EFF: Protections needed to “engage in lawful activity that DRM gets in the way of.”
Read the whole story
Read the whole story
Global Web standard for integrating DRM into browsers hits a snag
- Thread starter JournalBot
- Start date
The more convenient DRM is to deploy, the more common it will be and the more our right to fair use will erode. Supporting DRM standards because they make Netflix work better is shortsighted. These standards are a trojan horse that will enable DRM to be used in ways we can't imagine now.
Upvote
109
(147
/
-38)
Before anyone gets too excited, this probably isn't going anywhere. The EFF's representative on the working group responsible for EME attempted something similar, and the vast majority of other working group participants shot it down. I don't see this going over substantially better when posed to the full W3C membership, at least not to the point that it results in majority support for the EFF's position.
EDIT: Aaaand the appeal is immediately disappointing. Right from the second paragraph, Doctorow is once again misrepresenting both the W3C's process and the course of events here in order to create a narrative when the organization did something improper in the course of adopting these rules. I don't see that convincing the W3C's actual members, so I'm inclined to believe that the EFF knows full well that this isn't going to accomplish anything concrete and are using it as an opportunity to soapbox instead.
EDIT: Aaaand the appeal is immediately disappointing. Right from the second paragraph, Doctorow is once again misrepresenting both the W3C's process and the course of events here in order to create a narrative when the organization did something improper in the course of adopting these rules. I don't see that convincing the W3C's actual members, so I'm inclined to believe that the EFF knows full well that this isn't going to accomplish anything concrete and are using it as an opportunity to soapbox instead.
Upvote
41
(55
/
-14)
But we need it! Remember how music completely disappeared off the web because MP3 didn't have DRM? I'm sure Netflix will collapse without DRM just like Itunes did.
(/s shouldn't be necessary here)
Edit:grammar
Upvote
93
(117
/
-24)
Tempus --)-------
Ars Tribunus Militum
But this is full membership, not just the working group for this spec, correct?
If so there may be a hope
Members who had a vested interest in seeing this implemented are likely to have participated in the working group, so that group may have been in effect a stacked deck. There is hope they did not represent the feelings of a majority (heck, even 5%) of the membership at large.
Upvote
31
(36
/
-5)
You might want to remind people why digital music doesn't have DRM. 10 years ago it did but DRM fragmented the market: some files would play in Windows Media Player, others in iTunes, others in RealPlayer, but none in the others. It was a usability nightmare. Eventually the music industry caved and we are all better off. If DRM becomes slick enough, the music industry will start to demand it again. And we may never see streaming TV without DRM.
Upvote
95
(103
/
-8)
Does anyone know if this new DRM mechanism can be used to deliver HTML/Javascript?
i.e. can it lock up the whole web? No more view page source?
i.e. can it lock up the whole web? No more view page source?
Upvote
33
(39
/
-6)
Eh. EME's been in use for several years now, and even before it was adopted it was pretty clear that something similar to it was going to be used by the various browser vendors. The only real impact from the W3C's involvement is to ensure that it operates in a way that gives users (and, in most cases, their browsers) as much control as is feasible for a system like this. They also managed to get Clear Key (basically, simple encryption) support as a required baseline for the spec, which is arguably a win - since it's the only kind of support that's guaranteed, there's an incentive for at least some developers to use it over more complete DRM solutions.
Upvote
38
(44
/
-6)
As a developer and a big proponent of the open-web and standardization... I can't get too up in arms about this.
I understand the arguments on both sides, and really I think EME will make things better in the long run. Yes, there probably will be more DRMs, especially on big sites. However, it'll also mean that instead of using custom Flash players which already have DRM, they'll use HTML5 video and audio, which brings along benefits even if it can't be freely ripped.
Not having standard DRM doesn't mean there will be no DRM, it just means companies won't use standards. I'm always for standards, even if it means a little trade-off. It makes life much better in the long run.
Besides... it's always easy enough to use a screen capture to record video, you just have to do it in real time.
I understand the arguments on both sides, and really I think EME will make things better in the long run. Yes, there probably will be more DRMs, especially on big sites. However, it'll also mean that instead of using custom Flash players which already have DRM, they'll use HTML5 video and audio, which brings along benefits even if it can't be freely ripped.
Not having standard DRM doesn't mean there will be no DRM, it just means companies won't use standards. I'm always for standards, even if it means a little trade-off. It makes life much better in the long run.
