This site has received a lot of traffic over the past couple of days. Google Analytics takes a bit of time to show the numbers, but a quick scan of the logs suggests about four and a half thousand visits to my post about the iPlayer on Friday alone. Boing Boing and Ars Technica contributed a great deal of that. I came back from lunch to find that a journalist was calling to interview me. All very exciting, really. But in all the rush, I haven’t had a chance to explain my thoughts in detail.

Last week, a number of people, myself included, realised that the BBC’s new iPhone version of the iPlayer site permitted unencrypted downloads of the programmes. This wasn’t a bug or a hack: this was exactly how they were intentionally serving the content to iPhone owners. Our innovation, such as it was, was to send a user agent identifier that looked like an iPhone. This was, as things go, very trivial. My contribution was to wrap the procedure in a command-line Ruby script to make the process easy.

Why was all this significant, though? Well, the BBC’s iPlayer project has been controversial from the start. It was released with support only for Windows: the BBC claimed that only Microsoft’s DRM could provide the necessary level of protection against copying and hoarding to persuade content owners to license their material for online viewing.

For the purposes of argument, I’m going to take that at face value for now, and ignore the holes in that protection (e.g. FairUse4WM). If only Microsoft DRM is good enough, then the BBC couldn’t possibly offer downloads in any other format.

This was their argument, in fact, when Mac and Linux users (whose numbers the BBC grossly underestimated) complained about their technical disenfranchisement. Only Microsoft offered a suitable DRM implementation. This didn’t work on anything except Windows, ergo there was nothing they could do. The ‘me ’ands are tied, guv’ defence. There were, of course, vague promises about cross-platform support coming eventually at some time in the future, but nothing concrete. (In fact, the iPlayer is bought-in technology: it uses the Kontiki platform, which is highly reliant on Windows Media DRM, and any cross-platform extension depends on Kontiki making it.)

Quite a number of people were unimpressed by this. John Pugh MP wrote:

By guaranteeing full functionality to the products of one software vendor (Microsoft), it is as a public body handing a commercial advantage to that company – effectively illegal state aid!

As a result of all this controversy, a streaming version of the iPlayer was quickly rushed out, using Flash in the browser as the delivery mechanism in order to work across a wider range of clients. But there are a few limitations:

  • The quality of the Flash service isn’t as good as the Windows-only downloads.
  • Flash is a proprietary platform that will work on most but not all computer systems.
  • The streaming movies can’t be watched offline, on the train for example.
  • The availability window is limited to seven days.

So, whilst it’s better than nothing, it’s still a second-rate service in some ways. Ironically, it’s a second-rate service that’s been more popular than the original, probably because it doesn’t require the installation of special client software with a nasty reputation.

So if DRM is absolutely necessary, it follows that the Flash iPlayer must implement DRM, too, right? You might be surprised to find out that that’s not the case. Although Adobe do, unfortunately, have plans to integrate DRM into Flash in the future, it’s currently not part of the platform. The only protection the Flash iPlayer offers is security through obscurity: a proprietary Adobe streaming protocol is used, and the means to capture the data aren’t widely available. It’s only a matter of time, though. Mark my words!

What happened next isn’t clear. Perhaps a director at the BBC was showing off his new iPhone and, upon realising that the iPlayer didn’t work, demanded satisfaction from his minions. I don’t know. I’m making it up. But, in contrast to the foot-dragging over non-Windows access to the iPlayer, an iPhone-compatible version of the system was whipped up and pushed out the door double-quick, to a burst of favourable publicity.

Since the iPhone doesn’t have Flash, they had to use a different delivery mechanism: one that the iPhone understands. That meant h.264 video over HTTP. Once again, just like the Flash version, this was secured through obscurity, by only serving the content to devices that identify themselves as iPhones.

There’s nothing essentially wrong in providing an h.264 version of iPlayer programmes for devices that can’t play Flash. That includes iPhones. But there are plenty of other devices that can’t play Flash, can play h.264, and aren’t iPhones. By restricting it to Apple products, the BBC crosses a line. As Jamie Thompson writes:

From a simple marketing perspective this act gives Apple a HUGE extra selling point for their iPhone product in the UK. It’s almost beyond belief that this could be allowed.

Unlike Flash, though, the tools to work around this artificial restriction are widely available. Within a few days, several people had posted methods for downloading the iPhone-targeted content.

Then the Empire struck back. In its occasional role as a propaganda vehicle, BBC News crowed:

The BBC has issued a fix to stop people downloading programmes from the iPlayer website that were intended for streaming on an iPhone or iPod only.

Hilariously, that story is, right now, still on the front of the BBC News Technology section, a full 48 hours after I reported defeating the fix. But the tone of the article is both misleading and defamatory:

Hackers had discovered an exploit that allowed them to save the programmes to hard disk and share them with others.

There’s no exploit. There’s not even a hack. And no one did this to share the programmes with others. We just want to watch them—on our own terms.

But I’ll tell you what else allows people to save programmes to hard disk: the unencrypted digital MPEG-2 DVB-T Freeview signals that are broadcast all around the place. I’ve done it myself, using MythTV. If it’s not a problem that people can save programs to disk from Freeview, It’s not a problem that they can do the same with the lower quality iPhone files from the iPlayer, either. As I’ve noted above, it’s possible to remove the DRM from the Windows iPlayer’s downloaded files, too. Besides, BBC programmes are all over the file sharing sites already. The ability to save content from the iPhone version of the iPlayer isn’t going to affect that availability one iota.

I don’t know what the BBC will do next. I wish that they could just stop trying to pretend that the internet needs special protections when all the facts indicate otherwise. I especially want them to stop giving special treatment to preferred manufacturers. By all means make h.264 content available, but don’t arbitrarily restrict it to people who’ve bought products from a specific company. It’s not appropriate from the national broadcaster.