Human rights coalition from the global south to W3C: don't put DRM in web standards!

The Just Net Coalition -- whose membership roll includes leading human rights organisations from across the global south -- have written urgently to the World Wide Web Coalition and its founder, Tim Berners-Lee, calling on him to intervene to stop the Consortium from publishing its first-ever DRM standard, a system for restricting video streams called Encrypted Media Extensions.

The Coalition calls EME a form of "digital colonialism" that will impose "US law on the entire world through the agency of an ostensibly neutral standards-making organization purporting to act in the broad global public interest."

They endorse EFF's proposal to permit DRM without compromising fundamental rights, including free speech rights (a concern raised by UNESCO), security research, adaptation for disabled people, and innovation.

Members are currently voting on whether to publish EME as a W3C standard. The vote closes tomorrow.

The Just Net Coalition has long supported your positions on the Open Web, as well as the W3C and Web Foundation's efforts to keep the Web open and accessible for all. Due to financial constraints, most people in the Just Net Coalition and in the larger civil society cannot afford to attend standards meetings or pay W3C’s fees to allow us to participate in the W3C gatherings. We have no choice but to ask you Sir Tim, (and the W3C) directly and personally, to listen to this input from civil society and to reject the transition of EME to a W3C Recommendation. Given that, as Director of the W3C it is within your power to veto further work or standardization on EME and so halt the spread of DRM, it is, in our view, your moral responsibility to reject EME. You must take action on DRM, or significant damage will be done to your legacy of defending an Open Web. At a minimum, you should demand that the W3C recommend that browsers provide adequate “opt-in” user control and work to establish the protection for users given by the EFF covenant.

The Internet pioneer Louis Pouzin put it very aptly, “Institutional standards should not contain elements pushed in by lobbies, since they are detrimental to public interests. Of course lobbies have financial and political means to ignore or distort standards in their products, but they want more. They need the guarantee of a reputable standard institution or outstanding individuals to boost the legalization of their marketing strategy. Resisting lobbies pressure is the name of the game for keeping a respected reputation.”

The web stands at a crossroad. We sincerely hope that you are willing and able to exercise your global leadership role and responsibility on the topic of DRM. Please note that the Just Net Coalition and associated sympathetic groups around the world will help you in any way possible in this effort if you take a stand by vetoing EME's progress at the W3C.

Open letter from Just Net Coalition to Sir Tim Berners-Lee seeking his urgent intervention to stop acceptance of Encrypted Media Extensions as a W3C standard [Just Net Coalition]

Notable Replies

  1. I still feel confused every time this comes up. Here is my understanding of the issue:

    The W3C sets standards for the web, but if you are using the web through a commercial product (like a browser you didn't write yourself) it's up to the creator of that product to implement those standards. display-inline is a standard option for the display attribute in css but if I use an older browser I might need to implement with float and clear, or maybe none of that is supported at all. So creating a standard is creating an accepted set of ways that browsers will communicate with web pages about how EMEs work, not creating the DRM itself. This is more like standard set of commands to talk to DRM systems so that all the web browsers know how to implement things if they want their browsers to be compatible with websites with protected content.

    Right now if I watch a video online it is likely through Flash or Silverlight, plugins that I run in my browser. These plugins are doing the same work that the EMEs are going to do, but in a way that is totally controlled by a third party. If I don't want DRM I can disable these plugins, but the result of that is I can't watch Netflix or Youtube (and many other things). If EMEs take the place of these, then not implementing them would mean the same - no Netflix, Youtube, etc. If EMEs are not put in as a standard then we'll continue to work with the plugin solution which means having and extra party to be beholden to.

    The DMCA is a shit law but it's also an American law. It's absurd that the act of circumventing DRM is itself illegal, but it's only illegal in countries that have made it illegal. Putting EMEs in the W3C doesn't make the DMCA apply in India. But similarly, if the W3C takes a stand against DRM that won't have any impact on the DMCA's application in America or in the delivery of content protected by DRM through plugins.

