W3C finally approved the DRM standard for HTML5

On July 6, 2017, the World Wide Web Consortium (W3C) publicly announced its intention to adopt Encrypted Media Extensions (EME), a DRM standard that provides an API for controlling content playback in a browser through the HTML5 <video> and <audio> elements. That is, built-in DRM will appear directly in the browser, so that right holders will be able to prohibit / restrict the playback of movies and music on users' computers. Thus, even in free browsers, open source will run an encrypted proprietary code - a “black box”, which threatens the security and privacy of users, as well as deprives them of control over their own computers.

Previously, Tim Berners-Lee delegated the decision-making process to an advisory committee, but after many disputes the discussion was at a dead end, so according to the rules, the W3C director still had to make a single-handed decision. A letter to the W3C mailing list was sent by Philippe Le Hégaret on behalf of Sir Tim Berners-Lee. He wrote: “After reviewing all the issues, the Director decided that EME specifications should receive the status of W3C recommendations.”

The Electronic Frontier Foundation, which on July 9, in conjunction with the Free Software Foundation, Creative Commons and the Document Foundation, is holding the International Day against DRM , strongly opposed such a decision: it was made “without any guarantees of accessibility, security studies or competition, despite unprecedented internal disputes between employees and W3C members on this issue. ”
')
DRM in the browser is implemented in such a way that the JavaScript API provides only an interface for interaction, and the content decryption module Content Decryption Module (CDM) controls the receipt of a license and the exchange of cryptographic keys and implements proprietary license management methods. This is shown schematically in the illustration.



First introduced in 2012, EME technology is still causing fierce controversy in the community. A large camp of opponents of the standardization of this technology is opposed by the powerful corporate lobby of rights holders, who conduct commercial activities on the Web selling digital content and software.

Not only the aforementioned Free Software Foundation and the Electronic Frontier Foundation oppose the adoption of EME. Hundreds of security experts signed up for the open letter, academic researchers, even the human rights group Just Net Coalition and the Director of Communications and Information of UNESCO , expressed their objections.

EME's proprietary encryption is promoted by Netflix, Google, Microsoft, and Apple, as well as copyright holders from the Motion Picture Association of America (MPAA). All of them are members of the W3C, that is, they transfer financial contributions to the maintenance of the Consortium.

Now EME opponents have the last chance to oppose the adoption of the standard - to appeal to the W3C Advisory Committee (Advisory Committee of the World Wide Web Consortium). This committee is headed by Tim Berners-Lee, who has already approved EME. However, if 5% of the 475 committee members sign an appeal within two weeks, a general vote will be initiated. It will establish the final decision whether to include EME in the standard.

"The organizations in W3E should take responsibility for the digital rights of Internet users and protest the disastrous decision of Tim Berners-Lee," said Zak Rogoff, campaign manager for the Free Software Foundation. “The main priorities in adopting standards should be the freedom of users, privacy, security, compatibility and accessibility, not helping Hollywood and streaming companies how to make their DRM directed against users more effective.”

If the EME standard is adopted, then we can expect a gradual increase in proprietary encrypted video on the Web, since it will be easier for the streaming services to implement DRM protection. According to opponents, this will cause additional problems for users and threatens freedom of information on the Internet: such a video is difficult to translate, comment on, archive, and carry out other legal actions. They call EME real “digital handcuffs” for video content on the Web. In addition, proprietary DRM in the browser is a real rootkit for spying on users by copyright holders, as Adobe history has shown.

According to the American law DMCA Section 1201 (in many other countries there are also such laws), bypassing DRM protection even for the purpose of finding dangerous security vulnerabilities, bookmarks and rootkits is punishable by administrative and criminal penalties. Bypass DRM protection is easy: for example, the Widevine protection in Google content was opened back in 2010 , but it does not matter. The law gives the right holder an exceptionally profitable right to pursue users and competitors who are trying to circumvent protection or use content in a manner not provided for by the right holder.

Alternatively, the Electronic Frontier Foundation proposes an agreement whereby the W3C right holders promise to prosecute DRM violators only for copyright infringement, but not for circumventing DRM protection if it is related to legal actions (security studies, simplifying access to content for people with disabilities, and t d.)

If the appeal fails, the agreement will not be accepted.

“Today we mourn the web when W3C sells us all,” wrote John Sullivan, executive director of the Free Software Foundation. - But this is not the end; The decision may be appealed. Don't let huge corporations-publishers control the Web. ”