Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?

from the questions-to-ponder dept

A few years back, we wrote a few stories about the unfortunate move by the W3C to embrace DRM as a part of the official HTML5 standard. It was doubly disappointing to then see Tim Berners-Lee defending this decision as well. All along this was nothing more than a focus by the legacy content providers to try to hinder perfectly legal uses and competition on the web by baking in damaging DRM systems. Even Mozilla, which held out the longest, eventually admitted that it had no choice but to support DRM, even if it felt bad about doing so.

There are, of course, many problems with DRM, and baking it directly into HTML5 raises a number of concerns. A major one: since the part of the DMCA (Section 1201) makes it infringing to merely get around any technological protection measure -- even if for perfectly legal reasons -- it creates massive chilling effects on security research. To try to deal with this, Cory Doctorow and the EFF offered up something of a compromise, asking the W3C to adopt a "non-aggression covenant," such that the W3C still gets its lame DRM, but that W3C members agree not to go after security researchers.

Who could possibly object to that? But, for whatever reason, the W3C still won't agree to it. Cory and the EFF are looking for security researchers to sign on to tell the W3C to get with the program and to protect security research. They've already got some great names signed on, but if you're in the security research field, please consider signing on as well. Or if you know people in the field, please send them to the EFF asking them to sign on as well.

Filed Under: drm, html5, security research
Companies: w3c


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Adrian Cochrane (profile), 30 Mar 2016 @ 4:23pm

    To be clear, given the way the W3C are structured, the browser vendors (who buy in) write the specs and Berners-Lee acts as king and sign off on these specs when he considers them stable. That means that Hollywood doesn't need to send lobbyists to the W3C, they've already corrupted at least Apple (who like to call this "Premium HTML5 Video") and Google. Besides this "standard" hardly qualifies as one, as it basically is a new <embed> tag where every browser provides their own incompatible DRM (I imagine it's done this way because security by obscurity really is the only way to do DRM).

    So yeah, I vote for an open wiki to replace the W3C.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.