Internet Archive: "DRM for the Web is a Bad Idea"

Brewster Kahle, who invented the first two search engines and went on to found and run the Internet Archive has published an open letter describing the problems that the W3C's move to standardize DRM for the web without protecting otherwise legal acts, like archiving, will hurt the open web.

The W3C voted last week on whether or not to publish its DRM standard, and many members said that they would not support publication unless accompanied by a protective covenant to safeguard those who bypass DRM for legitimate purposes, such as archiving, security disclosures, accessibility and innovation.

There was some work done on this protective covenant in 2016, but it terminated when the DRM advocates at the W3C voted to walk away from the table, and now more than a year has gone by with no progress on this front.

As a result, there is nothing like consensus at the W3C over publishing its DRM standard, leaving the organization in uncharted territory.

At your request we have assessed what the possible effects of the Encrypted Media Extensions (EME) as a W3C recommendation would be.

We believe it will be dangerous to the open web unless protections are put in place for those who engage in activities, such as archiving, that are threatened by the legal regime governing the standard.

One major issue is that people who bypass EME, even for legitimate reasons, have reason to fear retaliation under section 1201 of the US Digital Millennium Copyright Act, and laws like it around the world, such as Article 6 of the European Union Copyright Directive, which indiscriminately bar circumvention even for lawful purposes. Locking up standards-defined video streams with DRM could put our archiving activities at serious risk. Moreover, EME opens the possibility that DRM could spread to non-video content such as typography or images, which poses an even more existential threat. Web archiving and the Wayback Machine would suffer.

DRM for the Web is a Bad Idea [Brewster Kahle/Internet Archive]

Notable Replies

  1. One can lockout one's entire site from the Internet Archive merely by making an alteration to the robots.txt file on one's server. Why should DRM pose an existential threat?

  2. It's actually worse than that. If you own a defunct domain, you can lock out everyone from the archive copy of the old site by putting a robots.txt file on your current squatter site. Which is completely insane, but that's how the internet archive has decided to implement their policy for the robots.txt "do not archive" bit.

  3. DRM introduces the opportunity for website operators to pursue criminal charges against people who circumvent their DRM, even in cases where the circumvention is a protected fair-use action under copyright law. By enforcing DRM as a browser standard across the web, as opposed to an opt-in add-on service, browsers become a tool for enforcing copyright, creating an existential legal threat to fair use in general. What Internet Archive does is specifically threatened, but as a fair-use advocate, its stake in the fight to protect fair use has much broader implications. If the DMCA (and related international laws) allowed DRM circumvention under fair-use, this would be a non-issue.

  4. I am sure they don't remove said sites from their Archie's, just from the public index. Any notion on if removing robots.txt will drop the site's archives back into the public index?

  5. Don't worry, every major browser had implemented EME for over a year before the W3C even considered adding it to the standard, and it has had zero impact on security researchers this entire time. Adding it to the standard is simply formalizing what has already been implemented for some time, it doesn't change anything.

    Adding it to the standard is simply formalizing something that has been around since 2013. EME and the W3C standard contains ZERO DRM, there isn't any DRM in the standard nor in EME. EME is a secure way of discovering and connecting to third party DRM CDMs (content decryption modules). It is moving the access point from insecure plugins with system wide access to the secure video tag which can be sandboxed, which dramatically improves user privacy and security. Seriously there isn't any DRM in the proposed standard, not a single line, not even one character of DRM code. All DRM code remains outside the standard as it always has been.

Continue the discussion

5 more replies