Can This Web Be Saved from DRM?

It seems that the the 25 years old free web is under a constant attack. The most current threads to really open web at the moment are DRM, network neutrality issues  and mobile app wallet garden silos.

Some time ago DRM HTML5 were approved. I did not like the idea to add DRM to HTML5, because generally DRM does not work and just complicates things. DRM did not work too well for music industry, but now the DRM was pushed by TV/movie/video industry.

Last year the W3C approved the inclusion of DRM in future HTML revisions. It’s called Encrypted Media Extensions, and it was not well received by the web community. Nevertheless, this new DRM technology had the support of several major browser makers, but Mozilla was not friend of that. The new version of DRM uses the acronyms “EME” and “CDM.”

Can This Web Be Saved? Mozilla Accepts DRM, and We All Lose article tells that flanked on all sides by Google, Microsoft, Opera and (it appears) Safari’s support and promotion of the EME DRM-in-HTML standard, Mozilla is giving in to pressure from Hollywood, Netflix et al, and will be implementing its own third-party version of DRM. It will be rolled out in Desktop Firefox later this year. Mozilla’s view: With most competing browsers and the content industry embracing the W3C EME specification, Mozilla has little choice but to implement EME as well so our users can continue to access all content they want to enjoy. Browsers must provide the ability to watch video or the browser becomes less and less the tool users need.

EFF disagrees with the DRM idea and has written a good article Can This Web Be Saved? Mozilla Accepts DRM, and We All Lose on that with point: Technologists implement DRM with great reticence, because they can see it’s not a meaningful solution to anything but rather a font of endless problems. Past experience has shown that standing up to DRM and calling it out does have an effect. As we have said to the W3C, and Cory Doctorow spells out to Mozilla in this Guardian article, we can do much more to fight the negative consequences of DRM than simply attempt to mitigate the damage of its adoption.

Mozilla CTO Andreas Gal has a post explaining how Firefox will be implementing EME. He says, ‘This is a difficult and uncomfortable step for us given our vision of a completely open Web”.  For Mozilla it has been  essential that all code in the browser is open so that users and security researchers can see and audit the code. DRM systems explicitly rely on the source code not being available. Mozilla’s CTO, Andreas Gal, says that Mozilla “has little choice.” Mozilla’s Chair, Mitchell Baker adds, “Mozilla cannot change the industry on DRM at this point.”

Mozilla’s DRM code, imported from Adobe as a closed-source binary, will sit in a cordoned sandbox, simultaneously Mozilla’s responsibility but beyond its controlHow Firefox Will Handle DRM In HTML article tells that the used DCM DRM system is wrapped it into an open-source sandbox to avoid potential unfavorable privacy properties. This is better than running the code on the wild, but I still don’t like it. Can This Web Be Saved? Mozilla Accepts DRM, and We All Lose.


  1. Tomi Engdahl says:

    Free Software Foundation Condemns Mozilla’s Move To Support DRM In Firefox

    “The Free Software Foundation has opposed Mozilla’s move to support DRM in the Firefox browser, partnering with Adobe to do so. The FSF said, ‘[We're] deeply disappointed in Mozilla’s announcement. The decision compromises important principles in order to alleviate misguided fears about loss of browser market share. It allies Mozilla with a company hostile to the free software movement and to Mozilla’s own fundamental ideals. …”

  2. Tomi Engdahl says:

    Mozilla had no choice but to add DRM to Firefox

    Mozilla has been in the news quite a lot over the last few months. This time the organization is being hammered by open source advocates for adding Adobe DRM to Firefox. One such article recently appeared on ITWire where the author of the article accused the Mozilla Foundation of base hypocrisy by deciding to add DRM to Firefox while projecting an air of noble dedication on other issues related to its values.

    If you haven’t seen it already, you should take a peek at Mozilla’s blog entry about DRM to get their side of the issue. It lays out pretty clearly what the reasoning was behind this decision, and it also laments having to do it in the first place.

    Firefox: A browser in decline?
    But did the folks at Mozilla really have a choice when it comes adding DRM? An open source project like Mozilla is not immune to market pressures. And with so many competing browsers such as Chrome adding DRM for Netflix, etc. how could Firefox avoid adding it? Is it realistic to think that Firefox can simply ignore such things? I don’t think so and the reason why is in Firefox’s usage numbers over the last few years.

