Stop the Hollyweb! No DRM in HTML5.

Many people have doubts regarding how can possibly be an issue of having DRM on HTML, the foundation language of the entire web. One person in particular had the doubt of "how can it be possible that DRM (closed by its nature) is inserted into a standard?"

I have replied to her about it (in Portuguese), but I think that, with some adaptations and a translation, this text might also have a wider use for those of you trying to understand HTML, standards and DRM. Oh, and don't forget, click on the image in the right to sign a petition against DRM on HTML.

The "short answer"

You should attend to the Document Freedom Day 2013 celebration event nearer to you: they're happening starting today until April all around the world. There, I'm sure, there will be people knowing and willing to explain to you any questions regarding open standards in general and the "DRM in HTML" issue in particular.

The "long answer"

A standard should be considered open if it complies with a number of requisites. Here's the list (taken from this page, that explains each point better):

An Open Standard refers to a format or protocol that is:

  • Subject to full public assessment and use without constraints in a manner equally available to all parties;
  • Without any components or extensions that have dependencies on formats or protocols that do not meet the definition of an Open Standard themselves;
  • Free from legal or technical clauses that limit its utilisation by any party or in any business model;
  • Managed and further developed independently of any single supplier in a process open to the equal participation of competitors and third parties;
  • Available in multiple complete implementations by competing suppliers, or as a complete implementation equally available to all parties.
Unfortunately not every format is an open standard, or, in other words, doesn't comply with the previous points. If the proposal to have DRM on HTML5 is accepted, HTML will stop being an open standard, since it will stop complying with the second requirement of the list.

In more detail: the proposal on the table is called EME (Encrypted Media Extensions). An HTML document can include EMEs, and the specification of EME enables the website to require a certain "Content Decryption Module" (CDM). And here lies the problem: CDMs aren't standards (much less open standards!) and the EME specification doesn't include or refer to any specification of any CDM. In other words: the definition of open standard we just saw isn't complied, because to implement HTML5 we have to implement EME, which has to accept any CDM, which isn't a standard and so we cannot implement.

In other words, with an example: I make a website, and put there a media object (video, for instance) using EME, and I specify in the HTML document that the EME object needs the CDM module (which is a form of DRM) called "OneTwoThree". Now, if you want to see that website, you need a web browser that knows how to undertand HTML5 and EME (both possible since there's the specification), and the browser then needs to get the CDM called "OneTwoThree" (imagine it as being a browser plugin, not unlike Flash) and use it to play the video. The problems are obvious now: what if the CDM only exists for one specific Operating System? What if the CDM isn't free? You know... the thypical problems of a non-open standard format.


  1. I was told that HTML is a language. How can a malicious -not sure its the right word- feature can be implemented in a language ?
    Would EME and CDM always be implemented in HTML5 or just if the code writter wishes to ?

  2. The problem here is that since you don't know how to inderstand the charactes after the "EME" prefix, while that would be a valid English sentence, that would be of no use to you: you still won't be able to understand the sentence by simply using an English dictionary. Of course, I, as the author of the sentence, could have said:

    "I think you are EMEfspoiguxzfsogiyusaafhzfkjzhfdz. If you don't know what I mean, you can buy my CDM book that will explain it to you."

    And now you have two choices: either you are OK with the fact that you aren't able to understand all English-written messages, or you'll be forced into buying my CDM book. And all the other CDMs that anyone can choose to invent.

    And, of course, you are still able to speak english without using the EME prefix or a CDM, but while that's good of you, it doesn't help you much in understanding what everyone else is talking, does it?

    Now, if this whole thing seems absurd to you - it certainly seems to me - is because you are not accustomed with the concept of a non-open language. But there's really no difference between a language and any other format or standard -- and every non-open standard is absurd.

    More info about this at DFD website and its various pages, but I'll gladly continue this conversation if my explanation isn't good enough ;-)

  3. It is good, thank you !
    I haven't read DFD pages about "closed languages", did I miss it ?

    And would those DRM change something for the people writing webpages ?
    I read somewhere (cant find it anymore) that those DRM would mostly aim at restricting copyrighted content, especially video. So you know something about it ?

  4. Sorry for my late late late reply...
    The DFD website talks about what open standards are and what are the dangers of using closed formats, but they don't talk specifically about this issue (at least it didn't, DFD's website keeps evolving so I'm not sure anymore ;-)).
    More info about this issue can be found at https://www.eff.org/deeplinks/2013/10/lowering-your-standards .

  5. Hey Daniel, this is a really amazing post of having DRM on HTML. Thanks for sharing.