A new Web standard proposal authored by Google, Microsoft, and Netflix seeks to bring copy protection mechanisms to the Web. The Encrypted Media Extensions draft defines a framework for enabling the playback of protected media content in the Web browser. The proposal is controversial and has raised concern among some parties that are participating in the standards process.

In a discussion on the W3C HTML mailing list, critics questioned whether the proposed framework would really provide the level of security demanded by content providers. Mozilla asked for clarification from the authors about whether it would be possible to implement the proposal in an open source Web browser. Google's Ian Hickson, the WHATWG HTML specification editor, called the Encrypted Media proposal "unethical" and said that it wouldn't even fulfill the necessary technical requirements.

"I believe this proposal is unethical and that we should not pursue it," he wrote in response to a message that Microsoft's Adrian Bateman posted on the mailing list about the draft. "The proposal above does not provide robust content protection, so it would not address this use case even if it wasn't unethical."

The aim of the proposal is not to mandate a complete DRM platform, but to provide the necessary components for a generic key-based content decryption system. It is designed to work with pluggable modules that implement the actual decryption mechanisms. The proposal specifies a new set of API extensions for HTMLMediaElement , the interface that defines the specialized properties and JavaScript methods that are available on HTML audio and video elements.

Copy protection is one of the issues that we discussed last year when we wrote about the future of video on the Web in a post-flash world. Major streaming video services, such as Netflix, are eager to abandon plugins in favor of standards-based HTML5 video, but they have been held back by the lack of support for robust DRM mechanisms, which they need to use in order to fulfill their contractual obligations to the content providers.

Mozilla's Robert O'Callahan warned that the pressure to provide DRM in browsers might lead to a situation where major browser vendors and content providers attempt to push forward a suboptimal solution without considering the implications for other major stakeholders.

Some of the discussion surrounding the Encrypted Media proposal seems to validate his concerns. Mozilla's Chris Pearce commented on the issue in a message on the W3C HTML mailing list and asked for additional details to shed light on whether the intended content protection scheme could be supported in an open source application.

"Can you highlight how robust content protection can be implemented in an open source web browser?" he asked. "How do you guard against an open source web browser simply being patched to write the frames/samples to disk to enable (presumably illegal) redistribution of the protected content?"

Netflix's Mark Watson responded to the message and acknowledged that strong copy protection can't be implemented in an open source Web browser. He deflected the issue by saying that copy protection mechanisms can be implemented in hardware, and that such hardware can be used by open source browsers.

"There exist many devices with content protection mechanisms of various sorts baked into their firmware/hardware. Open source software could make use of such capabilities in just the same way as it makes use of other hardware capabilities," he wrote. "If my understanding is correct, it's not unknown for open source products to make use of or even ship with closed source components, such as drivers, for access to platform or device capabilities."

This would potentially address the issue on mobile and embedded devices with the relevant hardware capabilities, but it's not clear what it means on the desktop. This response is unlikely to satisfy Mozilla or diminish the organization's concerns.

The Encrypted Media specification is currently a draft-stage proposal. It is backed by several major stakeholders, but it doesn't appear to be gathering the momentum it needs to gain broader support. The requirement for DRM on streaming video isn't likely to go away, however. If consensus can't be reached and no better approach emerges, there is a risk that some browser vendors will simply implement their own solutions outside of the standards process.