Re: I strongly urge all supporters to reconsider the EME proposal. It is not in your best interests!

On Fri, May 17, 2013 at 11:29 AM, Hugo Roy <hugo@fsfe.org> wrote:

> Le ven. 17/05/13, 09:54, Mark Watson <watsonm@netflix.com>:
> > On Fri, May 17, 2013 at 3:47 AM, Hugo Roy <hugo@fsfe.org> wrote:
> > > What we are discussing here is whether EME should get the W3C
> > > “stamp of approval” which we equate with the “Open Web”. By Open,
> > > it means this is something not discriminating or excluding anyone
> > > regardless of which technology they use.
> > >
> >
> > I can't resist pointing out that you do wish to exclude companies that
> use
> > DRM for content distribution, which is also a choice of technology.
>
> I am not talking about content distribution but about what
> technology web users are using.


I know. Actually I think you mean the consumers of the content. My point is
that the producers of the content are users of the web as well.


> So if you want to distribute
> content in a way that discriminates some web users from other web
> users, you are clearly outside of the scope of what we refer to as
> the “open web”.
>
> You are wrong when you say that I wish to exclude companies that
> use DRM. These companies are entirely welcome to distribute
> content on the Web. They are also entirely welcome to distribute
> content on the open Web, that is, in a way that do not
> discriminate or exclude some users because of technological
> consideration (for instance, a website designed solely for IE6 is
> not “open”.)
>

If the producers technology choice does not align with the users technology
choice, who is "excluding" whom ? Your argument relies on one set of
choices having preferential status, that is all.


>
> > If I understand your position correctly, you believe that the choice to
> use
> > Free software to consume media has more legitimacy than the choice to use
> > DRM technology to distribute it and so that latter group should adapt to
> > the choice of the former. I don't believe the opposite, btw.
>
> My belief regarding this is completely separate from what we
> discuss here; which is a W3C spec for the Web.
>

But your argument above does rely of preferring one choice over the other.


>
> >
> > >
> > > I understand that one of the core argument put forward by the W3C
> > > is that the Open Web is not a synonym for "content free of charge"
> > > (which is a straw-man argument). The W3C CEO made the distinction
> > > between that and "premium content" which was implied to equate
> > > content restricted by DRM, hence justifying EME's approval.
> > >
> > > If I understand you correctly from your previous email to this
> > > group (BTW thank you for moving the discussions here); this is
> > > also your view.
> > >
> >
> > Not quite. I think the web should support content distribution models
> other
> > than those in which the user is granted full rights to do whatever they
> > choose with the content after it has been downloaded.
>
> You have skipped some parts of my emails obviously. The web
> already support content distribution models other than those in
> which the user is granted full rights to do whatever they choose
> with the content. I mean, I would even say that 90% of the content
> distributed on the Web today does *not* give the user full rights
> to do whatever they choose. And that is true also for "premium
> content" which already exists on the web; even sometimes without
> DRM and without proprietary software.
>

My point is that some people believe that to support such distribution
models for *their* content does require technical restrictions. The fact
that some people do not share that belief or even that for a completely
different kind of content most people don't share that belief isn't
relevant. To say that the web "supports" a particular model you have to at
least meet the requirements of the majority of people using that model. And
you can't just put all different kinds of content into one bucket for this
purpose.

Also, others in this debate have argued that because, technically, without
DRM technologies, the user can do whatever they choose with the content
then as a matter of principle they MUST be allowed to do so, explicitly
excluding distribution models which don't grant those rights. I gather you
don't share that position, though.


>
> > For example rental and subscription models. Right now, those who
> > sell content without full rights require technical as well as
> > legal restrictions on the customer.
>
> Maybe. So? They are free to try this.
>
> What does it have to do with a W3C spec, what does it have to do
> with the open web?
>

The W3C can mitigate a number of problems that will occur if it does
nothing.

The main thing which stops browsers deprecating support for plugins (which
is generally agreed to be a good thing) is their continued use for premium
video services.

EME has been criticized as just replacing one plugin mechanism with
another. Certainly CDMs share some properties with plugins (notably that
some will be proprietary closed source) and EME offers nothing new in *those
respects*. But many of the undesirable features of plugins are not shared
by EME. We expect browsers will choose which CDMs to integrate with rather
than offering a general-purpose open plugin-like CDM API. We expect the
privacy and security properties to be better understood and reduced due to
the reduced code size compared to Flash and Silverlight for example.

