On EME in HTML5
Author(s) and publish date
- By:
-
-
Tim Berners-Lee
-
- Published:
The question which has been debated around the net is whether W3C should endorse the Encrypted Media Extensions (EME) standard which allows a web page to include encrypted content, by connecting an existing underlying Digital Rights Management (DRM) system in the underlying platform. Some people have protested “no”, but in fact I decided the actual logical answer is “yes”. As many people have been so fervent in their demonstrations, I feel I owe it to them to explain the logic. My hope is, as there are many things which need to be protested and investigated and followed up in this world, that the energy which has been expended on protesting EME can be re-channeled other things which really need it. Of the things they have argued along the way there have also been many things I have agreed with. And to understand the disagreement we need to focus the actual question, whether W3C should recommend EME.
The reason for recommending EME is that by doing so, we lead the industry who developed it in the first place to form a simple, easy to use way of putting encrypted content online, so that there will be interoperability between browsers. This makes it easier for web developers and also for users. People like to watch Netflix (to pick one example). People spend a lot of time on the web, they like to be able to embed Netflix content in their own web pages, they like to be able to link to it. They like to be able to have discussions where they express what they think about the content where their comments and the content can all be linked to.
Could they put the content on the web without DRM? Well, yes, for a huge amount of video content is on the web without DRM. It is only the big expensive movies where to put content on the web unencrypted makes it too easy for people to copy it, and in reality the utopian world of people voluntarily paying full price for content does not work. (Others argue that the whole copyright system should be dismantled, and they can do that in the legislatures and campaign to change the treaties, which will be a long struggle, and meanwhile we do have copyright).
Given DRM is a thing,...
When a company decides to distribute content they want to protect, they have many choices. This is important to remember.
If W3C did not recommend EME then the browser vendors would just make it outside W3C. If EME did not exist, vendors could just create new Javascript based versions. And without using the web at all, it is so easy to invite ones viewers to switching to view the content on a proprietary app. And if the closed platforms prohibited DRM in apps, then the large content providers would simply distribute their own set-top boxes and game consoles as the only way to watch their stuff.
If the Director Of The Consortium made a Decree that there would be No More DRM in fact nothing would change. Because W3C does not have any power to forbid anything. W3C is not the US Congress, or WIPO, or a court. It would perhaps have shortened the debate. But we would have been distracted from important things which need thought and action on other issues.
Well, could W3C make a stand and just because DRM is a bad thing for users, could just refuse to work on DRM and push back wherever they could on it? Well, that would again not have any effect, because the W3C is not a court or an enforcement agency. W3C is a place for people to talk, and forge consensus over great new technology for the web. Yes, there is an argument made that in any case, W3C should just stand up against DRM, but we, like Canute, understand our power is limited.
But importantly, there are reasons why pushing people away from web is a bad idea: It is better for users for the DRM to be done through EME than other ways.
- When the content is in a web page, it is part of the web.
- The EME system can ‘sandbox’ the DRM code to limit the damage it can do to the user’s system
- The EME system can ‘sandbox’ the DRM code to limit the damage it can do to the user’s privacy.
As mentioned above, when a provider distributes a movie, they have a lot of options. They have different advantages and disadvantages. An important issue here is how much the publisher gets to learn about the user.
- If they sell a DVD or Blu-ray disk, they never get to know whether the user watches it. From the user’s point of view they can watch each bit of it as many times as they like without the feeling they are being watched.
- If they put it on the web using EME, they will get to record that the user unlocked the movie. The browser though, in the EME system, can limit the amount of access the DRM code has, and can prevent it “phoning home” with more details. (The web page may also monitor and report on the user, but that can be detected and monitored as that code is not part of the “DRM blob”)
- If they put it on an app in a closed system like an iPhone, then they get to make whatever DRM they like. They also get to watch exactly how and where the user watches which bits of the movie. If they can persuade the user to allow them other access, such to the user’s calendar, they can completely profile the user, and correlate this with their movie-watching habits.
- If they distribute it using an app on an open system like Android or Mac OS X, then they can get the same feedback as on an iPhone app. However as the OS is not a locked-down system, the app may be able to further abuse the user, by possibly exfiltrating further information, and also like, in theSony Rootkit case, installing spyware on the system.
- If they distribute it with their own closed system, like a game console or a set-top box, then the user is protected from spying on their computer. The publisher has complete control of information which is sent back about the user’s play and pause, and so on. The user has no way though to have this as part of their connected web life. There are no links in or out.
