Bruce Lawson's personal site

A couple of things to bear in mind.

As per http://www.microsoft.com/playready/licensing/faq/, Microsft “offer a unique indemnification policy for our licensees on IP.” What this probably means is that if PlayReady, the MS DRM solution (which is pretty much a de facto standard in the digital video industry) is *broken* (that is: someone works out a way to trivially unDRM PlayReady’d videos (because of a weakness in PlayReady, not by stealing keys) then Microsoft are liable for a huge ton of money because they’ve indemnified licensees against that happening. This means that they are likely reluctant to license PlayReady to new platforms, or without due diligence, or in a way that might make it easier to break, or anything that even increases the attack surface, because there’s that risk of going into the hole for a zillion bucks if it is broken. There’s also little to no motive for MS to open source PlayReady; then they wouldn’t get the licensing money from it. This indemnification is likely one of the reasons that playReady *became* the de facto standard. So, given an open source DRM solution, who’ll indemnify studios against it being broken?

Secondly, the web (assume for the purposes of this that we can talk about “the web” as one consistent entity) could take a more forcing approach. Instead of saying “ok, movie people, what DRM solution would you like that we’re able to implement?” and getting agreement up front, the web could define and decide on a DRM solution that the web’s happy with (that is: open source, able to be implemented everywhere, technically robust) and then say: hey, movie people, this thing already exists on a billion web devices and browsers and machines. You’re really going to try and force your own proprietary thing rather than use this platform with incredible reach that already exists?

Historically, the web’s been reluctant to force things in this way — that’s what evil monopolists do, not our happy-clappy flower-power web. On the other hand, is anyone using image formats that aren’t jpg, gif, or png any more? Forcing works.

However, this breaks down when you stop considering “the web” as a consistent entity. For this to work, all the browser vendors have to get on board with the plan. The history of the video element and mp4 support clearly shows that if browser vendors are given a choice between market share and web openness, at least some will choose market share and user usefulness over openness, and the same debate with the same actions would likely play out over a Hixie-mandated DRM solution. There is distinct competitive advantage in your browser being able to play Hollywood blockbusters when others cannot, and at least some vendors will not give up that competitive advantage if they have a choice.

The agreement came after Disney’s announcement in November 2012, that it would be shutting down its web movie service Disney Movies Online on December 31, 2012.

reminded me about old ways of protecting intellectuall property 😉
http://archive.mises.org/18018/no-wonder-there-was-a-revolution/

[…] as Bruce Lawson highlighted in his blog yesterday, there are numerous obstacles to overcome with DRM and it is not without some considerable drawbacks. One thing that particularly springs to my mind […]

From the EME Draft Specification:

This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems.

It is my opinion that continuing to state that this is DRM in HTML5 is perpetuating a falsehood, and is not too far off from calling the authors of this specification liars. I really wish y’all would stop (please) – take this draft spec at face value (and instead of taking others opinions, try reading it!)

*****
@Isofarro
I too would like to see an Option 3-like solution down the road, and rather than whining about how “data should be free” (this isn’t data, its entertainment), those same smart minds should tackle the engineering problem head-on.

*****
@Anonymous Coward

…the web could take a more forcing approach…the web could define and decide on a DRM solution that the web’s happy with…

In many ways, that is most likely what the authors of the EME are attempting to do*. It is my belief that we are best to support those efforts, rather than chase them off, because frankly their working inside of the W3C is the best bet we have that the solution will be community supported (as opposed to wholly proprietary).

(*NOTE, this Draft spec specifically is not attempting to establish a DRM mechanism at this time – read the spec – although it is setting the stage for a possible DRM solution to be established.)

I would bristle however at any suggestion that Hixie would have a hand in this – however I strongly doubt he would even try (it was, after all, he who committed “DRM is Evil” in writing, when this topic first surfaced). I have very little faith that Hixie actually cares about consensus and true “openness” – he will tolerate “open” so long as if fits his personal vision, otherwise he chases nay-sayers away from his WHATWG club. (Case in point, he scolded Steve Faulkner about pointing the WHATWG list to the discussions around changes to <article>, because, you know, it’s questioning his genius…).

