Peter Eckersley's homepage

Defend the Open Web: Keep DRM Out of W3C Standards

By Peter Eckersley and Seth Schoen
Published on 2013-03-20, on the EFF blog.

Take Action Against Web DRM

Update, 2013-3-21: you can take action against DRM at the W3C by joining Defective By Design's campaign.

There's a new front in the battle against digital rights management (DRM) technologies. These technologies, which supposedly exist to enforce copyright, have never done anything to get creative people paid. Instead, by design or by accident, their real effect is to interfere with innovation, fair use, competition, interoperability, and our right to own things.

The proposal... claims that "no 'DRM' is added to the HTML5 specification" by EME. This is like saying, "we're not vampires, but we are going to invite them into your house"

That's why we were appalled to learn that there is a proposal currently before the World Wide Web Consortium's HTML5 Working Group to build DRM into the next generation of core Web standards. The proposal is called Encrypted Media Extensions, or EME. Its adoption would be a calamitous development, and must be stopped.

In the past two decades, there has been an ongoing struggle between two views of how Internet technology should work. One philosophy has been that the Web needs to be a universal ecosystem that is based on open standards and fully implementable on equal terms by anyone, anywhere, without permission or negotiation. This is the technological tradition that gave us HTML and HTTP in the first place, and epoch-defining innovations like wikis, search engines, blogs, webmail, applications written in JavaScript, repurposable online maps, and a hundred million specific websites that this paragraph is too short to list.

The other view has been represented by corporations that have tried to seize control of the Web with their own proprietary extensions. It has been represented by technologies like Adobe's Flash, Microsoft's Silverlight, and pushes by Apple, phone companies, and others toward highly restrictive new platforms. These technologies are intended to be available from a single source or to require permission for new implementations. Whenever these technologies have become popular, they have inflicted damage on the open ecosystems around them. Websites that depend on Flash or Silverlight typically can't be linked to properly, can't be indexed, can't be translated by machine, can't be accessed by users with disabilities, don't work on all devices, and pose security and privacy risks to their users. Platforms and devices that restrict their users inevitably prevent important innovations and hamper marketplace competition.

The EME proposal suffers from many of these problems because it explicitly abdicates responsibilty on compatibility issues and let web sites require specific proprietary third-party software or even special hardware and particular operating systems (all referred to under the generic name "content decryption modules", or CDMs, and none of them specified by EME). EME's authors keep saying that what CDMs are, and do, and where they come from is totally outside of the scope of EME, and that EME itself can't be thought of as DRM because not all CDMs are DRM systems. Yet if the client can't prove it's running the particular proprietary thing the site demands, and hence doesn't have an approved CDM, it can't render the site's content. Perversely, this is exactly the reverse of the reason that the World Wide Web Consortium exists in the first place. W3C is there to create comprehensible, publicly-implementable standards that will guarantee interoperability, not to facilitate an explosion of new mutually-incompatible software and of sites and services that can only be accessed by particular devices or applications. But EME is a proposal to bring exactly that dysfunctional dynamic into HTML5, even risking a return to the "bad old days, before the Web" of deliberately limited interoperability.

Because it's clear that the open standards community is extremely suspicious of DRM and its interoperability consequences, the proposal from Google, Microsoft and Netflix claims that "[n]o 'DRM' is added to the HTML5 specification" by EME. This is like saying, "we're not vampires, but we are going to invite them into your house".

Proponents also seem to claim that EME is not itself a DRM scheme. But specification author Mark Watson admitted that "Certainly, our interest is in [use] cases that most people would call DRM" and that implementations would inherently require secrets outside the specification's scope. It's hard to maintain a pretense that EME is about anything but DRM.

Stop Hollyweb DRM in HTML5

The DRM proposals at the W3C exist for a simple reason: they are an attempt to appease Hollywood, which has been angry about the Internet for almost as long as the Web has existed, and has always demanded that it be given elaborate technical infrastructure to control how its audience's computers function. The perception is that Hollywood will never allow movies onto the Web if it can't encumber them with DRM restrictions. But the threat that Hollywood could take its toys and go home is illusory. Every film that Hollywood releases is already available for those who really want to pirate a copy. Huge volumes of music are sold by iTunes, Amazon, Magnatune and dozens of other sites without the need for DRM. Streaming services like Netflix and Spotify have succeeded because they are more convenient than piratical alternatives, not because DRM does anything to enhance their economics. The only logically coherent reason for Hollywood to demand DRM is that the movie studios want veto controls over how mainstream technolgies are designed. Movie studios have used DRM to enforce arbitrary restrictions on products, including preventing fast-forwarding and imposing regional playback controls, and created complicated and expensive "compliance" regimes for compliant technology companies that give small consortia of media and big tech companies a veto right on innovation.

All too often, technology companies have raced against each other to build restrictive tangleware that suits Hollywood's whims, selling out their users in the process. But open Web standards are an antidote to that dynamic, and it would be a terrible mistake for the Web community to leave the door open for Hollywood's gangrenous anti-technology culture to infect W3C standards. It would undermine the very purposes for which HTML5 exists: to build an open-ecosystem alternatives to all the functionality that is missing in previous web standards, without the problems of device limitations, platform incompatibility, and non-transparency that were created by platforms like Flash. HTML5 was supposed to be better than Flash, and excluding DRM is exactly what would make it better.

Take Action Against Web DRM

← Home