    DRM was Mozilla’s only real choice…for now
    So what choice did Mozilla really have except to follow in the footsteps of Chrome? I’d argue that it really didn’t have any choice. Yes, it would have been better if Firefox could have remained aloof from the entire DRM thing. But Firefox does not exist in a vacuum, it has a lot of other browsers it competes with for users. So it has to be on par with other browsers if it is going to survive over time, and that means sometimes having to go against the open source philosophy of its roots.

    Mozilla’s recent PR problems
    This isn’t the first time Mozilla has been vilified in the media recently. The Brendan Eich controversy gave the organization a huge black eye among many developers and users.

    And now, of course, we have Adobe’s DRM being added to Firefox. Talk about adding fuel to the fire!

  3. Tomi Engdahl says:

    DRM and the Challenge of Serving Users

    The industry is on the cusp of a new mechanism for deploying DRM. (Until now, browsers have enabled DRM indirectly via Adobe’s Flash and Microsoft’s Silverlight products.) The new version of DRM uses the acronyms “EME” and “CDM.” At Mozilla we think this new implementation contains the same deep flaws as the old system. It doesn’t strike the correct balance between protecting individual people and protecting digital content. The content providers require that a key part of the system be closed source, something that goes against Mozilla’s fundamental approach.

    We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point. In the past Firefox has changed the industry, and we intend to do so again. Today, however, we cannot cause the change we want regarding DRM. The other major browser vendors — Google, Microsoft and Apple — have already implemented the new system. In addition, the old system will be retired shortly. As a result, the new implementation of DRM will soon become the only way browsers can provide access to DRM-controlled content.

  4. Tomi Engdahl says:

    Discussions about DRM often land on the fundamental problem with DRM: that it doesn’t work, or worse, that it is in fact mathematically impossible to make it work. The argument goes as follows:

    1. The purpose of DRM is to prevent people from copying content while allowing people to view that content,

    2. You can’t hide something from someone while showing it to them,

    3. And in any case widespread copyright violations (e.g. movies on file sharing sites) often come from sources that aren’t encrypted in the first place, e.g. leaks from studios.

    It turns out that this argument is fundamentally flawed. Usually the arguments from pro-DRM people are that #2 and #3 are false. But no, those are true. The problem is #1 is false.

    The purpose of DRM is not to prevent copyright violations.

    DRM’s purpose is to give content providers control over software and hardware providers, and it is satisfying that purpose well.

    As a corollary to this, look at the companies who are pushing for DRM. Of the ones who would have to implement the DRM, they are all companies over which the content providers already, without DRM, have leverage: the companies that both license content from the content providers and create software or hardware players. Because they license content, the content providers already have leverage against them: they can essentially require them to be pro-DRM if they want the content. The people against the DRM are the users, and the player creators who don’t license content. In other words, the people over whom the content producers have no leverage. 


  5. Tomi Engdahl says:

    HTML5′s overseer says DRM’s true purpose is to prevent legal forms of innovation

    Ian Hickson, the googler who is overseeing the HTML5 standard at the W3C, has written a surprisingly frank piece on the role of DRM. As he spells out in detail, the point of DRM isn’t to stop illegal copying, it’s to stop legal forms of innovation from taking place. He shows that companies that deploy DRM do so in order to prevent individuals, groups and companies from innovating in ways that disrupt their profitability

    1. DRM always involves patents with onerous licensing terms that are incompatible with the W3C’s patent policy, because patent licensing is the hook by which those disruptive — but legal — features can be prohibited

    2. DRM can’t be implemented in free/open code. For DRM to work, anyone who implements it has to design their implementation to prevent users from changing it. This is reflected in the “robustness” rules that always accompany DRM licensing, which always prohibit “user modifiability.”

    In other words:

    1. DRM’s purpose is to prevent legal innovation

    2. DRM requires onerous patent licenses

    3. DRM is incompatible with free/open code and systems

  6. Tomi Engdahl says:

    An Economic Explanation For Why DRM Cannot Open Up New Business Model Opportunities

    Economic growth occurs whenever people take resources and rearrange them in ways that are more valuable.

    Every generation has perceived the limits to growth that finite resources and undesirable side effects would pose if no new recipes or ideas were discovered. And every generation has underestimated the potential for finding new recipes and ideas.

    Note that it’s the non-scarce products, the recipes and the ideas, that helps expand the value of the limited resources, the ingredients.

