Thereâ€™s an ongoing kerfuffle about DRM (Digital Rights Management) being implemented in browsers and whether the W3C should publish a standard (‘recommendationâ€™) that provides access to DRM content.
In case this goes wider than my usual audience of about a dozen people, I should make clear that:
- I donâ€™t like DRM. It is a silly technical solution that doesnâ€™t actually protect content. The way DRM interacts with laws is also pernicious, in that laws such as Section 1201 of the USâ€™s DMCA make illegal some things that should not be. Personally, I wonâ€™t buy DRM content unless I know how to ‘archive itâ€™ without the DRM. (That doesnâ€™t apply to ephemeral streaming services where you subscribe to a varying collection, I donâ€™t have a problem with that as a deal.)
- My reason for being involved at the W3C is web accessibility, a domain in which Iâ€™m rapidly heading towards 20 years of experience.
I wonâ€™t claim to be a video or DRM expert, but I have followed the arguments about it since the EME work was announced.
The key specification is Encrypted Media Extensions, the main point of which is that EME is an API to a DRM module (which isnâ€™t covered by any W3C spec).
What good is EME?
Given my stated position on DRM, it should be an easy decision to oppose EME, right? Not so fast, you have to consider the alternatives.
There is so much pressure for DRM from ‘rights holdersâ€™, they really wonâ€™t put movies on the web without (the emperorâ€™s new clothes of) DRM. In a branch of reality where EME never happened at the W3C, Flash/Silverlight would still be going, or a similar plugin replacement created.
If Flash were still plodding along providing browsers with a method of doing DRM video, how is that better?
EME was the last nail in Flash's coffin, which is the best outcome for a11y.
Iâ€™ve seen comments saying that the rights-holders wouldnâ€™t turn away 1 billion web users, but they wouldnâ€™t have to. Their video would be available through devices and set-top-boxes (with DRM) to probably 90% of that billion users. I think the browser makers saw that and would rather there were an option for ‘premiumâ€™ video on the web.
Iâ€™ve spoken to people at broadcasters and an online video service and they were clear that DRM was going to happen somehow.
The bottom line is that: On an open platform, you canâ€™t ban something that the content-owners require and (most of) the public want to use.
What are the problems with EME
Cory Doctorow outlined several issues, Iâ€™ll use that numbering with shorter titles:
This is the most concerning issue, which is that security researchers are preventing from finding and reporting issues with the DRM. That research is being prevented by the laws about DRM, rather than EME (the API to the DRM).
There was a large effort to create a covenant to protect security researchers, but no middle ground was found. For the engineering-types who represent companies at the W3C, they would be taking this covenant back to their companyâ€™s lawyers. Those lawyers would then be saying things like “So we have to agree not to sue someone breaking into our technology? I donâ€™t think so.”
I would certainly like to see some compromise there, but it seems unlikely so the question then becomes: Whether to publish the EME spec or not?
The EME spec & implementations actually improves the general situation for accessibility (W3C commentary), as part of the W3C process there were several rounds of accessibility reviews.
Therefore the issue raised is around a new aspect of “automated generation of accessibility metadata”. For example creating a filter to detect flashing content:
Applying such a filter to (say) the entire corpus of videos available to Netflix subscribers who rely on EME to watch their movies would safeguard people with epilepsy
Regardless of DRM, does anyone really expect Netflix to open up their entire corpus of video to anyone? That is not how wide-spread accessibility has worked in a multimedia context. If there were such a tool (which could developed using the
<video> element without DRM), it would have to be Netflix that runs the script and provides the metadata via their player. There is no way they just open up the vaults.
The way that multimedia accessibility (which is an intensive production process) has worked historically is that a solution (e.g. audio description, captions) is either known or created, and then regulators insist that the providers use those solutions. The good thing is that there is a lot of overlap between companies creating the automated / machine-learning processes are the same ones that provide video and/or DRM modules.
Would it be a better world if anyone could run through the entire set of videos on Netflix/iPlayer/Amazon/HBO etc? Yes. But that wouldnâ€™t happen in any branch of reality where those companies exist as profit making entities.
The intrinsic problem for things like applying filters is with the DRM that encrypts the video, not the API to the video in the browser (i.e. the EME spec). What the EME spec does do is protect access to alternative formats, which wouldnâ€™t exist if we were still using plugins.
If you consider the alternative (realistic) possibilities, web accessibility is in a better place with EME.
3. EME essential to new players
I struggle with the logic of this one, I think the crux is:
EMEâ€™s existence turns on the assertion that premium video playback is essential to the success of any web player. It follows that new players will need premium video playback to succeed…
You could argue that access to premium video content is essential to any new web video player (browser?). That content relies on a DRM module so you are beholden to the people providing DRM. The existence of EME should make that process easier, not harder.
To EME, or not to EME?
People seem to think the W3C is creating a spec to put DRM in browsers. This is fundamentally untrue in several senses.
Firstly, the W3C is like a restaurant:
It has a lot of tables, it has a bunch of people paying to be here and discuss at the tables. The W3C at occasions moderates discussions, but thatâ€™s its only impact on the web platform. The people around the tables make the decisions, not the restaurant.
Secondly, the browsers implemented EME several years ago, the standards follow implementations.
DRM in browsers was there before, and it will continue to be, so the question is whether to publish the EME spec.
The world will be a much better place if the laws that enforce DRM are re-written, and I support every effort in that direction at appropriate venues.