EFF Resigns From W3C After DRM In HTML Is Approved In Secret Vote

from the disappointing dept

This is not a huge surprise, but it’s still disappointing to find out that the W3C has officially approved putting DRM into HTML 5 in the form of Encrypted Media Extensions (EME). Some will insist that EME is not technically DRM, but it is the standardizing of how DRM will work in HTML going forward. As we’ve covered for years, there was significant concern over this plan, but when it was made clear that the MPAA (a relatively new W3C member) required DRM in HTML, and Netflix backed it up strongly, the W3C made it fairly clear that there was no real debate to be had on the issue. Recognizing that DRM was unavoidable, EFF proposed a fairly straightforward covenant, that those participating agree not to use the anti-circumvention provisions of the DMCA (DMCA 1201) to go after security researchers, who cracked DRM in EME. The W3C already has similar covenants regarding patents, so this didn’t seem like a heavy lift. Unfortunately, this proposal was more or less dismissed by the pro-DRM crowd as being an attempt to relitigate the question of DRM itself (which was not true).

Earlier this year, Tim Berners-Lee, who had the final say on things, officially put his stamp of approval on EME without a covenant, leading the EFF to appeal the decision. That appeal has now failed. Unfortunately, the votes on this were kept entirely secret:

So much for transparency.

In Bryan Lunduke’s article about this at Network World, he notes that despite the W3C saying that it had asked members if they wanted their votes to be public, with all declining, Cory Doctorow (representing EFF) says that actually EFF was slapped on the wrist for asking W3C members if they would record their votes publicly:

?The W3C did not, to my knowledge as [Advisory Committee] rep, ask members whether they would be OK with having their votes disclosed in this latest poll, and if they had, EFF would certainly have been happy to have its vote in the public record. We feel that this is a minimal step towards transparency in the standards-setting that affects billions of users and will redound for decades to come.?

?By default, all W3C Advisory Committee votes are ?member-confidential.? Previously, EFF has secured permission from members to disclose their votes. We have also been censured by the W3C leadership for disclosing even vague sense of a vote (for example, approximate proportions).?

It was eventually revealed that out of 185 members participating in the vote, 108 voted for DRM, 57 voted against, and 20 abstained.

And while the W3C insisted it couldn’t reveal who voted for or against the proposal… it had no problem posting “testimonials” from the MPAA, the RIAA, NBCUniversal, Netflix, Microsoft and a few others talking about just how awesome DRM in HTML will be. Incredibly, Netflix even forgot the bullshit talking point that “EME is not DRM” and directly emphasized how “integration of DRM into web browsers delivers improved performance, battery life, reliability, security and privacy.” Right, but during this debate we kept getting yelled at by people who said EME is not DRM. So nice of you to admit that was all a lie.

In response to all of this, Cory Doctorow has authored a scathing letter, having the EFF resign from the W3C. It’s worth reading.

The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew ? and the large corporate members continued to reject any meaningful compromise ? the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. In essence, a core of EME proponents was able to impose its will on the Consortium, over the wishes of a sizeable group of objectors ? and every person who uses the web. The Director decided to personally override every single objection raised by the members, articulating several benefits that EME offered over the DRM that HTML5 had made impossible.

But those very benefits (such as improvements to accessibility and privacy) depend on the public being able to exercise rights they lose under DRM law ? which meant that without the compromise the Director was overriding, none of those benefits could be realized, either. That rejection prompted the first appeal against the Director in W3C history.

In our campaigning on this issue, we have spoken to many, many members’ representatives who privately confided their belief that the EME was a terrible idea (generally they used stronger language) and their sincere desire that their employer wasn’t on the wrong side of this issue. This is unsurprising. You have to search long and hard to find an independent technologist who believes that DRM is possible, let alone a good idea. Yet, somewhere along the way, the business values of those outside the web got important enough, and the values of technologists who built it got disposable enough, that even the wise elders who make our standards voted for something they know to be a fool’s errand.

We believe they will regret that choice. Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. They give media companies the power to sue or intimidate away those who might re-purpose video for people with disabilities. They side against the archivists who are scrambling to preserve the public record of our era. The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they?ll be able to ensure no one ever subjects them to the same innovative pressures.

This is a disappointing day for the web, and a black mark on Tim Berners-Lee’s reputation and legacy of stewardship over it.

Filed Under: , , , , , ,
Companies: drm, eff, mpaa, nbc universal, netflix, riaa

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “EFF Resigns From W3C After DRM In HTML Is Approved In Secret Vote”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Right

You can trust IceCat (which is a FireFox fork) won’t support EME, as it’s developers (the FSF) have been busy compaigning against this standard.

