Microsoft, Google and Netflix want to add DRM-hooks to W3C HTML5 standard


A proposed anti-copying extension for the W3C's standard for HTML5 has been submitted by representatives of Google, Microsoft and Netflix. The authors take pains to note that this isn't "DRM" — because it doesn't attempt to hide keys and other secrets from the user — but in a mailing list post, they later admitted that this could be "addressed" by running the browser inside a proprietary hardware system that hid everything from the user.

Other WC3 members — including another prominent Googler, Ian Hickson — have called for the withdrawal of the proposal. Hickson called it "unethical." I agree, and would add "disingenuous," too, since the proposal disclaims DRM while clearly being intended to form a critical part of a DRM system.

In an era where browsers are increasingly the system of choice for compromising users' security and privacy, it is nothing short of madness to contemplate adding extensions to HTML standards that contemplate designing devices and software to deliberately hide their workings from users, and to prevent users from seeing what they're doing and changing that behavior if it isn't in their interests.

Writing on Ars Technica, Ryan Paul gives a good blow-by-blow look at the way that this extension is being treated in the W3C:

Mozilla's Robert O'Callahan warned that the pressure to provide DRM in browsers might lead to a situation where major browser vendors and content providers attempt to push forward a suboptimal solution without considering the implications for other major stakeholders.

Some of the discussion surrounding the Encrypted Media proposal seem to validate his concerns. Mozilla's Chris Pearce commented on the issue in a message on the W3C HTML mailing list and asked for additional details to shed light on whether the intended content protection scheme could be supported in an open source application.

"Can you highlight how robust content protection can be implemented in an open source webrowser?" he asked. "How do you guard against an open source web browser simply being patched to write the frames/samples to disk to enable (presumably illegal) redistribution of the protected content?"

Netflix's Mark Watson responded to the message and acknowledged that strong copy protection can't be implemented in an open source Web browser. He deflected the issue by saying that copy protection mechanisms can be implemented in hardware, and that such hardware can be used by open source browsers.

"Unethical" HTML video copy protection proposal draws criticism from W3C reps

(Thanks, Rob!)