    DRM is fundamentally opposed to this concept. It is not increasing value for the consumer in any way, but about limiting it. It takes the non-scarce goods, the very thing that helps increase value, and constrains them. Those non-scarce goods are what increase the pie and open up new opportunities for those who know where to capture the monetary rewards of that value (within other limited resources). DRM, on the other hand, holds back that value and prevents it from being realized. It shrinks the pie — and no successful business models come out of providing less value and shrinking the overall pie. Fundamentally, DRM cannot create a successful new business model. It can only contain one.

  7. Tomi Engdahl says:

    Netflix ditches Silverlight for HTML5 on Macs too: Available today in Safari on OS X Yosemite beta

    Netflix says it has been “working closely” with Apple to implement its Premium Video Extensions in Safari. These extensions allow playback of video directly in the browser without plugins such as Silverlight or Flash, but still keep publishers happy that their content won’t be ripped off.

    The extensions are made up of three components, all of which Apple has included:

    The Media Source Extensions (MSE), using the “highly optimized video pipeline” on OS X.

    The Encrypted Media Extensions (EME) provides the content protection needed for media services like Netflix.

    The Web Cryptography API (WebCrypto), which allows Netflix to encrypt and decrypt communication between its JavaScript application and its servers.

    Netflix says it is looking forward “to a time when these APIs are available on all browsers” so that it can ditch plugins once and for all.

  8. Tomi Engdahl says:

    Cory Doctorow / Electronic Frontier Foundation:
    EFF appeals W3C director Tim Berners-Lee’s EME decision, calls for sandbox auditing, auto-generated accessibility metadata, protection for new market entrants

    Notice to the W3C of EFF’s appeal of the Director’s decision on EME

    On behalf of the Electronic Frontier Foundation, I would like to formally submit our request for an appeal of the Director’s decision to publish Encrypted Media Extensions as a W3C Recommendation, announced on 6 July 2017.

    The grounds for this appeal are that the question of a covenant to protect the activities that made DRM standardization a fit area for W3C activities was never put to the W3C membership. In the absence of a call for consensus on a covenant, it was improper for the Director to overrule the widespread members’ objections and declare EME fit to be published as a W3C Recommendation.

  9. Tomi Engdahl says:

    Cory Doctorow / Electronic Frontier Foundation:
    After controversial vote, W3C announces it will publish Encrypted Media Extensions, a type of DRM for web video, without protection for security researchers — Early today, the World Wide Web Consortium (W3C) standards body publicly announced its intention to publish Encrypted Media Extensions …

    Amid Unprecedented Controversy, W3C Greenlights DRM for the Web

    Today, the W3C announced that it would publish its DRM standard with no protections and no compromises at all.

    Early today, the World Wide Web Consortium (W3C) standards body publicly announced its intention to publish Encrypted Media Extensions (EME)—a DRM standard for web video—with no safeguards whatsoever for accessibility, security research or competition, despite an unprecedented internal controversy among its staff and members over this issue.

    EME is a standardized way for web video platforms to control users’ browsers, so that we can only watch the videos under rules they set. This kind of technology, commonly called Digital Rights Management (DRM), is backed up by laws like the United States DMCA Section 1201 (most other countries also have laws like this).

    EFF objects to DRM: it’s a bad idea to make technology that treats the owner of a computer as an adversary to be controlled, and DRM wrecks the fairness of the copyright bargain by preventing you from exercising the rights the law gives you when you lawfully acquire a copyrighted work (like the rights to make fair uses like remix or repair, or to resell or lend your copy).

    Today, the W3C announced that it would publish its DRM standard with no protections and no compromises at all, stating that W3C Director Tim Berners-Lee had concluded that the objections raised “had already been addressed” or that they were “overruled.”

    Even by the W3C’s own measures, EME represents no improvement upon a non-standards approach, and in some important ways, the W3C’s DRM is worse than an ad-hoc, industry approach.

    At root is the way that DRM interacts with the law.

    EME only solves part of the video-transmission standard: for a browser to support EME, it must also license a “Content Decryption Module” (CDM). Without a CDM, video just doesn’t work.

    All the big incumbents advocating for DRM have licenses for CDMs, but new entrants to the market will struggle to get these CDMs

    The W3C says that none of this makes DRM any worse than what was there before the standards effort, but they’re dead wrong. DRM is covered by a mess of criss

    Disposition of Comments for Encrypted Media Extensions and Director’s decision

    On March 16, the W3C solicited a review from its Advisory Committee of
    the Encrypted Media Extensions on its advancement to Recommendation:


Leave a Comment

Your email address will not be published. Required fields are marked *