Content Protection Argument Tree

Status

This document represents a set of related positions I have heard on the topic of content protection being in scope for W3C. See a related blog post by me on this topic.

A line starting with "But" opposes the position under which it is nested, ortherwise it supports it.

This document implies no endorsement of any of the positions. Some of the positions are listed as I have heard them; they do not necessarily represent my view or my expression of the argument. Tim BL, October 2013.

Argument Tree

• W3C Should regard EME as in scope
  • EME is important to allow DRM which is important
    • DRM is important
      • Otherwise there will be no movies
        • Movies are very expensive to produce
        • The MPAA says that content theft is very damaging.
          • But Hollywoods arguments are bogus in many ways
        • Artists and content owners are different in some cases
        • But we can use payment systems to make it is easier for users to do the right thing
        • But removing DRM can decrease ppiracy in fact
        • But can watermarking work in some cases?
      • DRM is acceptable for streaming content
        • But music is open now and thriving
          • The rip/mix/burn culture is thriving in digital music
          • But musicians get no more wealth from distribution
        • But we can find new payment systems which work socially for music
      • Without DRM musicians wont get paid
    • But DRM is a bad idea:
      • Enforced DRM is horrible for users
        • DRM is horrible for users because it prevents fair use
          • Fair use is important for civilization - discussion, criticism, education, etc/
        • Messes up computer architecture
      • DRM leads to imprisonment in USA
        • DCMA fines millions and years of imprisonment
        • Problem is CFAA and DCMA, not DRM: hacking should not be felony
      • DRM is a hook for patents, which allow a contract to be required.
        • Hook for robustness constraints
          • Robustness is anti Open Source
        • But … that is a problem with the patent law, not DRM per se. Fix the patent law.
      • DRM enforced leads to loss of ability to run software
        • An open platform in which is very important
          • An open platform is necessary for FOSS to work.
        • DRM systems need to take control away from the user
      • DRM is broken anyway. It is never perfect, and will always be cracked
        • There is always a way of stealing/recording the user experience in practice.
        • but Content providers are not trying to create Fort Knox, just a garden fence
          • but: Even when the technical enforcement is weak, the legal enforcement is strong.
      • DRM leads to a psychological destruction of users possession & control of an item
  • It is better for DRM apps to use HTML5 than other non-std platform
    • Flash and Silverlight are hanging on only because they provide DRM
  • It is better for DRM apps to use HTML5 than locked-down platform
  • Having moved into open standards, DRM is easy to turn off later
  • The EME working group can define the architecture
  • EME limits the size of the black box.
  • EME allows you to plug in watermarking
    • But EME is not currently being built to allow anything other than encryption
    • Watermarking is a user friendly solution
  • EME allows you to plug in buyer IDs in the clear
    • Adding buyer ID is a user friendly solution.
  • DRM exists and it isnt going away, so best at W3C
    • We can add conditions to DRM modules
      • We can add conditions to DRM modules : Open API
      • We can add conditions to DRM modules : openness of access to encryption keys
      • We can add conditions to DRM modules: various other things
    • but .. We sully our hands in touching DRM
  • EME at W3C means we can sandbox the EME plugin for greater privacy
    • If EME is done outside W3C, it may track users use in real time.
    • W3C designed EME can sandbox the DRM so that it cannot return data to the content provider
    • W3C designed DRM could be sandboxed so it cannot read user data, user files, etc.
  • EME at W3C could be a multi-party system (see below)
  • EME could have other applications
    • EME could be used to enhance privacy in a net which is spied on.
      • But you can do that with other systems
  • But EME doesnt include DRM and it must to make sure we get a good DRM
  • But EME does not specify a particular DRM system, and leaves it to web sites.
  • But EME is only solving a single use case. Nothing in W3C is like that
  • But EME puts content distribution control into the hands of one company per platform
    • But We can design a multi-key, pool of modules, systemm, so many different distributors can send EM
      • Content companies want to get to many/all consumer platforms
      • But hard for a small companies to get into the game
    • But We can make an open source DRM system
      • But it would be cracked and therefore useless
        • but it isnt cracking which is the impediment, it is the law in US which prevents people using/ or distributing the content.
        • but anything can eventually be cracked anyway.
  • But In W3C, for all other code, anyone can build an implementation. EME plugins not so. Downstream agreements not happy w FOSS
    • but w3c is a standards process, not open source.
  • But A browser maker will need to build not just one but all plugins.
  • But EME stops developers pursuing watermarking
    • because Watermarking is a very nice solution
    • but EME allows you to plug in watermarking