So in summary, it is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient, and one which makes it a part of the interconnected discourse of humanity.
I should mention that the extent to which the sandboxing of the DRM code protects the user is not defined by the EME spec at all, although current implementations in at least Firefox and Chrome do sandbox the DRM.
Spread to other media
Do we worry that having put movies on the web, then content providers will want to switch also to use it for other media such as music and books? For music, I don’t think so, because we have seen industry move consciously from a DRM-based model to an unencrypted model, where often the buyer’s email address may be put in a watermark, but there is no DRM.
For books, yes this could be a problem, because there have been a large number of closed non-web devices which people are used to, and for which the publishers are used to using DRM. For many the physical devices have been replaced by apps, including DRM, on general purpose devices like closed phones or open computers. We can hope that the industry, in moving to a web model, will also give up DRM, but it isn’t clear.
We have talked about the advantages of different ways of using DRM in distributing movies. Now let us discuss some of the problems with DRM systems in general.
Problems with DRM
Much of this blog post is W3C's technical perspective on EME which I provide wearing my Director's hat - but in the following about DRM and the DMCA, that (since this is a policy issue), I am expressing my personal opinions.
Problems for users
There are many issues with DRM, from the user's point of view. These have been much documented elsewhere. Here let me list these:
- Fair use of the material is not possible, such as excepting for commentary, educational purposes, and so on
- This prevents remixing into derivative works
- The user cannot take a backup copy
- Having a DRM blob in one’s computer is a security threat, in that it could attack the machine
DRM systems are generally frustrating for users. Some of this can be compounded by things like attempts to region-code a licence so the user can only access when they are in a particular country, confusion between “buying” and “renting” something for a fixed term, and issues when content suppliers cease to exist, and all “bought” things become inaccessible.
Despite these issues, users continue to buy DRM-protected content.
Problems for developers
DRM prevents independent developers from building different playback systems that interact with the video stream, for example, to add accessibility features, such as speeding up or slowing down playback.
Problems for Posterity
There is a possibility that we end up in decades time with no usable record of these movies, because either their are still encrypted, or because people didn’t bother taking copies of them at the time because the copies would have been useless to them. One of my favorite suggestions is that anyone copyrighting a movie and distributing it encrypted in any way MUST deposit an unencrypted copy with a set of copyright libraries which would include the British Library, the Library of Congress, and the Internet Archive.
Problems with Laws
Much of the push back against EME has been based on push back against DRM which has been based on specific important problems with certain laws.
The law most discussed is the US Digital Millennium Copyright Act (DMCA). Other laws exist in other countries which to a greater or lesser extent resemble the DMCA. Some of these have been brought up in the discussions, but we do not have an exhaustive list or analysis of them. It is worth noting that US has spent a lot of energy using the various bilateral and multilateral agreements to persuade other countries into adopting laws like the DMCA. I do not go into the laws in other countries here. I do point out though that this cannot be dismissed as a USA-only problem. That said, let us go into the DMCA in more detail.
Whatever else you would like to change about the Copyright system as a whole, there are particular parts of the DMCA, specifically section 1201, which put innocent security researchers at risk of dire punishment if they are deemed to have thrown light on any DRM system.
There was an attempt at one point in the W3C process to refuse to bring the EME spec forward until all the working group participants would agree to indemnify security researchers under this section. To cut a very long story short, the attempt failed, and historians may point to the lack of leverage the EME spec had to be used in this way, and the difference between the set of companies in the working group and the set of companies which would be likely to sue over the DMCA, among other reasons.
Security researchers
There is currently (2017-02) a related effort at W3C to encourage companies to set up ‘bug bounty” programs to the extent that at least they guarantee immunity from prosecution to security researchers who find and report bugs in their systems. While W3C can encourage this, it can only provide guidelines, and cannot change the law. I encourage those who think this is important to help find a common set of best practice guidelines which companies will agree to. A first draft of some guidelines was announced. Please help make them effective and acceptable and get your company to adopt them.
Obviously a more logical thing would be to change the law, but the technical community seems to have become resigned to not being able to positive effect on the US legislative system due to well documented problems with that system.
This is something where public pressure could perhaps be beneficial, on the companies to agree on and adopt protection, not to mention changing the root cause in the DMCA. W3C would like to hear, by the way of any examples of security researchers having this sort of problem, so that we can all follow this.
