Hacker News new | past | comments | ask | show | jobs | submit login
BBC demands DRM for HTML5 (boingboing.net)
322 points by afoketunji on Feb 16, 2013 | hide | past | favorite | 207 comments



Wow, Cory's article is totally over the top... as are some of the comments in this thread.

Let's start with the facts. Here's the spec. It's called Encrypted Media Extensions (EME).

https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-med...

The EME spec isn't that long, and the introduction has a nice diagram. Go check it out.

The W3C spec does not put "DRM in browsers." It allows browsers to use "decryption modules" that already exist elsewhere, like in the OS platform. There are APIs to determine what sorts of "decryption modules" are available and to use them to decrypt media.

If we're going to transition to a plug-in free web then we need HTML5 video to support these extensions. Sure, it'd be nice if the big media companies stopped insisting on using encryption to distribute their videos. But that's not likely to happen anytime soon. Premium video on the web requires either plug-ins or EME. I think most of us would pick premium web video + EME, rather than premium web video + plug-ins, or (perish the thought) no premium video on the web at all.

BTW, open source browsers can easily implement this spec since it doesn't require the browser to implement a "decryption module" themselves. Also, there is a mode called "clear key" that can be used if the underlying platform doesn't have any "decryption module" available.

Disclosure: I work at Netflix on streaming video in browsers.


> If we're going to transition to a plug-in free web then we need HTML5 video to support these extensions.

The first part does not imply the second. I know there are legal/licensing reasons for encryption but technology that is going to run the world of tomorrow should not be encumbered because of contractual obligations of today. I fail to see the technical reason why encryption is necessary for Netflix. HTML5 is a technical spec. It does not need to be riddled with extensions to fulfill business needs.

I can't view a stream if I'm not a paying member logged in to the website or XBox/Roku/AppleTV device. Once I am able to view the stream, encryption or not, I can record it through a number of hardware/software mechanisms if I am technically savvy. If I'm not technically savvy, I can't record it regardless of encryption. If I can somehow access the stream without logging in, say the files are stored on CDN and available to everyone over HTTP(S), then you should work on preventing that.

W3C/HTML5 are designing specs for the long haul. I am pretty sure I will be writing web apps in a decade too, like I did a decade ago. iTunes no longer has DRM'ed audio. Who knows, in a decade, Hollywood will give up DRM too, with pressure from Netflix, Apple, Amazon, and Google. But if engineers at these very companies that should be pushing for open-web, insist on burdening the spec to cope with DRM, I doubt we'll ever see that future.


> The first part does not imply the second. I know there are legal/licensing reasons for encryption but technology that is going to run the world of tomorrow should not be encumbered because of contractual obligations of today.

And when we live in your Star Trek-style technoutopia, then we won't have to worry about business concerns in specs. Specs have had business concerns in them since... ever.


I agree with you that business needs give rise to specs. That's pretty much how most of the specs are born. MS wanted to make Outlook Web Access behave more like the desktop version and came up with XMLHttpRequest - which went into the spec and made the web of today suck significantly less. That wasn't my point.

I'm talking about adding in mechanisms to support restrictions because of current legal situation. If you add in extensions that help DRM video, why not start adding in support for extensions that can prevent SSN or medical history from being displayed on the screen unless the local machine sends a valid fingerprint signature to the server? Of course that sounds ridiculous. Something like that doesn't belong in the spec. I fail to see the difference between that and EME.


> XMLHttpRequest... made the web of today suck significantly less.

I would argue the exact opposite.


I am curious. What are your arguments?


Likely referring to web-apps that require Javascript support and have no fail over code.

This is more a problem with the developer of said site and not an issue with XMLhttprequest as you can build apps that are progressively enhanced for it and don't fail completely when JS/XMLHTTP is disabled.


If you've upvoted or downvoted anyone here on HN, you have benefited from XMLHttpRequest.


HN doesn't use XMLHttpRequest. View source to see that.


    Specs have had business concerns in them since... ever.
Good specs haven't.


Good specs do. You might write a spec that describes the functional requirements of a claims processing system, because your current system is 20 years old and can't cheaply be modified to comply with legislative changes.

An obvious "business concern" is that any replacement system will accommodate future legislative changes. This has nothing to do with the functional (user) requirements (form design and submission process), and yet might dramatically change how you design and write such a system.

DRM, or rather the encryption scheme that makes it DRM, is much the same in that a design that supports it could similarly support related but more benign capabilities, such as compression or translation.

That too will influence an implementation, and makes such a non-functional requirement as important as a functional requirement.


The media companies know we'll always eventually be able to bypass any DRM they place on their media. But they still feel obligated to use it, partly for legal reasons. If they make their content available through a completely unrestricted video stream and then try to sue someone who infringes on their copyright, the defense's first question will be "well if you didn't want someone copying your content why didn't you place any of the available restrictions on it?" I don't think this would be a valid argument but it's not a risk many media companies would probably want to take.


> If they make their content available through a completely unrestricted video stream

That was my point. Why is it completely unrestricted? How hard is it to check a cookie and 401 if I'm not logged in? And if someone can fake an HTTPS cookie, they can do a lot more damage than download a video.


> Wow, Cory's article is totally over the top...

What makes you think it's over the top? We have a public-interest organization pushing DRM, a technology that is decidedly against the public interest.

I'm surprised that this is upvoted to the top of the thread, when you haven't done anything except say "this is over the top" and given us a link that explains what DRM is---as if the DRM's detractors don't already know what it is or how it works.

> Sure, it'd be nice if the big media companies stopped insisting on using encryption to distribute their videos. But that's not likely to happen anytime soon.

That's only true because technologists continue to lie to media companies, telling them that DRM is feasible and not harmful to their interests (even though, in addition to being against the public interest, it tends to cause monopolization of their distribution chains---just ask the music industry happened with iTunes).

Look, these media companies are looking to us for advice; We're doing both them an ourselves a disservice by continuing to sell them DRM snake oil.


> you haven't done anything except say "this is over the top" and given us a link that explains what DRM is

The link is the Encrypted Media Extensions (EME) spec. EME is not DRM. It allows access to a decryption system outside of the browser.

That is different than what Cory and others are claiming.


It is precisely DRM. The entire point of it is to protect media streams from copying, and the BBC has specifically demanded that it be robust enough DRM enough to trigger anti-circumvention laws and allow them to have anyone who does manage to copy the decrypted streams arrested and jailed.


EME merely allows access to a DRM system. I know this distinction sounds overly precise, but the fact that EME does not mandate a DRM system makes a big difference if you want to implement this spec in a browser.

Were EME to actually specify the DRM then this spec would never have been jointly proposed by Google, Microsoft, and Netflix.

It is an effective but incorrect bit of rhetoric when Cory equates EME to DRM in the article.


It's all just an empty demagogy in lawyers style. EME is about DRM, but the language was made generic to avoid mentioning DRM. So to make things fair and clear - EME is intended to serve the cause of those who push DRM on the Web. And it's enough of a reason to oppose EME.


Look at ABC as an example. You can watch their video content via a Flash plugin, or via a native app for IOS. They do not let you watch their content via a browser without Flash. This is fairly common for media companies.

Now think of the implications of not having EME. It creates a situation that pushes users away from the open web and onto native apps and proprietary plugins. EME is needed so that users don't move away from browsers to native apps. Users will go where the content is, no matter how vigorously you shout your ideology.


Aren't those plugins used already by those who rely on DRM? So what do you prefer, to make DRM (a dying unethical trend) part of the HTML5, or to retain its area of influence to plugins? Users know that plugins should be better avoided. They represent external, not very trustworthy entities for the web experience. This goes along with DRM which should be avoided for similar reasons. Pushing DRM into the browsers would only obscure this matter. EME is therefore not serving any good purpose for the open web and should be opposed. It's not like users who use DRM will suddenly get pushed into plugins or external applications. They already use them! And those who don't use and don't want to use DRM don't need that junk in the browser.

And for publishers it should be a lesson to stop using all that DRM for good if they want to be part of the open web.


Users will get pushed into native apps. Normal users don't know or care what DRM is. They click on a link to some video they want to watch from ABC, and if they are on a mobile device they are told they have to download the free app to watch it. They do, cause they want to want to watch, and we just helped push users off the open web!


> Users will get pushed into native apps.

I don't see why it is a problem, if we are talking about DRM. DRM free distributors will use HTML, embracing the open web. Obsessed with DRM ones will use shady plugins and malware-like non browser applications. I'm fine with that - it also clearly marks this distinction for the user. Pushing off the Web here relates to DRM and distributors who insist on using it, not to the users who you claim have no idea what's going on.


Maybe, but I think users will go where the content is that they want to watch. I don't think a normal user will associate it with DRM.


Users won't stop using the Web. If some will want to use DRMed content, they'll use those external applications and / or plugins. And users will figure out the difference - between those publishers who respect them and use DRM free channels (including the Web), and those who don't repsect them and insist on stupid DRM and malware prone tools to distribute their content. So this "pushing" IMHO serves only the good purpose to isolate DRM from the normal technologies.

So the bottom line - W3C being the designers of the future Web concepts should focus on pushing distributors off DRM for the sake of open Web by refusing to be associated with it in any fashion, instead of obliging this insulting preemptive policing by pushing DRM onto the users as a "Web standard".


It's unclear if the world will move towards native apps or stay on the open web. Preventing anyone from having a DRM solution for the web makes it more likely the world will move to native apps. That would be a bad outcome in my opinion.

I also fail to understand your ideology. Anyone who creates content should have the ability to decide how they wish to sell and distribute that content. I think DRM is futile, but I don't think it is bad as you seem to believe.


There are applications which are used outside the browsers. And DRM is a perfect example - DRM has no place in the open Web. I don't see a problem with pushing bad technologies off the Web (or altogether off for that matter). Good riddance!

Idea here is rather straightforward. Publishers indeed have a choice to treat their users with respect, or to insult them with DRM. But we aren't talking about them making this choice - it's up to them. We are talking about W3C putting an unethical technology in a Web standard, to oblige some publishers who made that unethical choice. It's unacceptable! It's not different from saying that since malware creators want an ability to affect their users, W3C should standardize malware methods for the Web.


your ideology makes no sense to me.


