Reply All covers DRM and the W3C

In the latest episode of Reply All, a fantastic tech podcast, the hosts and producers discuss the situation with DRM, the future of the web, and the W3C -- a piece I've been working on them with for a year now.

The issue is a complicated and eye-glazingly technical one, and they do a genuinely excellent job presenting the story. Inevitably, there's some nuance lost in the translation, and so here's a bit more, for people who are interested.

The story talks about DRM as an anti-piracy technology. I think that's just wrong, though DRM advocates walk a confusing line on this question. They freely admit that DRM can be broken by skilled attackers, and that dishonest people can just access versions of movies or songs or whatever that the DRM-breakers have stripped the DRM off of (the Reply All host starts off by describing how he hits all kinds of problems with DRM on movies he pays for, leading him to download easy-to-find cracked versions).

So if DRM isn't anti-piracy, what is it? DRM isn't really a technology at all, it's a law. Specifically, it's section 1201 of the US DMCA (and its international equivalents). Under this law, breaking DRM is a crime with serious consequences (5 years in prison and a $500,000 fine for a first offense), even if you're doing something that would otherwise be legal. This lets companies treat their commercial strategies as legal obligations: Netflix doesn't have the legal right to stop you from recording a show to watch later, but they can add DRM that makes it impossible to do so without falling afoul of DMCA.

This is the key: DRM makes it possible for companies to ban all unauthorized conduct, even when we're talking about using your own property in legal ways. This intrudes on your life in three ways:

1. It lets companies sue and threaten security researchers who find defects in products

2. It lets companies sue and threaten accessibility workers who adapt technology for use by disabled people

3. It lets companies sue and threaten competitors who want to let you do more with your property -- get it repaired by independent technicians, buy third-party parts and consumables, or use it in ways that the manufacturer just doesn't like.

How do we know that companies only want DRM because they want to abuse this law, and not because they want to fight piracy? Because they told us so. At the W3C, we proposed a compromise: companies who participate at W3C would be allowed to use it to make DRM, but would have to promise not to invoke the DMCA in these ways that have nothing to do with piracy. So far, nearly 50 W3C members -- everyone from Ethereum to Brave to the Royal National Institute for Bind People to Lawrence Berkeley National Labs -- have endorsed this, and all the DRM-supporting members have rejected it.

In effect, these members are saying, "We understand that DRM isn't very useful for stopping piracy, but that law that lets us sue people who aren't breaking copyright law? Don't take that away!"

The Director of the W3C, web inventor Tim Berners-Lee, wrote recently about why he supports DRM standardization, an odd step that it hard to understand, really: the leaders of the DRM standardization committee at the W3C have asked Berners-Lee to consult with his members to ask whether they want to see this DRM standard published. Instead, he appears to be telling us what decision he plans on coming to, regardless of how that consultation goes.

#90 Matt Lieber Goes To Dinner [Reply All/Gimlet]

Notable Replies

  1. Excited to hear them tackle the topic but they butchered it pretty bad. Surprising because they are typically very good and explaining complex topics. Not sure what the problem on this one was.


    • they did a poor job of explaining the role of the W3C in the internet standards process.
    • they mischaracterized silverlight and by association flash as just video players. That is by far the largest use but mainly due to the lack of browser support for DRM. The are just extension mechanisms that allow publishers to do things they can't do in the browser.
    • they conflated the DMCA and general copyright. Copyrights in general aren't the problem. The DMCA is.
    • I am not a fan of DRM at all but ultimately it is the only thing that has allowed things like Spotify, Netflix, etc. I like those things. I don't however like a closed source ecosystem with proprietary protocols. If implemented it needs to be implemented in an open source fashion that still protects the content. Most web traffic is secured with SSL/TLS of which there are interoperable open source implementations. How is DRM different?

Continue the discussion

2 more replies