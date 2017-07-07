Tim Berners-Lee Sells Out His Creation: Officially Supports DRM In HTML
For years now, we've discussed the various problems with the push (led by the MPAA, but with some help from Netflix) to officially add DRM to the HTML 5 standard. Now, some will quibble with even that description, as supporters of this proposal insist that it's not actually adding DRM, but rather this "Encrypted Media Extensions" (EME) is merely just a system by which DRM might be implemented, but that's a bunch of semantic hogwash. EME is bringing DRM directly into HTML and killing the dream of a truly open internet. Instead, we get a functionally broken internet. Despite widespread protests and concerns about this, W3C boss (and inventor of the Web), Tim Berners-Lee, has signed off on the proposal. Of course, given the years of criticism over this, that signoff has come with a long and detailed defense of the decision... along with a tiny opening to stop it.
There are many issues underlying this decision, but there are two key ones that we want to discuss here: whether EME is necessary at all and whether or not the W3C should have included a special protection for security researchers.
First, the question of whether or not EME even needs to be in HTML at all. Many -- even those who dislike DRM -- have argued that it was kind of necessary. The underlying argument here is that certain content producers would effectively abandon the web without EME being in HTML5. However, this argument rests on the assumption that the web needs those content producers more than those content producers need the web -- and I'm not convinced that's an accurate portrayal of reality. It is fair to note that, especially with the rise of smart devices from phones to tablets to TVs, you could envision a world in which the big content producers "abandoned" the web and only put their content in proprietary DRM'd apps. And maybe that does happen. But my response to that is... so what? Let them make that decision and perhaps the web itself is a better place. And plenty of other, smarter, more innovative content producers can jump in and fill the gaps, providing all sorts of cool content that doesn't require DRM, until those with outdated views realize they're missing out. Separately, I tend to agree with Cory Doctorow's long-held view that DRM is an attack on basic computing principles -- one that sets up the user as a threat, rather than the person who owns the computer in question. That twisted setup leads to bad outcomes that create harm. That view, however, is clearly not in the majority, and many people admitted it was a foregone conclusion that some form of EME would move forward.
The second issue is much more problematic. A bunch of W3C members had made a clear proposal that if EME is included, there should be a covenant that W3C members will not sue security researchers under Section 1201 of the DMCA should they crack any DRM. There is no reason not to support this. Security researchers should be encouraged to be searching for vulnerabilities in DRM and encryption in order to better protect us all. And, yet, for reasons that no one can quite understand, the W3C has rejected multiple versions of this proposal, often with little discussion or explanation. The final decision from Tim Berners-Lee on this is basically "sure a covenant not to sue would have been nice, and we think companies shouldn't sue, but... since this wasn't raised at the very beginning, we're not supporting it":
We recommend organizations involved in DRM and EME implementations ensure proper security and privacy protection of their users. We also recommend that such organizations not use the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA) and similar laws around the world to prevent security and privacy research on the specification or on implementations. We invite them to adopt the proposed best practices for security guidelines [7] (or some variation), intended to protect security and privacy researchers. Others might advocate for protection in public policy fora – an area that is outside the scope of W3C which is a technical standards organization. In addition, the prohibition on "circumvention" of technical measures to protect copyright is broader than copyright law's protections against infringement, and it is not our intent to provide a technical hook for those paracopyright provisions.
Given that there was strong support to initially charter this work (without any mention of a covenant) and continued support to successfully provide a specification that meets the technical requirements that were presented, the Director did not feel it appropriate that the request for a covenant from a minority of Members should block the work the Working Group did to develop the specification that they were chartered to develop. Accordingly the Director overruled these objections.
This is unfortunate. What's bizarre is that the supporters of DRM basically refuse to discuss any of this. Even just a few days ago, the Center for Democracy and Technology proposed a last-ditch "very narrow" compromise to protect a limited set of security and privacy researchers (just those examining implementations of w3C specifications for privacy and security flaws.) Netflix flat out rejected this compromise saying that it's "similar to the proposal" that was made a year ago. Even though it's not. It was more narrowly focused and designed to respond to whatever concerns Netflix and others had.
The problem here seemed to be that Netflix and the MPAA realized that they had enough power to push this through without needing to protect security researchers, and just decided "we can do it, so fuck it, let's do it." And Tim Berners-Lee -- who had the ability to block it -- caved in and let it happen. The whole thing is a travesty.