What exactly? You have hard time understanding that DRM is unethical, or that open Web doesn't need it?


If I'm a musician, and I want to sell my music in a way that prevents the buyer from redistributing it, then I don't think that is unethical. I think the musician has the right to make that choice. You have a right not to buy it in that form.


Can a musician come to your house and start monitoring you to prevent redistribution? No, it's invasive and unethical to do it. It's along the lines of invasive surveillance in a totalitarian police state for the sake of "security". Treating your paying customers in such way is a gross disrespect. DRM does exactly that - it's preemptive policing which violates privacy and treats users as potential criminals by default. It's insulting and unethical to do so.

I'm not even saying that it's pointless, since it doesn't prevent piracy. DRM punishes and insults paying customers who care to buy the content, and does nothing to stop illegal redistribution and doesn't affect those who don't care to buy and pirate the stuff. So what is the point in using it? To upset paying customers by limiting usability of the content and by increasing security and malware risks in shady DRM programs?

Distributors should start treating users with respect if they want any respect back. And it always pays off. In general I get the feeling that actual creators (musicians, authors and etc.) don't care about all this DRM idiocy. Those who push it are publishers/distributors, who can't comprehend a simple thing - DRM has no useful application at all, all it does - it degrades the user experience and punishes paying customers.


I'm sorry, DRM is not like a musician coming to your house and monitoring you. That is where you lose me and probably most people. I also disagree with the idea that protecting content you create is unethical. If I own a store, and put a lock on the door, it is not unethical because I am assuming that someone might try to break in and take stuff. That is roughly what you are saying. Or you know how most pharmacies and grocery stores keep some things behind a locked display? I do not find that to be unethical, yet by your logic we should.

I'm a customer, and I don't find DRM insulting to me. I see it as content creators attempting to find a way to continue getting paid for content they create in this new world. I think it is pointless, but that is very different from what you are saying.

I see absolutely no harm in adding the ability to use DRM in html5 video. It has absolutely no affect on the rest of the open web. There is still the ability to put non-DRMed content on the web. If you truly believed that customers would reject DRM, and you seem to think so, then you shouldn't have a problem with giving people the choice and letting consumers vote with their feet.


> I'm sorry, DRM is not like a musician coming to your house and monitoring you. That is where you lose me and probably most people.

Oh really? Should I remind you of this? https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...

>I also disagree with the idea that protecting content you create is unethical. If I own a store, and put a lock on the door, it is not unethical because I am assuming that someone might try to break in and take stuff.

Your analogy is wrong. People buying content is analogous to going to the store, buying something and bringing it home. Protecting the store is all fine with me - it's analogous to creating authentication, allowing only registered users to buy and so on. DRM goes much further than that. If you want to use the store analogy, it would mean that after buying a product, the store sends their police bot with you, which comes to your house and watches what you do, preventing you from potential illegal activity. I find it completely unethical and unacceptable practice. Another analogy would be placing a police camera right in your house, for the sake of preventing situations when you decide to do something illegal. Do you think it's acceptable?

DRM is running on your computer, in your house on your device in your private network. It's a closed black box which you suddenly are supposed to trust? Why so? One shouldn't trust it, especially given the history of abusing these things. Trust always depends on mutuality. DRM means they don't trust you by default assuming you are going to use the content illegally. Why after that you suddenly are supposed to trust them? They should be treated in the same fashion and not trusted by default!

We disagree on the core principle here. You don't consider DRM unethical, so you don't see a problem to put it in the HTML standard. I consider the whole approach unethical and therefore putting it in the standard as unacceptable.

However I brought several arguments why it's pointless even according to your view. One of them - it's a dying trend which is impractical altogether (i.e. it achieves no useful purpose and on the contrary only degrades usability and ignores the issues of fair use and accessibility). Therefore making it a standard is wrong, since it means promoting dying pointless trends on the Web.


That's a giant non sequitur. Sony put a root kit in some software, therefore DRM is unethical.

My original point stands.

3 more


>Look, these media companies are looking to us for advice; We're doing both them an ourselves a disservice by continuing to sell them DRM snake oil.

Seems to be working out pretty well for Hulu/Netflix. Or is releasing your $100 million budget film DRM-Free onto the internet now profitable??


I'm confused why anyone would think it would make it more profitable. You do understand that any content which is unencrypted is mind-numbingly simple to copy, right? That's how bits work. If you think DRM stops any copying or piracy for digital media, you're very confused on how technology works.


Netflix requires a subscription to stream. DRM is irrelevant.


Care to elucidate that point?

So if netflix streamed their content with no-DRM (which none of the content companies they license from would allow, but we'll skip that fact) you assume no one would just get a subscription, copy their entire catalouge, and freely distribute it? Doesn't sound like a very sustainable business model to me...


The point is, that it is possible for someone who is technically savvy and who has a subscription to copy the streams right now. The reason they can't download the entire catalogue is probably because netflix/hulu have(or at least I hope they do) a system in place which prevents a single subscriber from accessing streams at a speed above what would be reasonably necessary for watching things one movie at a time. Which means that downloading the entire catalogue would take as long as it would take to watch everything which is probably prohibitively too much time.

However, if, say, there's a particular movie that is available on netflix/hulu which you want to distribute freely for whatever reason and you are technically savvy, no DRM(short of netflix/hulu controlling the actual hardware you're watching from) will prevent you from doing so.

Therefore, DRM offers no additional protection beyond what a regular login cookie-based system with rate limiting would offer.


Of course someone would do that; even with DRM, people have done that. What content is available on Netflix that is not available on The Pirate Bay?

DRM has completely failed at preventing people from pirating content; and yet, companies selling content seem to be doing plenty well at it. Why do we keep insisting that DRM is necessary or else people will pirate all of the content, and thus making our software and standards more complex, more flaky, and work against the interests of users, when the existence of piracy is obviously not destroying the content providers now?

You know what's preventing them from making more money? The fact that because of complex licensing schemes, DRM, and the like, I can't be guaranteed that if I buy content I can play it on the devices that I choose to use. If I pirate a video, I can play it anywhere. Content producers are shooting themselves in the foot because of their fear of piracy; piracy works better than buying the content directly, and will continue to do so as long as they insist on DRM.


DRM didn't stop House of Cards from appearing on PB:

http://thepiratebay.se/search/house%20of%20cards/0/99/0

I don't see Netflix going out of business because of this.


Yea, but my point is different than a cracked version leaking into bittorrent. That doesn't have a drastically large footprint.

If they streamed videos with no-DRM, everyone with a subscription would easily grab a copy of whatever they want. And all it would take is copying a file and sharing it with friends/family to have it spread. This might not seem like a huge difference, but honestly I think it would be. It would lower the barriers of sharing to the point that everyone could do it. Only those who hold onto a moral belief in not committing copyright infringement wouldn't participate. I think the past has shown that these people are in the vast minority.


How would they? Even ripping DRM-free YouTube videos is beyond most people. I don't see YouTube piracy as a big world problem.


What DRM-free Youtube videos? Youtube uses DRM-enabled flash player and locks down the ability of people to copy videos.

Besides Youtube is a free service, that everyone basically assumes will continuously be there. You're bringing up non-related factors.


YouTube DL works from the command-line. YouTube videos are not DRM-encumbered. They are just harder to get because they can no longer be requested by a simple HTTP call.

http://rg3.github.com/youtube-dl/

I don't believe that someone would cancel Netflix because they happened to have ripped all of the things they are interested in. The value of Netflix is accessing an enormous library, vastly bigger than you could store (changing all the time!) and watching an item that you feel like watching at this time. A Netflix subscriber can't exactly predict every single item they'll be interested in until the end of time, rip them, then cancel.

Even if there were a few people that did this, they would make up an incredibly tiny proportion of paying users, and they'd likely be akin to the digital hoarders that have TB of movies downloaded.


>I don't see YouTube piracy as a big world problem.

That's because YouTube content can be trivially shared with other people.

Stop the sharing and pretty sure you would start to see piracy.


It's easy enough to copy a stream with DRM. Point your camcorder at your laptop stream, press record on your camcorder, press play on your laptop.


It takes ~2 hours to play the film, you can't make any noise in the room during that time, and the resulting picture and sound quality will be terrible unless you've got very expensive recording equipment. Content producers would love to get to the point where that's the only way to 'copy' films.


You're right about the time it takes to copy. Whenever I've encoded video it's always been a time-consuming process so I wouldn't see this as a major obstacle.

As for picture and sound quality being terrible, simply not true. Recording from a projected image is one way to do telecine, and it works fine if you can set it up properly. [1] A half-decent telecine is very different from surreptitiously recording a film in a cinema.

The stream will be re-compressed but this isn't such an issue as many people think. Back when TV was recorded on analog tape in the 90s, you were allowed 8 generations of copying and it would still be considered acceptable for broadcast (for news).

[1] "The quality of a good telecine is generally comparable to a DVD without any post-processing." http://en.wikipedia.org/wiki/Telecine_(copying)


I could copy their entire catalog now, if I wanted to. It would only be very slightly harder because of the DRM.


Yea, you could. But, you aren't going to first of all. And secondly you are a drop in the bucket. Even if you put it on all the bittorrent trackers it's still not a dent in their overall market share.

But if every subscriber could simply right-click on download because they have ZERO DRM that would be very different. I won't drone on because I already stated my case to another comment. I don't see why you guys keep pressing this point about some tech savvy people being able to get through DRM.


YouTube videos are trivial to copy, but you can't right-click on them to download. The thing is, you are holding a mathematically untenable position here.

In order to allow someone to consume your encrypted content, you must give them a valid decryption key, in some form. If you can view the content, it is literally impossible to prevent a determined user from copying it, either digitally or through the analog hole. In current computer systems there is no way to prevent making a high-quality digital copy of an encrypted media stream.

Also, since we've developed a network to propagate information around the planet at a terrific rate, that one determined user's ability to share that content is limited only by the number of people who [a] are interested in the content and [b] have the (lesser) technological skill required to obtain a copy, via file sharing networks or sneakernet.

