Is Mozilla on the Bridge of Khazad - or on the Fence?

Last week I explored at some length the curious reasons that Sir Tim Berners-Lee gave for supporting the proposal to add hooks for DRM into HTML5. One hugely important voice that was missing in this conversation is that of Mozilla, well-known...


Last week I explored at some length the curious reasons that Sir Tim Berners-Lee gave for supporting the proposal to add hooks for DRM into HTML5.

One hugely important voice that was missing in this conversation is that of Mozilla, well-known defender of the open Web. Because it was so crucial to have its views on this area, I sent off some questions on the topic to the organisation. I never received any direct answers to those, but Brendan Eich, whom I interviewed a couple of years ago, has written an excellent blog post with the witty title "The Bridge of Khazad-DRM" that is presumably Mozilla's official position on this topic.

It begins with the same emphasis on users that Berners-Lee adopted:

As usual for us here at Mozilla, we want to start by addressing what is best for individual users and therefore what's best for the Open Web, which in turn depends in large part on many interoperating browsers, and also on open source implementations with a significant combination by number and market share among those browsers.

It's good to see the open Web mentioned in the same breath here, since that really is what this is all about.

We see DRM in general as profoundly hostile to all three of: users, open source software, and browser vendors who aren't also DRM vendors.

Again, this is close to the Berners-Lee line, and yet that didn't stop him from supporting DRM...

Eich's post continues:

Currently, users can play content that is subject to DRM restrictions using Firefox if they install NPAPI plugins, really Flash and Silverlight at this point. While we are not in favor of DRM, we do hear from many users who want access to streaming movies to which they rent access rather than "buy to own". The conspicuous example is Netflix, which currently uses Silverlight, but plans to use EME in HTML5.

Now this is a curious thing to say. According to Wikipedia, the streaming service from Netflix is available only in "North and South America, the Caribbean, United Kingdom, Ireland, Sweden, Denmark, Norway, Finland, Iceland, the Netherlands". So is Eich saying that many users in those countries have been expressing their deep desire to watch streamed films within Firefox? I find that hard to believe, not least because they currently do that using Silverlight.

What I do think is true is that Netflix is saying there are potentially many users who want access to streaming movies, and so Mozilla must support DRM in HTML5. But that's a non-sequitur: Netflix doesn't need DRM in HTML5 now, and it wouldn't need it in the future. It is simply trying to push Mozilla into acquiescing with its own plans, formulated purely for its own benefit.

And what that conveniently overlooks is that Netflix is not available in most parts of the world, which means that DRM is being imposed globally purely to serve those relatively few countries where the US company Netflix is active. Leaving aside the fact that this is a very US-centric view of things – something that I'm sure Mozilla wouldn't want to be seen endorsing – the key question is why should everyone else have to suffer the consequences of Netflix wanting DRM so as to make it easier to sell subscriptions? Supporting such business models is hardly the function of the W3C – and it certainly isn't Mozilla's chief concern.

Eich then goes on:

We are working to get Mozilla and all our users on the right side of this proposed API. We are not just going to say that users cannot have access to streaming Hollywood movies, as that is a good way to lose market share and not have any product with which to uphold our mission.

But nobody is saying that those users in the US and a few other countries that care cannot have access to streaming films, just that a particular way of doing it shouldn't be enshrined in W3C standards. As many people have pointed out, companies like Netflix will go ahead with this approach whether or not the W3C and Mozilla adopt it, so why bless it?

And I find this phrase in particular troubling:

We are working to get Mozilla and all our users on the right side of this proposed API.

What on earth does that mean? I fear it might have something to do with this later statement:

However, the W3C willfully underspecifying DRM in HTML5 is quite a different matter from browsers having to support several legacy plugins. Here is a narrow bridge on which to stand and fight — and perhaps fall, but (like Gandalf) live again and prevail in the longer run. If we lose this battle, there will be others where the world needs Mozilla..

The "bridge" mentioned there links to the following:

The current EME draft makes no attempt to encourage interop at the CDM [Content Decryption Modules] level. For example, the current EME draft does not forbid or even discourage a UA [user agent, such as a browser] vendor from promulgating a CDM that no other user-agent can support, and encouraging the creation of content for that CDM consumable only by that user-agent. Such an outcome would be antithetical to the mission of the W3C, and the W3C should not bless, appear to bless, or enable such scenarios.

I believe it is possible to fix this bug without making major changes to EME or CDM technology, without discarding existing EME/CDM requirements, and that it's worth making at least a good-faith effort to try. I believe this should be settled (at least to the point of committing to fix the bug) before EME progresses further, or any requirements we need to add to EME and CDMs are likely to be rejected as "too late".

This suggests that for Mozilla the "problem" with EME is not that it exists at all – and will therefore sanctify DRM – but that it doesn't go far enough in creating proper DRM interoperability.

This is exactly wrong: making DRM modules compatible will remove the barriers and friction in the system, and simply cause DRM to be used more widely by publishers, who will perceive it as a "no-brainer". By "fixing" this perceived bug, Mozilla will actually be undermining the open Web even more completely than the current W3C proposals.

Eich sees Mozilla as standing on a narrow bridge valiantly defending the idea of full interoperability, as if that were the issue here. It's not. What is at stake is the idea that everything the W3C and Mozilla support has openness and sharing at its heart. That doesn't mean everything on the Internet has to be free, as some have ridiculously tried to suggest; it doesn't even mean that DRM will disappear. But it does mean that DRM is treated as literally beyond the pale for those organisations – not part of their world or worldview.

Eich writes:

Mozilla's mission requires us to build products that users love — Firefox, Firefox for Android, Firefox OS, and Firefox Marketplace are four examples — with enough total share to influence developers, and therefore standards. Given the forces at play, we have to consider EME carefully, not reject it outright or embrace it in full.

People love the products because they are built on openness – even if users don't articulate it in those terms, that is the key benefit that users enjoy thanks to Mozilla's dogged defence of the open Web through thick and thin. Mozilla will never "influence" developers or standards if its simply acquiesces in the bullying by Netflix. It must lead, not follow, as it has done in the past.

It should not "consider EME carefully", nor abstain from deciding whether to "reject" or "embrace" it. That is not defending the Bridge of Khazad-DRM, that is sitting on the fence. That is simply not an option here, because sitting on the fence means avoiding the issue, and avoiding the issue would be an act of pusillanimity that is unbecoming for such an otherwise fearless organisation.

Mozilla must decide whether it truly believes in the open Web, and whether it wishes to remain true to its long and glorious record of defending it. If it does – and I sincerely hope it does, otherwise the damage to its reputation and influence will be huge, particularly among the free software community – it should reject EME outright and proclaim the fact that it is doing so loudly and proudly. That may upset some companies, and some people, but sometimes it's necessary to say things that people don't want to hear, however painful that may be. A bit like this post.

Follow me @glynmoody on Twitter or, and on Google+

"Recommended For You"

Mozilla's Brendan Eich on the Birth of Firefox Mozilla: Publish and be DRM'd!