Re: Encrypted Media proposal (was RE: ISSUE-179: av_param - Chairs Solicit Alternate Proposals or Counter-Proposals) from Lachlan Hunt on 2012-03-07 (public-html@w3.org from March 2012)

From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
Date: Wed, 07 Mar 2012 14:34:40 +0100
To: Mark Watson <watsonm@netflix.com>
CC: public-html <public-html@w3.org>
Message-ID: <4F5763F0.4060906@lachy.id.au>
On 2012-03-07 02:25, Mark Watson wrote:
> This is to say that we should work on finding an FOSS-compatible CDM.
> Fine. But that is going to take a while.

Doesn't matter how long it takes, so long as all parties are willing to 
work towards a common goal.  It seems browser vendors are willing to 
give some ground on introducing restrictive, user-hostile features, but 
we want to avoid the risks of unnecessarily exposing users to 3rd party 
plugins, and creating a de facto dependency on 3rd parties, if a openly 
implementable solution can be found instead.

At the very least, we want to avoid a system where, for example, 
Microsoft's PlayReady CDM is required for Netflix; Google Widevine is 
required for YouTube, Apple's FairPlay is required for some future 
hypothetical iCloud/iTunes movie streaming service;  Adobe's CDM 
required for Vimeo, etc. and having no interoperability between them.

Yet, there's still been no clear statement of requirements for an 
acceptable CDM.  No clear statement about which "attack" vectors must be 
mitigated against, which ones are desirable but not essential to 
mitigate, and which ones we can just give up on from the start.

Since we both know very well that DRM is not really about stopping 
piracy, it shouldn't matter in the least whether some hacker somewhere 
can either reverse engineer a proprietary CDM and fish the encryption 
keys out of memory; or just take the source code from an open source 
implementation and compile their own system that does it directly.  The 
end result is the same.  It already happens with iTunes purchases, for 
example - just find any unauthorised TV show or film download tagged 
with "WEB-DL" in the file name.

So let's determine what the realistic requirements are for implementing 
a CDM that is acceptable to the content providers, compromising where 
necessary to meet the already stated requirements of browser 
implementers, and find a solution that works for everyone.

> Lachlan Hunt wrote:
>> Mark Watson wrote:
>>> Anyone who truly believes your assertion has a fantastic business
>>> opportunity before them. With the money that you save on technology you
>>> can buy more and better content. You could safely and at no cost offer
>>> to fully indemnify the content owners for any loss of revenue from
>>> unauthorized use of content from your service.
>>
>> There is no reliable way to calculate the amount of lost revenue,
>> and  the excessively inflated and highly questionable figures thrown about by
>> the content industry lobbyists in support of whatever draconian
>> copyright enforcement legislation or secret trade agreements they're
>> trying to push through at any given moment around the world should
>> clearly illustrate this.
>>
>> Besides, I didn't say, nor even imply, that record profits would
>> be  made and be able to cover such indemnity.
>
> Why would you need record profits to cover this indemnity if you
> believe, as you say below, that DRM-free content won't result in any
> significant losses ?

The content owners are known to use flawed and biased studies, and in 
some cases to simply make up figures to promote their agenda.  While 
it's highly unlikely that simply going DRM free will have a significant 
impact on unauthorised sharing overall, that doesn't mean the content 
won't show up on various file sharing services.

The content owners are likely to use the absurd notion that 1 illegal 
download = 1 lost sale, as they have done for years, while completely 
ignoring any positive impact the service had.  (They do this all the 
time while shouting about lost revenue from "theft", and completely 
ignoring the fact that the industry as a whole has seen substantial 
growth year after year.)

That is, despite the fact that some hypothetical service might bring 
millions of legitimate customers, they will still likely point to a few 
thousand downloads of a specific file identified as being sourced from 
said service, and claim compensation for each counted download under the 
terms of some hypothetical indemnity clause, even though such people 
would have simply downloaded copy from some other source, had that 
particular one not been available.

> RedBox eventually caved into Warner's demands, agreeing to a
> ridiculous 28 day release window, and there's now a push for
> extending that to 56.
>
> How do you know it is ridiculous or stupid when you have no idea
> what  they got in return ?

It doesn't matter what RedBox got in return.  It's ridiculous because 
imposing additional restrictions and taking away the ability of 
consumers to obtain content legitimately only serves to drive consumers 
to obtain content from illegitimate sources, and there is plenty of 
evidence of this, including a recent study [1] showing how delays 
encourage piracy.

[1] http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1986299

-- 
Lachlan Hunt - Opera Software
http://lachy.id.au/
http://www.opera.com/
Received on Wednesday, 7 March 2012 13:35:09 UTC