DRM is pure snake oil. It does not and can not do anything to prevent content distribution. The only possible outcome is to inconvenience legitimate use -- thus degrading the value of your product versus the pirated media. You're already competing with "free", you might want to avoid stacking the deck further against yourself.

The ultimate conclusion here is that enforcing copyrights on digital works is impossible. It's not practical to close the digital hole, and impossible to close the analog one. I'm sorry if that impacts your business model.


> a technology that is decidedly against the public interest.

Hey, not all of us believe that. I'm perfectly fine with putting DRM on streaming video; I certainly don't expect to be able to download all of netflix to my computer for one month's subscription. It's much more of an issue when I pay full price for a movie (after pressing the "Purchase" button) and I find I don't actually own it.


Content decryption modules are plugins by another name. The spec gives no guarantee that a given CDM can be interoperable with all browsers (being a binary it can possible arbitrarily reject to operate with a given browser), Operating system (because it's a binary) or that all browser functions and accessibility features will work with them (CDMs could completely bypass the browser's rendering pipeline and overlay the content using protected paths).

The proposal is a step back for the openness and interoperability of the Web. Substituting plugins with binary CDMs is not progress and I doubt any kind of popular content which rights are held by the big copyright giants will be compatible with clearkey.

I foresee that GNU/Linux users will be shafted and will not be able to access DRM'ed content and the proposal is toxic towards the Web.


Content decryption modules probably won't be plug-ins.

> The spec gives no guarantee that a given CDM can be interoperable with all browsers.

I'm not sure if the CDM is actually part of the spec. They are in the diagram for illustrative purposes. The APIs being proposed on the media element are agnostic to the type of CDM being used.

> The proposal is a step back for the openness and interoperability of the Web.

If you include video from Amazon, HBO Go, Netflix, and others in your definition of "the Web", then I disagree. This spec expands the set of applications that can be implemented in HTML5 and javascript. It doesn't immediately change the interoperability of these applications, which already have limited platform reach, but it at least opens the door for more platforms (like Linux).


>I'm not sure if the CDM is actually part of the spec. They are in the diagram for illustrative purposes. The APIs being proposed on the media element are agnostic to the type of CDM being used.

The spec may not have specifics on the CDMs themselves but that doesn't really matter. A closed-source, platform specific CDM (e.g. one distributed with Windows containing keys for the major media distribution behemoths) is very bad for interoperability. Such kinds of CDMs will probably not find their way to GNU/Linux of BSDs.

>If you include video from Amazon, HBO Go, Netflix, and others in your definition of "the Web"

The Web is the platform itself, not the services offered over it in my book. Companies and business models rise and die all the time but the platform of Web is what remains behind. It should not be saddled by companies like Netflix that use it and try to influence its direction to further their interests. And there is no open door for open-source, CDMs on open-source systems without a "Protected Media Path" or similar.


Simple question:

Do you think EME is actually going to prevent Netflix shows from showing up on thepiratebay?

I don't think it has any chance - DRM on PCs is always pretty quickly bypassed - which is why it frustrates me so: it will likely end up preventing Linux users from accessing content legitimately, or Mac users from AirPlaying content to their TVs, with no actual benefit against piracy. At least where it pertains to high value content, it is little but a lie mutually agreed upon with rightsholders. :(


> Do you think EME is actually going to prevent Netflix shows from showing up on thepiratebay?

No, and that isn't the purpose. The purpose is so that Netflix can show you movies that Hollywood lawyers insist be encumbered with DRM because they won't try and understand that DRM doesn't actually do anything. Maybe one day Netflix will be big enough to push back, like Apple did with mp3 DRM, but until then, this is the only way to show premium content to people without requiring a plugin from Microsoft.

> it will likely end up preventing Linux users from accessing content legitimately,

Actually, the inclusion of EME in HTML5 is exactly what would enable you to watch content on Linux.


So we're including things in the HTML spec just to satisfy hollywood lawyers now? We would be saddling a spec(and any browser wishing to implement it) for what will probably be a decade and possibly more just so hollywood execs/lawyers can cover their asses and protect a dying business model which will probably be outlived by both the spec and implementing browsers.

I find that stupid, to say the least. Especially since, it is highly likely that at some point, some company will be big enough to push back and distribute things DRM-free just like Apple did with iTunes.


But once the model dies, why does it matter if it is in the spec? If a company (say Apple) gets big enough to demand no DRM, like Apple did with music, then no one will use the standard anymore.

So why does it matter if the standard makes it easier to more widely distribute the content, which will only help in hastening its demise by allowing someone to grow big enough to push back?


Given that for EME to not be trivially bypassed, the CDM has to be a blob implementing its own decoders, how is this significantly different than Flash or Silverlight binary plugins?

Why would whoever's developing these CDMs (each individual site I'd assume?) suddenly invest the resources into providing Linux versions?


Google owns this company: http://www.widevine.com

Which already has a linux plugin. That is why they are pushing for the standard as well.


Locks don't prevent cars from being stolen or homes from being robbed. Determined attackers have the advantage. The real problem with DRM is the lack of convenience and user unfriendliness. I must say, however, that the DRM in Netflix is nearly invisible except for the plugins. It looks like this proposal effectively reduces the size of the plugins required.


DRM is not meant to stop the flow of content to thepiratebay, and never has been. Its purpose is to stop casual sharing, enforce region restrictions, and encourage repurchases. That's all.


A few question about the EME proposal:

> BTW, open source browsers can easily implement this spec since it doesn't require the browser to implement a "decryption module" themselves.

Does this mean, that the 'decryption module' is necessary closed source?

And from the spec:

>4.1 "Secure proof of key release must necessarily involve the CDM due to the relative ease with which scripts may be modified. The CDM must provide a message asserting, in a CDM-specific form, that a specific key or license has been destroyed. Such messages must be cached in the CDM until acknowledgement of their delivery to the service has been received. This acknowledgement must also be in the form of a CDM-specific message. "

Perhaps I misread, but the datastream is relayed from the browser to the CDM ( and the browser loads and potentially modifies the CDM), so how does the standard ensure that the proof of destruction is actually a message from the CDM and not from the browser?

>9.1 "Everything from user-generated content to be shared with family (user is not an adversary) to online radio to feature-length movies."

Does this imply that from the standpoint of the proposal the user is an adversary, unless specifically noted?


> Does this mean, that the 'decryption module' is necessary closed source?

Is there any precedent of anything being closed source behind standards implementations from the W3C? That seems unlikely, this seems terrible.


Thanks. I read the spec and saw this regarding open source browsers:

"9.5. Can I ensure the content key is protected without working with a content protection provider?

"No. Protecting the content key would require that the browser's media stack have some secret that cannot easily be obtained. This is the type of thing DRM solutions provide. [...] In addition, it is not something that fully open source browsers could natively support."


Exactly. This illustrates why this W3C spec is not DRM. Some other DRM technology is needed for certain modes.


So it's not DRM, it's just a way for 3rd parties to plug in their own DRM system.

Sorry, that's worse, not better.


Third parties, namely Flash and Silverlight, already plug in their own DRM systems via NSAPI. How is this worse?


Depends. What Flash and Silverlight do is just as bad => This proposal isn't worse.

But Flash and Silverlight are dead or dying and were never public specifications we cared about. What I consider 'worse' here in this proposal is that we'd kind of 'bless' the DRM layer in HTML. I fear a comment like "Hey, it's part of HTML 5 so it has to be good, right?" if nonsense like this is added.


Oops, I meant NPAPI (not NSAPI).


We don't want to make it easier to add DRM. The more painful it is, the better.


> If we're going to transition to a plug-in free web then we need HTML5 video to support these extensions.

So, a plugin-free web that requires plugins?


Smaller specialized standard plugins.


Smaller, specialized, closed-source plugins that are practically guaranteed to become attack vectors.

Personally, I'm glad Flash is dying and am not in any real hurry to replace it.


No, it doesn't require plugins. The EME approach is agnostic to whether the "decryption module" is implemented by the OS, the browser, or a plug-in. Nothing specifies where they come from, but in practice I think they will usually be provided by the OS. We'll have to see what browsers end up doing. There will probably be a variety of approaches.


So in this scenario, what is the “decryption module” likely to be? Software you download? Software that comes with the OS? Hardware baked into the chip or motherboard?

What would prevent determined users from reading, and publishing, any “secret” keys used by such a decryption module? I'm assuming the answer is nothing, since this seems to have happened with every DRM scheme that has been tried.


1. DRM is unethical.

2. DRM is a dying trend.

3. DRM goes against the principles of the open Web which W3C is supposed to promote.

Given the above, it's not the business of W3C to promote DRM on the Web let alone to standardize it. Quite on the contrary, W3C should prevent DRM proliferation. And it's simply dumb to standardize the dying trends. Why doesn't someone propose to make Flash a Web standard for example? It's still widely used, but it's a dying trend for the Web.

> The W3C spec does not put "DRM in browsers." It allows browsers to use "decryption modules" that already exist elsewhere, like in the OS platform. There are APIs to determine what sorts of "decryption modules" are available and to use them to decrypt media.

See the W3C mail list. It is about putting DRM in the browsers. The language was watered down on purpose, but it doesn't change the reality.

The bottom line - those who think they need DRM - let them stick with what they have. Those who want to move to open web - don't need plugins and don't need DRM either.


So, if these decryption modules are already in the OS, what's to stop people from straight up ripping the streams?


Will EMEs be a new attack surface for security exploits? Who will be creating them and will we be able to rely on them to fix bugs responsibly and in a timely manner?


Netflix doesn't deserve respect for obliging the movie industry in pushing DRM to the Web.


First you have to understand that not all of the content broadcast on the BBC is created by the BBC. They carry programs made by independent, limited, for-profit studios. They also regularly carry movies. All of which they put up on their iPlayer service.

As an example, you can currently watch Madagascar, in full, for free on BBC iPlayer (http://www.bbc.co.uk/iplayer/episode/b00gd77z/Madagascar/).

While there is an argument that programs produced by the BBC should be DRM free, there is no way larger, and independent studios would allow their content uploaded DRM free.

