DRM in HTML 5

So, What is DRM?

Digital technology has made it very easy to make perfect copies of almost any media at zero cost. And content provides have tried all kinds of technical means to prevent people from illegally copying their copyrighted content, and the blanket term for these techniques is called Digital Rights Management or DRM. But as much as DRM is about protecting the copyright, it is about controlling the media and devices, including the ones which have been legitimately purchased by citizens. For example there have been cases where the DRM restricted people from skipping the advertisement at the beginning of the movie. DRM often restricts people from doing things which they are legitimately allowed to do, like making backup copies and using the other fair use provisions. Therefore FSF and many others like to call DRM as Digital Restrictions Management.

In 2009 Amazon remotely deleted the copies of Animal Farm and Nineteen Eighty Four by George Orwell from the Kindle devices of many users and paid a refund. Amazon revealed that the copies were unauthorized reproductions, but the case was seen as an example of Orwellian censorship and the immense control Amazon has over the devices owned and purchased by you.

There are also considerable privacy risks due to DRM as content providers often track the usage patterns of the user to enforce their restriction.

What’s up with HTML 5 and DRM?

There is an ongoing draft proposal on Encrypted Media Extension (EME) to add a standardized method to play encrypted media in HTML 5. The decryption of the media takes place on user’s computer and decrypted frames will be directly rendered on the browser making it very difficult for the user to download or copy the media being played. Hence EME is effectively a DRM system.

The draft is there from 2013 and has remained controversial from ever since. The arguments at surface level are directly about the issues with DRM where Free Software Foundation (FSF) who takes a very strong anti DRM stand condemned W3C for giving any type of legitimacy to DRM. And of course for the people who don’t have problem with DRM find EME a non issue.

At a deeper level the issue is about the EME specification. W3C defines the behavior and technicalities of a particular HTML tag. All the browsers implements the specification and this ensures that all the web pages look and behave pretty much the same across different browsers. EME specification describes a lot of things about how the extension will exchange the keys from the key server, how the extension will interact with the <video> tag etc, but specification leaves the crucial detail of the how the actual decryption will take place on the implementors and content providers. As I said above the restrictions of DRM are often inbuilt in the hardware or software playing the media. With EME it is quite possible to have media on the web which only runs only on a particular browser on a particular hardware. As EFF said an open standard which is not inter-operable is not an open standard at all.

A more subtle aspect of the debate is that DRM is already there in HTML 5 in form of plugins like Flash and Silverlight, and proponents argue that EME will help the open web by standardizing it and maintaining greater interoperability. But another issue is that DRM has hardly every proved itself to be an effective technique to prevent illegal copying. EME will make it easier for content providers to provide DRMed content and some feel that it will only slow down its impending death.

My personal opinion on the issue is divided. I feel DRM is definitely problematic but I also don’t see its death coming. I feel W3C needs to take a responsible position and nullify the problems with DRM. EFF’s DMCA non-aggression covenant seems like a good way forward. More about the legal aspects of DRM in HTML in the next post.