Unesco Says Adding DRM To HTML Is A Very Bad Idea

from the when-unesco-is-against-you... dept

For years now, we've written about the years-long effort, led by the MPAA and others, to put DRM directly into the standard for HTML5 (via "Encrypted Media Extensions" or EME) which continues to move forward with Tim Berners-Lee acting as if there's nothing that can be done about it. It appears that not everyone agrees. Unesco, the United Nations Educational, Scientific and Cultural Organization has come out strongly against adding DRM to HTML5 in a letter sent to Tim Berners-Lee (found via Boing Boing).

... should Internet browsers become configured to work with EME to act as a framed gateway rather than serving as intrinsically open portals, there could be risks to Rights, to Openness and Accessibility.

Primarily, there is the issue of the Right to seek and receive information. To date, most filtering and blocking of content has been done at the level of the network, whereas the risk now is that this capacity could also become technically effective at the level of the browser. With standardized EME incorporated in the browser, a level of control would cascade to the user interface level. This could possibly undercut the use of circumvention tools to access content that is illegitimately restricted.

While a case can be made for exceptional limitations on accessing certain content, as per international human rights standards such as the International Covenant on Civil and Political Rights, the same human rights standards are clear that this is should never be a default setting. Unfortunately, many instances of limitation of access are not legitimate in international standards as they do not meet the criteria of legality, necessity and proportionality, and legitimate purpose, and it would be regrettable if standardized EME could end up reinforcing this unfortunate situation.

One would hope that when even organizations like Unesco are speaking up, that the W3C would take a step back from the ledge and reconsider its position.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 4 Apr 2017 @ 3:10pm

    hope

    "One would hope that when even organizations like Unesco are speaking up, that the W3C would take a step back from the ledge and reconsider its position."

    Put that hope in one hand and....

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2017 @ 3:27pm

    The other point the W3C should consider is that DRM will not be available to individuals, and so this will give gatekeeper publishers power over those artists that decide to gt their work protected. The problem being that to gain DRM, the creator will have to assign their copyright, as gatekeepers do not want to risk any competition.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 4 Apr 2017 @ 3:49pm

    Masnick 1: Encryption for websites is super important. My site uses SSL and I won't even take ad money from sponsors who can't work with it. Privacy is the most important thing, and we can't let anyone snoop on the stuff we broadcast over the internet. Every bit is critically important, and encryption should never be broken. I mean, Ed Snowden. FISA courts. Trump. 'Nuf said.

    Masnick 2: Encryption for media content is stupid and Tim Berners-Lee is crazy for supporting it. All encryption can and will be cracked. Who cares? It's just stuff. Basic economics tells us it's free to copy it, so that stuff is worthless. It's just Hollywood. Did I mention Hollywood? 'Cause SOPA. And free speech. Yeah, the First Amendment. Your encryption is a prior restraint, man. Everything is copied all of the time. Search engines are just giving people what they want. Hollywood. Jack the Ripper. MPAA. Hollywood. Valenti, brother! Hollywood.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2017 @ 4:02pm

      Re:

      Anonymous Coward: 0

      Just like other websites, streaming media should use transport-level encryption. This prevents access to the data stream between points A and B.

      DRM is not encryption really: it is gatekeeping by obfuscation. This is due to the fact that the data being sent has to be decrypted locally. The goal of EME is to move this decryption of content as close to the hardware as possible, to prevent the person viewing the decrypted content from... viewing the decrypted content.

      As such, DRM rarely functions as desired. One person sits something outside the EME, grabs the decrypted stream, and then shares this stream with others, circumventing the encryption. Others who have a legitimate access to the encrypted stream find that they can't consume it as they see fit, can't likewise encrypt their own streams without assigning copyright to someone else, and have access to information that is being intentionally sent to them arbitrarily restricted, not necessarily always in a legal manner, or a manner supported by fair use.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2017 @ 4:10pm

      Re:

      Encryption protects the data, but does not limit what the user can do with the data. DRM limits what the user can do with the data to viewing or listening it only via defines programs and codecs.

      Also there are signidficant implementation differences. Encryption is based on key exchange, and the user can use open source software for implementation. The proposed DRM mechanism is a way of downloading and execution proprietary closed source code which demands low level access to the likes pf the video and audio system, to try and bypass any use of the operating system to capture the decoded data. This also introduces a new route for malware to be install;ed on te system.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2017 @ 5:12pm

      Re:

      I'd ask if you were incapable of knowing the difference between the privacy of user data and DRM, but we all know you're not actually interested in the difference.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2017 @ 6:13pm

      Re:

      3/10 Trolling, Wouldent derp again.

