If you haven't heard of it, EME, or Encrypted Media Extensions, could be a part of the W3C specification that would allow a website to control a visitors web browser. The goal would be to restrict access to content, this ranges from restricting the user's ability to record the file to their computer's memory to disabling functions such as "pause" from the browser's media player. The main goal being to satisfy media corporation's requirements to technically restrict usage of their content.

In short, it's a mechanism to allow DRM (Digital Restriction Management) to operate within standard HTML, I believe this should have no place within the works of the W3C standard. Indeed it seems to be incompatible with their own principles.

The Goals of EME

The goals of EME are to provide a standardised mechanism for a website to control the way a user views/hears/reads content.

This brings nothing constructive or beneficial to the users of the web nor to most websites. I speculate that EME only supports the interests of companies who wish to restrict their users as the technology may not be usable without a budget.

A clarification is needed, EME is in the spec, CDM (Content Decryption Module) is not. EME shouldn't require non-free software, however EME is useless without a CDM. The CDM contains the decryption key and software designed to control the user's browser, there will never be an implementation of EME without a CDM.

Although a CDM may technically be open source, such a CDM will never be used in production, it would be broken from the start. Its only purpose would be for testing.

EME is the loophole that makes CDM a standard without it being one.

In short, EME is only useful with a CDM, the CDM is only useful if it contains non-free compiled code that can control the user. So if EME becomes a standard, so does the use of CDMs.

The notion of "Premium" content

The use of the term "premium" as justification for Digital Restrictions is highly cringeworthy.

The real value of any content is relative and subjective, especially for entertainment. We should refuse any W3C standard that suggests different classes of content and that first class content makes DRM reasonable enough to include it in the spec for the open web. If DRM should be supported by the W3C it should be supported for all content, not only those of the media giants. A first step would be to no longer use the term "premium" to distinguish a superior class of content.

The Absence of DRM is Bad for the Internet

People actually say this. Without DRM the Internet would suffer the loss of services such as Netflix and that would be a fatal blow to the web and people will stop using computers and turn to Paganism.

Netflix, Microsoft, Google and other EME proponents need EME/DRM in the W3C spec because they cannot rely on non-standardised solutions such as Flash and Silverlight to deliver restricted content to all web browsers. EME would help insure that every browser can be their customer.

If they can't have it, they will figure out another solution. Either way, they have no plans of leaving the web and if they did it would be their loss. In reality they are asking the W3C to reduce their costs and make sure their businesses can reach all their customers.

Imagine If EME/CDM (DRM) existed back in the olden days of the web (when people tried to disable right clicking), what would the Internet be like today ?

Trust goes Both Ways

These restrictions mainly interest companies that distribute content to authenticated and paying users over an encrypted connection (HTTPS). This means that the only reason they would require DRM is that they do not trust their legitimate customers.

Why should users trust companies with control over their browser as a condition for a service ? There are many reasons not to, here's just a few:

• Sony BMG copy protection rootkit scandal
• Amazon Erases Orwell Books From Kindle
• Outlawed by Amazon DRM
• Hacker Claims Ubisoft "Uplay" DRM Is A Rootkit And Poses Security Risk

Media companies, and any other company, should never be granted control over their client's computer. EME in HTML means the W3 thinks otherwise.

All Your Base are Belong to Comodo

A browser that implements the W3C specifications may include a set of CDMs, a bit like with Root Authority certificates. The big difference in this comparison is that the CDMs contain non-free code that may control the user's browser.

The user does not know of these 3rd parties. If things go along as with certificates this will render every user of the "standard set of CDMs" vulnerable to compromised and/or malicious (or submissive) CDMs. Even though CDMs are not part of the W3 spec they would appear to the average user as having the blessing of the W3 as the spec would have reserved a spot for them.

Having EME in the spec encourages users to trust CDM vendors to install their explicitly "non-free and designed to control" software, this can and should be considered a real security flaw. Anyone who compares this with Flash or Silverlight is completely missing the point, they don't have the W3C approval and they aren't part of the open web standards.

