From : Paula Simoes < : Paula Simoes < paulasimoes@gmail.com



Message-ID : <CAA3W1AifaoUmy-FWvB9EYXCtRxKt2QsO8y29Uj4NPhfU28kEdg@mail.gmail.com>

To : public-security-disclosure@w3.org

Cc : amy@w3.org



Dear all, I was discussing the EME & DRM issue on Twitter and was given this email address to send you our concerns about the approval of the EME development regarding end-users, where we include teachers, students, academic researchers and citizens. Points of Clarification 1. We understand that EME is not DRM; 2. We know we already have DRM on the browsers for some years; 3. We also understand that is difficult for companies to implement platforms that use DRMed content; 4. We understand that EME will make it easier for companies to use DRMed content; 5. We know DRM is a legal problem, but that's not our issue with W3C decision; 6. We know W3C cannot make or change the law. Please don't take offense, but actually this is a good thing. Laws should only be made/changed by those who were elected by the citizens. W3C members were not elected by the citizens, they only represent themselves and/or those that chose to be affiliated. I’m assuming we all know copyright is a negative and an exclusive right and, because of that, lawmakers also created exceptions to copyright in order to ensure citizens’ fundamental rights to privacy, education, freedom of expression, information, culture, etc. [1]. DRM prevents citizens from doing these copyright exceptions. Because of the way the law was designed, every time a company uses DRM in a content, they are preventing users to exercise their fundamental rights (privacy, education, freedom of expression, information, culture, etc.). So, when W3C is making it easier to companies to use DRMed content on the web, W3C is helping these companies to prevent citizens from exercising their fundamental rights. Also, people don’t use the best, they use the easiest. Now DRMed content on the web is contained. The minute you make it easier, DRMed content will be spreading all over the Web. In a text published by W3C[2], W3C talks about DMCA and EU Copyright Directive, saying "they include provisions to prevent circumvention of DRM, with selected exemptions.” I don’t know one single European country where these exemptions work. I can describe what is happening in Portugal. Imagine I want to use three or four minutes of a movie (to which I have legal access to) to introduce a subject to my students. So, I want to insert this movie excerpt in our Learning Management System and I want to instruct my students to watch it and then to answer the questions I put on the forum, where I’ll be moderating the discussion. Does the law allow me to do this? The law allows me to make this educational use, but there’s no way I can make this educational use without breaking the movie’s DRM, and the law does not allow me to break DRM in any circumstance. The law tries to solve this by tell me that instead of breaking the DRM, I need to go to IGAC (a Portuguese public entity) and ask them for "the means of benefiting from that exception or limitation”, in this case, the means of benefiting from the educational exception. So I go to IGAC and ask them for these “means”. They tell me they don’t have any because rightholders didn’t deposit these "means” there. Recently, rightholders representatives went to the Portuguese National Parliament and explained to the Parliament they don’t deposit those “means” in IGAC because the companies that are putting DRM on rightholders’ content don’t give rightholders those “means”. They also told the Parliament there’s no way rightholders (or even the Parliament) can force those companies to comply with this kind of request. Well, some of those companies are W3C members. So, I’m forced to conclude that when W3C mentions exemptions, W3C must know they don’t work, W3C must know they don’t really exist because the only way these exemptions can work is if the said W3C members make them work and they are not doing it. I’ve been following DRM policy for some years, and still don’t know of any European country where these exemptions are really working, so if you know about an European country where these “exemptions” you talk about are working and how are they working, I would be really, really grateful if you could point them out to me. As I said before, the problem with DRM is legal and we’re trying to solve it at policy level. We're talking with politicians, they are starting to realise the law was ill-designed and some of them are starting to change the law. Last year, a law proposal to solve the problem entered the Portuguese Parliament, it’s still under discussion, we don’t know if it’s going to be approved. W3C’s director, Sir Tim Berners-Lee, said "No one likes DRM as a user, wherever it crops up”[3]. This is true, but it is not the problem here. The problem here is that DRM prevents users from exercising their fundamental rights. If the law allowed users to break DRM of the content they have legal access to, for the purpose of exercising their fundamental rights, meaning, for users to do what the law says they can do, and only what the law says they can do, for instance in copyright exceptions, we wouldn’t be opposing EME. We still wouldn’t like DRM, EME would still be helping companies to spread DRMed content on the Web, but we wouldn’t feel betrayed by W3C’s decision, nor this decision would be a bad decision, because users’ fundamental rights were guaranteed. Sadly, this is not the case, so the W3C’s decision of pushing EME forward is taken in a context that means W3C will be helping companies to stop citizens from exercising their fundamental rights to education, privacy, freedom of expression and all the other rights copyright exceptions try to guarantee[1]. This is not putting users first. We're not talking about things users like to do, but things users need to do. If you go through the exceptions in article 5 of the EU Copyright Directive[1] you’ll see that without those exceptions we can’t learn, we can’t teach, we can’t criticise, we can’t review or express ourselves, we can’t do scientific research, we can’t inform nor be informed, and libraries, museums, schools and archives can't do their jobs. We’re constantly using these exceptions. Even in a simple act of communication, like this email. Until now, in this email, I’ve used a copyright exception twice. There’s another