Free Software Foundation Challenges Tim Berners-Lee On DRM

Slashdot reader Atticus Rex writes: On Monday, W3C (World Wide Web Consortium) director Tim Berners-Lee released a post defending his decision to allow Netflix, Microsoft, Apple and Google to enshrine DRM in Web standards, arguing that blocking it would be pointless. Zak Rogoff, FSF campaigns manager, writes in the response:

"As Director of the W3C (World Wide Web Consortium), Berners-Lee has the ability to block [the DRM proposal] from ratification as an official Web standard... Of course, a refusal to ratify could not immediately stop the use of DRM, but it could meaningfully weaken the position of DRM in the court of public opinion, and put EME proponents Netflix, Microsoft, Apple, and Google on notice that a very prominent figure was willing to stand up to them on behalf of users. Changes in society's technological infrastructure require political movements, not just technological arguments, and political movements benefit greatly from the support of prominent figures."
Berners-Lee takes the position that "The web has to be universal, to function at all. It has to be capable of holding crazy ideas of the moment, but also the well polished ideas of the century. It must be able to handle any language and culture. It must be able to include information of all types, and media of many genres. Included in that universality is that it must be able to support free stuff and for-pay stuff, as they are all part of this world.

"This means that it is good for the web to be able to include movies, and so for that, it is better for HTML5 to have EME than to not have it."

"universal"

[klingens]

"The web has to be universal, to function at all. "
As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

"but also the well polished ideas of the century."
Something with DRM is always never an idea of the century cause it will never last a century before it's not possible to consume that idea anymore: it is locked away with DRM, illegal to decrypt.

Re:"universal"

[beelsebob]

As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

Which is rather the point. By including DRM in the standard, you allow everyone to implement the exact same thing, and make it universally available on all devices.

By not including DRM, you would cause all the companies that wanted it to go away and implement it in some weird, proprietary way, that only works on the biggest platforms.

You get support for more devices by putting it in the standard, not fewer.

Re:"universal"

[Fringe]

I admire your passion, but the world of media doesn't work that way. If the content distributors (Netflix, Amazon, HBO GO/NOW and the also-rans) weren't able to use standardized DRM, they would use... and standardize... on a non-standard platform. One that, being non-standard, would probably be very closed-source and proprietary. And consumers would flock to it Resulting in a huge, unverified surface for exploits and attacks.

This has happened before. Remember Flash?

Channel George Santayana.

Re:"universal"

[Anonymous+Brave+Guy]

DRM protected digital content should be considered as rented or licensed for a short period anyway, not bought like a book or a record is. It's the video rental or amusement park model and the prices should reflect that, which they don't always do.

That is all fair. The other side, though, is that if someone is essentially offering some sort of rental model, maybe with access to a large library of content for a specific period at a price far lower than buying a permanent copy of each of the relevant works accessed during that period, then there needs to be some system so customers can't just blatantly take advantage.

It seems doubtful that the likes of Netflix and Spotify would get deals to provide mainstream content to their subscribers if they were then allowing those subscribers to download and keep as many movies/shows/songs they wanted to in return for buying whatever the shortest subscription is.

Some of these alternative models have proved to be popular precisely because they are beneficial for enough customers, just like the video rental stores of yesteryear, so it isn't necessarily helpful to ban the kinds of technologies that make them viable in the real world and insist that unprotected, permanent copies are the only way that creative works can be offered.

Re:"universal"

[Anonymous+Brave+Guy]

Similar to how nature abhors a vacuum, the net (and largely, information in general) interprets censorship as damage and routes around it.

Seriously, is this the cliche of the month club and I missed the memo?

No, the Internet does not interpret censorship as anything. The Internet is not alive, and the actions taken to distribute works illegally are ultimately taken by people.

Also, comparing measures to prevent infringement of copyright, which is merely against laws that are widely applicable throughout the world, with the sometimes very real problems of actual censorship is just a propaganda move designed to attract an emotional response that is not otherwise justified.

You're just repeating industry shill "the sky is falling" garbage.

Someone who has a different point of view to you is not necessarily a shill. And if there really isn't a problem if we stop creating and distributing new works, why is the vast majority of piracy ripping those new works, instead of just sharing the "orders of magnitude more media than any human could possibly watch" that we already have? Apparently most pirates disagree with you about which work is more valuable.

There is no money to be made in trying to scare pirates straight. There IS money in providing a convenient service, and DRM never adds convenience.

