Re: Trust

On 2013-10-12 09:27 Mark Watson wrote:
> Let's consider this for a moment. Without making any judgements, we
> can divide existing users into two classes: those who trust Microsoft,
> Google, Netflix etc. to provide software that they run on their
> computers and those who do not. Both groups are fully entitled to
> their respective views.
> 
> For the first group EME does not represent any change with respect to
> this issue - except that the scope of the opaque component will be
> dramatically reduced.

Reduced!?! 

if you go with the approach of the MS-Fraunhofer whitepaper you go:
- from a regular black box browser plugin subject to all the ususual OS 
controls
- to a piece of black box software that is designed to a) talk directly to the 
hardware and b) that is explicitly allowed to lockout the OS (to prevent 
things like screenshots or running in a VM, which would allow copying)

I'd hardly call that a reduction in scope for the opaque component, quite the 
contrary.

> For the second group, since they cannot access any protected content
> today, 

cannot *legally* access protected content (and even that much is untrue in 
parts of the world like the Netherlands where downloading itself is perfectly 
legal)

a fact that makes for a different picture altogether

> they are affected only if content which is unprotected today becomes
> protected in future *as a result of EME*. As I have explained,
> this seems unlikely.

Does it really seem unlikely to you? 

There are governemnt rules that say government-funded web resources need to 
comply to open standards in a lot of places. Those by extention are often 
applicable to e.g. educational resources, or government funded 
television/radio. 
Right now that means that DRM is out, if EME gets passed by W3C, anyone 
wanting to push DRM into those areas can now go "but see it's an open 
standard, so don't worry about it"

This will have exactly the same kind of results as the passing of OOXML by 
ISO, which:
a) Set back the non-lock-in document format movement a decade or so because 
hey, docx now matches the procurement checkbox, on paper anyway, and it wil 
take time to puncture that illusion for everyone involved.
b) it let to widespread loss of trust in ISO as an organisation, and iso-
standards (as evidenced by e.g. [1])

Seeing W3C starting down that same slippery slope, really isn't a welcome 
thing.

> I understand the criticism that we do not provide a solution which
> does not rely on placing trust in an opaque piece of software. 

Any standard that requires trusting an opaque piece of software is clearly not 
complete, as it's lacking a description of how to implement a critical 
component.
Hence any such 'standard' should not pass in an any open standards body (like 
W3C) untill that lack is fixed.

> What I can say is that such a solution would fit right in with the EME
> architecture. So, whilst I understand this as a criticism of existing
> DRM, I don't understand it as a criticism of EME.

The criticism is about "EME as a supposedly open W3C standard", 
much more then it is about EME itself

As you've pointed out EME is just business as usual from the industries 
perspective. 
If the industry wasn't trying to push this as a supposedly open standard 
nobody would care about yet another doomed industry attempt to get a non-
broken DRM-scheme.

However, it's also a complete about face for W3C as a standards organisation, 
we're going:
- from interoperabillity between anything that implements the w3C standards 
correctly
- to a standard where an implementation is functionally useless without the 
consent of the industry, which will allow interaction with only those 
implementations they deem worthy

That last is something W3C has *actively* avoided up till now (as evidenced by 
e.g. the w3C patent policy at [2]), and rightfully so IMO

[1]http://www.groklaw.net/article.php?story=20080901220545193
[2] http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Licensing
-- 
Cheers

Received on Sunday, 13 October 2013 14:04:41 UTC