March 21, 2013

DRM in HTML5

Stop the Hollyweb! No DRM in HTML5.

Many people have doubts regarding how can possibly be an issue of having DRM on HTML, the foundation language of the entire web. One person in particular had the doubt of "how can it be possible that DRM (closed by its nature) is inserted into a standard?"

I have replied to her about it (in Portuguese), but I think that, with some adaptations and a translation, this text might also have a wider use for those of you trying to understand HTML, standards and DRM. Oh, and don't forget, click on the image in the right to sign a petition against DRM on HTML.

The "short answer"

You should attend to the Document Freedom Day 2013 celebration event nearer to you: they're happening starting today until April all around the world. There, I'm sure, there will be people knowing and willing to explain to you any questions regarding open standards in general and the "DRM in HTML" issue in particular.

The "long answer"

A standard should be considered open if it complies with a number of requisites. Here's the list (taken from this page, that explains each point better):

An Open Standard refers to a format or protocol that is:

  • Subject to full public assessment and use without constraints in a manner equally available to all parties;
  • Without any components or extensions that have dependencies on formats or protocols that do not meet the definition of an Open Standard themselves;
  • Free from legal or technical clauses that limit its utilisation by any party or in any business model;
  • Managed and further developed independently of any single supplier in a process open to the equal participation of competitors and third parties;
  • Available in multiple complete implementations by competing suppliers, or as a complete implementation equally available to all parties.
Unfortunately not every format is an open standard, or, in other words, doesn't comply with the previous points. If the proposal to have DRM on HTML5 is accepted, HTML will stop being an open standard, since it will stop complying with the second requirement of the list.

In more detail: the proposal on the table is called EME (Encrypted Media Extensions). An HTML document can include EMEs, and the specification of EME enables the website to require a certain "Content Decryption Module" (CDM). And here lies the problem: CDMs aren't standards (much less open standards!) and the EME specification doesn't include or refer to any specification of any CDM. In other words: the definition of open standard we just saw isn't complied, because to implement HTML5 we have to implement EME, which has to accept any CDM, which isn't a standard and so we cannot implement.

In other words, with an example: I make a website, and put there a media object (video, for instance) using EME, and I specify in the HTML document that the EME object needs the CDM module (which is a form of DRM) called "OneTwoThree". Now, if you want to see that website, you need a web browser that knows how to undertand HTML5 and EME (both possible since there's the specification), and the browser then needs to get the CDM called "OneTwoThree" (imagine it as being a browser plugin, not unlike Flash) and use it to play the video. The problems are obvious now: what if the CDM only exists for one specific Operating System? What if the CDM isn't free? You know... the thypical problems of a non-open standard format.