W3C

Perspectives on Encrypted Media Extension Reaching First Public Working Draft

The HTML Working Group has announced their decision to release a First Public Working Draft of the Encrypted Media Extension (EME) specification. A preliminary version of the document has been public for some time, prompting the Free Software Foundation and others to petition W3C not to publish this draft.

The purpose of this post is to inform the community that, while we welcome and value input from all parties, we intend to continue to work on content protection, and publish this draft.

The Requirement from our Community

I intentionally refer to “content protection.” Different publishers use the Web differently, some choosing to make content available free of charge, others preferring to control access. Most people would agree that individuals and institutions in general should have the right to limit access to proprietary information, or charge for access to content they own. Against this backdrop, the W3C Director has established that work on content protection for the Web is in scope for the HTML Working Group. This would address a specific set of requirements on HTML that came to the HTML Working Group from the Web and TV Interest Group.

How W3C Develops Web Standards

It is useful to review the W3C process to develop Web standards. It is a consensus process whereby we bring together vast and diverse interested parties to collaborate and achieve consensus to address the never-ending ways in which the Web drives increased value to society. The key objective is to maximize interoperability and openness – values that have served us well. Once we receive requirements for enhanced functionality, we address those requirements in W3C Working Groups. Once a Working Group has been chartered with a particular scope, the group has autonomy in how it satisfies requirements within that scope. It is thus up to the HTML Working Group to do their best to address identified content-protection requirements with the ultimate goal of enhancing interoperability on the Web. At the current time, the only content-protection proposal put forth within the HTML Working Group is the EME specification. Other discussions about content protection and alternative solutions to the requirements are taking place in the Restricted Media Community Group, which could feed into the HTML Working Group standards effort.

It is typical at this early stage of development for there to be issues; EME is an early draft not a final Recommendation. The HTML Working Group will publish revisions, seek comment, respond to issues, and pursue consensus decisions, all part of the usual W3C process. All W3C specifications are developed under the W3C Patent Policy, with a goal of assuring that the final standards can be implemented on a Royalty-Free (RF) basis. The Working Group expects to see open source implementations of the EME specification.

The DRM Debate and How it Relates to Web Standards

Here is our understanding of why EME is a contentious specification, despite broad agreement that some form of content protection is needed for the Web. The EME specification defines Application Programming Interfaces (APIs) that would provide access to content decryption modules (CDMs), part of Digital Rights Management (DRM) systems. W3C is not standardizing CDM technology, but there is a concern that standardizing APIs could encourage CDM usage – which some view as being in opposition to open Web principles.

While this viewpoint is important to consider as part of the debate, we have heard multiple principled and practical arguments on both sides of the issue.

We all aspire for a rich Web experience. Principled arguments for content protection begin by pointing out that the Web should be capable of hosting all kinds of content and that it must be possible to compensate creative work. Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content. Therefore, while the actual DRM schemes are clearly not open, the Open Web must accommodate them as best possible, as long as we don’t cross the boundary of standards with patent encumbrances; or standards that cannot be implemented in open source. It has also been noted that a number of widely deployed proprietary technologies are used with the Web, including some video codecs and technologies accessed through plug-in APIs. We are not supportive of proprietary video codecs but recognize that to have far-reaching standards that support interoperability it is essential to include connections to such proprietary elements, some of which may be replaced in time with open standards.

Some have argued that we should not standardize interfaces to CDMs which would have the effect of cordoning off protected content into its own walled garden. This would be a mistake. It is W3C’s overwhelming responsibility to pursue broad interoperability, so that people can share information, whether content is protected or available at no charge. A situation where premium content is relegated to applications inaccessible to the Open Web or completely locked down devices would be far worse for all.

There have also been critiques about EME regarding its impact on open source software development, specifically the question as to whether it can be implemented in open source. It is worth noting that the proposed (non-proprietary) APIs would work equally well with proprietary CDMs as with non-proprietary content protection schemes that could be implemented in open source software. The latter might not offer the same degree of content protection – they could be breakable – and would rely more on social convention than on impenetrability. Candidly, we don’t see these solutions as being acceptable to content owners for premium video today, but that could change in time, or it could be acceptable to others in the community with different content requirements.

Next Steps

W3C as an organization will weigh a variety of complex considerations to determine the right balance for the Open Web Platform. There are principles and practical arguments on both sides of the debate. If we engage with all, I believe we have a much better chance of success than if we do not. We invite the community to review the First Public Working Draft of the EME specification. We also invite those with alternate proposals for addressing the requirements to consider joining the HTML Working Group, or to discuss them in the Restricted Media Community Group.

238 thoughts on “Perspectives on Encrypted Media Extension Reaching First Public Working Draft

  1. “A situation where premium content is relegated to applications inaccessible to the Open Web”

    This is a category error. By putting hooks for DRM into your standards you are not protecting the open web, you are destroying it.

    Please stop before you betray your founding principles any further.

    1. Rob, thanks for contributing to the discussion.

      I’ve acknowledged that some view DRM in opposition to the open web, but I’ve also pointed out that it is a complex issue and that there are competing principles. For instance, some have pointed out that erecting a walled garden of protected content would violate principles of the open web, and content providers have a legitimate right to be compensated.

      Do you have a technical solution that addresses all of these principles?

      1. How does your proposed DRM solution cover this? If I can watch something on my computer in a browser, I can record it and re-distribute it regardless of the actual media file being played in said browser.

  2. I would just like to remark kindly and politely on the following passage:

    “I intentionally refer to “content protection.” Different publishers use the Web differently, some choosing to make content available free of charge, others preferring to control access. Most people would agree that individuals and institutions in general should have the right to limit access to proprietary information, or charge for access to content they own.”

    This is extremely presumptive, and perhaps intentionally ignoring many of the most vocal opponenents of such attitudes towards digital media and the Internet. The Free Software Foundation actively opposes the use of propaganda terms like “content” and “protection”, as does QuestionCopyright.org. Copyright is about distribution control, not protection in almost any sense of the word.

    The same objection is often raised about your use of the word “own” when it comes to copyrighted media. Copyright is not a physical property right, and it isn’t a natural right.

    While I appreciate your effort to appear unbiased in your consideration of the things at stake, I think spending a little more time reading writings by people like Richard Stallman, Lawrence Lessig, Rick Falkvinge, Cory Doctorow, William Patry, James Boyle, Kembrew McLeod, and continue also to read position statements from organizations like the Electronic Frontier Foundation, the Software Freedom Law Center, QuestionCopyright.org, and CreativeCommons.org, before you start making claims about what people believe.

    Even Jefferson said wrote about the intangibility and potential of ideas, “He who receives an idea from me receives [it] without lessening [me], as he who lights his [candle] at mine receives light without darkening me.” Ideas, knowledge, and information are not property, and the Internet is constantly facing threats of censorship and private control. Please don’t let something that has as much potential as HTML (something that, in my estimation, and like the Internet and technology at large, has as much potential as it has, only because of its open and non-proprietary nature) be encumbered with DRM

    1. Michael, thanks for contributing to this discussion.

      I take your point on the choice of language. The abstract of the specification begins: “This proposal extends HTMLMediaElement providing APIs to control playback of protected content.” I hope during the course of work the community will reach consensus on the formulation of the issues at hand.

      Once we get past the choice of words, I was trying to make the following point. If a movie studio (for example) invests in creating a film and wants to distribute it over the Web, most people would agree that they have a right to charge for that. Would you agree with that point?

      1. “If a movie studio (for example) invests in creating a film and wants to distribute it over the Web, most people would agree that they have a right to charge for that. Would you agree with that point?”

        Wow. I thought the W3C exists to develop open standards for an open web; not to enshrine their own conception of who has what “rights” to content.

        For a mere start, the web spans across legal boundaries and cultures, in which very different rights and expectations exist. You are pushing your culture and legal concepts on top of them.

  3. Indeed, someone should be free to charge as much (or as little) as they wish. However, it is a fallacy to think that Digital Restrictions Management is a prerequisite for this.

  4. For the paper trail, reposting the comment sent previously on www-archive.

    Principled arguments for content protection begin by pointing out that the Web should be capable of hosting all kinds of content and that it must be possible to compensate creative work. Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content.

    There is an issue in these two lines. It collapses a lot of contexts in many ways. It makes it hard to understand the point which is being made. Let me try to reduce to facts:

    • It is possible today to compensate people making (doers) creative work on the Web.
    • The Web can host all kinds of content.
    • It is possible to pay for content online. (not necessary in the most practical way, but possible)
    • Owners of content are not necessary the makers of creative work.
    • Owners of content today uses some proprietary technologies (such as Flash) and some of open Web technologies (such as HTTP) to deliver content.

    When you say:

    • premium video, do you mean “hollywood-type” movies, TV Programs, etc.? Basically, what is called the entertainment industry.

    My difficulty with the two sentences is that it mixed up the notion of “creative work” (work of artists in the collective mind) with “contents owners” of the entertainment industry. There are two separate issues and with different contexts at play if we talk about literature, music, cinema, object design (3d printing), etc.

    • Could you clarify who (industry, type of professions, areas of business) is pushing for it?
    • Could you clarify what you meant by “content owner”, “creative work” and how “content protection mechanisms” help/do not help each of these categories?
    • Could you also venture on the social consequences as large of content protection mechanisms? (accessibility comes to mind, archival is another one, stability is another, etc. Helping or Making it worse.)

    Thanks.

    Jeff’s Answer is on www-archive

    1. Karl, thanks for participating in the discussion.

      This response addresses your first post, which we already discussed on www-archive.

      To your question of – “Who is pushing for this”, the Web and TV Interest Group has provided requirements that is leading to EME.

      To your request to clarify who are the content owners, and what is content protection, there are various stakeholders which I am calling content owners (could be movie studios, video distributors) who have content (e.g. movies) that they are distributing on the Web. Often, today they are distributing them with fully proprietary solutions. They are trying to move to more open systems such as HTML5. As they do that, they are requesting an extension specification (EME) which allows them to interface to certain closed systems (CDMs) to achieve content protection.

      To your question about the social consequences, I responded:

      This is a great question and one which I’ve heard arguments on all sides of the debate. You might consider moving that discussion to the restrictedmedia CG. But some of the contradictory arguments that I have heard (e.g. on the first point of accessibility) include:

      - DRM is bad for accessibility because you can't get access to the bitstream
      - DRM is OK for accessibility because content owners are agreeable not to have the captions under DRM
      - DRM is good for accessibility.  Only with an overall system where content owners get sufficient revenue will they be willing and able to invest in good accessibility aids.
      
  5. My main concern is not can open source replace the proprietary DRM, but whether or not the will be able to lock out open source players, or block content just because you are trying to watch it on Chrome on Linux.
    The main problems I have with DRM,
    The increased cost of purchasing media to support it
    The restrictions on availability and usability.

    If you are going to support this just make sure they can’t restrict users from having access due to, “Not having Internet Explorer”, or “Chrome on Linux is not supported”.

    1. Jimmy, thanks for participating in the discussion.

      To the best of my knowledge it is possible to view DRM content on a Linux platform.

  6. I see this as an official endorsement of closed-source plugins, restricted to run on select devices.

    Currently, when a website wants to serve restricted content, I am forced to install a proprietary plugin (sometimes it’s a common one, other times it appears specially-built for the specific website).

    How is creating an open EME specification that then allows for closed CDMs (which may or may not be free/open-source software, may or may not run on my platform) a change for the better?

    Even if DRM were ethical (it’s not, in my personal opinion), I urge the W3C to only develop standards that can be 100% implemented in free/open-source software. By analogy, the tag is only useful because the list of allowed video formats allow for free software implementations.

    1. Jan, thanks for participating in the discussion.

      In answer to your question about proprietary plug-ins, I believe you are correct that there would still be a proprietary plug-in.

      In answer to your follow-up question – what’s the advantage? – I believe the advantage according to the proposers is that this would allow an interoperable method to see both free and protected content from the same browser interfaces.

  7. Jeff, I believe the problem is you’re making an unjustified assumption that increasing the amount of content accessible over HTTP (“the web”) is more important than ensuring the availability and unversality of that content. Put another way, consider these two scenarios:

    1) There is X+2 content available “on the web”, where X is the amount available now, but 1 unit of that content is restricted by DRM and similar technologies so it’s only available to a select few with “approved” web browsers.

    2) There is X+1 content available “on the web”, all of it accessible to anyone with a web browser.

    Your statements above imply that option 1 is an inherently preferable situation, because there is more content “on the web” even if some of it is exclusively available through digital locks.

    As one of the 26,000 signatories to the petition you received, I emphatically disagree with that claim. On the contrary, content that is “on the web” but locked via DRM is inherently harmful, as it naturally endorses the idea that “content that is only accessible via artifical locks that may be revoked at any time by a 3rd party is A-OK, and as a society we’re cool with that.” I am very much not “cool with that”.

    To restate: A smaller Web that includes only universally-accessible content and imposes no restrictions on the clients I use to access it is inherently superior and preferable to a larger Web that forces me to use arficial-lock-restricted clients to access it.

    As an active open source developer, I should point out that your claims about open source DRM implementations are spurious at best. DRM, by definition, must keep secrets from the user. That’s how it functions. If content were made available only via DRM locks, there would be no viable way to implement it in a fully open source, Open Web fashion. Rather, it would mean endorsing the distribution of content in ways that cannot be compatible with Open Source and Free Software applications or principles.

    Such an endorsement is beneath the consideration by a body such as the W3C that is dedicated to a universal Open Web.

    I would urge you to reject any and all efforts to endorse DRM, which is precisely what a W3C standard for its implementation would do. To the claim that such rejection would mean less content on the web, I would say quite simply “if you’re not willing to share your content without treating me as a criminal, then I don’t want your content in the first place”. And neither should the W3C.

    1. Larry, thanks for participating in the discussion.

      I certainly understand the FSF’s principled position that the harm caused to the web by DRM is a greater principle than the competing principles I have outlined in my blog post. I think that all of these competing principles have merit so I suppose on this point we will disagree.

      Open source DRM proposals such as DReaM are likely to be breakable which is probably why they are not yet acceptable to certain content owners. If you know of solutions that can protect content yet be free of any form of DRM, it would be good to get that in front of the Working Group.

  8. If a movie studio (for example) invests in creating a film and wants to distribute it over the Web, most people would agree that they have a right to charge for that. Would you agree with that point?

    I agree with that too. But it is orthogonal to content protection. It’s not the same layer. For example, it is possible to deliver protected content but free of charges. It’s an orthogonal issue.

    The goal of content protection is to stop the distribution of (copyrighted) materials from person to person. That’s very different than charging for it.

    Web Payments API (micropayments), for example, is an interesting technological choice to explore for charging for creative work. There might be others to explore.

    1. Karl, this is to address your second post in which you propose a micropayments based solution:

      I like the fact that you are proposing alternate solutions. Would you consider submitting them to the Working Group for their consideration?

  9. EME is completely incompatible with the Open Web because it relegates important details of how to render web content to ‘a part of or add-on to the user agent’ without providing a precise specification of how that user agent behaves, which is essentially the definition of the closed web. This means that only user agents which an CDM vendor decides to support are likely to be able to render that content, and if the CDM is widely used, no new user agents can enter the market because they won’t get uptake because they won’t be able to render whatever masive proportion of the web uses that CDM. Because of the serious impact this proposal could have on the Open Web, to make sense, it would need a very strong ‘for’ argument.

    I don’t think that the ‘for’ arguments given above are really very principled at all.

    “Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content”.

    This sentence firstly implies that there can be no ‘content protection’ without EME. Content protection here is effectively a euphemism for obfuscation – obfuscating the contents of a media stream by obfuscating the encryption key and the encryption algorithm, to make it harder for people to repurpose the obfuscated stream for a purpose other than that which the operator of the website intended. However, there is actually no need for unspecified user agent extensions to allow for obfuscation and security by obscurity; Javascript is a Turing complete language and there is no reason in principle why it is impossible to write code equally as obfuscated as you can in, say, x86 machine code. Javascript performance in modern JIT compilers like Mozilla Ion and Google Crankshaft is getting good enough to allow for for client side, standards based, video obfuscation, especially as extremely multicore processors become more available, allowing one or more cores to be dedicated to decryption.

    The only thing Javascript can’t do is allow the hardware to participate in the obfuscation (for example, allowing encryption keys to be hidden in silicon rather than in obfuscated code. However, such schemes are even more diametrically opposed to an Open Web – it means that only centrally approved hardware can be used to watch videos – and is even more closed than any plugin system in widespread use at the moment, so there is absolutely no argument in favour of needing to do that.

    When analysing how much leverage people and organisations have, it is useful to look at the best alternative to a negotiated agreement (BATNA). You claim that the BATNA for the Open Web community to supporting EME is to not support it and not have access to encrypted content. However, this is a one sided analysis. Businesses that produce content do so to make a profit, and they will act to maximise their profit. W3C standards based devices are extremely prevalent, and so represent a large market share. Anyone trying to sell content will find they get a far better conversion rate with open web based content than with some kind of closed system that only works on limited platforms. So the BATNA for media companies if they don’t make content available in an Open Web specification without EME is to leave a large amount of money on the table – probably far more than the reduction in demand from copying – and probably to give their competitors who do support the Open Web enough of a helping hand to put themselves out of business.

    To put it another way, media companies want EME because it gives them more control and maybe slightly more profits, but the sky won’t fall if they don’t get it – they will just make do with Javascript-based obfuscation at most, and the web will still get access to the content.

    It has also been noted that a number of widely deployed proprietary technologies are used with the
    Web, including some video codecs and technologies accessed through plug-in APIs. We are not
    supportive of proprietary video codecs but recognize that to have far-reaching standards that support
    interoperability it is essential to include connections to such proprietary elements, some of which
    may be replaced in time with open standards.

    CDMs are effectively obfuscating video codecs, and if the W3C doesn’t support them, they shouldn’t encourage their use with EME, and should instead focus efforts on ensuring their are Open Standards available to replace features in popular plugins.

    The recent emergence of more diversity in widely used user agents with the rise of Android and iOS has meant that website developers can no longer assume that formerly ubiquitous plugins will be available on nearly every device, and is a fantastic opportunity for a more open web. Standards like EME could set this progress back and push things towards a more closed web.

    1. Andrew, thanks for participating in the discussion.

      I like the fact that you are proposing an alternate solution. Is there any chance that you might join the Working Group and propose it so that it could be debated within the group?

  10. Jeff Jaffe wrote:

    I’ve acknowledged that some view DRM in opposition to the open web, but I’ve
    also pointed out that it is a complex issue and that there are competing
    principles. For instance, some have pointed out that erecting a walled garden of
    protected content would violate principles of the open web, and content
    providers have a legitimate right to be compensated.

    Do you have a technical solution that addresses all of these principles?

    Jeff, this is disingenuous. You know, as do all technically competent people, that DRM to prevent people copying content that they are being allowed to view, is a technical impossibility. There is no technical solution that addresses all of these principles. This is not a technical problem.

    The purpose of DRM is not to prevent copying, but to give content providers leverage against creators of playback devices, as Ian Hickson so eloquently explained here:

    https://plus.google.com/107429617152575897589/posts/iPmatxBYuj2

    This is not a technical problem. This is a moral problem. Please don’t destroy the reputation of the W3C by publishing the proposal as an official W3C specification.

    1. Jeremy, thanks for participating in the discussion.

      Let me accept your point that we shouldn’t focus just on technical solutions, but on the overall business model problem. The question in my mind remains: is there a “solution” which addresses the business challenge that content distributors have brought forward which can be brought to the Working Group?”

      1. It wasn’t actually Jeremy’s point that “we” should focus on the “overall business model problem”. The arguments against EME are basically that:
        a) to the extent there is an actual problem for some content providers’ business models then that is up to *them* to address;
        b) it should be considered out of scope for the W3C because it has no technical solution in any W3C standard;
        c) an attempt to force a “solution” based on closed user agent behaviour (which is what EME necessarily involves) is liable to cause a lot more harm than good.

  11. You write “EME is a contentious specification, despite broad agreement that some form of content protection is needed for the Web.”

    As I see it, such “broad agreement” is in fact utterly lacking so far. Of course the major content industries feel DRM is necessary, but more-or-less nobody else does. The main problem before the Working Group is to determine whether any useful agreement can in fact be reached. My guess is that it cannot, because the notions of openness and interoperability are apparently incompatible with the ideas behind DRM. Worth discussing, though.

    However, I see your claim of an already existing “broad agreement” as begging the question.

    1. Sandy, thanks for participating in the discussion.

      Just for clarity, I said that there is broad agreement that some form of content protection is needed. I did not say that there is broad agreement on the EME solution – quite the contrary I pointed out that the spec being produced is in an early stage.