The future web
The web has to be universal, to function at all. It has to be capable of holding crazy ideas of the moment, but also the well polished ideas of the century. It must be able to handle any language and culture. It must be able to include information of all types, and media of many genres. Included in that universality is that it must be able to support free stuff and for-pay stuff, as they are all part of this world. This means that it is good for the web to be able to include movies, and so for that, it is better for HTML5 to have EME than to not have it.
TimBL
The fact that the CDM (DRM code in the article) is not part of the standard means the promise of interoperability is false.
And the fact that CDM sandboxing is not defined means you allow for a race to the bottom in terms of end-user security.
Nobody wins here.
> Nobody wins here.
Users, web developers, security researchers and most browser vendors do not win here. Agreed.
But in the short term, archaic content industries that lack the agility to develop modern business models do win here. At the expense of everyone else.
Also, browser vendors like Google who succeed in getting their CDM implementation blessed also win.
Would Mozilla be interested in specifying sandboxing, then?
Of course: https://www.w3.org/Bugs/Public/show_bug.cgi?id=20944. As you might have heard from Wendy, the group is pretty good at dismissing feedback.
Anne
Bug 20944 asked for work that was out of scope of the current HME WG charter.
See the EME GitHub issue that Bug 20944 was transitioned to:
https://github.com/w3c/encrypted-media/issues/192#issuecomment-219805449
Note that I am NOT making any statement about whether the community or W3C would want to do this kind of work in the future.
/paulc
W3C HME WG Chair
And Microsoft is at the front of that "race to the bottom" giving CDMs low-level access to the system in exchange for providers permitting higher quality content.
Put a controversy note within the spec itself, perhaps citing this blog post. That way the controversy is kept alive rather than just gliding past as a win for the DRM-folks.
Agree.
Without EME the web will be subject to proprietary apps. With EME the web will be subject to proprietary apps. In what universe is that a valid argument for EME?
Why is it the W3C's job to decide how content distributors should make money? The DRM pushers can invent their own damn protocol. We're going to see a lot of standards-breaking proprietary stuff either way, like Roman says. It's better for the W3C to be able to remain true to the goal of openness rather than heading down the path of encouraging EME. Remember the bad old days of ActiveX?
My browser starts downloading random x86 Linux and Windows binaries and trying to run them, this is progress.
Sandboxing (which is outright disabled on 'lower tier operating systems' like the one I use) is perfect and will never fail us.
Next it will demand that my monitor and GPU driver support DRM-content-playing (yes that's a thing - HDCP), so much for having an open source driver, or open source hardware.
The difference between a DRM program in an OS and one in a browser isn't the lack of sandboxing. it's the fact I can completely opt out of it.
Many programs I run on my OS are better sandboxed than anything a browser does by default. It can't use chroots. it can't do read-only null mounts. etc.
If you are a United States resident, you should consider contacting the FTC complaint line as they are likely doing things that violate the Sherman Antitrust Act and other consumer protection laws. The DMCA does not authorize such abuses, so the entertainment industry needs to be held accountable and brought to justice for their monopolistic practices.
"The web has to be universal, to function at all."
Which, with EME, it won't be. There will be a return to "Best viewed with browser X" for those sites which present DRM encumbered content which will only work in "approved" browsers / operating systems. If this kind of walled garden is created outside the w3c spec (as it historically has been), it is an inconvenience, but when it is explicitly endorsed as part of the spec, it is explicitly the end of the open web.
It feels like Tim Berners-Lee has been presented with a decision where his choice will either see him being viewed as unprincipled or irrelevant, and the fear of irrelevance has won out.
Here is the major problem with the whole EME that is never discussed: proprietary blobs (no I'm not talking about the decryption modules) included in _browser code_ that require browser developers to "maintain a relationship" with CDM vendors. This effectively silos web browsers, and therefore the web.
------------------------
> For a browser to support a CDM, is a developer required to write CDM-specific browser code?
Yes. Not just that, but for actual CDMs on the market the developer is also required to work with the CDM vendor to accept that particular browser as a trusted enough party.
This is because CDMs are supposed to prevent the decoded data being captured, so they must either handle their own on-screen display or do so via an intermediary they trust. See also the "What does this mean for downstream users of the Firefox code base?" section of https://hacks.mozilla.org/2014/05/reconciling-mozillas-missi... and note that in the setup described there the CDM basically bakes in some sort of signature of the actual browser _binary_ that it's willing to work with. So just compiling the same, or worse yet slightly modified, source is not enough to get something that works with the same CDM
------------------------
See this thread and particularly note the replies by bzbarsky, a Firefox dev.
https://news.ycombinator.com/item?id=11679552
The idea that w3c would be interested in encouraging this kind of situation is unfathomable. How myopic is this group?
Seems the future of web is DARK... :(
...trying to make digital files uncopyable is like trying to make water not wet.
- Bruce Schneier
Craven, gutless, self-serving garbage. You blessed EME because you were frightened your little club would not receive corporate funding if you did not. As did Mozilla before you. I'm disgusted with you. Now you're on your knees, do you really think they will stop with DRM ?
To quote "A Man For All Seasons":
"For Wales? Why Richard, it profit a man nothing to give his soul for the whole world.. but for Wales!"
I believe Zak Rogoff at defectivebydesign.org has put it rather well:
> This argument relies on a false dichotomy between wiping DRM from the face of the Earth, and giving it his stamp of approval. Of course, a refusal to ratify could not immediately stop the use of DRM, but it could meaningfully weaken the position of DRM in the court of public opinion, and put EME proponents Netflix, Microsoft, Apple, and Google on notice that a very prominent figure was willing to stand up to them on behalf of users.
And in particular:
> Changes in society's technological infrastructure require political movements, not just technological arguments, and political movements benefit greatly from the support of prominent figures.
Dear Mr. Berners-Lee, first of all, you appear to be fronting a false dilemma here. W3 has a sway with the heaveweight industry players, that's the third choice you did not describe at all. By merely opining the right thing to do, and standing behind it, you are affecting things. Turning up the contrast to just illustrate how W3 has no direct authorative or directly decisive power over anything, is misleading and insulting. We don't expect W3 to dictate the development of the Web alone, but for it to just throw what is effectively a "blank" vote like that, is at best very disappointing.
We owe you for the Web, and somehow also for much that has come since with it, but let's all be realistic and allow critique where it's due.
When HTML pages themselves become subject to DRM restrictions under EME... what then? TBL does not seem to entertain that dark possibility.
1) EME does not enable DRM for HTML, only for the video stream, so this is not an argument against EME.
2) Well, the way to do that would be for example to go back to Flash - but why would people want to do that? They moved away from flash to open html, for several reasons.
As the author of Video.js, I would very much not like to go back to Flash or proprietary apps. Both are terrible for accessibility (even despite regulations). The web allows us to discuss, develop, and share accessibility solutions openly, bringing content to users that may never be able to experience it if it were left up to regulations to be created and enforced.
While it was hinted otherwise in the article, better accessibility is still very much possible even when using EME.
To quote your own article
"Do we worry that having put movies on the web, then content providers will want to switch also to use it for other media such as music and books? ... For books, yes this could be a problem..."
To suggest that a block of text could very well be subject to w3c endorsed DRM, if it is described as a book, but there is no reason to think that a block of text would be subject to the w3c endorsed DRM, if it is described as an HTML page, is, quite frankly, ridiculous.
Are you really so naive as to believe that this demand for DRM will end with just video and nothing else? News sites will want their stories protected with DRM. Any site that publishes any kind of story online will want it protected with DRM. Adult publishers like Perfect 10 and ALS Scan will want all their photos protected with DRM. They've already sued Google for indexing their images, you don't think they'll be chomping at the bit to get DRM added for images?
Once added to the official standard, DRM will spread like a plague. In case you haven't noticed, the copyright industry is NEVER satisfied. They want literally EVERYONE to help protect their business model. They've even gone so far as to get copyright propaganda taught in kindergarten classes. Do you really this will end with just video being subject to DRM?
What will the web look like when everything is locked down and nothing can be saved or copied?
Any way you try to spin it, this is just bending over and taking it up the a** for the corporations.
in "Problems for developers" section, you mentioned that DRM prevents independent developer to "add accessibility features, such as speeding up or slowing down playback."
the "video" element "playbackRate" property can be changed to achieve the above and it works on DRM enabled browsers like Chrome, Safari, Edge.
Could you please provide some more details regarding this point ?
>If EME did not exist, vendors could just create new Javascript based versions
I'm sorry, but how is that worse? It doesn't forces you to use proprietary blobs (and they ARE proprietary blobs) that will never work if you compile existing browser by yourself (at least solution by Adobe picked by Mozilla: https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/ ) (you need to provide Mozilla's or "bit-identical to Mozilla’s CDM host executable")
Not to mention about other browsers or players.
