Matt Lieber Goes To Dinner

From The Cory Doctorow Wiki


It’s one of those things that is amazingly important and also protected by this shield of boringness that keeps it from being understood and acted on and is in that category of fantastically dangerous things because it’s super urgent and really hard to get your head around.



March 2, 2017



MP3 (40 MB)




© 2016 Gimlet Media. All Rights Reserved.



[Transcript taken from the official website of the Reply All podcast episode, but still needs some cleaning up]

CORY DOCTOROW: It’s one of those things that is amazingly important and also protected by this shield of boringness that keeps it from being understood and acted on and is in that category of fantastically dangerous things because it’s super urgent and really hard to get your head around.

PHIA: But–I’ve been talking to Cory for almost a year now about this just, like, trying to understand it, asking a bunch of internet experts about it, and now I’m gonna try ‘n’, take like, everything I’ve learned and compress it and probably simplify it a little bit but explain it to you, um, and I’m going to try and do it in like 10 minutes.



PHIA: So … Cory is locked in this battle that, I mean, really is literally just about how we watch video on the internet. And, he says that the stakes for this like could not be higher. Like, if the bad guys win, it could have catastrophic consequences for the internet.

PJ: Who are the bad guys?

PHIA: So, the thing is that the bad guys for Cory, they’re actually like really good guys. All they’re trying to do is like make sure the internet can run, like, as smoothly as possible for like everyone in the world. They’re this group called the W3C. It stands for the World Wide Web Consortium. And their whole job is that they’re trying to create like one language for the internet so that like my computer can talk to your computer. I talked to one member, his name’s Adrian Bateman, and he told me how they spend their time.

ADRIAN BATEMAN: We agree on, like, “Is it called picture or is it called image?”, you know, in the HTML language, which is the language of webpages. We actually use IMG as an abbreviation for image.

PHIA: So part of what the WC3 does is you guys are like the Webster’s Dictionary saying like, “We spell color with a ‘u’ or without a ‘u,’” and then–


PHIA: –you’re also doing, like the, “This is sentence structure, this is grammar, this is like–here’s how we define the building blocks and here’s what they are?”


PHIA: So that’s an example of the kind of thing that the 400-some members of the W3C are working on and arguing about. […] Now I want to tell you about this one little fix that the W3C is considering that Cory thinks could actually be like the end of everything.

So, you know how in the past, when you’ve wanted to watch a video on–line, if you wanted to watch a movie on Netflix, sometimes it would be like, grey screen, “You need to update your Silverlight.”

PJ: Yes! This is the bane of my existence.

PJ: It’s not actually Netflix, it’s Amazon. Amazon is constantly like, “Microsoft Silverlight needs to update.”

PHIA: Mhm.

PJ: Which is crazy because I don’t know what it does–

PHIA: (laughs)

PJ: –I assume it’s like an annoying privacy, like, a thing for them, not for me.

PHIA: Mhm.

PJ: And it is constant.

PHIA: Yes.

PJ: Like constant. Can I tell you that, like, multiple times–not only in my life, but this year–I’ve bought a movie or a television show online–

PHIA: Mhm.

PJ: –run into something like a Silverlight update and then pirated it. Because I felt like I don’t want to go through whatever crap you want to put on my computer, I don’t want.

PHIA: Uh-huh.

PJ: I’m happy to have paid for it–

PHIA: Yeah.

PJ: –but, like, I’m not gonna–I don’t want your weird invasive … crap. Which is reasonable and normal.

PHIA: (laughs) Which, I mean the funny thing about Silverlight is it’s a way for you to watch videos online but the actual intention is to, like, wrap up the movies in a way where, like, they are protected and secure and people can’t steal them. It’s this thing called DRM.

ALEX: I know DRM. It stand for “digital rights management,” and it’s like a thing that basically since the beginning of the internet companies have been doing to try to keep people from copying stuff.

PHIA: Mhmm.

ALEX: So a lot of DVDs will only allow you to make one or two copies of it before it stops letting you make more copies. Um… there are certain CDs that they make it hard for you to actually pull music off of.

PHIA: Right, so, like, the whole purpose of it is just to, like, stop you from pirating stuff.

PJ: Which is not working.

PHIA: Certainly isn’t really working for you.

So the W3C is like, you’re sick of updating Silverlight, you’re sick of updating Flash? We’ve great news. We have this new DRM, and we’re going to put it directly into your browser. You’re never going to have to worry about updating Flash again.

