Sign in with
Sign up | Sign in

W3C Investigating DRM-Style System for HTML5

By - Source: Wired | B 4 comments

The W3C is looking to build a DRM-type system for protected content delivery through HTML5.

The W3C recently said that its HTML Working Group is exploring a specification for the Encrypted Media Extensions (EME) framework which will allow companies to use their own DRM-laced APIs for web content. The EME proposal doesn't actually add DRM to HTML5, but rather defines a framework for bringing protected media content to the web.

"The API supports use cases ranging from simple clear key decryption to high value video (given an appropriate user agent implementation)," reads the EME working draft. "License/key exchange is controlled by the application, facilitating the development of robust playback applications supporting a range of content decryption and protection technologies."

The EME spec does not define a content protection or Digital Rights Management system, the W3C states. Instead, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems.

"Implementation of Digital Rights Management is not required for compliance with this specification," the draft continues. "Only the simple clear key system is required to be implemented as a common baseline."

One of the big issues surrounding this proposal is that it may be impossible for open source web browsers to implement without relying on closed-source components. There are also "gaping" security flaws that would make it easy to defeat the current defined system. That "shared API aspect" is also a little scary given that it could lead to a wave of plugins like in the old days when different media players were required to watch and listen to content.

HTML WG member Manu Sporny requested that the WG not publish the first working draft, stating that the specification does not solve the problem the authors are trying to solve. It also won't keep pirates from pointing an HD camera at an HDTV and recording what's on the screen.

"In the very worst case, there exist piracy rigs that allow you to point an HD video camera at a HD television and record the video and audio without any sort of DRM," he said. "That’s the DRM-free copy that will end up on Mega or the Pirate Bay. In practice, no DRM system has survived for more than a couple of years."

He was also offended at the wording which insinuates that people consuming media are potential adversaries. "99.999% of people using DRM-based systems to view content are doing it legally," Sporny added. "The folks that are pirating content are not sitting down and viewing the DRM stream, they have acquired a non-DRM stream from somewhere else, like Mega or The Pirate Bay, and are watching that."

Businesses supporting the proposed EME system include Google, Microsoft, Netflix, Adobe, Comcast, NBCUniversal, Nokia, the BBC and several others. In fact, the BBC offered a very lengthy explanation as to why it's supporting the proposal despite the backlash.

"The BBC does not feel that the requirement for content protection on online streaming video will reduce in the foreseeable future," the BBC stated. "Therefore it supports efforts to standardize as many of the mechanisms as possible in order to lower the barriers to entry and bring new solutions to the market. We believe that the Encrypted Media Proposal is a useful first step towards this."

 

Contact Us for News Tips, Corrections and Feedback

Discuss
Display all 4 comments.
This thread is closed for comments
  • 4 Hide
    victorintelr , February 14, 2013 2:45 AM
    Don't know about that. Having to depend on closed sources defeats the purpose of the open source, and besides, having that info won't prevent hackers to tweak it to wreak havoc later.
  • 2 Hide
    mayankleoboy1 , February 14, 2013 3:11 AM
    ^ Closed source DRM.
    And why would the recording companies stream content through HTML5, if it isnt secure ?
  • 1 Hide
    spectrewind , February 14, 2013 5:00 AM
    mayankleoboy1^ Closed source DRM.And why would the recording companies stream content through HTML5, if it isnt secure ?


    They can't. There is exclusivity between these two. htML (markup language) is not the same thing as encryption. MAYBE thru SSL, or TLS, IPSEC?, or whatever ... and maybe through some kind of key infrastructure. The markup itself is insecure; some kind of encapsulation is required beyond HTML (any version that is open, 5 or not) to make it "secure".
  • 1 Hide
    pjmelect , February 14, 2013 10:25 AM
    It will be hacked as soon as it is released, pointless.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter