(Mis)Uses of Technology

by Mike Masnick


Filed Under:
appeal, drm, eme, html, tim berners-lee

Companies:
eff, w3c



EFF Officially Appeals Tim Berners-Lee Decision On DRM In HTML

from the last-ditch-effort dept

Last week, we wrote about the unfortunate and short-sighted decision by Tim Berners-Lee to move forward with DRM in HTML. To be more exact, the move forward is on Encrypted Media Extensions in HTML, which will allow third party DRM to integrate simply into the web. It's been a foregone conclusion that EME was going to get approved, but there was a smaller fight about whether or not W3C would back a covenant not to sue security and privacy researchers who would be investigating (and sometimes breaking) that encryption. Due to massive pushback from the likes of the MPAA and (unfortunately) Netflix, Tim Berners-Lee rejected this covenant proposal.

In response, W3C member EFF has now filed a notice of appeal on the decision. The crux of the appeal is the claimed benefits of EME that Berners-Lee put forth won't actually be benefits without the freedom of security researchers to audit the technology -- and that the wider W3C membership should have been able to vote on the issue. This appeals process has never been used before at the W3C, even though it's officially part of its charter -- so no one's entirely sure what happens next.

The appeal is worth reading so we're reposting a big chunk of it here:

1. The enhanced privacy protection of a sandbox is only as good as the sandbox, so we need to be able to audit the sandbox.

The privacy-protecting constraints the sandbox imposes on code only work if the constraints can't be bypassed by malicious or defective software. Because security is a process, not a product and because there is no security through obscurity, the claimed benefits of EME's sandbox require continuous, independent verification in the form of adversarial peer review by outside parties who do not face liability when they reveal defects in members' products.

This is the norm with every W3C recommendation: that security researchers are empowered to tell the truth about defects in implementations of our standards. EME is unique among all W3C standards past and present in that DRM laws confer upon W3C members the power to silence security researchers.

EME is said to be respecting of user privacy on the basis of the integrity of its sandboxes. A covenant is absolutely essential to ensuring that integrity.

2. The accessibility considerations of EME omits any consideration of the automated generation of accessibility metadata, and without this, EME's accessibility benefits are constrained to the detriment of people with disabilities.

It's true that EME goes further than other DRM systems in making space available for the addition of metadata that helps people with disabilities use video. However, as EME is intended to restrict the usage and playback of video at web-scale, we must also ask ourselves how metadata that fills that available space will be generated.

For example, EME's metadata channels could be used to embed warnings about upcoming strobe effects in video, which may trigger photosensitive epileptic seizures. Applying such a filter to (say) the entire corpus of videos available to Netflix subscribers who rely on EME to watch their movies would safeguard people with epilepsy from risks ranging from discomfort to severe physical harm.

There is no practical way in which a group of people concerned for those with photosensitive epilepsy could screen all those Netflix videos and annotate them with strobe warnings, or generate them on the fly as video is streamed. By contrast, such a feat could be accomplished with a trivial amount of code. For this code to act on EME-locked videos, EME's restrictions would have to be bypassed.

It is legal to perform this kind of automated accessibility analysis on all the other media and transports that the W3C has ever standardized. Thus the traditional scope of accessibility compliance in a W3C standard -- "is there somewhere to put the accessibility data when you have it?" -- is insufficient here. We must also ask, "Has W3C taken steps to ensure that the generation of accessibility data is not imperiled by its standard?"

There are many kinds of accessibility metadata that could be applied to EME-restricted videos: subtitles, descriptive tracks, translations. The demand for, and utility of, such data far outstrips our whole species' ability to generate it by hand. Even if we all labored for all our days to annotate the videos EME restricts, we would but scratch the surface.

However, in the presence of a covenant, software can do this repetitive work for us, without much expense or effort.

3. The benefits of interoperability can only be realized if implementers are shielded from liability for legitimate activities.

EME only works to render video with the addition of a nonstandard, proprietary component called a Content Decryption Module (CDM). CDM licenses are only available to those who promise not to engage in lawful conduct that incumbents in the market dislike.

For a new market entrant to be competitive, it generally has to offer a new kind of product or service, a novel offering that overcomes the natural disadvantages that come from being an unknown upstart. For example, Apple was able to enter the music industry by engaging in lawful activity that other members of the industry had foresworn. Likewise Netflix still routinely engages in conduct (mailing out DVDs) that DRM advocates deplore, but are powerless to stop, because it is lawful. The entire cable industry -- including Comcast -- owes its existence to the willingness of new market entrants to break with the existing boundaries of "polite behavior."

