The W3C recently said that its HTML Working Group is exploring a specification for the Encrypted Media Extensions (EME) framework which will allow companies to use their own DRM-laced APIs for web content. The EME proposal doesn't actually add DRM to HTML5, but rather defines a framework for bringing protected media content to the web.
"The API supports use cases ranging from simple clear key decryption to high value video (given an appropriate user agent implementation)," reads the EME working draft. "License/key exchange is controlled by the application, facilitating the development of robust playback applications supporting a range of content decryption and protection technologies."
The EME spec does not define a content protection or Digital Rights Management system, the W3C states. Instead, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems.
"Implementation of Digital Rights Management is not required for compliance with this specification," the draft continues. "Only the simple clear key system is required to be implemented as a common baseline."
One of the big issues surrounding this proposal is that it may be impossible for open source web browsers to implement without relying on closed-source components. There are also "gaping" security flaws that would make it easy to defeat the current defined system. That "shared API aspect" is also a little scary given that it could lead to a wave of plugins like in the old days when different media players were required to watch and listen to content.
HTML WG member Manu Sporny requested that the WG not publish the first working draft, stating that the specification does not solve the problem the authors are trying to solve. It also won't keep pirates from pointing an HD camera at an HDTV and recording what's on the screen.
"In the very worst case, there exist piracy rigs that allow you to point an HD video camera at a HD television and record the video and audio without any sort of DRM," he said. "That’s the DRM-free copy that will end up on Mega or the Pirate Bay. In practice, no DRM system has survived for more than a couple of years."
He was also offended at the wording which insinuates that people consuming media are potential adversaries. "99.999% of people using DRM-based systems to view content are doing it legally," Sporny added. "The folks that are pirating content are not sitting down and viewing the DRM stream, they have acquired a non-DRM stream from somewhere else, like Mega or The Pirate Bay, and are watching that."
Businesses supporting the proposed EME system include Google, Microsoft, Netflix, Adobe, Comcast, NBCUniversal, Nokia, the BBC and several others. In fact, the BBC offered a very lengthy explanation as to why it's supporting the proposal despite the backlash.
"The BBC does not feel that the requirement for content protection on online streaming video will reduce in the foreseeable future," the BBC stated. "Therefore it supports efforts to standardize as many of the mechanisms as possible in order to lower the barriers to entry and bring new solutions to the market. We believe that the Encrypted Media Proposal is a useful first step towards this."