Corry Doctorow has a thorough and detailed response to the W3C's decision that pushes back on many of the claims that the W3C and Berners-Lee have made in support of this decision. Here's just part of it:
We're dismayed to see the W3C literally overrule the concerns of its public interest members, security experts, accessibility members and innovative startup members, putting the institution's thumb on the scales for the large incumbents that dominate the web, ensuring that dominance lasts forever.
This will break people, companies, and projects, and it will be technologists and their lawyers, including the EFF, who will be the ones who'll have to pick up the pieces. We've seen what happens when people and small startups face the wrath of giant corporations whose ire they've aroused. We've seen those people bankrupted, jailed, and personally destroyed.
This was a bad decision done badly, and Tim Berners-Lee, the MPAA and Netflix should be ashamed. The MPAA breaking the open internet I can understand. It's what that organization has wanted to do for over a decade. But Netflix should be a supporter of the open internet, rather than an out and out detractor.
As Cory notes in his post, there is an appeals process, but it's never been used before. The EFF and others are exploring it now, but it's a hail mary process at this point. What a shame.
Reader Comments
Disappointing, but unfortunately entirely expected.
Of course, the ideal solution is to fix this as a matter of law, which EFF is also working on.
Re:
Re:
What I've seen from them has been purely "defensive". It's good, but we could use some offense too--like a proposal to make it a crime to interfere with fair use. Leave DRM technically legal, as long as the implementors figure out the "magic" way to block only illegal uses of the copyrighted material.
Re:
1) Laws are not global, while the web is. At best you'll end up with competing laws all over the place which is already a mess with existing standards. Adding another layer won't make that better.
2) Lawmakers in many -- perhaps most -- countries seem to be firmly in the pockets of the people pushing DRM. That is, you're more likely to see "DMCAv2.0 now with even more consumer rights destruction!" than you are to see a pro-consumer law. Not that the latter _couldn't_ happen, but its not the most likely outcome should politicians start digging their hands into the situation.
time to go make another browser and give freely and opensourced to everyone
VERY DISAPPOINTED
Re: time to go make another browser and give freely and opensourced to everyone
Time to Freeze Out the w3c
We need an early 2000s Mozilla to shake up the web and rescue it from this time the w3c and their corporate overlords (Hollywood).
Re: Time to Freeze Out the w3c
http://www.zdnet.com/article/mozilla-strikes-firefox-search-deal-with-yahoo-ending-long-partners hip-with-google/
Betting pool time
Re: Betting pool time
Essentially, the "breakable" parts are still proprietary and not part of the standard. The only required "encryption" scheme the standard outlines is cleartext, which doesn't really take a lot of work to crack. Beyond that, its still up to each DRM provider to come up with their own actual encryption method -- they just have to build it in a way that works with the newly defined protocol/APIs.
What part of "if they want to control what you can access, they benefit more than you" still isn't clear?
It is difficult to get a man to understand something, when his salary depends upon his not understanding it! - U Sinclair
Re:
But his salary doesn't depend upon his not understanding it. He's Tim Berners-fucking-Lee. He could have pushed one of the compromise proposals and it wouldn't have cost him a dime.
Re: Re:
In any case, even if DRM is incorporated into HTML standards, it doesn't mean I will use it. If the content I wish to consume isn't around where I can consume it as I would like, I'll do without it.
Worse in my opinion, are licensed text books. One I was needing for a refresher cost $2,000 for a 1 year license. After that, you couldn't read the book without purchasing another license.
Re: Re: Re:
His words strike me more as "Oh, well, do what you want. You will anyway." than a full voiced roar of approval.
If he was really against it and thought that his opposition wouldn't have mattered then he should have been openly against it anyway. 'You might be able to push this through despite me, but you won't get my approval or agreement while you do it.'
That I imagine people could have respected, but his current stance of, if not agreement with the proposed inclusion of EME then at the very least an indifferent position towards it? Not so much.
Re: Re: Re:
The problem is that unless your browser does not incorporate support, or that support can be turned off, you have no choice in whether or not a module is loaded and run on your computer. Also, unfortunately I can see advertisers jumping on this to 'protect' their adds by increasing their ability to track people around the Internet.
Re: Re: Re: Re:
If you're using a browser where it can't be turned off, and whose source code you can't modify, you've already agreed to give up control. As long as source is available, someone will release a non-DRM version. Many Linux distributions like Debian and Fedora have policies against non-free software, so they'll pretty much have to disable it if they're going to ship the browser.
