Disappointing: Tim Berners-Lee Defends DRM In HTML 5

from the he-should-know-better dept

We recently wrote about the truly stupid idea of building DRM into HTML5. At SXSW this week, web inventor Tim Berners-Lee was asked about this, and he surprisingly defended the decision, claiming that it was necessary to get companies to use HTML5:

During a post-talk Q&A, he defended proposals to add support for “digital rights management” usage restrictions to HTML5 as necessary to get more content on the open Web: “If we don’t put the hooks for the use of DRM in, people will just go back to using Flash,” he claimed.

Berners-Lee is so good on so many issues (most of his talk seemed to be about the importance of openness) that this response really stands out as not fitting with his general view of the world. Cory Doctorow has responded eloquently to TBL, explaining why he should be against the DRM proposal.

What’s more, DRM is wholly ineffective at preventing copying. I suspect Berners-Lee knows this. When geeks downplay fears over DRM, they often say things like: “Well, I can get around it, and anyway, they’ll come to their senses soon enough, since it doesn’t work, right?” Whenever Berners-Lee tells the story of the Web’s inception, he stresses that he was able to invent the Web without getting any permission. He uses this as a parable to explain the importance of an open and neutral Internet. But what he fails to understand is that DRM’s entire purpose is to require permission to innovate.

For limiting copying is only the superficial reason for adding DRM to a technology. DRM fails completely at preventing copying, but it is brilliant at preventing innovation. That’s because DRM is backstopped by anti-circumvention laws like the notorious US Digital Millennium Copyright Act of 1998 (DMCA) and the EU Copyright Directive of 2002 (EUCD), both of which make it a crime to compromise DRM, even if you’re not breaking any other laws. Effectively, this means that you have to get permission from a DRM licensing authority to add any features, since all new features require removing DRM, and the DRM license terms prohibit adding any features not in the original agreement, and omitting any of the mandatory restrictions featured in that agreement.

Doctorow makes two other key points in this: (1) that the W3C (the standards setting body for HTML5) has an enormous role in keeping the web free and open — and imposing DRM is abusing the trust it has built up and will backfire badly and (2) that the big content players who insist they “need” DRM are bluffing.

As the leading standards-setting body for the Web, the W3C has an enormous, sacred and significant trust. The future of the Web is the future of the world, because everything we do today involves the net and everything we’ll do tomorrow will require it. Now it proposes to sell out that trust, on the grounds that Big Content will lock up its “content” in Flash if it doesn’t get a veto over Web-innovation. That threat is a familiar one: the big studios promised to boycott US digital TV unless it got mandatory DRM. The US courts denied them this boon, and yet, digital TV continues (if only Ofcom and the BBC had heeded this example before they sold Britain out to the US studios on our own high-def digital TV standards).

Flash is already an also-ran. As Berners-Lee himself will tell you, the presence of open platforms where innovation requires no permission is the best way to entice the world to your door. The open Web creates and supplies so much value that everyone has come to it – leaving behind the controlled, Flash-like environs of AOL and other failed systems. The big studios need the Web more than the Web needs big studios.

The Big Content guys have been seeking to remake the web in their image (i.e., “TV”) for over a decade now, still believing that they’re the main reason people get online. They’re not. There’s room for them within the ecosystem, but professional broadcast-quality content is just a part of the system, not the whole thing. If the world moves to HTML5 without DRM, the content guys will whine about it… and then follow. Especially as the more knowledgeable and forward-looking content creators jump in and succeed.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Disappointing: Tim Berners-Lee Defends DRM In HTML 5”

Subscribe: RSS Leave a comment
77 Comments
EricT (profile) says:

Re: Not surprising?

While DRM can be annoying especially for paying customers, I can also see the reasoning behind the HTML5 EME standards. (https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html)

Think of it this way, at least now it wouldn’t matter that you run AmigaOS as long as the browser is up to date and supports HTML5, you will be able to watch Netflix, Amazon, VUDU, etc…

The specification is actually rather vague, and I could also see this as a nice way to encrypt general traffic without the need for expensive licensing or software.

Joe Magly (profile) says:

Re: Re: Not surprising?

The thing is, based on the spec, this is just a plugin API (ie no real DRM happens in the browser). Meaning each content creator is going to push onto your machine either 1st or 3rd party DRM code that will RUN on your computer rather than just play a stream.

