In 2013, the World Wide Web Consortium (W3C) raised the ire of many in the free-software community (and elsewhere) by adopting an API that adds support for DRM modules within web content. Now, the working group that produced the API in question has come up for renewal, and a number of high-profile parties—including the Electronic Frontier Foundation (EFF) and Free Software Foundation (FSF)—are using the occasion to push back against the DRM camp, in hopes of regaining some of what was lost.
To recap, the W3C accepted the Encrypted Media Extensions (EME) framework as a W3C “Working Draft” specification in 2013. EME added hooks to the HTML and elements designed to pass control to a Content Decryption Module (CDM) that would then enable or disable playback based on some authentication system chosen by the site owner. Although the specification included a simple, plain-text key system as the only mandatory authentication scheme, the intent was widely recognized: online media vendors like Netflix would implement DRM authentication schemes via proprietary, binary CDMs that users would have to install as some form of browser plugin (albeit with limited functionality).
Strictly speaking, the “Working Draft” status of EME is not the final step in the W3C standards-publication process. But it is part of that process, and critics loudly objected to the W3C taking any part in drafting a specification the purpose of which is to restrict access to content.
Nonaggression
The EME specification is being drafted by the HTML Media Extensions Working Group, and the group’s original charter expires on March 31, 2016. When the group came up for official rechartering (a step that will be required to move EME further through the standardization process), the EFF took that event as an opportunity to push back again at EME. In January, it proposed tying the recharter to a DRM “nonaggression covenant.”
Akin to the W3C’s existing patent policy, the DRM covenant is meant to put a halt to several of the nastier effects of DRM, such as copyright holders’ ability under the Digital Millennium Copyright Act (DMCA) to sue anyone who discusses circumvention methods. Since publishing security vulnerabilities can be regarded as “discussing circumvention methods,” the EFF notes, this DMCA provision has a strong chilling effect on work that has no illegal purpose. The EFF’s proposed covenant describes this problem as “paracopyright,” noting that the expansive effect it has in stopping speech and development that is not copyright infringement is a separate issue from whether the W3C should endorse DRM in the first place. Adopting the covenant would be moving to middle ground.
The proposed covenant requires that all participants in the W3C DRM specification process agree not to sue anyone who makes software that complies with the specification or who reports bugs in a specification-compliant implementation. That would free implementers and security researchers from the threat of DMCA lawsuits for otherwise legal work.
Protestations
In the lead-up to the W3C’s March 20 meeting in Cambridge, Massachusetts, several other organizations registered their support for the EFF proposal or, more generally, their opposition to EME. The Open Source Initiative (OSI) published a position statement supporting the proposed nonaggression covenant, saying:
In order to make open source implementations possible, an open standard that involves DRM needs an agreement from the standards body and the authors of the standard not to pursue legal action for circumvention of DRM.
The FSF, on the other hand, organized protests objecting fundamentally to the inclusion of DRM itself in web standards; first starting a “selfie campaign” in which supporters sent photos of themselves holding anti-DRM signs or messages, then planning an in-person picket line outside the W3C meeting. The FSF also pointed interested parties to its online petition, started in 2013, and currently signed by 26 organizations and more than 33,000 individuals.
In the end, protesters gathered not just outside the W3C meeting, but at several other W3C offices around the globe. The gatherings were picked up by several tech-news outlets.
W3C responses
The various public positions and protests certainly did not go unnoticed by the W3C. On March 11, it published an “invitation to the free-software community for real dialog” on its blog, inviting members of the free-software community to contact W3C staff directly to discuss concerns about DRM, rather than “just snapping a selfie next to a W3C sign.”
The tone of the post might be considered dismissive by some, as it equates participating in protests with “let[ting] someone else make you try to shoehorn yourself into any narrative they want to construct about fearless activists doing battle against some faceless uncaring entity.” Nevertheless, the W3C did agree to consider the EFF’s nonaggression-covenant proposal during the March meeting.
On March 20, the W3C also published an EME fact sheet page, which it says “clarifies definitions and current activities” and “corrects misconceptions” about EME. The page notes that the W3C welcomes participation from all stakeholders, regardless of interest or industry, and highlights the initial EME proposal’s ability to automatically handle the plugin-management tasks that users had previously needed to perform by hand. Ultimately, it said, the web should be “universal” so that it can “contain anything,” and EME supports that goal by remaining neutral about DRM and supporting CDMs generically—a far better approach for the health of the web than the alternative: external software like Flash and Silverlight.
Up next
The position put forward in the EME fact sheet is essentially the same one offered by the W3C in 2013; it is not likely to change any minds. To an extent, the pro- and anti-EME sides are arguing past each other (publicly) over the nuances of wording. Paraphrasing for the sake of brevity, the W3C claims that protesters are objecting to “DRM in HTML” but contends that EME is not DRM. Opponents of EME, in turn, would reply that such a description is merely a technicality, since EME is designed to deliver DRM. Unfortunately, as long as the debate remains fixated on such linguistic puzzles, there is not likely to be any significant movement on either side, and the camps may well continue to talk past each other.
Ideally, that impasse is what makes the EFF’s nonaggression covenant a potentially useful play: it makes an incremental and beneficial change, rather than attempting to take a direct run at the logjam. At present, the outcome of the W3C meeting’s consideration of the DRM nonaggression covenant remains unknown. How that proposal was received is the unanswered question; so far neither the EFF nor any W3C representatives have commented.
EME was a contentious issue even within the ranks of the W3C in 2013, and it continues to be so today as well. W3C employee Harry Halpin moderated a DRM panel discussion at LibrePlanet 2016; afterward he announced that he would resign if the W3C approves EME as a Recommendation, the final status for W3C standards. However this week’s discussions turn out, it seems likely that there will be many more battles yet to come.
— source lwn.net By Nathan Willis