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 5 Apr 2017 @ 12:17am

      Re:

      Anonymous Coward 1: I don't know the difference between DRM and encryption, but that won't stop me spouting off like an idiot at the person I'm obsessed with, followed by whining when people tell me to STFU and GTFO again because they're tired of my drooling idiocy.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Apr 2017 @ 3:19am

      Re:

      And what do you hope to achieve by showing everyone you cannot understand the difference? Common view that you are utterly dim?
      Congratulations, you won.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2017 @ 4:02pm

    If "Adding DRM To HTML Is A Very Bad Idea" then it's because taking it out is a much worse idea -- one that could send you to Federal prison thanks to the DMCA.

    Of course any new DRM will be broken, it always is, and that means more government monitoring, investigation, prosecution, as well as building more prisons.

    DRM is not necessarily a bad thing in itself. The problem is its implimentation, and the laws that enforce it, which typically bends to the demands of the copyright-industrial complex without any consideration to the needs of consumers whatsoever.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2017 @ 4:43pm

      Re:

      "one that could send you to Federal prison thanks to the DMCA."

      DMCA violations are a civil, not criminal, case. Criminal copyright infringement is invoked in cases of commercial bootlegging: those $1 "new" CDs and DVDs you find on street corner and flea market stalls. But let's not let the actual law get in the way of your ranting about the *-industrial complex and The Man.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Apr 2017 @ 5:35pm

        Re: Re: (actual law)

        17 U.S. Code § 1204 - Criminal offenses and penalties

        (a)In General.—Any person who violates section 1201 or 1202 willfully and for purposes of commercial advantage or private financial gain—
        (1)
        shall be fined not more than $500,000 or imprisoned for not more than 5 years, or both, for the first offense; and
        (2)
        shall be fined not more than $1,000,000 or imprisoned for not more than 10 years, or both, for any subsequent offense.

        https://www.law.cornell.edu/uscode/text/17/chapter-12
        https://www.law.cornell.edu/uscode/text /17/1204

        reply to this | link to this | view in chronology ]

        • icon
          PaulT (profile), 5 Apr 2017 @ 12:19am

          Re: Re: Re: (actual law)

          "Any person who violates section 1201 or 1202 willfully and for purposes of commercial advantage or private financial gain"

          How would that apply to a user removing DRM for purposes that do not include financial gain as a motive (i.e. most people who would be doing it).

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 5 Apr 2017 @ 7:55am

            Re: Re: Re: Re: (actual law)

            How would that apply to a user removing DRM for purposes that do not include financial gain as a motive (i.e. most people who would be doing it).

            US courts have successfully claimed drug possession, for personal use within one state, is "interstate commerce" because it might have some effect on drug markets in other states. That's why federal jurisdiction can be used to prosecute illegal possession. What stops them from using the same argument for DMCA?

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 5 Apr 2017 @ 8:05am

            Re: Re: Re: Re: (actual law)

            Sadly, last I checked you don't need to have financial gain as a motive for the advocates of DRM and the DMCA (well, the permission to use dumb robots for enforcement parts, not the icky, icky piratey safe harbor parts, anyway) to harass you and call you a pirate.

            reply to this | link to this | view in chronology ]

            • icon
              PaulT (profile), 5 Apr 2017 @ 8:30am

              Re: Re: Re: Re: Re: (actual law)

              Well, true. But, the AC above was trying to argue that breaking the DRM would be a criminal offense and when pressed for a citation he provided something with clear caveats. I'm interested as to how he's interpreting this.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 5 Apr 2017 @ 9:26am

                Re: Re: Re: Re: Re: Re: (actual law)

                To be honest, it's not above advocates of IP law in general to mix civil and criminal. Criminal penalties and offenses that require only civil standards for burdens of proof is their ultimate wet dream.

                reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2017 @ 4:53pm

    It's sort of whom you want to free, isn't it?

    If you want the political/economic power to be the thought police, then you'll favor DRM and oppose encrypted communications.

    If you want individualsto be free to think (and to do the necessary investigation) even without first obtaining great political/economic power, you'll oppose DRM and favor encrypted communications.

