Microsoft, Google and Netflix want to add DRM-hooks to W3C HTML5 standard

A proposed anti-copying extension for the W3C's standard for HTML5 has been submitted by representatives of Google, Microsoft and Netflix. The authors take pains to note that this isn't "DRM" -- because it doesn't attempt to hide keys and other secrets from the user -- but in a mailing list post, they later admitted that this could be "addressed" by running the browser inside a proprietary hardware system that hid everything from the user.

Other WC3 members -- including another prominent Googler, Ian Hickson -- have called for the withdrawal of the proposal. Hickson called it "unethical." I agree, and would add "disingenuous," too, since the proposal disclaims DRM while clearly being intended to form a critical part of a DRM system.

In an era where browsers are increasingly the system of choice for compromising users' security and privacy, it is nothing short of madness to contemplate adding extensions to HTML standards that contemplate designing devices and software to deliberately hide their workings from users, and to prevent users from seeing what they're doing and changing that behavior if it isn't in their interests.

Writing on Ars Technica, Ryan Paul gives a good blow-by-blow look at the way that this extension is being treated in the W3C:

Mozilla's Robert O'Callahan warned that the pressure to provide DRM in browsers might lead to a situation where major browser vendors and content providers attempt to push forward a suboptimal solution without considering the implications for other major stakeholders.

Some of the discussion surrounding the Encrypted Media proposal seem to validate his concerns. Mozilla's Chris Pearce commented on the issue in a message on the W3C HTML mailing list and asked for additional details to shed light on whether the intended content protection scheme could be supported in an open source application.

"Can you highlight how robust content protection can be implemented in an open source webrowser?" he asked. "How do you guard against an open source web browser simply being patched to write the frames/samples to disk to enable (presumably illegal) redistribution of the protected content?"

Netflix's Mark Watson responded to the message and acknowledged that strong copy protection can't be implemented in an open source Web browser. He deflected the issue by saying that copy protection mechanisms can be implemented in hardware, and that such hardware can be used by open source browsers.

"Unethical" HTML video copy protection proposal draws criticism from W3C reps (Thanks, Rob!)


  1. “He deflected the issue by saying that copy protection mechanisms can be implemented in hardware, and that such hardware can be used by open source browsers.”

    And this “hardware” he speaks of, presumably that needs to be constructed from an as-yet-uninvented UNHACKABLE matter.

    1. Observe caution: hardware is not unhackable, as you say,(best case, by ‘hardware’ they actually meant ‘firmware’ and the firmware is buggy, allowing a relatively simple software attack to be crafted by the suitably skilled with cheap software tools and downloaded by everybody else. Worst case, if you’ve got the fancy microscopes and the ion-beam equipment, the structure of a silicon die can be modified after manufacture…)

      However, if the ‘hardware’ module is robust enough(ie. its firmware isn’t totally shoddy) that it must be attacked in hardware you can, and companies have before, defeat the greatest advantage of software hacks. Software is cheap to distribute and copy, and virtually impossible to stamp out in the wild. Mod chips have a greater per-unit cost, require some skill to install, and vendors of such are at much greater risk of being caught.

      You cannot stop the very high-end attackers; but a ‘hardware’ security situation can prevent everybody else from being able to download and use what the high-end attackers discover. 

      The other problem, more of a legal technicality, is that for any free-as-in-GPL2  software(or free software in general, if it can be replaced in a GPL3 compliant way; but talks to a hardware security module of some type) is that it allows Tivoization. 

      The little line at the bottom “CDM may use or defer to platform capabilities.” would appear to be a polite way of saying “Sure, you freetards can use whatever software you like to handle the HTTP part of pulling down an encrypted file from the server; but this ‘standard’ allows, but does not standardize, any requirements at all in terms of underlying OS, underlying hardware DRM support, etc. that will be required to actually use the encrypted blob…

      1. Even if a hack is difficult, mass users don’t need to repeat the hack itself. They just need the end product.

        So the “high end” hacker extracts the unencrypted blob, and a few hours later its being burned to discs to be sold on the street in India and China…

  2. Your talk yesterday pretty much predicted this. Still software based i guess, then its just one step for google to try and incorporate such standard into every google device to begin with.

  3. Copyright legislation is out of control. We demand a moratorium on secret and fast-tracked negotiations while governments consult the people they represent. It’s the democratic way.

    As the entertainment industry grew, an unholy alliance developed between Hollywood and Congress. Politicians have become corrupted by contributions from the entertainment industry, and now seem to be falling all over each other in their eagerness to serve their Hollywood directors. The Rights Groups with their political allies are now so powerful they have governments the world over jumping to placate their every whim, negotiating secret treaties just for them, even as they conspire to control our computers and cripple the internet to enhance their profits. 

