Free Software Foundation Challenges Tim Berners-Lee On DRM

Slashdot reader Atticus Rex writes: On Monday, W3C (World Wide Web Consortium) director Tim Berners-Lee released a post defending his decision to allow Netflix, Microsoft, Apple and Google to enshrine DRM in Web standards, arguing that blocking it would be pointless. Zak Rogoff, FSF campaigns manager, writes in the response:

"As Director of the W3C (World Wide Web Consortium), Berners-Lee has the ability to block [the DRM proposal] from ratification as an official Web standard... Of course, a refusal to ratify could not immediately stop the use of DRM, but it could meaningfully weaken the position of DRM in the court of public opinion, and put EME proponents Netflix, Microsoft, Apple, and Google on notice that a very prominent figure was willing to stand up to them on behalf of users. Changes in society's technological infrastructure require political movements, not just technological arguments, and political movements benefit greatly from the support of prominent figures."
Berners-Lee takes the position that "The web has to be universal, to function at all. It has to be capable of holding crazy ideas of the moment, but also the well polished ideas of the century. It must be able to handle any language and culture. It must be able to include information of all types, and media of many genres. Included in that universality is that it must be able to support free stuff and for-pay stuff, as they are all part of this world.

"This means that it is good for the web to be able to include movies, and so for that, it is better for HTML5 to have EME than to not have it."

"universal"

[klingens]

"The web has to be universal, to function at all. "
As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

"but also the well polished ideas of the century."
Something with DRM is always never an idea of the century cause it will never last a century before it's not possible to consume that idea anymore: it is locked away with DRM, illegal to decrypt.

Re:"universal"

[beelsebob]

As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

Which is rather the point. By including DRM in the standard, you allow everyone to implement the exact same thing, and make it universally available on all devices.

By not including DRM, you would cause all the companies that wanted it to go away and implement it in some weird, proprietary way, that only works on the biggest platforms.

You get support for more devices by putting it in the standard, not fewer.

Re:"universal"

[Anonymous+Brave+Guy]

Similar to how nature abhors a vacuum, the net (and largely, information in general) interprets censorship as damage and routes around it.

Seriously, is this the cliche of the month club and I missed the memo?

No, the Internet does not interpret censorship as anything. The Internet is not alive, and the actions taken to distribute works illegally are ultimately taken by people.

Also, comparing measures to prevent infringement of copyright, which is merely against laws that are widely applicable throughout the world, with the sometimes very real problems of actual censorship is just a propaganda move designed to attract an emotional response that is not otherwise justified.

You're just repeating industry shill "the sky is falling" garbage.

Someone who has a different point of view to you is not necessarily a shill. And if there really isn't a problem if we stop creating and distributing new works, why is the vast majority of piracy ripping those new works, instead of just sharing the "orders of magnitude more media than any human could possibly watch" that we already have? Apparently most pirates disagree with you about which work is more valuable.

There is no money to be made in trying to scare pirates straight. There IS money in providing a convenient service, and DRM never adds convenience.

It would be lovely if that were true, but I have been following this issue for a long time, and the evidence so far seems to say otherwise. How would you run a service like Netflix, which obviously a great many people find more convenient than other models for watching movies and TV shows, without DRM or some other system with a similar effect? You're trying to separate DRM from what makes a useful service and treat the two separately, but they aren't independent issues.

Re:"universal"

[squiggleslash]

By including DRM in the standard, you allow everyone to implement the exact same thing...

That's possible anyway.

and make it universally available on all devices

...that doesn't follow from the first part of your sentence. It would follow if what you'd written was by standardizing DRM you allow everyone to implement the exact same thing, but as your wording correctly implies, all that was standardized was the method by which DRM is referred to in HTML5, not the DRM itself.

Had the W3C not punted on the DRM scheme itself, Berners-Lee's comments would have been legitimate if not what we necessarily wanted. But in failing to standardize DRM, they basically created another <OBJECT> tag - something that's inherently platform and vendor specific, and will never be anything but.

DRM and Netflix

[Kohath]

Does anyone seriously think Netflix could ever operate without DRM? No DRM, no Netflix or services like it.

Re:DRM and Netflix

[lgw]

The answer is "yes". Just ask anyone who's not an obsessed nerd.

Since Netflix is obviously going to happen in browsers, whatever obsessed nerds think about that, better to have some sort of standard for that, some hope of getting Netflix on Linux, than not.

I know some people actually believe that somehow, if we didn't have DRM standards, streaming content would magically be DRM-free. Those people have a lot to learn about the world we live in.

Unpopular here, but I'm with Berners-Lee. DRM exis

[raymorris]

I know this opinion will probably be unpopular here on Slashdot, but 20 years of developing web standards and web technologies tells me Berners-Lee is right on this one, from a standards perspective. Our choice, realistically, for some content is between standardized, compatible, cross-platform DRM, or non-standard, incompatible DRM that requires Internet Explorer on Windows with Java or Flash. This isn't about what we think people *should* do, it's about what they *actually* do.

From the 1990s through to today, some publishers have found a need for DRM of one form or another, and over and over again they've asked me to help deploy it. I explain that DRM generally doesn't work and can't work. They then buy some DRM solution based on ActiveX, or Flash, or Java, or whatever is popular at the moment, and I can't see their content on my Linux desktop. The story repeats over and over. How many years could Linux users not access Netflix?