The obvious solution would be to create open-source Content Decryption Module (CDM) (but we all know Hollywood will not pick this route because it would be extremely easy to modify it for piracy purporses) or leave it to JS/WebAssembly (at least you can use same code for all platforms and browsers).
Oh, I have to clarify myself: for now all platforms use http://www.widevine.com/wv_drm.html , but hey, it's still proprietary and supports only major systems (I don't see any *BSD here for example).
And... actually not, Apple and Microsoft have their own solutions. NICE. I don't see how JS could be worse.
I posted a longer comment to Hacker News about this article, which you can read here: https://news.ycombinator.com/item?id=13770281
I'd like to highlight one particular bit from it here, namely this one. In the article, you write "If EME did not exist, vendors could just create new Javascript based versions."
What you fail to mention is that this would be vastly more preferable to EME. EME doesn't specify the actual DRM part itself, leaving that to proprietary black boxes that need to be separately approved by content distributors, which vastly increases lock-in and hands over unnecessary amounts of control to Big Media when it comes to deciding who gets to view what.
If in comparison all content protection was implement purely in JS, any modern browser would work with it because JS is actually fully specified open standard! This is what would guarantee actual, true interoperability, which EME in comparison really doesn't.
When we allow the interests of others to direct our goals and vision, we become subordinate to our own ideals.
#EME in #HTML5 is antithetical to a free and open Web. I remain convinced that there are two issues in play which are not being honestly and openly addressed:
1. EME is something all of the most influential W3C members want. This means their opinion - and MEMBERSHIP DUES - are in part influencing decision making;
2. The W3C is not set up to be a political organization and many statements have been made to that end over the decades since its creation. This is an understandable defense but it's still a defense - anything that touches human society IS inherently political. To withdraw from that is a choice that removes the organization from a fully honest relationship with the community that drives it,
These actions do not in any way make the W3C wrong in its decisions IF YOU DO NOT CONTINUE TO REPRESENT YOURSELF as the organization who cares about an Open Web. What you care about consistently is writing specs. Keep writing specs and stay out of the politics if you like, but please stop lying. First to yourselves, and then to the rest of us who have worked as hard if not harder to MOVE THE WEB FORWARD.
I respectfully ask The W3C rescind ALL use of the word "Open" In relation to any and all references of the TCP/IP x HTTP(s) World Wide Web.
Sometimes, we create Frankensteins and Monsters and don't mean to do harm. The Web is now a Frankenstein Monster - it has a heart but it has its own mind. If you want an Open Free Web, it's time we turned our developer attention and energy away from W3C (except in specs) and toward other organizations like FSF and EFF that actually do work on the political and social layers of electronic freedoms and the true realization of that which we refer to as "open."
With regards,
Molly E. Holzschlag
molly.com
"Yes, there is an argument made that in any case, W3C should just stand up against DRM, but we, like Canute, understand our power is limited."
W3C was a champion of the open web.
That champion has now chosen to bows it's head and kneel, instead of standing tall before those that want to create silos and tollgates on the open web .
By doing so that champion looses the respect it used to arouse.
Since it is now clear W3C has capitulated and been co-opted by enemy forces, we can no longer trust the W3C to champion an open web, and hence any W3C standard becomes suspect.
Your decision ruins W3C as a standards organization.
Hugely disappointed, I thought the W3C to have principles AND the backbone to stick to them... RIP... not. any. more.
Please continue going gently into the night.
Just like Microsoft used OOXML to check of the 'open standard'-checkbox. The tollgated and siloed places on the web, will now claim to be part of the open web.
Dear TimBL.
Others had already addressed very solid and clearly the many obscure, simply lacking or erred points on your article on the technical, ethical and political aspects, so I won't repeat them here. In simple words, your position is unsustainable from almost any logical point of view, except of course in the big media companies interests.
I would like -however- to try to really understand *you*.
The man that created something so powerful as to become what the web is today, that directed a consortium for an Open Web, now officially gives support to what is obviously wrong for almost everyone except those big media companies. How such a change was done? What process could make you break your ideals in such brutal way?
Imagine yourself trying to explain this to your grandchildren and please leave it here for them. Maybe in this way we can understand you.