On top of all the issues with how this really is not much difference from the ActiveX and Flash messes of old; All I see here is a way for malicious developers/site authors to take advantage of end users and gain access to a new area where code can run (Possibly even outside the sandbox depending on the implementation).

Just like any other DRM, the people who can will remove it fairly easily when they really want something. However it will cause a whole bunch of fun for end customers when their DRM plugin store goes awry or they click a link from an email they think is from netflix, watch a TV show and now have a virus.

Anonymous Coward says:

Re: Re: Not surprising?

“Think of it this way, at least now it wouldn’t matter that you run AmigaOS as long as the browser is up to date and supports HTML5, you will be able to watch Netflix, Amazon, VUDU, etc…”

Provided also that your browser of choice has specifically been written to support each particular DRM scheme used by each particular website you visit, under your platform of choice (DRM is often OS-specific), and further provided that the browser’s developer comply with all related licensing requirements and restrictions.

EricT (profile) says:

Re: Re: Re: Not surprising?

The browser wouldn’t have to comply, unless of course they are using an in browser decoder for the video. That was a big issue earlier with Firefox and H.264 support, which they skated by using OS level commands to decode the video. As far as fragmentation of DRM schemes, well that’s the same now. All this adds is a common way to pass encryption keys and authentication from CDN to enduser. As Joe above noted this isn’t really doing DRM per se, but just an API for allowing it.

My hope is that once stardardized this will lead to open source but difficult to break encryption, think 2048 bit PGP to secure more than just DRM media, but secure downloading of vital documents.

gorehound (profile) says:

Re: Not surprising?

I have nothing………that has Dirty Rotten Media ! If it does then I won’t Buy it.That is my bottom line.you put your Dirty Rotten Media out and I will either ignore it or use a VPN & P2P.And at this point I don’t even care what is coming out.I own a 1500 piece Library of all physical Books so I can go without.
Go put your Dirty Rotten Media in HTLM5 and it will be hacked within hours I bet.
Change your keys and that will be hacked as well.
Big Shots who Support it are probably getting a nice Fat Check to say they Support it.

Ninja (profile) says:

I tend to agree that DRM in HTML5 be futile and it’ll be broken in hours if that much. My concern is that much like PS3 and Blu-ray players they’ll keep changing it which will require updates to the ‘standard’ and eventually break it.

In the end I’ll do exactly what I’ve been doing with DRMed content lately: I’ll go without. And I”m sure many will do it.

Trails (profile) says:

Re: Re: Re:

This. Times a million.

An entire plugin architecture just to support DRM is ridiculous. Taking into account that this DRM scheme is particularly idiotic (key transmitted in the clear, will do a big fat nothing to stop pirates), and what we introduce is complexity, points of failure, and massive challenges to interoperability, for what?

HTML already has a plugin architecture. This duplicates that in a non-generic way, and doesn’t solve the core problem it tries to address, while introducing a host of challenges.

SD says:

Re: Re:

Adobe has announced diminished support on certain platforms but it’s not like they gutted the team and boarded up the doors yet. They still actively maintain ARM and x86 ports of Adobe AIR and Flash Player.

Flash Player for Android Ice Cream Sandwich unofficially works on Jelly Bean.

Microsoft amusingly enabled Flash Player by default in an update for Surface RT devices yesterday, probably to prevent Surface Pro devices from completely cannibalizing sales, yet like most other Windows apps there’s not even a Silverlight browser plugin for RT…

Akari Mizunashi (profile) says:

My two cents, so take them with a grain of salt.

I do believe TBL understands the role DRM plays, but in order to push HTML 5, he’s probably coming to a compromise.

This new version has been on the back burner far too long, and it’s all because DRM isn’t included for the embedded streaming.

In my opinion, I hope HTML 5 is forever stalled if it means accepting DRM.

There should be absolutely no compromise regarding DRM and the internet. Ever.

So get this through your head, Dodd.

Ninja (profile) says:

Re: Re:

I do believe TBL understands the role DRM plays, but in order to push HTML 5, he’s probably coming to a compromise.

That. And also…

There should be absolutely no compromise regarding DRM and the internet. Ever.