But here’s the catch. And it’s kind of a big catch. Which is, it’s going to be everywhere. It’s going to be in every phone, in every computer. And if you imagine your computer kinda like your house, it’s like, every house is going to have the same kinda lock on the front door. And they’re saying it’s going to be the best lock–it’s going to be like, super secure, have all the deadbolts you want, like, the perfect lock. Which if they’re right, is like–fantastic.

But Cory says, if they’re wrong–we’re not going to know that they’re wrong. Because outside security experts like, they can’t look at this thing. It’s like the big plan to protect this lock is just like: don’t look at the lock! Don’t break the lock try to break the lock.

PJ: Like you’re just not allowed to?

PHIA: Well, basically. Because there’s this copyright law that actually says, like, security researchers are not allowed to get anywhere near locks like this one.

PJ: Oh. That does feel as bad as he thinks it is, honestly.

PHIA: Yeah, and Cory says this is a real law, and it’s been enforced before.

CORY: So there was this was programmer named Dmitry Sklyarov who worked for a company called Elcomsoft, he was Russian. And he came to America to give a presentation at a tech conference about Adobe’s ebook reader. And Adobe had made this ebook reader that promised that you wouldn’t be able to copy the text.

Dmitry found that it was made very, very badly. And so he did what security researchers always do when they find a bug in software that is allegedly secure, which is that they disclose it.

PHIA: He went on a stage at this conference and he told people, like, “Here’s this flaw.” And … the FBI arrested him.

PJ: What?!

PHIA: Yeah.

ALEX: The FBI arrested him for copyright infringement?

PHIA: Yeah, basically, and he ended up going to jail.

ALEX: That’s so ridiculous.

PHIA: He struck a deal with the feds and went back to Russia. Um–

PJ: “What are you in for?” “A paper I presented at a college symposium.” “What about you?”

PHIA: And Cory said he was actually at Dmitry’s release party.

PHIA: What was he like?

CORY: He was a quiet, Russian guy. He was a nerd. He was a programmer like all the programmers I knew. He wasn’t Neo. He was just this guy who (laughing) had been to jail in America, and wanted to get the hell out and go back to Russia.

PHIA: So, Cory’s like 'what if they decide to do the same thing now with this encrypted video player thing?' Like, what if they decide to try and arrest anyone who is pointing out a problem with it? He told me like in one of our many conversations that we had over the last year that security people are really freaked out about this.

CORY: There are lots of people around the world who discover bugs and sell them to governments, right? They weaponize them and they sell them to governments instead of reporting them to the company or publishing them to the public.

So if it’s a really bad defect, you know, you might be able to seize control of the whole computer or maybe you can just take over the browser, in which case you can do things like log credit card numbers and turn on the camera maybe, depending on how the browser and the camera are interacting with each other. If the browser has location access, you can get that, you can get passwords, you can do all kinds of things.

ALEX: Is there any reason to fight for this? ‘Cause what you’re describing is like a portal that everyone’s going to be attacking – that no one is allowed to look at, and I can’t understand why this is better than the current system.

PHIA: Yeah, right. And, you know, it’s not the sort of thing that the W3C would normally support. Like, this is the first time they are recommending a standard, like, new internet code that nobody would be allowed to look at. But Cory has a theory about why the W3C is considering this, and it has to do with some new members that joined in the last few years–members like Netflix and YouTube and Viacom.

CORY: Giant media companies, who forever have not liked the wide openness of the web and have been calling – since the web’s inception – for controls on how the web works to make their business models more viable, see an opportunity. and etc

PHIA: Which is to say an opportunity to add DRM to things. Like, remember, DRM is that little piece of encryption that stops users from messing with or pirating things?

CORY: So, Netflix shows up at the W3C and says, “We would really like DRM in browsers,” and then strongly implies that in the absence of DRM in browsers there will be no Netflix in browsers. And Netflix is a thing that, um, a lot of people are convinced they need in order to have a viable product. We just- we have to play ball with Netflix.

PHIA: Netflix feels so strongly about this that they’re actually helping to make the lock that the W3C is suggesting that everybody use. Like, Netflix and Google and Microsoft, that’s who is writing it.

PJ: (laughs) Which is crazy, because their whole thing is like: we’re going to build this, it’s going to be perfect, it’s going to replace all the crap that exists right now. The crap is Silverlight. Microsoft made Silverlight.

PHIA: Right.

PJ: Like why would the perfect thing…? That’s crazy.

PHIA: Yeah, I know. And like, the whole time I’m trying to learn about this, I just really wanted to get the perspective of the media companies. And, you know, I reached out to like Netflix, and YouTube, and the Motion Picture Association, and nobody wanted to talk to me. But one group that did get back to me was Mozilla, who makes Firefox, one of the browsers.

