Re: “Content protection” vs. “DRM” (was: Re: Letter on DRM in HTML from the Civil Society Internet Governance Caucus)

On Tue, Jun 18, 2013 at 12:13 PM, Olivier Thereaux
<Olivier.Thereaux@bbc.co.uk> wrote:
> On 17/06/2013 09:38, "Henri Sivonen" <hsivonen@hsivonen.fi> wrote:
>
>>It seems to me that "content protection" is just a synonym for "DRM".
>
> If you take "DRM" in its broadest possible meaning, that is an
> understandable confusion. The term is generally used for a specific class
> of content protection mechanisms, though:
> https://en.wikipedia.org/wiki/Digital_rights_management

I understand DRM as technical measures implemented (in hardware,
software or both) on the user's device for the purpose of restricting
what the user can do with content on the user's device and that
typically try to defy scrutiny and modification by the user.

> I actually find it commendable that the EME authors prefer talking about
> "encrypted media" and "secure key exchange", FWIW. Rather clearer and less
> emotionally loaded.

I disagree. I think calling it "encrypted media", while technically
correct, evokes incorrect associations about the threat model. People
go astray when they try to draw analogues between "encrypted media"
and the usual sort of encryption that doesn't treat the communicating
parties as each other's adversaries but treats a third party as an
adversary.

> There are many methods for content protection/restriction, and not all are
> based on encrypted media and encryption key management. Watermarking, for
> example, seems to be the de facto mechanism used by some industries to
> reduce unwanted distribution of content by applying a thin layer of
> technology and a thicker layer of social/legal process.

Categorizing watermarking under "content protection" *might* make
sense if we were trying to understand the term "content protection" in
a general English sense. (Annoyingly, some people even try to dilute
the meaning of DRM by claiming that watermarking is a form of DRM.)
However, in the context of the HTML WG charter an interpretation that
"content protection" is distinct from a synonym of "DRM" because it
also includes watermarking doesn't make sense because, by definition,
watermarking doesn't require explicit support from the file formats.
Therefore, it would be nonsensical to suggest that the charter item is
potentially about watermarking. If the powers that want "content
protection" were satisfied with watermarking, there'd be no need for a
charter item. (Likewise, if the powers that want "content protection"
were satisfied with password-based access control, as opposed to usage
control once access has been granted, there'd be no need for a charter
item, because the Web already supports password-based access control
via HTTP authentication and via cookies.)

-- 
Henri Sivonen
hsivonen@hsivonen.fi
http://hsivonen.iki.fi/

Received on Tuesday, 18 June 2013 13:54:44 UTC