That. He should stick to his principles. Once you let yourself be corrupted for some “greater good” there’s no turning back.

out_of_the_blue says:

OVERLOOKING that purpose of HTML5 is ADVERTISING.

So far as I see, there’s NO other cause for much of what’s in version 5 than to better deliver and target advertising. So this is a side argument — and strikingly typical of gov’t practice in which VERY horrible parts are tacked onto a merely horrible base in order to deflect opposition to the whole; so, opponents rush to protest the worst, and end up almost embracing bad enough.

Also implicit here is Mike leaving out that BIG SEARCH and BIG SURVEILLANCE wants HTML5.

If you want an open web, you’d better STOP “innovations” that require upgrading to new OS, and then take over your computer.

HTML5 gives BIG CONTENT far more control over your computer than at present (where your browser is more or less a “dumb terminal”); in fact, I’d say it implements the VERY thing Mike says he doesn’t want: the internet as TV.

Trails (profile) says:

Re: OVERLOOKING that purpose of HTML5 is ADVERTISING.

No. Wrong. Dumb. Misleading.

HTML5 is about delivering media, as well as some enhanced approaches to basic document structure.

HTML5 gives no more control over your computer. If anything it reduces it, as currently media must be supported with executable plugins that are complex to secure and can perform arbitrary logic (e.g. surveillance).

HTML5 is not executable, it is markup. Many browsers (not all, granted) are OSS so readable markup + OSS browser = full disclosure. NO POSSIBILITY for surreptitious for additional surveillance. Further, HTML (any version) as surveillance is idiotic on its face. HTML describes a document (in clear text, no less). Surveillance is typically carried out at the network layer.

To summarize, at best you freely conflate things you clearly do not understand, and at worst you are being intentionally misleading.

Anonymous Coward says:

the reason anything and everything the ‘industries’ want included is simply because they benefit from the inclusions. if anything were to be included that would benefit the public, there would be all hell let loose. that is why nothing good ever comes from new laws. the last ones to benefit are always those that use something the most and rely on it to progress

Anonymous Coward says:

I’m really not sure why everyone is so riled up about the DRM provisions in HTML 5.

They aren’t mandatory.

Those that want DRM will do so whether or not HTML 5 makes it easy or difficult. If it’s difficult they simply won’t use HTML 5 unless they absolutely have to. If it’s easy, then everyone moves to HTML 5 sooner.

At least this way there is the possibility of DRM using a common scheme. Whether the industry wins or loses this battle against their own consumers is yet to be seen and this hardly puts a nail in either coffin.

Anonymous Coward says:

Re: Re: Re:

I’m hardly an expert on any HTML so i don’t know if HTML 5 brings anything to the table worth using but generally speaking each revision is more refined… /shrug we’ll see i don’t like having every other website only support specific versions of software, it’s just a pain to deal with.

Why would it be a good thing? So that you don’t need to download every publishers pet DRM project and sign up with a new account because you want to look at a news article that’s why.

I’m not suggesting that DRM is in anyway a good idea, but if they are going to do it, they might as well at least do it so that it doesn’t bother me and this looks like it could be a good step in that direction.

John Fenderson (profile) says:

Re: Re: Re: Re:

So that you don’t need to download every publishers pet DRM project and sign up with a new account because you want to look at a news article that’s why.

The DRM scheme being proposed doesn’t affect this. It’s a plugin architecture. You’ll still need a plugin for every publishers pet DRM project. They’ll still make you sign up for an account.

Anonymous Coward says:

Re: Re: Re:2 Re:

Here’s the deal. I find this beneficial, not for DRM, but as a secondary encryption scheme for downloading documents. For example, being able to verify the end user and encryption keys would add a second layer of defense in the US when downloading credit reports from the legitimate reporting agencies. SSL has flaws which have been blasted recently, and this could just add another layer of protection to the end-users. Public/Private key encryption on the end-user side could potentially stop third parties from accessing documents as they don’t know the previous private key used in the encryption.
As has been shown time and time again, no matter what they use, there will always be ways to record the content. Since we are talking computers, they could even just copy the messaging from the application to the browser and receive the raw data anyways. IMHO it will have little effect on copying, but a more profound affect on user verification which is desperately needed.

DannyB (profile) says:

DRM in browsers may fragment the web

We’ll end up with browsers that can support DRM websites and browsers that cannot. The web will be fragmented.

