W3C HTML5 DRM : The Encrypted Media Extensions (EME) Framework

Electronic Frontier Foundation (EFF) and Free Software Foundation (FSF) supporters has not much love to watch the Web moving forward with DRM in the browser. But, that has been truth. Finally W3C HTML5 DRM aka The Encrypted Media Extensions (EME) Framework drafted against many peoples’s wish and over-empowering the browsers. 58.4% of the W3C (World Wide Web Consortium) members has approved the EME specifications. It is good to remember that Encrypted Media Extensions are not a security system (DRM) but a collection of guidelines that need to be applied by stakeholders to handle CDM (Content Decryption Modules) distribution of various types of online content. The sum of the percentages obtained by those who abstained and those who opposed it is equal to 41.6%. The final results of the vote, which took place in the third week of September, confirm that the outcome of the vote has undermined much of the W3C.

In short, this system enables the use of HTML5 video to play back as DRM-wrapped content such as streaming video services without the need of Adobe Flash or Microsoft Silverlight. It has been controversial because it helps a proprietary, closed component into an open and free software ecosystem.

W3C HTML5 DRM : The Encrypted Media Extensions (EME) Framework

DRM opponents do not prop up a monolithic blockade of objections but marry multiple guidelines: the Free Software Foundation considers DRMs as the supreme evil and is unwilling to accept them; Free Media Supporters and Open Source Philosophy see as an imposition to threaten the impossibility of studying DRMs (the code will be of the owner) and end up in jail – according to the US Digital Millennium Copyright Act (DMCA) – Hacking DRMs is a crime, even if carried out in legal areas such as those of security researchers who are involved in identifying bugs and vulnerabilities.

Companies such as Netflix and Spotify are naturally satisfied with the turnaround and are preparing to implement their CDMs in the medium term. Considering the discovery of the most popular third-party plugins, the latter can distribute content in two ways: by using proprietary applications that can be used on smartphones, PCs etc. or opting for HTML5 and CDMs compliant with EME requirements.

On paper, it appears that CDMs are not only safer but also more respectful to users’ privacy. In fact, CDMs can work in sandbox mode by accessing a limited amount of information (whether they are personal data, history of pages visited on the web, etc.). And in theory, reduces the attack compared to plugins and standalone applications – Flash holds a position that has led it to inevitable retirement.

Now, it remains to be seen how the EMEs will actually be implemented: the transition from theory to practice will not be immediate, while the W3C will have to try to overcome some critical issues such as the thorny situation of security researchers.

W3C HTML5 DRM : The Official Sources

Encrypted Media Extensions is based on the HTML5 Media Source Extensions specification which enables adaptive bitrate streaming in HTML5 using MPEG-DASH with MPEG-CENC protected content. The official documentation can be found in :