A DRM-module, on the other hand, doesn't need to worry about 3D-rendering, window handling, vector graphics or anything such, it only needs to decrypt the data and verify that the surface it's given is acceptable to it. It all comes down to hopefully less resources consumed, higher stability and a lesser surface area for malicious attackers to latch on to. It just seems like a positive step to me, even if it is a small one.
Think about what it takes to do that last part. These cannot be trivial programs. They will have to be essentially the same as those terrible video game DRMs that will not run if you have a debugger installed or if you use third party software to mount ISOs.
If W3C were to scrap the plans for HTML5 DRM the content providers would simply cling on to proprietary plugins and we'd be no better off than we are already.
So what? You act as though the internet needs Big Media to survive, when in fact it is the other way around. If Big Media feels the need to develop and maintain proprietary plugins in order to provide their content, fine with me - it's an added cost to them for no bother to me. Their business model is not viable, and it is now our job to keep it afloat? Why is that exactly? What is it the Big Media corporations provide that is so very unique that we're willing to protect it to this degree?
... whatever
I disagree, what this will lead to very quickly will be videos only playing on UEFI secure boot machines running only closed operating systems. Once that happens the banks and online stores will want similar stuff. The road to hell is paved with good intentions.
You do realize that Flash DRM is a joke right?
It requires hardware support. That is why it does not run on non-chromebook ChromeOS installations. It does not run on x86 chromebooks last i checked either. That means this is harder to port not easier.
Rubbish. If the movie industries continue to not provide access because of no-DRM then they'll continue to suffer piracy and have physical media and cinema as their only distribution methods instead. Even the music industry eventually figure this out - that DRM was doing more harm than good.
We don't need DRM, we don't want DRM and if we avoid it and they refuse to publish their content then so be it, someone else will gladly come and take their place because there are many other film studios across the globe other than Hollywood that will gladly rake in $10million instead of the $0million Hollywood opts for because it decided not to publish at all unless it could have $100million.
DRM is about pushing the rental model and preventing ownership of things you've bought. If I pay for a film I want to be able to keep it and watch it when and where I want, not when and where the music industry says I can.
You're a fool for playing into their trap and pretending there is any kind of validity to their arguments. There's still no firm evidence that piracy even hurts them so to suggest it's a pragmatic necessity is utterly stupid.
It's a nice symbolic gesture, but symbolic is all it is. The major studios will never allow streaming services live Netflix to stream their content without DRM, so whether it's built into HTML5 or not, DRM *will* be added. They'll just do it with a 3rd party app. It's either that or kiss any mainstream content goodbye.
It was a nice symbolic guesture of Amazon to offer DRM free MP3s, but the RIAA and Apple will never allow their content to be available DRM free and Amazon will have nothing to sell... oh wait.
I see a lot of cowards in this thread and it surprises me. Do the smart thing and say, "No". Which entertainment group recently suggested they should be able to remotely disable your machine for suspected piracy. I forget... had something to do with media... movies maybe...
But you know, let's give them a standard "plugin" interface. Instead of "bloated Flash" I hope you all enjoy the 50 separate implementations of DRM you get, with variable stability and attack vectors.
Wait, because you trust the DRM module designers and developers to do just that? This is the kind of industry that thought it just fine to install a rootkit to stop you from illegally playing music CDs. You're trading a single module, Flash, for potentially many modules from different companies, all of which will be even sloppier than Flash (which is quite a feat, but one I'm sure the media cartels will manage).
And they achieved this without DRM as a part of the standards.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
My concern is that we are making it harder for browser makers for no real benefit. Browser makers had to make a plugin API to accomodate for java applets first, then flash and silverlight. Now they will ALSO have to make that DRM API for the CDM, and the CDM is going to be a fullblown program, running as administrator. How are you going to sand box that?
You won't. The CDM will only be installed in closed down devices like tivos and chromebooks, yet the DRM API will need to be implemented and tested for any platform the browser supports. It's stupid to demand everybody to work extra to support an API that it's only going to be useful in unstandard, proprietary systems.
It's not only stupid, it's an asshole move, hollywood simply is asking browser vendors to bend over backwards for the privilege of helping them avoid work.
What's wrong with you people? How many times do you have to lose your entire music, e-book, or game collection, have your systems root kitted, and even be accused of piracy and shaken down, before you'll refuse to ever knowingly consent to this invasive DRM again? DRM has no value whatsoever. No, there aren't any good uses for DRM. The few examples of "good DRM" I've heard are not DRM, they're just straight encryption, cryptographically secure authentication, digital signing, and the like. DRM is a bad idea that, like some damned zombie, keeps on coming back for another sequel. DRM is an offense to our rights and freedoms, a denial of reality, and an unnatural and harmful restriction upon society. It's mental indoctrination and slavery. That so many people are half convinced that maybe DRM isn't so bad, or though evil is a necessary evil, is disturbing, as it should also be seen for the insult to our intelligence that it is. DRM will never be a complete success unless they can install devices in our very brains to force us to forget that movie we saw last month or that song we heard last year. Should we also standardize a protocol for a DRM/human brain interface while we're thinking about letting it into HTML5?
Trusted Computing will never arrive as long as these special interests keep trying to twist it against us, make it into Treacherous Computing. They're still trying to give us bull about how it's actually for us because it's for our own good and the good of society, hoping we're stupid enough to accept this bad logic.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
This is being done at the behest of the Entertainment Industry. What happens with the next industry that wants something added to a standard? Where does it end? I have no problem with Netflix, or some other entity, saying that "if you want to use our fee-based service you must use this." But I don't want these add-ons polluting a standard. This is what we have plug-ins for. If you don't like the plug-in, don't use it and don't bitch about not getting a fee-based service.
This is great work by EFF.
But I get the feeling that if Stallman hadn't kicked up such a stink about this, other organisations wouldn't be jumping in to help now.
If EFF's objection is successful, some people will look back afterward and say that RMS's petition and public denouncements achieved nothing and only the later campaigns by others were useful, but they'll be missing the point that RMS is the one that whips those other groups out of inaction. He knows he usually can't win battles on his own, and he knows how to highlight a cause and set an example so that he isn't left on his own.
So thanks, EFF, and thanks, Richard.
Expert in software patents or patent law? Contribute to the ESP wiki!