Security Researchers Worried About Newly Approved Web DRM Standard
Ashley Allen / 6 years ago
Earlier this week, the World Wide Web Consortium (W3C) approved a DRM standard for the web. The standard – Encrypted Media Extensions (EME) – is designed to protect copyrighted content, such as Netflix videos, from piracy. However, its implementation has deeper implications for free web use. The Electronic Frontier Foundation, in particular, objects to the approval of EME. It argues that the standard gives providers of both content and internet browsers too much control over Internet users.
EME “Will Break People, Companies, and Projects”
Tech journalist and EFF member Cory Doctorow leads the organisation’s complaint against EME. Doctorow says that the DRM prevents security researchers legally investigating its code for vulnerabilities. He also argues that EME impedes the lawful acquisition of copyrighted content under fair use:
“EFF objects to DRM: it’s a bad idea to make technology that treats the owner of a computer as an adversary to be controlled, and DRM wrecks the fairness of the copyright bargain by preventing you from exercising the rights the law gives you when you lawfully acquire a copyrighted work (like the rights to make fair uses like remix or repair, or to resell or lend your copy).
Under [United States DMCA Section 1201], people who bypass DRM to do legal things (like investigate code defects that create dangerous security vulnerabilities) can face civil and criminal penalties.
This will break people, companies, and projects, and it will be technologists and their lawyers, including the EFF, who will be the ones who’ll have to pick up the pieces. We’ve seen what happens when people and small startups face the wrath of giant corporations whose ire they’ve aroused. We’ve seen those people bankrupted, jailed, and personally destroyed.”
Instead, the EFF proposed an alternative security policy:
“A covenant, modeled on the existing W3C member-agreement, that would require members to make a binding promise only to use the law to attack people who infringed copyright, and to leave people alone if they bypassed DRM for legal reasons, like making W3C-standardized video more accessible for people with disabilities.”
Hundreds of researchers and websites – even some W3C members – endorsed the covenant proposal, but W3C rejected it outright. Ignoring objections, the W3C later announced that EME would contain no compromises whatsoever. The EFF’s response:
“We’re dismayed to see the W3C literally overrule the concerns of its public interest members, security experts, accessibility members and innovative startup members, putting the institution’s thumb on the scales for the large incumbents that dominate the web, ensuring that dominance lasts forever.”
Unless appeals are successful, EME is coming to the web soon.