Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?

from the questions-to-ponder dept

A few years back, we wrote a few stories about the unfortunate move by the W3C to embrace DRM as a part of the official HTML5 standard. It was doubly disappointing to then see Tim Berners-Lee defending this decision as well. All along this was nothing more than a focus by the legacy content providers to try to hinder perfectly legal uses and competition on the web by baking in damaging DRM systems. Even Mozilla, which held out the longest, eventually admitted that it had no choice but to support DRM, even if it felt bad about doing so.

There are, of course, many problems with DRM, and baking it directly into HTML5 raises a number of concerns. A major one: since the part of the DMCA (Section 1201) makes it infringing to merely get around any technological protection measure -- even if for perfectly legal reasons -- it creates massive chilling effects on security research. To try to deal with this, Cory Doctorow and the EFF offered up something of a compromise, asking the W3C to adopt a "non-aggression covenant," such that the W3C still gets its lame DRM, but that W3C members agree not to go after security researchers.

Who could possibly object to that? But, for whatever reason, the W3C still won't agree to it. Cory and the EFF are looking for security researchers to sign on to tell the W3C to get with the program and to protect security research. They've already got some great names signed on, but if you're in the security research field, please consider signing on as well. Or if you know people in the field, please send them to the EFF asking them to sign on as well.

Filed Under: drm, html5, security research
Companies: w3c


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 30 Mar 2016 @ 5:46pm

    Re: DRM Could be Used by Terrosits to Hide their Actvities

    Sadly, this was my reasoning behind agreeing with W3C allow DRM plugins. This doesn't necessarily mean a bad thing. DRM is simply an encryption protocol, meaning that it could allow say WebRTC chat rooms to be encrypted through an open source plugin through the W3C's DRM plugin design, but fanatics get their panties in a bunch when you mention DRM. If you want to speak privately with person X than DRM might just be a way to get there, like PGP and private keys. You sign with a public key of the person, and they decrypt with their private key through the plugin and wham we have encrypted communication through gasp *DRM*. The plugin just has to handle the encryption/decryption and the WebRTC format doesn't get bloated with additional code that could very well make it insecure.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.