Besides... it's always easy enough to use a screen capture to record video, you just have to do it in real time.
Upvote
51
(70
/
-19)
I'm confused. Was the appeal process actually started; that is have more than 5% of the members requested an appeal? If so which members?
EFF and a few others announced that they would like to appeal the decision the day that EME was approved, so that part isn't news. If they convinced 23 other members to support them, that would be news.
EFF and a few others announced that they would like to appeal the decision the day that EME was approved, so that part isn't news. If they convinced 23 other members to support them, that would be news.
Upvote
13
(14
/
-1)
They are encrypting the streams, but we can still easily record the unencrypted output so what's the point? It prevents recording the raw stream but why would we want to do that anyways ?
Upvote
26
(32
/
-6)
WG members are appointed by the advisory committee, and that decision doesn't guarantee inclusion of all members with a vested interest in the standard being worked on. IIRC the WG for EME included a fairly large number of individuals with no stake in that particular standard. There's no guarantee that the WG's representation was skewed in favor of any particular viewpoint, so you can't necessarily expect better results when looking at the full membership.
It's still possible that the broader member base will vote in favor of this appeal, of course, but I doubt it. The EFF's argument is that an irrevocable legal covenant be a mandatory requirement for compliance to a technical specification, and that doesn't make any sense. I get where they're coming from, but their suggested solution really doesn't fit.
Upvote
1
(9
/
-8)
You are admitting that DRM brings a worse experience. Of course fewer sites will use it if it has to be Flash (which is being phased out) instead of HTML5. A smooth experience means DRM may be used for images or HTML if it is possible. It may mean losing control of the web and for what? So a couple big sites can avoid Flash? That's extremely shortsighted.
Upvote
-13
(21
/
-34)
I agree with this. DRM will lead to lock in and the current fragmentation we see in video today. Music lost DRM and is all the better for it.
Upvote
43
(49
/
-6)
They said no such thing. The DRM standard means that HTML5 will likely be used, which is an improvement, and that Flash won't be used, which is also a big improvement. The downside they mentioned is only that other actors might start using it, which they opined is an acceptable trade-off.
Upvote
30
(38
/
-8)
Gern Blaanston
Ars Scholae Palatinae
Makes Netflix work better . . . for who? Certainly not for consumers -- the people without whom Netflix wouldn't exist.
However, regardless of whether or not DRM is standardized by the W3C, there is a simple way to put a stop to this nonsense pretty quickly. Vote with your wallet. Don't trust any company who doesn't trust you. Stop giving money to companies who restrict your legitimate fair use via DRM.
And don't tell me that avoiding Netflix (or anyone else) is not an option. That's just an excuse, and shows that you really aren't all that terribly upset about DRM and the problems it creates.
Upvote
21
(35
/
-14)
HDCP was a native part of HDMI, as HDMI is essentially the more open DVI standard with a mechanically inferior (albeit smaller) connector and DRM baked in. Similarly, HDCP was added to DVI and DisplayPort. You can't play Blu Rays over VGA.
With browser support, the stream could be passed to OS GPU drivers with HDCP and you would never have an unencrypted / rippable stream except in the analog domain of pointing a camera at your monitor.
Upvote
42
(44
/
-2)
You're forgetting an important factor: that there was already a physical digital audio format without DRM or copy-protection: a CD. DRM did nothing to stop piracy because record companies were releasing millions of DRM-free copies anyway.
Also, Apple became so far ahead in terms of audio players and wouldn't license out its FairPlay DRM, and sued when RealPlayer tried to hack their way into FairPlay. DRM-free audio files was the only way to sell audio files outside of iTunes that will still play on iPods.
TV/Movies aren't likely to ever see the same, since DRM/copy protection has been on every video format since DVD, Apple was never a clear frontrunning, and with apps it's now possible to get DRM-ed video files/streams onto Apple devices without going through iTunes.
It's already shown up on music again, with all of those subscription music services that allow local "caching" of music. Those caches are just DRM-ed audio files.
Upvote
49
(52
/
-3)
Supporting DRM in general doesn't make Netflix work better. Supporting DRM standards most certainly did, given that it led them to abandon Silverlight and provide better support for non-Windows platforms.
Upvote
25
(32
/
-7)
If this measure succeeds, what is the end goal? Let's say DRM goes through, but there are some fair use exceptions... Will there be a way to extract a "fair use excerpt or snippet" from protected media on the web that is no greater than 5% to 10% of the full media length?
