W3C home > Mailing lists > Public > www-tag@w3.org > December 2013

Re: Unrestricted publishing in EME? Re: DRM, EDE, CDM, W3C and the TAG:

From: Tim Berners-Lee <timbl@w3.org>
Date: Sun, 1 Dec 2013 17:25:16 -0500
Cc: "L. David Baron" <dbaron@dbaron.org>, www-tag <www-tag@w3.org>
Message-Id: <2F425304-B91C-4686-9CE0-26835EFE1359@w3.org>
To: Henri Sivonen <hsivonen@hsivonen.fi>

On 2013-10 -28, at 05:38, Henri Sivonen wrote:

> On Sun, Oct 27, 2013 at 8:27 PM, Tim Berners-Lee <timbl@w3.org> wrote:
>> Can we imagine or design a EME system which instead
>> as usable by anyone as a publisher?
> I find it *very* distressing that you are talking about making DRM
> egalitarian in this sense

Ignoring the other forms below, why *are* you averse to exploring opening up closed platforms?

> rather than talking about making DRM
> egalitarian in the sense of allowing anyone to implement and ship the
> client technology stack royalty-free and without having to get keys
> signed by a particular gatekeeper

That would meet the open platform requirement.
How do you think we should do that?

> or talking about making DRM
> egalitarian in the sense of different suppliers of the non-DRM parts
> of the stack having a level playing field when it comes to integrating
> with the DRM part as opposed to DRM component supply getting coupled
> with the supply of the rest of the client stack.

That is important too, and I'd be happy with an FOSS DRM stack
but people are skeptical that it would have any affect, not getting enough trust
from the content owners.   We can only guess of course.

Suppose we make a condition of EME going though that there be
at least one FOSS implementation - would that help?

> The reason the W3C is even talking about DRM is that the major
> Hollywood studios have decided to require DRM and users want to see
> movies from Hollywood majors so badly that the studios can get away
> with their DRM requirements. That sort of situation doesn't apply to
> all publishers. Not all publishers want to impose DRM and many that do
> aren't publishing content that is in enough demand for people to
> tolerate DRM on that content. From a health-of-the-Web perspective,
> there's no need to make DRM egalitarian in terms of making it readily
> available to all publishers.

You are happy then for Apple to decide what movies you watch on an iPhone,
Sony on a sony device, etc?  
The open platform you may not classify as health-of-the-web but when many
people talk about DRM harming openness, they aren't talking about 
health-of-the-web, but openness of the device.

> Any copyright holder is free to
> participate on the Web already if they don't self-impose DRM.

So using DRM will be the privilege of Holywood alone?
Well, that's a model.

If anyone else puts something on the web, then you think they
will just put it on unencrypted?

Let's take an independent film.
What about say http://www.godlovesuganda.com/ ?
That is not available online from their site.
Clearly they have the ability to put it up on their website without DRM as in http://www.godlovesuganda.com/film/video/
Netflix says: "God Loves Ugandais unavailable to stream"
Maybe that one is too recent, "just in theaters" stage.

Let's look for an earlier one from say http://www.fordfoundation.org/issues/freedom-of-expression/justfilms/film-collection#default

How about the earliest: "The Life and Times of Rosie the Riveter" (1980).
I see online the trailer and a discussion panel on it.
Netflix says: "Life and Times of Rosie the Riveter is unavailable to stream"
iTunes doesn't have it.
Neither is on you-tube.
I guess it is not available online.

Currently they are only shown at theaters, they are off the web.
These may not be good examples. 

> As far as publishing goes, DRM indeed isn't egalitarian in terms of
> applying it to content, but the W3C would *totally* be missing the
> point by being uncomfortable with *that* non-egalitarian aspect of
> DRM. That's like observing that some countries have software patents
> and some don't and making it egalitarian my making all countries have
> them.

Bad analogy. Emotive, but not an analogy.
Is it more like noticing that in some countries a monopoly ice-cream vendor controls all the refrigerated delivery vans, and so you can only buy one brand of ice-cream, whereas if you separate the business of owning refrigerated trucks from the business of making ice-cream, then all kinds of mom and pop ice cream producers can flourish.
Maybe the refrigerated vans are patented -- would you then fight against the idea of allowing the market to open up and would you want us all to stick with the ice-cream monopoly?

