Content Protection Challenge
Mark Watson (Netflix)
Monday breakout group
Aim: Make it technically difficult to copy video (content) that is made available on the Web.
Need:
- To make that work we need to provide encrypted media and secure distribution of keys
- You don't want to standardize the key and encryption algorithm
What API would be good to have in HTML?
- e.g. everyone does the same encryption algo, the key distribution is not standardized
- crypto API would be good
- API to provide keys for crypto algorithms
- just expose platform capabilities in the browser, e.g. OpenMAX
Current browsers do all the video decoding in software How do you find out what crypto algos a platform supports?
Netflix has an API that they require all their DRM providers to expose to them
Mark walks us through it:
- authorize users at service level
- suggestion to introduce a key exchange that hands over the protected messages
- possible video extensions:
- events that appear on video element:
- protectionScheme
- keyRequest
- keyRelease
- keyResponse
- events that appear on video element:
- should work with anything, including widevine
- media framework needs to include protection scheme, or the platform needs to provide the functionality (through HW or proprietary installed sw piece)
Problem:
- DRM APIs are not standardized -> do that first
Question:
- Is this a fundamental issue that is not possible to solve in a browser, not desirable to solve in a browser, or just a big challenge to try and solve?
Criticism:
- please consider 'Freedom of Speech' & 'Fair Use' issues for journalists, filmmakers, etc. not able of accessing content (per example for social critical documentaries)