It would be lovely if that were true, but I have been following this issue for a long time, and the evidence so far seems to say otherwise. How would you run a service like Netflix, which obviously a great many people find more convenient than other models for watching movies and TV shows, without DRM or some other system with a similar effect? You're trying to separate DRM from what makes a useful service and treat the two separately, but they aren't independent issues.

Re:"universal"

[squiggleslash]

By including DRM in the standard, you allow everyone to implement the exact same thing...

That's possible anyway.

and make it universally available on all devices

...that doesn't follow from the first part of your sentence. It would follow if what you'd written was by standardizing DRM you allow everyone to implement the exact same thing, but as your wording correctly implies, all that was standardized was the method by which DRM is referred to in HTML5, not the DRM itself.

Had the W3C not punted on the DRM scheme itself, Berners-Lee's comments would have been legitimate if not what we necessarily wanted. But in failing to standardize DRM, they basically created another <OBJECT> tag - something that's inherently platform and vendor specific, and will never be anything but.

Re:"universal"

[king+neckbeard]

No, the Internet does not interpret censorship as anything. The Internet is not alive, and the actions taken to distribute works illegally are ultimately taken by people.

And nature can't actually abhor anything, since it's an abstract concept. But the anthropomorphic metaphor is a succinct way of describing a phenomena, so welcome to 8th grade English class. Any DRM of static media will be broken, given sufficient time and attention, and once broken, the static media can be distributed throughout the internet unimpeded. Some MS researchers basically repeated that in a paper and nearly got fired.

Also, comparing measures to prevent infringement of copyright, which is merely against laws that are widely applicable throughout the world, with the sometimes very real problems of actual censorship is just a propaganda move designed to attract an emotional response that is not otherwise justified.

Technology is amoral, and if you think of it as anything else, you are delusional. It's not about who is good, who is bad, and what is equivalent, but about the inherent logistics of trying to control the dissemination of information. The pro-dissemination side has an inherent long-term advantage even when the anti-dissemination side has vastly greater resources, whether it's Chinese dissidents, terrorists, child pornographers, bored hackers, or pirates.

Re:"universal"

[king+neckbeard]

Far fewer works were created, and they were far less widely distributed, in that time.

Yeah, and that's TOTALLY because of copyright and has NOTHING to do with hundreds of millions of connected super-presses in people's homes, or that the population is more educated, with a far smaller portion of the people engaged in primary food production or strenuous manual labor.

The whole point of introducing intellectual property is to apply Smith-style free market economics

Smith was anti-monopoly, so calling legal monopolies his style is pretty ridiculous. Copyright was making lemonade out of a corrupt system of press control, censorship, and church/state backed propaganda. This lemonade was at the behest of the publishers guild, who didn't want their money train to end.

Re:"universal"

[JohnFen]

Which is rather the point. By including DRM in the standard, you allow everyone to implement the exact same thing, and make it universally available on all devices.

But the DRM system that is described in the standard does not even come close to accomplishing this. The DRM plugins are still proprietary and platform-specific. All the standard does is describe the plugin mechanism itself.

DRM and Netflix

[Kohath]

Does anyone seriously think Netflix could ever operate without DRM? No DRM, no Netflix or services like it.

Re:DRM and Netflix

[AnotherBlackHat]

The question isn't "Do we want Netflix and services like it?"
The question is "Do we want Netflix and services like it in our web browsers?"

Re:DRM and Netflix

[lgw]

The answer is "yes". Just ask anyone who's not an obsessed nerd.

Since Netflix is obviously going to happen in browsers, whatever obsessed nerds think about that, better to have some sort of standard for that, some hope of getting Netflix on Linux, than not.

I know some people actually believe that somehow, if we didn't have DRM standards, streaming content would magically be DRM-free. Those people have a lot to learn about the world we live in.

Re:DRM and Netflix

[DontBeAMoran]

Anyone who's not a nerd watches Netflix on their smartphone, tablet, set-top box or game console.

Re:DRM and Netflix

[king+neckbeard]

It's about the power dynamics. Free-flowing information is the norm on the internet, and unless browsers enable such support, pirates will keep DRM in check because everything gets broken. Surrendering to the media companies isn't tactically sound, because the math is on our side.

Re:DRM and Netflix

[dissy]

The question is "Do we want Netflix and services like it in our web browsers?"

Yes

If you personally do not want Netflix and their DRM, that is perfectly fine, just simply stop going there and using them.