Personally, I want the BBC (and other sites) to be able to use technology like HTML5 video, because I don't like flash, and it's unlikely the studios are going to suddenly decide their OK with DRM free video, I'm not necessarily /for/ DRM in HTML5, but I don't see any other way around it for now.

While you can argue all you want about how DRM is useless and easily broken, as yet no-one has managed to convince big TV and movie (and even game) studios of that. The BBC is just doing what it feels it needs to in order to be able to deliver video using the latest technology, while keeping it's partners happy.


I think everyone understands why these companies (including BBC) are pushing for DRM. That doesn't mean it's not evil.

The larger issue here, expressed quite well by Doctorow, is that this push requires converting the web into a closed platform. It's clear why entertainment companies want to turn the internet into something that can only be consumed by, say, the Apple app store.

That's also the reason why this will never fly. Even if/when the W3C gave in to these demands, browser makers other than Apple and Microsoft would never stand for it. And even if they did somehow, it would be trivial for the open source community to release one without those features.

I'm not saying the outrage is entirely misplaced, because it's important to keep an eye out for what those companies have planned for our future. But as far as the fear of actual threat is concerned this should not alarm anybody.


I'm alarmed. They can lobby to outlaw owning or distributing DRM-free browsers, just like the push to make DVD-ripping technology illegal.


I am not convinced of this analogy. What is illegal is not copying data off DVDs, it is breaking the DRM to do so. The difference is not obvious because most DVDs are protected by DRM, but that is not true for websites.

As another example, Flash (which is being directly replaced here): Apple happily ships browsers without it, users are already used to a video not working every now and then, and no one has ever pushed to outlaw browsers without Flash.


> What is illegal is not copying data off DVDs, it is breaking the DRM to do so.

Not quite. Depending on the reason for making the copy, both may be illegal. Remember that copying a DVD for certain purposes was illegal before DRM even existed.

> The difference is not obvious because most DVDs are protected by DRM, but that is not true for websites.

So does that mean one may legally copy an entire Website and post it somewhere else? This is where the argument breaks down. DRM only adds to the roster of illegal acts, it doesn't mean something not protected by DRM is fair game.


this push requires converting the web into a closed platform

How so? It requires the ability to have "locked" content and a mechanism to "unlock" it, but how does this affect anything else? Honest question.


Because the browser is an open stack. There are many layers interacting from the network protocols up to the rendering and scripting engines, and they are all open. The implementations are generally open, but more importantly it's possible to look into the data itself. You can see why this is a problem for DRM. To "properly" lock it down, you'd have to close the entire stack, and then you'd have to outlaw open source implementations. The whole thing is just not designed to disobey the user. Keep in mind that this would have to cover the entire chain, from the network connection all the way up to the screen you are allowed to play the content on.

For that kind of DRM to work, your browser would have to be turned into a black box that is difficult to inspect, designed to be controlled entirely from remote, and illegal to alter.

If this series of events were to unfold, closing the browser would not be done to benefit the content industry directly. They don't need that to deliver content, because they can always just put out an app and pump out their stuff that way. They can also just make a plugin if they want to deliver video content through the browser - which would possible with current technology today. That's not why they are proposing this. Instead this move would serve solely to restrict user freedom to use anything but approved apps for approved content.

So to make it clear why this outrage exists: there is absolutely no technical need to include this natively in HTML5. The proposal does not aim to give something to the content industry, it is instead designed to take something away from everybody else. That's not a subtle difference. But, as I said earlier, it's doubtful it will/could play out this way. The only way to achieve this "dream" is by making the web as it exists today illegal to use, and then enforce that ban through extensive ISP surveillance. In which case a DRM solution for HTML5 wouldn't matter anyway.


To "properly" lock it down, you'd have to close the entire stack, and then you'd have to outlaw open source implementations.

ORLY? How does encryption work then? One could say "in order to properly encrypt your stuff, you actually need to make sure nobody is outside your window with binoculars", but that's not the job of encryption is it. I guess it would ultimately boil down to possession of private and public keys, and making it illegal to transmit those. So? As you said, they can deliver their stuff in proprietary apps already, what is lost when they use proprietary keys instead?


YARLY! If you encrypt content, it's not DRM-protected. When you use a normal everyday encryption solution, you send me the encrypted data, encrypted with my public key and I decrypt it with my private key and then I CAN DO WHAT I WANT with it. That is what the entertainment companies want to protect against - the ability to move the plain bits once you have them decrypted. With any open-source software, you can change it to do whatever you want with the decrypted bits. Honestly, the only way for them to get what they want is to have a piece of special hardware, which you install in your pc, that does decryption of the media and outputs it only via secure connection to an a/v setup that contains a camera which does facial recognition to make sure only you are sitting in front of the PC.

Fortunately, that's still a bit too expensive to consider. Also, it will be broken by the first bored hacker with a soldering iron.


Most entertainment companies accept the current flash based solutions as sufficient. In this case they are trying to bring html5 to te same level as flash.


Exactly; closed source and patented.


I'm pretty sure something similar to Adobe Access can be implemented for html 5 without requiring us to close source browsers, or patent them. I fail to see why you think otherwise.


Because I still have faith that the W3C wouldn't sell out to a closed solution owned by a single company.

We're talking about a web standard, not some company's broken software.


They aren't talking about using adobe's software. They want to do something similar for html5.


And you expect them to stop there?


I don't think much of slippery slope arguments.

That aside, not having DRM for html5 would likely do more harm to the open web than not doing it. Take ABC for example, they only let you view their content through flash or through a native app. This hurts the open web more than giving them DRM in html5.


> I don't think much of slippery slope arguments.

They are already closing the "analog loophole" everywhere else with HDCP and DRM enabled theater projectors, it's pretty clear that's where "content owners" want to be.


That is not what the bbc is asking for here!


Yes, really. Encryption in the browser today works exactly the other way around. It's sole purpose is to ensure data integrity on my behalf as things are transmitted between me and my chosen endpoint. The endpoint is not protected from me, and I can do whatever I want with this data once it arrives in my browser. DRM would be the antithesis of that. The problem is not they keys, it's what they keys can control or not.


That you'd need a closed source browser or plugin to access the draconian DRM content that insists on protecting the render path wouldn't mean anyone would have to consume said DRM content, or use such a browser for anything else. As you said, they could as well "put out an app", they already do; and adding a "content protection provider", a black box ultimately, to a browser just turns that browser into that app. But, and that's kind of my point, it doesn't affect my browser in any way I can discern, at worst it would mean somtimes seeing "sorry, your browser (or lack of plugins/dongle/whatever) does not support playback of this content", as opposed to that page not being there in the first place.


They aren't trying to "properly" lock it down. They are trying to bring html5 up to the same level as current flash based solutions.


I'm pretty sure you can do that already. HTTP has authentication, HTTPS gives you content encryption, rate limiting can prevent content scraping, I mean if you really wanted to you could do something with canvas (the hardware acceleration stuff that's being worked on could even make it perform fairly well, I suppose). Its not the same way but it could give the same result.


You can't do it already. What you described is not the same level as current flash solutions.


Well, I'm not particularly familiar with DRM apart from not liking it. What exactly does flash do that makes the DRM-loving lawyers consider it acceptable? From my point of view the kind of control offered by HTTPS and normal browser authentication is enough but the MPAA and RIAA (or the BBC, for that matter) clearly don't agree.


In flash, the bits that are coming down over HTTPS are DRMed. If you save them to your local disk you can't play it directly.


Today, you can build a browser that can render all content on the web that adheres to the open standards.

With DRM built in, you can adhere to the standards all you want, you still can't render all the content unless have access to the secret keys, which can only be granted to you by the powers-that-be.

The only viable client-software will be that controlled by a few major companies in cahoots with the content-industry, and they will dictate terms on the rest of us, tearing down whatever "open" is left. Average users are not going to install an open, non-DRM client if that doesn't allow them to use Hulu, Netflix, YouTube, BBC etcetera.

Thanks to "open", the total monopoly if Microsoft's IE6 was broken and the web moved forward. With DRM, that will no longer be a viable option. Google, Microsoft and Apple together will decide how we experience the web.

If you think "open" will still play a role in that, you must haven been living under a rock for the past 10 years. Even Google's love for "open" and "neutral" has been reduced to mostly marketing.


  > Today, you can build a browser that can render all content on the web that
  > adheres to the open standards.
Actually, if your browser would only show that kind of content you wouldn't see much. Very little content on the web follows any standard at all.

  > Google, Microsoft and Apple together will decide how
  > we experience the web
You forgot Mozilla. And anyone making web browsers. That how it always was, that how it always be: browsers vendors will decide that.

  > and they will dictate terms on the rest of us, tearing down whatever "open" is left.
  > Average users are not going to install an open, non-DRM client if that doesn't allow
  > them to use Hulu, Netflix, YouTube, BBC etcetera.
And there you have it: the amount of "whatever "open" left" is immensely bigger than all hulus and netflixes. I cannot see hulu and netflix anyway, does that mean I have no access to the open web already? What does it mean "non DRM" client anyway? The one that only shows DRM'ed content? Does this exist? Back in the days of ITMS selling DRMed audio content iTunes still could play any mp3 you threw at it, and it still can do the same today. Just because some client will allow you to play DRMed content it in no way means that it won't be able to play open content. And because of that all this outrage is quite moronic.

> If you think "open" will still play a role in that, you must haven been living under a rock > for the past 10 years. Even Google's love for "open" and "neutral" has been reduced to mostly marketing.

Yes, I do. Your argument is just stupid.


> You forgot Mozilla. And anyone making web browsers. That how it always was, that how it always be: browsers vendors will decide that.

Surely the implication was that Mozilla, and any other browser maker who does not or cannot support these locked-down content models, risk becoming irrelevant because the vast majority of people will use browsers that do support the protected content?


The current DRM proposal [1] requires specific platform-specific CDMs (content decryption modules) that are not prart of the the browser. Those can be anything, from an open source module with cross-platform support to (most likely) a closed-source binary distributed by the OS and not available for use by specific browsers.

[1] https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-med...

More reading

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20944 http://arstechnica.com/business/2012/02/unethical-html-video...