EME's existence turns on the assertion that premium video playback is essential to the success of any web player. It follows that new players will need premium video playback to succeed -- but new players have never successfully entered a market by advertising a product that is "just like the ones everyone else has, but from someone you've never heard of."

The W3C should not make standards that empower participants to break interoperability. By doing so, EME violates the norm set by every other W3C standard, past and present.

It's unclear to me why Tim Berners-Lee has been so difficult on this issue -- as he's been so good for so long on so many other issues. I understand that not everyone you agree with should ever agree with you on all things, but this seems like a very weird hill to die on.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  1. icon
    Mason Wheeler (profile), 12 Jul 2017 @ 1:51pm

    this seems like a very weird hill to die on.

    If only that expression could be a bit more literal. Not all the way literal, of course, but anyone who's supposed to be protecting open standard who then rolls over and endorses and legitimizes DRM, his career needs to die. His career needs to be summarily executed at that point. DRM is a thing that should never have existed and needs to stop existing; perpetuating it only brings harm to everyone involved.

    reply to this | link to this | view in thread ]

  2. identicon
    Christenson, 12 Jul 2017 @ 2:02pm

    "A very wierd hill to die on"-->?

    How about:
    ** A very wierd reef to crash the ship on?
    ** a very wierd altar to sacrifice the credibility on?
    ** a very strange place to cross the Rubicon?

    There are, of course, much darker interpretations. Don't mix your metaphor, lol!

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, 12 Jul 2017 @ 2:04pm

    Etenral Vigilance

    When an old ward as fallen to the enemy you don't waste time lamenting the event, you get a new ward immediately lest you risk being over run by a relentless enemy!

    reply to this | link to this | view in thread ]

  4. identicon
    Anonymous Coward, 12 Jul 2017 @ 2:09pm

    Tim Berners-Lee, A.K.A. Facebook/Google/Netflix W3C operations manager

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, 12 Jul 2017 @ 2:23pm

    Re:

    Pretty much. Frankly, I'm sorry Google ever became a thing at this point.

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, 12 Jul 2017 @ 2:25pm

    Re: Etenral Vigilance

    There is no new ward. None of the software luminaries of old are being replaced by new blood. Once the likes of Stallman et al die out, I'm pretty sure we are deeply boned.

    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, 12 Jul 2017 @ 2:58pm

    i suppose he's been 'encouraged' dont you and probably by the entertainment industries. after all, they want to be able to control the Internet, only allow those on to it that they approve, only allow uploads that they approve, only allow downloads that they approve and even worse, vet everyone who applies to use the net! all because of their own greed and self preservation that they are fully aware of will die unless they can continue to get politicians on board to what they want. there is only one way they can do that, just as there is only one way they can get law makers and enforcers to do only what the industries want, by throwing money at them! anyone who thinks that they have been doing this for 25-30 years, costing a fortune, and even screwing their own artists, is proof enough that all they want is everything possible for themselves, not giving a toss about anything and anyone else!! as for berners lee himself, he should be ashamed! if he was going to do this, why even bother to invent the Internet, let alone give it to everyone for free, when it's only been a temporary measure

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, 12 Jul 2017 @ 4:39pm

    Re:

    Tim Berners-Lee = Puppet

    Mic drop.

    reply to this | link to this | view in thread ]

  9. icon
    JoeCool (profile), 12 Jul 2017 @ 4:59pm

    Re: Re: Etenral Vigilance

    Well, there WAS one up and comer, but the DOJ killed him over a few freely available files. MIT was complicit in the killing, despite vehement denials.

    reply to this | link to this | view in thread ]

  10. icon
    Atkray (profile), 12 Jul 2017 @ 5:46pm

    Someone will need to update Wikipedia

    Sir Timothy John Berners-Lee OM KBE FRS FREng FRSA FBCS, also known as TimBL, is an English engineer and computer scientist, best known for turning the World Wide Web into Cable TV 2.0.

    reply to this | link to this | view in thread ]

  11. icon
    PopeyeLePoteaux (profile), 12 Jul 2017 @ 10:34pm

    *"It's unclear to me why Tim Berners-Lee has been so difficult on this issue -- as he's been so good for so long on so many other issues."*

    Everyone has a price. Someone simply managed to meet his price for making him stand against what he was supposed to stand for.

    reply to this | link to this | view in thread ]

  12. identicon
    Anonymous Coward, 12 Jul 2017 @ 11:09pm

    Re: Re: Re: Etenral Vigilance

    Ya, and as you can prolly tell, dead people don't make good advocates. They tend not to do much advocating.

    reply to this | link to this | view in thread ]

  13. identicon
    Anonymous Coward, 12 Jul 2017 @ 11:11pm

    Re: Someone will need to update Wikipedia

    Actually, I totally think someone should do this. It might even stay up for a bit, due to a sympathetic admin.

    reply to this | link to this | view in thread ]

  14. identicon
    Anonymous Coward, 12 Jul 2017 @ 11:14pm

    Re:

    But here's the thing: if everyone has a price, this is already over with. All of it. The digital era as relating to the common good, democracy as a present force in the world, the Western geopolitical sphere in general.