But please stop trying your hardest to take Netflix away from me.

Re:DRM and Netflix

[TheRaven64]

So you are seriously saying Netflix could operate without DRM?

Yes. Netflix DRM does absolutely nothing to decrease piracy. If Netflix provided plain .mp4 downloads (perhaps rate limited to prevent people from trying to download their entire catalogue) then their service would still work. I'd actually subscribe to them (I don't now), because I'd be able to watch their content on the FreeBSD media centre box connected to my projector.

Why doesn't someone operate a service like Netflix with no DRM then?

Because the studios won't license their content to Netflix without DRM (they also wouldn't let iPlayer stream films without at least a token attempt at DRM, even though it was trivial to break). They have failed to learn the lesson of the music industry and are still buying the argument that it decreases piracy as a cover for allowing companies like Netflix to control their channel. Netflix licenses their DRM to a load of set-top-box makers and so on, meaning that there are a huge number of devices that can watch Netflix content. That's a big barrier to entry for a new startup to overcome. If the studios would license their content for DRM-free download, you'd see a load of Netflix competitors spring into being.

Unpopular here, but I'm with Berners-Lee. DRM exis

[raymorris]

I know this opinion will probably be unpopular here on Slashdot, but 20 years of developing web standards and web technologies tells me Berners-Lee is right on this one, from a standards perspective. Our choice, realistically, for some content is between standardized, compatible, cross-platform DRM, or non-standard, incompatible DRM that requires Internet Explorer on Windows with Java or Flash. This isn't about what we think people *should* do, it's about what they *actually* do.

From the 1990s through to today, some publishers have found a need for DRM of one form or another, and over and over again they've asked me to help deploy it. I explain that DRM generally doesn't work and can't work. They then buy some DRM solution based on ActiveX, or Flash, or Java, or whatever is popular at the moment, and I can't see their content on my Linux desktop. The story repeats over and over. How many years could Linux users not access Netflix?

The fact is, companies will implement DRM. Lacking a standard way to do it, most require Flash (which is a security nightmare), Sony installs a rootkit on customers' computers. Most companies *shouldn't* use DRM, perhaps, but they do. A few companies have a strong case of why DRM actually makes sense for their content.
There is no debate about this point - we KNOW companies will deploy DRM without a standard, because the DO. Lack of a standard for web DRM has never stopped them from hacking together really annoying DRM.

Do we prefer a standardized, cross-platform approach developed with input from users or do we prefer the Sony rootkit approach? Those are the realistic options we can actually choose from. The standards bodies can't prevent DRM, they can only offer a reasonable way of doing it or leave publishers to implement it in all kinds of unreasonable ways.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[drinkypoo]

Exactly. If we want more Flashes and more Silverlights, by all means, fight against DRM in the browser. I, for one, do not. I will choose the lesser evil. We're going to need it until we "fix" copyright law, which could take literally forever.

We have "selected platforms" without standards

[raymorris]

> As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

"Selected platforms and devices" is what we get without a standard. We know that because we've tried that for 25 years. How many years could Linux users not access Netflix. When I first got involved with the IETF (web standards group), ActiveX was the popular way to implement DRM. Meaning you could only see the content using Internet Explorer on Windows. Talk about "selected platforms"! Later DRM on the web commonly used Java for a few years, then Flash. Flash-based DRM lasted for many years, and there are still many sites that require the security nightmare known as Flash because that's how they do their DRM.

Note in the above paragraph I never used the word "should". This isn't about what publishers "should" do, or what we'd like them to do. It's about what they actually do. What they actually do is require Flash in the best case DRM, and implement the Sony rootkit in other cases. Of course there are almost as many different ways of doing DRM as there are publishers using it - there is no standard.

On the other hand, we've long had standards for video and images such as mpeg and jpeg. Are those limited to "selected platforms and devices"? No, the entire point of standardization is that a standard can be implemented on any platform and device.

I've personally made the case against DRM to probably 100 of my customers (qho arw publishers) yet so many of them decide to go ahead and use DRM. About half choose a DRM solution that means I can't see their content on my device. Would a rather they each come up with their own incompatible, annoying DRM that doesn't let me view the content, or would I rather they use a compatible, cross-platform standard that anyone can view, developed with input from users? Given the options we actually have, I'd rather be involved in developing a usable standard than have another generation of Flash-based sites and Sony rootkits.