Otherwise, it just looks like you sold not only your ideals, but yourself and all of us in the same deal.
Thanks...
Dear Mr Berners-Lee,
I urge you to reconsider.
This whole post feels like an excuse. A concession. A "Oh well, if they want it so badly...". Especially given your personal views laid out at the end of the post.
> If the Director Of The Consortium made a Decree
> that there would be No More DRM.
I don't think anyone expected you to make such a decree. What I expected you to do is to keep true to your vision of an "open web", and firmly say "no" to proposals which would clearly undermine it. As others said, no matter how you hard you try to justify it, DRM doesn't fit into this vision, and you seem to agree!
So what is stopping you from steering away from the EME spec? If the proponents wants it so badly, they can devise their own standard. It doesn't need to be woven into the "open" web standard. I would think (and many seems to agree) that privacy and security concerns ought to be a higher priority than the ease of distributing/watching Hollywood movies. Letting this EME spec land in would be a dangerous precedent.
Please, Mr Berners-Lee, don't compromise on something as fundamental as keeping the web an open/handcuffs-free platform.
Thank you for reconsidering.
This is a terrible idea. Companies, like those asking for EME, got the chance to exist because the foundation of the Web is OPEN STANDARDS!
W3C now stands for "Wrecking the Web at the Will of Corporations" and "Woefully Weak: Wimps and Cronies."
The start of the Intel-only web.
That is what this "solution" is.
If we are lucky, ARM will be allowed to play.
But MIPS, SPARC, PowerPC etc. will no longer be welcome to the web.
Nor will niche OS like Haiku.
The internet: soon only available on approved systems. Is that really what the W3C stands for?
If not, will there at least be a requirement for the content modules to be available on any architecture and OS that either Debian or Firefox support?
If a bunch of volunteers can do it, is it too much to ask that people earning money via the internet do their part to keep it open to all, if they really HAVE to use DRM?
You know, DRM is the very antithesis of universality. So your logic says that to exist the thing must carry its own ready-made poison pill. I would question that logic except for the simple finding that with this "living standard" malarky and the rest of the current browser wars 2.0, the 'web has become unreliable and unsuitable for the long run. And as such the W3C has shown itself [x] unfit and [x] incompetent, making hair-splitting about your logic mostly academic. But at least you're in good company: The companies that keep pushing DRM, which has been shown to be effectively dead time and again, are themselves dead men walking. Their business models are based on premises that are steadily evaporating. This is inherent in the nature of ubiquitous communication. DRM, just like their protectionist laws and conspicuously named "free trade treaties", tries to turn back that clock. Sorry, the ship has sailed. And now we see that you, too, are doing your level best to make yourself irrelevant to the future. But hey, at least you are free to make that choice.
After so much excellent work, and after founding the W3C to establish interoperable web standards, it's sad to see such a thorough screw-up here.
The how do I publish movie is missing something.
Not all cases do you need DRM. Sometimes if the ability to encrypted with a preshared key would be enough.
So with is the case for a business/channel that does not 100 percent care if the video leaks but only want the video to get to paid subscribers first. Encrypted with presharing of keys does this usage case.
Next businesses for internal videos could give all staff members key-store holding the keys to the videos they are allowed to watch. Again this is not DRM. This is video access control. EME need to be put head to head with video access control that is based on open source. Will people leak videos as much if they know there account can be located and them blacklisted?
With watermaking and access control it possible to zone in on the thieves.
Will EME sandbox module prevent someone creating a solution to run EME DRM module in a sandbox to play back the video to decode and recode it. I think not. So this would be back to water marking to locate your thief.
My biggest problem with EME is that is promises a load of goods that its not going to really be able to deliver.
Unbelievable that the W3C would promote a technology that would subject security researchers to jail time for finding security flaws in a piece of software that you want to force users to install. It is not enough that you "encourage" these companies to not prosecute, you should demand it before allowing it.
The energies of the W3C had been better spent on standardizing spying on the play/forward/reverse buttons than on this dreadful reincarnation of ActiveX (processor-specific blobs downloaded by the browser -- that's just beyond ugly).
'Digital files cannot be made uncopyable, any more than water can be made not wet' (Bruce Schneier). Any machine can be virtualized, including the one the EME-enabled browser and the Content Decryption Modules runs on. Unless the CDM can authenticate HDCP displays as physical, a man in the middle attack is no more difficult than running an open source VM.