A solution developed openly in the W3C, where a variety of stakeholders can
have a say, will be better for users than one developed in private and
independently by the different browsers.


>
> > > I think it is important to draw some distinctions here. First, we
> > > need to debunk the straw-man argument. AFAIK no one is claiming
> > > that the Open Web should only be for distributing content free of
> > > charge. Actually, such a requirement would be against the very
> > > principles of freedom that are core to the Web and core to Free
> > > Software (aka Open Source) licenses.
> > >
> > > Now, the second bit of the argument for supporting EME is that
> > > there need to be a place for "premium content" which by that I
> > > suppose means copyrighted films produced by corporations such as
> > > Hollywood studios, that Netflix has to stream.
> > >
> > > But jumping from there to assume that it means we need to have DRM
> > > is a whole other debate.
> > >
> >
> > It's a reality, as you noted above, that technical restrictions are
> > required (by the content owners) for such content.
>
> Can you back up your argument? Because I have got plenty of
> examples of "premium content" where there are no technical
> restrictions taking the forms of DRM. Media websites paywalls are
> one example.
>

What I know is that at Netflix all of the studios from whom we buy content
place this requirement in our contracts with them and that it's not a point
on which they are open to discussion. Now we are only one company, but we
work with a very wide variety of suppliers.


>
> > >
> > > Sure, you say that these companies require DRM and you say they
> > > impose them to Netflix. Well, it's your problem if you cannot
> > > negotiate better terms with them, there are *no reasons* why all
> > > web users should have to bear the costs (directly and indirectly)
> > > of these technological restrictions.
> > >
> >
> > The reason all users (web and app users too) have to bear these costs is
> > because the producers of the content require them to, in exchange for
> > viewing the content. The producers of the content have their own reasons
> > for that, which you could debate with them. What I have a problem with is
> > the idea that they are not entitled to attach (perfectly legal)
> conditions
> > of their choosing to their product offer. Noone has to accept that offer.
>
> Are we not talking about standardisation here, i.e. about making
> things that are aimed at the entire Web? We are talking about
> having CDMs on web users' computers and implementations in web
> browsers, etc.
>
> So yes, we are discussing something that people will have little
> choice not to accept.
>

The spec does not require any particular CDM. I expect that browsers will
offer users the choice to disable the CDMs. If there was demand they may
also offer a version of the browser without the CDMs, for users who don't
want even disabled CDMs on their machines. So, people will have a choice.


>
> >
> >
> > >
> > > Moreover, there are already "premium content" distributed on the
> > > Web, where money is involved and that do *not* require DRM. For
> > > instance, there are a lot of news media where you need to
> > > subscribe and pay a monthly fee. These media are usually not
> > > distributing their article under Creative Commons (which means
> > > you're not allowed to make and distribute copies of it, that would
> > > be copyright infringement). However, they are not imposing DRM on
> > > their users.
> > >
> >
> > Which is fine. I'm missing how the fact that some people distribute
> content
> > without DRM means that all people must.
>
> You're missing the fact that it means DRM is not a "requirement"
> for distributing such content on the web. Which has been an
> argument I have read here.
>

I answered this below.


>
>
> > > That shows that the two issues are actually separate and should
> > > not be bind together to legitimate DRM, as if DRM was a
> > > requirement for having paid-for content on the Web. Because it is
> > > not.
> > >
> >
> > But it is required today for certain models of paid-for content, by
> certain
> > people, for certain content. You could ask whether that set of models,
> > producers, content is important enough to web users to be supported by
> the
> > web. I'd argue that the scale of usage of such content on the Internet
> > today says yes.
> >
> > But I think you are using "required" in some sense of physical or
> economic
> > necessity, rather than the sense of "required by a person". Of course
> there
> > is no physical necessity. As for economic necessity, there's a judgement
> > call there and the people entitled to make that judgement (and indeed
> often
> > required to by their duties to their shareholders) are the owners of the
> > content.
>
> So you need to explain: why should the W3C and the Open Web accept
> to bow to some people and thus impose proprietary software? Your
> argument is that some people impose it to Netflix and others. So
> why should we care?
>

Again, there's no imposing. Everything is optional for both browsers and
users.