Re:We have "selected platforms" without standards

[peppepz]

But EME are not a standardized form of DRM. With EME you don't get a standard platform that anyone can implement in order to watch DRM-protected media. EME is a standardization of HTML hooks that allow portions of a web page to be decoded by a closed source, proprietary, non standardized binary plugin, that the content provider will choose. The difference from the past is that before EME, publishers would force you to install their proprietary plugin. With EME, they'll force you to use the proprietary browser (Chrome) or operating system (Android) that they think will prevent you from downloading their stuff. It's arguably even worse than the Sony rootkit, because you can be forced to use an operating system that has no root access for you but is safe for them. And since the proprietary plugin will not even need to be installed, because it will most probably come built-in with the browser or the OS, content providers will have even less disincentive to make use of it.

As Much About Advertising as Copyright

[Kunedog]

Saying "universal" in this context seems more like a trick of language, tacitly admitting that DRM has to be EVERYWHERE or sane users would never put up with it.

EME proponents Netflix, Microsoft, Apple, and Google

Hey look, all the major browser makers, except one. Users still have a choice in Firefox.

Except that Youtube-owner Google spent hundreds of millions to obtain considerable financial influence over the browser maker thought most likely to resist (Mozilla). And then (what a coincidence!) Mozilla gave in on DRM, and seems perpetually bent on making dozens of other perplexing decisions that users can't stand, and seem outright designed to cost it market share.

Be assured that the other big (if not the main) reason they want DRM is to thwart adblock for videos. If they can compromise your browser/vidplayer to the degree that they've prevented you from even reading the content stream, then they've necessarily also prevented you from altering it.

Re:Some services need DRM

[king+neckbeard]

Because people will do whatever is easiest. By making DRM harder and more inconvenient, you make it less profitable, which puts non-DRM media at an advantage.

Re:Some services need DRM

[king+neckbeard]

No, I'm thinking that DRM-free content will have an edge when people have to go through 12 different kinds of DRM to watch whatever they want, while pirates and DRM-free services "Just Works";. We've fought this fight before, and we kicked its ass on music.

Re:Some services need DRM

[king+neckbeard]

The cost isn't in implementing the DRM, it's in losing customers because the DRM is inconvenient. DRM'd media is broken, and by not giving them a unified standard, we ensure that customers eventually see it as such. Everyone is talking about the hypothetical clusterfuck of non-standardized DRM, and I'm here saying that it's not a bug, it's a feature.

It's because of Hollywood

[Solandri]

The studios approve two types of devices if you wish to stream their coopyrighted content. One approval is for a hardware device - a phone, tablet, dedicated player (e.g. Roku), Blu-ray player, etc. You submit a sample of this hardware, they go over it and OK it, and authorize you to stream to it. This is why the iPhones got Netflix before Android phones. Netflix had to submit just a few iPhone models for approval, so that happened pretty quickly. They had to submit hundreds of Android phone models for approval, so that took some time.

The second type of approval is for software players. If you want to stream to a software player running on a general purpose computing device, Hollywood has much more stringent requirements. Their fear is that you'll run another program along-side the streaming video that peeks into the memory containing the decrypted stream, and save stream to disk thus giving you a DRM-free digital copy of the movie. Their "solution" is that the DRM and video decode process has to happen inside an encrypted virtual machine, which then sends each frame directly to the display device. They don't want a native Windows or OS X or Liinux binary which does this because someone could theoretically modify the binary before running to weaken or pierce the encrypted VM. That's why the players are coded in Flash or Silverlight (theoretically you could modify those as well, but it's a lot harder since a new copy of the player is sent when you begin streaming the movie).

This insanity is also why playing streamed movies on PC requires much heftier hardware than mobile devices. Because the entire decode process has to happen inside the encrypted VM, you can't take advantage of dedicated video decode hardware built into every GPU since the late 1990s. The entire thing has to be done in software (moreover, software running in a VM). It's extremely CPU-intensive. That's why until recently you needed an i3 or better (Pentium or Atom wasn't enough) to stream 1080p movies from Netflix, Hulu, etc, while your phone with a low-end ARM processor could stream the same 1080p movie with no problems. Because the phone was approved as a hardware device, it's allowed to use dedicated video decoding hardware.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[klingens]

>Do we prefer a standardized, cross-platform approach developed with input from users or do we prefer the Sony rootkit approach? Those are the realistic options we can actually choose from. The standards bodies can't prevent DRM, they can only offer a reasonable way of doing it or leave publishers to implement it in all kinds of unreasonable ways.