And that might be a good thing.

It might be the first place where you have a choice of whether or not to have DRM. Let the market decide. Let’s see how much of a market there is for DRM.

special-interesting (profile) says:

DRM = DRM. Nuff said. One might even ask if they could go to the bathroom for a fee.

I have worried about HTML5 in that it is a new format that needs to be swept under the Privoxy rug like prohibited actions like java, flash or shockwave.

If the terms for copyright were even close to to reasonable (well within one’s lifetime) we might consider something like this but even then…

On the face of it current copyright limits are like a death sentence on ideas learned over public (hahaha) media. If you cannot use what you hear, before you die, why read/listen? Why even pay attention to the news if we cannot speak of it to our friends and neighbors. (without a fee)

Several time I have said that news-aggregation sites are nothing more than gossip. If greater than that that they should be given ad fees for referring interested clients to their sites. If firms could use HTML5 for regulating this they would. (to their own likely demise)

Java, flash and whatever are always banned from general browsing. Never visit a new site with such enabled and you will, 99.99% likely, never get a virus. If that breaks a site then so what don’t go there.

FuzzyDuck says:

Just like they are trying to make ISPs responsible for policing copyright infringement, if DRM is a standard component of HTML5, I foresee that browser makers will be sued by big content for “not implementing DRM properly”. They’ll do everything to shift the responsibility for making DRM work to browser vendors.

Instead of having to roll out their DRM crap user by user themselves, they’re trying to piggy back on the work of others for free.

karl (user link) says:

Failed logic, W3C and Tim Berners-Lee

There is a lot of misunderstandings in the articles I can see around.

1. HTML doesn’t belong to Tim Berners-Lee. He made it that way. He doesn’t decide what goes in or out of the technology. As its role of W3C Director, when there is a formal objection made by one of the participants in a Working Group when a technology is moving along the recommendation track, Tim has to decide on the nature of the objection. He never does it by abuse of power but look at all the arguments in place, but that just a last resort. It should usually never happen. Working Groups are driven by consensus.

2. W3C is a consortium where everyone participates, even more so for HTML. It creates a lot of frictions, delays the work, but that’s the natural process of a larger community. In that community, there are different type of interests, and the role of the group (including industries, organizations, etc.) is to reach a consensus around a technology.

3. Royalty Free. Technologies which become W3C recommendations have to be Royalty Free, aka no participants in the technology has to waive patents. If one of the participants has a patent, they must say it AND decides if they accept to let it be royalty free. If not, the group has to find another solution. It means if there was a DRM mechanism puts in place, it would be royalty free. (Not that I want to see that happening.)

4. Many in the industry are already using DRM through flash for example. They often have constraints coming from copyright owners, which is basically along you do DRM or we don’t deal with you. It means for the likes of $VOD_CO it’s a choice between the end of their business or not. It’s why a part of the industry is pressuring for it.

5. What people can do. Participate in W3C. Not in shouting, but in demonstrating the issues with implementing DRM. To find better technical solutions, to find better ways of dealing with the issue related to the industry of copyrights.

In the past, before the Royalty Free policy, there has been a lot of debate around RAND, which was adopted by IETF, W3C. The Open source community has participated in establishing a culture of RF at W3C. It worked. With Participation.

John Fenderson (profile) says:

Re: Failed logic, W3C and Tim Berners-Lee

To find better technical solutions, to find better ways of dealing with the issue related to the industry of copyrights.

The problem isn’t whether or not the proposed DRM framework is a good one or not. The problem is that things have degraded at the W3C so much that they’re even talking about DRM in the first place.

So, no, I do not want to find a better technical solution for DRM, and no, I do not want to find a better way of dealing with copyright-related issues. Neither of these have any place in the standard at all.

But that horse is long out of the barn. There is no more room for useful input at the W3C on this subject. HTML 5 is already compromised.

karl (user link) says:

Re: Re: Failed logic, W3C and Tim Berners-Lee

You still do not get it. W3C is a consortium. It’s not a pure philosophical organization. The topics which are being discussed and debated are the ones coming from its members. It just takes a few persons and/or industry to start a group about the topic.

