Firefox to incorporate DRM (reluctantly)

Douglas Crawford

Douglas Crawford

May 16, 2014

The World Wide Consortium (W3C) led by Sir Tim Berners Lee has given in to pressure from Hollywood, and agreed to incorporate DRM into the next version of HTML5. Widely regarded as terrible news among open internet activists, a double-blow was dealt when open-source browser outfit Mozilla announced (very unhappily) that it would tow the line and add DRM to Firefox.

Mozilla said that it had ‘little choice’, as failure to incorporate DRM would result in it being left behind as users shifted to browsers that could play protected content,

‘People want to watch video, including movies and TV shows.   Browsers must provide the ability to watch video or the browser becomes less and less the tool users need. A number of content owners (in particular film and TV studios) require technical mechanisms to reduce the ways in which people can use that content, such as preventing people from making copies.  This technical mechanism is generally called “DRM” for “digital rights management.”  Browsers must implement DRM in a way that makes the content owners comfortable.  Otherwise they won’t allow their content to be viewed through that browser.

The Electronic Frontier Foundation (EFF) has been particularly damning of this decision by an organisation committed to open standards and open source, particularly as ‘due to the architecture of the W3C EME specification we are forced to utilize a proprietary closed-source CDM as well’. It argues that,

Baker (CEO of Mozilla) may think that Mozilla cannot change the industry on its own (despite it having done so many years ago). Sadly, it changes the industry by accepting DRM. It is these repeated compromises to the needs of DRM advocates by tech company after tech company that are changing the nature of personal computing, transforming it into a sector that is dominated by established interests and produces locked-down devices, monitored and managed by everyone but their users.

Past experience has shown that standing up to DRM and calling it out does have an effect. As we have said to the W3C, and Cory Doctorow spells out to Mozilla in this Guardian article, we can do much more to fight the negative consequences of DRM than simply attempt to mitigate the damage of its adoption.

We have always admired the cut of EFF’s jib, and are certainly behind its stand against Hollywood copyright bullies, but in this case it may be being a little unfair to Mozilla. Not only are Mozilla’s concerns about staying relevant to users legitimate, but the way in which it intends to implement the DRM is intended to provide users with as much transparency and control as possible.

For a start, DRM implementation is strictly opt-in – all users will be given a choice whether or not they wish to activate it, and if activated, the ‘CDM’ module will be completely sandboxed away from the rest of Firefox. This means that, unlike the implementation used by other browsers, the DRM system in Firefox will not be able to collect data from, or uniquely fingerprint, the browser or user,

This sandbox-generated unique identifier allows the CDM to bind content to a single device as the content industry insists on, but it does so without revealing additional information about the user or the user’s device. In addition, we vary this unique identifier per site (each site is presented a different device identifier) to make it more difficult to track users across sites with this identifier.’


Mozilla should also be commended for resolutely refusing to soften what ‘EME’ and ‘CMD’ really are,

The new version of DRM uses the acronyms “EME” and “CDM.” At Mozilla we think this new implementation contains the same deep flaws as the old system. It doesn’t strike the correct balance between protecting individual people and protecting digital content. The content providers require that a key part of the system be closed source, something that goes against Mozilla’s fundamental approach.’

All that said however, and despite Mozilla’s admirable attempts to minimise the harm such DRM brings, the EFF is probably right in arguing that Mozilla could have done more to push back against the entrainment industry’s demands, as the stakes could not be higher – the right to free access to information and content on the internet. As Cory Doctorow, co-editor of Boing Boing argues,

There are lots of industries that want the W3C to standardise DRM for them, too. The ebook people have asked for a W3C standard to lock up formatted text – basically, webpages – and I wouldn’t be surprised to see paywall sites and others converging on this.

Gal (Mozilla’s CTO) told me he didn’t think that users would accept DRM for text in the same way that they’ve accepted DRM for video, pointing out that most text is not DRMed. However, nearly all the video on the web today is DRM-free – YouTube users alone post 96 hours’ worth of DRM-free video every minute.

It’s only a small slice of “premium” video that is locked up with DRM, in the same way that only a small slice of text – commercial books, paywalled newspapers – would likely be DRMed if the ebook people get their W3C DRM.

The promulgation of DRM video on the web is the beginning, not the end. If Mozilla wants long-term support from its stakeholders, it can’t make decisions about future DRM fights on an ad hoc basis.

Doctorow concludes rather poignantly that,

I fully accept that Baker and Gal have taken this decision reluctantly and unhappily. I disagree with their rationale, but I understand it. And I accept that they have gone to enormous lengths to devise a DRM with as few harms as possible.

But there is more that Mozilla can do, and should do, even if they’re wrong that DRM is the only way – and especially if they’re right.

Exclusive Offer
Get NordVPN for only
Get NordVPN for only