Standards leader blasts HTML5 video copy protection

Ian Hickson, editor of the HTML standard, declares that a DRM Web video from Microsoft, Google, and Netflix would be unethical and ineffectual.

Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
5 min read
Five browser logos

Microsoft, Google, and Netflix have proposed a standard for copy-protected Web video, but HTML editor Ian Hickson has dealt it a serious blow by calling it impractical and "unethical."

"I believe this proposal is unethical and that we should not pursue it," Hickson said in a mailing list message this week. "The proposal...does not provide robust content protection, so it would not address this use case even if it wasn't unethical," he added.

The Web video DRM debate--and this one isn't the first--shows the difficulties of reconciling open standards with the constraints of the commercial video industry. Expect more tensions as the the video industry tries to capitalize on the pervasiveness of the Web.

Web technologies such as Hypertext Markup Language have progressed rapidly in recent years, and one headline HTML5 feature lets Web pages include streaming video and audio. So far, though, there's no mechanism for digital rights management (DRM), an encryption mechanism that permits only authorized video and audio in an attempt to deter unauthorized copying.

That means companies offering video often resort to browser plug-ins, such as Adobe Systems' Flash Player, that support DRM and copy protection. Indeed, although Adobe has embraced HTML and related Web standards, it also has declared "premium" video to be a Flash Player stronghold.

Relying on a plug-in flies in the face of the movement to leave those plug-ins behind--a movement reinforced by Apple's ban of Flash on iPhones and iPads, Adobe's withdrawal of Flash for mobile devices, and Microsoft's banning of plug-ins for the forthcoming Internet Explorer 10 running in Windows 8's new Metro interface.

Naturally, some Web technology allies would like to accommodate DRM within HTML video, and they've been spurred by the arrival of TV and video companies into the World Wide Web Consortium that standardizes HTML.

Thus, Google, Netflix, and Microsoft published their Encrypted Media Extensions proposal on Tuesday and announced it on a W3C mailing list.

"Many content providers and application developers have said they can't use <audio> and <video> because HTML lacks robust content protection. Without this functionality, they cannot move their apps to the Web platform," Microsoft's Adrian Bateman, Google's David Dorwin, and Netflix's Mark Watson said in their mailing list announcement.

The proposed standard itself leaves much of the DRM details to a Web site's JavaScript code rather than to the browser itself. The proposal describes the technology thus:

This proposal extends HTMLMediaElement to enable playback of protected content. The proposed API [application programming interface] supports use cases ranging from simple clear-key decryption to high-value video (given an appropriate user agent [browser] implementation). License/key exchange is controlled by the application [the Web site software running in the browser], facilitating the development of robust playback applications supporting a range of content decryption and protection technologies. No "DRM" is added to the HTML5 specification, and only simple clear-key decryption is required as a common baseline.

A Web-based Netflix or Hulu application would be convenient for watching streaming video on a wide range of browser-enabled devices and would essentially free the technology from hardware constraints, said Bateman, Dorwin, and Watson. "Many consumer electronics are taking advantage of HTML for both video playback and user interfaces, yet their content protection solutions are typically tied to the device," they said.

Google, Microsoft, and Netflix propose adding DRM to HTML video, though much of the technology would take place at a higher level than HTML itself.
Google, Microsoft, and Netflix propose adding DRM to HTML video, though much of the technology would take place at a higher level than HTML itself. W3C

But Hickson is staunchly opposed.

Hickson, aka Hixie, doesn't have veto power, but he is a strong force in the Web standards world. While working for browser maker Opera, he helped shepherd HTML during the dark years when the W3C had left it for dead. Now Google employs him, although his opposition to a Google-backed proposal demonstrates his independence.

Indeed, the present work on DRM and HTML video is taking place despite an earlier manifestation of Hickson's anti-DRM stance. In 2010, he marked a request to support DRM with HTML video as "won't fix." Hickson detailed his HTML video DRM objections with the rationale that "DRM is evil." He also raised a number of more technical and practical objections.

In an interview with CNET, he detailed his opposition:

Any technology whose exclusive goal is to stop users from being able to make use of the content they have purchased is, in my opinion, unethical.

DRM takes away users' rights. For example, if I buy a TV show and want to criticise a scene from the show it on my blog, but the TV show is DRMed, how do I extract the scene, as I'm supposed to be able to per my Fair Use rights? How do I use DRMed content for the purpose of parody if it is DRMed? How do I watch DRMed content that I bought on one device on another device? How do I watch DRMed content that I bought, after the company providing the DRM servers goes bankrupt and shuts them down? These are all rights I have, yet DRM prevents me from exercising them.

Instead, he recommended a different mechanism for copy protection: copyright law.

"All video is copy-protected, by copyright law and the courts. If the laws and the courts are sufficient to protect us against guns, why on Earth would they not be sufficient to protect us against people violating copyrights?" he asked. "There's no need for technology to 'protect' content."

Indeed, right now just such an effort is going on with the MegaUpload site. New Zealand authorities apprehended founder Kim DotCom (now released on bail), and the United States wants to extradite him to face charges of criminal copyright violations, racketeering, and money laundering.

Finally, Hickson said that the HTML video DRM proposal is, in effect, plug-ins all over again.

"The DRM proposal is just a plug-in platform in disguise. You still have proprietary plug-ins, it's just that the DRM proposal calls them 'CDMs,'" or content decryption modules, he said. "It defeats the entire point of HTML <video>."

Hickson isn't the only objector. Maciej Stachowiak, an Apple employee who's another influential Web standards developer, raised practical concerns in 2010 about Web video DRM.

"I understand the desire of some content providers to have DRM. But I think DRM, by nature, cannot be specified by an open standard. Openly publishing DRM format information allows it to be trivially broken, as you cannot obfuscate what you are doing when there is a published specification for it," Stachowiak said. "This is why existing DRM schemes involve secret information about how the DRM mechanism works."

But given the tremendous success of the Web and the power of the video industry, don't expect the naysayers to have the last word.

DRM has a long history of being cracked so that everything from video games to movies are available through back channels that the video industry despises. But DRM advocates show no signs of giving up.