I suspect this will also encourage certain Free Software / Open Source browsers to distribute their software bundled with non-free code (CDMs) which brings me to the next point.

Accessibility

While EME could be implemented on an open source browser, making any use of it would require non-free software via CDMs (plugins/addons). EME in reality would not offer any functionality on Free Software / Open Source platforms, this part of the spec is not accessible to certain users. Perhaps some Free browsers might even omit support for EME rendering their browsers "not fully compliant".

I also wonder about issues with mainstream Free Software, like Firefox for example. The Firefox download page tries to make things insanely simple for its users, you can't even find a link to the source code, let alone the 64bit version. What do you think their download link would be if EME becomes a standard ? They would have to make a tough choice, either let their users download CDM packs separately or bundle Firefox with the CDMs, in both cases they would lose a few users.

In that sense, EME in the W3C spec promotes the end of the fully open source web browser. Either that or it promotes Schism 2.0.

Another question I have is Who will be able to use a CDM ?. This remains a bit blurry for now, however I think for it to be a W3C standard is must be something that is technically possible to implement without requiring a 3rd party. If a 3rd is mandatory then it would exclude some from using EME, either because they haven't the monetary budget or because they are denied service by available vendors. Also, publishing content using EME should be possible without the use of non-free software.

From W3C » Standards » Browsers and Authoring Tools: We should be able to publish regardless of the software we use

DRM is Broken

As a person who has been around long enough to see attempts to implement DRM constantly break, I don't believe that this time it will work. If private entities wish to pursue their endless quest for user restriction they should probably do so outside the scope of "open standards".

The counter argument is that EME/CDM is not going to be 100% effective but will be difficult and/or inconvenient to bypass for most users. So we all agree it's already broken, we will have to wait to see how much of an inconvenience it really is.

That said, why should the W3C work on something defective by design ?

Trojan Horse 2.0

The EME spec was initiated by Google, Microsoft and Netflix and they are very present to defend DRM on the W3's various mailing lists, including the one created to discuss the legitimacy of the EME/CDM, Restricted Media. Many of the arguments for DRM have little to do with good reasons to include it in the W3C specs, it's mostly about Hollywood requirements for their "premium" content, and replacing Flash with something harder to get rid of.

I don't oppose companies developing and promoting an open standard that serves their private purposes, I just don't think it's in the interests of the open, accessible and shareable web and hence has no place within the W3C. By progressing the status of EME the W3C appears to be supporting corporate requests even though they contradict the W3's goals, they are, excluding Free Software from the W3's web and putting the content producer in control of the user. Well, at least the content producers that can afford to use a CDM.

Not to mention the potential trojan horse that could/would be the CDMs. EME could really re-define what "The Open Web" means.

Something to Sign

If for any reason you agree that DRM technologies should not be actively supported by the W3C then please do sign this petition.

Further Reading

Here are a few links from others with other views (pro or con):

• What I wish Tim Berners-Lee understood about DRM
• DRM in HTML5 - Interesting points by someone who's worked on DRM systems
• DRM at the W3C? Not such a Bad Idea. - This article defends the idea of DRM, but completely misses the point of "DRM at the W3C".
• The W3C's Soul at Stake - by RMS
• DRM in HTML5 is a victory for the open Web, not a defeat - The author doesn't understand that CDMs will be exactly like plugins, to support a platform the CDMs must be compiled for every platform they wish to support.
• FreedomHTML - FreedomHTML is an initiative to develop and maintain a profile of HTML5 that is aligned with freedom principles and in particular the need to protect the fundamental rights of Internet users.

Click here to sign the Defective By Design petition

The discussion about implement DRM in HTML has been ongoing on the W3C mailing lists for a while now. Sometimes it seems more of a flame war than others. Companies like Netflix, Microsoft and even Google are trying to push for a standard that would allow the content distributors to control the user's usage of the delivered content.

It's called Encrypted Media Extensions and it says this: This proposal extends HTMLMediaElement providing APIs to control playback of protected content.. They would like to have a standard method for controlling your usage of their content. This means things like restricting users from even being able to pause a video, fast forward/rewind and of course restricting users from recording the content to disk.