> However, even if there is only a little DRMed content that is in broad
> demand on the Web, whether DRM is egalitarian as far as implementing
> and shipping the client technology stack matters for the health of the
> Web. Similar to patents being a problem in term of implementing and
> shipping the client stack even if patents only apply in some
> countries.

Yes.  Do you want to push for an RF stack then?
Modulo concerns about FOSS DRM above.

> DRM client implementation hasn't been egalitarian previously in the
> sense that the DRM parts of Flash Player and Silverlight aren't
> independently interoperable implementable (as evidenced by Gnash and
> Moonlight not having the DRM parts), but at least within the confines
> of each operating system for which Flash Player and/or Silverlight has
> been available, the playing field has been level between browsers in
> the sense of browsers being free to independently interoperably
> implement an NPAPI host. So far, it looks like EME is changing that
> dynamic and making DRM less egalitarian in that sense.

Sorry, explain.   EME will allow plugins too, no?
I understood that that was the intention of at least some players.

>> (Clearly, you might think, this won't work as for a system to be so highly
>> used by both consumers and receivers it would be cracked instantly.
>> But actually DRM is cracked anyway -- you can play anything over an HDMI cable
>> and crack the HDMI cable.[1]  So we are not talking about an uncrackable system
>> anyway. Just one where people will be more inclined to pay for the stream
>> and less inclined to record it.)
> Please see the part about HDCP in
> http://lists.w3.org/Archives/Public/public-html-media/2013Mar/0066.html
> .

I wasn't saying that EME is like HDCP, just reiterating that no 
system is going to be uncracked for long, no content of interet unavailable
on torrent etc.  As you say in your message  0066, it is the DMCA
which blocks that rote for many users, not technology.

>> Can you imagine a system in which there is some protected code
>> but it is is sandboxed so the open source operating system can talk to it?
> Such a system is *imaginable*, sure.

>> Can we while we are at it build a DRM system which is sandboxed so it can't
>> call home, or is prevented from reading any data bout me from my system?
> Technically possible. However, it seems that so far, when robustness
> requirements and privacy concerns have been at odds, robustness
> requirements have had a tendency to win. That is, at least so far DRM
> vendors have had stronger incentives to address robustness concerns
> than to address privacy concerns.
> Please see the part about DRM running on a higher CPU privilege level
> than even the browser-visible kernel in
> https://groups.google.com/forum/#!msg/mozilla.dev.planning/4-svns_uEjA/Hc-eaIfAtUoJ
> .

Indeed.  "but if you aren't the  one controlling the hypervisor, you don't
get to make the rules. " .   

W3C groups sit at the border of technology and policy.  
In some ways we actually define policy every day when we define what headers etc mean, 
in some ways we leave it to government agencies and legislators.  Maybe we should
start to put together a package, that we define a world in which either DRM blogs agree not to abuse user privacy, or we make it so that hypervisor writers or a sandbox system enforces such things.  In some ways, it maybe be easier to define it as a code of conduct.
User pressure in the US or maybe regulation in Europe would then 

>> One of the things I am worried about is that once we allow a EME vendor
>> to install their own unreadable code, then that code could report on my media-watching activity,
> With or without DRM, the streaming service gets to log your media
> watching activity.

True, for streaming, which seems to be the main use case we are talking about.

> Even if you managed to use Netflix through Tor to
> hide the IP address your HTTP requests are coming from and used a fake
> email address for the account registration, you'd still need a credit
> card associated with the user account and credit cards are distinctly
> not anonymous. To solve the problem of media watching you, you need
> not only anonymous networking but anonymous payment, too, or a model
> where the user doesn't need to pay and doesn't need to be identified
> for other purposes (such as targeting ads), either.


> -- 
> Henri Sivonen
> hsivonen@hsivonen.fi
> http://hsivonen.fi/
Received on Sunday, 1 December 2013 22:25:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:00 UTC