September 20, 2017
The World Wide Web Consortium (W3C) published the Encrypted Media Extensions (EME) specification as a recommendation, although W3C members only voted 58.4 percent to approve, with 30.8 percent opposing and 10.8 percent abstaining. EME is a standard interface for digital rights management (DRM) protection of content delivered through the browser, defining how Internet content works with third-party Content Decryption Modules (CDMs) that provide proprietary decryption and rights management. In response to the EME recommendation, the Electronic Frontier Foundation has resigned from the W3C.
Ars Technica reports that, “the development of EME has been contentious,” because of differing “ideological and legal concerns.” Groups such as the Free Software Foundation “oppose any and all DRM in any context or application,” while others “are concerned by regulations such as the U.S. Digital Millennium Copyright Act (DMCA),” which outlaws bypassing DRM.
Companies that develop browsers and operate streaming media services — such as Netflix, Microsoft, Google and Apple — are the “principal groups favoring the development of EME,” because “DRM protection for subscription services, both audio and video, remains alive and well.”
For distributing content, providers have three choices: “proprietary plugins, such as Flash and Silverlight; proprietary standalone applications in various app stores; or HTML5 video with some kind of DRM system,” the latter of which includes EME.
Even those opposed to DRM prefer a “browser-based alternative” to the former paradigm of “rich plugins and standalone apps,” because the “CDM can be sandboxed, with limited access to personal data, pages within the browser, or the network.” In other words, “EME is seen as an incremental improvement in privacy and security, relative to the practical alternatives.”
With regard to the DMCA, the Electronic Frontier Foundation (EFF) “proposed a binding covenant for W3C members that would limit their ability to take legal action against those developing DRM bypasses,” but the W3C rejected it. In response, Cory Doctorow, the EFF’s advisory committee representative to the W3C, wrote an open letter announcing his organization’s departure from the World Wide Web Consortium.
“This covenant would allow the W3C’s large corporate members to enforce their copyrights … [it] merely restricted their ability to use the W3C’s DRM to shut down legitimate activities, like research and modifications,” he pointed out.
He added that the covenant “would have helped protect the key stakeholders, present and future, who both depend on the openness of the Web, and who actively work to protect its safety and universality” as well as “offer some legal clarity for those who bypass DRM to engage in security research to find defects that would endanger billions of web users; or who automate the creation of enhanced, accessible video for people with disabilities; or who archive the Web for posterity.”
“Somewhere along the way,” he added, “the business values of those outside the web got important enough, and the values of technologists who built it got disposable enough, that even the wise elders who make our standards voted for something they know to be a fool’s errand. We believe they will regret that choice.”