  12. Everyone agrees that creators should be compensated for their work. But it does not follow that DRM is necessary, or even helpful in attaining that goal.

    Platforms such as YouTube use DRM-free standards, yet generate income for a vast and rapidly-growing community of video creators. The open approach is not failing; it’s succeeding beyond anyone’s wildest expectations.

    At the same time, there’s literally no evidence at all that DRM technologies can succeed in protecting content. DRM has been effective, at best, in creating anti-competitive consumer lock-in effects, and utterly ineffective at preventing unauthorized distribution. What’s more, DRM is – in principle! – abominably bad engineering. The very intent of DRM is to make distribution systems fail. So not only does DRM not fulfill its promise of protecting content, it virtually guarantees endless downstream problems.

    Bottom line, even if one agrees with the goals of DRM, it’s obvious that the approach is misguided and counterproductive. Content providers should certainly be free to pursue any blind alley they like. But there’s no rational, technical justification for including support of such a fundamentally broken concept in the open standards that have been the foundation of today’s thriving Internet.

    1. Frank, thanks for participating in the discussion.

      I think it is great that people are using DRM-free approaches to generate revenue.

      My understanding – correct me if I’m wrong – is that the revenues being generated are far less than the revenues (or even the costs) of the movie industry.

  13. These companies should be left to implement their own copy protection, as they’ve done in the past.

    They’ve already poured plenty of resources into developing encryption schemes, and they’re using them. This should not be a priority in any way for the W3C.

  14. Please do not add DRM into HTML5. I thought the WWW was supposed to be free, or is it not? Adding DRM to HTML5 is just wrong and definently NOT the way to be doing things. I’m tired of DRM, it’s destroying are already somewhat limited software freedoms.

    • Colin Murphy
  15. Gentlemen:

    If it is not possible for me to use my chosen computer operating system to view “protected” content, then it is blocked from me whether I am willing to pay for it or not. I do not pay Microsoft or Apple for the software that runs my system and keeps me connected to the Internet, and I should not be compelled to. The failure of Silverlight as video software should already have convinced you all of that.

  16. - DRM is bad for accessibility because you can’t get access to the bitstream
    – DRM is OK for accessibility because content owners are agreeable not to have the captions under DRM
    – DRM is good for accessibility. Only with an overall system where content owners get sufficient revenue will they be willing and able to invest in good accessibility aids.

    The last two arguments rely on the content distributor to make a decision. Essentially DRM leaves users helpless to help themselves.

  17. If a movie studio (for example) invests in creating a film and wants to distribute it over the Web, most people would agree that they have a right to charge for that. Would you agree with that point?

    That is a false dilemma. I won’t agree nor disagree, because a valid point was never made. And frankly, I shudder at the thought of the W3C’s fate resting in the hands of someone who tries to build an argument on a foundation of logical fallacies.

    Most people would agree that browsing the web with IE6 is better than, say, being mauled by a grizzly bear. Is there a spec for that?

    Big media has spent billions of dollars trying to restrict the web in every possible way, simply because their business model isn’t compatible with freedom. By supporting EME, you aren’t just endorsing restricted freedom, you’re also feeding Big Media’s obsession with controlling the web. They are like vultures…and you’ve basically formalized the process of creating roadkill.

    Should movie studios have the right to charge money for access to their content?

    Yes. They can charge for movie tickets, DVD/Blu-ray sales and rentals, licensing, TV broadcasts, pay-per-view, Netflix, cable, iTunes, Google Play, Amazon, or any of the other revenue channels that already exist–all of which, by some miracle, came into existence without an endorsement from the W3C. Go figure.

    Should movie studios have the right to steer the open web in a direction that benefits no one but themselves?

    Should the W3C be spending its resources engineering a fountain of youth for Hollywood’s obsolete business model that’s based on restricting consumers’ freedoms?

    Absolutely not.

  18. Jeff,

    You tend to argument in favor of the draft by using “people” as a shield between you and opponents of the draft. Can you back up these alleged general views held by the people? I would say that the more than 25,700 people have spoken by signing Defective by Design’s petition against DRM in HTML and through 27 organizations that have sent a letter to the W3C in April. What the letter and the petition say seems to me to be in unequivocal opposition to what you say what the people are for. If you have more letters that you received from the general public on the topic, especially ones that support your reasoning, please support the reasoning by sharing such letters.

    On the other hand, you are trying to justify an attempt of companies to push outdated business models onto the Web. If the companies cannot adapt to the way the Web goes, I don’t see why should the W3C adapt the Web for the companies. The Web standards are available to everyone, so why don’t we let the companies be creative and provide whatever they want on top of the standards?

    You make no case why it is crucial to the general public to embed DRM into HTML. The video you are talking about is very rich on the Web these days, and it is so without DRM. The public enjoys the video. Therefore, it would be useful to hear why a technology like DRM in HTML would be of benefit to the general public, and not only to “content providers”. Unlike the “content providers”, which are companies and act as intermediaries between artists and audience, the artists themselves have embraced the Web and the Internet in general, and their work has been reaching wide audiences without DRM. Hence, the “content providers'” outcry for DRM in HTML, if I may say, looks like a straw man.

    The other thing that doesn’t hold the ground here is the talk about coming to a “consensus”. I suppose you are suggesting the “consensus” should be between the people and the companies, i.e. between the “receivers” and the “providers”, but that is not clear. Also, it is not clear why should lobbying for DRM in HTML, backed by the “content providers”, be called consensus in the first place. The Web has been around and used by the general public for some time, and the Web has been prospering without DRM in HTML. If the “providers” want to step in with their “content”, and they want to do it by imposing DRM to HTML, they can propose that, but the general public doesn’t have to make any compromises and come to a “consensus”, especially if the “consensus” was disadvantageous to the public. It is the “content providers” that have to make a case if they want to step in, and not the general public. As far as I can see, no such case has been made yet.

    1. Marko, thanks for participating in the discussion.

      Yes, we recognize that 25K+ people have spoken up against the EME proposal. For clarity, please recognize that W3C has not approved the EME proposal as I wrote in the blog post. We have approved that “content protection” within scope, the EME proposal is a draft, and alternate solutions are welcome.

      I’m not sure what you mean when you say that I’m using people as a shield. The W3C consensus process is quite clear. There have been a large number of participants and organizations in the W3C Web and TV Interest Group that provided the requirements that the HTML Working Group are addressing.

  19. Kia ora Jeff,

    The fundamental problem here is that certain companies want to have their cake and eat it too. They want to leverage the massive audiences that the openness and interoperability of the web has made possible, while reserving the right to enforce their copyright through technical mechanisms which break that same openness and interoperability.

    In order to defend their right to do this, they have erected a stack of questionable assumptions, all of which you implicitly accept when you talk about “content protection”:

    • Enforcement of ARR (All Rights Reserved copyright) enables people to be paid for their creative work

    • ARR is necessary for authors/ artists to be paid for their creative work

    • DRM crippleware is necessary to enforce the legal protections afforded by ARR

    The evidence suggests that far more people doing creative work (from software engineering, to film-making) make money through crowdfunding, and other voluntary payment systems, without enforcing ARR, and in some cases not reserving some rights at all (eg using CreativeCommons licenses instead). The HumbleBundles are just one example among many:
    https://www.humblebundle.com/

    The evidence suggests that despite a massive proliferation of unlicensed copying of ARR media, consumer spending on licensed versions continues unaffected. Also that the level of consumer spending on entertainment is more affected by the state of the economy, which affects how much disposable income people have to spend on luxuries.

    Put this evidence together and it proves exactly what you’d expect; that offering people convenient, reasonably-priced ways to reward creative workers whose work they enjoy is much more effective than punative copyright enforcement. So, even if DRM crippleware didn’t create a multitude of undesirable unintended consequences (eg excluding free code software users), the bottom line is that it serves no socially useful purpose.

    Thus, the W3C has no obligation to compromise with its proponents. In fact, it has an obligation to protect us, the average users of the web, from their self-defeating crippleware. As Cory Doctorow put it, send the DRM-peddlers packing.

    Danyl Strype
    Community supporter
    CreativeCommons Aotearoa/ NZ

    1. Danyl, thanks for participating in the discussion.

      I agree and support the notion that crowdfunding creative work is an important model and hope to see more of it.

      I believe we also should address the problem of making content available for those cases that someone makes massive investments in the content prior to releasing it.

      1. They can address that problem themselves, in their choice of funding models and their choice to publish to the Open Web or not. The EME is out of line.

  20. Jeff, thank you for your response. I think you’re still missing the point, though.

    The basic argument is that “content owners” (read: large media conglomerates with “interest groups” to represent them) won’t switch their content from a proprietary plugin (Flash or similar) to HTML5-based tools unless they get the same level of ability to control client applications that they (think they) have now. That is, in a word, extortion.

    Now, it’s legal extortion. The entire purpose of copyright is legalized extortion of what would otherwise be impossible or impractical to charge money for, because information duplicates freely by nature. (As anyone who works on the web knows well.) It exists solely to “promote the progress of science and the useful arts”, and can be useful toward that goal.

    However, leveraging that extortive power to obtain even more rights than the law would grant (that is, the right to restrict usage, not copying) is extortion in the negative sense. You can spin it however you’d like; it’s still extortion.

    There are enough content creators (not owners, creators) who are perfectly happy to share their work legally without excessive, super-legal power that we have no need to accept the terms of those who would not. There’s enough of a genuinely competitive market that we don’t need to allow an anti-competitive market to take hold just for the sake of their content. Eventually they’ll come around, as the music industry did.

    If some content owners want to threaten to take their ball and go home, we should let them do so.

    Also, to be clear, while I agree with the FSF in this matter I do not claim to speak for or represent them in any way.

  21. My understanding – correct me if I’m wrong – is that the revenues being generated are far less than the revenues (or even the costs) of the movie industry.

    That’s a revealing statement, Jeff: since when is the return on investment of the movie industry a driving concern of the W3C?

    1. Duncan, thanks for participating in the discussion.

      You ask a fair question; in fact the ROI of the movie industry is not a driving concern of the W3C.

      Our concern in this case is to maximize the content available through the Open Web Platform. A subsidiary objective is to make it possible for premium content to be available.

      The point I was making in the previous post is that I doubted that this would happen without content protection.

  22. I intentionally refer to “content protection.” Different publishers use the Web differently, some choosing to make content available free of charge, others preferring to control access. Most people would agree that individuals and institutions in general should have the right to limit access to proprietary information, or charge for access to content they own.

    I’m very disappointed at this kind of attempt to use terminology other than “DRM” and at this kind of attempt to make it seem like DRM was necessary in order to control access to proprietary information or for charging for access. Those can already be achieved using the login mechanisms.

    Also, I find it distressing that you are advancing an argument that is more general than merely admitting the W3C’s powerlessness in face of major Hollywood studios in the specific case of DRM applied to video tracks. I think it’s very dangerous for the W3C to rationalize EME using arguments that are not video-specific, since those arguments could later be referred to in order to justify introducing DRM for types of media that are free of DRM at present.

    A situation where premium content is relegated to applications inaccessible to the Open Web

    Your use of the term “the Open Web” implies that content that relies on EME and a proprietary CDM (which you acknowledge the W3C isn’t standardizing) is part of the Open Web. I think this is very misleading. The term the Open Web was coined to express contrast with stuff that is experienced inside the shell of the Web browser using proprietary plug-ins. Since CDMs are a new type of proprietary component annexed to the side of a browser, I think it’s inappropriate to portray content relying on them as being part of the Open Web.

    It is worth noting that the proposed (non-proprietary) APIs would work equally well with proprietary CDMs as with non-proprietary content protection schemes that could be implemented in open source software. The latter might not offer the same degree of content protection – they could be breakable – and would rely more on social convention than on impenetrability. Candidly, we don’t see these solutions as being acceptable to content owners for premium video today

    There is no comfort in the APIs supporting the implementability of Open Source CDMs when the content owners motivating EME would refuse to let Open Source (in the sense of coming with the downstream freedoms associated with Open Source; not just disclosed code) CDMs render the content that users wish to see. The key question is whether actual deployments of EME for content that users want to see (Hollywood movies) are going to work with Open Source (in the sense of coming with the downstream freedoms associated with Open Source) CDMs. The answer is clearly no.

    it could be acceptable to others in the community with different content requirements

    I strongly disapprove of the use of potential non-Hollywood use cases as a way to portray EME as having broader utility beyond rendering Hollywood movies with the maximal use of HTML video facilities permitted by major studios. EME is entirely Hollywood-motivated. Please, let’s not pretend otherwise.

    The notion that EME would also address non-Hollywood use cases has already been discredited. The purported non-Hollywood use cases would have been better and more generically addressed by Ian Hickson’s http+aes proposal, but that proposal got no traction because those purported other use cases are a red herring and not something that have real demand.

    1. Henri, thanks for participating in the discussion.

      You expressed disappointment that I used the terminology “content protection” rather than DRM; but the choice was deliberate – and for a reason that you ignored. W3C has not approved the EME spec, in fact it is an early draft. You proposed an alternate solution – I would encourage you to propose it in the Working Group so it can be debated where the technical debate is taking place.

      I acknowledge your discomfort in my use of the terminology “Open Web” to include interfaces to proprietary plug-ins. As I tried to explain, our goal is to recognize the realities of proprietary solutions; adamantly refuse to standardize them; and to continue to push the boundaries of openness over time. First we standardize interfaces to such plug-ins, and we hope to supplant them over time.

  23. “We all aspire for a rich Web experience. Principled arguments for content protection begin by pointing out that the Web should be capable of hosting all kinds of content and that it must be possible to compensate creative work. Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content.”

    Why is locked content, available only to few, considered as value added?

    If most people cannot access some content is worse than if that content is not present at all as its availability is discriminatory.

    The most successful content hosting website have gotten they success because access to their content was not arbitrarily restricted. And it’s very possible to monetize that (think of youtube).

    Having the W3C standardize ways to add such restrictions is like not having a standard at all since then it would be the same as if each content provider would create their own proprietary protocols.

    1. Paul, thanks for participating in the discussion.

      You take issue with the idea of making available “locked content, available only to few”.

      I am trying to understand how to parse “available only to few”. The type of content protection envisaged in the Working Group would make content available to all, but at a price.

      If you mean that the Open Web Platform should not include content that is only available at a price, then I would understand your point of view, but humbly disagree.

  24. Can you please clarify how you can say “We are not supportive of proprietary video codecs” but then be fine with the idea of including the inherently broken system of DRM?

    DRM makes content more awkward for legitimate customers to use while only staving off piracy for usually less than a couple of days. Allowing the use of proprietary video codecs enables users to access more content in an easier manner without the need for 3rd-party browser plugins which may or may not work on their browser/OS.

    1. Dan, thanks for participating in the discussion.

      We have refused to standardize proprietary video codecs and likewise we refuse to standardize proprietary DRM systems.

      HTML5 video can nonetheless leverage H.264 codecs through the interfaces we provide. The EME proposal likewise proposes to provide interfaces that can be used with proprietary content decryption modules.

  25. I have been using the web since the very begining, I have used NSCA Mosaic to read the few pages available over at CERN at that time. I have on occasions developed applications for the web myself.

    I have always seen the web as being about making information available, about free access to information and a place where everyone is invited to share and participate.

    I fail to see how DRM fits into that picture. DRM is for keeping information proprietary and the very antithesis of the open web.

    I can understand how it would benefit the media companies. But the world wide web isn’t about them, it’s about the users – as guardians of the world wide web we should serve their best interest and not the media companies.

    Please do not introduce DRM on the web, it would be a giant step in the wrong direction.

  26. The BBC has claimed that CDMs need the threat of legal consequences for bypassing it, and they want CDMs to stop AirPlay. So they claim the open web needs the threat of being sued for consumers who AirPlay to XBMC otherwise they’ll take their content and lock it away. How exactly is the threat of legal consequences for using free software in the spirit of the open web? If content is being used illegally, they can already sue, there’s no need to enforce law in software as it inevitably restricts fair use.

  27. Jeff,

    Your argument for DRM has a built-in fallacy: DRM is not to prevent copying, but to give content providers leverage against creators of playback devices. Thus the principle of open web goes against incorporating DRM in HTML by definition.

  28. (Apologies if this has already been addressed in a previous comment; I did try to scan through the comment thread thusfar)

    The Working Group expects to see open source implementations of the EME specification.

    I’m not intimately familiar with the EME spec, but I believe that the spec would basically provide some kind of a stub on top of which one could layer DRM?

    If that’s the case, perhaps a better question than “will we see an open source implementation of the EME spec?” would be “will we see an end-to-end open source implementation of a DRM system built on top of the EME spec?”

    We can always talk about abstract ideas and specifications, but I believe that we should try to ground the discussion (from time to time) by using some actual examples of how we foresee the technology being implemented.

    If the intention of the w3 is to create and foster an Open Web, and if all of the ways in which the EME spec will be implemented will not provide a compatible mechanism implemented by Open Source (or Free) Software, then just pointing at the EME piece of the puzzle and saying “That’s open source!” is a bit of a red herring, I think.

    Here’s a question that we should perhaps pose to all the parties pushing the present plan to provide their products via EME + DRM: “Will you provide or at least be supportive of the creation of compatible Free/Open Source Software implementations of your EME + DRM stack?”

    If the answer is “No, we will not provide or allow such a thing,” then I think we will seriously have to reconsider if the creation of the EME spec actually promotes an Open Web, or promotes a Closed Web.

    1. Robinson, thanks for participating in the discussion.

      I indicated towards the end of my post that I would be supportive of an open source DRM implementation. I believe this can be done and supported by the EME interfaces.

      W3C however, does not develop web software per se, and I am not aware of any current attempts to implement such a stack.

  29. You expressed disappointment that I used the terminology “content protection” rather than DRM; but the choice was deliberate – and for a reason that you ignored. W3C has not approved the EME spec, in fact it is an early draft.

    The draft status of EME does not make “content protection” and “premium content” less of propaganda terms that obfuscate that this is about DRM motivated by the licensing restrictions attached to Hollywood movies by their copyright holders.

    You proposed an alternate solution – I would encourage you to propose it in the Working Group so it can be debated where the technical debate is taking place.

    I did not propose an alternative solution. If you are referring to http+aes, it was already proposed to the HTML WG over a year ago. It got no traction, because it didn’t satisfy the Hollywood requirement but only addressed the purported non-DRM use cases of EME which had no true demand to be addressed, and was removed from the spec. I mentioned http+aes as evidence that the “it could be acceptable to others in the community with different content requirements” part is a red herring.

    First we standardize interfaces to such plug-ins, and we hope to supplant them over time.

    Do you mean supplanting them by Hollywood giving up on DRM or are you hoping to get content providers to switch to royalty-free codecs for DRM usage and hoping to ensure that Hollywood-grade “robustness” (i.e. resistance against the attempts by the end-user to examine what goes on inside the DRM black box) can be implemented on royalty-free basis? Do you have a plan more specific than mere hope for how to get there?

  30. “Different publishers use the Web differently, some choosing to make content available free of charge, others preferring to control access. Most people would agree that individuals and institutions in general should have the right to limit access to proprietary information, or charge for access to content they own”

    If you don’t want something to be publically accessible then don’t make it available on the public internet in an (previously) open format like HTML. Where is the grey area in this? Let W3C worry about the publicly implementable and maintainable protocols and let private companies and ‘rights holders’ (a wildly loaded term with vastly different meanings from country to country) worry about coming up with their schemes for limiting access to their content.

    Does W3C really look at the lame history of DRM tail chasing, redundancy, abuse, backpedaling, and wasted effort and think to themselves: “lets get in on that game? An arms race with hackers surely will not be a giant resource drain and fighting an unwinnable war will be great for our organization and the community it serves and definitely won’t adversely affect our credibility or ability to execute on our broader mandate”

    In the end, if the W3C chooses to push forward with EME then they’re choosing to gamble their stewardship over the most important standards in the current information age for the ‘privilege’ of fighting the content industry’s quagmire of a war for it. No rational actor would take that gamble so why is W3C even remotely contemplating it?

  31. Maybe we need another comitee for standardisation of HTML and other web-related technologies? I highly doubt this will be their last attempt to mess up the Open web.
    Especially if they succed with EME, more will be to follow. Film makers, Google, M$, and the like have great resources, and is a wonder how they didn’t bought already the whole W3C comitee (but apparently there isn’t much left)

  32. I would like W3C to clarify 1 sentence in this post:

    “The purpose of this post is to inform the community that, while we welcome and value input from all parties, we intend to continue to work on content protection, and publish this draft.”

    Despite the community actively advocating against this draft, what other input do you want from us? We are fundamentally against the EME proposal and yet W3C still intend to push forward.

    EME should be the worst-case scenario for W3C, not the best compromise. By agreeing to content obfuscation W3C is admitting that DRM is necessary and for Web to compete with proprietary platform it must be less open.

