EME & DRM: What does it mean for end-users from Paula Simoes on 2017-02-28 (public-security-disclosure@w3.org from March 2017)

From: Paula Simoes <paulasimoes@gmail.com>
Date: Tue, 28 Feb 2017 14:12:46 -0800
To: public-security-disclosure@w3.org
Cc: amy@w3.org
Message-ID: <CAA3W1AifaoUmy-FWvB9EYXCtRxKt2QsO8y29Uj4NPhfU28kEdg@mail.gmail.com>
Dear all,

I was discussing the EME & DRM issue on Twitter and was given this email
address to send you our concerns about the approval of the EME development
regarding end-users, where we include teachers, students, academic
researchers and citizens.


Points of Clarification

1. We understand that EME is not DRM;
2. We know we already have DRM on the browsers for some years;
3. We also understand that is difficult for companies to implement
platforms that use DRMed content;
4. We understand that EME will make it easier for companies to use DRMed
content;
5. We know DRM is a legal problem, but that's not our issue with W3C
decision;
6. We know W3C cannot make or change the law. Please don't take offense,
but actually this is a good thing. Laws should only be made/changed by
those who were elected by the citizens. W3C members were not elected by the
citizens, they only represent themselves and/or those that chose to be
affiliated.


I’m assuming we all know copyright is a negative and an exclusive right
and, because of that, lawmakers also created exceptions to copyright in
order to ensure citizens’ fundamental rights to privacy, education, freedom
of expression, information, culture, etc. [1].

DRM prevents citizens from doing these copyright exceptions. Because of the
way the law was designed, every time a company uses DRM in a content, they
are preventing users to exercise their fundamental rights (privacy,
education, freedom of expression, information, culture, etc.).

So, when W3C is making it easier to companies to use DRMed content on the
web, W3C is helping these companies to prevent citizens from exercising
their fundamental rights.

Also, people don’t use the best, they use the easiest. Now DRMed content on
the web is contained. The minute you make it easier, DRMed content will be
spreading all over the Web.

In a text published by W3C[2], W3C talks about DMCA and EU Copyright
Directive, saying "they include provisions to prevent circumvention of DRM,
with selected exemptions.”

I don’t know one single European country where these exemptions work. I can
describe what is happening in Portugal.
Imagine I want to use three or four minutes of a movie (to which I have
legal access to) to introduce a subject to my students. So, I want to
insert this movie excerpt in our Learning Management System and I want to
instruct my students to watch it and then to answer the questions I put on
the forum, where I’ll be moderating the discussion.
Does the law allow me to do this?
The law allows me to make this educational use, but there’s no way I can
make this educational use without breaking the movie’s DRM, and the law
does not allow me to break DRM in any circumstance.
The law tries to solve this by tell me that instead of breaking the DRM, I
need to go to IGAC (a Portuguese public entity) and ask them for "the means
of benefiting from that exception or limitation”, in this case, the means
of benefiting from the educational exception.
So I go to IGAC and ask them for these “means”. They tell me they don’t
have any because rightholders didn’t deposit these "means” there.

Recently, rightholders representatives went to the Portuguese National
Parliament and explained to the Parliament they don’t deposit those “means”
in IGAC because the companies that are putting DRM on rightholders’ content
don’t give rightholders those “means”. They also told the Parliament
there’s no way rightholders (or even the Parliament) can force those
companies to comply with this kind of request.

Well, some of those companies are W3C members.

So, I’m forced to conclude that when W3C mentions exemptions, W3C must know
they don’t work, W3C must know they don’t really exist because the only way
these exemptions can work is if the said W3C members make them work and
they are not doing it.
I’ve been following DRM policy for some years, and still don’t know of any
European country where these exemptions are really working, so if you know
about an European country where these “exemptions” you talk about are
working and how are they working, I would be really, really grateful if you
could point them out to me.

As I said before, the problem with DRM is legal and we’re trying to solve
it at policy level. We're talking with politicians, they are starting to
realise the law was ill-designed and some of them are starting to change
the law. Last year, a law proposal to solve the problem entered the
Portuguese Parliament, it’s still under discussion, we don’t know if it’s
going to be approved.

W3C’s director, Sir Tim Berners-Lee, said "No one likes DRM as a user,
wherever it crops up”[3]. This is true, but it is not the problem here. The
problem here is that DRM prevents users from exercising their fundamental
rights.

If the law allowed users to break DRM of the content they have legal access
to, for the purpose of exercising their fundamental rights, meaning, for
users to do what the law says they can do, and only what the law says they
can do, for instance in copyright exceptions, we wouldn’t be opposing EME.
We still wouldn’t like DRM, EME would still be helping companies to spread
DRMed content on the Web, but we wouldn’t feel betrayed by W3C’s decision,
nor this decision would be a bad decision, because users’ fundamental
rights were guaranteed.

Sadly, this is not the case, so the W3C’s decision of pushing EME forward
is taken in a context that means W3C will be helping companies to stop
citizens from exercising their fundamental rights to education, privacy,
freedom of expression and all the other rights copyright exceptions try to
guarantee[1]. This is not putting users first.

We're not talking about things users like to do, but things users need to
do. If you go through the exceptions in article 5 of the EU Copyright
Directive[1] you’ll see that without those exceptions we can’t learn, we
can’t teach, we can’t criticise, we can’t review or express ourselves, we
can’t do scientific research, we can’t inform nor be informed, and
libraries, museums, schools and archives can't do their jobs. We’re
constantly using these exceptions. Even in a simple act of communication,
like this email. Until now, in this email, I’ve used a copyright exception
twice.

