HTML Editor Calls HTML5 Video Copy-Protection Proposal ‘Unethical’

A newly proposed web standard could bring DRM to web video.

The Encrypted Media Extensions draft — which is backed by the likes of Google, Microsoft, and Netflix — defines a framework for bringing DRM, or “protected media content” as it’s called in the spec, to a web browser near you.

The proposed standard is controversial to say the least, and has already been dismissed as “unethical” by Ian Hickson, the WHATWG’s HTML spec editor. Hickson goes on to say that the proposal “does not provide robust content protection, so it would not address this use case even if it wasn’t unethical.”

The use case Hickson refers to is solving one of the biggest obstacles to the wider adoption of HTML5 video — it lacks the copy protection mechanisms that media companies are accustomed to having. Currently streaming media services like Netflix and Hulu rely on plugins like Adobe Flash to deliver protected content. While such services might like to abandon Flash in favor of HTML5 video, they are often contractually required to have copy protections in place first.

As it stands, the HTML5 video spec offers no means of adding such protection. The proposed Encrypted Media Extensions standard would not actually define any DRM schemes itself. Rather it would add a new set of API extensions for the HTMLMediaElement which would provide the necessary components for a DRM scheme. The actual content protection would be handled by “an appropriate user agent implementation.” That means technically the actual DRM would not be in the spec, though arguing that the Encrypted Media Extensions doesn’t bring DRM to HTML is roughly the same as saying you didn’t inhale.

An overview of how the proposed Encrypted Media Extensions would work. (Image from W3C)

But there’s a very serious problem with the proposal as it stands — open source browsers. As Mozilla’s Chris Pearce writes on the HTML mailing list, “since the decoded video frames are stored in memory (as are audio samples) so that they can participate in the HTML rendering pipeline, how do you guard against an open source web browser simply being patched to write the frames/samples to disk to enable (presumably illegal) redistribution of the protected content?”

The answer, according to Netflix’s Mark Watson, is that the decryption could be handled at the firmware or hardware level. “If my understanding is correct,” writes Watson, “it’s not unknown for open source products to make use of or even ship with closed source components, such as drivers, for access to platform or device capabilities.”

The Encrypted Media specification is currently a draft proposal, which means it’s a long way from becoming a W3C-blessed standard. It does enjoy the backing of some high-profile W3C members like Google and Microsoft, but with Hickson very adamantly against it and Mozilla unlikely to support it in its current form, it’s not likely to move beyond the draft stage without some serious revisions. That does not, however, mean that pressure to add some sort of DRM to HTML5 video is going to go away any time soon.