Why Tim Berners-Lee is wrong about DRM in HTML5


12 Responses to “Why Tim Berners-Lee is wrong about DRM in HTML5”

  1. DavidCulberson says:

    If I had a column, I would write one titled “Why Cory Doctorow is right about DRM in HTML5 – and DRM in general.”

  2. Promethean Sky says:

    And now the real question is; which way is the wind blowing at W3C? Is this really a threat, or is it the pony on the media industry Christmas list?

  3. “the urinary tract infection business model”?  awesomely nasty turn of phrase.

    This isn’t really my field of expertise, but I’d like to know more about why (or IF) the W3C’s encrypted media extension would be considered kosher as a DRM solution for publishers.

    It’s being used to allow samsung chromebooks to play netflix movies (and really THAT is the use case gold standard for DRM, isn’t it?).

    • dragonfrog says:

      “Implementation of Digital Rights Management is not required for compliance with this specification: only the simple clear key system is required to be implemented as a common baseline.”

      So, no, it wouldn’t be enough.  It just requires that clients be able to receive encrypted content, receive a key, and use the latter to decrypt the former.  It places no restrictions on what can be done with the decrypted content.

      That could have some nice benefits – for instance, a vendor could store large volumes of encrypted data with an inexpensive cloud storage provider, and keep and control the keys on a more secure, and hence more expensive, platform.  The keys could even be controlled entirely by clients, so the clients can save money on storage and backup infrastructure, and still be sure that the encryption & decryption keys never left their control, or left their legal jurisdiction, etc.

      DRM would require that the clients accept a set of restrictions along with the key, indicating what actions the client must refuse to take on behalf of the user.  And, the client must not be modifiable by the user so as to cause it to ignore the restrictions  (i.e. it must not be open source).

  4. jennybean42 says:

    Tim Berners-Lee didn’t make me nearly as angry as when I heard the David Lowrey with Brooke Gladstone  on “On the Media” this weekend. He basically said the only reason people gave money to Amanda Palmer is because she showed them her tits . :-(

    • EvilSpirit says:

      And this person purports to know something about the media? One can peek at an unlimited variety of tits for free these days.

  5. jmreagle says:

    I think Berner-Lee’s position is not that he loves DRM, but if it’s going to exist, better it be an open royalty-free standard. Cory seems confident that any non-W3C proprietary standard would fail anyway, so there’s no need to dance with the devils; but maybe Tim knows something we don’t? (Also, yes, flash is failing, but many suffered in the ten year death rattle.) Hence, this is a question of pragmatics, how does one calculate the likelihood of various alternatives and their merits/demerits?

    • proginoskes says:

      I don’t understand your comment. How do you make an “open royalty-free standard” for DRM? Did you read the article?

  6. spacedmonkey says:

    A coworker of mine recently finished refurbishing an old xray diffraction machine.  Shortly after he got it working, the dongle for the interlock control software crapped out, and, as the company that made it is long defunct, there was no way to get a new one.  My first thought was “no problem, I can whip up an interlock in an afternoon.” until he pointed out that if my interlock failed, it could kill someone.  Fortunately, we were able to find someone who managed to crack the software to work without a dongle.   This made me think, though, that for academic institutions, there should be a universal clause in the spec in a call for bids stipulating that the control software for lab equipment must not have any copy protection whatsoever.

    • Andrew Murdoch says:

      I find it utterly unacceptable that DRM technologies and products can be legally sold without having a “system obsolete, deactivate DRM” key.  Then the key would be published when the original manufacturer drops or ceases to support the product.

      While you might argue that DRM should never exist, this seems like a minimal modern “fair use” requirement.

      • Mike Harris says:

        I really think that’s quite a brilliant idea.  I have no idea how to get it publicized or picked up, but it’d be wonderful to see your idea implemented.

  7. gerbalblaste says:

    So the proposed DRM effectively let’s a website lockdown your browser using the DRM tools, right?

    What happens when a malicious website uses this DRM to obscure malicious code, or simply forces a pop-over video ad you can’t close or block?

    I’m sure there are untold numbers of ways malicious sites coul exploit even the best designed HTML DRM. Flash’s only advantage is that it’s containerized, while html5 and javascript are much less controlable.

Leave a Reply