The web is still open by default and can always be made more closed by deliberate action, just like Flash is closed by default and can always be made more open by deliberate action.

People have implemented crypto algorithms in JS for over a decade which would enable this kind of thing if you really wanted to. DRM is just formalising it and again is not the default for video or audio.

(BTW I already posted BBC's position on this last week - no response http://news.ycombinator.com/item?id=5200917)


My argument, and I sent this too them when they were doing a consultation a while ago, is that they shouldn't be buying content that they can't use for public service purposes. We have many good sources of movies in the UK, and many of them are "free" at the point of use (ie advert funded). Let them show Madagascar, and while they do that the BBC can run some other program. They should remove themselves from the content purchasing market if the terms are too restrictive to allow them to meet their public remit. We don't /need/ these films on the BBC. They could run some of the content they're currently relegating the digital ghettos of BBC3 and BBC4 instead.


>They could run some of the content they're currently relegating the digital ghettos of BBC3 and BBC4 instead.

Better yet, take the money they're paying to run Madagascar and use it to fund more original BBC content.


The counterargument is that, if you canvassed license fee payers, I bet more of them would care about seeing Madagascar without ads than about DRM issues. So should the BBC pursue what a small number of people loudly claim to be the 'public interest', or should they aim for what the public is interested in?

Thinking more strategically, the BBC needs some high profile popular things, including imported movies, to keep people on side. If they lose their popularity, it's only a matter of time before a politician wins votes by promising to slash the license fee.


Now every TV broadcast is digital, BBC3/4 are less 'ghetto' and more 'dumping grounds'


"there is no way larger, and independent studios would allow their content uploaded DRM free."

Then I guess they do not get to have it on the BBC website. You know, assuming the BBC sticks to its guns, which they apparently have not.


It is not at all the case that every film they show that they do not make is on iplayer. Most films are not. Most the content they make is on iplayer, but not all content they don't make. Not all content is even available in the live streams, eg sport which has other rights.

I would be happy for only BBC-commissioned content to be available without DRM and the rest to be not available or use plugins. Or indeed I would be happy for the BBC to not broadcast the output of Hollywood etc which is easily available elsewhere commercially eg on Netflix or Sky. I do not think that showing "Madagascar" is really a public service...


>you can currently watch Madagascar, in full, for free on BBC iPlayer

Not if you're a license fee payer or a UK tax-payer. You already paid to watch it.


But would all browsers and services use the same HTML5 DRM scheme, or would they be incompatible with each other, and then you'd need someone to make a plugin with "all-in-one" HTML5 DRM schemes? Because if they aren't compatible then that defeats the point of doing this in HTML5.


I hate DRM too, and yet I love watching Netflix streaming. The fact is, if it's trivial to clone data to the point that regular users can do it (Napster, etc), the business model for online rental vanishes. The fact that DRM is always defeatable through hacks and analog loopholes doesn't matter: it just has to be good enough to deter the vast majority of users.

I believe we need comprehensive IP reform across the board, including strong consumer protections and freedoms for "owned" content. But if the vendors are using DRM anyway (and they are), I'd rather they do so in a standards-based, interoperable way.


"The fact is, if it's trivial to clone data to the point that regular users can do it (Napster, etc), the business model for online rental vanishes."

Yes, and if it is trivial to send photos without first developing them, the business model for Kodak will vanish! Why, if it were trivial for people to move a carriage from point A to point B, the business model for buggy whip makers might vanish!

Why should we be concerned about obsolete business models failing? Why should we be concerned about inherently bad business models, like "renting" bits, vanishing?

We need to eliminate anti-circumvention laws as a first step, and then start talking about the possibility of completely upending the copyright system and replacing it with something that makes sense now that we have the Internet.


Obsolescence requires an old as well as a new. We have an old. But no clear new. Thus no obsolescence, just have a situation that doesn't work.

>"Why should we be concerned about inherently bad business models...vanishing?"

Because they may provide us something of value, e.g. content we'd rather have today than in ten years after some new distributor has figured his model out.

DRM could be considered a patch job, but no more than, say, land rights. Some societies, e.g. the Native Americans, had no concept of land rights. The U.S. likes strictly defined personal property. The British, and many Nordic countries, preserve a public "right to roam" to uncultivated land, public or private [1]. The balance can vary from situation to situation, but takes experimentation and an open mind to find. That is why we should care - because this is an active debate playing out in the twin forums of politics and markets.

[1] http://en.wikipedia.org/wiki/Right_to_roam


We like content. There is a business model that (most people agree) makes it so more content is created.

You are saying "why should we care about that business model being wiped out" [1], and the reason is because most people agree that that business model makes it so more content is created, which is what we want.

To convince us that we in fact shouldn't care, convince us either that:

1. Content (of similar quantity and quality) will in fact still be created, in spite of that business model dying. You're not likely to convince people of this, I believe.

2. Content (of similar quantity and quality) will in fact sill be created, because another business model will take its place.

[1]: Not a direct quote.


"Content (of similar quantity and quality) will in fact still be created, in spite of that business model dying. You're not likely to convince people of this, I believe."

"Content" was created long before copyrights. Technology may have changed and opened the door to new kinds of entertainment, but if you are looking for an example of how entertainment might be created in the absence of copyright, you need look no further than a history book.

How will movies be monetized? Maybe we need movie theaters to deliver a positive experience we cannot easily duplicate in our homes. Maybe we will see an increase in serials -- you do not get to see the next installment of a popular show until a certain amount of money is paid. Maybe there is some radically different way to monetize movies that neither you nor I are creative enough to come up with. As long as we cling to copyright, however, we will not only never see such things, but we will continue to see great systems and technologies killed in the name of copyright enforcement.

"Content (of similar quantity and quality)"

I think we can strive for something of better quality than what we see today. The majority of today's mainstream music and movies are not particularly high quality -- formulaic plots, formulaic melodies and arrangements, a heavy focus on special effects to make up for bad storytelling and unoriginal music, and a general lack of creativity.


If you want to convince me, show me where in history you have examples of content being created without copyrights, of the same quantity/quality. Obviously we'll have to normalize your data to the size of the population in the past, not to mention the amount of free time they had available.

And if you are really interested in this topic, I suggest you read about the history of copyrights. For example, in the 1800's there was a large debate about the values of copyrights in the British Parliament, which echoes a lot of the same arguments made today (even including a prediction of the kind of piracy we have today). One of the non-obvious points raised is that a model like you describe, e.g. most "normal" jobs where you get paid for your time/output, has some very undesirable properties. Specifically, not allowing for the "misunderstood genius" of people, but solely promoting popular content. The same kind of popular content you say is not of high quality, and which makes up a large proportion of content today, but definitely not everything.

I'm not saying there aren't other answers out there. I'm saying that dismissively saying "look at history" ironically ignores history - the systems in place today are the result of a lot of discoure on these subjects throughout history, and saying "let's just scratch what there is and start over" is about as smart as trashing a large software project and recoding from scratch. [1]

[1] For non-programmers: this is widely considered a very wrong thing to do.


"And if you are really interested in this topic, I suggest you read about the history of copyrights"

Been there, done that. You left a few details out, like how the first copyright law, the Licensing of the Press Act, was passed to enforce censorship, and how the next iteration was passed following heavy lobbying pressure by the printers who had enjoyed the monopoly position they held under the censorship program. The idea that copyright began as a way to pay authors is based on ignoring the Licensing Act and based on ignoring the role that printers played in pushing for the Statute of Anne.

The arguments authors made in favor of copyrights in the 18th century would have amounted to nothing were it not for the business community.

Prior to copyright, you had Shakespeare, you had folk music (which was spread peer to peer), and you had other modes of entertainment. Nobody was wanting for music or comedy. Written entertainment was more limited by the poor literacy rate of the general population than by the lack of written works. The biggest problem facing actors in 16th century England was not the lack of income (despite the easy duplication of a play), but the fact that they were often arrested as vagrants, and the general trouble with having secular theater at a time when religious institutions were fighting to stay relevant (sound familiar?).

Numbers are unfortunately hard to come by. On the other hand, you can find many shelves of centuries-old songs that were recorded by modern singers -- and it is not unreasonable to say that those songs are just a fraction of what people were singing centuries ago (society tends to forget songs, stories, and games over time). I do not think it is wrong to suggest that there were not shortages of music in the 16th century.

"not allowing for the "misunderstood genius" of people, but solely promoting popular content"

Copyright has done little to alleviate that. Misunderstood genius does not pay the rent; only popularity gives artists enough income to make ends meet on royalties alone. Authors, musicians, and actors frequently stick to their "day jobs" just to pay rent.


> If you want to convince me, show me where in history you have examples of content being created without copyrights, of the same quantity/quality.

That is going to be difficult given that copyright has been granted automatically on new works for a long time. However, I will say that my most favourite shows to watch on TV are available via video podcasts for free (legally). They are not exactly free of copyright, but for all intents and purposes, I'm not sure the lack of copyright would really affect these programs. Any money they do make comes via me watching the show, not by their method of distribution.


I don't think it's a given that this model is inherently bad, obsolete, or evil. Unlike say, horses and buggies, it's not clear that there's a superior alternative here.

In the case of video in particular, high quality content is still very expensive to produce. By removing the ability for movie / tv studios to make money from content, the likely outcome is we simply don't have big budget movies or high quality TV anymore.

Aside from all of the reasons why the businesses might want their revenue streams to stay intact, most consumers probably want it as well.


>By removing the ability for movie / tv studios to make money from content, the likely outcome is we simply don't have big budget movies or high quality TV anymore.

I want to see some evidence that this is happening. All their movies are on The Pirate Bay and Hollywood is still making record profits. How is "making record profits" a problem deserving of countermeasures that are both ineffective and draconian?


"Unlike say, horses and buggies, it's not clear that there's a superior alternative here."

"Better" is subjective. I think a system is "better" when it ensures that people can access entertainment regardless of their income, all things being equal.

Could we monetize entertainment without sacrificing such things? Surely we can. We can have serials, for example, such that the next installment will not be released to anyone until enough money is raised. We can make movie theaters an experience worth paying for, rather than focusing on the movie itself.

