PWC threatens to sue security firm for disclosing embarrassing, dangerous defects in its software

ESNC, a German security research firm, discovered a critical flaw in PWC's enterprise software, which would allow attackers to hack into PWC customers' systems; when ESNC gave PWC notice of its intent to publish an advisory in 90 days, PWC promptly threatened to sue them if they did. Read the rest

W3C at a crossroads: technology standards setter or legal arms-dealer?

The World Wide Web Consortium (W3C) is an amazing, long-running open standards body that has been largely responsible for the web's growth and vibrancy, creating open standards that lets anyone make web technology and become part of the internet ecosystem. Read the rest

HTML standardization group calls on W3C to protect security researchers from DRM

The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the manufacturer's permission. Read the rest

Podcast: How we'll kill all the DRM in the world, forever

I'm keynoting the O'Reilly Security Conference in New York in Oct/Nov, so I stopped by the O'Reilly Security Podcast (MP3) to explain EFF's Apollo 1201 project, which aims to kill all the DRM in the world within a decade. Read the rest

Australian media accessibility group raises red flag about DRM in web standards

Media Access Australia is the only Australian nonprofit that advocates for making media accessible to people with disabilities -- and they're also a member of the World Wide Web Consortium (W3C), an open standards body that disappointed its supporters when it bowed to the big entertainment and browser companies and agreed to make a DRM system for online video. Read the rest

As browsers decline in relevance, they're becoming DRM timebombs

My op-ed in today's issue of The Tech, MIT's leading newspaper, describes how browser vendors and the W3C, a standards body that's housed at MIT, are collaborating to make DRM part of the core standards for future browsers, and how their unwillingness to take even the most minimal steps to protect academics and innovators from the DMCA will put the MIT community in the crosshairs of corporate lawyers and government prosecutors. Read the rest

I'm profiled in the Globe and Mail Report on Business magazine

The monthly Report on Business magazine in the Canadian national paper The Globe and Mail profiled my work on DRM reform, as well as my science fiction writing and my work on Boing Boing. Read the rest

Google's version of the W3C's video DRM has been cracked

Since 2013, the World Wide Web Consortium (W3C) has been working with the major browser companies, Netflix, the MPAA, and a few other stakeholders to standardize "Encrypted Media Extensions" (EME), which attempts to control web users' behavior by adding code to browsers that refuses to obey user instructions where they conflict with the instructions sent by video services. Read the rest

Video: Guarding the Decentralized Web from its founders' human frailty

Earlier this month, I gave the afternoon keynote at the Internet Archive's Decentralized Web Summit, speaking about how the people who are building a new kind of decentralized web can guard against their own future moments of weakness and prevent themselves from rationalizing away the kinds of compromises that led to the centralization of today's web. Read the rest

W3C DRM working group chairman vetoes work on protecting security researchers and competition

For a year or so, I've been working with the EFF to get the World Wide Web Consortium to take steps to protect security researchers and new market-entrants who run up against the DRM standard they're incorporating into HTML5, the next version of the key web standard. Read the rest

How security and privacy pros can help save the web from legal threats over vulnerability disclosure

I have a new op-ed in today's Privacy Tech, the in-house organ of the International Association of Privacy Professionals, about the risks to security and privacy from the World Wide Web Consortium's DRM project, and how privacy and security pros can help protect people who discover vulnerabilities in browsers from legal aggression. Read the rest

Save Firefox: The W3C's plan for worldwide DRM would have killed Mozilla before it could start

The World Wide Web Consortium has been co-opted into standardizing a DRM scheme for letting entertainment companies control your browser; what's more, they've rejected even basic safeguards for competition, changing the browser landscape in a way that threatens the kind of disruptive innovation that gave us the Mozilla project and the Firefox browser. Read the rest

Save iTunes: how the W3C's argument for web-wide DRM would have killed iTunes

The World Wide Web Consortium's plan to standardize web-wide digital rights management is based on the idea that if an entertainment company doesn't like a new technology, it should have the right to prevent that technology from coming into being. Read the rest

How standardizing DRM will make us all less secure

After decades of fighting for open Web standards that let anyone implement software to receive and render online data, the World Wide Web Consortium changed course and created EME, a DRM system that locks up video in formats that can only be played back with the sender's blessing, and which also gives media giants the power to threaten and sue security researchers who discover bugs in their code. Read the rest

The open web's guardians are acting like it's already dead

The World Wide Web Consortium -- an influential standards body devoted to the open web -- used to make standards that would let anyone make a browser that could view the whole Web; now they're making standards that let the giant browser companies and giant entertainment companies decide which browsers will and won't work on the Web of the future. Read the rest