NO to DRM in HTML and broken audio/video

Feb. 16, 2013

The W3C is taking input from Netflix, Microsoft, Google, Apple and BBC to add DRM to HTML. This is a really bad idea on so many levels it's hard to pick any one aspect to start.

What is DRM?

DRM stands for Digital Restrictions Management (its proponents would have you believe Restrictions stands for Rights, which is misleading) and it is a way for a supplier of content (and the software that plays it) to restrict what you (the user) can do with that content.

Wait, isn't that news from last year?

Unfortunately no, last year the proposal to add DRM to HTML has already been shot down. Yet this year here it comes again.

Make video and audio work first please

Representatives from Microsoft, Google, Apple and Netflix have claimed that adding DRM to HTML would promote HTML5 audio/video adoption. This is a seriously deluded and cynical argument.

Video and Audio in HTML5 is broken. There is no common set of codecs that works on all browsers. As of the time of this writing.

Video support is broken

There is *NO* single video codec that would work.

BrowserTheoraH.264VP8 (WebM)
Google Chrome Yes Yes Yes
Mozilla Firefox Yes No Yes
MS Internet Explorer No Yes No
Apple Safari No Yes No
Opera Yes No Yes

Audio support is broken

There is *NO* single audio codec that would work.

BrowserOggWav PCMMP3AACWebMOpus
Chrome Yes Yes Yes Yes Yes No
Firefox Yes Yes No No Yes Yes
Internet Explorer No No Yes Yes No No
Safari No Yes Yes Yes No No
Opera Yes Yes No No Yes Yes

If care to promote HTML5 audio/video then fixing this serious issue first would be an absolute priority before you even think about adding DRM to the mess.

My suggestion to Microsoft, Google and Apple is: Fix this first.

DRM will compromise your privacy and security

In order to implement the DRM the proprietary runtime that will have to be introduced demands low level access to your computer. You are expected to trust a piece of software written by the music industry. This alone is a serious issue.

Compounding this issue is that the way that DRM has to work, it will make it possible to uniquely identify you on the web (think cookies and fingerprinting on steroids).

What is even worse since DRM enjoy ridiculous legal protection in itself (DMCA & Co.) you will not be legally allowed to restrict what the DRM can do. You will not be allowed to wipe your uniquely identifying information from the DRM runtime.

The DRM proponents (Google, Netflix, BBC, Apple and Microsoft) have already decided to sacrifice your right to privacy and your computers security on the altar of "bigger business interests" and to force this on you if you want it or not.

Do Users want DRM?

Is DRM actually something users want? The answer is no. No user on the face of this earth cares about getting his content with DRM. It does not add any value to what a user gets, but it takes value away from him.

Does the industry want DRM?

The resounding answer is NO

„Convincing them (the music industry) to license their music to Apple and others DRM-free will create a truly interoperable music marketplace. Apple will embrace this wholeheartedly.“
Steve Jobs, CEO of Apple, February 6th 2006
„DRM causes too much pain for legitmate buyers. There are huge problems with DRM. People should just buy a cd and rip it. You are legal then.“
Bill Gates, Chairman of Microsoft, December 14th 2006
„We believe that offering consumers the opportunity to buy higher quality tracks and listen to them on the device or platform of their choice will boost sales of digital music.“
Eric Nicoli, CEO of EMI, April 2nd 2007
„Universal Music Group is committed to exploring new ways to expand the availability of our artists' music online, while offering consumers the most choice in how and where they purchase and enjoy our music“
Doug Morris, CEO of UMG, August 10th 2007

December 2007, Warner Music starts selling their music DRM free.

„I believe this proposal (DRM) is unethical and that we should not pursue it.“
Ian Hickson, W3C HTML5 Editor, February 21th 2012
„I agree with Robin; I don't know anyone who 'likes' DRM -- it's a pain in the neck for everyone concerned.“
David Singer, Apple Multimedia Software Standards, February 12th 2013
„Most television programmes are only viewed once by their audience": that being the case there is simply no need to apply DRM.“

DRM is another Security Risk

The DRM that a browser would have to talk to could not be provided as open source. Since it relies on obfuscation, anybody could easily figure out how it works and the content industry can't have that.

A proprietary runtime will have to be introduced, and the content industry argues that this would be "vetted" by browser vendors and all would be quite secure indeed.

This argument is bogus. audio codecs, video codecs, image decoding software and video drivers to which browsers routinely talk, they have all been subject to security exploits. If those pieces of software are open source, they are intensely scrutinized for security holes. Yet security exploits continue to emerge, mainly in proprietary software that browsers talk to, such as vulnerabilities in flash, silverlight, java by oracle, video drivers by Nvidia and Apple, etc.

Not being able to subject the source code to public scrutiny and analysis makes these proprietary DRM runtimes another huge security risk.

So if nobody wants DRM why again do we add it to HTML?

If you listen to public discourse you'd think it was long decided that DRM was dead, nearly a decade ago. So why does it come up again?

The BBC and Netflix provide the answer to that puzzling question:

„ For example, many television programmes themselves contain music tracks which must be licensed from other rights holders.

Because of this, the producer of an audio-visual work is very rarely in sole control of for how long and where they can distribute it, but will need to abide by limited licences in order to obtain value for money.“

In other words, the music industry is pushing DRM for HTML. Can we confirm this? Yes we can.

„DRM is one of the things that make it possible for Netflix and others to obtain licenses to distribute content over the Internet. Content protection is a very significant requirement in the contracts with studios and others who license content to us. It's certainly not something we impose on them.“
Mark Watson, Netflix, February 12th 2013

There you have it, right out of the horses mouth. Netflix like the BBC is being coerced by the content industry to add DRM to HTML.

In conclusion

The music and movie industry is once again trying to subvert the open internet. It is doing so by proxy of Netflix, BBC, Google, Microsoft and Apple. I would like to urge everybody to resist this vehemently.

But why in HTML?

Netflix, BBC etc. would be free to develop a DRM plugin using existing browser plugin APIs. They don't want to do that however, ostensibly claiming that a "standard would be better". This is nonsense of course. The content industry does not want another plugin because they would have to convince users to install it which is of course difficult to do since it adds no benefit whatsoever for the user. So instead the content industry has hatched a plan to convince browser vendors to do it for them, bypassing user consent. You are gonna get DRM with your browser if you want it or not.