If DRM is ever to become man-in-the-middle proof, it needs a certificate chain binding a key in the screen to the user looking at it. When your screen demands you type or read aloud a Captcha when starting a premium video, you know that day has arrived, but most people will throw objects at TVs with less provocation.
Practical options that remain are per-stream steganographic signatures and dynamic rate limiting at the ISP based on stream source, time, end user and active purchase. Embedding invisible watermarks into digital video is relatively cheap and filtering them out more costly to an attacker than virtualizing chips with keys. Worse to the attacker, there is no reliable feedback about success or failure. 'Did I or did I not remove everything?'
ISPs are already cozy with rights owners and CDNs to control bandwidth based on content source. Why not go a small step further, making this process dynamic, and filter, throttle and optionally sign streams from their partners on demand? Yes, Net Neutrality, I know, but here the end user is paying to get access to restricted content, so it's not the same.
Rights owners, middlemen and ISPs get the freedom to concoct all the weird and wonderful business models and bundling jungles they want, while users get the freedom to use any platform, any software, any device they like. Limits are enforced and cannot be circumvented by the user alone, regardless of technical prowess. What's not to like, Hollywood?
Couldn't you have helped here, W3C?
As a triple play customer, I consider client-based DRM and its disastrous effects on choice in hard- and software is a bigger problem than the monitoring of my viewing habits. I surrendered the privilege to keep those to myself when I moved from analog to digital TV with bi-directional data.
I would gladly send the start/pause/reverse/forward button clicks to my triple play ISP, at least for holier-than-holy streams to be delivered to cheapskate subscribers like me. Just stream the output at real time viewing speeds to me, thanks! Yes, I can record it, but I'm too lazy and too scared of the watermark with all the details of my purchase receipt.
In short, I want paid-for video to work on all my devices without having inject them with sticky, scary malware from either side of the content protection battle.
W3C, couldn't you have sided with people like me there? Standardizing a protocol for server-based players serving unencrypted-but-watermarked streams in real time?
Indeed, I suggest the W3C has made the exact opposite call it should have made.
No to DRM, no to EME.
Given recent exploits I don't understand how sandboxing will protect end-users from malicious DRM code. I don't understand how this doesn't enable companies to pack their entire websites into DRM. I don't understand how this allows for fair use. I don't understand how this supports an open web.
Perhaps more importantly, if the W3C endorses EME, what is the plan for fixing things if it turns out that it does in fact make the web worse?
How are we going to deal with broken DRM in 20 years?
Will the W3C escrow the source code to EME modules?
Will the W3C escrow the the encryption keys so that the DRMed content can be unencrypted when the copyrights expire or does the W3C support permanent copyright?
How are we going to deal with DRM in 100 year?
NO DRM, NO EME.
Unesco's Frank La Rue has published a letter to Tim Berners-Lee :
https://en.unesco.org/sites/default/files/eme_letter_frank_la_rue.pdf
No DRM!
No EME!
Fork the web!
Money makes people stupid.
Hacked!
I wish to renew my own criticism (as a long-time W3C supporter, contributor, and expert): https://meiert.com/en/blog/20131122/drm-and-html/.
Dear Sir Tim Berners-Lee,
After reading and thinking for quite some time about this text of yours, I decided to comment here to tell you not only that I would like to ask you to reconsider your position, but also to be sure that if you don't, at least you know exactly the context where you're deciding this.
The reason why I think there's a possibility that you don't know exactly the context of this, is that in this article you talk about DRM as if it was a bother, which it is, but that's not the real problem with the DRM.
The problem with DRM is that it prevents users from exercising citizens' fundamental rights/human rights.
So when you're making it easier for some companies to use DRM on the Web, you're actually helping these companies to stop citizens from exercising their fundamental rights/human rights.
To understand this, we need to understand what copyright is, so bear with me.
*The Context*
Copyright is an exclusive right. This means that only the author can use his work and only the author can authorise others to use his work. This is the right we give to authors, by default.
Lawmakers also decided they couldn't maintain copyright only like this, because in that case copyright would kill fundamental rights/human rights of all the other citizens.
Example: Imagine you wanted to use an excerpt of a copyrighted work to give your opinion, or to discuss it, or to criticise it, or to correct an information. You would have to ask rightholders for permission. And they could tell you that if you wanted use an excerpt of their work to say it was wrong, for example, they wouldn't give you their permission. They could deny their permission, whatever the case. So, you couldn't exercise your right to freedom of expression.
