DRM concerns arise as W3C’s Tim Berners-Lee approves the EME specification

Encrypted Media Extensions (EME) is one step closer to becoming a fully ratified World Wide Web Consortium (W3C) recommendation. Yesterday, it was revealed W3C’s director Tim Berners-Lee has reached a decision to approve the specification.

EME is a format that enables the playback of protected content within a web browser without requiring a plugin.

“The Encrypted Media Extensions specification remains a better alternative for users than other platforms, including for reasons of security, privacy, and accessibility, by taking advantage of the Web platform. While additional work in some areas may be beneficial for the future of the Web Platform, it remains appropriate for the W3C to make the EME specification a W3C Recommendation,” Philippe Le Hégaret, project management lead for the W3C, wrote in an email.

Since 2010, the W3C has been working to support video in HTML and extend the Open Web Platform so that developers and users no longer have to worry about relying on plugins and installing extensions. According to Le Hégaret, in order to develop websites that were “flashy” and supported video in the past, plugins were necessary because HTML and CSS were not enough to satisfy use cases. However, there were a lot of security and privacy concerns around using plugins because they are outside of the control of web browsers.

Today, the W3C has about 200 specifications in the works toward mitigating those concerns, but one big concern still remains: Digital Restrictions Management. DRM is said to impose technological restrictions on users’ digital media rights. DRM has been causing controversy around the EME specification because some users in the video and movie industry still rely on DRM to confidently distribute their content, according to Le Hégaret. “They may say this is a video you can play with EME, but to be able to do that you need to be able to use a DRM system,” he said. “A lot of the community out there is worried of the implications of installing these black boxes on computers, and rightfully if I may say so.” However the W3C believes this is an issue with DRM itself, and not with the EME specification.

According to the Free Software Foundation (FSF), an organization designed to advance software freedom, the DRM interferes with users’ control over their own computers, is insecure, and introduces risks to user privacy. Because of this, the FSF is strongly against W3C’s EME specification and DRM on the web.

“We want a free web that doesn’t have any DRM, and each step to formalize it as part of the web is concerning,” said Zak Rogoff, campaigns manager for the FSF. “This is the first time the W3C has gotten this close to standardizing DRM officially…and we are pretty concerned that if this is ratified it could energize efforts and open the door to more DRM on the web.”

Ideally, the FSF wishes the W3C would not endorse DRM in any way. While the FSF understands it can not legally stop anyone from using DRM on the web, it does not think the W3C should be an official part of it. According to Rogoff, the W3C has a long tradition of supporting the Open Web, and this specification goes against that tradition.

But Le Hégaret ensures it has the best interests of the web in mind. “There are still some remaining concerns with regards to the policy, so I understand part of the reaction, but we have been working very hard to make sure to protect the security of users as much as possible,” he said. “We are a technical organization and our aim is to lead the web to its full potential. For better or for worse, there are millions of users out there who are looking to use the web platform for many use cases and one of those is the playback of protected content, so it makes sense for us to look at this use case.”

With Berners-Lee’s approval, the EME specification is quickly moving towards W3C Recommendation. At this point, the W3C has to wait two weeks before EME can become an official recommendation. During the next two weeks, the FSF will work hard to set an appeal in motion. In order for this to happen, 5 percent of the W3C’s advisory committee members have to sign onto the appeal. The committee currently has 475 members. If the appeal is successful, it would trigger a vote for the whole committee to make a final decision on whether or not to approve EME. “W3C member organizations must take responsibility for the digital rights of Web users and appeal Tim Berners-Lee’s disastrous decision,” Rogoff said in a statement. “Standards-setters’ top priorities should be user freedom, privacy, security, interoperability and accessibility, not helping Hollywood and streaming companies make their anti-user DRM more efficient. If you have any personal connection to a W3C member organization, we encourage you to contact them immediately about appealing.”

In the midst of all of this, the FSF is participating in the International Day Against DRM this weekend. The Day Against DRM is a recurring event designed to take action against the law and technology that weakens user security and rights. The event takes place Sunday, July 9th. According to Rogoff, while it is a coincidence this is taking place during the EME’s appeal phase, the organization plans to draw attention towards the W3C’s recommendation as well as other DRM issues. To participate, users can plan or participate a gather or protect action.

“While EME does not overcome the fact that the user needs to interact with a content decryption module (CDM), it is an improvement  over the pre-EME situation and a step towards future improvements as well,” Le Hégaret wrote. “We recommend organizations involved in DRM and EME implementations ensure proper security and privacy protection of their users. We also recommend that such organizations not use the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA) and similar laws around the world to prevent security and privacy research on the specification or on implementations.”