I don't see how it would be possible for a user to have a 100% Free and/or Open Source browser that can access a video but yet restrict the user from doing certain things. Or the browser could be Free but then the user would have to install some proprietary piece that will work with the HTML spec to then restrict themselves.

Currently these things are done via non-free plugins such as Flash or Silverlight, maybe also with Java but you really have to be made of hate to make a restricted video player in Java.

The problem that the "content" industry has is that these proprietary plugins are dying, they are limited in adoption, function and they are not optimised for performance. They are a pain in the class (programming joke, sorry). Hence the dream of making DRM part of the standard.

Anyway, I don't see why such a specification should be part of W3C's standard. Those that want to restrict the usage of user's computers could simply get together and create a communal plugin, like Flash or Silverlight, but better and standardised, if they want, even open-source. But in the HTML spec, there should be no effort made to help people restrict users. That's not the point.

Please sign the petition by Defective By Design against DRM in HTML. Indeed, this is defective by design, in so many ways.

Today I wanted to copy paste something from a PDF file, because you know, technology and all that. To my surprise the option to copy as replaced with Copy forbidden by DRM message.

I found that Okular's obedience to DRM is an option that the user can uncheck.

All you need to do is uncheck "Obey DRM limitations"

What's also interesting is the thread okular: Arbitrarily enforces DRM on the debian-devel mailing list. I tend to agree that having this option active as a default makes no sense, actually, simply having such an option makes no sense.

Why would anyone want their computer to deny themselves the possibility to copy text from a file ? Is the goal to push people to develop faster and more precise typing skills or does someone actually think that such an option has an actual beneficial purpose to humanity ? Maybe right clicking is bad for your health and fake DRM wants to help ?

Some defend this saying that in a corporate environment blah blah blah... don't care. If you don't want your employees/co-workers or whatever to be able to copy paste text from a PDF don't send it to them.

Tomorrow, May 4th 2012, will be Day Against DRM. Take a moment to reflect on the devices you perhaps use that may infringe on your digital Freedoms.

The short version is, many digital devices and software are designed to restrict the usage you can make of them. In some cases it is the device itself, in other cases it is the files you may purchase. For example, some e-books or films (movies) are sold in a way that do not allow you to use them in certain ways. There is even the incredible example of Amazon remotely deactivating the book 1984 from their Swindles (or Kindles ?).

Another interesting anecdote is South Korea's ministry of defense, they have decided to ban usage of Apple's Iphone because it is so restrictive that they cannot even guarantee the device is not recording them and sending data over wifi. The device is not under their control.

Visit the Day Against DRM website to learn more. See what you can do tomorrow, and after tomorrow.

Louis CK has been distributing his latest show directly himself without any distribution thieves such as I-Tunes and the like. The video is available as a download and this without any DRM attached !

Check out the little note to torrent users (bottom of the page), it's honest at the least.

In any case he's made a lot more money then he had imagined, in just 2 weeks over a million dollars.. at 5$ a copy (not too expensive for most people). Not bad. I don't know this guy (yet), but he seems decent as over 25% of that will go to charities. Click here for more details on the spending.

Humble Bundle is back and it's cooler than ever (because it's frozen). The idea is:

• Pay what you want
• Support charity
• DRM free

The really cool part is that it will run on the operating system that reasonable people prefer, GNU/Linux. The games will also run on the gaming OS, Windows and the show off OS, MacOS.

Go get your copies at Humblebundle.com. Also note, just like last time, it seems that GNU/Linux users are far more generous than the users of other operating systems... .. .

There is something called the The Humble Indie Bundle #2 where you can buy a few video games for whatever price you want. These games work on MacOS, GNU/Linux and Windows, and do not have DRM though they are not Free.

Interestingly the sales statistics show that on average the GNU/Linux user will offer over two times as much of their money for the bundle.

Screenshot taken today, prices may vary with time as there are 4 more days to go.