So, to guarantee all the citizens' fundamental rights/human rights, lawmakers decided to create exceptions to copyright:
a) They created an exception to copyright that allows you to use excerpts of a work to give your opinion, to make an argument, to correct something, to criticise, to make a parody, etc. in order to guarantee your fundamental/human right to freedom of expression;
b) They created an exception to copyright that allows you to use excerpts of a work to teach, learn and do scientific research in order to guarantee your fundamental/human right to education;
c) They created an exception for media in order to guarantee the fundamental right to freedom of information;
d) They created an exception for libraries and other heritage institutions, that otherwise couldn't exist, to guarantee your fundamental right to access your own heritage and culture;
e) They also created other exceptions, you can read about them in the European Directive of Copyright, article 5 (in your case this is Fair Use, it's not exactly the same thing, but it has same purpose).
*What has DRM to do with this?*
When lawmakers were convinced to give legal protection to DRM, they did it in a "total" way, meaning that:
1) if you circumvent the DRM to do file-sharing, which is illegal, the circumvention of DRM is also illegal;
2) if you circumvent the DRM to do one of the copyright exceptions (to use an excerpt to teach or criticise, for example), which are legal, the circumvention of DRM is still illegal.
The problem with the second situation is that, in the case of DRMed digital works there's no way you can do any of the copyright exceptions without breaking the DRM. And you can't break DRM: you can go to prison.
Doesn't matter if you bought the book or the film, doesn't matter if you want to make a legal use. If you break DRM, even in these legal cases, you can go to prison. That's what the law says.
We have these rights, they are fundamental rights/human rights, but if the work has DRM we can't exercise those rights.
*What are you and W3C really doing?*
So, when you endorse EME, you're making it easier for those companies to flood the Web with DRM, which actually means you're helping those companies to prevent citizens from exercising their fundamental rights/human rights.
You argue that you can't change the law. This is actually an argument to not endorse EME.
You're doing something that you know it stops citizens from exercising their fundamental rights. Then you tell us you can't change this and you're doing it anyway. Well, if you can't change the law, you can't guarantee citizens' human rights, so you should not make an action that helps to kill these rights.
*What can you do?*
You could solve this in a very simple way. You only have to tell those W3C members that want to push EME forward that right now the law does not guarantee citizens' fundamental rights (AKA Copyright Exceptions) when works have DRM, so W3C should put EME on hold.
You can even tell them that if and when the law changes to guarantee citizens' fundamental rights, then W3C can work on EME again.
And they have an advantage over you, because you can't change the law, but they can. I was going through the W3C Members' list and found that W3C has as members the most powerful associations and companies, both from rightholders side and companies that use/make DRM side.
You know, the ones that convinced politicians to make this DRM law and the ones that can easily convince politicians to correct the law.
EME has nothing to do with technology, it's about fundamental/human rights of real people, with real lives, in a real world.
If you feel you owe us an explanation, this is the one we need: why are you helping associations and companies to stop all of us from exercising our fundamental rights?
There was time when TBL believed in an open-web. Now he believes in getting paid and the rights of corporations over individuals. How much was your paycheck from Hollyweb TBL?
"Despite these issues, users continue to buy DRM-protected content."
Users will continue to buy DRM-protected content until they are properly educated about what a DRM system implies. EME is a last ditch effort by content providers to perpetuate an archaic business model while restricting users rights to content they have rightfully purchased.
Users purchasing DRM protected content is not necessarily a conscious decision.
EME and DRM is simply a failure for humanity and the founding principles of the web.
Tim,
If this comes to fruition this will be your legacy.
The above is a very astute comment.
Mr. Berners-Lee, please remember the fate of Tony Blair. Once loved, respected and admired, it took one catastrophic mistake of following the US into the illegal Iraq invasion to destroy any legacy he may once have dreamed of.
I don't think it's appropriate to compare blessing DRM in HTML with the mass-murder of hundreds of thousands of innocent civilians, but the lesson of one mistake wiping out a once promising legacy is one I suggest you seriously consider.
Please reconsider this disastrous decision, or this will become all that is remembered of what you once were capable of.
Is the web an open platform for innovation or has it now become a "solution". These arguments seem to re-define the web as a solution instead of the open platform it once was. IMHO, W3C should not get into point solution discussion like EME and DRM but remain committed to creating a platform open to all to make sure other solutions can emerge.