Also I’ll be making sure the WebKit-based browser I’m developing and using to post this comment won’t be loaded with any CDMs (anything more than this is impractical for me), but I’ll only package this for elementary OS and it won’t have much to attract anyone other than fans of that desktop.

Thad (user link) says:

Re: Re: Re:3 Right

It was already a de facto standard even without W3C recommendation; Netflix, YouTube, and Amazon Video all use it. Hulu’s still on Flash; I don’t know about the other streaming services but I expect that if they don’t use HTML5 video with EME already, they will soon.

Sure doesn’t seem to have done anything to stop Netflix shows from appearing on torrent sites on day one.

Anonymous Coward says:

My comment went into Techdirt's "Moderation" black hole at 2053 Pacific...

Even “Resend” didn’t work that time.

Same old problem that Masnick promised to stop, I mean, wasn’t happening.

And if complain, Techdirt calls me a liar, easy to do since it controls what gets out of “Moderation”, and has motive to do so.

I’m going to check in another window, BRB…

No show after ten minutes.

Anonymous Coward says:

Total corporate control is the clear goal.

You’re not fighting corporate control when, oh, say, running Godwin’s piece on how we’re not to worry that mega-corporations are totally unregulated, and any attempt to have them remove OBVIOUS criminality is bad. — Techdirt’s hand-wringing when some corporations win more control, after defending others for profiting off criminality just can’t be logically sustained.

Anonymous Coward says:

Re: Total corporate control is the clear goal.

So: YAY for me being right at trends going as predicted! — And, sheesh, grow up if you’re at all surprised by this. — You can start by agreeing with me that corporatism as favorably propagandized by Godwin today is EXACTLY the root cause here. Get over your schizophrenia and decide whether you favor corporatism or “natural” persons: that means whether you favor legal fictions over yourself! — Masnick has spent years confusing you on the point.

But your freedom can’t co-exist with unlimited corporatism. You are just one person up against large and manifold amoral monsters, having no inhibitions, seeking only to gain money, and which are eager to exert control, especially over the outlets for free speech, and are visibly increasing their control over it right now.

Every corporation is like Comcast, and even it’s constrained by old-fashioned notions that Godwin just today told us must be cast aside for sake of corporate efficiency and innovation at controlling us. — Oh, sure, he’ll say not. Even Hitler was more honest. — Godwin wants NO controls on corporations, and THIS control BY corporations is part of the inevitable result. Enjoy.

HUH. There appears to be a LENGTH limit now.

Stephen T. Stone (profile) says:

Re: Total corporate control is the clear goal.

Godwin’s piece on how we’re not to worry that mega-corporations are totally unregulated, and any attempt to have them remove OBVIOUS criminality is bad

[citation needed]

Seriously, hit me up with some actual quotes, taken in context, that support your argument. If he said what you think he said, you will be able to do so.

Anonymous Coward says:

Re: trans·par·ent

“And these are your reasons, my lord?”

“Do you think I have others?” said Lord Vetinari. “My motives, as ever, are entirely transparent.”

Hughnon reflected that ‘entirely transparent’ meant either that you could see right through them, or that you couldn’t see them at all.

Lawrence D’Oliveiro says:

W3C Forgets What The Internet Is All About

Big Content continues to believe that the Internet needs them more than they need the Internet. The history of how the Internet became dominant over proprietary content-delivery systems that were set up in its early days, and even before it became popular, show that the opposite is true.

Anonymous Coward says:

“integration of DRM into web browsers delivers improved performance, battery life, reliability, security and privacy.”

Let’s see about that:

Performance –
Running unnecessary code steals system resources, not improves them

Battery life –

Reliability –
DRM has only ever made access less reliable, by locking out legitimate users in the inevitable case where it fails to prooerly authenticate.

Security –
Forcing tge use of an attack vector that’s “illegal” to fix. Finally something worse for security than the TSA.

Privacy –
As if ad-makers aren’t salivating at the prospect of protecting their ads via DRM to do an end-run around adblockers.

0/5 try again.

Anonymous Coward says:

Re: Re: Re:

> DRM and adblockers serve similar purpose: block content. Difference is with adblocker you are in control, while with DRM you lose, because you didn’t pay the mafia.

Considering that the most common purpose of DRM is to prevent those that legally paid for the content, but are playing the content in a way that conflicts with the mafia’s "normal" method of playing the content (i.e. on a non-Redmond based OS or in a non-Redmond based application,) I’d disagree with this statement. Those who access the content illegally don’t need to worry about DRM, as it doesn’t exist in that environment.