    If anything W3C should push forward on web payment standard and other related spec where Content Provider is benefited by offering customer better service, not “more unified DRM API”.

    1. David, thanks for participating in the discussion.

      You asked what input we want given the active opposition.

      First, we wanted to communicate that there are active opinions being expressed to us by different stakeholders. Some through petition, and some through participation in W3C Groups. Part of the post is to inform about how we see conflicting principles at work. Part is simply to inform about how the W3C process works.

      Most important is for the community to come up with solutions that can best achieve goals of the competing interests. Several people on this thread have proposed technological alternatives to the requirements, and I hope some bring their proposals to the Working Group.

      I also accept your comment that the web needs a broader web payment standard. That is currently being actively studied in W3C.

  33. Mr. Jaffe,

    This is a “free rider” problem. The entities desirous of enabling this content-protection regime are attempting to externalize the costs of protecting their intellectual property to your organization. While a rational maximizer would certainly offer this option to these entities in exchange for a monetary or in-kind consideration, it is my understanding that this arrangement is antithetical to the mission of W3C.

    In essence, the argument advanced by EME’s supporters is that they will be forced to deprive the Open Web of content unless W3C provides them the means to efficiently deprive the Open Web of content.

    The more logical approach to this market-based problem would be encourage these entities to pursue a market-based solution. Part of the cost of running a business based on intellectual property is maintaining that property. I believe that it is generally accepted that costs of maintaining an enterprise’s assets should not be borne by an entity which does not share in the profits of the enterprise.

    If using a truly Open Web (i.e. one without an intrinsic DRM scheme) is an uneconomical model for these businesses, I believe that UPS, FedEx and the postal services of most countries would be happy to engage in discussions.

    1. Tony, thanks for participating in the discussion.

      I accept the assertion that without a good solution for the Web, certain content owners might simply use UPS, FedEx, and the postal services.

      In my view that would be an inferior solution for the Web and society.

  34. But of course you realize that’s what you’re doing.

    If you build DRM into an HTML spec, and some free browsers decide they want to implement it differently, or not at all, then those browsers won’t be able to access the premium content.

    And how do you intend to decide whether a browser implements these interfaces correctly without unnecessarily impeding free development and experimentation in the browser world? Are you going to have Microsoft sign our browsers’ binaries? Is the W3C going to issue keys after reviewing each browser version? I run Firefox Nightly, how am I going to access premium content?

    This is a step away from your precious “Open Web” and it’s obvious. Let the backend and delivery systems deal with security, the browser shouldn’t be the police force against the user. If someone really wants to shackle their viewers, let them do it through their own applications like they always have. HTML is our media format and it would be unfair of the WHATWG or the W3C to suddenly give it to the media industry.

    1. Mark, thanks for participating in the discussion.

      I agree that we need browser interoperability on this spec. Many browser teams are participating in the WG, and we encourage all browsers to review the spec and raise issues if they have issues.

  35. Mr. Jaffe,

    Thank you for your reply. I hope you might take the time to clarify your response.

    Do you also agree that EME will effectively provide content owners with an intellectual property maintenance regime at no cost to them?

    Do you agree that this would be contrary to generally accepted corporate governance principles (costs should be borne by revenue owners)?

    You posited that physical distribution was “an inferior solution for the Web and society.” Am I to understand that the W3C’s position is that a cost-free transfer to content owners is a superior solution to allowing market mechanisms to incentivize these owners to create the next-generation mode of human communication?

    (spoken word –> stone tablets –> pen & ink –> printing press –> Open Web –> ?)

    I also note that you omitted the word “Open.” I will assume that this was an oversight.

    1. Tony, to clarify again, W3C has not approved the EME spec and we’ve taken no position on whether this is the best solution to the content protection problem.

      We’ve accepted the content protection issue as a valid requirement for the Working Group to address. EME is their current proposal, in an early state of development. We don’t know whether it will satisfy all issues, the Working Group is working on that.

      If there are better alternatives, we encourage people to join the Working Group and propose them.

  36. Why does it protect video, but not photographic works or books!?

    Does W3C think it’s OK for photographers to have their work stolen?

    Does W3C think books are worthless?

    1. Wmark, thanks for participating in the discussion.

      The current requirements came from the Web and TV Interest Group, which explains the focus on video.

      There might be analogous, but somewhat different requirements for photographic works or books. Noone has formally brought such requirements to our attention, but that might be something to be looked at in the future.

  37. Dear Jeff,

    I would like to know the way in which the first W3C design principle…

    Web for All
    The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C’s primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.

    …guided its work on EME.

    Best regards,
    Esteban

    1. Esteban, thanks for participating in the discussion.

      W3C wants all to share knowledge. W3C never established a principle that the sharing would be free.

      The current struggle is to ensure that we keep to our principle of sharing knowledge – including certain video content, even though the content owners have a legitimate right to be paid for it.

  38. Jeff,

    I appreciate your continued personal engagement on this topic. I understand that this is a draft proposal and that amendments or wholesale changes are possible.

    Do you agree that by publishing a draft proposal that the W3C has signaled that EME is an acceptable (not necessarily “best”) solution?

    Do you agree that by allowing the possibility of adopting the EME standard that the W3C is tacitly agreeing to make a cost-free transfer of an intellectual property maintenance regime to content owners?

    1. Tony, to re-iterate, W3C has taken no position on the EME spec itself. It is common for a Working Group to spend a great deal of time revising a spec to make it acceptable and the W3C Director would not review for approval as a W3C Recommendation until much later.

      At this stage we are asking the community to review the spec and for people with alternatives to join the Working Group to make proposals.

  39. Since we are now able to implement video codecs in javascript, anyone is free to attempt their own DRM schemes without the need for browser support, right?

    1. Magnus, thanks for participating in the discussion.

      You can certainly come up with an alternative approach or proposal which is purely based on a javascript solution, but I am not aware of any video codecs implemented in javascript.

  40. Jeff,

    I am grateful for your elucidation of the approval procedure. I understand that “no comment” may be the best answer at this stage, but I hope that your team considers how you might have to respond to my questions if the EME standard survives the procedure in its current form.

    I have one last question, per your reply to Esteban above.

    Does failing to establish the cost burden of information sharing in W3C’s design principle an indicatation that providing tools to do so would be outside the organization’s mission?

    Thank you again for your direct involvement.

    1. Tony, I’m not sure I fully understand the last set of questions.

      In general, much of what we do is focused on the cost burden. Our landmark royalty-free patent policy is an example. Reducing the cost of access to information is certain a value that is precious to us.

      My point to Esteban was merely that we also need to find ways to simultaneously accommodate a somewhat competing principle – which is the right to be paid for certain content.

  41. Jeff,

    I apologize if my question wasn’t clear. However, I believe your reply was responsive.

    Much of the controversy, as I understand it, revolves around the apparent conflict between your stated value and the implications of the draft proposal. If one of the main goals of W3C is to lower the cost of information (see my “rock, paper, Internet” line, above), then building a tool that allows users to increase the cost of some information seems like a conflict of interest.

    Indeed, you acknowledge that the proposal rests on a “somewhat competing principle.” My muddled question was seeking the source of the “need” you cite as the justification for this time and labor intensive attempt to reconcile these competing principles.

    It cannot be a legal need – there are courts and police to enforce the rights of content holders. It cannot be a contractual need – W3C is under no obligation to ensure that users of the Web are compensated for sharing information. And I find it difficult to understand why it is an organizational need – content owners currently deploy a myriad of tools right now to enforce and maintain their property rights using market (not infrastructure) mechanisms.

    It is simply difficult to reconcile that an organization dedicated to strengthening the signal would provide a tool to intentionally transmit noise.

    Again, thank you for your time and consideration.

  42. Please extend content protection to propitiatory JavaScript code also.

    I’ve written excellent JavaScript based rendering and interaction libraries which I’m hesitant to share because my JavaScript content will not be protected under current standards. If I could meter the usage of my JavaScript code the world would benefit from my libraries and I, as the creator, would benefit by charging the users of my libraries. Millions of people like me are not sharing useful JavaScript code because of the fear that someone will copy it and share it for free. Are we not artists? Are we not original creators? Do we not deserve source of livelihood?

  43. I’d suggest GNU’s view on standards:

    The GNU Project regards standards published by other organizations as suggestions, not orders. We consider those standards, but we do not “obey” them. In developing a GNU program, you should implement an outside standard’s specifications when that makes the GNU system better overall in an objective sense. When it doesn’t, you shouldn’t.

    Any stupid part of a standard should be ignored. Sorry but I’m on the side of FSF.

  44. Possible to view yes, but will the eme enforce universal access independent of OS and browser combination?

    1. Jimmie, I’m not sure what you mean by enforce universal access independent of OS and browser combination.

      What I can tell you is that all of the major browsers are participating in the HTML Working Group. I certainly hope and expect that they will raise issues if the spec is not interoperable across different browser/OS combinations.

  45. What I completely do not understand from all this discussion, is that it seems like everyone makes some delusional assumptions that if the EFE proposal gain the Reccomendation status, if ever, then every content on the Web will somehow magically start to DRM all content in it.

    As far I know, the only one who has any interest in this technology is Hollywood or whatever other “content provider” you speak of. Even if this specification is standarized and published, it by no means force anyone to implement it. The future of this spec is rather complete abandonment by the web community. Everyone with open and free software views will not use any propiertary methods. If the EFE approach will be deemed unnecessary, it will just die out and be forgotten. The W3C WG is working on a standarized method of having such restricted content – it won’t affect the current Open Web much. The only one who will use this method will be the media industry folks, who doesn’t use the current open and free methods in the first place. If they want to use DRM, then they should be able to use it all they want, but from what I read on the Internet, the future looks rather bleak for them.

    If you don’t like someone’s product, then just don’t buy or use it. Who’s forcing you to watch such videos? If you don’t like your video with DRM, then go complain to the content providers and try to persuade them to stop using it. You’re arguing with the wrong people.

  46. Jeff,

    W3C has not approved the EME spec and we’ve taken no position on whether this is the best solution to the content protection problem. We’ve accepted the content protection issue as a valid requirement for the Working Group.

    The problem is not with the EME specification as such, but with accepting content protection as a goal. You say that there is broad agreement that it is needed, but this is actually the very core of the debate. Allow me elaborate.

    The goal of content protection is to control the ways in which someone can use content to which he has been granted access.

    First, I will note that this is completely independent of whether users are required to pay in order to be granted access. Providing exclusive functionality or content to authenticated users who have paid a fee is perfectly legitimate, and is common practice on the web today, without involving content protection technology.

    Any effective content protection system, by definition, requires that the User Agent must fail to perform an action requested by the user if this request was in contradiction with the behavior allowed by the system.

    This leads us to a contradiction: the User Agent is supposed to be the agent of the user and act on his behalf, not on behalf of the content provider. Being incapable of complying with the request is not contradictory, but opting to disobey despite being technically capable is.

    Such a “Disobeying User Agent” cannot be implemented as open-source software. If it was, users would simply have the possibility to modify it to make it obey. It cannot even be allowed to be implemented as proprietary software by someone who has not agreed to replicate the disobeying behavior.

    Therefore, the only way any such system can exist is if the part of the User Agent used to access the content is implemented according to a specification which is not open to the general public, lest someone replicate its functionality with the disobeying behavior removed. More over, to prevent anyone, whether they were granted access to the specification or not, to replicate the system minus the user-disobeying behavior, it is essentially certain that crucial parts of the system will be covered by patents not available on a royalty free basis, for which a license will only be granted under to parties agreeing to implement the restrictions.

    The fact that EME does not specify the CDM is therefore not a good compromise, but the core of the issue: without the specification for the CDM, the system is incompletely described, and not interoperably implementable. The CDM cannot be specified under the usual REC terms without making it ineffective, and any alternative proposal to EME will suffer the same problems.

    This means that the requirement to support content protection is fundamentally against the goals of the W3C, and against the founding principles of the web, as it can only be satisfied by solutions whose specifications are not open to the general public and are subject to patents.

    1. Florian, thanks for participating in the discussion.

      First, it seems that we both agree that controlling access of some form is reasonable. So we start with a level of agreement.

      The question then becomes is there a method to control access for high quality content on the web, which is the particular requirement that is being addressed in this discussion.

      The challenge to the Working Group is to find as open a way as possible. Today their proposed solution is EME which as I’ve pointed out relies on proprietary CDMs that we will not standardize. While you have argued that it is impossible to meet their requirement in a way compatible with open source, others on this thread have actually proposed solutions which are consistent with open source (and I’ve encouraged them to submit these to the Working Group). I have not evaluated them all – so I don’t know which ones best meet the requirements – but it seems that several people believe that the requirements and open source are not inherently contradictory.

      Part of your argument – that EME is inherently contradictory to open source – is an assertion that an open source implementation could be broken by the user. Indeed, in my blog post I said “could be implemented in open source software. The latter might not offer the same degree of content protection – they could be breakable – and would rely more on social convention than on impenetrability.” So we are looking at the problem the same way but reaching different conclusions. You conclude that it is a contradiction to open source; I conclude that one could conceive of a convention that users – to get premium video and also support open source would choose not to tamper with the implementations.

      It appears based on the overall thread that there is a broader solution space than currently being considered. My encouragement to those with alternatives is to join the Working Group and propose their ideas. This will maximize the content available on the Open Web.

  47. I think EME can be used for good (e.g. hosting personal family videos that are only viewable by members of my family). Whilst I am wearing of the implications of supporting DRM, I take the approach that it can be done poorly or done well, for good or ill.

    I’m disappointed that EME can be used with closed-source algorithms, and I think the insinuation that open-source encryption is less secure is a demonstrable fallacy.

    Please reconsider allowing closed-source algorithms. These will inevitably be platform or device specific, harming the open web. The algorithms should be implemented in JavaScript, perhaps with ASM.JS for performance, and no additional software should be needed beyond a standards-compliant browser.

  48. Jeff, I think there’s a fundamental disconnect here. You said above:

    “Tony, to clarify again, W3C has not approved the EME spec and we’ve taken no position on whether this is the best solution to the content protection problem.

    We’ve accepted the content protection issue as a valid requirement for the Working Group to address”

    That is, “the W3C has decided that the W3C SHOULD standardize a DRM framework, and invite comment on this possible implementation.”

    Without exception, everyone else in this thread besides you has responded with variations on the same theme: “No, we don’t think the W3C should be standardizing a DRM framework in the first place, so the details of this possible implementation are irrelevant.”

    By analogy, if you ask someone “is this a good way to stab someone in the face?” and you get back an answer of “uh, you shouldn’t stab people in the face at all”, you’re responding with “but really, is this a good way to stab someone in the face?”

    The debate you want to have (“is EME a good implementation”) is, quite simply, not the debate anyone else in this thread wants to have (“EME is an unnecessary implementation because the thing being implemented shouldn’t be implemented”).

    Until you accept that there is not, in fact, consensus that we need EME or something like it as a W3C spec, this discussion will not go anywhere. I would ask more directly: What is your basis for claiming that there is consensus that a W3C-endored DRM framework is desirable in the first place? What is your data for that? Because the only data I am aware of is 26,000 signatories and 27 leading organizations that have said no, it’s not desirable. Where are the petitions from people claiming it is? On what grounds do you jump to question 2 (“how do we implement it”), when question 1 (“do we do it at all”) is still outstanding?

    1. Larry, your framework of question 1 and question 2 is useful, so let me explain using your framework.

      Your question 1 is “do we do the EME spec at all”. Here again, I want to again emphasize that the EME spec is a work in progress and that W3C has not approved this as a W3C standard. We have accepted the requirement to find a way to support payment for protected content on the web, and as I’ve said elsewhere on the thread, people with alternative approaches are welcome to join the Working Group and propose them.

      Question 2 is “how would we implement EME”. Here, if the Working Group determines that the current EME spec (or variant) is the best solution, then they will spend the next several months completing the details of how to implement this spec.

      I acknowledge that there are 26,000 signatories to a petition – many of which like yourself have taken the additional time to join the discussion – who are opposed to this step. The other side is the substantial number of people and organizations that are actually working to develop the spec. The hope with this dialog is that we get everyone’s collaboration to produce the best ideas to address the requirements.

  49. I wish to register my strong dissension from the idea of the W3C supporting DRM in any way.

    You request alternative solutions, but I do not see a problem that requires one to be implemented by the W3C. I believe the W3C’s solution is to say “manage your own DRM, if you can, or better yet develop business models that work in the real world where copying is the basic fact of the internet, as it is not our responsibility to help you make private profits but to make the transmission of information and culture over the internet as easy as possible for everyone, since that is the internet’s entire purpose”. For the W3C to take on any responsibility whatever for how people use the internet, either pirates or corporations, is a ridiculous and terrifying precedent.

    To distort open and accessible standards that have demonstrably enabled tremendous innovation and betterment of human life in the interests of the wealthier sections of the entertainment industry is wildly disproportionate to any possible benefit that might arise. As has been the case throughout human history, creative people will continue to be creative without the entertainment megaliths, and the public who love their work will continue to support them, as the massive rise of the indie scene in all media has shown; indeed more of them may be able to do better work, more effectively, under better conditions, and keep a greater proportion of the rewards for themselves, which in turn places pressure on whichever megaliths survive (or arise in the new environment) to do better by their own employees. It is not the W3C’s place to decide whether or not this should happen.

    In fact, it is worth pointing out that some of the projects which are now being created by publishing models based on more direct contact between artists and audiences (through the open internet) are acknowledged as having been viable, and often excellent, ideas that were stifled by the “content providers” now implying that they must get their way or audiovisual entertainment will suffer. Double Fine’s Broken Age, Ryan North’s To Be Or Not To Be: That Is The Adventure, and more relevantly to this discussion, the Veronica Mars movie… in all media “content providers” have clearly demonstrated that they will at times arbitrarily prevent creators from connecting to a sizeable audience that exists for their work. To warp the standards that drive the world’s communication to suit the self-perceived interests of a tiny minority with questionable judgment is itself pretty questionable.

    As for the need to pay creative people for their work – as alluded to above, the open web has already supplied other solutions to this problem, whether direct purchases of creative works, direct purchases of associated goods, direct donations, crowdfunding, etc etc. There is no imperative whatsoever for the W3C to preserve existing economic models to the benefit of those so wealthy and powerful that they need no benefit at all – most of whom are not even real human beings but legal fictions. If their business model is failing in the face of open and accessible transmission of information, it is their business model that must change, not the openness and accessibility of information.

    Regardless, this is all a side question of no fundamental relevance: remuneration of artists is tangential at best to developing the specifications that provide for an open and interoperable network. It is not the job, nor the concern, of the W3C to ensure that content is created (as if anything could STOP it!), merely that its transmission is as quick, easy and reliable as possible.

    As for non-artistic content:

    To distort open and accessible standards that have demonstrably enabled tremendous innovation and betterment of human life in the interests of those who have steadily sought to enclose and control access to academic, journalistic and scientific information, which by the centuries of academic, journalistic and scientific tradition that underpinned the production of that new “content” should be open to all, is complicity in one of the greatest intellectual thefts of the past century. It is repugnant – and this is putting it extremely mildly, for the sake of politeness! It is even more repellent when you consider that the “content owners” routinely use their power to restrict access by even the authors of the works they control, which makes it clear how little both this model, and by association the previous one, are really about benefiting the innovators and originators who are producing the “content” being “protected” – or the public audience for their works.

    To sequester human knowledge and culture in this way is against all the great traditions of mutual enlightenment and shared learning which the W3C is (I hope) committed to upholding in its commitment to openness and accessibility. The W3C should resist strenuously any compromise of those core values in the interests of organisations whose values are clearly incompatible with the W3C’s.

    Further, I would remind the W3C once again that many of these groups do not directly represent actual human creators and originators. Rather these are lobby groups on behalf of corporations which are essentially parasitic upon, but sometimes lavishly support and sometimes outright exploit, actual creators and originators. What’s more, even if they did represent their creators accurately, these are in many cases only a small minority of those working in the overall creative or scholarly field in question, and the majority of creators who are not being represented by these corporations may well be harmed by the exclusions even more than the general public, as the “content” being sequestered is of particular relevance to them. It is not in the W3C’s power to prevent such sequestration as things stand, nor should the W3C attempt to do so, but it is absolutely not within the W3C’s remit to enable and normalise it. That such sequestration was innate to physical models of publishing, with their built-in scarcity, does not mean that the web, which has no such limitations, should arbitrarily impose artificial scarcity to mimic the physical world. Attempts to do so tend to create even greater scarcity, since printed works were in fact inherently shareable at the user end by passing the copy from person to person, whereas DRM generally seeks to prevent even that limited degree of sharing.