This same sort of argument -- "we have no alternatives!" -- was made when automobiles rendered animal-based transportation obsolete. Pedestrians might be struck by cars! The speeds are too dangerous! They are so much noisier than horses! Yet in the end, the car was "better" than the horse, and now we face riots when gasoline becomes scarce.

I think the same is true of the Internet, when it comes to copyrights, photography, post offices, and so forth. When I was a child, photography meant film, and you had to drop film off somewhere to have your pictures developed. Then digital cameras came out, and for all the complaints about quality (remember when 1 megapixel was a big deal?), the film camera business fell apart. It was not just that we had digital cameras, it was that digital photographs could be transmitted to anyone with an Internet connection at no real cost -- whether you sent one photo, or a hundred photos.

Is it clear that digital is "better" than film? It all depends on your definition of "better." Film has more pixels at lower cost. Digital still won, and it wins even when the pictures are taken using cell phone cameras. Digital present society with a new set of problems to deal with, like the ease with which pornography can be made (middle school girls can be tricked into taking pornographic photos of themselves and sending those photos to men on the Internet, etc.), but nobody claimed it was a panacea; it just solves the problems people actually care about better than its predecessors.

The same argument applies to entertainment. People do not really care about quality; the continued popularity of camrips, and the continued popularity of low-end, unoriginal movie franchises should be proof enough. People want entertainment quickly, they want no restrictions on when and where they can watch it, and they want to be able to go into work the day after a show aired and laugh about it with their coworkers. My mother does not care about copyrights or DRM laws when she rips DVDs and copies the rip to her tablet -- she just wants her favorite shows on her most portable computer when Internet service is not available.

Copyright is obsolete because it encourages a system that makes all of the above expensive or difficult, and because there is another system that makes all of the above less expensive and less difficult. Cars get people from point A to point B faster and with less expense than horses; nobody cared about the noise, pollution, or danger. The same is true of copyrights: nobody really worries about the risks copyright lobbyists whine about when they download a torrent, because copyrights don't deliver what people really want nearly as well as the Internet does.


You cannot possibly be that dense. Though copyright laws need reform, there is 0 chance of completely dismantling them. Not only because there is no political willpower to do something like this, but also because it's not the right approach, and nobody actually wants something like this - not content creators (from software shops, to musicians to music studios), and not regular consumers. Framing your discussion in that corner, makes it easy to just completely dismiss your point of view because there is little value in it.


All business models break down without law. You've just decided which laws you like and don't and which business models you like and don't. I disagree that renting bits is evil. I think selling out peoples privacy is evil. That's what has arisen instead because its impractical to rent bits. We're just arguing relative moral preferences at that point.


I'm not arguing that every business model deserves to survive; I'm talking about the specific case of consuming audio/video content without keeping it. Renting bits does seem antiquated, yet it's a type of transaction that both consumers and creators enjoy.

Obviously in a perfect world, DRM would be illegal (or at least, frowned upon by consumers), and all content would be available in a globally accessible digital library that magically compensated creators. But that would represent a huge shift in economics which would have to take place at the level of law and public policy, not the technology used to facilitate the transaction.

The situation is analogous to abstinence vs. sex education for young people: if they're going to do the wrong thing (DRM/promiscuity), they should at least do the wrong thing the right way (web standards/using protection).


Do you believe in unions then? Unions are pretty much the same thing. They inflate wages and force companies to pay workers a wage that would otherwise be much less. Unions have also prevented some jobs from being automated (IE: making them obsolete).

"start talking about the possibility of completely upending the copyright system and replacing it with something that makes sense now that we have the Internet."

If a company pours millions of dollars into something that many people enjoy, why shouldn't their works be protected?

You talk about changing the system and I feel like what you really want is no protection for content creators.


>Do you believe in unions then? Unions are pretty much the same thing. They inflate wages and force companies to pay workers a wage that would otherwise be much less.

That's the neoliberals or naive american's view on unions.

People all over the world would beg to differ.

Unions restore (some) of the imbalance in power between the employeer and the individual worker.

The protect people that need a job to feed their families against blackmail from those offering a job, and force companies to pay a wage that would otherwise be much less (at the threshold of substinence, if there weren't any unions around, such as it was in the 19th century).

Unions have also won many cherished rights, from prohibiting child labour, to the 8-hour work week, to work safety measures...


> to the 8-hour work week

You're a couple deacdes early with that


LOL, missed that!


"If a company pours millions of dollars into something that many people enjoy, why shouldn't their works be protected?"

Kodak poured millions of dollars into the film development system. Why shouldn't they have their revenue stream protected too? Why not freeze the progress of technology to ensure that no business ever becomes obsolete?

We had entertainment before copyright. We will still have it afterwards.


This is a false analogy. Kodak's revenue stream was not protected, but people were prohibited from stealing their film. The film business disappeared because of alternatives that the market preferred.

The case of content is different. Free content is not taking much market share from professional producers. A small subset of people are illegally stealing professionally produced content via torrent sites, but that group is small enough that it's still economically viable to spend $50M to make a great movie.

If we eliminate copyright, that group grows large enough that nobody will spend $50M to make a movie, and the big-budget movie will disappear. The big-budget movies don't disappear because people don't want to see them, or because free content has displaced them in the market. They disappear because so many people steal the content against the wishes of the publisher, it's no longer economically viable to produce the content at all.


> The fact is, if it's trivial to clone data to the point that regular users can do it (Napster, etc)

It's already trivial for regular users to download pirated data, even if only experts can get around the DRM to copy and release it[0] in the first place.

Case in point: House of Cards. Fully, freely and easily available to Joe The Pirate Next Door Schmoe, now that some nerd (TRIC? BTN? ASAP? Immerse?) has gotten around Netflix's DRM.

[0] https://en.wikipedia.org/wiki/Warez_scene#Release_procedure


The DRM is just one part of a strategy to make it just sufficiently unattractive to get a pirated version. Users can be worried about being caught, about their computer getting viruses, or just be put off by ugly websites and interfaces (Joe Schmoe isn't going to use get_iplayer at the command line).

If they can make pirated versions look shady and illicit, lots of people will be willing to pay a bit for an official version of the content. Part of that is implementing enough DRM that making a copy isn't as easy as right clicking the video and clicking 'save as'.


How does one have anything to do with the other? Would there be fewer viruses (or less Hollywood propaganda about viruses) on pirate websites, or different legal risks (or propaganda about legal risks) in downloading from them if DRM didn't exist? How does it help Hollywood that you can't click "save as" on netflix.com after paying but you can still do it on any pirate website without paying?


If it's easy to pirate, then Joe Bloggs rents a movie, copies it and shares it with all his mates at work. They know him, so they trust that they're not getting viruses, and they're not worried about being caught, because they're just copying it off a USB stick. A couple of them pass it on to some other friends. Or at least, that's what the content producers think will happen.

DRM drives people to pirate websites instead of that, with the associated risks of dodgy downloads and being tracked. Additionally, the content producers can apply pressure to search engines, domain registrars and ad providers to keep the site on the back foot, so links will break. Faced with that, at least some of Joe's friends will cough up to get their movies legally. Especially now that content providers are finally starting to get the idea of providing content cheaply and conveniently.


>DRM drives people to pirate websites instead of that, with the associated risks of dodgy downloads and being tracked.

Even forgetting that the DRM is totally broken so Joe can still about as easily do the same thing by just downloading some software, it still doesn't seem like the effort is worth the candle. It isn't Joe's friends who have to go to the pirate website, it's just Joe, who can still distribute it to his friends thereafter. Or for that matter, Joe's buddy who is more savvy than Joe and so gets the movie from the pirates and checks it for viruses and gives it to fifteen Joes who each give it to fifteen work buddies.

The fact is that if people want to pirate stuff, they can. Thinking you can stop that is just a fantasy. It's more important that you not make people think you're a jerk by suing and jailing everyone and imposing DRM on them, so that they're more interested in giving you money, than it is to maybe make it ever so slightly more inconvenient for pirates. I me honestly -- the DRM creates more inconvenience for the people who are paying you than it does for the pirates. Weigh one against the other and you don't get a net increase in sales.


get_iplayer still works? I thought that it stopped working years ago!


Still works, though development has moved on from the original guy.

Relevant bit from the new projet's website:

"DRM

get_iplayer does not circumvent any digital rights management security (see the BBC’s website on how to do that with the Windows-only DRM content they provide). get_iplayer does not circumvent any effective technological measures. The BBC does not implement any such measures. They use RTMP which is a streaming protocol now publicly published by Adobe. Sometimes they use RTMP ‘SWF verification’ which has proven to be ineffective in its current BBC implementation (flvstreamer cannot handle such verification requests so the stream is dropped and is then automatically resumed). The iPhone streams are also unprotected and use plain progressive download HTTP protocol. The WMA and realaudio streams and likewise unprotected. The BBC may at some point choose to effectively protect their streams with DRM or some ‘effective technological measure’ in which case get_iplayer will no longer be a useful tool for those streams. The BBC do implement DRM on their Adobe Air downloadable files and therefore get_iplayer is not useful with those. The BBC iPlayer TV only works in the UK so that they can limit the reach of their output to UK TV Licence fee payers who fund iPlayer (although legally you do not require a licence to watch non-live iPlayer output)."

http://www.infradead.org/get_iplayer/html/get_iplayer.html

So all the many comment in this thread about what the BBC could not do without DRM seem to be contradicted by the facts. All the BBC need is something that claims to be DRM but really isn't.


I think Netflix proves the opposite point: If it's easy enough to pay for content, people will do it.

There is nothing on Netflix I couldn't get via less legitimate means. And these days even technophobes know enough to type "downton abbey torrent" into Google. But they use Netflix because part of that $8/month goes to making it much easier, and a better viewing experience.

Netflix having DRM doesn't help Netflix or the users one whit. It just increases costs and reduces adoption among those who favor non-targeted platforms. It's just a pacifier for a small number of corporate executives.


>The fact is, if it's trivial to clone data to the point that regular users can do it (Napster, etc), the business model for online rental vanishes.