    Nobody favors both DRM and end-to-end encryption, and nobody opposes both.

    reply to this | link to this | view in chronology ]

    • icon
      Wyrm (profile), 4 Apr 2017 @ 6:42pm

      Response to: Anonymous Coward on Apr 4th, 2017 @ 4:53pm

      Actually, someone here made a joke about how we should stop talking about "encrypting our communications" and start saying "protecting our communications with DRM" so that politicians will want to help us.

      reply to this | link to this | view in chronology ]

  • identicon
    TheBobinator, 4 Apr 2017 @ 5:33pm

    Devils Advocate.

    Lets say I configured BitTorrent to work over HTML using EME.

    Each time the client connects to the tracker, a seeder, or a leecher, the seeder\tracker sends the leecher a royalty-free redistribution agreement for redistribution of the data being sent, then the leecher sends acceptance of the agreement to the seeder\tracker. Literally, send an encrypted, salted data stream and occasionally pause, send the agreement, then continue.

    1: ISP has the presupposition this is legit traffic. They look at it, see contract agreements and encrypted data. They respond the ISP cannot look at the data and can only presuppose that it's legitimate since it's DRM Traffic, and also, they can't look at the data stream as that's a felony.

    2: Big Media then contacts law enforcement for a warrant, then drags John Doe into court at which point John Doe provides the documentation of whom gave him royalty free rights to redistribute the work, which they were totally doing via this cool video streaming app.

    3: Big Media follows the chain to "This is the first IP Address that shared Movie X", and discovers a private tracker. They raid it, and the tracker points to non-nonsensical addresses or to the movie studio's own IP address block. That entire discussion comes down to a he said-she said between logs and proving their was no "technical" issue.

    EME is awesome, because it means we have the right to privacy.

    reply to this | link to this | view in chronology ]

  • identicon
    My_Name_Here, 4 Apr 2017 @ 5:42pm

    Funny

    What is funny here is all the arm waving for nothing.

    Adding a DRM option to HTML isn't a big deal. Websites and site owners are not forced to use it, nor are end users required to use it if they do not wish. HTML will not suddenly break without it.

    What it does is that it allows rights owners to make a choice how their content is shown to end users, and to protect it from piracy and unauthorized copying. It's a choice by the content owner, and nothing more.

    If you don't agree with it, use a browser that does not support it or disable the code (you know there will be plugins to do that quick enough). That as an end user is your choice.

    If enough users don't use the feature, or stay away from sites that do require this feature, then either the sites will change or their will wither.

    Adding optional DRM into HTML doesn't break anything else, except perhaps a few narrow minds.

    reply to this | link to this | view in chronology ]

    • identicon
      Wendy Cockcroft, 7 Apr 2017 @ 2:32am

      Re: Funny

      You're pretending that DRM isn't essentially malware. You're also pretending that all DRM'd items are essentially proclaiming that you don't own it, you're renting it. "Own it now on DVD," etc. is a lie.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Apr 2017 @ 3:04am

      Re: Funny

      You're not forced to use Google either, but that's never stopped you from becoming apoplectic with rage at the mere mention.

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 7 Apr 2017 @ 3:24am

      Re: Funny

      "protect it from piracy and unauthorized copying"

      So, you're still dumb enough to think that this actually works for any lengths of time, dumb enough to think this won't be used for other means and dumb enough to believe there are zero unintended consequences for legitimate users?

      If only you spent as much time educating yourself as you did spouting your ignorance. But, that would involve at least listening to what others are saying before attacking them.

      reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 4 Apr 2017 @ 10:29pm

    Tim Berners-Lee

    Hostile witness. It might be time to move on fron his opinion.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 5 Apr 2017 @ 1:21am

    One would hope that when even organizations like Unesco are speaking up, that the W3C would take a step back from the ledge and reconsider its position.

    The problem with that is that the W3C aren't the ones at the ledge, the public is, with the W3C standing behind getting their kicking shoes on and limbering up their leg for a swift boot to the backside.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Champion, 5 Apr 2017 @ 5:39am

    so

    make your own browsers and leave th ew3c behind they always been twits

    oh and oh nvm

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Apr 2017 @ 8:57am

    Tim Berners-Lee is now complaining about privacy on the web.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Apr 2017 @ 10:31am

    Follow the Money...?

    So, can somebody Kickstart a bribe bigger than the one TBL got from the MPAA? We can probably outbid them.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Apr 2017 @ 10:39am

      Re: Follow the Money...?

      Don't be so sure, they can add below the line items to your bill, so that they can still outbid you.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Copymouse
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.