News Section Logo NEWS - Return to news section

 

EFF Resigns from W3C Over DRM Row

Posted by: , 15:29 AEST, Thu September 28, 2017

Permanent Link     Add Comments
submit to reddit
The EFF has resigned from the W3C over the introduction of a DRM as a Web Standard and the lack of a circumvention exemption for security researchers
News story feature image
Image/Photo Credit: YayAdrian @ Flickr, CC

Digital rights group the Electronic Frontier Foundation (EFF) has resigned from the World Wide Web Consortium (W3C), the body that oversees the standards for the Internet over the body's formal adoption of a form of DRM for web video content.

The W3C formally published Encrypted Media Extensions (EME) as a W3C Recommendation or Web Standard.

Companies such as Netflix and Amazon already use EMEs to protect their content in browsers such as Chrome and Firefox, but the official "tick" from W3C is significant in that it is seen as an official endorsement of DRM as being part of the HTML standard. Browser makers can still decide not to include support for EMEs, as it is a voluntary standard.

The EFF, however saw things differently. The digital rights group who fights for consumer rights and on issues of Internet interoperability, has previously warned about the inherent problems with DRM, notably that it destroys interoperability and compatibility, and strips consumers of their rights. More specific to the EME certification by the W3C, the EFF were appalled to find that the standard was introduced without a covenant guaranteeing the rights of security researchers to circumvent EMEs for security research purposes.

The lack of such an exemption, the EFF says, creates a "legally unauditable attack surface" for hackers to exploit, and at the same time, allows companies to sue researchers for trying to find and fix these security flaws. This is something that the EFF's representative to the W3C, Cory Doctorow, has pointed out before with evidence backing up his claims that security research has been compromised by current digital anti-lockpicking laws. 

In fact, a security flaw within Google's EME implementation, Widevine, went "unnoticed" for years, possibly due to the lack of legal protection for security researchers when it comes to publishing information in relation to these types of flaws.

Speaking specifically on the W3C EME decision, Doctorow argues that the W3C has allowed commercial considerations to override technological common sense.

"In our campaigning on this issue, we have spoken to many, many members' representatives who privately confided their belief that the EME was a terrible idea (generally they used stronger language) and their sincere desire that their employer wasn't on the wrong side of this issue," wrote Doctorow in the EFF's resignation letter. "You have to search long and hard to find an independent technologist who believes that DRM is possible, let alone a good idea.

"Yet, somewhere along the way, the business values of those outside the web got important enough, and the values of technologists who built it got disposable enough that even the wise elders who make our standards voted for something they know to be a fool's errand."

Critics say that the W3C's decision has been largely driven by the fear of the WWW standards becoming ever more irrelevant in the age of apps. The lack of DRM support would drive more video streaming traffic to apps and away from the web browser.

[via ZDNetW3CEFF]


Comments:

Related News:

News Icon Copyright Office Grants New 'Hacking' DMCA Exemptions

posted by: Sean F, 17:37 AEDT, Sat November 5, 2016

News Icon Google Makes HTML5 DRM Mandatory

posted by: Sean F, 18:09 AEDT, Fri February 3, 2017

News Icon Critics Say US Government Got Piracy List 'Notoriously' Wrong

posted by: Sean F, 14:46 AEDT, Tue December 27, 2016

News Icon Netflix 4K Playback on PC Locked to Edge Browser, Latest Intel CPU, Due to DRM

posted by: Sean F, 16:07 AEDT, Sat November 26, 2016

News Icon Download Site Forced to Remove Google Ads for File Sharing Software

posted by: Sean F, 16:21 AEST, Sat July 29, 2017