W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2013

RE: Technical Review of EME (DRM in HTML5)

From: Fred Andrews <fredandw@live.com>
Date: Fri, 8 Feb 2013 12:35:26 +0000
Message-ID: <BLU002-W149540DBD42EAD1BF9F0B23AA050@phx.gbl>
To: Christine Runnegar <runnegar@isoc.org>
CC: W3C Public Privacy <public-privacy@w3.org>


> From: runnegar@isoc.org
> Date: Fri, 8 Feb 2013 10:35:06 +0100
...
> Thank you Fred.
> 
> As we are trying to bring this discussion into the Privacy Interest Group (PING), it would be very helpful if you could concisely set out the issues on this email list.

It will take some work to develop a concise list of issues.

The fundamental issue might be that in order for EME to be effective it requires that the user forfeit some control over their own computer.

When users forfeit control there is a risk of them losing some control over the security of their private state.

Users of open source software are not going to forfeit control over part of their computer making the standard impractical for general use.

The use case of delivering high value video content seems reasonable, however forfeiting control over your computer is a slippery slope. The same arguments being used to sell the EME could just as well apply to DRM of general HTML web content, and even within the scope of EME it would be possible to implement an entire HTML web browser within the CDM and this web browser would have protected access to the pixels on your monitor and to your operating system.

DRM is enforced via harsh legal sanctions which would make criminals of developers and users of web browser extensions.  It would be illegal to block tracking elements, block scripts, block ads, use mashups, etc.

DRM would drastically increase the ability of content authors to dictate terms of use.  For example, a web site could enforce the viewing of ads and the non-blocking of tracking elements.

I do not believe it is worth it just to support an entirely frivolous industry.  I would rather a world without 'high value' [sic] video content than a world in which people live in fear of their own computer and feel helpless to control their own security and privacy.

If you discount such fears or go not think they are useful then we could focus on specific threats related to DRM video, such as the inherent ability of the CDM to call home and monitor your viewing.  Even if you are offline and use a stored key, the CDM can store state and covertly leak it when you revisit a website.

cheers
Fred

 		 	   		  
Received on Friday, 8 February 2013 12:35:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 8 February 2013 12:35:54 GMT