    I get that people are fighting this and I feel like there is a subtlety to the whole thing I'm missing. I've read the statement about it from the W3C. I've communicated with Mozilla about their decision to include this functionality in Firefox if it becomes a standard. I feel like this is a step in the right direction - including a standard for something that the majority if web users want but that is currently only accessibly through plugins.

    Most users are at the mercy of browsers and at the mercy of the companies that supply content through browsers. Most users of how risky something like Flash is. Is this change going to make those things better, worse, or no change? My impression at this point is that it won't change the extent to which users are at the mercy of content providers but that it will reduce user risk from plugins.

  2. The DMCA's provisions are mirrored in the legal systems of every industrialized nation except Israel. In the EU, they're part of the EUCD (Article 6); in Canada, Bill C-11; in Australia it's part of the country's bilateral Free Trade Agreement with the US; it is part of the Central American Free Trade Agreement and the bilaterals with the Andean nations; in New Zealand, bill 92A.

    To be clear, the W3C is not being asked to choose between "standardizing DRM" and "not standardizing DRM." The current vote is really a choice between "standardizing DRM without shielding the open web from laws like the DMCA" and "making DRM, but simultaneously extending the existing W3C policy framework to include the new laws in play that come with DRM standardization."

    The W3C already makes its members surrender their patent rights as a condition of participation. Danny Weitzner, who created that policy at the W3C, has endorsed EFF's proposal to extend it to cover the rights members will get under the DMCA (and global lookalikes) once the W3C starts standardizing DRM.

    To put it more succinctly, DRM is a fact of life for premium web content.

    I think a lot of people would have said this about music, but over the past decade, DRM for music has disappeared, even in streaming services. It's also gone away for library audiobooks -- a pure "rental" model!

    Without the old APIs that HTML5 gets rid of, implementing DRM was transcendentally hard: every browser and every streaming service needed to set up explicit deals to make them work. That level of complexity might well have sent video DRM to the same trashheap of history that music DRM ended up on.

    Would you rather have it standardized or stick with the status quo of what we have today (completely proprietary, non-interoperable, and unportable)?

    Let's stipulate that DRM is inevitable: it still doesn't follow that the W3C can or should make it better.

    As a counterexample, consider "lawful interception" tools, the cyberweapons that police forces use to break into the browsers of their suspects to spy on them. These are a thing in the world that isn't going away soon, and they're a mess: dangerous, sloppy, and prone to abuse. A W3C standardization of back-doors in browsers might indeed make them "better."

    But the W3C won't standardise lawful interception tools (I hope!) because these are antithetical to the goal of making an open web that empowers its users, rather than controlling them.

    The W3C doesn't solve everyone's web-related problems, nor should it. It isn't standardizing ads that can defeat ad-blockers, or cookies that can't be rejected, or many other difficult-to-perfect tools that address real business needs of many web stakeholders, because the W3C explicitly rejects solving problems that make the web more closed.

    The argument that users benefit when bad things work well can be applied to literally any technology, no matter how user-hostile. The W3C needs to explain why standardised DRM is good for the open web, beyond being notionally better than proprietary DRM.

  3. [citation needed]

    Purchased media, sure. But, streaming media? Apple Music, Spotify, and Groove wrap all their streamed media in DRM.

    (ETA and thank you for taking the time to reply!)

  4. You're right, but many (notably Youtube, arguably the most successful streaming music service on the web) do not -- and as mentioned, neither do library audiobook loans, which are $20-80 products that the user is explicitly not allowed to save. So I think the conclusion we can draw is that DRM occurs sometimes, and not others, and is not inevitable.

    But back to the main point, the W3C isn't being asked to walk away from making DRM; it's being asked to bring its membership policies into line with the new risks that arise from doing so.

  5. Okay, this part of it makes sense to me. I still think this would have limited effect - the law would still be the law, and if circumventing DRM is against the law then that doesn't require the rights holder of the content protected by DRM to be involved. You could say, "I'll never use the DMCA" but people could still be punished under the DMCA for illegal use of your product.

    This has me sold.

Continue the discussion

3 more replies