Upvote
11
(12
/
-1)
It can only draw to a buffer on the screen, but it's possible to send encrypted HTML into the EME plugin and have it render a webpage in a non-open way.
Upvote
12
(14
/
-2)
Except that Apple, not another company trying to sell music compatible with iPods, was the one who pushed for DRM-free audio. At the time WPM DRM was struggling but it was still a force. I am not privy to Apple's negotiations with the music studios but I would imagine user experience was Apple's motive and no small part of Apple's pitch to them.
DVDs are still sold and while according to the DMCA they have DRM, they effectively don't. And HD rips are available the day a show airs, even if it is streaming only. Streaming DRM is no more effective than audio DRM was and is not effective at anything but restricting rights.
Upvote
27
(34
/
-7)
Except that most music is listened to over DRM-encumbered formats. iTunes and some other platforms allow a limited number of non-encumbered downloads, but most people don't worry about that because it no longer matters to them as they don't use media that relies on non-DRM files. Streaming is fast becoming the primary means of consumption. Many (most?) consumer notebooks don't ship with optical drives anymore, and even cars are skipping CD players. I saw a Toyota RAV4 that has two means of playing external music: Bluetooth and USB. No CD drive at all.
The RIAA screwed up how it approached DRM because it refused to give up the idea that people would continue buying CDs for all eternity, and dug in its heels with some of the worst DRM schemes possible (see: Sony rootkit). Valve had the right idea regarding games, and has expanded access to family members (and is pretty lenient about that definition). Netflix has done much the same, allowing flexibility in where you can watch their video. Now Spotify, Pandora, and others fill the same role for audio, and music piracy has, by many accounts, declined precipitously.
DRM is going to happen, whether you like it or not. It can be odious and intrusive or it can be user-friendly. The W3C has accepted this and is doing what it can to make this happen in the least intrusive way possible while also reducing the threat surface by removing the need for plugins. Sure, it makes for a single target to attack, but it also makes for a single target to fix instead of having to patch Flash and Java and Silverlight and who knows what else.
You can choose to skip DRM-encumbered media, and that's your right. It's also your right to surf the web with all JavaScript disabled, but it means leaving behind a lot of functionality, and many sites just plain will not work. Your computing experience will gradually become smaller and smaller, until you're the online equivalent of a hermit. Again, it's your right, but it's not a life most of us want to live.
Upvote
28
(38
/
-10)
This is a "change my view"-type post. I'm honestly looking to be educated here.
I'm lost as to what fair use rights are eroded by not being able to rip a Netflix (or Hulu, or Amazon Video) stream. You're not purchasing anything, so there is nothing for you to back up or archive. If you want to include some footage of Stranger Things as a video, the trailers are on YouTube and trivial to download. If you want to add some dialog from House of Cards, the audio isn't protected, so go to town.
Help me understand where the harm is.
I'm lost as to what fair use rights are eroded by not being able to rip a Netflix (or Hulu, or Amazon Video) stream. You're not purchasing anything, so there is nothing for you to back up or archive. If you want to include some footage of Stranger Things as a video, the trailers are on YouTube and trivial to download. If you want to add some dialog from House of Cards, the audio isn't protected, so go to town.
Help me understand where the harm is.
Upvote
2
(21
/
-19)
I'll bite... HDMI gives me audio, ethernet, and device control over one cable, plus better video than DVI supported. Why is it inferior?
Upvote
2
(13
/
-11)
Remuxes are much better quality than rips. In other words, this won't stop you from pirating a stream but it will make the pirated copy a worse quality. However, that assumes that enterprising individuals won't figure out how to decrypt the stream using the decryption key you just gave to their computer.
Many, even the EFF, argue that media providers primary reason for adding DRM is not to stop piracy. Thats an obviously lost cause. Rather, they implement DRM because of the DMCA's legal protections. Fair use affords much leeway that content providers don't want people to have. By adding DRM they are forcing you to either accept their EULA or violate the DMCA. Either way they can limit fair use.
Upvote
29
(32
/
-3)
"Shortsighted" is your apparent complete lack of knowledge or understanding in regards to how EME works, not to mention the requirements (including time, financial) to distribute encrypted (DRMed) content on the web.
It's simply not feasible to use this to just randomly encrypt static images, and EME also, as a web standard, only works on html 5 video/audio (HTMLMediaElements). So the only way to use it like you're proposing would be to create a video of an image. Which in turn means that none of the javascript tools usable for images would work properly, at which point… it's just not happening.