After having seen how the sausage is being made in the W3C standards process and the semi-competing WHATWG, there is pretty much no chance in hell that such a standard would ever be implemented (correctly!) by all major browser vendors – which really makes this a very questionable endeavor.

What’s the point of standardizing on a DRM plugin API anyway? We’ll get some new, stronger flavor of what Silverlight currently is, and then what? It still won’t work on Linux, it will work barely on Macs and as far as the actual DRM is concerned it is trivial at this point to skim the movie content straight off the screen buffer, no matter how it got there.

I can forecast one thing for sure after having been around this block a couple of times: Everybody will be inconvenienced by whatever the DRM suppliers would like to have in browsers and the only people who won’t care are the actual media pirates.

Hi Bruce,

There is no secret that the proposal is in large part related to DRM. But it’s not about defining a DRM system (or “attaching DRM”), it’s about defining a uniform API that can be used to interact with both DRM and other decryption components. That’s also different from defining a plugin architecture for DRM systems. It’s not assumed or required that CDMs will be plugins of any kind.

This spec neither mandates nor expects a plugin, and one use case is that the Content Decryption Module (CDM) can be actual hardware-based, say for example in an IP-aware television (http://www.google.com/tv/). It might also be added to the stack at the OS level in, for example, set-top boxes (http://www.roku.com / http://www.apple.com/appletv/). To therefore take the leap that this will *always* require a plugin is a leap of logic that defies the facts on the ground today.

The problem is that there has been a fair bit of FUD spread around about this proposed bit of technology (a simple API really) due to some moral posturing around whether or not content on the web should be “free”, as if protecting the distribution of, and profiting from a creative work is somehow wrong. I personally cannot accept that presumption.

I also believe that the problem surrounding digital theft is being conveniently swept under the carpet here. From Pirate Bay and isoHunt to 4Shared and Pastebin (and countless others), there is a systematic and widespread theft problem that is rampant on the internet. “DRM” may have its issues (and I accept that there are issues), but until the engineers that decry DRM can come back with a better technical solution, out-right rejection is not (to me) an option. Failing to work on a technical solution leaves open the door to other types of efforts to control this theft, including SOPA and PIPA efforts, which to my mind are far worse than DRM efforts underway. It comes down to choosing our poison.

The font foundries also gave up on DRM, and appear to be thriving.

John,

I think (and I’m trying to not wilfully misinterpret here) that you’re underestimating the problem of having a mechanism for substitutable DRM at all. I’m not too sure about the analogy I’m about to make here, but I think it summarises my thoughts. Imagine that, back in the early days of the web, someone had said: hey, there are loads of different image formats. Let’s provide an Image Format Plugin hook in browsers; then, we’ll be able to have everyone implement support for the image format they prefer, and the market will decide which ones are best. Then, MySpace, who are huge (at that point) invent the MySpace Custom Image Format, convert all the images on their site to use it, and do a deal with Microsoft so that IE ships the MCIF image plugin by default. So people posting images from MySpace on Friendster are posting MCIF images, and those unlucky people running Netscape 4 can’t see those images. The web is split in half. I can imagine Bruce saying, at that point: why, oh why didn’t those early web definers just mandate a couple of formats, like JPEG and GIF? Then we wouldn’t have this problem!

Creating a way to plug in everyone’s existing DRM system to the web is *not* a forcing approach. I’m not suggesting that we stop DRM as a concept. What I *am* suggesting is that attempting to work with existing players in this market has not produced anything that will work with the web. So, the web should implement one DRM system that *does* work with the web — it’s implementable everywhere, it’s documented, it’s not under the aegis of one single company, just as all other actual web technologies are — and then once it’s out there and deployed on a billion devices, then say: hey, people who want to protect their creative output, instead of trying to use ten different systems to do that, just use the web! Just like you do for your website!

