Re: “Content protection” vs. “DRM” from Jeff Jaffe on 2013-06-17 (public-restrictedmedia@w3.org from June 2013)

From: Jeff Jaffe <jeff@w3.org>
Date: Mon, 17 Jun 2013 09:06:20 -0400
To: Henri Sivonen <hsivonen@hsivonen.fi>
CC: public-restrictedmedia@w3.org, timbl@w3.org
Message-ID: <51BF09CC.30802@w3.org>
On 6/17/2013 4:38 AM, Henri Sivonen wrote:
> On Sun, Jun 16, 2013 at 11:34 PM, Jeff Jaffe <jeff@w3.org> wrote:
>> On 6/16/2013 2:41 PM, Henri Sivonen wrote:
>>> On Sun, Jun 16, 2013 at 5:30 AM, Jeff Jaffe <jeff@w3.org> wrote:
>>>> To clarify, the HTML WG Draft Charter neither mentions DRM or EME. All
>>>> that
>>>> it states is that content protection is in scope for the HTML Working
>>>> Group.
>>> It's unclear to me what distinction the W3C intends to make between
>>> the terms "content protection" and "DRM". To illustrate the
>>> distinction, could you, please, give an example of something that
>>> constitutes "content protection" for digital content but does not
>>> constitute "DRM"?
>>>
>> I did not press the Director for a specific definition, but I will provide
>> my best interpretation.
>>
>> The Web and TV Interest Group brought in a requirement for "content
>> protection" - a level of protection for premium content that meets their
>> needs.  The Director, by declaring "content protection" to be "in scope" has
>> declared that the HTML Working Group should find a solution that meets these
>> requirements and are consistent with W3C policies and practices.
>>
>> I can imagine many potential solutions to content protection, but several of
>> them might fail to either meet the requirements or be consistent with W3C
>> policies.  Here are some examples:
>>
>> 1. The Working Group could propose an entire closed DRM solution. Such a
>> solution would be inconsistent with W3C policies.
>>
>> 2. The Working Group could propose a breakable open source DRM solution that
>> relies on social norms and convenience to encourage people not to break the
>> system.  Such a solution might be consistent with W3C policies (although one
>> would need to see if it could steer clear of patents), but might be deemed
>> inadequate by the group with the requirement.
>>
>> 3. The Working Group could propose a password based access control system.
>> Such a solution would almost certainly be consistent with W3C policies, but
>> it is unlikely that it would be deemed adequate by the group with the
>> requirement.
>>
>> 4. The Working Group could propose an open framework, including APIs, to
>> have a common means to access non-standard CDMs.  This approach (EME) at the
>> moment is getting the most traction in the Working Group.  The current draft
>> still has issues raised against it, and has not yet been reviewed by the
>> Director.
>>
>> I'm sure this is not exhaustive, but hopefully it illustrates that there is
>> a non-trivial design space for the Working Group.
> My reading of the above is that #1, #2 and #4 involve some sort of DRM
> (with the DRM part either inside or outside of a W3C spec) and,
> therefore, don't illustrate a difference between "content protection"
> and "DRM" except to the extent #2 distinguishes "breakable DRM" from
> robust DRM. Password-based access control to all types of Web
> resources has already been developed, so it would be weird for
> "content protection" as a new chartered item to mean #3.
>
> It seems to me that "content protection" is just a synonym for "DRM".
>
I don't agree on two accounts.

a. I don't think it is reasonable to lump all possible solutions into 
"DRM".  Examples of differences are the following:

  * Solution 2, which indeed is a form of DRM, has properties that
    address some (though not all) of the criticisms of DRM solutions. 
    In particular:
     1. As a complete solution which does not rely on plug-ins it
        addresses certain interoperability issues raised with EME.
     2. As a breakable solution, it could address issues with closed
        CDMs that users cannot control content on their machines
  * It is true that simple access control systems (Solution 3) have
    already been developed.  If these do not provide adequate
    protection, a solution space worth exploring is to surround an
    existing system with additional protections.
  * As I said, this list is not exhaustive.  Another approach I've heard
    proposed (although I have not seen in sufficient detail to analyze)
    is a solution called "Streaming" - where the bits are streamed at a
    rate that it is impractical for unpermitted copying.  I've also seen
    high-level proposals for "Watermarking".

b. You are conflating the requirements with the solution.  The Director 
ruled in February that a certain requirement set is in scope and asked 
the Working Group to develop proposed specifications.  The ruling was 
made without an a priori evaluation of all possible alternatives.  To 
your point, it is possible that in the end that the Working Group might 
determine that EME is the best or only solution that meets the 
requirements.  Even if we reach such an evaluation in the end, it does 
not mean that when the Director determined that the topic was in scope 
that he decided on EME or endorsed that solution.
Received on Monday, 17 June 2013 13:06:30 UTC