    Again, if the world is improved by open and accessible standards, which it indisputably is, and the profits arising from the business models of certain groups of corporations are threatened thereby, which they may be (although the evidence to support this assertion is ambiguous and contains many obvious flaws), it is their business model that must give, not the openness and accessibility of the internet. Business models are inherently short-term, provisional and adaptable, and serve only a tiny section of the internet; the W3C’s principles of openness, interoperability and accessibility are long-term and foundational, and in the interests of all internet users, and must therefore be rock-solid and impervious to compromise.

    (I would in fact argue that compromising on the openness of the internet may well end up being detrimental even to the “content” oligopolies, but that argument is complex and outside the scope of this submission. I will point out, however, that unlike many who would definitely be negatively impacted by compromising on the openness and accessibility of the internet, they have plenty of resources with which to adapt if they do not get their way; it is their own fault if they fail.)

    I urge you to reconsider this notion that it is in any way the responsibility of the W3C to facilitate data formats aimed at ends which are fundamentally antithetical to openness, access and interoperability. Let the cost and other burdens of achieving such ends be borne only by those who desire them. If that grants the creators who can see beneficial ways to publish their works on the open web have a competitive edge as a result, that is not our concern, but it is certainly not a problem.

    1. Phil, thanks for participating in the discussion.

      I understand your principled opposition to the EME spec, and your perspective that these principles override other principles that I have listed in the blog post.

      I also am supportive of your notion that there are many ways to compensate artists that should be used, and we’re all happy they are being used.

      As I’ve said elsewhere on the thread, the place where I and others disagree with you is whether we are satisfied with a world where premium content ends up in closed “apps” rather than on the Open Web. While I respect your viewpoint that we should not worry about such a situation, on this point it seems we will disagree.

  50. Jeff,

    I was talking about how you use the “shield” in the announcement you wrote on the First Public Working Draft of the Encrypted Media Extension (EME) specification, not in the process the W3C has undertaken to write the draft.

  51. It’s so sad to see the w3c bringing into formal specifications the antithesis of the web

    It’s clearly NOT time to include DRM support until the wide a use of geolocation controls and other arguably abusses of IPR are standardised globally, instead if being incrementally always ratcheted upwards with ever higher and usually excessive penalties at the same time

    Once the out of control abuse of criminalisation for trivia has been coherently handled at a globally agreed level, then it will indeed be time for DRM extensions to be standardised

    If this is done prematurely, as it is arguably being done right now, the credibility of W3C as an independent and professional body is put at risk

    That would be a tragedy

  52. Principled arguments for content protection begin by pointing out that the Web should be capable of hosting all kinds of content and that it must be possible to compensate creative work. Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content.

    I can only read this as: large movie studios are holding their popular movies hostage until the rest of us succumb to their demands. As I recall, the BBC even said as much on the mailing list, admitting that they would stick to sales channels that both they and their customers found inferior unless they had extremely fine-grained control over what media works where.

    As has been stated and left unaddressed, DRM is not a prerequisite for selling digital media. Most of us have bought and sold unfettered digital media without issue. The only real problem here is that some creators don’t want to sell their media if they cannot micromanage what happens to it after it leaves their hands. That’s their problem. It is not a technical problem, and it is not the W3’s problem.

    A great many people would be delighted to buy digital media, if only its authors would sell it. Netflix’s overwhelming popularity is a great tribute to that. Yet I’m still offered only media wrapped tightly in layers of binary containers that don’t run in my operating system, and can only play it in preapproved applications rather than my much more flexible video player. The big players are terrified that no one will buy their products, but they refuse to let me buy them.

    What is this system meant to prevent? Does it stop me from uploading a video to the Pirate Bay? What good is that, when a bored teenager in Oklahoma can buy and rip the Blu-Ray release, and will probably do so before I’m even aware the video is out? This isn’t like a normal fight against crime, where increasing prevention results in decreasing incidents. It only takes one single person to find one single unprotected avenue—ripping a disc, finding a screener copy, cracking the CPM, or just exploiting the analog hole—and all this work has accomplished absolutely nothing but to degrade the experience of well-meaning customers.

    It should not be the W3’s place to validate corporate paranoia. DRM is a fool’s errand that cannot be justified either technically or philosophically, and the only reason to standardize it is to cater to the mainstream industry’s demands. The web will surely survive without Iron Man 3, but I fear what it will become if powerful business interests realize they can get whatever they want by dangling passive entertainment over our heads.

    1. Alex, thanks for participating in the discussion.

      I infer from your posting (that people would be delighted to buy digital media if they could) that you essentially agree with the requirement that we are trying to address. That is, to develop a system that makes this possible on the Web.

      I also see that you oppose the current solution in EME – you think this can be achieved without any reference to DRM. To that – I would encourage you to join the Working Group and propose your solution so it can be addressed by the Working Group.

      The current draft is an early draft and can be changed if there is a better proposal.

  53. Without this Flash will never be replaced, I was kinda wondering why it was taking so long for this Spec to appear.

  54. Jeff: Have you seen ORBX.js, which is a JavaScript + WebGL codec? Re: available to few, you yourself have said that content owners will not be satisfied by open source CDMs, therefore content “protected” by ESE will not be available to those who only use free software.

    1. James, thanks for participating in the discussion.

      Yes, I understand that in today’s environment content owners will not make open source CDMs available. I hope that it changes; but it may not.

      Meanwhile, I see others on the thread have proposed other solutions to the content protection problem. I hope some bring the proposals to the Working Group.

  55. Here’s my understanding of this proposal: a standard to allow websites to require non-standard plugins. That’s what a “CDM” really is: any non-standard plugin that does a certain standard task.

    How does standardizing a way to be non-standard make any remote sense at all?

    Corporations that want to use proprietary, non-standard plugins are already able to do so. It’s called Adobe Flash, and websites like Netflix and Hulu use it already. There is no legitimate argument to say that we need a standard way to be non-standard, even if you think that digital handcuffs are not a horrible abomination.

    You might as well say, “Hey, web developers, you can just ignore all these web standards, because HTML Variety allows you to specify an encrypted HTML page format that only one web browser can read!”

    Tomasz Sobczyk claims that this will have no real effect, and in a sense, he’s right. Those of us who currently refuse to use Adobe Flash will refuse to use these “CDMs” just the same. The problem is that the W3C is now choosing to endorse non-standard, proprietary extensions to replace the non-standard, proprietary extension we currently have, Adobe Flash. In other words, it’s endorsing a replacement for an outdated proprietary technology that is rightfully finally dying.

    This is not just stupid; it’s sickening, because the W3C is doing this all while claiming that it’s for the free and open web, which couldn’t be further from the truth.

    1. onpon, thanks for participating in the discussion.

      We are trying to develop an open architecture where through a single interface (HTML5) users can get access both to free content and protected content in an interoperable fashion.

      I agree that those who would not utilize CDMs will not see any advantage from this proposal.

  56. Hi,

    Throughout the world, there is law systems which allows for private copying and in these areas, citizens of these countries pays a fee for having an exception in the legal system that allows for copying of digital media for private usage.

    By supporting DRM on the open web, you basically undermine the rights of people throughout the world to access, and copy (for private usage) digital content on the web. 2011, the Swedish organization that enforces this law Copyswede wrote that the private copying levy was accounting for almost 80MSEK, which is equivalent to about €9M. This might not sound like a lot, but since the copyright owners write on every single movie that “ALL COPYING, EVEN FOR PRIVATE USE, IS PROHIBITED BY LAW” – doesn’t it seem quite strange that we’re supposed to pay a levy for something that apparently doesn’t even care much to recognize our rights as consumers?

    By allowing EME as a standard for the open web, the W3C contributes to enforcing american ideals and laws in non-US juristdications. With copy protection, there is an increased risk that content that I have legally aquired and legally choose to copy for private usage is DRM-protected to such a degree until I could no longer enjoy downloading movies I (legally) have aquired on my Nokia N9 – simply because I choose to have an uncommon (although, fully standard compatible) unit.

    Any kind of web extension for enforcing DRM is essentially hostile to juristications in which DRM-protection is not illegal to bypass and copying (for private usage) is accepted by law.

    1. Emil, thanks for participating in the discussion.

      I am not a lawyer, so I’m not sure that I can fully address your points, but here is my understanding.

      You say that by allowing the EME standard (nb – we have not approved the standard it is a work-in-progress; but let me address the implications if we were to approve the standard) we would increase the use of copy protection and thereby remove rights that individuals have in non-US jurisdictions. In my opinion, owners of premium content are equally likely to use DRM whether or not there is a W3C EME standard – hence there would be no additional removal of rights.

      I would agree, by the way, that ideally we find a fully open method to address the requirements that have been brought forward.

  57. Dear Jeff,
    Thank you very much for your answer.
    I hope you don’t mind if I ask you a question regarding that answer. Did W3C explicitly state the criteria it applies to prioritize the rights it will try to protect by working on new specifications, when those rights are the rights of a group of Internet users? What I mean is that there are lots of groups and then lots of rights to defend, so how do you determine which deserve working on new specifications?
    Best regards,
    Esteban

    1. Esteban, in the W3C process, the W3C Director Tim Berners-Lee has the final say on the work that is chartered in Working Groups and whether to approve W3C Recommendations when the work is complete.

  58. Depressing to see extent of Hollywood influence.
    Why should w3c work towards fusing hollywood business model into the web?
    I think Encrypted Media Extension is an unnecessary venture.

    @Tomasz Sobczyk
    “If you don’t like someone’s product, then just don’t buy or use it. Who’s forcing you to watch such videos? If you don’t like your video with DRM, then go complain to the content providers and try to persuade them to stop using it. You’re arguing with the wrong people.”

    It is neither practical nor fruitful to go and persuade numerous companies to not use DRM.
    Persuading the architect of this mess that is about to happen is the only option.

  59. The only way to make these “CDMs” actually implement digital handcuffs successfully is for them to be proprietary. This is no good in itself, but even if you have no qualms with nonfree software, what this means is basically that anyone using an unpopular architecture (OpenPandora) is screwed. That is not interoperability.

  60. “some have pointed out that erecting a walled garden of protected content would violate principles of the open web, and content providers have a legitimate right to be compensated.”

    I can’t see how raising walled-gardens within the browser–AKA. DRM–would help anything.

    The open web is for public exchange. That is its reason of existence, and the key to its success. Surrendering that public nature to the commercial interests of some is opening the door to destroying the last bit of non-mercantile environment.

    It appears obvious, with regard to what happens with patents and assorted commercial strategies, that as there is at least one corporation patenting life itself, there will be corporations to patent public knowledge. Amazon removing legally acquired books from their customers’ devices is a prime example of what to look for when this specification becomes a recommendation.

    As a matter of fact, there is no issue at all with keeping Hollywood off the Web. Before, we had AOL, CompuServe, and cable TV. Why would the public space need to bow to private interests at all? Can’t they keep doing what has worked for them before? If they can’t, well, they need to adapt to the public, not the other way around.

    This specification is an attempt at shrinking the public space.

    1. hellekin, thanks for participating in the discussion.

      I believe I understand your comment to limit the web to non-commercial uses. While I respect that point-of-view, my impression is that most want to be able to use the web for commercial uses as well.

  61. I had a copyright violator, who stole a series of my photographs without any permission.
    Based on that, I issued a warning letter to him that has cost only 0,50€. He removed the content within 1 day.
    Suing him would cost me nothing, as I had RAW material and he would have to carry out all the costs.

    I had no need for any DRM for this and I strongly oppose any effort to encrypt Web, especially using undisclosed proprietary one-platform one-browser only solution, especially when its proposed as standard. DRM has proven multitude of times to fail and provide NO real protection, but instead seriously cutting on flexibility, and creating and pushing abominations as “pseudo-standard”.

    I am very thankful to W3C for finally waking up after long sleep and pushing HTML5, but the day when W3C allows this “standard”, will be the day of its most grave error.

    What you are doing is wrong, please stop!

  62. Jeff,

    The biggest concerns people have here is that the EME proposal is a new plugin system that will lead to a new set of platform dependent plugins. Since the main goal of the Web is to work on all computers regardless of hardware or software platforms this kind of proposal should be ignored by the organization.

    After that there are the security concerns (see Sony rootkit scandal)and fundamental concerns about user operation blocking (“I’m sorry Dave, I’m afraid I can’t do that.”), remote companies turning our computers against us and the degradation of the concept of ownership.

    The only open “solution” that Andrew Miller provided was using JavaScript for obfuscation which is already common practice. His point was that we don’t need EME/CDM to accomplish that level of control since it already exists. So why should his “solution” be added to this draft?

    You said “…but I am not aware of any video codecs implemented in javascript”. Then you must have missed the news about ORBX.js a little while back. (Not to mention Broadway.js/Route9.js before it.)

    1. Jeffrey, thanks for participating in the discussion.

      I believe you raise sensible issues (interoperability, security) with the EME spec. As I noted, the EME spec is an early specification. I encourage you to raise issues with the spec within the HTML Working Group.

      Thanks for the pointer to ORBX.js.

  63. The origin of the idea that artists will only be compensated with the protection by these companies is truly a mystery to me. Why is there a false dichotomy between Artist’s content either being protected by established distributors or being pirated? Why is it that established media empires haven’t died out in the last 20 years of an open web?

    1. Frank, thanks for participating in the discussion.

      I believe that what is new in this case is that media companies are looking for methods to distribute content on the web and still be compensated for the content.

  64. Jeff, this is already possible on the Web. People have been doing it for ages. I’ve bought music, videos, games, and software over the Web with no problems, from both very small publishers and larger ones. In Rainbows, the Humble Bundles, and Louis CK’s standup specials are some well-known recent examples. I plan to sell a game the same way within the next few years and don’t feel that the Web lacks any features necessary to do so.

    DRM is not a technical requirement for selling a digital product, and implying it does feels very disingenuous to me. DRM cannot even exist unless someone buys the product in the first place. The only thing standing in the way of big publishers’ selling their media to me is that they refuse to unless the W3 makes specific technical concessions. (I have little interest in installing any CDM even if browser vendors decide to implement this specification and if the popular CDMs work on my operating system—so media authors will still refuse to sell to me.)

    This is extortion, and you and I are the victims. Placing a video file on the Web and charging for access has been possible for well over a decade, but a few large publishers are threatening never to do it unless you pen a specification and I install software that grants them control over a product I’ve purchased. Again: how does EME actually benefit either the producer or the consumer? The consumer loses useful functionality of his/her computer, and the producer at best forces pirates to buy a tripod and film their own monitors.

    The true argument here is not over whether DRM is a good idea technically; it is over whether selling digital media is viable without DRM. Nobody seems willing to actually have that conversation, and I don’t understand why the W3 is taking for granted that a DRM-free model is impossible when it continues to be done as we speak and the larger interests refuse to even give it a serious try.

    Creators deserve to be compensated for their work if that’s what they want. They do not deserve to mandate how I view their work after I’ve already bought it.

    1. Alex, this addresses your first post from last night – the one that starts “Jeff, this is already possible on the Web.”

      I agree that there are payment schemes that do not rely on DRM – and to be sure – W3C has not endorsed a particular solution at this stage. The current EME spec, which includes interfaces to DRM, is a work-in-progress to address requirements for a variety of cases including “high-value video”.

      As I’ve said to others, if proposers have alternate solutions that scale to address the requirements brought forward, they are encouraged to join the Working Group and bring those solutions into the discussion.

  65. Apologies for the double post, but I had an afterthought.

    Jeff, everyone here seems to agree that content creators ought to be able to be paid for their work. But consider the usual workflow for actually purchasing digital media on the web today: I have to create a oneoff account (possibly after hunting around to find who’s correctly licensed to sell particular media in the first place…); wait for email confirmation; and provide my credit card number, full name, and home address. All this before I can even think about actually acquiring the media. I cannot be the only one who’s tired of giving intimate personal details away (and leave yet another record of my supposedly-private credit card number) solely for the right to buy something for five dollars.

    Contrast this with the workflow for pirating something: search for it, click a link, wait a few minutes, and you’re done. This is the workflow you’re competing with. (I doubt adding more technical restictions will make honest purchasing seem any more alluring.)

    The real technical problem here is that sending money over the web sucks. Credit card numbers are archaic, human-unfriendly, error-prone, and risky to give out, not to mention that requiring them for all digital purchases means the credit card industry necessarily profits off of every transaction. Sending money to anyone without the ability to accept credit cards requires using a middleman like PayPal or Dwolla—more accounts, more typing in long strings of meaningless digits.

    This is an embarrassing state of affairs. If the W3 wishes to significantly boost digital sales on the web, its time would surely be far better spent writing a specification for handling payments and other money transfers. The EME mailing list has the ear of representatives from many large players with deep pockets; use those contacts to give the financial industry a kick in the pants and make this possible. Let me pay for items in a way that takes only a single click, doesn’t expose who I am and where I live to the seller, and doesn’t leave me vulnerable to future fraud.

    Payments in the browser would benefit everyone and remove a ton of the existing friction from digital purchases. Please consider putting EME’s resources towards this instead.

    1. Alex, this addresses your second post from last night, the one that starts “Apologies for the double post”.

      I agree that we are overdue on the topic of having a robust web payments framework for the browser. We currently have an internal task force looking at the right way to address this.

      The topic is complex and part of the focus of the task force is to understand how we can best be helpful to the overall topic.

  66. Ok, quoting this part: “Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content. Therefore, while the actual DRM schemes are clearly not open, the Open Web must accommodate them as best possible, as long as we don’t cross the boundary of standards with patent encumbrances; or standards that cannot be implemented in open source.”

    This is why copyright laws were put into effect. The purpose is to protect the owner’s content from being infringed upon.

    Also, quoting this part “It has also been noted that a number of widely deployed proprietary technologies are used with the Web, including some video codecs and technologies accessed through plug-in APIs. We are not supportive of proprietary video codecs but recognize that to have far-reaching standards that support interoperability it is essential to include connections to such proprietary elements, some of which may be replaced in time with open standards.”

    This has been the case for years… there has always been a multitude of different standards (mp3, mp4, wmw, Apple’s codecs, Adobe Flash/Shockwave, etc. With HTML5 debuting, we still don’t have a standard format in fact, it’s only added additional formats to the list (Webm, and Ogv)

    The reality is, this is the inevitable side effect of corporate interests moving in.

  67. Jeff, you’re missing the point. Why do we need “interoperability” in the way we load non-standard plugins? If someone is uninterested in following the standards because they want to restrict users, there is no need or legitimate reason for a standards committee to help them do non-standard things.

    They have already done non-standard things before. It’s called Adobe Flash, and it didn’t need a standards committee’s help. Heck, Flash is as interoperable as a proprietary extension can possibly be; only those who either don’t like proprietary software or use an unpopular architecture (e.g. OpenPandora) are screwed. Adding this standard for loading non-standard plugins will bring no benefits to anyone; at worst, it will only convince people who don’t know any better that refusing to follow the standards is somehow for the “free and open web”.

    1. onpon, the goal as articulated in the EME spec is “This proposal allows JavaScript to select content protection mechanisms, control license/key exchange, and implement custom license management algorithms.”

  68. I’m troubled by the use of the term ‘premium content’ in this conversation. I’m sure this term is popular amongst DRM enthusiasts, but it implies an inferiority to non-DRM content that is entirely undeserved. It’s subtle but polarizing language, and belittles the majority of content creators on the Web.

    Our concern in this case is to maximize the content available through the Open Web Platform. A subsidiary objective is to make it possible for premium content to be available.

    Jeff, thanks for the clarification. I have several questions about how DRM relates to your stated principles (http://www.w3.org/Consortium/mission). In particular:

    The W3C mission is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the Web.

    The mission leads with that statement. What do you see is the relationship between the availability of DRM-restricted content, and that goal?

    Below we discuss important aspects of this mission, all of which further W3C’s vision of One Web.

    In what way do you think that endorsement of DRM will contribute to One Web?

    One of W3C’s primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.

    Will the W3C insist that compliant implementations respect all of those freedoms, including geographical location?

    W3C’s vision for the Web involves participation, sharing knowledge, and thereby building trust on a global scale.

    Do you agree that DRM is built upon a principle of not trusting users?

    1. Duncan, lots of questions, let’s see if I can do them all justice.

      Yeah, the term premium content is probably not the best term.

      You ask about how content protection relates to the objective of ensuring the long-term growth of the Web. Of primary importance to me is that people can get access to content – and that we don’t have a situation of certain content becoming a walled garden on the web or available only through apps. So that is why we think it is important to address content protection.

      Frankly, I don’t understand the question about insisting that compliant implementation respect geographic location. As a general rule, we don’t provide conformance testing and have no way of insisting what people implement.