The fact is, companies will implement DRM. Lacking a standard way to do it, most require Flash (which is a security nightmare), Sony installs a rootkit on customers' computers. Most companies *shouldn't* use DRM, perhaps, but they do. A few companies have a strong case of why DRM actually makes sense for their content.
There is no debate about this point - we KNOW companies will deploy DRM without a standard, because the DO. Lack of a standard for web DRM has never stopped them from hacking together really annoying DRM.

Do we prefer a standardized, cross-platform approach developed with input from users or do we prefer the Sony rootkit approach? Those are the realistic options we can actually choose from. The standards bodies can't prevent DRM, they can only offer a reasonable way of doing it or leave publishers to implement it in all kinds of unreasonable ways.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[drinkypoo]

Exactly. If we want more Flashes and more Silverlights, by all means, fight against DRM in the browser. I, for one, do not. I will choose the lesser evil. We're going to need it until we "fix" copyright law, which could take literally forever.

We have "selected platforms" without standards

[raymorris]

> As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

"Selected platforms and devices" is what we get without a standard. We know that because we've tried that for 25 years. How many years could Linux users not access Netflix. When I first got involved with the IETF (web standards group), ActiveX was the popular way to implement DRM. Meaning you could only see the content using Internet Explorer on Windows. Talk about "selected platforms"! Later DRM on the web commonly used Java for a few years, then Flash. Flash-based DRM lasted for many years, and there are still many sites that require the security nightmare known as Flash because that's how they do their DRM.

Note in the above paragraph I never used the word "should". This isn't about what publishers "should" do, or what we'd like them to do. It's about what they actually do. What they actually do is require Flash in the best case DRM, and implement the Sony rootkit in other cases. Of course there are almost as many different ways of doing DRM as there are publishers using it - there is no standard.

On the other hand, we've long had standards for video and images such as mpeg and jpeg. Are those limited to "selected platforms and devices"? No, the entire point of standardization is that a standard can be implemented on any platform and device.

I've personally made the case against DRM to probably 100 of my customers (qho arw publishers) yet so many of them decide to go ahead and use DRM. About half choose a DRM solution that means I can't see their content on my device. Would a rather they each come up with their own incompatible, annoying DRM that doesn't let me view the content, or would I rather they use a compatible, cross-platform standard that anyone can view, developed with input from users? Given the options we actually have, I'd rather be involved in developing a usable standard than have another generation of Flash-based sites and Sony rootkits.

As Much About Advertising as Copyright

[Kunedog]

Saying "universal" in this context seems more like a trick of language, tacitly admitting that DRM has to be EVERYWHERE or sane users would never put up with it.

EME proponents Netflix, Microsoft, Apple, and Google

Hey look, all the major browser makers, except one. Users still have a choice in Firefox.

Except that Youtube-owner Google spent hundreds of millions to obtain considerable financial influence over the browser maker thought most likely to resist (Mozilla). And then (what a coincidence!) Mozilla gave in on DRM, and seems perpetually bent on making dozens of other perplexing decisions that users can't stand, and seem outright designed to cost it market share.

Be assured that the other big (if not the main) reason they want DRM is to thwart adblock for videos. If they can compromise your browser/vidplayer to the degree that they've prevented you from even reading the content stream, then they've necessarily also prevented you from altering it.

It's because of Hollywood

[Solandri]

The studios approve two types of devices if you wish to stream their coopyrighted content. One approval is for a hardware device - a phone, tablet, dedicated player (e.g. Roku), Blu-ray player, etc. You submit a sample of this hardware, they go over it and OK it, and authorize you to stream to it. This is why the iPhones got Netflix before Android phones. Netflix had to submit just a few iPhone models for approval, so that happened pretty quickly. They had to submit hundreds of Android phone models for approval, so that took some time.

The second type of approval is for software players. If you want to stream to a software player running on a general purpose computing device, Hollywood has much more stringent requirements. Their fear is that you'll run another program along-side the streaming video that peeks into the memory containing the decrypted stream, and save stream to disk thus giving you a DRM-free digital copy of the movie. Their "solution" is that the DRM and video decode process has to happen inside an encrypted virtual machine, which then sends each frame directly to the display device. They don't want a native Windows or OS X or Liinux binary which does this because someone could theoretically modify the binary before running to weaken or pierce the encrypted VM. That's why the players are coded in Flash or Silverlight (theoretically you could modify those as well, but it's a lot harder since a new copy of the player is sent when you begin streaming the movie).

This insanity is also why playing streamed movies on PC requires much heftier hardware than mobile devices. Because the entire decode process has to happen inside the encrypted VM, you can't take advantage of dedicated video decode hardware built into every GPU since the late 1990s. The entire thing has to be done in software (moreover, software running in a VM). It's extremely CPU-intensive. That's why until recently you needed an i3 or better (Pentium or Atom wasn't enough) to stream 1080p movies from Netflix, Hulu, etc, while your phone with a low-end ARM processor could stream the same 1080p movie with no problems. Because the phone was approved as a hardware device, it's allowed to use dedicated video decoding hardware.