Tim Berners-Lee, W3C Approve Work On DRM For HTML 5.1

An anonymous reader writes "Danny O'Brien from the EFF has a weblog post about how the Encrypted Media Extension (EME) proposal will continue to be part of HTML Work Group's bailiwick and may make it into a future HTML revision." From O'Brien's post: "A Web where you cannot cut and paste text; where your browser can't 'Save As...' an image; where the 'allowed' uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively 'View Source' on some sites, is a very different Web from the one we have today. It's a Web where user agents—browsers—must navigate a nest of enforced duties every time they visit a page. It's a place where the next Tim Berners-Lee or Mozilla, if they were building a new browser from scratch, couldn't just look up the details of all the 'Web' technologies. They'd have to negotiate and sign compliance agreements with a raft of DRM providers just to be fully standards-compliant and interoperable."

Open source browsers?

[ZorinLynx]

How does this affect open source browsers like Firefox? If something is open source you surely can't enforce any sort of DRM restrictions; someone can just build a hacked version of the browser.

Is this possibly the beginning of the end for open source browsers?

Why in the hell are they even THINKING of approving this bullshit?

Re:Open source browsers?

[Jeremiah+Cornelius]

Maybe approving something doom to fail, is a way to get it off your agenda, and cease endless persistent lobbying by media companies.
"Yes. Why don't you start work on the perpetual motion machine - here we've provided you a framework."

Or maybe Tim Berners-Lee is Hitler.

Re:Open source browsers?

[ZorinLynx]

Why does this need to be made part of HTML, though? The existing plugin infrastructure works just fine. You can implement whatever the fuck you want in a plugin. Just use that and leave HTML alone. Things are complicated enough already without introducing new artificial complexity that is purposely designed to break things.

(All DRM is purposely designed to break content. It provides absolutely no benefit to the user)

Re:Open source browsers?

[non0score]

If it's so laughable, then isn't it better to just have it? So instead of a world where content owners won't publish jack on HTML5 (you read that right, content owners of the content you're willing to pay for will never publish on HTML5 unless they have some sort of DRM), you get a world where content owners would and you can somehow mine the keys. I don't see how this is any worse.

Re:Open source browsers?

[MightyYar]

I don't really care whether they publish or not - if there is one thing the internet does not lack it is content.

Re:Open source browsers?

[fustakrakich]

...content owners of the content you're willing to pay for will never publish on HTML5 unless they have some sort of DRM

Who cares? Fuck 'em. There are plenty of people who will publish without all that crap, and we can just stick with them. Besides, DRM is easy to crack, a snake oil sold by scammers. I have no sympathy for those stupid enough to buy it.

Re:Open source browsers?

[Twylite]

Indeed. Encrypted Media Extensions, W3C First Public Working Draft 10 May 2013:

This proposal extends HTMLMediaElement providing APIs to control playback of protected content.

The API supports use cases ranging from simple clear key decryption to high value video (given an appropriate user agent implementation). License/key exchange is controlled by the application, facilitating the development of robust playback applications supporting a range of content decryption and protection technologies.

This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems. Implementation of Digital Rights Management is not required for compliance with this specification: only the simple clear key system is required to be implemented as a common baseline.

That rationale (as I've heard it explained) is that media (video/audio) content distributors are going to implement DRM, so the Hobson's choice is between giving them a standard interface (HTML EME) or having every distributor create their own proprietary media player (probably platform-specific with embedded rootkit).

If you believe that all media should be gratis, or you believe that all media should be open and consumers should be trusted to pay for non-gratis media absent any technological protection, then you will view EME as a bad thing.

If you believe that Copyright should be able to exist on media and that authors and/or distributors should be able to charge for the video/audio, and you believe that technological protection measures may have some impact to reduce non-paid use of such media, and you believe that it is in the interest of consumers to have standards for these sort of things, then you may view EME as a good thing.

Re:Open source browsers?

[ralphaostrander]

I want an internet for me not them, If they dont like it here dont come. live by the open rules or stay home. I am happy with that. The net was here and was better before it became a giant for sale god damn sign.

Re:Open source browsers?

Then why do I keep ending up here on Slashdot out of boredom?

Re:Open source browsers?

[jedidiah]

This is the exact opposite of "getting rid of Flash".

Re:Open source browsers?

[Kielistic]

No. Once their foot is in the door they will start demanding signed binary for browsers since anything else is useless to their wants.

Re:Open source browsers?

[lgw]

The reason to care is that they will publish, just not using HTML5, making yet another "if only people followed it" web standard.

