RISKS-LIST: Risks-Forum Digest  Friday 15 May 2014  Volume 27 : Issue 93

Date: May 16, 2014 at 12:49:14 AM EDT
From: Dewayne Hendricks <[log in to unmask]>
Subject: Can This Web Be Saved? Mozilla Accepts DRM, and We All Lose
  (Danny O'Brien via Dave Farber)

Danny O'brien, EFF, 14 May 2014

It's official: the last holdout for the open web has fallen. Flanked on all
sides by Google, Microsoft, Opera, and (it appears) Safari's support and
promotion of the EME DRM-in-HTML standard, Mozilla is giving in to pressure
from Hollywood, Netflix, et al, and will be implementing its own third-party
version of DRM. It will be rolled out in Desktop Firefox later this
year. Mozilla's CTO, Andreas Gal, says that Mozilla ``has little choice.''
Mozilla's Chair, Mitchell Baker adds, ``Mozilla cannot change the industry on
DRM at this point.''

At EFF, we disagree. We've had over a decade of watching this ratchet at
work, and we know where it can lead. Technologists implement DRM with great
reticence, because they can see it's not a meaningful solution to anything
but rather a font of endless problems. It doesn't prevent infringement,
which continues regardless. Instead, it reduces the security of our devices,
reduces user trust, makes finding and reporting of bugs legally risky,
eliminates fair use rights, undermines competition, promotes secrecy, and
circumvents open standards.

It's clear from the tone of Gal and Baker's comments, and our own
discussions with Mozilla, that you'll find no technologist there who is
happy with this step. The fact that Mozilla, in opposition to its mission,
had to prepare and design this feature in secret without being able to
consult the developers and users who make up its community is an indication
of how much of a contradiction DRM is in a pro-user open-source browser.

Unchecked, that contradiction is only going to grow. Mozilla's DRM
code,imported from Adobe as a closed-source binary, will sit in a cordoned
sandbox, simultaneously Mozilla's responsibility but beyond its
control. Mozilla will be responsible for updates to the DRM blackbox, which
means users will have to navigate browser updates that will either fix
security bugs or strip features from their video watching. Mozillians have
already been warned of the danger of talking too much about how DRM works
(and doesn't work), lest they trigger the provisions in the Digital
Millennium Copyright Act (DMCA) that forbid `trafficking' in circumvention

Baker may think that Mozilla cannot change the industry on its own (despite
it having done so many years ago). Sadly, it changes the industry by
accepting DRM. It is these repeated compromises to the needs of DRM
advocates by tech company after tech company that are changing the nature of
personal computing, transforming it into a sector that is dominated by
established interests and produces locked-down devices, monitored and
managed by everyone but their users.

Past experience has shown that standing up to DRM and calling it out does
have an effect. As we have said to the W3C, and Cory Doctorow spells out to
Mozilla in this Guardian article, we can do much more to fight the negative
consequences of DRM than simply attempt to mitigate the damage of its
adoption. [...]