The idea that you could even go so far as to DRM HTML is a rabid ridiculous fantasy and everyone who brings it up in this context really makes themselves sound too out of touch and extremist to even have a clue about the current situation: even assuming you could DRM HTML, by its very nature you would be unable to interact with it in the browser except to display it… which means it's just not happening on the modern web. Any read methods would have to be disallowed, otherwise you've intrinsically pierced the DRM and it's moot, and you have a solution ultimately no better than something like disallowing right-clicking.
I wish people would focus on what EME actually does when arguing against it, because this crap is just stupid and it utterly undermines any arguments being made when it's used.
If you want to make a grounded argument against DRM in the context of EME and the W3C, please stay out of la la land. By killing the need for fully external, fully scriptable solutions like Flash and Silverlight, EME actually reduces the chances of the very scenarios you're bringing up, as both of those are possible to effectively do in Flash or Silverlight (e.g. fully DRMed content). EME does not allow for those things to be done, and by killing a large part of the market for plugins which did, it actually helps reduce the spread of that type of shit.
DRM for commercial streaming video is, currently, simply a given. There is a demand for commercial streaming video, the vast majority of that demand simply does not care (or in many cases, even notice: someone in the other thread thought that they were watching Netflix without DRM because it was in Chrome, without realizing that EME is already in place in Chrome) that there is DRM, and none of the major licensors are willing to distribute it without DRM on the streams. Because much of the current content model for those streams is subscription based, there's not even a good argument that you should be able to copy those streams for the purposes of backup: in those cases it's very clear cut that you don't own any of the video, you are only paying to access it.
Many of the services which allow you to buy video outright also allow you to download a copy through one mechanism or another (the issue of key server longevity being a thorny one there). Those are really the only cases where I would even begin to consider a "but my rights!" based argument: and it's not clear that the possibility of those cases arising, assuming it's even so simple in terms of rights as to be a violation (it should be a given that it is in spirit, but in practice the entire issue is horribly muddied), should unilaterally preclude the ability to provide DRM for other circumstances where that's not the case.
If this is considered a bad situation, that video with DRM is going to be distributed on the web, then I would argue that EME is at least making the best (or at least something better than many alternatives) of that situation. EME creates a relatively fair standardization in the reality of the current market, and one which could be argued to be far more secure (due to far more limited behavior/use paths) than previous solutions filling that need within the market.
Given that EME works to push in some baselines, including in particular Common Encryption, but also things like Clear Key support, it's arguable that it's a strong step forward in terms of better platform interoperability, too.
Upvote
21
(31
/
-10)
That and Sony demonstrated that DRM is a vector for malware.
That's a key part of the issue here, and one I don't see many people discussing in this comments section yet: thanks to the DMCA (and similar laws in other countries), it's illegal to break DRM for any reason, even security research.
EFF proposed a compromise where W3C signatories would agree not to sue anyone for breaking EME DRM for purposes that were otherwise legal. It was rejected out of hand. EFF proposed an even more modest compromise where they would agree not to sue anyone for breaking EME DRM for the purpose of security research. Again, dismissed out of hand.
Regardless of the other arguments against EME, its security implications are significant, and the W3C has not addressed them satisfactorily.
I think there are two things to keep in mind here:
(1) The stated purpose of DRM is not always its actual purpose. There are people and companies who advocate DRM not because they believe it actually prevents copying, but because it is a useful mechanism for locking customers into a particular platform. Amazon knows its DRM doesn't prevent people from downloading ebooks illegally, but it also knows that it helps lock customers into Kindle and Audible -- and puts publishers in a worse bargaining position.
(2) Developers do what they're told. They may know DRM doesn't work, but if the boss demands it, they'll do what the boss demands. If your livelihood depends on claiming that DRM works, you're likelier to claim that DRM works.
Upvote
33
(39
/
-6)
It's been a while since I've looked at the spec, but I don't remember anything in it working this way and I'm pretty sure that it's limited to HTMLMediaElements and specifically to the use of media types with those elements. A browser might enable something to send HTML to a CDM, but AFAIK that's well outside of what EME specifies.
Upvote
6
(9
/
-3)
In theory, the harm occurs when you have "bought" a streaming video, through a service like Amazon or VUDU, as unless the service provides a method to do so, you can't make a fair use provisioned backup copy.