Nobody decided to publish albums in iTunes because they thought FairPlay DRM was technically superior. They did it because they wanted *some* DRM as a baseline, and millions of users were already using iTunes. Well, millions of users are already using the web.

+1 – Stuart is completely on point on this one.

A Proprietary DRM player uses Proprietary DRM technology to legally unlock content. Implementing the Proprietary DRM technology requires signing a LEGAL AGREEMENT with the Proprietary DRM technology’s owner. The LEGAL AGREEMENT requires, amongst other things, deliberately limiting what the player can do with the content once it is unlocked e.g. watch for 7 days. So Proprietary DRM imposes controls on the content and the player.

An Open DRM player uses Open DRM technology to legally unlock content. Implementing Open DRM technology by definition doesn’t require signing a LEGAL AGREEMENT, so sandal-wearing open source hippies get to decide what the player can do with the content once it is unlocked e.g. make unauthorised digital copies, which is of course what the DRM system is supposed to be preventing.

So Open DRM is a non-starter for people who are pushing DRM at w3c, because they want to limit what you can do with the content after you’ve bought and unlocked it, which requires controlling the player.

[…] now, I …read more From: fever saved […]

Actually James, I do read follow-up comments.

Question for you: have you bothered to read the EME Draft Specification? Or do you simply take the word of some media and anti-DRM advocates that the sky is falling?

As others have pointed out, one of the goals of rights managements is just that, the ability to manage the contractual rights a consumer enters into with the vendor of digital media (entertainment) – aka Premium Content. Those rights are clear, specific, and detailed: you have the right to view/listen to/consume the media you are licensing (note, *Licensing*, not *Buying*) under an “offer of license“, and you as the consumer have the choice to enter into that contract, or not. It is the content owners however who get to set the terms of that contract (as they own the content), and not the purchaser(*); if you do not like the terms of offer, you can refuse. (This is not unlike purchasing a car or a home except in those types of purchase negotiation, actual negotiation can happen: offer, counter-offer, counter-counter-offer, etc.). The moment you agree to the price however, you are also agreeing to the terms of the contract, so if you “buy” your Game of Thrones DVD for $20.00 (or whatever), then with that purchase you agree to all the other conditions. Read the Fine Print: caveat emptor.

Various *Distributors* of this content, under similar contract to the owners of that content, agree to distribute said content under specific conditions. One of their contractual obligations is to ensure that there is a secure and managed delivery channel, protecting the value and re-sale-ability of that content. The do so using a CDM system, which can and likely will be a closed ecosystem/technology, as there is a need to PROTECT part of that system: Widevine being one such system. However (and this is the really important part) Widevine is not a W3C specification or technology. HOWEVER, with the implementation of EME, *all* browsers can interact with the Widevine system using a common API. How can that be a step backwards?

I get that for a lot of web activists, anything that restricts the end user from manipulating their digital bits and bytes is an affront to their sensibilities. But, please, do remember that the original owner of said bits and bytes have the right to set out the terms of how they share those bits and bytes, and there is absolutely nothing wrong with creating a technology that aids in the enforcement of those rights. The trick, as always, is to make it work as seamlessly as possible for the end user: a goal I believe that EME is setting out to reach.

(* If you are of the mind that this sucks, well, perhaps. But there is nothing illegal or immoral about setting out terms of a contract, as both parties are free to enter into that contract, or refuse to do so. If you really want to change the distribution model, then stop paying for content that uses such contractual models. *DONT* buy Game of Thrones, *DON’T* purchase a Netflix subscription, *DON’T* rent DVD’s, etc. Vote with your feet, don’t whine on about how the W3C is facilitating some kind of evil conspiracy.)

@James. Blog post here: http://john.foliot.ca/drm-at-the-w3c/

Michael,

Thank you for your reasoned, articulate, insightful and lucid response. It is exactly this kind of reaction from knee-jerk anti-DRM zealots that strengthens the pro-DRM proponents’ arguments: those that are against any form of Entertainment Content protection are completely disconnected from the real world.