The more correct version would be "while with DRM you lose, because you chose to do business with the mafia."

Anonymous Coward says:

Re: Not just for videos

Then I and, I’m sure, many others will simply not view the ad-riddled content. If a site prevents me from viewing their content because I’m blocking their ads then I simply go elsewhere for the content or skip it altogether. Not one single content producer makes anything that OMG I SIMPLY MUST HAVE!.

That said, I’ve been known to purchase the occasional humorous t-shirt and techdirt deal to support a site I appreciate. Ads, though, especially those fucking animated ones, are a big fat ‘no’.

Stephen T. Stone (profile) says:

Re: Re:

DRM cedes at least partial control of a given device to closed-source black-box code controlled by a third party. This unauditable, arbitrary code could potentially open up that device to hacks, malware, and other various threats. It exists only to protect someone else’s shit from pirates who already know how to crack DRM and share that shit.

If you support even “benign” DRM in spite of knowing those facts, you willingly concede control of your device to the corporations who will control that DRM. How much control of your device do you believe Netflix should have?

TripMN says:

Re: Re: Re: Re:

Javascript is not unauditable. In fact it is possibly the most auditable code short of owning the source (Open Source, anyone?) because it can’t be fully obfuscated, it is not compiled to byte-code, and it is interpreted locally.

You have tools built into your web browser that will even de-minimize the code as much as possible and allow you to see what is running, set break points, step thru the code. You might have a hard time figuring out what any single piece of code does because you did not write it, but it is neither arbitrary nor unauditable.

That One Guy (profile) says:

Re: Re: Re:5 Re:

And given the attempted exception for security researchers that the EFF was pushing and that got shot down, you can be absolutely certain that that can and will be happening more in the future.

Why spend extra on more robust security when you can merely threaten and sue anyone who points out how laughable your bargain-bin security is?

Anonymous Coward says:

Re: Re: Re:4 Re:

Yes, but therin lies the rub:

I cannot understand it, so I do not care if someone else wants to but is forbidden even if their understanding may protect me in the long run.

Most of these people will not get past the first nine words of that quote before stopping. People don’t care. Nor do they want to. They do want what those demanding DRM for everyone are shoving. Therefore, they will gladly accept anything that those people demand, damn the consequences. They will continue to do so, until they have a strong personal reason not to.

So, get ready. It’s going to get a whole lot worse before it gets better. This vote isn’t even going to be a blip on the radar by the time they get their reason to oppose.

Anonymous Coward says:

Money talks and bullshit walks. Or common sense in this case. This is a sign. The W3C doesn’t run on happy thoughts and good wishes and as community funds are running dry we’ll see an increasing number of these open projects bought up by corporate interests.

The takeaway is that we either start showing our support properly for a free (not gratis) and open internet by donating in larger numbers or the trend will continue.

Anonymous Coward says:

Re: Re:

I’ll make this clear. I don’t agree with the adoption of DRM.

But just like in politics, in the end, money won the day.

As operating costs have risen, a lot of Open projects have found themselves struggling to get funded from donations.

It should come as no surprise that corporate money is looking more appealing with every passing day.

Anonymous Coward says:

Re: Re:

The takeaway is that we either start showing our support properly for a free (not gratis) and open internet by donating in larger numbers or the trend will continue.

This isn’t going to be a problem for the vast majority of web video watchers for a couple of reasons.

The first is that web video is increasingly moving from browsers into apps. I’d personally rather see things stay in the browser. DRM is going to be deployed and again, I would prefer to see standardized DRM rather than a mix of potentially conflicting solutions.

Secondly, it doesn’t negatively impact normal people. They don’t care if their movie stream, which is ephemeral by design, is encrypted. As long as it plays.

I personally believe content companies are overly paranoid. Who wants to pirate content these days? It’s inexpensive, easier, and a better experience getting it from legitimate sources these days.

Anonymous Coward says:

Re: Re:

The takeaway is that we either start showing our support properly for a free (not gratis) and open internet by donating in larger numbers or the trend will continue.

Donating somewhere other than the W3C now that they don’t support the open web; maybe the EFF. Just as importantly, don’t "donate" to the companies that push DRM—the MPAA, Netflix, etc. (did they join the W3C just so they’d be able to vote for DRM? I can’t see any other reason they’d care about web standards.)

MyNameHere (profile) says:

I don’t get it.

This whole deal isn’t to add a DRM to HTML, rather it’s to add a set of rules and create a sort of sandbox that limits DRM to working in a very particular way.