And any local use copy you can make is generally still protected by the DRM via license servers and relies on them, which becomes a very muddied area, legally (I can't recall any cases whose decisions have directly touched on that issue specifically).
The problem is that, much like with software, the courts have allowed companies to define such purchases in ways where you never "actually" own what you bought/"bought," when it is digital content or otherwise ephemeral. It needs addressing.
Personally I don't think that hyperventilating over EME the way some seem prone to is the correct avenue for addressing it, as the harm (in this context) isn't "all DRM" but rather "DRM on content I paid to own, with no provision for me keeping a local key for my own copy that I can perpetually use and transfer between my own systems/etc, and no guarantees that I will be able to continue to enjoy my purchase if the licensing servers go down."
Upvote
16
(19
/
-3)
The EFF's proposals weren't "rejected out of hand". That's the narrative that they presented, but they're only able to do so because of a broader ignorance of how the W3C's process works and because of the general policy that the internal discussions of working groups be kept private. Their covenant proposals were actually discussed for several months and the specification's promotion was delayed during that time, but a large majority of the working group voted against the EFF here. In fact, there were at least two votes on the issue and the WG's participants voted against the EFF in both cases.
As for the EFF's compromise being "modest", I don't think requiring a legally binding and irrevocable declaration limiting the kind of legal action that an entity can take as part of compliance for a technical specification is modest. I can understand the desire for W3C members to enter an agreement like that, but putting it in the spec makes no sense.
Upvote
10
(22
/
-12)
That argument against DRM is the same argument that governments make against encryption: in some cases the government can lawfully access your records, and encryption just gets in the way.
Upvote
-3
(8
/
-11)
Apple was publicly for DRM-free audio, but I'm not sure they ever "pushed." iTunes only went DRM-free for music once all the major record companies were already selling DRM-free music on Amazon.
Amazon Music opened in Sept 2007 and had all 4 majors DRM-free by January 2008, iTunes went completely DRM-free in January 2009, a year later:
https://en.wikipedia.org/wiki/Amazon_Music
https://en.wikipedia.org/wiki/FairPlay# ... RM_changes
https://en.wikipedia.org/wiki/ITunes_St ... management
While it doesn't stop someone from ripping, it stops most from doing it. Ripping is nowhere new as user friendly as "open iTunes and insert a CD" for audio was. Thus, most people are not ripping their own for video, but are relying on piracy sites/service, which is an entirely different angle.
User friendliness is a big factor, and video providers are learning that if you offer a cheap, easy, legit way to watch videos, a lot of people will opt for that over piracy. There's a reason those recently leaked episodes of Orange is the New Black didn't make that big of a splash; most people were going to wait to watch it on Netflix anyway:
https://meincmagazine.com/security/2017/0 ... ndor-hack/
Also, I think it's almost partially psychological for the movie/TV studios; as long as they think that they're putting effort into making it hard to rip, they think they're doing something, or they think they'll eventually have a handle on all the illegal downloads if they can prevent any "offline" ripping of discs or non-sharing piracy of streaming video.
Upvote
22
(25
/
-3)
Guess the MPAA/RIAA finally succeeded in normalizing DRM enough that Ars readers are defending and advocating for it.
Except that one protects my privacy, while the other interferes with the legitimate use of copyrighted works.
Upvote
13
(23
/
-10)
The EFF letter gives the example of automatically checking the stream to see if it includes content that may cause seizures, and then adding either a warning or an option to skip those scenes.
Upvote
4
(9
/
-5)
This. While putting it into the final spec might be something that could make sense to at least some people with no understanding of the W3C, those types of requirements adhering to a spec are pretty much anathema to how W3C specs are drafted and the related requirements for the final spec itself to be as open and unencumbered as possible in order to have the broadest adoption possible.
I just finished arguing why in my last post in the other thread so I'm not going to go back over it.
I think it's a lofty and desirable goal on many levels, for there to be a covenant that protects related security research, I think it's something that would be nice to have, but I also don't think it's the type of thing that has any place in a W3C spec.
Upvote
4
(9
/
-5)
Not even remotely. The EFF is arguing for a guarantee that security researchers won't be subjected to legal repercussions for examining DRM systems. The government is arguing for a guarantee that encryption systems themselves have mechanisms that enable them to bypass encryption entirely. Those are wildly different from one another.
Upvote
22
(23
/
-1)
- Status