by Chris Minnick, Ed Tittel

Can Digital Rights Management and the Open Web Coexist?

News Analysis
May 28, 20147 mins
BrowsersConsumer ElectronicsGovernment

The Netflix-backed Encrypted Media Extensions (EME) proposal, and recent revelations that requirements for DRM in HTML5 are confidential, have generated furor among advocates of the Open Web. Let's cut through the hyperbole.

Digital Rights Management (DRM) describes a class of technologies designed to prevent unauthorized copying and playback of digital media. Content providers that favor DRM claim that it’s necessary to prevent copyright infringement. The Electronic Frontier Foundation (EFF) and the Free Software Foundation (FSF) claim that DRM is an anti-competitive practice that more often inconveniences legitimate users of such media.

The fight over openness vs. protection of copyright holders has been a contentious issue for as long as digital media has been around. Owing largely to the Digital Millennium Copyright Act, powerful content creators such as movie studios and television networks currently hold the upper hand.

The DMCA, which became law in the U.S. in 1998, made it illegal to disable DRM systems or to spread information about how to disable them. Groups opposed to DRM claim that it doesn’t work and only gives corporations control over how people can use content, playback devices and computers after they’ve been legitimately purchased.

[ Analysis: U.S. Patent and Trademark Office to Examine DMCA Take-down Process ]

DRM’s main problem: It makes it impossible to let users play digital media and also prevent its reproduction. Even something as crude as pointing a camera at a video playing on a computer screen defeats DRM, and there’s really no way to prevent that. More sophisticated tools for defeating DRM exist, of course — but, thanks to the DMCA, it’s probably illegal for us to tell you about them.

Proponents Say EME Protects Embedded Web Content in HTML5 Era

The latest development in the battle over DRM is a draft W3C standard put forwarded by Netflix, Microsoft and Google called Encrypted Media Extensions. EME describes an application programming interface (API) that lets Web applications interact with content delivery modules. These modules may be built into Web browsers, operating systems, computer firmware or hardware, or they may be distributed separately. Content delivery modules work like plug-ins, such as Adobe Flash and Microsoft Silverlight, to enable specific capabilities in Web browsers. They are distributed and then must be downloaded to render certain content formats for display.

In that they are external to the browser and interact with the browser in a standardized way, content delivery modules actually aren’t that different from browser extensions, or plug-ins. The difference is that they interact with the browser in a specific way for a specific purpose — namely, playback of media that may or may not be encrypted.

According to its sponsors, EME is necessary because the HTML5 video and audio elements, which enable progressive playback in Web browsers without plug-ins, currently lack means to prevent users from downloading, editing, inspecting or copying embedded Web content.

Opponents of DRM argue that, except for content provided through plug-ins, the Web has always been and must always be open. The Web succeeds because users and developers are able to link, share, download, view source and even mash up content. The Web is fundamentally free and open by design to — as the W3C says in its mission statement — make the benefits of the Web “available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location or physical or mental ability.”

[ Related: Mozilla CEO Stumps for Openness on Mobile Web ]

Given this mission, it surprised many when Tim Berners-Lee, the director of the W3C, announced in October 2013 that playback of protected media was “in scope” for the HTML Working Group. Even more surprising, and infuriating to many, was the revelation from Netflix in January 2014 that its requirements for an acceptable DRM module were confidential — leaving the W3C in the position of creating a standard to satisfy requirements that it can’t know.

Recognizing that DRM is a highly contentious issue, the EME standard attempts to distance itself as much as possible from any particular DRM system. Supporters of EME emphasize that it doesn’t actually implement DRM in browsers; it just lets browsers interact with DRM systems without the use of plug-ins. DRM, they argue, is already widely used on the Web.

EME makes DRM more seamless and enables the playback of protected content on devices, such as smartphones and tablets, which don’t support Flash or Silverlight. With Silverlight no longer under active development and Flash no longer available for mobile devices, a more universal Web video playback method is necessary, according to major content providers.

Microsoft Internet Explorer 11 and Google Chrome already support DRM through EME. Chrome supports the Widevine Content Decryption Module, and Microsoft supports its own PlayReady DRM. The Apple Safari browser will likely support EME in the near future. Mozilla has stated its opposition to EME but has recently conceded there will be support for DRM in future Firefox versions anyway, for fear of losing users to other browsers if it doesn’t play along.

Opponents Say EME Will Further Restrict Web Use

DRM opponents call the EME unprecedented, in that its purpose is to limit how people can use the Web. EME, they argue, will open the floodgates to further restrictions — preventing users from viewing Web page source code, from saving images or from inspecting and running JavaScript offline. Some of the results of such “anti-features” would be that virus detection would become nearly impossible, Web developers’ jobs would become more difficult and users would have to give up the ability to choose how and when they access Web content.

[ More: Proposed Encrypted Media Support in HTML5 Sparks DRM Debate ]

As if to demonstrate that the idea of anti-features is no longer off the table, a W3C community group formed last year around the idea of hiding Web application source code. The group serves as a demonstration of just how unpopular the idea is: There’s been close to no discussion within the group, and most (if not all) members are known to be opposed to the founding idea of the group.

Another popular argument in favor of DRM is that Hollywood will pack up and leave the Web if EME (or something similar) isn’t implemented in browsers. However, it’s also been pointed out that Hollywood needs the Web more than the Web needs Hollywood. The fact that the music and software industries have largely given up on DRM points to the possibility (and some would say inevitability) of a solution to the problem of piracy that avoids the use of plugins as well as the “baking in” of DRM into Web browsers.

In the music industry, for example, record labels initially pushed for (and got) DRM in Apple iTunes. However, after Amazon started releasing DRM-free MP3s, every record label eventually dropped DRM on iTunes in 2009. The inconvenience of recording streaming audio, compared with the relatively low price of purchasing music, may be largely what makes DRM-free music viable.

One example that indicates that people will pay for DRM-free video content is comedian Louis C.K.’s tremendous success with selling high-quality, DRM-free video downloads directly on his website. His “Live at the Beacon Theater” video netted more than $1 million from individual $5 downloads. Despite this success, the idea of DRM-free content for higher-value content that has been traditionally distributed using DVDs still worries motion picture studios.

One thing is for certain: The gears of the W3C turn slowly, and they seem to be turning exceptionally slowly for EME. Perhaps a lengthy standardization process can give both sides a chance to work out their differences and come to an agreement. That said, it’s far more likely that a completely different solution will arise in the meantime.