    Every time a change to copyright law is proposed, it is in response to demands from powerful lobbies. When have you ever seen a grass roots demand for broadened rights, stricter enforcement, or longer copyright duration? Never! Legislation reflects neither the will nor priorities of the majority. People see this happening over and over again, feeling helpless while watching their rights being eroded away. They are not organized, have no lobbyists working for them and no money to buy the politicians with – nor should they need any of that! Their representatives have failed them.

    visit website below to continue reading:

    Copyright legislation is out of control

    Zen and the Art of Copyright Legislation

  4. WE WANT TO SHARE with each other. THAT is the POINT!

    SHARING is exactly what the INTERNET is intended for. otherwise, why bother??

    we’ve been brainwashed into a depraved lifestyle of profligate greed and conspicuous consumption… war is peace, ignorance is strength, freedom is slavery, greed is good, sharing is piracy, corporations are ‘people’??

    well to hell with all that inhumane depravity.

    if the greedy corporate parasites can’t figure out an economic model that SUPPORTS SHARING – instead of criminalizing normal human behavior – then too bad for the parasitic middlemen & degenerate profiteers. good riddance i say!

    as one Digg commenter put it:

    “it sucks being a candlestick maker in a electric light world. UNLESS you can ‘get control of the government’ to pass laws to ‘protect candle sticks’ and attack electric lights. that is what the recording industry is doing; paying congress to protect their candle-making whilst attacking the electric light makers and internet users of the world.”

    SHARING is NOT piracy – it is precisely what we SHOULD BE DOING.

    1. What a better way to try and screw everyone over than with a “open standard” by making the clueless think that less is more and then pulling this dick move on the standard definition.

      Got to love that HTML5 snakeoil. Talking about tech that can’t control audio but is already being used to grab what is up for… remember when Steve didn’t “like” flash and flash ads and flash video… well, that was a great innovation wasn’t it, enjoy.

  5. This clearly looks like upper management wanted to have something with that DRM stuff in it, because there’s that piracy thing in the internet one reads about, and the developers cobbled together the minimum solution to make them shut up, because just removing the “save video as” functionality from the browser wouldn’t have yielded such nice diagrams.

    Reading the spec this seems like it’s actually supposed to solve another problem: they want to split authentication from the CDN. Without DRM, when you have a “private” video, the CDN doing the heavy lifting to bring you the content has to know, if you’re authenticated to see it, so the auth server has to tell the CDN, which means more work for the CDN. Using this DRM technique, the CDN just serves the video to anyone, allowing for a simpler, more efficient infrastructure. You’re handed the (tiny) keys if you’re authenticated, which is a simpler solution for the backend.
    This is of course in no way more secure than the current established scheme of using unguessable URLs for the content served by the CDN (the webserver authenticates you and tells you the URL. It’s the same as using a guessable URL and an unguessable key, you can easily circumvent both by sharing the key or the URL…)

  6. I don’t want to see browsers with DRM enabled, but I’m not sure this story is the scandal we’re making out.  No browser maker that doesn’t want to implement DRM is going to do so; no one is going to refrain from implementing DRM just because it’s not in a published standard.  All this move is really saying is that (big surprise) Netflix and Microsoft may include DRM in future products, and they want to coordinate that with open standards so that locked content can degrade more gracefully and consistently in open browsers.

    I actually see it as a positive thing that people are trying to talk about DRM and open standards in the same conversation, rather than inhabiting mutually incompatible universes.  It seems to me like sooner or later this could lead to the logical compromise of “soft” DRM, i.e. content tagged with copyright information but in an open, standard way that doesn’t physically hinder access.

    So, you download a movie from Netflix, and instead of being encrypted it’s simply XORed with the repeated string “(C) 2012 Universal Pictures etc.”  Windows Media Player refuses to play it without a license, while VLC plays it but tells you if you have a license or not.  If someone shares this video, they won’t even bother to remove the “DRM” since it’s so trivial, so further down the line, people who download it as a torrent can pay for it if they want to (possibly through an iTunes Match-type arrangement).  With no secret key involved, it could (unlike existing DRM) be a truly open standard.

    A system like that would address another big contradiction.  On a purely technical level, what companies call “copy protection” looks a great deal like what individuals call “privacy”– except individuals don’t have the option of using DRM or SWAT teams to protect their candid bathtime photos.  “Soft” DRM could work for both, though; when you open CosplayFun2012.mp4 in VLC, it says “this is a private video and Bobtato hasn’t shared it with you; open anyway Y/N?”

    Or maybe I’m just rambling, I dunno.

    1. But this doesn’t need encryption… it would be just as “safe” to attach the license info to the metadata. Encrypting it with a well-known key just adds unnecessary work. But it might matter for legal reasons, like CSS for DVDs: the keys are trivial to guess, but they still continue to encrypt new DVDs because it’s illegal in some jurisdictions to circumvent that…

      1. Yeah, I am basically talking about adding legal metadata instead of encryption.  The reason I suggest XORing that metadata with the data itself is to ensure the metadata isn’t simply dropped by implementors who don’t care about it (as routinely happens during processing of JPEG files, say).  You create a trivially new file format, with the feature that anything implementing it is certain to be able to read the required legal info.