PHIA: So they’re particularly interesting to me because they’re like, in the middle of this fight. There’s like, on the one side there’s like the users, like us, who are just watching movies. Then on the other side there’s like, the media companies who are providing movies, and Mozilla they are just like a platform in the middle of it all.

ALEX: They gotta get along with everybody.

PHIA: Yeah, they’re trying to keep like everybody happy. And that’s kind of their role, but it’s put them in this very difficult position.

So, I talked to a woman, her name is Denelle Dixon. Her title at Mozilla is chief legal and business officer.

PJ: Uh-huh.

PHIA: And she told me that even though Mozilla, like, really does not like this lock thing, it makes a lot of sense to her why companies like Netflix would.

DENELLE DIXON: The content owners–the ones that produce this content that is–it’s their content. It’s copyrighted content. It’s content that they’ve spent creative energy putting together. And they should be able to monetize this content and to protect that content from being–in their mind–being distributed in ways that they don’t authorize. Um. We actually–as Mozilla–think that that’s true. Like, they’re content owners and they should be able to protect it. But there are other ways to go about to protecting the content.

PHIA: Mozilla would like any other option besides this one–because on top of everything else what their company stands for is openness and transparency. For example, Firefox is- is like famously the open source browser.

ALEX: Right.

PHIA: But at some point they realized they can either go along with this or… die.

DENELLE: So it was a really tough decision and it was one we didn’t take lightly at all. We recognized that this it’s–this is hostile to users. The locking system is hostile to users, uh, from the standpoint of, you know, in our browser you put this closed source component in there that’s getting information and data about your devices, and we also are all about transparency. And so that was a problem for us.

PHIA: But after a lot of debate they decided, ok, we’ll put it in.

PHIA: Does that mean there’s code in Firefox that Mozilla can’t look at? Like that–that you can’t look at?

DENELLE: Right. So this is–yeah, so we can’t get into the black box of the DRM, of the– of the locking system either.

PHIA: Does that feel kind of weird?

DENELLE: (laughs) Yeah, I mean this part of the challenge that we had. It’s that- here’s the–I’m gonna give you the really simple perspective on this: if we didn’t–if we chose not to–put this locking system, black box or not, into our code, uh, then we obviously, our users would go to other browsers because … they need to be able to–they want to be able to watch this content.

PHIA: Meaning if you want to watch Stranger Things and you can’t watch it on Firefox, you are going to somewhere else. And so now, ’cause they agreed to this, Firefox has this little piece of code inside of it that is encrypted.

ALEX: That must (laughing) drive them nuts! That’s all they care about.

PHIA: Yeah, I mean she said it felt really bad. She said, like, a lot – like, it was sad. It made her sad.

ALEX: It’s–that is, like, the thing that, to me, helps me understand the bigness of this.

PHIA: Mhm.

ALEX: Because the internet as it’s always existed has always been this thing that, like, the architecture, you can al- you could always see the beams that held it up.


ALEX: And if it seemed like there was any one that was weak in any- any particular way, um, other people would- would point out that weakness and help fix it, weld it back together. And now it feels like, um, video, which is now a huge part of the architecture of the internet–

PHIA: Mhm.

ALEX: if that is no longer visible it just seems like it’s like a fundamental shift to me.

PHIA: Yes, I think it’s a really big deal.

PJ: So what is going to happen… Like, what happens now?

PHIA: So, Cory says he is going to keep fighting this. Like he is not stopping. He has collected a coalition of people who are all fighting with him, and like, at this point, they’ve been fighting this for three years now. They’re just doing everything they can to make it as difficult as possible for the W3C to make this, like, the law of the land, like a universal standard.

PJ: But what’s the like– is there like a showdown point? You know what I mean?

PHIA: Yes, (laughs) so they’ve been like, gearing up for a vote, like, between W3C members. And they’ve been thinking that will probably happen, like, April 1st.

PJ: Uh-huh.

PHIA: And I thought that’s where things stood, like that’s what I was expecting to tell you today and then when I was like… when we were all preparing to come in and I was going to explain all this to you, actually right before I came in, this huge thing happened, which is that the director of the W3C posted a blog post saying like … he has an opinion on this. He’s weighing in.

And, what he said was this thing that Cory hates, he said the W3C should go through with it.

PJ: Huh.

PHIA: So I emailed Cory and he was like, “I saw this and I immediately sent an email out to the head of the W3C saying, like, ‘Are we still gonna have a vote? We always have a vote.’”

PJ: (laughs)

PHIA: (laughs) And he hasn’t heard back.

PJ: Wow.

PHIA: So that’s where it stands right now.