      I also don’t understand your question about trust. We have a great deal of work in security, for example; much of which is necessary because we cannot rely on trusting that everyone always does the right thing. Every time that we have less security it actually causes less trust. Your question seems to imply that by the ideal system is totally trusting, but truthfully a totally trusting system gets hacked all the time and reduces trust.

  69. Placing a video file on the Web and charging for access has been possible for well over a decade, but a few large publishers are threatening never to do it unless you pen a specification and I install software that grants them control over a product I’ve purchased.

    Indeed. Not only is it possible, it’s being done right now: I just paid US$12 to PeepCode for one of their videos. They sent me an email, and I downloaded the video to watch at my leisure.

    There were no proprietary plugins, codecs or DRM systems required – just a browser, and a credit card. I’ll grant you that the credit card use was a trifle slow, but faster than lining up in a physical store, and no less secure.

    There is nothing broken here. Move along, and take your DRM with you.

  70. A point that has not been raised thus far:

    The nature of the W3C is to define standards for the use of the World Wide Web – not the NATO Web, the world wide web. The issue being discussed here is the protection (sic) of content (sic) with the goal to allow creative work license holders to limit the ability for playback by site/service visitors of the creative works they hold redistribution licenses for, thus providing channels for compensation schemes for said content. Given that the definitions of most of the words in the last sentence vary from country to country and trade agreement to trade agreement, how is the W3C ever supposed to provide a structure that would be acceptable world-wide? At the very least this is something that should be handled within the WTO, an organization that at its very heart is focused on the ability of license holders to restrict the works they hold licenses to.

    1. Damien, thanks for participating in the discussion.

      I agree with you at the level that we are not at all setting policies between nations at the level of the WTO. We are creating technical standards to enhance interoperability between implementations.

  71. Duncan, lots of questions, let’s see if I can do them all justice.

    Thanks :) And I appreciate the job of moderation here too – there’s a very high signal to noise ratio which I hadn’t expected for an issue this contentious.

    You ask about how content protection relates to the objective of ensuring the long-term growth of the Web. Of primary importance to me is that people can get access to content – and that we don’t have a situation of certain content becoming a walled garden on the web or available only through apps. So that is why we think it is important to address content protection.

    DRM is software that is designed to restrict a user from playing content on certain devices, in certain ways, and in certain locations. I think that is the very definition of a walled garden. I genuinely do not understand how you believe that supporting DRM will elminate walled gardens.

    In the best case we will have moved from an ad-hoc collection of walled gardens, to an ad-hoc collection of walled gardens with the support and moral endorsement of the W3C.

    If your concern is genuinely to eliminate the need for apps, and the enclosue of content in walled gardens, why not use your considerable influence in opposition of DRM altogether?

    Frankly, I don’t understand the question about insisting that compliant implementation respect geographic location. As a general rule, we don’t provide conformance testing and have no way of insisting what people implement.

    That was my point :). The W3Cs mission states that:

    One of W3C’s primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.

    Breaking down that list, we see that DRM is inimical to several goals:

    • hardware: DRM implementations are known for being hardware-locked; Netflix is the most prominent recent example, re. the ARM-based Chromebook
    • software: existing DRM implementations are tied to specific browsers and operating systems
    • geographical location: many (most?) DRM implementations implement geographical segregation (a.k.a. region encoding)

    That is, by lending support to DRM, the W3C is helping to ensure that at least some web content is restricted by hardware, software, and geopgraphical location. This is in direct opposition to several of your stated goals.

    I also don’t understand your question about trust. We have a great deal of work in security, for example; much of which is necessary because we cannot rely on trusting that everyone always does the right thing. Every time that we have less security it actually causes less trust. Your question seems to imply that by the ideal system is totally trusting, but truthfully a totally trusting system gets hacked all the time and reduces trust.

    It was poorly expressed, my apologies :(

    To put it a different way: DRM removes control of certain aspects of a device that I own, and places it in the hands of another. It does so in a manner that could not be less trustworthy: most DRM solutions are proprietary, closed-source applications.

    This means that I can’t rely on others to audit it for me (as with FOSS) and I can’t audit it myself.

    Some DRM implementations in the past have been so aggressive in their usurpation of control that they have qualified as malware; the Sony rootkit is a particularly egregious example of this.

    DRM actively reduces the trustworthiness and security of all machines on which it is installed. It has to by design: its stated purpose is to restrict the capabilities of a general purpose computer.

    1. Duncan, to the point that you feel we should not be supporting DRM, I would simply point out that we are trying to balance principles against DRM with the principle of having protected content available through web browsers. We are not supporting DRM. We are not standardizing DRM. We think that it would be helpful to get today’s protected content available through open APIs; as we’ve done to accommodate other proprietary solutions.

      In terms of restrictions that DRM imposes, I’m certainly not going to argue that DRM is perfect; to this point we are not standardizing DRM. I’m not sure it is as restrictive as you say, though; e.g. even GNU/Linux can run DRM content.

      In terms of usurpation of control by DRM, I again note that we are not standardizing DRM. I noted in my blog post that the EME APIs could also support open source, breakable DRM which relied more on social conventions.

  72. Based on the concerns presented about “content providers” excluding customers unfairly by platform, the web being an all or none market, it seems mandatory to an open web that the standard require that all CDMs be unconditionally platform-agnostic. By this I mean that in order to ensure that those who chose to use the “content providers” products must be able to on any Operating system with a working HTML5 Browser regardless. In simpler terms the CDMs must be mandated as OS/Browser independent. This allows the CDMs to be proprietary, while forceing any group using them to offer their content for sale to all internet users, as is already mandated by current W3C standards, and by non-digital laws controlling the equality with which customers must be treated regardless of personal details. The APIs should be written so that no platform-exclusive CDM will function. An alternative would be for the W3C to whitelist CDMs, and to do so solely on the basis of their presensce on all HTML5 Compatible OSes/Browsers. Quite simply if the “content providers” wish to sell their wares online, they will have to follow the same rules as anyother online user. In sheer numerical terms, they do not merit any special treatment or aceptace over the welfare of internet users as a whole.

    Brendan Aragorn

    1. Brendan, thanks for participating in the discussion.

      Indeed, I agree partly with your point. It should be possible to implement our specifications on as many platforms as possible. It is difficult to mandate this as some platforms might choose not to implement the specs, but that should be our goal.

      I believe that you go a step further – that we place requirements on the CDM layer which we do not standardize. I’d like to learn a bit more how we might do that; it is challenging because we specifically do not want to get into CDM standardization.

  73. You are justified in use diverse of digital environments in this case www, and that in this process there are different approaches. This is true. There are different ways of seeing the world and also to build Internet and digital environments. But the W3C has an approach very own (should), and has been built from a community. And from that starting point, also should underpin the priorities and what energies are spent. So that now we have this discussion is evidence and proof of how the community around the issue understands how to build digital environments. That is, we are spending energy on this discussion, but not that we want to spend energies on the development of this draft. Do not lose sight, The technology does not build communities itself, but rather the development of technology is a own space for the development of communities. We care that our decisions not validate the destruction of our own spaces, we use the elements we have to think about it step by step.

  74. Ascribing legitimacy to this discussion is difficult because it concentrates on the use and disregards the abuse of this protocol. HTMLx will work quite well with or without EME. It’s prosecution is therefore “political”. The EME will exist as part of the agenda of “predatory corporations”, “intransparent government agencies”, “dystopian legal systems” and “malfunctioning government”. It will be used to restrict access to internet media.

    Two examples from recent personal experience:

    YouTube blocks some video in Germany because it is in “dispute” with claims made by the GEMA. The GEMA is a statutory body that levies the use of recorded performances to provide a form of social insurance for Artists. Admirable cause; were it not for nasty side effects. At the moment I can use a foreign proxy to view the material. Someone will have to explain clearly to me which commercial, or statutory “right” requires a corporation to block third party content in this manner. This is not a matter of “terms of use”. Will EME contain a proxy blocker for nationally “proscribed” or “disputed” material? Germany has no real concept of “Fair Use”. Much of the material blocked contains accidental or minimal use of background music. How will the EME deal with a regional, predatory and abusive use of the standard?
    Germany has a extensive independent public broadcasting system. It is a guarantee that no Political or Financial interest can dominate the media. A hard lesson learnt that the W3C should review in detail. Such a PBS is also a source of abuse. An independant video company shot 400 Hrs of video. The subject, with her family and animals, received no payment. The material was bought by a Public Broadcaster. A cut of an hour’s length was broadcast. A copy of the broadcast was provided to the subject. Later the subject approached the Public Broadcaster for access to and permission to use some of the unbroadcasted material. This was refused on the basis that “Policy required that such archived material could only accessed by Public Broadcasters and Authorised academic Researchers”. The legal opinion on this refusal was colorful. But, that the issue would be a civil case involving time and considerable money to obtain judgement perhaps even with constitutional implications. The question is whose “rights” are being abused? The subject of the video or the owner of the tape.
    The EME can and will be used to assert “property rights” that do not exist. The EME makes the fundamental error of assuming that control of the source equates to exclusive ownership of the content. The W3C should not enable such questionable rights. Until such time that the W3C can demonstrate the EME will not be abused it should drop any further discussions of the matter.

  75. I agree that those who would not utilize CDMs will not see any advantage from this proposal.

    EME has the potential to create a culture in which users who don’t utilise CDMs may be prejudiced for that decision. This isn’t the only concern, however.

    DRM has the ability to extend both technical restrictions (users may not be free to understand how the software works) and legal restrictions (users may have to agree to a EULA to watch a video online). CDMs may reduce users’ rights to fair use or fair dealing, depending on the application.

  76. It’s entirely likely that nothing which has DRM today will be accessible in 25, 50, 100 years. That is the legacy you’re leaving. Its a legacy of mistakes, with your names as authors.

  77. Jeff. I see you arguing the point that the web “needs premium content”. I think you got it the wrong way around.

    Given that you have obviously been pressured into sneaking poisonous DRM into an open standard, I would argue it’s the providers of “premium content” who needs the web and not we who need them.

  78. Dear Mr. Jaffe,

    “The question in my mind remains: is there a ‘solution’ which addresses the business challenge that content distributors have brought forward which can be brought to the Working Group?”

    “Once we get past the choice of words, I was trying to make the following point. If a movie studio (for example) invests in creating a film and wants to distribute it over the Web, most people would agree that they have a right to charge for that. Would you agree with that point?”

    I deny that there is a ‘challenge’ at all here. What we have at hand is a fundamental misconception on the side of the content distributors and how they want to use the Web to distribute their content.

    The Web, from the very beginnings, has always been a collaborative platform for the advencement of the sciences and culture. Both sciences nor culture are an end in themselves, they are not mere means.

    Content distributors however see the Web as little more then a content delivery plattform. And this is where they go wrong; they ask the question ‘How can we use the Web to deliver content to our customers?’. This is the wrong question.

    There are many, many ways to create content for and on the Web and still generate renevue. This is done by placing content before profit, the advancement of culture and science before the generation of income. Pay-what-you-want models have revitalized the independent scenes of both game and music producers. Graphic artists have experiences huge success with value-added services for the admirers of their art, by providing print services and signed special edition. It is by directly interacting with the admirers of their products that artists can maintain an income. Not by locking down their creations.

    (I will mention but not elaborate on it: DRM is mathematically impossible; every DRM scheme is broken and will be hacked. DRM is a fundamentally flawed concept.)

    We already have DRM in the Web. Through the browser plugin API we already have a mechanism to run closed source binaries in the web browser and there are many content distributors that make use of this; be it using a Flash player, Java or Silverlight. The users of alternative operating systems are already locked out by the content distributors using aforesaid mechanism. Standardizing DRM in the browser will not change this.

    1. Raphael, thanks for participating in the discussion.

      You raise an interesting and important perspective – that those who ask “how can we use the Web to deliver content to our customers” are asking the wrong question.

      My observation is that the Web long ago has crossed the line from being a collaborative platform for the advancement of the sciences and culture to being a far more impactful medium for business and commerce. I respect the idealism that you imagine for the Web, but for my part society has benefited by allowing the Web to be used increasingly as a universal medium.

  79. I can’t believe that I stayed up most of the night reading this blog post, all the responses and even the referenced paper from years ago and I am still under the impression that I will only be able to watch Netflix on my personal computer if I am running a Microsoft operating system or something closed down by Google. I remember feeling a little bit of hope when I heard the HTML5 was going to be a game changer, a sort of web equality to the downtrodden 1/10th of 1%(or whatever they say is the market share) of Linux users in the world. Sadly, nothing changes at all. Moving along.

  80. Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content.

    No, because the DRM implementation itself would be outside of the definition of the Open Web. Something isn’t part of the Open Web just because W3C creates a specification for a container where whatever binary can be linked. That is not what the Open Web is about.

    This is not needed, but it is disastrous for the Open Web.

    Please, please, do not do this.

    1. Victor, thanks for participating in the discussion.

      I appreciate your concerns. But the larger concern, I believe, is that a significant collection of content ends up in closed apps, rather than accessible as part of standard Web access through browsers.

  81. Why DRM? Isn’t it exaggerated? What about simple use meta tags to describe rights and summarize them in the footer tag or in the separate page?

    1. Pavel, thanks for participating in the discussion.

      W3C has not selected any particular solution for the requirements brought forward, and we are not standardizing DRM. The Working Group is working through developing solutions to the requirements.

  82. Hi Jeff,

    Thank you for your reply.

    But the larger concern, I believe, is that a significant collection of content ends up in closed apps, rather than accessible as part of standard Web access through browsers.

    How will a standardized container for arbitrary binaries make content “accessible as part of standard Web access through browsers”?

    If the browser don’t support the DRM implementation used, which at least in many cases will be binary, closed source and proprietary, then “a significant collection of content ends up in closed apps”. That is exactly, word for word what you tell us you want to avoid?

    Can you give a concrete idea about how Mozilla Firefox (completely open-source) could be able to, on all its platforms, provide access to all content protected by arbitrary DRM implementations using the Encrypted Media Extensions you are proposing? I hope we can agree than an answer that includes Firefox downloading and executing arbitrary binaries, including closed source proprietary binaries, that will only work on “some” or “most” platforms, isn’t good enough.

    1. Victor, I cannot speak to the product plans of one company, so I can’t answer specifically what Mozilla will release as products.

      However, I know that Mozilla participates in the HTML Working Group and I hope and expect that they will provide requirements to EME to ensure that they can implement the spec.

  83. It is not possible to implement DRM in any way inside an OpenSource browser. This means the end of fully compliant OpenSource browsers.

    1. Simon, thanks for participating in the discussion.

      We are not standardizing DRM.

      We expect that a fully compliant OpenSource browser should be able to implement EME, and certainly to implement HTML5.

  84. Jeff,

    expect that they will provide requirements to EME to ensure that they can implement the spec.

    I trust that the W3C and vendors would handle this case as well as most other new specifications, which means that Mozilla would have no larger issues implementing the specification itself. But that was not, in any way, my question.

    My question was how we can avoid your concern cited below

    But the larger concern, I believe, is that a significant collection of content ends up in closed apps, rather than accessible as part of standard Web access through browsers.

    The problem is, that unless the browser vendor starts making agreements with DRM implementation vendors (aka content providers), there is no way, under any circumstances, that most content protected by DRM implementations using the Encrypted Media Extensions, can be:

    accessible as part of standard Web access through browsers

    And such agreements is not possible for open source software.

    The Encrypted Media Extensions goes directly against open-source philosophy. Which means that the Encrypted Media Extensions makes it impossible to provide a full-featured open-source web browsing experience. Either hardware, operating system or web browser needs to be licensed with content providers.

    I you believe I am wrong, please try to answer my previous question again. Forget the Mozilla Firefox bit, and just answer how any open-source stack ever would be able to compete on a web with Encrypted Media Extensions in use.

    If there isn’t a good answer to that question, how on earth would Encrypted Media Extensions be in line with the concept of “the Open Web”?

    1. Victor, I would agree that if a browser product chose not to implement EME and not get access to protected content that they have every right to do so. If they make that choice – to your point – they would not be able to access protected content.

      I don’t know if any browsers will make such a choice.

  85. Most important is for the community to come up with solutions that can best achieve goals of the competing interests.

    So your response to “what kind of input do you want from the community” is simply that you want us to concede to the demand for content protection tags, and propose solutions that the competing interests will accept?

    Excuse me if I don’t see how that is a community-driven process, or anything remotely resembling a compromise.

    You have basically stated that, despite opposition from the community at large to the assumption that the requirements being stated by special-interest groups are actually necessary, you expect the community and the W3C process to implement the requirements regardless.

    If I have misunderstood your position, please elaborate on your original statement.

    1. Alec, thanks for participating in the discussion.

      To clarify, we are looking for input on technical solutions; not the scope of the project.

      The W3C Director has already decided that content protection is “in scope” – so we are not currently looking for input on that. My blog post tried to explain why we see this as a requirement, and we understand that some (perhaps you) disagree.

      Within that scope, there might be numerous technical solutions. EME is only the current proposal in front of the Working Group. We invite comments on the draft. For those with alternate proposals, we invite them to join the WG and propose.

  86. Jeff,

    We are not standardizing DRM.

    Yes, you are. Even worse, you are creating a specification for a model where the implementation is unspecified and may very well be proprietary licensed, locked to certain hardware etcetera.

    We expect that a fully compliant OpenSource browser should be able to implement EME, and certainly to implement HTML5.

    You keep answering all concerns regarding the problems with a specification for a container for arbitrary binary implementations, with assurance that the specification of the container itself, and implementations of the container specification, is not any less open than any other W3C specifications. No one doubt that.

    But it becomes quite absurd when you totally refuse to talk about what’s expected in these containers. We, again, understand that that is outside of the scope of the Encrypted Media Extensions specification itself. But it is not, in any way, outside of the scope in a discussion about whether the Encrypted Media Extensions is a threat to the Open Web or not. The W3C has to take that discussion. Really really need to.

    Because so far the W3C has not provided any comforting evidence that the Encrypted Media Extensions is not a threat to the Open Web. While plenty of evidence indicates that the Encrypted Media Extensions is a threat to the Open Web.

    We expect that a fully compliant OpenSource browser should be able to implement EME, and certainly to implement HTML5.

    I feel like I have no choice but to interpret this as you do not expect an open source browser to be able to actually make sense of an Encrypted Media Extensions implementation, since implementations of DRM using Encrypted Media Extensions are expected to be mostly non-free, non-open proprietary. And that the W3C do not see that as a major issue.

    I do hope my interpretation is wrong.

  87. The W3C Director has already decided that content protection is “in scope” – so we are not currently looking for input on that. My blog post tried to explain why we see this as a requirement, and we understand that some (perhaps you) disagree.

    Thank you! I do really appreciate this honest answer.

    With that said, I think it’s really sad that the W3C is not interested in any discussion of the scope of the project. It’s hard for the broad community to discuss things before they get attention. Telling us that it is too late to discuss it when it finally gets attention. Well. I hope you understand if community members don’t feel encouraged to engage.

    Thank you for taking you time to answer our questions, though.

  88. Mr. Jaffe wrote:

    I am trying to understand how to parse “available only to few”. The type of content protection envisaged in the Working Group would make content available to all, but at a price.

    If you mean that the Open Web Platform should not include content that is only available at a price, then I would understand your point of view, but humbly disagree.

    This (cleverly!) elides the entire issue. You write “available at a price”, expecting people to think that the “price” is the price of the movie. It isn’t. It’s instead the price of purchasing, installing, commissioning, and using hardware and operating systems that have been blessed by the “content” “providers”, including the opportunity cost of not using other hardware or software that the user may prefer. This proposal doesn’t even address the question of how to charge for the movie itself, because existing solutions for that are working.

    A (much) earlier commenter raised the issue of archiving but received no reply on that topic. Could you explain how the proposed technical “solution” avoids bitrot and ensures future access to today’s content?

    1. Douglas, thanks for participating in the discussion:

      About bitrot, I imagine that you would agree that some form of access limitation; e.g. via access control or payment system is OK – you are just objecting to the particular DRM systems that certain content providers are using.

      I’m not sure I understand why one such scheme is more likely to suffer from bitrot than another. Unless you think there should be no access limitations at all.

  89. broad agreement that some form of content protection is needed for the Web

    I see no such agreement. The web flourished quite well without any form of “content protection” in the specification, and people can use flash or whatever plugin they wanted to implement any form of access restriction they wanted.

  90. Hi Jeff,

    I’m puzzled.

    Given that absolutely no DRM scheme from the entertainment industry has ever succeeded in making any video un-pirateable, would you agree that putting DRM into the web will similarly do nothing to prevent anyone who wants to pirate a movie from being able to do so?

    If so, then DRM-in-the-browser will clearly do nothing to prevent people from making unauthorised copyies of the content the media industry is trying to protect. Thus the only function that it will serve is to put barriers in the way of legitimate users trying to access the content that they have paid for.