    Because some things simply should not be for sale, or eventually you will find a buyer who will take everything.

    reply to this | link to this | view in thread ]

  15. icon
    Stephen T. Stone (profile), 13 Jul 2017 @ 2:45am

    Re: "A very wierd hill to die on"-->?

    The “hill to die in” phrasing implies that someone feels so strongly about their position on a specific issue (the metaphorical hill) that they will defend that position to their death no matter what. None of the phrases you suggested have the same meaning.

    reply to this | link to this | view in thread ]

  16. identicon
    Anonymous Coward, 13 Jul 2017 @ 4:06am

    Re: Etenral Vigilance

    If the FOSS world wasn't so full of it more people would rise to the occasion. Poor pay (depending on donations and talks) and elitist peers make for a pretty unappealing prospect.

    Also a lot more corporations offer some form of source code access nowadays (not always OSI compliant) for cheaper (sometimes even gratis) and under less restrictive licensing than in the past.

    reply to this | link to this | view in thread ]

  17. identicon
    Anonymous Coward, 13 Jul 2017 @ 4:09am

    Re: Re: Re: Etenral Vigilance

    The law hounded poor Aaron worse than if he had been a robber or rapist.

    reply to this | link to this | view in thread ]

  18. identicon
    Anonymous Coward, 13 Jul 2017 @ 4:19am

    Here's the thing: I don't fault Tim Berners-Lee for his decision. Even less if RIAA promised him some form of benefits.

    Tim Berners-Lee is still a human being. He's also 60+ years old. He also has children. There are, most likely, more pressing matters in his personal life than fighting over the object of what is likely a dwindling career.

    I'm sure he'd have continued to fight the good fight if he had been paid accordingly.

    reply to this | link to this | view in thread ]

  19. identicon
    Anonymous Coward, 13 Jul 2017 @ 4:32am

    Re: Re:

    Love your naivete but, other than I don't know... God (if you're religious, that is), everyone has a price.

    You see, unlike the barons of old, the RIAA and MPAA have never actually committed so great an atrocity as to taint their money.

    The only ones who don't have a price are the young and healthy and those who are, just a bit, nuts.

    But the young and healthy eventually grow old and sick, so what we need are more of the second kind. Basically more guys (and gals) who have the same kind of drive as Richard Stallman.

    reply to this | link to this | view in thread ]

  20. icon
    stderric (profile), 13 Jul 2017 @ 5:37am

    Re:

    Tim Berners-Lee is still a human being. He's also 60+ years old. He also has children.

    Those kids must be terribly proud of ol' dad for finding a way to put food on the table despite the dearth of opportunities and adversity faced by being labeled 'the inventor of the web.'

    reply to this | link to this | view in thread ]

  21. icon
    AEIO_ (profile), 13 Jul 2017 @ 6:53am

    being labeled 'the inventor of the web.'

    So have YOU sent any money to him for reading this article? I haven't.

    Being labeled as such doesn't bring in any money. (What HAVE you done for me lately?)

    I don't know if he's been "paid off" or not. (And how would we know/trust any info?) I personally think he's just given up the fight to keep DRM away and wants to standardize the interface -- as opposed to everyone coming up with their own peculiarly implemented ideas.

    reply to this | link to this | view in thread ]

  22. identicon
    Anonymous Coward, 13 Jul 2017 @ 6:58am

    Re: Re: Re:

    Not naivete, facts. If everything is for sale, then eventually some rich bastard will come along and buy up every bit of you, lock stock and barrel. It's simple logic.

    Or (since you seem to believe this is somehow a theistic matter): if your god is the almighty dollar, then you actually *have* no morals: only proclivities to be encouraged/discouraged for the proper dollar amounts.

    reply to this | link to this | view in thread ]

  23. identicon
    Wendy Cockcroft, 13 Jul 2017 @ 7:17am

    Re: being labeled 'the inventor of the web.'

    Who ever heard of open source DRM? The whole point is to be anti-competitive.

    reply to this | link to this | view in thread ]

  24. identicon
    Anonymous Coward, 13 Jul 2017 @ 9:23am

    Re: Re: Re: Re:

    It's not a theistic matter.

    It was a manner of saying that there's almost no living human that won't compromise given the right price.

    It doesn't have to be money either. Threats towards one's family member or business or social connections can work too.
    Or withholding something important such as a cure.

