"Unethical" HTML video copy protection proposal draws criticism from W3C reps

[nsane.forums]

A proposal to put HTML video behind bars is making FIrefox sad

A new Web standard proposal authored by Google, Microsoft, and Netflix seeks to bring copy protection mechanisms to the Web. The Encrypted Media Extensions draft defines a framework for enabling the playback of protected media content in the Web browser. The proposal is controversial and has raised concern among some parties that are participating in the standards process.

In a discussion on the W3C HTML mailing list, critics questioned whether the proposed framework would really provide the level of security demanded by content providers. Mozilla asked for clarification from the authors about whether it would be possible to implement the proposal in an open source Web browser. Google's Ian Hickson, the WHATWG HTML specification editor, called the Encrypted Media proposal "unethical" and said that it wouldn't even fulfill the necessary technical requirements.

"I believe this proposal is unethical and that we should not pursue it," he wrote in response to a message that Microsoft's Adrian Bateman posted on the mailing list about the draft. "The proposal above does not provide robust content protection, so it would not address this use case even if it wasn't unethical."

The aim of the proposal is not to mandate a complete DRM platform, but to provide the necessary components for a generic key-based content decryption system. It is designed to work with pluggable modules that implement the actual decryption mechanisms. The proposal specifies a new set of API extensions for HTMLMediaElement, the interface that defines the specialized properties and JavaScript methods that are available on HTML audio and video elements.

Copy protection is one of the issues that we discussed last year when we wrote about the future of video on the Web in a post-flash world. Major streaming video services, such as Netflix, are eager to abandon plugins in favor of standards-based HTML5 video, but they have been held back by the lack of support for robust DRM mechanisms, which they need to use in order to fulfill their contractual obligations to the content providers.

Mozilla's Robert O'Callahan warned that the pressure to provide DRM in browsers might lead to a situation where major browser vendors and content providers attempt to push forward a suboptimal solution without considering the implications for other major stakeholders.

Some of the discussion surrounding the Encrypted Media proposal seems to validate his concerns. Mozilla's Chris Pearce commented on the issue in a message on the W3C HTML mailing list and asked for additional details to shed light on whether the intended content protection scheme could be supported in an open source application.

"Can you highlight how robust content protection can be implemented in an open source web browser?" he asked. "How do you guard against an open source web browser simply being patched to write the frames/samples to disk to enable (presumably illegal) redistribution of the protected content?"

Netflix's Mark Watson responded to the message and acknowledged that strong copy protection can't be implemented in an open source Web browser. He deflected the issue by saying that copy protection mechanisms can be implemented in hardware, and that such hardware can be used by open source browsers.

"There exist many devices with content protection mechanisms of various sorts baked into their firmware/hardware. Open source software could make use of such capabilities in just the same way as it makes use of other hardware capabilities," he wrote. "If my understanding is correct, it's not unknown for open source products to make use of or even ship with closed source components, such as drivers, for access to platform or device capabilities."

This would potentially address the issue on mobile and embedded devices with the relevant hardware capabilities, but it's not clear what it means on the desktop. This response is unlikely to satisfy Mozilla or diminish the organization's concerns.

The Encrypted Media specification is currently a draft-stage proposal. It is backed by several major stakeholders, but it doesn't appear to be gathering the momentum it needs to gain broader support. The requirement for DRM on streaming video isn't likely to go away, however. If consensus can't be reached and no better approach emerges, there is a risk that some browser vendors will simply implement their own solutions outside of the standards process.

View: Original Article

[DKT27]

Microsoft, Google and Netflix are trying to bring DRM to HTML5

The three companies have proposed a new HTML5 API for copy-protected delivery of multimedia digital contents. The proposal is up for discussion at the moment, but so far, things are not looking good for the backers.

Did you ask for DRM “improvements” in HTML5, the seemingly all-capable “standard of the future” for everything is (cloud) computing, entertainment and networking? No? Well, you will get that, eventually: engineers from Microsoft, Google and Netflix have just proposed a new API extension for the aforementioned web standard, with the intent of fostering the rise of protected contents delivered via simple HTML code.

David Dorwin (Google), Adrian Bateman (Microsoft) and Mark Watson (Netflix) have submitted the Encrypted Media Extensions v0.1 draft proposal to the World Wide Web Consortium (W3C), seeking to “extend HTMLMediaElement to enable playback of protected content”.

The three engineers explain that the proposal isn’t a new “DRM scheme for HTML5” at all, just the base code for a generic contents decryption system that will work with additional “modules” to implement the proper decryption mechanisms.

The new draft supporters would like to gain interest within the W3C and make their project flourish, but the initial reactions from the people involved in web standard development are all but promising in that regard. “I believe this proposal is unethical and that we should not pursue it”, said Ian Hickson of Google, highlighting how the draft “does not provide robust content protection, so it would not address this use case even if it wasn’t unethical”.

Even among Google people, as it seems, a “DRM for the web” proposal made (among the others) by a Google engineer isn’t that popular. Criticism on the EME draft comes also from Mozilla’s Robert O’Callahan, who asked how such a “standard” copy protection system could be implemented effectively within an open source browser like Mozilla Firefox.

“How do you guard against an open source web browser simply being patched to write the frames/samples to disk to enable (presumably illegal) redistribution of the protected content?”, O’Callahan asked. The answer came from Mark Watson (Netflix) and involved using hardware-based copy protection systems: in this way, maybe using some Palladium-baked obscure voodoo magic, even an open source browser could “benefit” from the new HTML5 copy protection scheme.

:view: View: Original Article

[Bucic]

Is it the case that just this proposal is bad or the whole idea of including a possibility to enable DRM for certain HTML5 content?