Re: Re:
But his salary doesn't depend upon his not understanding it. He's Tim Berners-fucking-Lee. He could have pushed one of the compromise proposals and it wouldn't have cost him a dime.
To be fair... there have been some quiet murmurs and rumblings and rumors that... his salary kinda does depend on this. That is, the W3C, as currently structured costs a fair bit of money and at times it's been a bit hard up in finding enough support. Along come the likes of the MPAA, willing to be paying members... and things are more stable magically. So... without EME in DRM, the W3C might lose paying members like the MPAA and that might make it more difficult for it to stay in operation (at least at its current levels).
That, at least, is the story I've heard from a few people, but it may be somewhat exaggerated.
Looking for a leader
Re: Looking for a leader
There are plenty of other browsers. But nobody uses them.
Re: Re: Looking for a leader
I do understand that 'some equality' is possibly difficult or impossible to overcome. And for me, it has to run on Linux, yet another burden.
Re: Re: Re: Looking for a leader
If you want to use Icecat, my hat's off to you. But you're going to have trouble convincing most people to join you.
Re: Re: Re: Re: Looking for a leader
I have my own sources for video and music and books (using OpenElec for video and music and Open Reader (Android) for reading), and have not violated any laws in my collecting these (recording off the air is not illegal). If I cannot get it legally, I don't view, listen, or read. At the same time I don't think there is anything wrong with torrents, there is nothing out there that I might want to watch, listen to, or read, that I cannot get from the library for the same cost to me. The hysteria of the copyright middlemen is out of control, but it hasn't stopped me, and won't, though I may miss out on some new content, again, so what.
Could I live just re-reading Shakespeare or other public domain works for the rest of my life? It might just take me that long to actually understand all that was said. Much of it is quite deep. But I do look for entertainment, even if it is just background noise to some degree, and not nearly as deep.
Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
But "free as in beer" or advertising supported as Youtube is pretty much proven to not work. Doesn't look as though even Youtube is actually gaining money, but is subsidized. And its "stars" are literally killing themselves off now, so the future of homemade looks bleak. Youtube would collapse without the underlying support of content stolen from major producers. One can only stand Youtube amateurs like "Stevie Ryan" (who recently committed suicide, only reason I know name), until wanting professional (meaning large high-skill, high-cost team) drama, or at least BIG 'splosions, robots, super-heroes, and car chases.
Anyhoo, you say that wider use of specialized DRM would be okay, so why quibble about it in the new telescreen -- I mean HTML5 spec?
Will everyone be required to use this DRM? No, don't see how. Surely still be able to take video from your own gadget while girlfriend shoots through a book with 50 cal from a Desert Eagle -- another Darwin award winner who was doing it for Youtube -- now, that's entertainment -- and put it where anyone can download.
This is another version of your usual outrage that someone who made content has ability to control it and exclusively them get money from it.
You've been writing this same schtick for how many years now? Aren't you the least little bit dismayed that exactly none of the changes you foresaw with Napster, of FREE as in beer content everywhere on the net, are in place?
Re:
So... anyone with a computer then. Judging from your ability to post here, that includes you.
How existential can you get?
Re:
By this logic, anyone who fancies themselves a “content producer” can refer to the hundreds of millions of people who own or operate a smartphone, DVR, tablet, or personal computer as “enemies”. How does that make any goddamn sense to you?
Re: "Any person having a gadget which can copy IS an enemy of those who produce content"
Wait, not "anyone who copies copyrighted works", but "anyone who has a device which could copy"?
Research exemtpions
Also, I'm morbidly curious as to your thoughts on there being no exemption for security researchers which would ensure that they won't get sued.
Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
Re: Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
You obviously do not understand how DRM will work, the DRM owner will be the publisher, and take control, via copyright assignment,or work for hire contracts, of creators works before wrapping them in DRM. In other words DRM is a means whereby the middlemen can gain control of works created by other to their great profit, with a few crumbs given to the selected creators that they publish.
"I'll take my ball and go home, you just watch me!"
The underlying argument here is that certain content producers would effectively abandon the web without EME being in HTML5.
Definitely going to agree with the response to this in the article: So what?