    That being the case, how exactly do you justify browsers with DRM being good for anyone? Piracy will be unaffected, whilst legitimate users will be inconvenienced.

    What are you hoping to achieve?

    1. Dominic, thanks for participating in the discussion.

      If the entertainment industry were to conclude (as you have) that their DRM schemes will fail, I would expect that their next approach would be to avoid DRM schemes that appear to be impenetrable and move to open source (breakable) DRM schemes that rely on social convention for success.

      The EME spec would be able to work with such schemes and have a fully open source solution. I think we are far from such a solution, but that possibility is worth noting.

  91. Jeff, here are some important questions that should be address in the MTFP/EME proposals.

    Why does content need to be protected? Has anyone ever endangered content? How has content ever been put at risk?

    How are the legal rights of content owners and distributes being endangered? As far as I know the job of protecting legal right belongs to the courts. Software mechanisms can not in fact protect legal rights.

    (this post didn’t make it through the first time (yesterday) so I’m re-posting it)

  92. The author eloquently explains how some people feel that EME’s are necessary for a “rich experience” on the open web.

    I think that other people are trying to point out that in this implementation, an “open web” with EME may no longer actually be (fully) open, nor necessarily a web anymore.

    What some people have intuited is that perhaps when we look at technical solutions within the framework of the scope set by the W3C Director, the charter of the w3c, and of course the ecology in which it operates; many or possibly all possible solutions may end up exceeding that framework, despite that not being anyone’s upfront intent.

    The organizational challenge here is that the working group have merely been tasked with finding a technical solution. From what you’re saying (@Jeff), they have not explicitly been tasked with ensuring that such a solution would in fact remain in scope.

    This is a sticky situation. I’ve encountered a similar organizational challenge at WMF. Learn from our mistakes ;) The working groups’ best move might be to go back to the director, and ask for the additional leeway they may need to stay within the framework within which the W3C operates.

  93. If a distributor wished to create and then sell a item of content on the web we already have security that it is only being sent to the person that is requesting the item.

    All secured communications provide protected for all data transmitted through the service.
    The only thing this does is prevent you for accessing the content in your preferred player or media system. This will kill all project like Boxee, XBMC, VLC, just to name a few.

    This content managment system only stops you from using the content how you want, and only lets you access the content in the way that they want. Do you trust a company like Sony that installed RootKits on computers to have your best interest in mind?

    This is called Digital Rights Management, and it is about managing your rights to your content, and your access to your content. At no point has anyone ever used DRM to allow a person to use the content that they PAID for the way they want to use the content that they PAID for.

  94. “While this viewpoint is important to consider as part of the debate, we have heard multiple principled and practical arguments on both sides of the issue.

    “We all aspire for a rich Web experience. Principled arguments for content protection….”

    It is interesting that you seem to dismiss the “principled and practical arguments” against content protection out of hand.

    1. Tommy, thanks for participating in the discussion.

      I think it is a bit unfair to accuse the W3C Director of dismissing some arguments out of hand. I know that he has spent a great deal of time studying both sides of the issue.

      The best solution for this (and most) issues is to find a compromise that satisfies all stakeholders. We still aspire to find such a compromise.

      At the moment, this appears to be a knotty issue where it is hard to find compromise. So the Director has made a decision that content protection is “in scope”. Just because he made that decision does not mean that he dismissed other arguments out of hand.

  95. This indicates that W3C is now far too heavily influenced by its commercial members and acts to represent the interests of large organisations with significant lobbying power.

  96. while we welcome and value input from all parties, we intend to continue to work on content protection

    Why enable comments if you are going to ignore them? You could just ask the content providers what they want and be done with it.

    1. yuumei, thanks for participating in the discussion.

      We have several goals from this public discussion.

      First, we are listening. Several people have posted potential solutions to content protection that do not require DRM at all. They have been encouraged to get the proposals to the Working Group.

      Second, we are looking for consensus. As I indicated in the blog post itself, there might be solutions for content protection that satisfy the requirements brought forward and are implementable in open source.

      Third, we are informing about what we are doing and what we are not doing. Some thought we are standardizing DRM. We are not. Some thought that DRM cannot run on Linux. It can.

      Fourth, we are explaining the W3C Process. While some would like us to stop properly chartered work in the middle we are not authorized to do so. Working Groups have considerable autonomy.

      Fifth we are explaining the status of EME. It is not an approved recommendation – it is a work in process.

      I don’t think it is fair to say that we are ignoring the comments; even as we don’t agree with every comment being made.

  97. Putting aside the political issues, I don’t get what technical benefit this is meant to provide. In what way does standardising the Javascript APIs used to access CDMs benefit the open web, compared to (say) each CDM implementing its own distinct Javascript API?

    The different CDMs are intentionally not interoperable in any way – if a media file is protected with Google Widevine, the fact there’s a CDM available for Microsoft PlayReady through the same API is of no help. Having the same JS API doesn’t significantly help CDM portability across multiple browsers either because there’s no public API between CDM plugins and browsers, so CDM providers still have to negotiate with each browser developer individually. (As I recall, having an API of this kind was rejected because it goes against the content-protection goals of EME; even if there was one, content providers would likely reject CDMs that used it.) It also doesn’t help much with portability across competing CDMs – you can use the same Javascript at the client end, but you’ve still got to support multiple DRM servers on the backend, each with its own API and system requirements, and you’ll still probably have to compress, encrypt and store a duplicate copy of every video for each of them. While the draft describes two encryption schemes, they’re non-normative, so CDM vendors don’t have to use them and probably won’t because they already have their own file formats and encryption schemes. It’s actually less standardised than pay TV encryption!

    What exactly does standardising this one tiny corner of the problem achieve, other than allowing companies to advertise their DRM solutions as 100% HTML5 compliant?

    1. Aidan, thanks for participating in the discussion.

      I think it is a fair question you are asking – whether a particular EME proposal will enhance interoperability or not. That is something that the Working Group must decide, and ultimately the Director will decide if it is proposed as a W3C Recommendation.

      We have taken no position on the current EME spec itself – it is an early draft inside the Working Group.

  98. Most important is for the community to come up with solutions that can best achieve goals of the competing interests.

    To clarify, we are looking for input on technical solutions; not the scope of the project.

    Your first comment makes a huge assumption that has not been proven — that the “competing interests” behind this proposal are legitimate and of equal value such that some “interest-balancing” needs to take place. The second comment implicitly rejects the technical solution we have already come up with, which is to scrap EME.

    First let’s examine the “competing interests.” On the one hand we have the overwhelming majority of the entire planet’s population, whose interest is in having the Internet be as robust, uninhibited and wide open as possible. This interest has been facilitated by open standards that are focused on making the Internet an efficient and powerful delivery mechanism for content, without regard to who owns that content or whether it has been legally acquired. On the other hand, we have a small cabal of “content owners” that are in withdrawal from the financial heroin an antiquated business model gave them in the 20th century and still haven’t figured out that the Internet is not their enemy and embraced it. Their interest, as has been made glaringly obvious over the last few years (SOPA, ACTA, TPP, etc.), is in doing everything in their power to control or break the Internet.

    The “goals” of the “competing interests” here are not equal either in legitimacy or in value, and the W3C should recognize that.

    The “technical solution” the community has come up with to “content protection” (aka DRM) is to reject it as morally, technically, and economically abhorrent and to bar it categorically from consideration by open standards bodies like W3C. The “technical solution” we came up with is an unequivocal and forceful message to the “content owners” (who the community knows are the only ones supporting this proposal) that says, in effect, “It is technologically impossible to stop people from copying and distributing your content without fundamentally breaking the open Internet. The Internet does not exist to serve your interests. If you can’t work with open delivery systems, others will, and we eagerly look forward to working with businesses that do not automatically assume their customers are thieving pirates.”

    The community has come up with the way to “best serve the competing interests.” It evaluated those interests, determined “premium video content” is simply not valuable enough to justify the kind of incursion proposed here (or with any other DRM scheme), and arrived at a technical solution of scrapping DRM for the greater good of the Internet.

    1. Jeremy, thanks for participating in the discussion.

      I acknowledge – as I’ve done elsewhere on the thread – that some have the perspective that content protection is against Web principles and that this is the overwhelming principle above other principles. On this point, we’ll disagree.

      To us, the more universal principle is that all content be accessible through the open web rather than through proprietary apps.

      Certainly those who want to use the Web exclusively for non-content-protected information are free to do so with no restriction.

  99. Jeff: You continue to insist that you are listening in your comment responses, but the second line of this post is: “The purpose of this post is to inform the community that, while we welcome and value input from all parties, we intend to continue to work on content protection, and publish this draft.”

    In other words: We value your input, but unless you already agree with us, please send it directly to /dev/null where it will be properly reviewed.

    Content “protection” does not belong in HTML, full stop. There have been thousands of voices of web users, developers, and designers telling you this repeatedly, yet because 3 of them belong to Netflix, Google, and Microsoft, you suddenly have decided that this is going to happen. This is not a community process, this is a sham wherein you can come through a few months down the road and say “we listened to the community and decided we didn’t like what they had to say, so deal with it.”

    People that want to implement the impossible solution of restrictions management can continue to use the existing proprietary plugins to do that. EME does not actually solve any problems on this front and W3C has yet to provide any reason why EME is necessary at all. Given that all of the decryption is handed off to device-specific blobs, those same blobs can just use the tag and go on as planned.

    The only reason for EME to exist seems to be the W3C making a political stand that restrictions are a good thing and that we should be grateful that they are going to be forced into the Open Web. This should not be something W3C spends its time or effort on.

    1. Evan, thanks for participating in the discussion.

      I’m not sure I fully understand your point about my “not listening”. I explained in my blog post (among other things) how the W3C Process provides autonomy to the W3C Working Group to proceed. So I’m not sure what I would do that you would characterize as listening.

      I do believe that the dialog is important. For other reasons you might look at my response to yuumie, above.

      I appreciate that there are thousands of voices who have petitioned us not to approve EME. There are also millions of people who are willing to pay for streaming video on the Internet. So the W3C Director has decided that it is “in scope” for the technical community to address all of these competing viewpoints and principles as best possible.

  100. I acknowledge – as I’ve done elsewhere on the thread – that some have the perspective that content protection is against Web principles and that this is the overwhelming principle above other principles. On this point, we’ll disagree.

    To us, the more universal principle is that all content be accessible through the open web rather than through proprietary apps.

    Please examine this as a syllogism to see how self-defeating it is.

    1. You disagree that content protection is against Web principles.
    2. From 1, content protection is not against Web principles.
    3. CDM’s are for “content protection.”
    4. From 2 and 3, CDM’s are compatible with Web principles.
    5. The “universal principle is that all content be accessible through the open web rather than proprietary apps.
    6. From the use of “rather” in 5, accessibility through “proprietary apps” does not satisfy the universal principle that all content be accessible through the “open web.”
    7. CDM’s are proprietary apps.
    8. From 5, 6, and 7, CDM’s are not compatible with Web principles.
    9. 4 and 8 are contradictory.

    By your own “universal principle,” EME has to go.

    1. Jeremy, while the requirement of content protection is not against Web principles, that does not mean that every content protection solution is within Web principles.

      Today’s CDM’s are proprietary and have patent restrictions. We have no intention to standardize them.

      The analysis you provide incorrectly assumes that just because a technology is used for content protection, it is automatically compatible with the principles of the Open Web. That is not our position.

  101. “The purpose of this post is to inform the community that, while we welcome and value input from all parties, we intend to continue to work on content protection, and publish this draft.”

    One simple question: does this mean that it is the decision of the W3C that DRM of some sort will be implemented and written into the standards no matter what objections are raised and that the only discussion you intend to pay any attention to is discussion of what specific form of DRM is written into the standards and how specifically that will be implemented?

    1. Brad, thanks for participating in the discussion.

      No, W3C has not made any decisions that DRM of some sort will be written into the standards.

      First, there is no intention to standardize DRM at all.

      In terms of EME, which standardizes APIs that can be used to call DRM system, there is also no decision that it will be written into the standards. EME is an early draft – a proposal in front of a Working Group. We will not know whether it is approved until the Working Group completes its work, proposes to standardize it, and has it reviewed by the W3C Director.

  102. Ignoring for now the interesting discussion to be had on the distinction you draw between EME and DRM (a distinction many of us reject as false), please correct me if I’m wrong but the conversation you are having now, as a working group, is exclusively focused on the methods for mandating DRM/EME/whatever and not on whether or not this is a good idea, correct?

    That basically the only comments from the public your working group is interested in are comments on the subject of what form of DRM/EME/whatever is best, not comments questioning the whole exercise and suggesting that it would be better to abandon the project entirely?

    At what point did/will the discussion for whether or not the web standards should include any form of DRM/EME/whatever at all was or will be held? Has that discussion already passed? If so, when did it take place and who was permitted to join in the discussion? If it has not yet taken place, can you provide us with any guesses as to when it will happen? Or is such a discussion going to happen at all?

    Because if I’m reading all of your comments here correctly, it appears that you and your working group are not interested in, or authorized to have, a discussion of whether or not to write DRM/EME/whatever into the standards, but rather how best to go about doing so. Have I misunderstood your position?

    1. Brad, to take your questions in chronological order.

      W3C has a Group called the Web and TV Interest Group. That is the group that established the requirements for EME.

      Within the HTML Working Group, a subteam is developing the spec to address those requirements.

      The W3C Director has decided that content protection is “in scope” for the Working Group.

      There has been no decision relative to a technology to implement content protection. In other responses for this blog post, people have proposed alternate solutions. They are encouraged to bring those proposals to the Working Group.

      EME is a draft specification. In no way has W3C approved it. The only things that have happened are that the problem specification is in scope and we have released a First Working Draft of the spec.

  103. So, after reading this, I see you are like the GOP now – forget what the public wants, and just rush through what you see fit. Maybe, just MAYBE you should start doing things based upon your founding principals instead. This makes me sick.

  104. Jeff, perhaps I’m missing something here. I’m afraid my knowledge of the inner workings of the W3C is next to non-existent.

    Does the Web and TV Interest Group have power inside the W3C such that their requirements are to be implemented without any chance for others to object and say that their requirements are bad and should not be implemented at all?

    If not, when do those of us who object in principle to the very concept of EME/DRM/whatever being imposed on web standards get a chance to voice our concerns and have the possibility of the W3C listening to us and scuttling the Web and TV Interest Group’s requirement?

    Is there a time for discussion and debate on the merits of DRM/EME/whatever being put into the web standards and whether or not it should happen at all?

    I think I understand the chronology up to now:

    1) Web and TV Interest group says “we want DRM/EME/whatever in the web standards”. No public discussion on whether or not this is a good idea is entertained.

    2) Tim Berners-Lee says it is “in scope” (whatever that means). No public discussion on whether or not this is a good idea is entertained.

    3) Your group sets about deciding how best to force a DRM/EME/whatever regime on all web browsers in the universe, and asks for comments on how best to do this. No public discussion on whether or not DRM/EME/whatever is a good idea is entertained, the only acceptable comments are those on what form of DRM/EME/whatever would be best.

    4-10) ???

    Is there EVER a time for those of us who hold the position that including DRM/EME/whatever in the web standards is an extremely bad idea with far reaching consequences of the most dire sort to have our position heard and the possibility for this entire concept to be abandoned? Is there a time and a place for this to take place? A vote to be held? A time to even talk to the people who make the decision and let them know why we think forcing EME/DRM/whatever into every web browser on the planet is a bad idea?

    1. Brad, this is all part of the public discussion.

      Part of the discussion if for people to provide alternate solutions to the spec. I requested that in the blog post.

      Part of the discussion is to provide comments on the spec. I requested that in the blog post.

      Part of the public discussion is an ongoing conversation of the pluses and minuses of different approaches. I encouraged people in the blog post to join the W3C restricted media Community Group which is where we intend for that conversation to take place. Proposers of the EME spec also participate in the CG and respond to comments that people make.

      Part of the public discussion is taking place here.

      The W3C Director looks at all of this input and has been reading the dialog on the blog post. I know that participants in the Working Group have been doing that as well. I imagine that this dialog will influence how they continue to develop the current (or alternate) EME spec and it will influence the Director’s ultimate decision whether to approve any proposed spec.

  105. I would just like to say that the idea of the W3C supporting any kind of DRM sickens me. W3C is supposed to stand for an open and interoperable World Wide Web. If HTML starts being riddled with DRM, that will cease to be. I realize the entertainment industry has a lot of clout with governments, but had hoped the W3C held itself to a higher standard than to be the entertainment industry’s lapdog. I’m sorry to see that I may be mistaken.

  106. Today’s CDM’s are proprietary and have patent restrictions. We have no intention to standardize them.

    The analysis you provide incorrectly assumes that just because a technology is used for content protection, it is automatically compatible with the principles of the Open Web. That is not our position.

    Your position above was “the more universal principle is that all content be accessible through the open web rather than through proprietary apps.”

    Given the “universal principle” and your admission that “today’s CDM’s are proprietary and have patent restrictions,” today’s CDM’s are incompatible with the universal principle of the Web and therefore should not, in any way, be supported. Granting that the Director concluded it is “in scope” (a claim which itself has been subjected to little analysis), the proper response of the Working Group should be to scrap EME and report back to the Director that anything which would encourage or support today’s CDM’s is incompatible with the universal principle.

  107. Without content protection, owners of premium video content […] will simply deprive the Open Web of key content.

    Strangely enough Bandcamp provides DRM-free downloads and high quality DRM-free listening for free – and they are doing extremely well. If the video industry is dying, it’s not because of a lack of DRM, it’s because the publishers don’t want to adapt. This is a flawed argument for including DRM support.

  108. I agree with Rob Myers.
    Please stop before you betray your founding principles any further.

    Honestly.

  109. I’m not sure it is as restrictive as you say, though; e.g. even GNU/Linux can run DRM content.

    Then I suggest you perform some more research – for example, Netflix doesn’t work on GNU/Linux, and they are one of the major agitators in favour of the EME.

    If you had to guess, what odds would you give that Microsoft would provide CDMs for OSs other than Windows (and perhaps OSX?) The DRM systems within Silverlight are restricted to those systems already. And Microsoft is another of the pro-EME agitators.

    In terms of usurpation of control by DRM, I again note that we are not standardizing DRM. I noted in my blog post that the EME APIs could also support open source, breakable DRM which relied more on social conventions.

    And you also noted that no major content providers would find that solution acceptable. I submit that those who would, wouldn’t bother with DRM in the first place.

    We are not supporting DRM.

    If you introduce a ‘protected content’ API, then yes, you are. According to your website:

    The World Wide Web Consortium (W3C) is an international community that develops open standards to ensure the long-term growth of the Web.

    Do you agree that endorsement of a technology by the W3C is a form of support? You would be endorsing & lending legitimacy to the technology.

    Duncan, to the point that you feel we should not be supporting DRM, I would simply point out that we are trying to balance principles against DRM with the principle of having protected content available through web browsers.

    Jeff, I’m aware that’s what you’re doing. What I’m trying to do is to call out the fact that the ‘principle of having protected content available’ is stated nowhere in the W3C mission statement.

    The fact that you’re suggesting it needs to be balanced with your stated principles proves that you’re aware that it is inimcal to them, as I’ve also demonstrated.

    1. Duncan, I can’t comment on particular product decisions made by particular companies.

      Here is why I think GNU/Linux can run with DRM content. W3C wants its specifications to be broadly implemented, including by Linux developers. I have found some posts on DRM and Linux from Linus Torvalds and from Richard Stallman, the latter debating whether it is less bad to have DRM content on a free platform rather than being forced to a non-free platform to accommodate DRM.

      These posts seem to indicate – at a minimum – that it is possible to run DRM content on Linux.

  110. Mr. Jaffe wrote:

    About bitrot, I imagine that you would agree that some form of access limitation; e.g. via access control or payment system is OK – you are just objecting to the particular DRM systems that certain content providers are using.

    I’m not sure I understand why one such scheme is more likely to suffer from bitrot than another. Unless you think there should be no access limitations at all.

    Your suggestion of not understanding the concern about bitrot strains credulity, but in the interest of courtesy I will spell it out.

    The proposal (to the extent that it works at all as a technical solution, others have repeatedly raised the issue that DRM is physically impossible) enables content distributors to require that playback of their content be done only through software — or even hardware! — that they endorse. Suppose the proposal is adopted in 2014. Suppose in 2015 a major content provider named BigMovieCorp releases a niche-but-important film. Then 60 years go by, and in 2075 someone wants to watch the film either for entertainment or for research.

    In the non-DRM scenario, the film was encoded with a standard codec for which there are likely to be available implementations for modern hardware. One reason that is likely is because it is legal to create implementations for modern hardware.