Given your concerns over the evolution of the web, coupled with your comments regarding the browser wars, might I suggest the following browser solution, which will sidestep all of the issues you seem to have with digital entertainment today: http://lynx.isc.org/lynx2.8.7/index.html

Knee jerk? I hope that you are kidding. Did you read what I wrote? This is reason speaking from the past, before there were people making money off of this, of which I’m one that is trying do do such a thing. I went to your blog. “
…my perspective – without apology
Unrepentant

HTML5
Personal
Random Thoughts
Rants
Web Accessibility

DRM at the W3C? Not such a Bad Idea.”

“The Unpopular Position: Recently, another fear-mongering, not-quite-correct anti-DRM article was posted over at FreeCulture.com. I’ve pretty much had it with the amount of FUD being propagated around the web on this topic, and so against my better judgment (OK, maybe not), I am about to set out and articulate the other perspective.”

You either work for or are vested in those that want vehemently to take away the rights of those that don’t pay you whatever you think your fair share is. Enough said by me, you’re own words speak for themselves.

As for DRM: Yes, I am against it. As for advertising, yes, I am against it. Do you remeber before your daughter “needed” an IPHONE?!? I’m sick of this crap. Enough is enough about controlling my content because you don’t make enough of your billions.

Michael wrote:

“…that don’t pay you whatever you think your fair share is.”

OK, so I guess then that you are against the Free Market economy system. That is your right – I draw the line however when you seek to impose that philosophy on me.

My basic assertion stands: commercial entertainment producers want/need/require a means to limit the theft of their commercial products. The technical work to achieve that user-requirement can and is happening. It can happen in a smoke filled back room, or it can happen in the relatively open-for-scrutiny framework of the W3C. Either way, the work will happen, so choose your path.

I also want to point out that for the majority of law-abiding netizens out there that simply want to enjoy their movie/tv show/etc. today, using existing DRM-enabled solutions such as Flash and Silverlight, their “experience” is both relatively pain-free and simple: for them, it just works. They understand that when they “pay” to watch a Hollywood movie via an on-demand system, that they haven’t “bought” that movie (any more than an admission ticket to the movie theater granted them that same right-of-purchase).

You might not like the way that the Internet has evolved, but then I don’t like the fact that cretinous trolls such as yourself can verbally attack me [sic] via the web for having a different opinion either, but I accept that this is how the web has evolved, controlled by the will of the masses – all of them, not just those who share your particular vision of how the web MUST be.

I’m done.

Yeah, I’m sorry Bruce. I just get really angry at the “lesser of two evils” arguments. I apologize to everyone else as well. Even JF. It was foolish to let such a thing get to me as much as it did. I still happen to think that integrating this into the specs is a bad idea. EME and DRM are the same thing in my mind. Encrypted media extensions vs. digital rights management. Who amongst us can look at those two phrases side by side and not think they are the same thing? There are good uses to encryption, I can’t argue that. Honestly, who here thinks that this isn’t going to be used as a way to make more money for those that have more than they already need or could want? Fine, encrypt your content but stop taking an open spec and manipulating it towards closed. Same thing has happened with governmental power. All of a sudden it’s ok to kill without trial if you are deemed a terrorist. Everyone looks away and yet the action is still illegal but no one that can, will prosecute and no one that wants to can. This is about money and power and no one that would use this isn’t already both in my mind.

Just in case John still reads follow up comments here, I’d like to ask if he could clarify something that looks like a contradiction between two of his comments.

On January 30th he wrote ” It’s not assumed or required that CDMs will be plugins of any kind.” and “This spec neither mandates nor expects a plugin…”

On April 16th he wrote “HOWEVER, with the implementation of EME, *all* browsers can interact with the Widevine system using a common API.”

From my point of view the latter can’t be true if the former is. If Google implements Widevine as part of, say, Chrome, which according to the earlier comment would be an allowed choice, how would any other browser, say Internet Explorer or Firefox, access Widevine?

Has the specification been changed between January and April that made the older comment no longer applicable?