When W3C has switched from RAND to RF for the patent policy after EPIC BATTLES, some members left. It’s normal it’s part of it. Having the discussion about DRM is something which is pushed by Google, Netflix, and others. Will people stop massively using Google Chrome or remove for their subscription to Netflix. I wish they did.

Having the discussion is good. It might help to define a policy along the one which happened for the patent policy.

John Fenderson (profile) says:

Re: Re: Re: Failed logic, W3C and Tim Berners-Lee

Oh, I totally do get it. I’m very aware of how the W3C works from personal experience.

That’s why I can confidently say that there’s no more room for useful input (from my point of view) there on this subject. They’ve decided: DRM will be in there. They’re only debating how it will be in there, which is underscores that this battle has already been lost.

It might help to define a policy along the one which happened for the patent policy.

I don’t see how that’s an analogous situation. This is a very different thing than arguing about licensing terms. At best, there may be a solution that is less terrible than what they currently have on the table, but if that solution involves including DRM mechanisms in the standard, it’s still a terrible solution.

SD says:

DRM in HTML5 is a Joke (And Why You Should Support The Spec)

Publishers will look elsewhere if it’s not implemented… like TBL said “back to Flash” even though they pretty much never left Flash or Silverlight. But it would be amusing to see them get what they want in HTML5 only to find out the shiny new DRM they backed is actually built to make it easier for people save full quality videos to their own computer (the shock! the horror!)

Even something that hasn’t been cracked yet programmatically can be bypassed by using screen capture software, but all “useful” DRM relies on obfuscation of the decryption method and closed-source code. The Encrypted Media Extensions spec is openly published and if it ends up in an open source web browser someone could easily add an on/off switch or a download button, perhaps even officially (Mozilla are you listening???)

One upside that seems to be overlooked is that EME could be used for encrypted live video streams over HTTP. There are already javascript crypto libraries that can be used to securely transfer live text over HTTP, and the speed of DH key exchange operations will improved when the native “Web Cryptography API” starts being implemented in browsers.

So a crutch for the content industry’s shiny new broken-by-design DRM might actually be a powerful tool against surveillance.

Roman (user link) says:

When we talk about

When we talk about this or that should be in HTML5 we are discussing features. DRM, whatever you think about it technologically, sociologically, morally, etc. is not a feature, but rather more if a purposeful “designed as defective” scenario. Now you can debate DRM as good or bad, but to throw it in with features like plugin-free video, smooth, scalable graphics/animations or OS-independent drag-and-drop – actual *features* of HTML5 would be a mistake.

Does Flash suck? Yes. It makes my laptop run 10 degrees hotter, but a web without Flash as dominant (the goal of Lee in this quote) doesn’t have anything to do with actual features of HTML5.

Termin8tor says:

DRM isn't the problem.

To be completely honest, I can see a legitimate need for DRM on the web. Web broadcasters rely on subscriptions and advertisements to operate as a business and earn revenue. This is why DRM exists, to prevent people from stealing copyrighted works. Quite often a network airing shows online and on T.V will pay for development of new shows from money earned via advertisements.

You only have to look as far as many popular bit torrent trackers to see that DRM in all current forms is a failure however.

I’m sick of Open Source evangelists preaching about Open Source and Standards constantly as if it’s the only ethical option. Some people want to be paid for their work and that is fine in my opinion. Economic gain is a very good motivator for content creation.

HOWEVER, I do believe the W3C should stay away from standardizing DRM into HTML5. If corporations want a standard DRM format, there is nothing stopping them working as a collective like many Open Source groups do to create a propriety cross platform DRM solution.

Marion Delgado says:

Why they think Big Content is Key

Yeah, why DO “they” believe Big Content is what brings all the boys to the yard? Because the capitalist ideological paradigm replaces people, voters, workers, families with fictitious pseudo-individuals. The Consumer is actually the “Consumer Dollar” and one Bill gates is worth 10,000 normal people. Attorneys arent paid by the client except the poor public defenders.They’re paid by the billable hour, so one client is worth 1000 other clients.

No one cares about the average person on the net. They care about the average dollar. The “Net User” is actually “the bandwidth:” look at all the bandwidth taken up by movies, etc? But how many people doing what I am doing now, slowly typing a comment on a laptop at a coffee shop sharing wifi – would it take to match one person watching a streaming HD movie?

There’s your answer.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...