It's official: the last holdout for the open web has fallen. Flanked on all sides by Google, Microsoft, Opera, and (it appears) Safari's support and promotion of the EME DRM-in-HTML standard, Mozilla is giving in to pressure from Hollywood, Netflix, et al, and will be implementing its own third-party version of DRM. It will be rolled out in Desktop Firefox later this year. Mozilla's CTO, Andreas Gal, says that Mozilla "has little choice." Mozilla's Chair, Mitchell Baker adds, "Mozilla cannot change the industry on DRM at this point."
At EFF, we disagree. We've had over a decade of watching this ratchet at work, and we know where it can lead. Technologists implement DRM with great reticence, because they can see it's not a meaningful solution to anything but rather a font of endless problems. It doesn't prevent infringement, which continues regardless. Instead, it reduces the security of our devices, reduces user trust, makes finding and reporting of bugs legally risky, eliminates fair use rights, undermines competition, promotes secrecy, and circumvents open standards.
It's clear from the tone of Gal and Baker's comments, and our own discussions with Mozilla, that you'll find no technologist there who is happy with this step. The fact that Mozilla, in opposition to its mission, had to prepare and design this feature in secret without being able to consult the developers and users who make up its community is an indication of how much of a contradiction DRM is in a pro-user open-source browser.
Unchecked, that contradiction is only going to grow. Mozilla's DRM code, imported from Adobe as a closed-source binary, will sit in a cordoned sandbox, simultaneously Mozilla's responsibility but beyond its control. Mozilla will be responsible for updates to the DRM blackbox, which means users will have to navigate browser updates that will either fix security bugs or strip features from their video watching. Mozillians have already been warned of the danger of talking too much about how DRM works (and doesn't work), lest they trigger the provisions in the Digital Millennium Copyright Act (DMCA) that forbid "trafficking" in circumvention knowledge.
Baker may think that Mozilla cannot change the industry on its own (despite it having done so many years ago). Sadly, it changes the industry by accepting DRM. It is these repeated compromises to the needs of DRM advocates by tech company after tech company that are changing the nature of personal computing, transforming it into a sector that is dominated by established interests and produces locked-down devices, monitored and managed by everyone but their users.
Past experience has shown that standing up to DRM and calling it out does have an effect. As we have said to the W3C, and Cory Doctorow spells out to Mozilla in this Guardian article, we can do much more to fight the negative consequences of DRM than simply attempt to mitigate the damage of its adoption.
We need to work to end the reinforcement of DRM and criminalization of fair use in the DMCA and similar legislation being spread throughout the world. We need to speak out about the failings of DRM, even if we fear that DRM proponents will just make it worse (in the name of "improvement") or take civil or criminal actions under the DMCA. We need to challenge the baseless assertion that users don't mind DRM as long as they can watch House of Cards and demand actual evidence to justify the damage it causes. And, given the amount of compromise we have already suffered, we need to spell out the principles that we won't compromise on.
Mozilla and the W3C are both organizations with missions intended to defend and promote the open web. Both have now committed to a system of content control that is seen as a violation of those principles by many Internet users. We, and they, can change that story. We need to redirect the ingenuity being wasted on attempts to limit the damage of introducing DRM into the heart of the Web toward a positive campaign against further incursions.