DRM in Firefox is The End of Our Digital Security

Mozilla recently decided to add DRM in Firefox even if Mozilla hates it. Almost all video streaming websites use some kind of DRM and as Microsoft, Apple and Google has already implemented DRM in their browsers, Mozilla thinks not adding the DRM in Firefox would make it useless as a product as the user will have to switch to other browser everytime a user visits a website with DRM.
I am not going to either defend Mozilla on the decision of adding DRM in Firefox or write against it, they did what they had to do. In the end its all business, Firefox is of no use to me if I cannot watch Netflix on it. So I can understand the awkward position Mozilla would be in when deciding on the DRM in Firefox, what I don’t understand is How can Mozilla completely ignore the security complications associated with this decision.
In a single line, DRM in Firefox is going to end our digital security as we know it and I’ll explain it how. I don’t care about other browsers as they have already given up on user liberty long ago but Firefox has long stood for our freedom on the web and I respect that, well used to.
For a moment, let’s say we don’t have any problem with the DRM in Firefox and we are actually happy as now we’ll be able to enjoy services like Netflix and others. The problem is that DRM module implemented in Firefox is being developed by Adobe ( Yes, Adobe ), an HTML 5 based DRM implemented in Firefox is being developed by Adobe.
The DRM module developed by Adobe is closed source, which alone is a deal breaker for many people and worse it is protected by controversial global laws to prevent security research because such information could be used to weaken the DRM and researchers publishing such information publicly has been threatened and prosecuted in the past. In other words, reporting security bugs for Adobe’s DRM module in Firefox can land you in legal trouble.
Dmitry Sklyarov, a Russian Computer Security Researcher was arrested by FBI in 2001 because he presented a paper on the strengths and weaknesses of the software used to protect electronic books at Defcon convention in Las Vegas.
It was our very own Adobe who charged Dmitry Sklyarov with breaking the security on Acrobat’s E-Reader API, trafficking in and offering to the public a software program that could circumvent technological protections on copyrighted material under section 1201(b)(1)(A) of the U.S. Copyright Act which was made law by the 1998 Digital Millennium Copyright Act (the DMCA). He was also charged with aiding and abetting his employer Russian software development company Elcom Ltd (a.k.a. ElcomSoft Co. Ltd) to do that.
What Dmitry Sklyarov did was legitimate security research and he determined the security of several popular E-Book reader products and then notified the respective firms of his findings. His company Elcomsoft published, in Russia, software that circumvented these ineffectual security systems. His Def Con talk was a clear and evenhanded presentation of the facts. “This security is weak, and here’s why.” he said. One particular company he mentioned stored the password in plaintext inside the executable. So, anyone with Notepad and a few minutes of scrolling could have the book modified for easy distribution.
Even Sony BMG infected millions of computers with an illegal rootkit to prevent people from ripping their Audio CDs which was completely Legal. After the word was out, many security researchers admitted that they had known about the rootkit but were afraid to say anything about it.
So Mozilla is allowing to run such a software in Firefox which is closed source and insecure to such a degree that even Security bugs are illegal to report. Although Mozilla is trying its best to limit the effect of DRM by the running the DRM module in a sandbox which will limit module’s access to other processes in the system and Firefox is the only web browser to do so as the DRM module runs unrestrictedly in other browsers.

Leave a Reply

Your email address will not be published. Required fields are marked *