It does not make DRM mandatory.

It does not make your browser run DRM to view a web page.

It does not force you to use DRM on every site you visit.

In fact, it doesn’t even add DRM to your browser. It only sets the rules for how EME works and will be supported in W3C compliant browsers.

Nobody is forcing browser makers to use it, no more than microsoft could force us all to use frontpage extensions!

No browser absolutely has to have it to function.

No website will be required to add DRM to operate.

EFF leaving is fundamentally “I lost the game so I am going away in a snit”. They get all upset at the voting – which is the same as it’s always been. It’s always been secret to avoid having participating individuals and groups harassed before and after voting.

Not a good week for EFF.

Anonymous Coward says:

Re: Re: Re:

I don’t think the EFF actually wanted to kill the standard, they were looking for protections for researchers.

Whether or not a DRM framework is officially standardized doesn’t really change anything. For users it’s nice in that it removes some uncertainty and helps guide those that want to protect content down a specific path. For developers it spells out how to write the structure needed to support CENCs used by DRM software. There really isn’t a downside.

The EFF didn’t get the protections they wanted and so it’s to be expected that they pull out. They have limited resources and shouldn’t spread themselves too thin. There are more effective ways for them to fight for users and open access than being on the W3C. For example, asking W3C members to promise not to sue is a much weaker action than actually repealing the law that allows them to sue. That’s where the EFF should be focused (IMHO).

Anonymous Coward says:

Re: Re: Re: Re:

All DRM proponents gloss over the fact that DRM hurts their customers, while barely slowing down the ‘pirates’. It only takes one break of the DRM protecting a piece of content for it to become freely available to everybody who cares to use free content, therefore unless the DRM is perfect, it is actually useless in achieving its intended aim.

Stephen T. Stone (profile) says:

Re: Re: Re: Re:

I don’t think the EFF actually wanted to kill the standard, they were looking for protections for researchers.

No, the EFF wanted EME gone. When they realized that was never going to happen—all thanks to the new corporate members of W3C—the EFF tried to carve out those protections. When even that one simple request was denied, the EFF knew W3C had been compromised. The secret vote only confirmed for everyone else what EFF had known for a while.

Anonymous Coward says:

Re: Re: Re:2 Re:

the EFF wanted the EME gone

The EME aren’t new. Whether or not it’s ratified as a standard doesn’t affect anything. Unless they were campaigning to outright ban EME, they weren’t trying to make EME go away.

This doesn’t affect development in any way, does it? All of the modern major browsers had already adopted it. This was really just ceremonial.

If you want to make a new browser and have it instantly work for things like Netflix, well now you are in luck. Implement the extensions and the DRM CENCs should plug right in and go. Before, you would have to ask Netflix to support you and that’s a tough ask for a new browser that doesn’t yet have any users.

Anonymous Coward says:

Re: Re:

You cannot see the issue?
How about the video you want to see does not allow fast forward / skip of certain parts (due to the beyond your control black box DRM code), thus hammering your bandwidth (as you cannot just skip to part of video you are interested in (e.g. a friend (who’s opinion you respect) has said this is “worth watching from 03:25, before that it’s boring”
Think its unlikely?
How about the unskippable piracy warning crap on a DVD you legitimately purchased (but ironically removed on pirate version) and even worse the unskippable ads (place your bets on those becoming huge with mandatory DRM)
Currently it’s quite easy to stop potentially noxious third party JavaScript from running in your browser (plenty of addons to deal with that) – that will not be the case if the black box DRM component runs all manner of JavaScript…
A huge control & security hole

Anonymous Coward says:

Re: Re: Re:

Those are all issues with DRM and don’t really have anything to do with whether or not the W3C turns a de facto standard into an actual standard.

People seem to be under the impression that what the W3C did is going to introduce DRM controls in browsers. It doesn’t. They have been there for a loooong time now. Unless you are selling a competing DRM framework, this probably doesn’t affect you. If you are selling a DRM module, there’s now a standard that, if you follow the guidelines, your code can more easily run on any browser that supports W3C standards.

Anonymous Coward says:

Re: Re: Re: Re:

If you are selling a DRM module, there’s now a standard that, if you follow the guidelines, your code can more easily run on any browser that supports W3C standards.

I have two problems with the adoption. First, it bestows unjustified legitimacy on the idea of encumbering streams. Second, as you say above, it lowers the bar for creating/operating a DRM-encumbered site. I liked the idea that DRM was inconvenient for the site operator because they had to deal with lack of standardization among the different browsers. DRM is bad for users. It should be at least as painful for the entities that choose to inflict it on users.

