Use case review: DRM

[rdeltour]

• 12. DRM

Contains two use cases. Are DRM in scope?

[iherman]

On 29 Jan 2016, at 23:31, Romain Deltour notifications@github.com wrote:

1. DRM https://www.w3.org/dpub/IG/wiki/UseCase_Directory#DRM
   Contains two use cases. Are DRM in scope?

See [my comment](#12 (comment) <#12 (comment)) for #12

[lrosenthol]

We need to ensure that the design of PWP allows the use of DRM for those users that require it. But no specific implementation details.

[rdeltour]

We need to ensure that the design of PWP allows the use of DRM for those users that require it.

OK, but isn't it too vague to make a useful use case + requirement? Do we need to distinguish a (/several) type(s) of DRM?

[lrosenthol]

@rdeltour No, I don't think so. But we can certainly try the thought experiment of seeing if for one (or more) types the concepts could be applied to the generic concept of PWP

[baldurbjarnason]

I, for one, am strongly opposed for even allowing for third party implementation/use of DRM for those users that require it. (Obviously not speaking for Rebus since I haven't started there yet.)

[TzviyaSiegman]

We are not soliciting opinions about DRM. Obviously, the use case exists. This is a repo for gathering use cases not offering opinions about validity. There will be plenty of time for that later.

[baldurbjarnason]

Okay. This will be a hugely problematic issue, though.

[iherman]

@TzviyaSiegman said:

We are not soliciting opinions about DRM. Obviously, the use case exists. This is a repo for gathering use cases not offering opinions about validity. There will be plenty of time for that later.

+1 to that. At this moment, we are collecting use cases, that does not mean that a possible Working Group would ever work at that within W3C. We can very well regard it out of scope; the only aspect we may consider as 'in scope' is to define everything else so that it would not become impossible to do any type of content protection. (B.t.w., early on we declared DRM to be out of scope for the DPUB IG, for example)

(For me, the term DRM is actually underspecified. Obviously, Adobe or Sony offers a DRM system and Apple has its own. But... is watermarking DRM? More controversially, is the Readium LCP a DRM system? I am not sure...)

And it is a hugely problematic issue, not only "will be":-)

[baldurbjarnason]

Not to prolong the discussion unduly, just a short observation on what @iherman said:

DRM very much has a hard, concrete specification in anti-circumvention legislation. So that means that watermarking on its own is very much not DRM in a legal sense (circumvention is legal) while Readium LCP is (circumvention is illegal). One of the published design requirements of Readium LCP was specifically to be the minimum implementation required to trigger anti-circumvention clauses so that publishers and related vendors could use criminal liability to chase down those who break it.

[HadrienGardeur]

Aside purely from the use case, I think we should absolutely avoid a mistake that EPUB did back in the early days:

• a "packaged" PWP protected by a DRM should not have the same file extension and media type
• if any DRM is applied to a resource, it should be extremely easy to identify which DRM scheme (in EPUB it's mostly guesswork)

I'm personally opposed to any "traditional" DRM for online use cases (which should rely on authentication instead) and it might be worth making a distinction between online/offline in use cases.