We should care because it will be better for users to have these
capabilities provided in a common way across browsers, with open
discussions including of the privacy and security aspects. It will be
better for users to have a model where browsers control and understand the
CDMs and it will be better for users if browser support for plugins can
eventually be deprecated. And I also believe it will be better for the web
if this class of content is provided on the web, even in this restricted
form, than if it is provided only in native apps and through proprietary
plugins. The latter approach will result in more fragmentation, less
platform support, more incompatibility than if we work on EME in the W3C.


>
> > […]
> > Of course they are different. Emmanual clarified that his conditions were
> > not intended seriously, which was obvious, but my point was to
> illustrate a
> > common form of argument that it is ok for authors to impose conditions of
> > access on their content but only if those conditions have some kind of
> > superior moral status.
> >
> > Now, you may be arguing that legal conditions are ok, but technical ones
> > are not, which is a different and less slippery distinction than the
> moral
> > one. But there is clearly not consensus amongst opponents of EME on this.
> > Often it is argued that the technical restrictions are wrong because the
> > legal restrictions they enforce are also wrong in some way.
>
> I would like to know other opinions about this. Isn't there
> consensus amongst opponents of EME here that technical
> restrictions imposed on users are entirely different than legal
> restrictions? Because in one case a computer implements a rule and
> makes the user powerless while in the other case the rule is
> enforced by humans in legal institutions that are here to
> safeguard human rights.
>
> I would be surprised if there is no consensus on that.
>

Obviously. My point was that there is not consensus that this distinction
is the main basis for objections to EME. Some have argued that the legal
restrictions are themselves wrong, and if that is the case the legal vs
technical distinction is moot. But this is not a key point.


>
> >
> > You say DRM restricts what the user can do with the content and then you
> > simply assert that this restriction is unfair.
>
> No, I made an argument to explain that a technical implementation
> of a rule can be unfair when it makes a human being powerless in
> front of a machine of his own. It is unfair because if the human
> has no control over the program running in the machine, the only
> alternative means that the program controls the user, and the
> developers who design the program thus controls the user's
> computing.
>

Only to the extent that the user agrees to this. The program controls what
the user can do *with that program*, but not what the user can do with
their computer.


>
> When it comes to implementing legal rules, I think machines still
> suck and I am glad that we still have humans to take care of the
> law. Humans usually have a better sense of fairness and justice
> than machines.
>

Of course.


>
> > The technical restrictions
> > match the legal ones that the user has freely agreed to.
>
> I don't think most people have consciously agreed to DRM. Nobody
> asked them their opinion before selling a DVD.
>

So, that is a completely new point. I completely agree that it should be
clear to users when they are buying a product which comes with
restrictions, whether those are technical or legal ones. People should know
what they are buying. Including unexpected restrictions is indeed a little
unfair.

Putting the CDMs under the control of browsers provides an opportunity for
browsers to play a role in giving users knowledge and control over the CDM.
Some content providers may be inclined to gloss over this aspect, so
putting browsers in control is an improvement.


>
> > Also, noone is imposing anything on anyone. The contract to receive and
> > view content is freely entered into by both parties.
>
> This would be true if we were not discussing a W3C standard.
>

Hmm, I don't see how the W3C standard makes a difference to this point. The
standard says to browser implementors "if you integrate with DRM, do it
this way". As an extension specification it's not even part of HTML5. The
standard doesn't require any user (or indeed content provider) to use or
even enable this functionality.


>
> > […]
> > I see it as a much weaker statement on the part of the W3C. It's more
> along
> > the lines of the W3C saying to browsers that if they are going to provide
> > support for product offers with terms of the kind we've been discussing
> > (which they are), please do it this way. The alternative is that the W3C
> > says nothing and then we have a worse situation for users in various
> ways.
>
> It would be a worse situation for distributors of DRMd-content. I
> agree. I feel sorry for them, but I fail to see why this should be
> a concern of the W3C.
>

Because, as I said, doing nothing will be worse for users as well.

...Mark


>
> Best regards,
> Hugo
> --
> Hugo Roy | Free Software Foundation Europe, www.fsfe.org
> FSFE Legal Team, Deputy Coordinator, www.fsfe.org/legal
> FSFE French Team, Coordinator, www.fsfe.org/fr/
>
> Support Free Software, sign up! https://fsfe.org/support
>