Tim Berners-Lee: The Web needs to stay open, but DRM is fine by me

AUSTIN—The knight who invented the World Wide Web came to SXSW to point out a few ways in which we're still doing it wrong.

Tim Berners-Lee's "Open Web Platform: Hopes & Fears" keynote hopscotched from the past of the Web to its present and future, with some of the same hectic confusion that his invention shows in practice. (The thought that probably went through attendees' heads: "Sir Tim is nervous at public speaking. Just like us!")

But his conclusion was clear enough: The Web is our work, and we shouldn't put our tools down.

The British scientist led off with some candy for the audience at the Austin Convention Center, in the form of stories about developing the Web on the "beautiful magnesium box" that was his NeXT workstation. Did you know that the Web's original default port was 2784 because low-numbered ports such as 80, today's default, needed root access?

"The Gopher people had 79, which was so much less cool," said Berners-Lee, drawing knowing laughter.

But the most important part of the Web's origins was its simple open-ness. Before writing a program that could connect to a program on another computer, he said, "I didn't have to ask anybody."

That paved a path to Berners-Lee's points on preserving the Web as a space where any compatible device works. As he put it: "The Web worked because HTML didn't say anything about the platform you were on."

Part of Berners-Lee's sermon involved encouraging people to see the Web as the ultimate app store.

Local apps can easily do things like access a phone's camera, but the mobile Web is catching up with standards to let HTML apps talk to components such as accelerometers, which let programs respond when we tilt or shake our devices.

HTML5 is also pulling in such media capabilities as video conferencing; Berners-Lee pointed the audience to WebPlatform.org, a hub for those efforts.

Web apps, in turn, comply with Berners-Lee's "principle of least power," a rule of simplicity, security and interoperability he defined as "If you're going to transmit something, you should use the least powerful language that you can."

He did not, however, present himself as an opponent of digital locks. During a post-talk Q&A, he defended proposals to add support for "digital rights management" usage restrictions to HTML5 as necessary to get more content on the open Web: "If we don't put the hooks for the use of DRM in, people will just go back to using Flash," he claimed.

Berners-Lee's biggest fear is not a mobile experience dominated by iOS or Play Store apps, but one in which the basic protocols of the Web are eaten away by ISP interference and state surveillance.

Deep packet inspection, for example, allows third parties to "look at all the stuff you're looking up on the Web, and store it, and use it." An Internet provider might employ that to sell ads or charge some sites and services extra; a government could exploit it to slow or disconnect sites it considers harmful.

In all of those warnings, exhortations and technical digressions (such as the virtue of coding in Objective-C, the declining cost of displays that may leave taxis "covered in pixels," the perils of "Turing-complete" languages), however, Berners-Lee didn't emphasize one of the most important features of his invention: the fact that it was also open-source. It fell to introducer John Perry Barlow to make that point.

"One of the more important things that Tim Berners-Lee did was what he didn't do," added the Electronic Frontier Foundation co-founder. "He did not say World Wide WebTM"


  1. Granted, he was no Isaac–or even Doc. And he certainly couldn’t hold a candle to Julie McCoy… but I see no reason to keep bashing Gopher.

  2. If you are putting the “hooks in” for that DRM stuff it’ll get wildly missused to:

    – Install rootkits on users machines
    – Start off another format war
    – Kneecap the competition
    – Eradicate any user privacy and security

    People just going to flash is the lesser of two weevils.

    1. There’s two distinct classes of “DRM”, as practised, today –

      The DRM embodied in Second Life’s platform, where the client enforces restrictions set by the vendor, including whether further revendors can set restrictions, mash up, resell, charge, etcetera etcetera etcetera, but which someone can (largely) (if not strictly legally) get around if they choose, ensuring they are cognisant of the implications of their actions;

      The DRM embodied in ebooks and music, which is an excuse for installing root kits, format wars, locking up distribution channels, and obliterating respect for customers and usability, with life-ruining consequences for being even accused of approaching the fence.

      One is the equivalent of a sign and a screen door; the other is a high-voltage fence.

      1. We’re talking about the electric fence kind with HTML.

        Broadcasters like the BBC have explicitely desired its definition to be legally enforcable. They are explicitely cooperating with microsoft, netflix, google and apple to lock down your computer so you will not have a chance to grab frames from the DRMed video. Which will end in the rootkit kind of scenario and all that other stuff. Netflix is cooperating with the MPAA and MPEG-LA to create formats to exclude its competitors from the market. The big four (Sony foremost) are already drafting contracts for netflix (and others) to exclude their content if one of the HTML-DRM implementations should fall prey to pwns.

        We’re talking the electric fence kind of DRM squared. This is the DRM to end all DRMs, and they will push browser vendors to bundle the rootkit with their browsers. Mozilla is already running up the walls for probably being forbidden to even talk to the DRM runtimes the loonies from the MAFIAA are proposing.

        1. “… should [the implementations] fall prey to pwns”

          And of course, they will : history has demonstrated again and again that somebody, somewhere, will divulge or discover the inevitably-purposely-kneecapped encryption keys used by the “trusted computing architecture” to authenticate – whether that’s an XOR’d byte sequence dumped from the ROM of a consumer product (AirPlay) or a collision-prone implementation (hdmi?) or a disgruntled employee or a third-party vendor, or just pure crackability (CSS(DVD encryption, not browser style sheets)).

          Then we get scenarios where, when one person can find out and publish one piece of information, and it produces a legally-enforced denial of service to thousands / millions of people.

          1. No argument on if it gets pwned, just a question of when. However this is sort of a funny situation see.

            So Microsoft is all hot&bothered over this HTML-DRM, they’re pulling like 3 teleconferences for the standard body a week over this. Why?

            Well, see the DRM that Microsoft would support on their platform would be a different flavor than say Apples DRM. So why shouldn’t Microsoft help along a bit, pwning Apples DRM, anonymously of course, plausibly deniable, therefore instantly crippling all Apples devices from playing back DRMed HTML video…

            It’s gonna be pretty horrible there when they push this silly stuff trough.

          2. I can see the future, and it’s filled with JavaScript snippets that say

            if(navigator.appName.indexOf(“Internet Explorer”)!=-1){
            var badBrowser=(
            navigator.appVersion.indexOf(“MSIE 9″)==-1 &&

  3. The type of traffic that is used as an excuse for Deep Packet Inspection is the  type of traffic that netizens use to circumvent Digital Rights Management, which is, as some say round here, Broken By Design.
    The more we enable DRM in technology, the greater the desire to get around it, and the greater the incentive to use arbitrary, universal DPI will be, eventually eliminating privacy for individuals from oversight by corporate interests. I cannot think of a counterargument that makes this sequence avoidable, unless it is for us to accept our utter subjugation to corporate, fascist, interests.

Comments are closed.