But it already is more trivial than Napster, so if that's your bar, the business model for online rentals and digital sales would already have vanished. And yet Netflix and iTunes seem to be doing OK.


Or we can outlaw DRM and put evolutionary pressure on the content providers and emasculate the gatekeepers.


And what would the result be? Everybody gets into bed with advertising, all the time? Why not simply make DRM super simple, kinda like adding an IMG tag to webpage is now? Then artists etc. can become the content providers, decide themselves what they want to offer and how much it would cost, and the audience in turn can decide wether that is fair or a ripoff. That'd be evolution worth talking about..

But if you just "outlaw DRM" (without having any ideas how to enforce copyright otherwise), what does that leave them with? Deals with third parties. The interwebs pompousness regarding this is just hilarious, considering all the middlemen the web is swarming with. What artist can do, or dares to do, without Twitter, Facebook, something like cafepress, maybe specific event websites etc.? Can you see my point? We haven't really steered them away from dependance on big money yet, and already they're getting entangled in a second layer. It's pathetic how easily that gets accepted.

Everybody should have their own website, content creators should have two at least, and the only "content providers" we should ultimately need are ISP's and webhosts, the rest I would prefer to be open protocols. We need more payment options without being at the mercy of individual providers, and we need to grow the fuck up and realize that actually, sometimes it's okay to ask for a bit of money for something that cost someone days, weeks, months to create. We don't rob every shop we see out of spite just because the cash register is locked, and I do feel the interwebs sometimes has that attitude to virtual goods. Evolutionary pressure might as well mean extinction, so maybe think twice.


AFAIK, all popular DRM schemes have been circumvented. In principle, any DRM scheme can be circumvented unless the hardware that decrypts the content (and therefore holds the private key in memory) self-destructs when tampered with.

This is a battle that content providers want to win. They can always find some plucky technologist saying that have an unbreakable DRM scheme. In the end, the question is whether DRM really needs to be there to keep honest people honest.

The idea that content providers think that there is this some untapped boon of cash from high school, college age, and 20 somethings who are doing the bulk of the pirating.

I do not want DRM to mean all media players have to be locked down proprietary software with the security enhanced only through obscurity. I don't mind there being a lock to remind honest people to be honest, but I don't like the idea of content providers bestowing upon a lucky few technology companies gatekeeper rights. It's not even in the interest of the content providers.


Then kill the content providers dead for all I care; let's talk about content creators instead. I mean, just consider the evil record companies: for every artist they exploited, there was an artist signing a contract. Are they just that stupid, do they feel forced by the uncertainty of their profession? Etc. But to just pretend content providers are sitting on something that ought to be free is bullshit. And I say this as someone who never took a cent for a photo or song I made. That was still my choice, and if you want to take that choice away from me you better start making photos and writing songs, because I'd be pouting.


That was still my choice, and if you want to take that choice away from me you better start making photos and writing songs, because I'd be pouting.

s/choice/privilege/g


And what is that even supposed to mean? Even if you had a point, and it was a privilege and not a right [1], that would simply mean I made a choice based on that privilege, it doesn't mean "that choice wasn't actually a choice, it was a privilege". You know, just because you can feed something into a computer doesn't mean a thinking human would buy it.. I might as well quote you and prepend "if (1 == 2)", there is endless derpy fun to be had there, but I'll pass.

[1] http://www.un.org/en/documents/udhr/index.shtml

Article 27

(1) Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.

(2) Everyone has the right to the protection of the moral and material interests resulting from any scientific, literary or artistic production of which he is the author.

You might point out that those rights seem to contradict each other, and of course it leaves a lot of room for interpretation. But privilege? Privilege is if you use my stuff without permission and I shrug it off.


I didn't say it wasn't a choice; but it's also a privilege, and I find that important to point out. As for the UN declaration, it's a nice document, but it's also very inconsistent, as most declarations which include positive rights usually are.

Privilege is if you use my stuff without permission and I shrug it off.

It's not your stuff; nobody hacked into your computer to get it. You gave or sold it to someone else. Besides, property is a concept created for the allocation of scarce things. It makes no sense when applied to effectively unlimited elements.


Inconsistent or not, it is very clearly called a right. That there is another, conflicting right, doesn't make either of those a privilege. And if I, by default, have all rights to it, then it's also my right to give those up, and giving the things away -- which is an explicit decision, not determined by "can it be copied" -- then if anything it's a privilege to peruse them, since contrary to the copyright protection, nobody is entitled to me giving it up upon creation.

property is a concept created for the allocation of scarce things

No. Copyright includes things such as me having a say wether my photo will be used to advertise rat poison or neonazis, or someone else claiming they made them etc. (if I can prove I am the author, they at least have to cease from that claim). I guess that's covered with "moral interests", not sure; but my point was simply this: that I give stuff away is a free choice. If any photo I took would automatically belong to anyone no matter how they got at it to do whatever they want with it, I would not take any more photos. In my case nothing of value would be lost, but that's not the point.


I, by default, have all rights to it

That's the UN's opinion, not divine law. But in any case, the article doesn't say we have the right copying. A system with attribution protection and mandatory profit sharing - but no copyright - would be enough.

If any photo I took would automatically belong to anyone

It doesn't belong to anyone. A copy can be owned (by you, until you sell it or give it away); a photograph is a concept, an idea.

I would not take any more photos. In my case nothing of value would be lost, but that's not the point.

That's absolutely the point. The only reasonable justification for granting a monopoly over copying is because of the benefits to society. But the context has changed and deal stopped being fair a long time ago - if it ever was.


Afaik, Netflix Silverlight and FairPlay for video have not been circumvented (correct me if I'm wrong, I'd love to liberate my iTunes purchases).


Yes, and let's tar and feather the Tax Collectors!!!


How is outlawing something evolution?


Content provider insist "We need DRM to make money with out current business model" ... we say tough luck - innovate and evolve without DRM. It is the same way FIA tries to push innovation in F1 - by strategically forbidding cheesy technologies.


But if you actually believe in evolution then the problem will take care of itself because someone will come along and eat their lunch.


I know that evolution works, but as recent bills in some states shows it can be "outlawed" with enough legislation.

After all money can buy laws that are stratificating current big players and preventing new ideas from entering the marketplace. There was a recent opinion (should check techdirt which politic said it) that insisted on preventing disruptive for copyright holders technologies entering the market freely.


IMHO the problem is that the technology DRM is being conflated withe the politics and legalities of DRM circumvention.

I have no problem with companies selling DRM protected content. They can sell their property on whatever terms they like. It's theirs to sell, after all, and my right and responsibility to choose whether to buy it or not.

I do have a problem with the criminalisation of DRM circumvention, which reaches perhaps it's ultimate banality in the criminalisation of unlocking your own phone (which requires the cracking of DRM protected firmware). That's ridiculous and wrong.

So I understand the BBC needs DRM to meet it's contractual and legal obligations, while being against the DRM lobby that is behind the most egregious DRM maximalist policies. some might call it a fine line, but I think it's there.


I used to work for one of these companies in exactly such a role. Initially my mission in standardization bodies was to look after consumer rights, but it changed to accommodation of IPR patents in the DRM field. There is a group of about 200 professionals in the DRM field, mostly former engineers (that have little grasp outside their expertise) and lawyers that work for companies with significant patent portfolios in the space. They are mostly the same crew, having worked on technologies such as SDMI, OMA-DRM, MPEG-DRM, DVB-CPT frameworks and others - technologies that never saw the light of day over the course of 15 years. I always saw it as a travelling circus - people moving from city to city and continent to continent. They work in a symbiosis with technology people from the entertainment industries, who are also part of the circus. What's important to note is that these people have big named companies on their business cards, but mostly have little involvement into day-to-day business and any products. They frankly just try to keep themselves important and thus employed. Until you give the people in the wandering circus a new assignment, they will always need to find new targets for their technology. I think that is the true reason underneath many of these DRM accomodation efforts into standardization bodies.


Could we get the names of these people? So that they can be rightfully shunned into quitting their quest against civilization and progress?


This is less to do with the "public" internet as accessed from mobile/desktop browsers; it's about enabling the next-generation of HTML5 based interactive TVs and STBs to interoperate with already deployed DRM and encryption platforms, such as TDT premium in Spain, Top-up TV in the UK, and various CI+ based cable operators across Europe.

The DRM is already out there, HTML boxes are already out there, some sort of API is going to happen (even if not through the W3C then through some organisation like HbbTV or OIPF) and if the BBC sticks its fingers in its ears and ignores this then it risks being stuck with an objectively worse API that its luckless developers will end up bashing their heads against at some point in the future.

(Incidentally, this is the thread from the last time this came up; https://news.ycombinator.com/item?id=3620432 )


How exactly would DRM for HTML5 work? Couldn't I just fork Chronimum or Firefox and make the browser save the video content in a file rather than showing it?


I think it's more that you'd move the technology out a level - take the same fantasy-ware which is currently in Flash or Silverlight and allow IE or Safari to call it directly. The OSS versions presumably wouldn't get this and would be unable to play such content. Imagine <video> started accepting QuickTime or Windows Media content and passing it directly to the OS framework for decoding & rights control.

I'm in favor of the idea: if we are to have DRM – and there's no sign of the legal sea-change necessary to change that – it might as well be something which doesn't spread a binary plugin with a huge attack surface around much of the web.


It wouldn't. DRM relies on obfuscation, and open source software obviously can't have that. They'll probably write a horribly insecure Silverlight plugin that will be cracked in a matter of minutes.

ED: It looks like they'll have a "plugin" that does authentication with a remote server, and then decodes the frames sent to it. The browser displays them, or the DRM removal software sniffs the keys and decrypts the content anyway.

This is how they think it will work [1], and the full proposal [2]

[1]: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-med...

[2]: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-med...


> a horribly insecure Silverlight plugin

This is about the HTML5 spec, so I don't even know where you get that idea from. They want to be able to lock down content which is embedded with the video tag.

Personally, I don't like the idea of it tying into the operating system. I'm willing to accept any solution that can be built into browser binaries, cross-platform. I don't like the idea of a solution that doesn't work as well on Linux or Macs, but if media companies think this sort of solution is necessary, we should meet them half-way.