I swear, every time DRM gets mentioned in HTML5 it's like IE6 never happened! Do we have to repeat that sad mistake? The point of a standard is to describe a specific way to do what everyone is going to do anyway. A standard that petulantly refuses to describe what the big players are doing anyway is worse than useless. The W3C finally learned this lesson, but apparently /. has a shorter memory.

Re:Open source browsers?

[NickFortune]

If it's so laughable, then isn't it better to just have it?

Well, the security aspects are laughable. The potential legal follow ons are not. For instance, the next logical step is to insist on digitally signed browsers and declare non-complying browsers illegal as "circumvention tools" under the DMCA or somesuch. You might not be able to detect hack browsers, but you could sure as hell sue anyone distributing binaries or patches. You might have a hard time claiming non-infringing uses as well.

That would pretty much make any new browser impossible to distribute, and potentially puts enough regulatory red-tape on people like mozilla that they'd have difficulty continuing in their current open source form.

Then there's the possibility to pressure ISPs to only allow encrypted content (call it an anti-terrorism measure - that works for most things) and eventually to start chaging for access on a per web-page basis for all content.

From the point of view of some media and content cartels, that's a very desirable outcome. The genie would be back in the bottle.

On the other hand, if we don't have EME then the problems don't arise, so on balance I'd say better not to have it.

So instead of a world where content owners won't publish jack on HTML5

I don't see why that's a problem. There are DRM formats that work with PDFs so it's not as if your content dudes can't publish under DRM. They just can't try and make it apply to the whole web. Nothing of value is being lost here.

you get a world where content owners would and you can somehow mine the keys

Mine the keys illegally I think you mean. Possibly with disproportionate penalties as used by the recording industry in their anti p2p lawsuits.

Let's just not go there. Less effort + less risk == Win

Re:Open source browsers?

[calzones]

Some of us simply believe that if someone is going to try to impose DRM on us that it should be an inconvenient onus on them and the consuming public to do so. A fragmented non-API solution would mean that content providers choosing to implement DRM would face greater costs and suppressed demand due to the extra hurdles imposed by DRM.
If both any given content provider AND their audience agreed it was worthwhile to install Flash or Silverlight in order to view the content, then that's what they would do.
On the flip side, any content providers that attempt to impose DRM on an audience unwilling to install Flash or Silverlight would find their subscriber base evaporating, forcing them to release the content without DRM and find a different way to earn money. Once it's standardized and part of the browser, any moron on the web will suddenly feel like they can and should protect their content and all users will be forced to comply or stay out of the web.
Bottom line: DRM as a hassle means the onus is on content providers to provide users with a suitable value proposition and it leaves greedy or misguided or trend-following content providers who cannot meet that standard out of the web (or else on the web, but free). DRM as an integrated seamless solution flips that around and leaves consumers who seek free content out of the web.

Re:Open source browsers?

[Arker]

"If you believe that Copyright should be able to exist on media and that authors and/or distributors should be able to charge for the video/audio, and you believe that technological protection measures may have some impact to reduce non-paid use of such media, and you believe that it is in the interest of consumers to have standards for these sort of things, then you may view EME as a good thing."

Sorry that's a horrible strawman. Lots of people believe in copyright without condoning DRM in any way shape or form.

Re:Open source browsers?

[wile_e8]

Except this change still doesn't describe what the big players are doing. All it does is standardize a call to DRM binaries without any standardization of what those binaries do. It in no way describes what the big players are doing in these binaries, meaning we are still going to be left downloading closed proprietary plugins that are only available for supported platforms. Since one of the main goals of HTML5 was to get rid of the plugin mess that was necessary to play media on the web, this is a backwards step that solves nothing.

The right to read

[hazah]

http://www.gnu.org/philosophy/right-to-read.html

So fucking sad

Say it ain't so!

[mark6509]

Please tell me that Tim Berners-Lee is only declaring it as in-scope so that it doesn't get worked on by some other group, so it can be killed as it should be.

Re:Good luck with that

[Guspaz]

Huh? EME is already supported in the shipping versions of Chrome and IE, with Safari coming soon, and is already in use in the real world by Netflix to deliver video to users of IE and ChromeOS. Firefox is the only major browser to have not implemented or begun implementing support for it, and with every other major browser supporting it, all that will accomplish is to marginalize Firefox amongst the average user. To them, the problem will be manifested as "Netflix doesn't work in Firefox".

Re:Kind of was expecting this

[wagnerrp]

If you allow web sites to require DRM, the web is no longer open. That's all there is to it. If you browsers must protect content, then browsers must be certified and signed before they can access the content. Had your desire to prevent the theft of your hard work guided the original protocols of the internet, it never would have become the important communications resource it is today.

Re:Missing the big picture

[jedidiah]

> and the point of this is to increase interoperability.

This does squat for increasing interoperability. It doesn't really change much of anything actually. The real problem is that it demonstrates a fundemental philosophical shift on the part of those entrusted with looking after web standards.

The web is no longer an open medium designed to be usable by anyone with any browser.

No, it's just another content consumption medium now. It's just cable TV.

The old status quo was fine. The corner case of media consumption was isolated while still being accommodated.

There was simply no need to "swim in the kool-aid" here.

This will not make Netflix any more accessible to Linux and will likely only make more of the web INaccessable to Linux and other alternative and non-corporate players.

Re:Missing the big picture

[serviscope_minor]

That sounds good to me.

That's because you misunderstand the proposed standard.

The standard is a standardised API to an external encryption plugin. All this means is that it is marginally easier to communicate with the plugin, though clearly it isn't much of a problem at the moment with flash anyhow.

It will still require a binary plugin to actually do the decryption, just like flash.

How many of your devices have flash?

Do you think $RANDOM_EME_PLUGIN will work on your Windows PC (of course!). Your Windows phone (uh...?) your Mac (perhaps...) your older Mac (probably not) your brand new Andriod phone (could do), your older Android phone (doubtful), your Atom android phone (really unlikely), your Blackberry (ha!), iOS devices (crapshoot), your TV with a built in web browser (not a damn chance).

If you think "just like the bad old days where you had to worry about who Adobe was supporting today with flash except now any monkey thinks they can make a binary DRM plugin because it's standard" sounds like a good thing, then you have a very different definition of "good thing" to me.

Re:Missing the big picture

[mark6509]

I can see your argument, but on the other hand I look at the example set by digital audio. The same balkanization occurred there, until finally things got so bad that finally the media caved to pressure and now I can finally buy legal audio in formats that really are interoperable. There were several lousy years where I basically gave up buying new music while the industry figured out that the reason I wasn't buying what they were selling was because DRM didn't work for me.

So there is precedent that delaying adoption of really interoperable DRM has resulted in better media access in the end. On the other hand, I can't think of any precedent saying that having relatively painless DRM has resulted in better media access. Of course it's possible, but I think precedent weighs against you.

On the other hand, maybe you're right and the battle is already lost; with digital audio it was really Apple's closed distribution model that finally broke the camel's back-- there was no way for anybody except Apple to encrypt music for iPods, and music encrypted for iPods wouldn't work anywhere else. Nobody was able to put together a deal that would bridge that gap, and although Apple's market share was significant it wasn't big enough to standardize the entire market on, and consumers knew that they would be screwed one way or another if they opted for any of the then-available DRM flavors, so enough of them stayed out of the market that eventually the markets were forced to open up. With digital video, that hasn't happened. All of the major media playback manufacturers support the same DRM flavors, so most of the market can be served with relatively little pain.

On the third hand (ha ha), while I have started buying music, I've stopped buying videos. I bought a lot of DVDs after CSS was cracked so I could actually play them on my other devices; it was essentially an interoperable format in practice if not in law. I stopped when Blu-Ray came out because DVDs became second-class citizens, but Blu-Ray was too locked down. Streaming rentals work for me because the DRM only has to work once, but I'll never actually trust that streaming companies will still be there, supporting "my" content years from now after they've made their buck today.

So I still think that there's an effectual struggle to be made, that there's a chance that big media can be convinced to accept open standards. I'm not super optimistic, but I think it's possible, and so I'd oppose any attempt to make DRM more seamless and interoperable for the masses (easy for me to say, since they never seem to interoperate with MY devices anyway. Hazards of running Linux I guess).

MOD PARENT UP

[Tailhook]

Signed binaries running from a signed kernel, booted on UEFI Secure Boot hardware you can't legally compromise.

Alan Cox explained this 12 years ago.

That is the dream these people have.

Re:MOD PARENT UP

[hairyfeet]

Sounds just like Chromebooks to me, the only difference is IF you put in a page and a half of CLI gobbledygook that most can't pull off then and ONLY then can you take what was once a standard X86 laptop and install one of a handful of hacked bootloader Linux versions. Oh and no dual booting for you citizen, can't have that!

It just amazes the hell out of me that one company can cook up something nasty, like turning an X86 laptop into a locked down corp controlled thin client and get cheers and when another company does the exact same thing get treated as a monster. Would the ones that cheered the Chromebook have had the same reaction to a Winbook? Kinda doubt it.

As for TFA this is precisely why we must fight tooth and nail not to take HTML V5 in its current form, as its practically a love letter to the big corps who would like nothing more for the future to be similar to Chromebooks, locked down devices that access apps and content "stored in the cloud" that can only be viewed or used with approval.