March 24, 2017
The World Wide Web Consortium (W3C) has formally moved its Encrypted Media Extensions (EME) anti-piracy mechanism to the stage of Proposed Recommendation. The decision of whether or not to adopt the EME standard now depends on a poll of W3C’s members, which have until April 19 to respond. Although the proposed standard has many critics, W3C director/HTML inventor Sir Tim Berners-Lee has personally endorsed it. Engineers from Google, Microsoft and Netflix created EME, which has been under development for some time.
The Register notes that, due to Berners-Lee’s endorsement, “the proposed standard is expected to succeed.” Berners-Lee’s point of view is that “it’s better for DRM-protected content to be a part of the Web ecosystem than to be separate from it” in a standalone application, which he believes is “a greater risk to privacy and security.”
One of EME’s biggest critics is Electronic Frontier Foundation’s Cory Doctorow, who believes that EME “would give corporations the new right to sue people who engaged in legal activity,” referring to “legitimate security researchers investigating vulnerabilities in digital rights management software.” W3C has also received formal objections that EME doesn’t provide adequate protection for users and is hard to include in free software.
According to Ars Technica, the fear that security researchers have of getting into hot water is pegged to the U.S. Digital Millennium Copyright Act, which specifically prohibits circumventing any “Technical Protection Measures.” Canada, the EU and Australia have similar laws. To combat this issue, W3C is “developing a set of security best practices for disclosure of such flaws.”
EME doesn’t mandate any particular DRM scheme but, instead, must simply “provide a clear key system that uses plain-text (unprotected) keys for decrypting protected content.”
If EME passes the Proposed Recommendation stage, the next step would be for the W3C Advisory Committee to review the proposal. If it passes that review, EME will be a full W3C recommendation.” The Register notes that, “there is little opportunity for those bitterly opposed to the measure to stir up a grassroots campaign against the spec, due to the entry barriers for W3C membership and the fact that only members can vote on approval.”
Ars Technica adds that even if EME “fails to make the grade as a Recommendation, all the major browsers — Chrome, Internet Explorer, Edge, Firefox and Safari — already implement draft versions.”