It's been a year since the the W3C voted to bring Encrypted Media Extensions (EME) into Web standards. They claimed to want to "lead the Web to its full potential," but in a secret vote, members of the W3C, with the blessing of Web creator Tim Berners-Lee, agreed to put "the copyright industry in control" of media access. The enshrinement of EME as an official recommendation is not how we envision the "full potential" of the Web at the Free Software Foundation (FSF).
While the W3C has nonprofit rates, the costs of membership are high and require approval. These companies are paying for control of your access to digital spaces. They can afford the high fees, and they can influence who is allowed in their club - making it even harder for the interests of Web users to be represented alongside corporate desires.
These companies have the funding and staff to be able to have employees working on representing their interests in organizations like the W3C, while nonprofits and rights-based groups are more limited in their capacity to liaise with consortia or even join in the first place.
Problem: EME addresses use-cases outside of the domain of the Open Web. The W3C has historically provided Recommendations for the Open Web platform. However, W3C’s specification of this manner of interaction, such as the one with DRM, is unprecedented and poses a concern, especially as it supports an opaque, non-open technology. What policies are in place to limit this expansion of the W3C’s Recommendations into the non-open web? Software that is both outside of the W3C mission and also highly objectionable to large numbers of W3C members should not be addressed by W3C Recommendations.
Problem: EME-specified DRM impedes legitimate use, with little gained as a result. We believe that the benefits gained by owners of media from DRM implementations are not worth the limitations experienced by users. DRM does not offer much to hinder copyright infringement. Copyright infringers will not likely evade DRM if the media they want is widely available through alternative sources. While offering few copyright protection benefits, DRM denies users valuable functionality including extending, commenting on, annotating, modifying content for artistic reasons, or modifying content to enable access for people with disabilities. All of these uses, normally held in high regard in the W3C Recommendation process, are blocked by DRM.
We feel W3C Recommendations should not specify, even if indirectly through EME, the implementation or enabling of software that blocks legitimate functionality for users.
Problem: EME does not grow the web. We believe that the long-term growth referred to in the mission statement of the W3C largely refers to the potential for the web to be used in new and unforeseen ways. EME’s contribution to growth only benefits non-extensible, non-interoperable, non-open web content, which does little for network effects. The growth mission of the W3C is therefore not served if EME becomes a Recommendation.
Problem: EME undermines security. In order to maintain a secure Open Web, security researchers must be able to perform their work in both a technical and a legal sense. By officially making a Recommendation, W3C compels security researchers to perform security analyses of all major implementations of that Recommendation. In recommending EME, the W3C is therefore exposing legitimate security researchers in the community to potential legal liability and even prosecution in the United States.
We understand and appreciate the serious efforts made by members of the HTML Media Extensions Working Group to address the exposure of security researchers. However, consensus could not be reached about an Electronic Frontier Foundation (EFF) proposed covenant in which W3C members and their affiliations would agree to “non-aggression” with respect to bringing 17 U.S.C. § 1203 actions against security researchers.
If anything, now is a time the W3C should take a stronger position to defend legitimate security research when Internet users around the world feel less secure and less protected than ever.
Problem: EME constrains the web to follow specific existing business models rather than to enable new forms of interaction. The outcome of implementing DRM in web browsers would essentially set as a standard, the current proprietary systems and the related ways they interact with users and sell media. EME would inhibit potential models of a future decentralized web where blockchains and decentralized technologies could enable new business models and property rights management.
By recommending EME, the W3C is encouraging browser vendors to install software that lacks transparency and disclosure to the user, which is counter to the tradition of the Open Web and what many people hope the next generation of technology will bring.
The W3C must be guided by its mission, design principles, and values. A Recommendation by the W3C carries a lot of weight. We feel the organization should therefore not specify nor guide technologies such as DRM that do not conform to the W3C’s core values as expressed in its mission and design principles, especially when the technology in question undermines security, limits legitimate use, and offers little potential for expanding the web.
Rewarding Disobedience: https://www.media.mit.edu/posts/disobedience-award/
More at https://www.defectivebydesign.org/blog/w3c_sells_out_web_eme_1_year_later