If companies want to cut themselves off from such an amazing resource as the internet because they didn't get to have their DRM to 'protect' them baked into the core standard then let them leave, there are countless people and companies that would happily replace them. I imagine that much like those that threatened Google only to be de-listed as a result they'd come crawling back inside a month, after realizing that the only people they screwed over with their actions was them.
The proper response to someone throwing a tantrum and tossing out 'ultimatums' like that isn't to cave in, it's to call their bluff and refuse to give them what they want.
Re: "I'll take my ball and go home, you just watch me!"
It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.
But you're right that the correct response would have been to call their bluff. Or, at the very least, pass the compromise to protect security researchers.
Re: Re: "I'll take my ball and go home, you just watch me!"
Re: Re: "I'll take my ball and go home, you just watch me!"
It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.
And watch their user/customer numbers take a not-insignificant hit as suddenly people found themselves needing to deal with a half a dozen or more different things in order to get what they had before. Make it too big of a hassle and I imagine more than a few would decide that they don't actually care enough to jump through the hoops and went elsewhere.
Re: Re: Re: "I'll take my ball and go home, you just watch me!"
On the one hand, phones and tablets have proven that people are fine with downloading an app that's just a fucking browser with most of its features stripped out that can only visit one website. On the other hand, it's a mistake to assume that people are willing to accept the same behavior from their desktops that they are from their phones. (And that mistake is called Windows 8.)
Re: Re: "I'll take my ball and go home, you just watch me!"
You mean like how they're instead walling off their content behind the inappropriately endorsed DRM provided by EME? Either way, the content's not properly accessible. If it's going to be inaccessible either way, I'd rather my browser not be carrying around EME code that security researchers cannot legally investigate to see how badly written it is.
I say, Good Riddance! Let them leave. The vacuum will fill up quickly. There are a ton of creative people that will rise from it.
[ reply to this | link to this | view in chronology ]
Of course DRM is absolutely necessary!
How are we going to have robust, free, P2P file sharing sites if the media monopoly mafia suddenly makes their paid services as easy to use as a well-seeded torrent?
I have Amazon Prime, a streaming and DVD subscription to Netflix, and a cable-like internet-based TV service.
Yet often I will download something I see is available on my streaming services, because I had to watch it at 7:47 PM when it started but I was watching something else, or just want to make sure there are no annoying "buffering" interruptions ... thank you Comcast!
Or I want to make sure I can see it --or see some part of it-- away from Wi-Fi access, or just repeat a scene because I didn't hear it well (high-frequency hearing loss is a common side effect of the chemotherapy drug cisplatinum, but it beats the hell out of being dead).
People say it's "stealing" but I've already paid to watch it. All I'm doing is time-shifting and creating a reasonable accommodation for my physical limitations, given that I survived cancer and have gotten so old I'm on Medicare.
My one difference with Tim Berners-Lee is that he shouldn't allow it in HTML, because soon enough people will break it and then all you've done is junked up the protocol with tech that will be deprecated before the year is out.
Much better to let the media mafia stream it in an encrypted stream, and that way you can charge people for using an app at the client end to decode it (sort of like a virtual cable box). That way you can pay the app rental every month to remind you how fortunate you are that this monopoly has condescended to let you be their customer.
Sp promote free (as in freedom, even if it's also free like free beer) video on the internet by letting the media mafiosi cut off their own heads and hold them up to show there are no brains in there.
That seems like a pretty clear message. The web browser horse is getting old. We need a fresh pony for the new race.
The only thing I can see that can cut deeply into this, media horror show, is to decentralize onto protocols that will enable you to regain control.
The Web is tough act to follow and, ho boy, good times, but we got to move on.
We need new OS's
Answer me this (everyone except Thad)
How does adding the provision of DRM to the html standard suddenly "break" anything? Can't sites that choose not to use DRM just keep going as always?
It's a serious quesiton, because the claims of "breaking" the internet always seem to come off as "taking away our free lunch". So I am open to hearing the real reasons why (without insults, thanks, it's a serious question).
Re: Answer me this (everyone except Thad)
If you dont want unauthorised people viewing your shit, dont put it into the public stratosphere
Money dictating the privelaged few who can view every public arts if they so chose.......expanding the divide between those with a higher percentage of a nations/global wealth, and those that get by from paycheck to paycheck
Rich folk creating laws for rich folk, class systems havent gone away....they've just had a makeover
It's about time to start blocking port 80/443 and move to a new one.