        DRM people want copyright information to be tightly welded to their data (which is both reasonable and easy), and they want any potentially unlicensed use to be physically prevented (which is neither).  If they just dropped that second demand, I think open-standards people would suddenly find it much easier to talk to them– and if the two sides are trying to work together, it brings us closer to that point.

    2. This “soft DRM” is not DRM at all, because there is no restriction/rights involved, just marking the file. It is known as Watermarking. For lots of people (like me) this would work OK, tagging content with info about the seller/buyer but essentially letting people do whatever they want to do with the content they bought. I guess this is not what they intend to do… and it is not what DRM is about, although for lots of people like me it would seem OK, just like saying, “whoever you give or share the content will have a way to know where it came from, but will be able to access and copy it anyway”.

  7.  You hit the nail on the head, but more importantly if the hardware that is implicit in the documentation, that is the DRM device, for example a new motherboard bios standard or mobile processor custom video chip with discreet DRM that this html5 standard hooks into you have a system that 5 years form now becomes the defacto DRM standard that like the HDMI standard flung at us by the Movie industry is always there ready to screw things up with the majority of the public having no idea it’s there.

    1. You don’t really need to look very far into the future: A pretty decent percentage of x86 machines(particularly business models; but not exclusively so) have TPMs on board, right now. And, for all the Trusted Computing Group’s denials, those certainly possess the capabilities needed to be DRM chips. Market rollout isn’t 100%; but the standards are written and the hardware is in the field.

      Most of the little ARM and MIPS media SoCs also have their own little secure video path arrangements(because the odds of selling one that doesn’t to a set top box or Blu-ray player manufacturer are pretty slim indeed), so they should be ready to go, if not now, within a generation or two.

  8. I care that Google is involved. Bye bye Android, time for an Android fork that isn’t controlled by a company that allows media rights barons to delete videos that they don’t own the rights to.

  9. This already exists.

    It’s called MIME types.

    HTML5 is a standard designed for (towards) least ambiguity.

    Encryption/drm are designed for (towards) greatest ambiguity.

    HTML5’s standard, unambiguous method for handling maximal ambiguity: show it the door.

    For every standard, there is someone, somewhere, whose role it is to say “your proposal is outside the ontological sphere of our standard.”.

    Tout Suite, gatekeeper. Tout Suite.

  10. I think it’s clear that it’s time to stop paying those who are screwing us:
    *raspy voice* And I hope your next operating system, is an open source operating system.

  11. “That’s a pretty nice open standard you’ve got there … it would be a shame if something happened to it. Like, say, content providers refusing to support it because it didn’t provide for DRM’d content. And mandating the use of an inferior solution in its place. It would really be too bad if that happened simply because your standard didn’t include a hardware-based anti-copying extension. I’m sure we’d all be heartbroken. Yet it could all be avoided so easily. So why don’t you let me just slip this little extension into your standard, mmmkay? It’s really in everyone’s best interests …”

  12. p.s. I would like to add, the “Don’t do evil” slogan is of value to Google when looking for bright altruistic job seekers, those who care about ethics. But relatively frequently Google does evil. I am talking about Web History and various faux-pas of their CEO. 

    I think Google should establish an internal office with some real powers that makes sure these stupid things don’t happen.  Realistically, all these stupid evil things are not as valuable as being trusted to a search giant that needs smart people. It’s much better for the stockholders to be network neutral.

    The office could be titled variously “Not Evil Czar”, “Better not be Evil, and We’re Serious”, “Golden Rule Checkpoint”, or “Corporate Value Security Board”. Whatever. Maybe it’s too big a job for one office and people should just lose their bonuses or promotions when they come up with something the Internet broadly finds to be Evil. Why not? Everyone at Google ought to know that most of their income is based on flimsy things like banner ads and hoping people like Google. Glass houses and all that. Microsoft is much better at being Evil and has nothing to lose since they suck already.

  13. Or… don’t make a standard that people do not want. It won’t be much of a standard, if people choose to use browsers that do not support it, or websites that do not implement it. It will just be some standard that was created on paper, attempted by a few to basically asset even more control that already exists over media, become wildly unpopular and unused, and eventually die, and be  ridiculed by our future selves.

    It could be used in limited applications such as Netflix, which hardly constitutes the need for a standard, that is just proprietary software (as is the hardware apparently).

  14. The right answer from anyone with a bit of dignity would be “GTFO”. 

    Let the media barons try to build their own little locked-down mini-web, built on DRM’d protocols, hardware spy-chips and locked-down dumbPads using “certified” proprietary cables. 
    We geeks will happily keep working on the open, global infrastructure we’ve already built, thank you very much. Let’s see what people will really pay for, shall we?

Comments are closed.