- From: Danny O'Brien <danny@eff.org>
- Date: Wed, 26 Jun 2013 17:52:35 -0700
- To: Jeff Jaffe <jeff@w3.org>
- Cc: "L. David Baron" <dbaron@dbaron.org>, Tim Berners-Lee <timbl@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Mark Watson <watsonm@netflix.com>, Nikos Roussos <comzeradd@mozilla-community.org>, Norbert Bollow <nb@bollow.ch>, "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>, "coordinators@igcaucus.org" <coordinators@igcaucus.org>, seth@eff.org
On Tue, Jun 25, 2013 at 02:52:33PM -0400, Jeff Jaffe wrote: > On 6/25/2013 1:33 PM, L. David Baron wrote: > >On Friday 2013-06-21 02:42 -0400, Tim Berners-Lee wrote: > >>On 2013-06 -20, at 23:15, Wendy Seltzer wrote: > >>>This is, to me a key question the restrictedmedia group can address: > >>>What is the best way for W3C, starting from where we are now, to make > >>>the world better for users -- whatever your perspective on "better for > >>>users" is. > >>> > >>>For those who don't like DRM, recognizing that W3C likely doesn't have > >>>the leverage to kill it, should we try to slow it down or open it up? > >>>Are there ways we can usefully make the restrictions less onerous > >>>without merely driving their proponents elsewhere? > >>> > >>>For those who like the business models DRM enables, are there ways to > >>>make the encrypted-media content more web-accessible (linkable, privacy > >>>protective, accessible) and to shrink the restrictions on open source > >>>development, to broaden the base of support for these models? >>One principle of the open web is "anyone can publish", > >>Can we design an EME system where that is true, and anyone can > >>publish content using it? > >I think there are other important principles of the open Web that we > >should care about, from the implementation perspective, such as: > > > > * Anybody should be able to build an interoperable implementation > > from the relevant specifications. > > > > * They should be able to do this without paying licensing fees, > > such as for patents. (I think this principle underlies much of > > the W3C's patent policy.) > > > > * They should be able to create an open-source implementation. > > > >Open Web specifications not only allow these things to be true, but > >generally they *ensure* that they're true. (We don't always succeed > >at the first, but we do try, by trying to write specifications that > >are thorough enough.) > > > >While EME allows for abitrary CDMs, and there *could* exist a CDM > >for which these principles hold, EME is far from ensuring that they > >are true, and I expect these principles would not hold for the > >existing DRM systems that EME is likely to be used with. (And I'm > >talking here about an implementation of EME that is usable for > >viewing the Web content that uses the EME specification, not simply > >a conformant implementation without useful CDMs.) > > To strengthen this principle, should W3C or someone try to stimulate > the construction of an open source, patent-free CDM? Would any of > the browser companies be willing to include that in their browser to > try to encourage content owners to utilize it? > (Apologies for not being more involved in this discussion -- travel in Cambodia and illness intervened.) To merge the two parts of this thread, I think that the element of DRM that most people object to is usage control, and with it the idea that the user isn't the person with ultimate control over the user agent. This is why EFF emphasises "usage control" as the term to describe the problem, rather than "DRM", which is used differently by different parties. I think it best to concentrate on usage control, because this is the real bone of contention in this dispute. Thhe usage-control model of DRM isn't necessarily the only model of digital rights management, but it's the one that provides the EME use-cases and requires it as an API. Usage control requires "robustness" in the client (ie it cannot be modified by the end user) and a compliance mechanism (ie the client cannot be re-implemented with additional features which clash with the intention of the content provider). Open source means that the user can modify the code, which breaks robustness. And being patent-free removes the primary method by which most usage-control systems enforce compliance, which is hook IP. The remaining part is just the withholding of material such as a private key -- and if that could be done successfully on its own, the content provider wouldn't have a problem, because they could just "withhold" the content itself. We can't get an open source, patent-free usage-control-based DRM system. We can't get a usage-control-based DRM system without severely limiting general purpose computing systems. That leaves us with other DRM alternatives -- such as watermarking, or interface-based controls (a "don't turn on the Save As..." when the rights management information says not to, for instance). These would be *far* less controversial; but would not require EME as it currently is specificied. Indeed, I don't think they would *need* any changes in the W3C standards, but I may be wrong about that. We would probably need to list out all the alternatives to be sure. Should we be pruning the cc: list on this discussion? d. > > > >I think these principles are important and the W3C shouldn't > >sacrifice them lightly. I also think it's preferable to make an > >exception to them for a specific reason than to abandon them > >entirely. > > > >-David > > > > > -- International Director, EFF | +1 415 436 9333 x150 | 815 Eddy Street, SF, CA 94109
Received on Thursday, 27 June 2013 00:53:11 UTC