Content Protection Challenge

Mark Watson (Netflix)

Monday breakout group

Aim: Make it technically difficult to copy video (content) that is made available on the Web.

Need:

  • To make that work we need to provide encrypted media and secure distribution of keys
  • You don't want to standardize the key and encryption algorithm

What API would be good to have in HTML?

  • e.g. everyone does the same encryption algo, the key distribution is not standardized
  • crypto API would be good
  • API to provide keys for crypto algorithms
  • just expose platform capabilities in the browser, e.g. OpenMAX

Current browsers do all the video decoding in software How do you find out what crypto algos a platform supports?

Netflix has an API that they require all their DRM providers to expose to them
Mark walks us through it:

  • authorize users at service level
  • suggestion to introduce a key exchange that hands over the protected messages
  • possible video extensions:
    • events that appear on video element:
      • protectionScheme
      • keyRequest
      • keyRelease
      • keyResponse
  • should work with anything, including widevine
  • media framework needs to include protection scheme, or the platform needs to provide the functionality (through HW or proprietary installed sw piece)

Problem:

  • DRM APIs are not standardized -> do that first

Question:

  • Is this a fundamental issue that is not possible to solve in a browser, not desirable to solve in a browser, or just a big challenge to try and solve?

Criticism:

  • please consider 'Freedom of Speech' & 'Fair Use' issues for journalists, filmmakers, etc. not able of accessing content (per example for social critical documentaries)