    In the DRM scenario, the film was encoded in essentially the same way, but then obfuscated so that only people with a BigMovieCorp-issued USB dongle can view it. Unfortunately for the would-be viewer, BigMovieCorp went out of business in 2037 and USB was phased out in the 2050’s. Should libraries be expected to acquire and maintain working players for all of these mutually-incompatible DRM schemes? Or should the researcher be expected to go to yard sales looking for obscure 60 year old hardware that nobody ever thought to save? Or try to find out what silicon foundry BigMovieCorp’s subcontractor’s subcontractor used to produce the dongles and see if they are willing to (illegally) make a new one? If BigMovieCorp’s lawyers were up to speed with the legal fashions of 2010’s America it might not even be legal to resell one of the dongles, so you couldn’t even legally go down the yard sale path!

    All of this is the way the system is designed to work, which is why I’m incredulous that you don’t seem to have considered these impacts and instead prefer to insinuate that I “think there should be no access limitations at all” and thereby endorse piracy.

    1. Douglas, thanks for clarifying your issue.

      Candidly, I’ve not heard this issue before, relative to EME, but I would encourage you to raise it as an issue with the specification. I don’t know if the Working Group would view it as an EME issue or not, but I think it is certainly a useful topic to discuss.

  111. Also, it’s worth considering that EME support in HTML may prove to be a backdoor for hardware-implemented DRM. From Ryan Paul, on Ars Technica:

    Netflix’s Mark Watson responded to the message and acknowledged that strong copy protection can’t be implemented in an open source Web browser. He deflected the issue by saying that copy protection mechanisms can be implemented in hardware, and that such hardware can be used by open source browsers.

    So, EME:

    • is not necessary for commercial content provision
    • is inimical to the W3Cs stated mission
    • is a step towards integrating the Web with hardware DRM

    I urge the Director and those with the responsibility for the EME proposal to abandon it.

  112. Thanks for responding to our messages, I was just hoping to add my surprise, aside from the simple fact that DRM does not work not even a little bit, and being smart people you are aware, that the W3C would even entertain the idea. I suspect it may be more of the illusion of control that the industries require and that DRM provides, in order to get them to commit the content that this stems from.

    I am not sure that I have read one comment in support of EME in the comments area. There is a somewhat clear endorsement of the blog that the idea that DRM is a necessary evil in H5 in order to get the industry to commit content which is unsurprising. What is surprising is that I would have expected a large group of people to be in this thread supporting your ideas as well as offering constructive criticism. It will be interesting to see the tone of the work group and how it compares with those commenting above me.

    Lastly I find it amazing that the W3C specifically would look at something based on being open and universal like HTML and would even begin to entertain a closed restrictive encryption standard like this. I don’t think this body of work should be developed at the level its being developed at, and although I recognize the need for it to be developed it should be on the entertainment industry to implement it for their streaming sites and not a built in defacto standard. It seems like quite a leap to go from an protocol built on universality and openness, to making walled gardens for the entertainment industry, built DRM-ready right into a standard like H5. I agree that DRM is needed but not like this. Don’t disagree with the idea in general but where it is being implemented is all kinds of wrong.

    1. Rob, thanks for participating in the discussion.

      In terms of your point that it makes sense for DRM schemes to be standardized elsewhere, indeed my impression that it is happening elsewhere. We are not standardizing the encryption scheme. The EME proposal focuses on providing interfaces from HTML5 to such schemes.

  113. Note that anyone who tries to point out the sheer hypocrisy here will not make it past the moderators, because they need to continue the appearance of an honest debate where the desired solution lies in the middle of the two extremes.

    As Jeff himself admits, when it comes to accessibility due to bitrot and age, “Candidly, I’ve not heard this issue before”. That is, one of the most obvious issues with this entire proposal. No Internet Archive. No Abandonware. No public domain after copyright expires.

    And we’re supposed to consider the W3 the authority on where efforts should be spent?

    1. Steven, thanks for participating in the discussion.

      I find it surprising that you think moderators are screening contrary opinions. If you look at the collection of comments, I would say that many of them express opinions close to your assertion of “sheer hypocrisy”.

      We ask for polite on-topic discussions and we don’t censor polite on-topic posts.

  114. HTML is an open standard which should not be co-opted for corporate purposes. And believe me, I say that as a proud capitalist. It is simply important to keep some things separate–and this is one of them. If content owners want to use DRM (whatever their justification) then they should be forced to continue to provide their own less-than-ideal solutions as they currently do (Netflix on the decent end with Silverlight, ABC/NBC/CBS/etc. with their horrid Flash-based players). They should not be allowed to insert themselves like a parasite on an open standard. I love Netflix, but I refuse to allow them to corrupt the openness of our “open” standard.

    The bottom-line is that we have plenty of access today, and I highly doubt that we’ll experience any reduction in quality or quantity of access should content-providers fail to add DRM to HTML. And for this user, I’m calling their bluff. If they really want to pull their content off-line in the event they can’t get DRM in HTML then so be it. I’ll read a book on my Kindle.

  115. Whether DRM stands for Digital Restrictions Management, or Digital Rights Management, is a matter of perspective.

    What’s not arguable however is that DRM requires servers to hand a user content and a key and still try to control how they use it. The only way you can do this is with secrecy, by making it hard to reverse-engineer how the key unlocks the stream. In any other context, security by obscurity is unacceptable. But with DRM, it’s the only kind of security they can have.

    While the Working Group may expect to see open source implementations of the EME specification there will be no open source DRM/CDM with an open key.

    This is DRM in all its popular forms is 1) proprietary, and 2) a product of security by obscurity with legal protectionism (anticircumvention laws). DRM is fundamentally opposed to the W3C’s stated goals and EME exists only to facilitate DRM.

    Here’s an analogy: the video/audio tag exists only to facilitate video and audio. When the video/audio tag came without an explicit codec there was a natural concern about whether other browsers could implement it, whether the codecs would be a ‘black box’, but at least there was open source code for the h.264 codec, and people could buy a license from MPEG LA who do not discriminate amongst their users.

    There is no equivalent maturity in DRM. There is no vendor neutral organisation that can provide per-seat CDMs. Even though the MPEG LA situation isn’t the best for open source browsers like Firefox at least there is a fairly neutral organisation that per-seat users can buy legal options from.

    In the 1990s music companies insisted that they needed DRM but we now know that was talk. You’re promising greater access to content with DRM but this is unscientific and unproven.

    The web doesn’t need DRM any more than broadcast TV needs the broadcast flag. Content producers said that the broadcast flag was necessary, and that without it they wouldn’t allow their content to be broadcast.
    In that case, there was a bunch of push-back against the broadcast flag, the proposal died, and now all kinds of stuff gets broadcast in the clear. When push came to shove, the content producers didn’t actually need the broadcast flag, and their business models still work without it just as well as they did before.

    Alternatively, please, just listen to Hixie: https://www.w3.org/Bugs/Public/show_bug.cgi?id=10902#c24

    They have the <object> tag already. This proposal facilitates black box software whose only goal is to conflict with the stated goals of the W3C.

  116. Do NOT do this : it is a bad technical and moral decision and goes against the strength of the web, its openness.

  117. Principles and beliefs aside, this seems wholly unnecessary. At some point, an external binary will be required to playback DRM-protected content, so why not let said binary do all the work of integrating with mainstream browsers? Things surrounding DRM do not need to be implemented into web standards, because DRM-protected mechanisms will always be created at a proprietary level with very little incentive to confirm to web specifications.

    I have no problem with sensibly implemented DRM despite it being something of a rarity even after all this time, but I will always choose a non-DRM alternative when given the choice. I suspect that if the W3C goes ahead with this change, some particularly influentional people may suddenly decide that W3C’s standards aren’t all that great anymore, go their own way and cause yet further standard fragmentation. Web standards do not need this kind of unnecessary bloat, keep things simple and you’ll have more chance of having browsers adopting your standards properly.

    I won’t even get started on the inherent futility of DRM, anybody working on this specification should already be well aware of the technical flaws in the very concept of DRM.

  118. Hello Mr. Jaffe,

    I’d just like to be another voice expressing disapproval that additional content protection requirements fall in scope of the W3C in the first place.

    DRM (including the EME proposal) – whether open source or proprietary – is effectively just a means to keeping honest people honest. It is a technical impossibility to simultaneously allow a user access to content yet disallow access to the same content. Unless you can get end to end encryption from the server to the browser to my monitor (a sad thought indeed) at some part in the chain I could simply plug a recording device into a monitor port and just record the decoded video, I could use screen capture, etc. As the pirating world has shown there is no possible way to satisfy the requirements delegated to the Working Group. Honest people will pay for quality content regardless of content protection and there is already sufficient support for authentication schemes to determine if the honest user should be allowed access to premium content.

    Please accept the logically impossibility of this requirement, use history to provide it’s supporters with evidence of it’s futility, advise them to adapt their business models to new technology, and as a last resort express your deepest sympathies that they have chosen to ignore the truly massive audience that is the Open Web. Illegitimate access to content is already available on the Open Web – we don’t need them, they need us.

    Drenith

  119. As Jeff himself admits, when it comes to accessibility due to bitrot and age, “Candidly, I’ve not heard this issue before”. That is, one of the most obvious issues with this entire proposal. No Internet Archive. No Abandonware. No public domain after copyright expires.

    And we’re supposed to consider the W3 the authority on where efforts should be spent?

    That, and the fact that he was apparently unaware that existing DRM systems discriminate on platform and geographical grounds:

    I’m not sure it is as restrictive as you say, though; e.g. even GNU/Linux can run DRM content.

    Correcting this is supposed to be the purpose of this sort of open forum. Committee members and CEOs aren’t supposed to be omniscient, they’re supposed to ask for information and opinion and learn from it. That appears to be what’s happening here.

    Of course, the real test will be to see how the Director responds to such an overwhelmingly negative response from the Web community. My inner cynic worries that the recommendation of EME is a fait acompli, but my inner optimist maintains that the result of the community consultation is that it’ll be scuttled.

    We’ll see …

  120. “To the best of my knowledge, EME and Netflix can run on Linux machines as well.”

    I presume either you’re not familiar with Linux or you simply mean that I can type http://www.netflix.com in to an address bar and reach the netflix website from a computer with any given Linux distro running one of the browsers available to us(Firefox, Chrome, etc.). Or did you mean that I can go to the website and select some DVDs to be sent to me through the mail(do they still do that?)?

    I am referring to the Watch Instantly feature. The luxury afforded only to users of Microsoft, newer Macs or Chromeboxes. Linux users cannot do that because DRM cannot be implemented in to open source. Firefox on Windows doesn’t mean it’s the same thing as Firefox in Linux. Netflix requires Silverlight from Microsoft. You cannot install Silverlight onto a Linux system. If MS were to port it to Linux, maybe this wouldn’t be an issue but why in the world would they do that?

    Here is, currently, what a Linux user sees when he/she attempts to watch a movie or tv program at Netflix through one of the aforementioned browsers(forgive my html skills if this doesn’t show properly as it’s been a while):

    Complete System Requirements

    To watch instantly, you”ll need a computer that meets the following minimum requirements:

    • Windows
    • Windows Vista or Windows 7
    • Internet Explorer 8 or higher; or the latest version of Firefox; or the latest version of Chrome
    • 1.2 GHz processor
    • 512 MB RAM

  121. Mac
    • An Intel-based Mac with OS 10.4.11 or later
    • Safari 4 or higher; or the latest version of Firefox; or the latest version of Chrome
    • 1 GB RAM

  122. Chrome OS
    • A Google Chromebook or Chromebox running Chrome OS 20 or higher

    It is not a matter of whether we are willing to pay for their service. The fact is we are not allowed access to their service because we are running the same software on our computers that make the precious internet what it is today and more than likely what your MT blog software is running on.

    Certainly, I understand the EME should not have any problem being introduced to an open source browser as you are only creating a convenient socket for these non-standard, closed-source, walled garden, proprietary applications to plug in to. What the first step of these closed applications do(and that is what they are, I’m not sure where you have been misled in to thinking that a decryption module is not a closed application), is create an access barrier between the user and the content. If your perfectly within standards browser is not on their approved list, you can go no further. This is only assuming that the decryption modules can even be installed into the system in question. In the case of something like Flash, we were lucky enough to have a Linux version(though Linux support has ceased as of Flash version 11.2). In the case of Silverlight, we couldn’t even install it in the first place.

    Consider what this means for a moment. The W3C is currently drafting a specification for a technology that will aid in the limitation of the “openness” of the web to that of only closed systems.

    Obviously I know that the W3C is not the entity that will be doing the actual restriction. You’re just letting them use the elevator instead of making them take the stairs like everyone else.

    1. Bryan, thanks for participating in the discussion.

      In terms of getting Netflix on Linux platform, your post indicates that it is available on Chrome OS, which is Linux based. So I suppose that it is possible.

      More generally, please note my post above in response to Duncan’s question. It appears from posts by Linus and Richard Stallman that it is possible to run DRM on a Linux system.

      I can’t comment on particular product decisions made by Netflix, particular browsers, or particular distros, however – since I am not privy to their plans.

  123. Actually, Netflix isn’t available on Chrome OS in general. It apparently only runs on official Google Chromebooks which are locked down from the hardware level up to ensure no-one can install unauthorised applications or software modifications; if you disable that lockdown, you can’t use Netflix anymore because the DRM module knows and blocks access. It’s unlikely they’ll ever support Linux in general given they don’t even trust unlocked Chrome OS on trusted hardware, and unless I’m mistaken EME is designed to help restrict media playback to a particular hardware and software configuration like this,

  124. Here is why I think GNU/Linux can run with DRM content. W3C wants its specifications to be broadly implemented, including by Linux developers. I have found some posts on DRM and Linux from Linus Torvalds and from Richard Stallman, the latter debating whether it is less bad to have DRM content on a free platform rather than being forced to a non-free platform to accommodate DRM.

    These posts seem to indicate – at a minimum – that it is possible to run DRM content on Linux.

    Jeff,

    It is indeed theoretically possible to run DRM content on Linux. But Hollywood will never do it, EME will not change their minds, and talking about what’s theoretically possible isn’t really relevant when it’s so unlikely to happen that it might as well not be possible at all.

    The post from Linus is from 2003, and the post itself is only talking about whether DRM is possible under the GPL, not whether any studios would ever be willing to do it. It’s been more than a decade since that post.

    Richard Stallman’s post is not “debating whether it is less bad to have DRM content on a free platform rather than being forced to a non-free platform to accommodate DRM.” He bluntly calls out DRM games as “unethical,” says that “rejecting nonfree software is necessary, pure and simple.” The closest he comes to “debating” is by saying that using the unethical games on Linux is better than using them on Windows because Windows is bad all by itself. But that’s like saying if you’re going to steal, it’s less bad to steal $100 than it is to steal $1,000. Both are unethical, and the fact that one act may be less unethical than another unethical act does not mean it should be supported.

    Also, I would very much like to hear a response to my post above pointing out your admission that today’s CDM’s are incompatible with W3C’s universal principle.

    1. Jeremy, on your last point that you asked again – I thought I made clear above – by saying that we would not standardize today’s CDMs that they are incompatible.

  125. These posts seem to indicate – at a minimum – that it is possible to run DRM content on Linux.

    Jeff, it may be technically possible. But, it would have to be by either:

    • a proprietary, closed-source binary blob, or
    • an open-source implementation that could be trivially disabled

    The former is a bitrot-prone, untrustworthy walled garden – the very thing that you have stated the W3C’s opposition to. There would be no technical difference between this solution and, say, a Flash plugin.

    The latter simply won’t happen. Consider Netflix’s position on the matter, and they are one of the three cheerleaders for EME.

    It’s unsettling that you claim to not be privy to Netflix’s plan. They are lobbying to have the W3C recognise DRM by way of the EME.

    Do you not think that, as the CEO of the W3C, you ought to be more concerned about the possibility that the W3C is being manipulated to endorse a technology that is meeting widespread resistance from the vast majority of the Web community?

    1. Duncan, I don’t think that the W3C is being manipulated. The W3C Director is trying to look at the content protection problem from all angles. We see principles on both sides of the argument. That is why the problem of content protection has been ruled “in scope”.

  126. Actually, Netflix isn’t available on Chrome OS in general. It apparently only runs on official Google Chromebooks which are locked down from the hardware level up … unless I’m mistaken EME is designed to help restrict media playback to a particular hardware and software configuration like this

    You’re not mistaken, and it is disingenious of the W3C to claim otherwise: two of the three major proponents of EME are Netflix and Google, who produce the software and hardware components of the system you describe.

  127. Thanks Jeff for keeping up the discussion here. I’m concerned about the tone of recent discussions on the public-html-media list. It appears that Paul, as HTML WG co-chair, has taken the February staff statement on EME and this blog post as a mandate for the railroading of the EME specification regardless of community views or discussion.

    W3C staff has clearly stated that work like EME is a valid area for work under the HTML WG’s charter. However, that does not give the WG the authority to force through a proposal that is the subject of criticism. Certainly, there are an infinite number of possible tasks that could credibly fall under the HTML WG’s charter, but the vast majority of them would soon prove to be a bad idea (see also XHTML2, for one example). While technical discussion on individual EME APIs may be acceptable, Paul appears to have taken the view that any dissent doesn’t belong on any HTML WG mailing list.

    If the EME spec is truly such an open “work in progress,” why is any discussion as to its strengths and weaknesses and to its role in an interoperable open web ecosystem forbidden?

    1. Zach, thanks for participating in the discussion.

      Paul is not saying that there should be no dissent within the HTML WG. In fact, he says that specific bugs should be filed against the spec in Bugzilla. That is the way that the Working Group ordinarily processes objections. There have been concerns raised by several people about the interoperability of the spec, and the Working Group will need to satisfy these concerns to get to the point that the spec is a W3C Recommendation.

  128. Mr. Jaffe: you wrote:

    “My observation is that the Web long ago has crossed the line from being a collaborative platform for the advancement of the sciences and culture to being a far more impactful medium for business and commerce. I respect the idealism that you imagine for the Web, but for my part society has benefited by allowing the Web to be used increasingly as a universal medium.”

    Honestly, this perspective is far more concerning to me than the EME proposal. It seems directly in opposition to the stated goals of the W3C Mission. Certainly, I am grateful that the Web has spurned such opportunities for business and commerce; that success is responsible for my livelihood in fact. However, “W3C’s vision for the Web involves participation, sharing knowledge, and thereby building trust on a global scale.” I do not begrudge that “participation” includes the large Hollywood studios and content distribution companies, but I do claim that their participation on the Web ought not to be to the detriment of everyone else’s. The advancement of commerce is a part of the advancement of the sciences and culture, and by fostering the latter, we create an environment in which the former can flourish.

    The “universal medium” you speak of is harmed by allowing protected content to subvert the goals of the W3C Mission:

    • Protected content is not available to all (hardware restrictions, software restrictions, geographic restrictions, etc…)
    • It cannot be accessed by a wide range of devices
    • It is inherently a “read-only” model that prohibits interaction (no fair use of content, no excerpting material for critical commentary or parody, no remixing or adaptations of content, etc…)

    If the “idealism,” as you call it, of a free and open Web to foster global collaboration doesn’t belong at the W3C, then where does it belong?

    1. Zach, looking back on my previous comment, I agree that I phrased it poorly.

      It was not my intention to chastise the idealism. Looking back on how I wrote this, it was written poorly.

      I do however, believe that the Web is used and should be used for a variety of purposes which require content protection. Some is done with access controls which I believe has broad acceptability. For example, there is personal financial information that commercial establishment have about individuals – noone believes that this information should be universally available.

      I accept that many have the viewpoint, as I’ve said elsewhere, that the type of content protection sought by EME is viewed by some as opposed to the principles of the Open Web. I believe that there is a competing principle of getting all content accessible in the Web rather than proprietary apps and we are exploring how to balance those principles.

  129. HiJeff thanks for the chance to discuss this openly.

    I will try to be as technical as I can.

    I run a gnu/linux distro called trisquel [1]. In order for it to be considered free I cannot install any non-free software. It even cleans up the Gnu/linux kernel to remove ‘blobs’. It might be technically possible for me to run DRM content as both Linus and Stallman mention I would have broken my system. Something like calling a hamburger organic when the beef comes from a genitically modified cow that ate only non orgsnic food durring it’s lifetime.

    Stallman says it is less bad. but it is still bad. kind of how an enviormentally concienced person recyles glass but does not get around to recylcing cardboard. at least the effort was made. but it is still bad and if you really want to maje the effort you would try to be the best you can be.

    some of us want the web to be organic and enviormentally friendly.
    i.e. the best it can be.

    about putting. technical sugestions to the mailing list I sugested to do what is already been done by the music industry with their drm free content and other smaller movie companies. but I was sent here because it was not relevant there. jamendo is a good example.

