Re: What is the "open web" ?

Sent from my iPhone

On Jun 6, 2013, at 12:27 AM, Hugo Roy <hugo@fsfe.org> wrote:

> Le mer. 05/06/13, 16:29, Mark Watson <watsonm@netflix.com>:
>> Sent from my iPhone
>>
>> On Jun 5, 2013, at 3:19 PM, Hugo Roy <hugo@fsfe.org> wrote:
>>
>>>>>> Since the EME spec doesn't specify the CDMs, someone could certainly
>>>>>> create an open CDM (for whatever definition of open they prefer) and
>>>>>> EME would work with that.
>>>>>
>>>>> This is a dubious statement.
>>>>
>>>> Why?
>>>
>>> I referred to the bit: “for whatever definition of open they
>>> prefer” (I thought it was obvious from the following sentence).
>>> Don't know if "dubious" is really the word I was looking for
>>> though, excuse my French. But I just wanted to emphasise there's
>>> no debate about what's “open source” or not in the context of
>>> software.  This is very much established.
>>
>> The point of my qualification was that my main point is independent of
>> what you think open source means. You can certainly implement EME and
>> a CDM under whatever open source terms you choose.
>
> There is something strange there. It is not about what *I* think
> open source means. The definition of what is Open Source and Free
> Software is very well established.

Your missing my point. You can implement EME under the well
established definition you refer to. And you can implement a CDM under
that definition too. There can be no doubt about those things.

What there is doubt about is what content would be distributable using
such solutions, but this is not a technical or legal issue, only a
business decision.

>
> We even have legal tools (licenses) to clearly draw the line
> between what's open source/free software, and what is not.
>
>> You can certainly implement EME and
>> a CDM under whatever open source terms you choose.
>
> Can you really? You need to define what a CDM is then. Because if
> a CDM can be free software, that means the recipient of the CDM
> can modify the CDM and thus bypass the limitations set forth by
> the CDM

Yes, that would be true of a free software CDM that performed
decryption and decoding itself. A CDM that made use of platform APIs
for decryption/decoding might be more difficult to bypass.

Both could be useful.

>
> If the recipient of the CDM cannot get the source code and modify
> it, that means your CDM *is not* by any definition, Free Software
> or open source, regardless of which licenses we are talking about.

Yes, this is clear.

>
>>
>>>
>>>> There's a trivial existence proof in the clear key CDM. I see no
>>>> reason why there could not be others.
>>>>
>>>> As I said, whether and to whom such CDMs would be useful is a
>>>> different question.
>>>
>>> I think the two questions are not that separate. What does EME
>>> solve, what is it designed for? What would clear key systems
>>> really gain from this?
>>>
>>> If clear key CDM in the context of EME are absolutely useless, it
>>> is a strong hint that EME is actually designed for closed-source
>>> CDM
>>
>> It's frequently claimed that DRM goes too far in controlling usage to
>> align with content license terms. So, presumably, some people would
>> like to see other solutions that do not go so far. I don't know what
>> those might be, but EME provides a place to experiential with such
>> things, over time. Maybe that won't work. Maybe there is a
>> mathematical proof that anything short of DRM as it is today is
>> equivalent to clear key for some kind of equivalence accepted by
>> content producers.
>>
>> The point is that whether a useful CDM can be built in open source is
>> clearly not a technical issue. It depends on the ingenuity of people
>> creating CDMs and the requirements of content producers.
>
> You need to demonstrate how CDM can be “built in open source”
> because the very usefulness of DRM lies in its secrecy,
> obfuscation and restriction of users', all of which are 100% at
> odds with Free Software.

As has often been pointed pointed out, DRM does not make it impossible
for people to make copies of the content. Someone can always point a
camera at a TV screen, buy an HDPC ripper etc.

The question is how difficult it is to obtain a copy, what form is
that copy in, what is the quality of the copy, are there A/V sync
problems etc.

Different content providers may take different views on this question
and so we should not exclude solutions with different properties in
this respect. If no protection at all is acceptable for some content
(and clearly it is) its reasonable to believe there might be a
solution with levels of protection between none and what is today
considered DRM that are useful.

You'll no doubt note my use of equivocal language: maybe, might etc.
I'm sorry for this, but I don't have a crystal ball. I can't predict
how content protection requirements will evolve. As a technologist I
believe we should provide technical support for a variety of future
paths, lest we artificially restrict evolution which might otherwise
happen.

Finally, as noted above, on some platforms it may become possible to
implement a FOSS CDM that makes use of platform APIs. Of course this
will not be very interesting to you since such a thing is merely a
shim between EME API and very similar looking OS API and what lies
below the OS API may not be Free.

...Mark
>
>
> --
> Hugo Roy | Free Software Foundation Europe, www.fsfe.org
> FSFE Legal Team, Deputy Coordinator, www.fsfe.org/legal
> FSFE French Team, Coordinator, www.fsfe.org/fr/
>
> Support Free Software, sign up! https://fsfe.org/support

Received on Thursday, 6 June 2013 09:28:14 UTC