Anonymous Coward says:

Re: Re: Re:4 Re:

Pushing hard? Please. They had the votes. No hard push was necessary because other than the EFF, there was essentially no opposition.

The digital video people needed something like the W3C to act as an umbrella organization for legal reasons. If they had written up the standard just as a group of companies, they would have been open to anti-trust actions. By creating a standard and making it open, they avoid that.

Getting companies to pinky-swear not to sue researchers made for entertaining columns here and on Boing Boing, but ultimately that’s not really the solution. The solution is to secure researcher protections and the rights for those that need assistive technologies enshrined in law. I hope that’s where the EFF focuses their energy now.

Anonymous Coward says:

An opportunity for browsers to shine

Now that DRM-encumbered content is nicely annotated, browsers have an excellent opportunity to inflict a fitting bit of irony. Prior to starting any DRM-encumbered stream, show a warning (bonus if it’s unskippable, like the DVD FBI warning page; but at the very least, make it require the user to check some settings box for “Never remind me again on this site”) that the stream has been encumbered by its creator in ways that limit your ability to use the stream. Enumerate the abilities (time-shifting, format-shifting, excerpting, etc.) that the DRM disallows. Tell the user that the problem is in the stream, not in the browser, and that any issues need to be forwarded to the support desk of the organization providing the encumbered stream. Bonus for vague language that encourages users to consider the encumbered stream to be broken/defective/erroneous.

If the user tries to take a disallowed action, the error box should explain in more detail that this would work, except DRM says you cannot do that, and encourage the user to contact the organization’s support desk if the user believes the DRM marking is erroneous.

For additional bonus points, arrange that any DRM-encumbered stream gets a mandatory decoration in the browser to set it apart from the page in a visually obvious way. Justify it on the basis that this one element is encumbered and doesn’t work like the rest of the page (i.e. properly), so it needs to be distinct to avoid user confusion.

Anonymous Coward says:

I Can't Figure Out What EME Will Actually Do

So inline in HTML5 keyfiles (hashed or plain text at Right-Holders’ discretion) will help figure out if you, the viewer, are allowed to watch a video streamed through HTML playback. Okay, it’ll be harder to rip Youtube and Netflix videos. What ever will we do? If only there were like a dozen other video streaming playback methods available to consumers and pirates alike?

That also assumes that any third party authentication parts of this licensing machine aren’t subject to constant DDoS attacks. While I wouldn’t want Facebook-embedded video on blackout for hours at a time I’d expect this to be the case. Nothing riles up internet aggressors more than DRM and DRM-like initiatives.

Anonymous Coward says:

And so the hunt for magical unicorn continues….

I’m still waiting for how they’re gonna stop people from using custom capture hardware that pretends to be a genuine OEM monitor to rip all the movies.

Also has W3C hired the same consultants who recommended to backdoor all crypto? Seriously, blackboxed cryptosystems have such great history. I’m literally shedding tears of joy over this. Honest.

Josh Taylor says:

Ban the EFF from the internet

Good riddance. I’m glad the W3C have given this pro-white supremacist EFF the boot.

The EFF is defending the neo-Nazi website The Daily Stormer which was banished to the dark web. It’s time we do the same to the EFF. Ban the EFF from the web NOW. Contact their service Gandi and demand that they revoke the EFF’s hosting account because of their defense of the Daily Stormer which violates the hosting provider’s TOS.

David says:

Publishing votes is not an option.

“The W3C did not, to my knowledge as [Advisory Committee] rep, ask members whether they would be OK with having their votes disclosed in this latest poll, and if they had, EFF would certainly have been happy to have its vote in the public record. We feel that this is a minimal step towards transparency in the standards-setting that affects billions of users and will redound for decades to come.”

Once you actually publish votes, either of two bad things may happen:

  1. someone counts them
  2. someone checks his own vote

This could lead to an erosion of trust.

Thad (user link) says:

Re: Publishing votes is not an option.

You’ve misunderstood how the voting process works. The votes aren’t secret to W3C members, they’re only secret to the public; every W3C member knows how everybody voted, but they’re forbidden from disclosing that information by NDA. (The W3C censured the EFF for even disclosing the proportions. Which kind of reminds me of that scene in Clerks where the lady tells Randal off, says she’s going to Big Choice Video, and storms out, and he runs after her to shout "Hey, you’re not allowed to rent here anymore!")

The reason the W3C members don’t want their votes known isn’t that there’s any chance of fraud. It’s that they don’t want the bad publicity that comes with having their votes published.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...