"if media companies think this sort of solution is necessary, we should meet them half-way."

Or we could not meet them half-way and remind them that they do not own the web and that their business model is as out of date as Kodak. Why should we accept any more attacks on the freedom and openness of the web or the greater Internet? This companies are the ones who need to change: they need to adapt their businesses to the realities of this century's technology.


> they need to adapt their businesses to the realities of this century's technology.

You say this like it's immensely easy.

So say you're head of HBO's original programming dept. It can cost over 100 million dollars to produce one season of a quality show. You can only release it on a medium that allows it to be continuously and freely distributed. How do you make money?

Ads and Product placement is about it. You really think you'll make that 100 million back?? Especially considering that people could just edit out the ads and redistribute your work, it's really only product placement that could make money.

Operating at a loss is not adapting. There's a reason that all of the content currently on netflix/hulu/etc. is already using DRM-enabled plugins. Because you're a f*ing lunatic if you think you can make money through any other method. Throwing out the same old "they must adapt" mantra isn't getting either side anywhere close to a healthy solution.


Actually, this is about how music works nowadays. You can download DRM-free files for a small fee. It would be technically easy to redistribute them, but people still buy lots of music. Why is that?

I think it's because people are making a price-convenience tradeoff. Music companies can affect both sides of that: keeping the price low will make people want to buy, but they can also sue distribution sites to make it less convenient to get music illegally, thus raising the price that people are willing to pay before they seek out illegal music.

To a certain extent, DRM aims for the same model - it doesn't make it impossible to redistribute videos, it just raises the difficulty, and thus raises the price that people are willing to pay before they go find illegal videos. But is it necessary to use DRM for that, or would going after distribution sites be enough?


"you're a f*ing lunatic if you think you can make money through any other method"

[citation needed]


So there is another method of making money for Large Production Movie/T.V.? Please enlighten me.

My citation is reality. Take a look around.


We live in a world of government-granted monopolies given to companies like HBO. It is not terribly shocking that those monopolies lead to profits, and that companies that fail to take advantage of the copyright system would have trouble.

You are claiming, with no justification, that in the absence of copyright there would be no profit available for people who make entertainment. I am not really sure where you get that idea from. It is not too hard to imagine ways to monetize a TV show in the absence of copyright -- as a simple example, a studio could refuse to broadcast the next installment until enough people have paid.

There, you have a way to make money on TV without copyright. Now can we stop attacking the Internet and start embracing the reality of the 21st century?


>We live in a world of government-granted monopolies given to companies like HBO.

I don't even know how to respond to this... last I checked cable and Satellite companies don't force HBO on you. And while cable companies held a semi-monopoly before Satellites, that market got disrupted like 30 years ago. Let it go.

>You are claiming, with no justification, that in the absence of copyright there would be no profit available for people who make entertainment.

Not completely. I'm claiming there wouldn't be enough profit to support the current proliferation or high budget entertainment options. I highly doubt shows like Mad Men, Breaking Bad, Downtown Abbey, etc. would have gotten the funding they needed through crowdsourcing. You typically need a large studio with deep pockets to take on a project of that size. And most of them rely on ad revenue during broadcast, something that would likely diminish if there was no copyright and any TV studio was allowed to rebroadcast with different ads/no ads. Or if people were allowed to video tape it, copy it w/ no ads, and resell it.

Let's take a look at that simple example of yours. So who pays for the pilot episode to be produced? The T.V. studio? And after they air it then what? Hope enough people liked it to both pay for the production costs and a decent profit as well as fund the next episode? And you think that's a sustainable model??

If systems like you mention would be profitable why aren't there non-copyrighted entertainment options raking in the money right now? The internet has been around for awhile. There's nothing stopping people from releasing high quality non-copyrighted content and making money from it. What's the hold up? Government Monopolies??


"If systems like you mention would be profitable why aren't there non-copyrighted entertainment options raking in the money right now?"

...because they have to compete with studios that enjoy that monopoly that I mentioned above. You seem to have been confused about what that monopoly is; I think you typically call it copyright. Yes, copyright is a special, government-granted monopoly.


> This is about the HTML5 spec

You're right, I got my wires crossed until I found the page with the spec on it (the first edit).

The end result is even worse; every computer has an obfuscated binary that does unknown things with media served to it. Sounds like the recipe for wide-scale pwnage to me.


So why can't the browser save the frames then? That's not DRM.


The proposal is (probably by design) very vague at this moment but it's possible the platform-specific CDM binary could bypass the browser completely and paint a programmatically inaccessible overlay over the video element, using standard OS protected paths.


Very simple, there will be a

  bitmap* decrypt_video(char* url, int intent);
somewhere in the source. If you intend to watch it, then you call it as

  content=decrypt_video(url, INTENTION_VIEW);
while in case of piracy you call it as

  content=decrypt_video(url, INTENTION_COPY);
The constants INTENTION_COPY and INTENTION_VIEW are just redefinition of the constants provided to implement RFC 3514 [1]. So it is easy to use on any system providing an standard compliant IP stack.

[1]https://www.ietf.org/rfc/rfc3514.txt


It doesn't exist yet, so no. But the crux of the issue is making that not possible...somehow.


You can already do that with the DRM in Silverlight, say....


Let me preface this by saying that I am not in favor of DRM. However, from the perspective of working inside a media company, I can say with certainty that without some way of "protecting" the media stream, media companies will continue to use flash exclusively for distributing content.

Yes, of course you clever folk can find a way around any kind of blockage. That is not the point. It is security theater. It is the media equivalent of asking you to take off your shoes and put them through the x-ray. It does nothing to protect us from any kind of danger, but it is necessary to assuage the fears of powerful people with irrational beliefs.

Because, a media company is licensing content from all kinds of different sources. All those sources have to agree that they do not want or need any special protection. It won't do us technologists any good to petulantly insist that they distribute their IP with no DRM. It must be voluntary, and we should direct our efforts to figuring out how get their willing consent. That is, the CONTENT owners. Not the distributors, like the BBC, who have to make the content owners happy or they simply don't get the content.

So yes, Trunnel is correct. We need this, or some other equally compelling theater. The alternatives are that we continue to use flash, and iOS apps, or we get no content at all, from the content owners that need the theater to be happy.


Personally, I'm ok with the simple DRM scheme, where javascript can pass a decryption key into the video tag. Throw in a few extra features, like a header at the start of the file telling the browser to only play the video file on supported domains (to prevent websites that steal by embedding) and disable saving the move to disk.

To the content companies, it will be a lot better than nothing. It gives the same level of protection against casual copying as the more complex scheme, and absolutely every browser can support it.

The more complex scheme is an absolute nightmare, essentially bringing us back to the proprietary plugins (like flash) we have worked so hard to get away from. And it won't even work, there is no way they can stop proficient users from ripping the streams. This scheme will be cracked in a few weeks after it is released.


I'm confused. Doesn't this book by Cory have DRM?

http://www.amazon.com/Homeland-ebook/dp/B00AEC8O2K

If he's so hot on this issue, why is he selling his creativity with DRM, thereby hurting open standards which don't support it?


That's a condition of selling on the Amazon platform. Doctorow also makes his most of his books available on his site, for free even, under a Creative Commons license in basically every format imaginable, eg: http://craphound.com/down/download.php


We need a standard for DRM for Netflix, Hulu, etc. Otherwise they will forever use Flash or Silverlight. How can anyone argue against it? Content providers must protect their content from being stolen. Do you want to make an app and everyone steals it and doesn't pay for it? Probably not.


I've got a standard for DRM: don't use it. It's easy, cheap and doesn't require any laws or draconian software requirements on end users. I've been using this DRM standard for decades, and yet the people who make the software I use and the music and movies I enjoy are still rolling in dough!


So you've never bought a DVD or streamed anything through Flash or Silverlight by a major publishing studio? Never watched a music video on Youtube that it didn't allow you to directly download?

If so, congrats on sticking to principles. But that's not really a realistic solution for the majority of people.


Do you want to make an app and everyone steals it and doesn't pay for it?

You can't steal an app, but you can copy and distribute my software all you want. Some of us actually work with business models that don't rely on legal privileges and broken "protection" schemes.


I would like to know how they plan to get Firefox and Chrome to support that. As free software, adding such functionality would be moot, as it can be trivially by-passed.

Or do they want to ignore about 80% of Internet users?


Well, Google could probably add it to Chrome. Chromium users, however, wouldn't get it. They already do this with the proprietary PDF viewer [1]

[1] http://googlesystem.blogspot.com/2010/08/google-chromes-pdf-...


I can see the future: a BBC iPlayer which only supports a few specific web browsers. And the masses will happily "upgrade". All PC manufacturers will ship browsers that support DRM out of the box. (The users want their software to Just Work, after all).


iPlayer already only supports a few specific web browsers that have particular proprietary plugins installed.


DRM is not necessary for the web.

Some content owners say that it is. That's a lie.

High-definition digital video gets broadcast over the air in the clear all the time.

Content owners tried to get DRM (the broadcast flag) into over-the-air broadcasts, saying that that was the only way they would allow digital broadcasts. The broadcast flag failed, content owners caved, and now they're broadcasting everything in the clear.

The HTML5 encrypted media extensions are another iteration of the same thing. If we stand up to the content owners, they'll cave again, just like they did last time.


I would like to put aside the fact about DRM and how I do not agree with what it represents. What upsets me here, is the article it self. It is very sloppy, no thought in it, no details. Basically worth of a tweet. I would really enjoy if people would put more time and work into what they are publishing.


UK readers:

You might want to register your opposition with the BBC here: http://www.bbc.co.uk/complaints/complain-online/

Takes less than 3 min.


I made a petition: https://www.change.org/en-CA/petitions/save-the-bbc-from-drm...


I would never you a browser that had a "Sorry, cannot perform that operation now" dialog box (as many DVD players do to keep you from skipping pre-roll advertising.


the thing being missed here is that any DRM method will be broken. why tie a standard to something that will inevitably be broken?


Shitty sensationalist title is sensationalist.

NB: Yes, I'm aware s/he copied it from the original article.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: