DRM/Copyright and our position in the Vision

[wareid]

I noticed in the vision there is no mention of W3C's position on DRM/Copyright, and it seems like a bug as it's an area we've generally had a principled stance on.

I won't even attempt a wording of what that principle might entail, but I believe we're on the side of protecting the moral right of authors/content creators, but not at the expense of usability/accessibility/interoperability through DRM. I'll note this is a topic that is of particular concern to the Publishing activity as we try to tackle issues of EPUB distribution in the marketplace.

[chrisn]

Some resources from which we can extract underlying principles, in the context of the decisions made around EME:

• Tim's blog post On EME in HTML5

• The disposition of comments on the decision to publish EME as W3C Recommendation

• Coralie's blog post in response to concerns post-publication

[frivoal]

I think this is an especially interesting case. The way I read it, there was some commonly shared feeling (though certainly not universally shared) that DRM in general goes against the grain of the Web, but that it can be handled in more and less Web-like ways, and that working on the topic at W3C provided an opportunity to make something that was more compatible with our values than what it would likely be if done elsewhere.

Not sure whether than can or should be generalized, but it's certainly one of the more challenging value based decisions W3C had ever had to make. This is worth spending some time thinking through.

[wareid]

I definitely think focusing on the things we collectively agree on over making broad pronouncements is better in this regard. We agree on protecting the rights of content creators and copyright. We do not believe in protection methods that create undue hardship for end users. There's a lot of latitude between these two positions.

[darobin]

As a thought exercise (without claiming that the below is right) I think that we should start from the idea that the constituencies affected by a system should have a voice in how it works. So what would that look like? (Of course, having some random dude state other people's need is wrong — this is fictitious.) DRM touches a lot of different groups.

• Creators/publishers must have property rights:
  • With respect to people, that limit access to those who have paid or somehow legitimately acquired a copy of their work.
  • With respect to infrastructure providers (who support the enforcement mechanism), that they only intervene within parameters defined at the moment of purchase and that they cannot make property right decisions of their own or make use of information gathered in the process. (This is to prevent your infrastructure competing against you, à la CPNI.)
• People must have property rights too.
  • With respect to creators/publishers. Buy means buy, it doesn't mean indefinitely rented. It means you can then gift it to someone else, or resell it second-hand. (In digital, we could however envision royalties on resells.)
  • With respect to infrastructure providers, that if the enforcement mechanism requires authority over something that the user owns (eg. a DRM chip on their device) then that authority be very strictly limited, with those limitations governed and enforced.
• Implementers have a right to access the infrastructure. (This is specifically the EME motivation.) This right must take the implementer's business model into account (ie. you can't expect a free and open source product to pay for access).
• People have a right to accessibility which property rights must not interfere with.
• Implementers have fiduciary duties to their users. A user agent, accessing books, music, video, etc. must act in the user's interest. This includes not sharing any information with either the infrastructure or the creator/publisher about what content is being accessed, who owns it, to whom it may be bequeathed or resold. To the extent that some aggregate statistics are deemed useful (eg. for royalties), these are strictly limited and governed.
• Infrastructure providers have interoperability obligations so that they cannot lock anyone in.
• Archivists have a right to maintain content in a form that is guaranteed (to the best that we can manage) to be retrievable by future generations. This right probably has some exceptions but they will be hard to reach consensus on.

This is just a sketch and I'm sure that I've forgotten some stuff. Obviously, this isn't vision material. But some could translate into vision material?

One thing is that people who are affected by a system must have voice in shaping it. Note that voice doesn't mean that they are listened to but someone else decides. You can take all the super smart, super well-meaning people that you want, if they act without checks and balances they are guaranteed to do more harm than good over time. It's the only way to get the kind of viewpoint diversity you need to solve social problems, which have a tendency to be wicked hard. This is difficult! It essentially means that we have to build technology as deliberate institutions or institutional components. (Networked technology always creates institutions, the point is to understand if that can be done on purpose and where the technical and non-technical connect.)

There is no set of principles that will make something good in a manner that isn't hegemonic. Only mechanisms to distribute power can approximate that.

This also shows that you couldn't design a DRM system that didn't intrinsically have to make at least some of these decisions at the technology level. The entity in charge of the standards for the above is de facto a transnational commons regulator (to shamelessly paraphrase @mnot). But it also couldn't possibly succeed in that work without clear polycentric overlap and connection with a bunch of other regulating entities. That's not something that's captured in the current doc, it's pretty insular in a sense. What is our vision in terms of how we fit into the transnational universe of entities tasked with stewardship of the world?

Anyway, to cite the always-wise @TzviyaSiegman: "I am stepping away from my computer now until Monday. Have fun."

[mgendler]

Ignoring for a moment @darobin's line of thinking (which I mostly agree with as a framing for how to approach this sort of problem), from my perspective, the DRM question is one that has reached relatively significant consensus in the W3C, and I'm not sure it belongs in the vision since its inclusion could lead us down a slope of putting too many specific notes in the vision of questions that may affect some of our lines of work but not others.

I'll point out that I'm happy to hear any reasons why my perspective is wrong, but just thought it may be worth vocalizing.

[mnot]

That decision was very contentious, and based upon a Director's determination. It's not something I'd be comfortable calling 'consensus.'

[darobin]

I think that there are several different things here:

• DRM does indeed not have consensus in W3C, in fact in the same time frame that EME was being floated the Epub side of the house rejected it.
• However I agree with @mgendler that I wouldn't want to see a DRM principle in the vision. That's why I parsed out the DRM issue into component aspects: those would need to be supported by some governing documents at some level (not necessarily the vision, but probably at least HR).
• I know it's not the issue that @wareid opened so maybe I should go highjack it elsewhere, but I do think that there's a good smoke test in the question "how would we have resolved the DRM issue using governing documents instead of Tim" and "are we satisfied that it's at least as good and ideally better".

[mnot]

+1 to the smoke test there -- very good idea.

[mgendler]

Thanks for the correction @mnot, I retract my opinion.

Will add a +1 to the smoke test, I think it could apply well to some of the other open issues we've been discussing.

[igarashi50]

-1 to the smoke test.

[cwilso]

Agreed in Vision TF to defer to future/Ethical Web Principles.

[igarashi50]

DRM is a technology to protect copyrights. We do not need to mentioned abou DRM.
It would be better for us to mention about human rights just not about copyright that is one of human rights.

[chaals]

Yeah, this issue is hard, and I agree with @igarashi50 that it isn't obvious we should specifically mention copyright in the vision - it feels a bit narrow. I presume we don't want the vision to be an exhaustive list of individual decisions we should make, but to be guidance that will help us make good ones.

That said, I think the smoke test is valuable, and using it on DRM among other questions is a useful thought experiment. So I'll raise a different issue around it