There’s another pernicious consequence of flooding the web with DRMed
content: citizens get used to it, thinking they have none of these rights,
up to a point where they stop asking for them.

The conflict we have here is between user’s fundamental rights on one side
and companies wanting to use DRMed content on the other. For me it’s an
easy decision, I can’t think of another right more important than the right
to freedom of expression, or to education, or to privacy or any other right
listed in the copyright exceptions. Also, without these exceptions we
wouldn’t have creativity and innovation.

But I’m in good faith here, maybe there’s a more important right related
with DRM. So, at this point we need to ask: why these companies and
rightholders want to use DRM?

The first argument, the one that convinced politicians to give legal
protection to DRM, was "DRM is commonly used to ensure that products
(videos and other media) are not stolen or copied”[4].

I must confess I was really disappointed seeing W3C publishing this
sentence. W3C is not citing rightholders, it is saying this and it is even
using rightholders propaganda vocabulary. “Stolen” is not a rigorous term,
because it is not really the case[5]. Also, W3C says “stolen or copied” as
it was the same thing, as both were wrong to do. I worry about this
demonisation of copying because we start learning by copying (children
learn how to write by copying, first characters, then words, sentences and
finally whole texts; the most creative professions start with copying; I
grew up in an University City and every September/October we would see 1st
year students of architecture sitting on the streets drawing buildings and
streets, actually copying what they saw, the same with artists).
Even the Web only works with copies, you don’t go to a website, your
browser makes a temporary copy of it in what is called “cache”. We actually
have a copyright exception for this (See EU Copyright Directive article 5,
point 1).
There are very few situations where a copy is illegal, usually what is
illegal is what you do with the copy (you can’t share it, or lend it to
your friends, or sell it), not the copying act on itself.
Also, all European countries have a copyright exception for private
copying. And it’s not gratis: every time a European citizen buys a
computer, a smartphone, a USB disk, a printer or any other kind of
electronic device, he pays more than the price and the difference goes to
the rightholders as a “compensation” for a “possible harm” done by private
copying that actually no one ever proved it exists. In a small country like
Portugal, rightholders are getting up to 15M€ per year only on these levies.
Of course, there’s no way you can make a private copy without breaking DRM:
once more DRM stopping citizens from exercising their rights. But we still
pay.

Back to the argument. Does DRM ensure that products are not pirated? No.
If this was true, we wouldn’t have DRMed content being shared online
without authorisation. Until 2008, CDs and digital audio had DRM. Didn’t we
have music piracy? Didn’t Napster and Pirate Bay exist? Yes, we did, and
yes, they did.
We still have DVD, Cable TV and Netflix using DRM. Don’t we have video
piracy? Yes, we do.

One can’t have it both ways. Either one defends DRM ensures products are
not pirated and one has to acknowledge there’s no piracy or piracy is
minimal; or one recognises there’s piracy and can’t defend DRM stops it.

And how are rigthholders dealing with piracy? They’re taking down and
blocking content and websites. Are they being successful? More than
successful: they’re taking down and blocking content and websites they have
the right to take down and block. But they're also taking down and blocking
content they have no right to take down or block.

Now, we have to ask: is DRM helping rightholders taking down content? No.
Even if there was no DRM, rightholders would still be taking down and
blocking content and websites.

So, W3C is trading user’s fundamental rights for something that doesn’t
even work nor helps fighting piracy.

Look what happened with the music industry: DRM was so messy, worked so
bad, with Sony Rootkit, with CDs not playing in certain players, that the
music industry was forced to abandon DRM.

But W3C could solve this in a very simple way, telling those who want to
push forward EME that right now DRM stops users from exercising their
fundamental rights; so W3C would put EME on hold until users’ fundamental
rights are guaranteed. That way, W3C could say it’s not its responsibility.

But this is not all. Besides helping companies stop users from exercising
their fundamental rights, W3C is also weakening those that are trying to
convince politicians to guarantee citizens' fundamental rights.

What will happen is that politicians will know that this organisation,
called W3C, that is supposed to maintain and take care of the Web, is
making it easier for DRMed content to spread on the Web. They will not know
that’s called EME, they will not know how it works, but they will know that
the goal is to make it easier for DRMed content to spread on the web. And
what they will think is that if this organisation, that supposedly takes
care of the Web, is doing this, then DRM cannot be so bad and they’ll not
change the law.

Of course, W3C can do whatever it wants to do. But, like rightholders, W3C
can’t have it both ways: you can’t make it easier for DRM  to flood the Web
and at the same time expect users not feel this as a betrayal, or that
users will not realise that it is not “users first" anymore.

If you managed to get to this line, thank you so much for reading me.
Also, thank you for your work on the Web.
It was a great journey.

My best regards,
Paula Simoes


[1] You can see all these exceptions in the article 5 of the European
Directive (check points 2 and 3)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001L0029:EN:HTML

[2] Information about W3C and Encrypted Media Extensions (EME) March 2016
https://www.w3.org/2016/03/EME-factsheet.html#is-w3c-keeping-drm-alive
[3] Sir Tim Berners-Lee Text
https://www.w3.org/blog/2013/10/on-encrypted-video-and-the-open-web/
[4] W3C text https://www.w3.org/2016/03/EME-factsheet.html#drms
[5] Kal Raustiala and Chris Sprigman “Copying Is Not Theft"
http://freakonomics.com/2012/04/02/copying-is-not-theft/


—
paula simoes
Portuguese Association for Free Education
http://ensinolivre.pt
http://about.me/paulasimoes
Received on Wednesday, 1 March 2017 12:15:25 UTC