pernicious consequence of flooding the web with DRMed content: citizens get used to it, thinking they have none of these rights, up to a point where they stop asking for them. The conflict we have here is between user’s fundamental rights on one side and companies wanting to use DRMed content on the other. For me it’s an easy decision, I can’t think of another right more important than the right to freedom of expression, or to education, or to privacy or any other right listed in the copyright exceptions. Also, without these exceptions we wouldn’t have creativity and innovation. But I’m in good faith here, maybe there’s a more important right related with DRM. So, at this point we need to ask: why these companies and rightholders want to use DRM? The first argument, the one that convinced politicians to give legal protection to DRM, was "DRM is commonly used to ensure that products (videos and other media) are not stolen or copied”[4]. I must confess I was really disappointed seeing W3C publishing this sentence. W3C is not citing rightholders, it is saying this and it is even using rightholders propaganda vocabulary. “Stolen” is not a rigorous term, because it is not really the case[5]. Also, W3C says “stolen or copied” as it was the same thing, as both were wrong to do. I worry about this demonisation of copying because we start learning by copying (children learn how to write by copying, first characters, then words, sentences and finally whole texts; the most creative professions start with copying; I grew up in an University City and every September/October we would see 1st year students of architecture sitting on the streets drawing buildings and streets, actually copying what they saw, the same with artists). Even the Web only works with copies, you don’t go to a website, your browser makes a temporary copy of it in what is called “cache”. We actually have a copyright exception for this (See EU Copyright Directive article 5, point 1). There are very few situations where a copy is illegal, usually what is illegal is what you do with the copy (you can’t share it, or lend it to your friends, or sell it), not the copying act on itself. Also, all European countries have a copyright exception for private copying. And it’s not gratis: every time a European citizen buys a computer, a smartphone, a USB disk, a printer or any other kind of electronic device, he pays more than the price and the difference goes to the rightholders as a “compensation” for a “possible harm” done by private copying that actually no one ever proved it exists. In a small country like Portugal, rightholders are getting up to 15M€ per year only on these levies. Of course, there’s no way you can make a private copy without breaking DRM: once more DRM stopping citizens from exercising their rights. But we still pay. Back to the argument. Does DRM ensure that products are not pirated? No. If this was true, we wouldn’t have DRMed content being shared online without authorisation. Until 2008, CDs and digital audio had DRM. Didn’t we have music piracy? Didn’t Napster and Pirate Bay exist? Yes, we did, and yes, they did. We still have DVD, Cable TV and Netflix using DRM. Don’t we have video piracy? Yes, we do. One can’t have it both ways. Either one defends DRM ensures products are not pirated and one has to acknowledge there’s no piracy or piracy is minimal; or one recognises there’s piracy and can’t defend DRM stops it. And how are rigthholders dealing with piracy? They’re taking down and blocking content and websites. Are they being successful? More than successful: they’re taking down and blocking content and websites they have the right to take down and block. But they're also taking down and blocking content they have no right to take down or block. Now, we have to ask: is DRM helping rightholders taking down content? No. Even if there was no DRM, rightholders would still be taking down and blocking content and websites. So, W3C is trading user’s fundamental rights for something that doesn’t even work nor helps fighting piracy. Look what happened with the music industry: DRM was so messy, worked so bad, with Sony Rootkit, with CDs not playing in certain players, that the music industry was forced to abandon DRM. But W3C could solve this in a very simple way, telling those who want to push forward EME that right now DRM stops users from exercising their fundamental rights; so W3C would put EME on hold until users’ fundamental rights are guaranteed. That way, W3C could say it’s not its responsibility. But this is not all. Besides helping companies stop users from exercising their fundamental rights, W3C is also weakening those that are trying to convince politicians to guarantee citizens' fundamental rights. What will happen is that politicians will know that this organisation, called W3C, that is supposed to maintain and take care of the Web, is making it easier for DRMed content to spread on the Web. They will not know that’s called EME, they will not know how it works, but they will know that the goal is to make it easier for DRMed content to spread on the web. And what they will think is that if this organisation, that supposedly takes care of the Web, is doing this, then DRM cannot be so bad and they’ll not change the law. Of course, W3C can do whatever it wants to do. But, like rightholders, W3C can’t have it both ways: you can’t make it easier for DRM to flood the Web and at the same time expect users not feel this as a betrayal, or that users will not realise that it is not “users first" anymore. If you managed to get to this line, thank you so much for reading me. Also, thank you for your work on the Web. It was a great journey. My best regards, Paula Simoes [1] You can see all these exceptions in the article 5 of the European Directive (check points 2 and 3) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001L0029:EN:HTML [2] Information about W3C and Encrypted Media Extensions (EME) March 2016 https://www.w3.org/2016/03/EME-factsheet.html#is-w3c-keeping-drm-alive [3] Sir Tim Berners-Lee Text https://www.w3.org/blog/2013/10/on-encrypted-video-and-the-open-web/ [4] W3C text https://www.w3.org/2016/03/EME-factsheet.html#drms [5] Kal Raustiala and Chris Sprigman “Copying Is Not Theft" http://freakonomics.com/2012/04/02/copying-is-not-theft/ — paula simoes Portuguese Association for Free Education http://ensinolivre.pt http://about.me/paulasimoes