Web inventor Sir Tim sizes up handcuffs for his creation – and world has 2 weeks to appeal
Anti-piracy DRM gets the green light, for now
Sir Tim Berners-Lee, inventor of the world wide web, director of the web standards trendsetter W3C, and Knight Commander, Order of the British Empire, has given his blessing to anti-piracy locks on web content.
The Encrypted Media Extensions API – supported by companies like Apple, Google, Microsoft and Netflix and opposed by the free software community, academic researchers, and foes of anti-piracy mechanisms – provides a standards-based mechanism to display DRM-protected content in compliant web browsers.
The W3C is not mandating DRM in all cases; rather its EME API provides support for content providers who choose to implement DRM through proprietary content decryption modules (CDMs).
Speaking on behalf of Berners-Lee in a note posted to the W3C mailing list, project management lead Philippe Le Hégaret said, "After consideration of the issues, the Director reached a decision that the EME specification should move to W3C Recommendation."
First proposed in 2012, EMEs continue to elicit voluble opposition among those who believe web technology should steer clear of DRM entirely.
"We're mourning the Web today, as the W3C sells everyone out," lamented John Sullivan, executive director of the Free Software Foundation, in a blog post on Friday.
In February, writing for the Electronic Frontier Foundation, author and activist Cory Doctorow called EMEs "indefensible."
That same month, Berners-Lee defended his support for the technology, arguing that it's better to have a seat at the table than to ignore the concerns of software and content companies and force them to implement their own DRM schemes.
"If W3C did not recommend EME, then the browser vendors would just make it outside W3C," he wrote. "...It is better for users for the DRM to be done through EME than other ways."
That's a point EME's foes do not concede. Yet, among those who view DRM as anathema, there's no obvious compromise that might placate studio executives focused only on investment returns.
Staking out a more pragmatic position, the Electronic Frontier Foundation last year proposed a way to mitigate the risk that EMEs pose to computer security researchers – legal threats based on the DMCA's anti-circumvention provision. The cyber rights advocacy group asked the W3C to back a DRM covenant, similar to the W3C's patent non-aggression policy, as a means to prevent EMEs from chilling security research.
The W3C, unable to reach agreement on how vulnerability disclosure should be handled, responded with something less than that, offering only voluntary guidelines instead a requirement.
EMEs will be published as a W3C Recommendation unless at least five per cent of the 475 members of the W3C Advisory Committee – composed of companies, non-profits, and educational organizations – support an appeal within 14 days. If an appeal it considered, members will have the opportunity to vote on whether to accept or reject the technology. ®
- AdBlock Plus
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Microsoft 365
- Microsoft Office
- Microsoft Teams
- Palo Alto Networks
- Software License
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Web Browser
- Zero trust