    As for the theistic side, technically even angels were susceptible to corruption.

    reply to this | link to this | view in thread ]

  25. identicon
    Anonymous Coward, 13 Jul 2017 @ 9:33am

    Re: Re:

    I don't like this situation as I'm fan of the idea of free (not gratis) internet.
    Tim Berners-Lee shouldn't have had to make the choice in the first place.
    Just like Aaron Swartz shouldn't have had to make the choice in the first place.
    Some of the blame also rests on the shoulders of internet "tough guys" like us. We always look up to such people to take huge corporations head-on WITH NO HELP WHATSOEVER.

    A great leader without followers does not make for a successful revolution.

    reply to this | link to this | view in thread ]

  26. identicon
    Anonymous Coward, 13 Jul 2017 @ 9:41am

    Re: being labeled 'the inventor of the web.'

    Pretty sure not a single one of us has. That's the problem.

    To paraphrase wikipedia, if all techdirt and arstechnica readers each donated 5 USD for the fight, it would be a tremendous help.

    Nobody donates anything to these orgs anymore. And you can't really make money off of GPL software binaries alone.
    Heck W3C doesn't even have any binaries. What are they to do, lock up the RFCs behind a paywall!?

    We all hate DRM but very few are willing to pay for the fight against it. The US currently DOMINATES global IP Law and its justice system is HELLA' EXPENSIVE.
    Pretty much every major US IP ruling is adopted as Law within 5-10 years by most Berne Convention signers.

    reply to this | link to this | view in thread ]

  27. identicon
    Anonymous Coward, 13 Jul 2017 @ 10:16am

    Tim Berners-Lee has been added to English dictionaries as a synonym of "sellout".

    reply to this | link to this | view in thread ]

  28. identicon
    anonymous, 13 Jul 2017 @ 4:35pm

    ... not everyone you agree with should ever agree with you on all things ...

    "I understand that not everyone you agree with should ever agree with you on all things, ..."

    Why? Aristotle believed we love that which we see in others, which we admire in ourselves. Why couldn't me and my love agree on all things? We needn't care about trivialities ("Like my hair/dress/pecs/butt?"), but important things? Should be easy; damned near drop dead simple.

    Have fun.

    reply to this | link to this | view in thread ]

  29. identicon
    Anonymous Coward, 14 Jul 2017 @ 9:25am

    Re: Re: Re: Etenral Vigilance

    RIP A.S.

    reply to this | link to this | view in thread ]

  30. identicon
    Anonymous Coward, 14 Jul 2017 @ 9:30am

    Re:

    THIS.

    reply to this | link to this | view in thread ]

  31. identicon
    Anonymous Coward, 14 Jul 2017 @ 9:50am

    Yeah yeah, we know the narrative, a white English hero now becomes villain, and American martyr, etc. You know the story. And the rest of the world are just supposed to follow blindly.

    We all know the stardom and stars that the Western propaganda machinery and western stories would like to push: One Man, white, creates everything, and has come to save us all around the world, from an evil (another white man) who wants to destroy us all.

    Again, Tim Berners Lee is just a dude, he did not create or invent the internet. Further, he does not maintain the internet.

    The internet is a set of thousands of different technologies and developments created by millions of people around the world throughout the years. And it is maintained by millions of persons and companies around the world every single day throughout the years. This simplistic/reductionist view of one white man has come to save us all serves no purpose but the western propaganda.

    Did TBL invented the computer? the transistor? the microprocessor? optic fiber? GSM protocols? napster?
    etc etc etc etc etc etc. He just developed html and obviously not by himself but with the help from a huge team of people and with the support of many other persons, specialists, companies and tech. Further, all "his" development was based on knowledge, inventions and developments made by so many other people throughout the years.

    So if anyone believes "he invented" the internet must be out of their fucking mind.

    Even his decisions, are not "his", behind all this back and forward for DRM there are so many companies and individuals and entities against and supporting DRM in html. Please.

    People, don't fall for this crap of story, Tim Berners Lee did no invent the internet and his decisions are not his but the pushes of many vested interests for and against DRM.

    reply to this | link to this | view in thread ]

  32. identicon
    Anonymous Coward, 14 Jul 2017 @ 9:56am

    Re: being labeled 'the inventor of the web.'

    But the thing is, he did not invent the internet. The internet is a huge set of technologies (in the hundreds of thousands) developed by even a bigger set of people from all around the world.

    He is just a bullshit star created by western propaganda. he did not invent shit, even html was created by a huge group of people, not "just him".

    And even then, no point of "inventing" something if nobody is going to use it. The internet is maintained by millions of companies and individuals from all over the world, every single day.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.