    [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html

  130. It saddens me to see this is what W3C, and indeed, the so-called “Open Web” has come to. Aside from poorly worded arguments and many, many logical fallacies that comprise this rationale, the point that is being made is inherently flawed. Actively standardizing and supporting interfaces to proprietary CDM will never lead to more content being made available on the Open Web. Jeff, you also keep sidestepping the issue by reciting arguments nobody ever made (strawman), being deliberately vague about your choice of words and by generally failing to see this issue from the perspective of Internet users.

    You are proposing some kind of open source CDM. This will, of course, never work; the goal of DRM is to take power away from users and competing software developers, which besides being unethical.

    You also fail to actually acknowledge the 25k+ autographs on the petition, besides stating that you are aware of it’s existence. Perhaps you also forgot that W3C, web standards and indeed, the Open Web itself, aren’t there for the corporate lobbyists and apologists. Actively supporting closing off parts of the Open Web to promote content being made available through unethical means is like bombing for peace, it doesn’t really work, agitates the people who could be valuable assets and is a sign of a rushed planning phase, perhaps due to pressure from third parties.

    Please also stop asking people to come up with technical solutions; this isn’t a technical problem, it’s an ethical one. We can all read between the lines, but please just state your opinion on the needs of lobbyists vs the freedom of the average Internet user instead of half-heartedly implying that “content-producers” have the right to be paid; this is not the issue, and nobody is fighting this assertion, at least not right now. The issue at hand is whether a technical solution for the content protection issue is possible. IMHO, this is not the case; any digital handcuffs that cannot be unlocked by the user is a compromise I’m not willing to make. W3C should support the Open Web, and by extension, open standards only.

    The only relevant argument that actually makes sense is the statement that companies such as Hollywood studios really, really want to control distribution of creative works they currently hold the rights to. Big surprise there.

    Here’s to hoping the next blog post/rationale won’t be filled with logical fallacies and FUD, and will actually address the following questions:
    * What people or organisations wants DRM? Is it the users? Or the creators of creative works? Or just the big publishers?
    * What is the measurable, practical benefit of standardizing interfaces for proprietary plugins?
    * Why should W3C funnel resources in this issues?

    1. Jelle, thanks for participating in the discussion.

      I believe that most of the arguments you are making I have already addressed in my responses to other people. You characterize my responses as “sidestepping”. I guess there is not point in my repeating the response here; you would call that sidestepping as well.

      You close by asking some succinct questions which are new, and let me try to answer to the best of my knowledge.

      1. What people want DRM? To my understanding, the people that are most openly calling for DRM are content owners. You ask whether it is the creators of creative works. I am told that the compensation model for the creators and participants of creative works is that they require some means of content protection to be compensated. I’m quite certain that if there were a way to achieve the content protection without DRM, they would be quite happy without DRM. I’ve made amply clear in this post that so would we. I doubt that users want DRM per se, but millions of streaming users today seem willing to go along with it, if that’s what it takes to get content. That appears to be independent of W3C Standards.

      The practical benefit is to be able to get content in a standardized, interoperable fashion through a web browser.

      W3C is funneling resources to be able to accommodate all content in the open Web, rather than driving important content into proprietary apps. Our objective over time is to continue to make this content more open.

  131. Wow.. Great information you have provided.. Than x for this great information.. It took 2hrs time to read entire information.. Any ways Nice Article..!

  132. Hey, what’s up with the moderation here? It’s been days since new comments & one of mine is currently languishing in the queue.

  133. Jeff, thanks for clarifying your response. Just so we’re all clear, you’ve now admitted twice that proprietary CDM’s (and let’s face it, there will never be any other kind) are incompatible with W3C’s universal principle. And yet, you’re still pushing to standardize access to and use of them. Forgive me for being so blunt, but it’s bs to say it’s compatible with the universal principle to standardize access to and use of apps that violate the universal principle.

    You also said “I accept that many have the viewpoint, as I’ve said elsewhere, that the type of content protection sought by EME is viewed by some as opposed to the principles of the Open Web. I believe that there is a competing principle of getting all content accessible in the Web rather than proprietary apps and we are exploring how to balance those principles.”

    The type of content protection sought by EME is opposed to the open Web–you said so yourself that proprietary CDM’s violate the universal principle. Rejecting proprietary apps is part of upholding the universal principle. The way to get content on the open Web instead of through proprietary apps is to do everything possible technologically and socially to make proprietary apps as difficult, burdensome, expensive, and unpopular as possible to use and rely upon. If you want to get content on the open Web, you discourage the use of proprietary apps. Making proprietary garbage easier to use does not discourage it. Making it harder to use discourages it, and it’s intellectually dishonest to say that EME isn’t aimed at making it easier to use.

    To get content on the open Web, you give the content providers an alternative of open distribution or no distribution at all. The Internet is not their tool, it’s the world’s. We set the rules here, not them. They’ve cried that copying technology will be the death of content and threatened to stop production for the last century and a half. It’s petulant whining and bluffing this time just like it has been every other time, and if they don’t want to use the open Web, fine. We’ll all be happy without them.

  134. Also, I wanted to add another point to counter the continual references to the success of companies like Netflix as support for DRM. The reason Netflix is such a success is because it’s fast, convenient, and has a lot of content. The Pirate Bay is successful for the same reasons. DRM has nothing to do with Netflix’s success, at least not from the users’ perspective. If Netflix used HD mp4 video streams, it would be just as successful (assuming Hollywood didn’t idiotically sue it into bankruptcy).

    Most users will pay a few bucks a month to have access to a huge, high-quality, reliable library of content. You’ll still have users that insist on using tools to save the streams and keep them on their own drives, and people that prefer to download it from bittorrent, etc. But those people aren’t paying anyway. If it’s not available for free, they just go without. For the vast majority of users, paying a few bucks a month is less effort.

  135. If the goal of this proposal is to put money into the pockets of content owners, and protect Copyright holders, then it’s completely missing the point.

    Under current demands of RIAA and MPAA, popular video hosting websites like YouTube, Facebook, and Vimeo, may remove/block video or the audio part of videos that they believe violates Copyright. This is a major problem for pretty much anyone who wants to post a video of friends or family dancing to music protected by the RIAA, or people reacting to media protected by the MPAA. What harm, if any, comes to content owners/holders from this kind of presentation? And what about fair-use where an independent filmmaker or student wants to simply show others their work? What about fan-videos where people work hard to make their own versions of movie trailers or music videos? Clearly this kind of UNIQUE CREATIVE content should be encouraged, not discouraged by websites afraid of lawyers making totally spurious claims against them.

    And yet the system being proposed does absolutely nothing to address this problem, which only gets worse every year. Instead of wasting your time and energy trying to HELP create walled gardens (requiring people to download an unspecified maybe-free plugin IS a form of walled garden as mobile and Linux users wanting to get access to Flash content have discovered) why not try to address the FUNDAMENTAL issue. Which is this:

    There is currently no way to track the ownership/provenance of content on the web. Even though the web is perfectly designed for such a system as opposed to magnetic tape and copy machines, since web content can include meta tags, hyperlinks, etc. If Sony can use an algorithm to decide that their content is being violated on YouTube or Facebook, then they could use that same technology to TAG the artist. Users should also be able to manually tag artists, content owners, whatever. From there, compensation from a cut of ad sales, or micro-payment-based licensing fees, or any number of systems could be used to push a few dollars back to the companies that own the content. And why stop at movies and music? Such a system could also protect photographers, painters, and programmers.

    A system that says your only options are: violate copyright or remove content doesn’t help any person or company in the chain. The DMCA really screwed that up, but it doesn’t mean the W3C has to continue to screw it up.

    1. Patrick, thanks for participating in the discussion.

      I really like your idea of creating a TAGing system to help artists see where their creative works go. If you and some colleagues have some design ideas to achieve this, or a requirements specification, you might consider starting a new W3C Community Group to develop this idea.

      Community Groups can be started by anyone in the web community and have no fees associated with them.

  136. I’d like to thank Mr. Jaffe for maintaining a high level of poise and patience while giving obvious thought, time, and consideration to every response to the best of his ability – including apologies and ready admission of imperfectness in the face of overwhelming dissent for his endeavors. Let no one ever accuse him of lacking courage or tact.

    I’d also like to thank all the people who’s posts were not elided from this conversation for their time, concern, eloquence, and enlightenment of the technical, social, and moral issues surrounding this topic while also maintaining such high standards of behavior and respectful discourse. I now have a level of understanding that I would of thought unattainable that is solely due to your heartfelt endeavors.

    The comments in this thread and Mr. Jaffe’s responses are a shining example of how well humans can communicate and reason with respect and dignity even when at opposite ends of purposes and beliefs.

    That said, I found it taxing to wade through the comments of this post because the responses here are really about 2 different subjects, The “should we” and the “how do we”, and it’s really hard to find the “how do we” comments among all the “should we” comments. And even harder to switch gears when reasoning on one and encountering the other. Would it be possible to perhaps streamline things here by separating these comments by the 2 different topics?

    A possible solution would be to indicate that there is a division in beliefs about whether the W3C should pursue this or not, with a link to the comments from people in favor of doing so, and a link to those opposed. Perhaps something like Amazon’s review widget. (If you can prevent ballot stuffing on the survey part of it that data would be valuable.)

    I posit that it is in the interest of everybody against DRM (almost all of us if this comment section is any indication) to actually contribute ideas to circumvent the need for DRM as we know it today. People wanting to take this path who are looking for implementation issues and possible solutions could then get right to reading and thinking and contributing, instead of spending a couple of hours wading through “yea” and “nay” comments. Wading through them once might be acceptable, but even after making up my mind that I’m against I still must wade through them every time I return here to look for any possibly new comments about how to implement a mitigation of the needs for DRM as we know it.

    We should be sensitive to the fact that small contributions that may seem to only slightly mitigate an issue will have the potential to snowball into something more encompassing when reflected on by such a large audience. Those contributions will perhaps have a better chance of making it from the contributor’s mind to the community if the contributors and the commmnity aren’t already exhausted from wading through so many comments that are orthogonal to their purpose at that time.

    1. Ed, thanks for your supportive comments and for participating in the discussion.

      While the blog post was intended to explain W3C Perspectives on the issue, in fact the ongoing discussion about EME is ongoing in two different places, which approximates your request.

      The restricted-media Community Group has had ongoing discussions about the appropriateness of EME for W3C.

      The HTML Working Group continues to work on technical issues related to the EME spec.

  137. Although, I do understand the need for content protection it is NOT the W3C’s place nor responsibility to appease Hollywood – because let’s be honest. Hands are being polished here and Jeffrey Jaffe is abandoning the core principles of an open web and the most fundamental basic operational principles of the HTML standard.

    It is no secret that Hollywood has always opted to oppose technological innovation rather than to evolve and adapt to the revolution in digital media distribution. By accepting the money under the table and turning your back on the fundamentals as to why W3C and HTML exist in the first place you simply bring shame and disgrace to a foundation who until now has been widely respected.

    I hope the payout is worth it because your reputation is on the line. If the W3C dares use HTML5 to stifle technology then I believe the W3C has become obsolete and should be abandoned for the greater good. I do not throw the accusation that a bribe has been accepted behind closed doors because that has been and continues to be Hollywood’s main weapon for their war on innovation.

  138. You just don’t get it Jeff. The W3C shouldn’t even be holding this debate. You keep throwing in people’s faces that “others want to use the web for commercial use too” – welcome to 2013 where millions of companies already use the web for commercial use. If Hollywood is threatening to not use HTML5 then so what? W3C shouldn’t care – YouTube already started an HTML5 beta and I’m sure without Hollywood’s permission their content will find it’s way on HTML5 playback. The point is – HTML5 should not cater to Hollywood in any way, shape, and form.

    You also keep stating TV Interest groups are pushing it – but are ignoring that IT groups are opposing it. And in the realm of technology whose voice should be the loudest? Certainly, NOT Hollywood’s. If they want a proper solution it is their responsibility to create one or adapt their model using existing standards. It is NOT acceptable for the standard to cater to them.

    You basically encourage us to join the working group when we are shouting you down that there should be no working group even looking at implementing content protection within HTML5. We propose for a private system to protect private interests at the cost of those private groups. HTML5 compliments other languages which are more than capable of protecting the content delivery of HTML5 video.

    If you want a serious debate you need to take us seriously and not try to convince us to swallow the poison you’re selling. I understand you already sold out – but the rest of us are still holding out that W3C will see the light and abandon aligning itself with Hollywood’s interest.

    You’re losing sight of what’s important – and that’s why normally calm waters are now rough. Because so long as you stay true to the core principles of W3C you will find smooth sailing. But while you’re in the pocket of Big Media and trying to force us to accept that even participating in a Working Group is the right course of action – we will simply continue to remind you that there shouldn’t even be resources from the W3C devoted to this fool’s errand.

    1. Harim, thanks for participating in the discussion.

      I’ve addressed many of your points elsewhere, but just to clarify the facts on one point where you say “You also keep stating TV interest groups are pushing it – but are ignoring that IT groups are opposing it.” Actually many of the participants working on the EME spec, developing issues against it, etc., are from IT companies.

  139. I believe in an open and free Internet for all. If any media content provider feels that their content requires DRM, then they should not see the Internet as their channel for communication, or they should engineer their own technologies to protect their own content. The Internet is based upon the freedom of information and those that wish to control information should simply stay away from it, or use it in a limited fashion to specially target their own audience. To impose their own technological constraints upon the intrinsic features of the Internet systems languages is draconian and not within the spirit of the Internet. It’s enough to cause a Internet evangelist, such as myself, to simply give up on the fat cat corporations and form a completely new Internet. Everyone owns the Internet, not some special group of wealthy and influential entities.

  140. ” If any media content provider feels that their content requires DRM, then they should not see the Internet as their channel for communication”

    That is a fair point Paul and to me, they fast are not seeing the web as being a delivery channel.

    My main problem here is why should I as a consumer be forced to pay a 40% surcharge in order to view this content.
    The simple fact is that content has been forced to leave the web and pay the 30% inclusion fee for being in proprietary app stores. Of your $10 fee $3 now goes to Amazon, Apple, Google or Microsoft.

    As a consumer lack of DRM is fast killing the web for me. Only the low value stuff is left.
    And in the app stores we get only $7 value for our $10 spend!

  141. Hi,
    Changing the market to suite the vendors of content is not very free market.
    Development of the web should be driven by its customer wants and needs rather then the profit of its suppliers.
    If the content suppliers insist on their heavy handed pound of flesh and do not want to play under the current rules then are they neccessary as participants in the market place.

  142. You say “Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content.”

    Yeah right, just like owners of premium audio content have “deprived the Web of key content”. That’s what they originally tried to do, but now they have embraced the DRM-free model.

    Get a clue, learn something. Unless you are a shill for the content industry.

  143. The idea of the web is not to enable movie studios to make money, or to enable developers to lock down content for those that do not pay. The idea of the web is to enable free access for information to all. The fact that the standards-based web is competing well without DRM and putting pressure on the makers of un-free technologies like windows or flash, is a good thing. When the forces of openness are winning, why would our representatives surrender unconditionally? It would suggest the W3C is not really representing open access to information, but may be serving the needs of it’s member companies Adobe and Micrsoft that are seeking to protect their proprietary business models that are currently being overwhelmed by the open web. The open web killed flash and silverlight, now the makers of flash and silverlight have joined the W3C to kill the open web.

    If this proposal is standardized, I would be happy to support, or would personally investigate founding an alternative web consortium to replace the W3C, which would have clearly abdicated its responsibilities and abandoned its mission.

  144. These changes are proposing to change the web to suit the needs of content producers, not the needs of content consumers. The web belongs to everyone, not just the corporations. They need to adjust to the needs of content consumers, not the other way around. If they don’t want to play by the rules, then they don’t need to play. We should not be changing the web so corporations can fatten their wallets.

  145. I don’t understand how building in DRM is supposed to solve anything. In fact it sounds like it would create more problems than it even attempts to solve.

    DRM as a solution to “protecting” revenue for content distributors has never worked to keep said content under lock and key for particularly long, since as has been said before, piracy is fundamentally a social problem rather than a technological one. Where there is a will, there is a way – and people will always prefer content that is easy to access, cross platform, and that doesn’t treat them like an enemy. So until the companies involved either change their business practices or invent a mind control app, no amount of DRM built into anything will so much as dent the problem.

    And while this may get rid of plugins like Flash eventually, if custom CDMs become common place it will make even Flash look good by comparison. It seems unlikely that all, or even many, of the CDMs would be cross-platform (and totally secure). This would lead to the fracturing of the web into various browser/OS combinations – those that are able to view certain content and those that can’t – not because they actually can’t display the content, but because they aren’t compatible with the DRM that goes along with it.

    Allowing people to profit from their creations is good, but not at the expense of giving them the power to dictate what OS and browser we must use to be able to view it.

  146. I know I’m woefully late and probably will not be heard, but I’m going to join this discussion anyway.
    You guys seem to be very good at listening to big businesses and very bad at listening to the interests of the public. Nobody outside likes this EME nonsense. Most everyone I’ve heard from agrees that it will hurry along the balkanization of the Web, which is exactly what W3C is supposed to prevent. Let the streaming media people whine about HTML5 not supporting their particular DRM standard, and leave the Web standards open and free for the rest of us.
    Content publishers do NOT need DRM or anything like it to make money, and YOU don’t need to pervert a general-purpose specification to give them their DRM placebo. I’ll say again what I’ve pointed out to naive managers repeatedly, speaking of data piracy: if you can see it, you can copy it. If you can copy it, you can share it. DRM just makes sure that you can’t see it without a device that’s under the control of the vendor. That is so utterly distasteful to me that I’d rather do without the Web.
    Why would you bow to the demands of business when you supposedly serve the public interest in the Web? I’m absolutely dumbfounded by what I’m hearing out of you people. Can’t you see that you’re making concessions to businesses that willfully and needlessly oppose the open Web? If that working draft becomes official W3C standard, we’ll all regret it.

  147. Forgive me, I’m not completely familiar with the format of blog posts on the W3C site. I don’t know whether this is an opinion piece or official communication. Perhaps somebody else has written a blog post on W3C.org that is equally anti-DRM that I have not found yet.

    This blog post, however, is a pro-DRM opinion piece. So, I’m hoping this isn’t an official W3C position piece.

    In the article, the author does a bunch of hand waving up front about how the web standards development is a “consensus process” and that they “welcome and value input from all parties.” The author says that the DRM standards are only a draft and that they will “seek comment [and] respond to issues.”

    However, then the author goes on for several paragraphs making the pro-DRM case. This doesn’t seem like the committee is open and objective. It seems very much like the committee has taken a side, and is just making empty conciliatory gestures to the anti-DRM side.

    Consider this excerpt from the blog post:

    “Without content protection, owners of premium video content – driven by both their economic goals and their responsibilities to others – will simply deprive the Open Web of key content.”

    The author cannot know this outcome. And moreover, premium video content is already available widely on the web directly from content creators and distributors.

    Consider also this excerpt:

    “…while the actual DRM schemes are clearly not open, the Open Web must accommodate them as best possible…”

    Why must the Open Web accommodate them? If it must do something, where does this leave any room for input, comments, or consensus. What if the consensus is that no DRM is best for the Open Web?

    How does the W3C define consensus? Whose voices must reach consensus? Must a media company always get concessions, even if 9 out of 10 voices disagree? How is that consensus?

    1. You nailed it, all “the working group” cares here is to please the big corporations and solving their problem. Jeff will go on and ask “so what solution do you have to their problem”, well even you guys don’t have a solution that doesn’t harm the users.

      Either implement a proper solution, or don’t. A broken one, is just a broken one. I never thought you guys can sell off W3C for money, thats a shame.

  148. This only will lead that Open Source will be killed in the long term proces…

    Why can that greedy movement not take away the fingers from stuff which should NOT be limited by DRM?

    There is free and legal stuff and it is NOT a good move to restrict that also on longer terms. Why destroying at the process to bring copyright protection for copyright consisting movies and music into HTML5 also all stuff which is free and legal?

    Is it really worthy doing that? Seriously! Biggest insanity i have read in the last few years! Stop that.

    1. This will lead to the death of Open Source Browsers, Online Radio wich only streams non Commercial Music which is FREE to share… It will restrict legal innovation.. and You know that…

      And you still believe putting that Open Source unfriendly stuff is STILL worth the effort? Do you really care so less about an open Web?

      I expected you guys acting in a more user friendly way!

  149. Including DRM in Web *Standards* will have huge negative consequences for humanity:

    Knowledge and free information will be controlled, and it will mean the end of the open web as we know and love it.

    It’s also a big issue for Open Source projects on browser side and on server side.

    Please kindly reconsider this decision.
    Many Thanks in avance.

Comments are closed.