EME is neither a viable standard nor is it in any way cross-platform and there was zero input from users. The input came from Adobe, Microsoft, Google, etc.
EME is basically something like NPAPI. it has a few API/html statements and is otherwise a proprietary blackbox for only very specific OSes, browsers, etc.
In this it works exactly 100% the same as Flash did: both have the same propeties.
EME is one of the unreasonable ways.

Re:Some services need DRM

[Kohath]

That's why no one buys computer games on Steam.

Re:Some services need DRM

[king+neckbeard]

Slightly, but the cost of a reasonably effective DRM scheme relative to the scale of deals that the likes of Netflix and major movie studios are making is probably pretty small.

There is no reasonably effective DRM stream. Any movie or TV is on TPB basically as soon as a legit copy or stream is available.

That only follows if you assume the DRM doesn't have a beneficial effect that justifies its cost. If that were true, the executives running Big Media businesses would have switched tactics long ago.

That only follows if you are that the executives running Big Media businesses were perfectly rational and omniscient. Having lots of money and power can do a lot to insulate against the effects of stupidity. Head coaches of professional football teams, paid millions of dollars, always punt on a fourth down, despite statistics sayings that they usually should go for it. By your logic, this shouldn't be happening, because you aren't acknowledging that reality is more complex than "invisible hand" metaphors.

In contrast, if you look at the issues raised in the bug trackers after Chrome 55 added that download icon to the controls on HTML5 video elements, you'll find one comment after another from web developers whose clients were extremely unhappy about it. It wasn't just because it made it more obvious that people could download and save unprotected videos; obviously web developers knew this was possible before. It was also because the mere existence of the icon was causing visitors to those clients' sites to think that downloading and keeping the videos was permitted, even if it was totally against their terms. If you've never run a web business, you might not appreciate how much of a business finance and customer service problem even such a little change can cause, and equally how much hassle and abuse can be avoided just by making casual infringement a bit less easy/obvious.

Seems like the better option is to keep the suits out of technical discussions. Which I know is often not an option, but I don't see any reason for pretending that they aren't the root of problem. Expecting agnostic copying machines to not copy agnostically is deeply irrational.

Re:*SIR* Tim Berners-Lee

[mccalli]

What? He had nothing to do with DNS, that's all pre-the web. I used to use the old uk.ac.someuni.somemachine conventions on JANET in 1990, then we bridged over to the internet and had to start using the other one. Definitely pre-web.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[DamnStupidElf]

I would happily support DRM that actually cared about customers' rights. I want the guarantee that, like physical media, DRM-protected content will be available in the far future. Blu-ray already fails this test, and I only purchase Blu-rays to strip the DRM and save a long-term format. I want the ability to gift, loan, or sell any media that I possess the rights to. I don't want to possess merely a ticket which grants me admittance to content for a limited time, under limited conditions, subject to the dissolution of whatever producer, licencor, or operator manages the DRM scheme.

Because piracy has absolutely no effect on 99% of customers I am fairly certain that what content producers/licencors truly fear is "casual piracy" and fair use like loans and libraries where market forces drive the resale cost of digital media down to its natural price in the free market.

It's perfectly natural to resist inferior DRM schemes by refusing to make them standard. If you want me to support an open DRM standard then it needs to be capability based with normal customers like you or me represented as first class owners of those capabilities and implement a durable scheme for transfer of those capabilities into the indefinite future.

For example, consider a ownership-based scheme where producers issue N digitally-signed capabilities to a particular copyrighted work and sell them to customers on an electronic marketplace. Bitcoin has proven that it's possible to maintain a globally consistent transaction ledger of ownership of individual tokens, and a much cheaper implementation could maintain ownership and facilitate programmatic transfer of capabilities to digital works (to support sales, gifts, and even temporary loans) because the marginal value of acquiring more than one capability to the same work is zero and so there will be little need to spend gigawatts of electricity maintaining the blockchain against adversaries. The copyrighted work doesn't even have to be encrypted. Just make standards-compliant devices/software require current ownership of a capability to use the work. Yes, this is an easily defeated scheme for pirates, but so is every other DRM scheme. At least this respects individual property rights, the first sale doctrine, fair use, and libraries for the vast majority of users.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[drinkypoo]

One political revolution will end it pretty quickly. For some reason the US thinks they are immune to such a change, even when they see it happening all around them.

If we do have a revolution, I doubt we'll even get around to fixing copyright. It'll just be a new gang of assholes in business soon enough.