Submit a link Features Reviews Podcasts Video Forums More ▾

ANSI starts to publish standards that have been made into law, in insanely crappy form

Rogue archivist Carl Malamud has been fighting to publish the building and safety codes that have been incorporated into the law, but which you have to pay to see. He's published thousands and thousands of pages' worth of safety codes, and is being sued by some of the standards bodies. Now, he writes: "An announcement from Joe Bhatia, the leader of the American National Standards Institute, says 'A standard that has been incorporated by reference does have the force of law, and it should be available.'"

Read the rest

W3C's DRM for HTML5 sets the stage for jailing programmers, gets nothing in return

An excellent editorial by Simon St. Laurent on O'Reilly Programming asks what the open Web has gained from the World Wide Web Consortium's terrible decision to add DRM to Web-standards. As St Laurent points out, the decision means that programmers are now under threat of fines or imprisonment for making and improving Web-browsers in ways that displease Hollywood -- and in return, the W3C has extracted exactly zero promises of a better Web for users or programmers.

Read the rest

Public.resource.org explains to the Mississippi Attorney General's Office that a law is only a law if it's published


Rogue archivist Carl Malamud is publishing the world's safety codes. Some governments disapprove. He writes, "Upon receipt of a Certified Letter of Takedown from the Special Assistant Attorney General of Mississippi, Public.Resource.Org prepared a 67-page response, enclosed a Trodart Professional-Grade Self-Inking Rubber Stamp inscribed with a revolutionary saying ('If it isn't public, it isn't a law.'), packed it all up with a Mississippi flag made of crinkle-pak, and dispatched the parcel back to the sender. "

Read the rest

Firefox bug: "Pledge never to implement HTML5 DRM"

Chris Sherlock has filed a bug against Firefox in Mozilla's bugzilla bug-tracker, entitled "Pledge never to implement HTML5 DRM." It's an interesting way of using the open/transparent development protest to allow Web developers to voice their opinion on the World Wide Web's terrible, awful decision to standardize DRM for browsers. As the W3C's overseer for HTML5 has written, the only reason for DRM in HTML5 is to prevent legal innovation, not to stop piracy.

Read the rest

W3C green-lights adding DRM to the Web's standards, says it's OK for your browser to say "I can't let you do that, Dave"


Here's the bad news: the World Wide Web Consortium is going ahead with its plan to add DRM to HTML5, setting the stage for browsers that are designed to disobey their owners and to keep secrets from them so they can't be forced to do as they're told. Here's the (much) worse news: the decision to go forward with the project of standardizing DRM for the Web came from Tim Berners-Lee himself, who seems to have bought into the lie that Hollywood will abandon the Web and move somewhere else (AOL?) if they don't get to redesign the open Internet to suit their latest profit-maximization scheme.

Danny O'Brien from the Electronic Frontier Foundation explains the wrangle at the W3C and predicts that, now that it's kosher to contemplate locking up browsers against their owners, we'll see every kind of control-freakery come out of the woodwork, from flags that prevent "View Source" to restricting embedded fonts to preventing image downloading to Javascript that you can't save and run offline. Indeed, some of this stuff is already underway at W3C, spurred into existence by a huge shift in the Web from open platform to a place where DRM-hobbled browsers are "in-scope" for the WC3.

Read the rest

Public Resource kickstarting free, open publication of the world's safety standards

We've written often about Carl Malamud, the rogue archivist who has devoted his life to making the world's laws, standards, and publicly owned information into free, accessible, beautiful online documents. Now, I'm pleased to help him launch an ambitious, vital Kickstarter project aimed at raising at least $100,000 to turn the world's public safety codes into thoroughly linked, high-quality HTML documents (presently, many of the 28,040 public safety codes that Carl and public.resource.org have put online exist as scanned bitmaps that can't be searched or linked). The project involves a careful re-typing of all that scanned material and re-tracing of images and formatting them as vector-based SVG files.

Carl and his colleagues have fought in the courts for their right to publish the law that we, the people, are expected to follow. They have passed on lucrative careers in the private sector to devote themselves to public interest, public spirited work that makes the sourcecode for the world's governments available at our fingertips. The work they are doing unlocks untold billions in value -- from being able to ensure that your weekend DIY rewiring project meets code and won't burn down your house, all the way up to giving workers in deadly factories in Bangladesh access to the laws that are supposed to be honored in their workplaces.

$115 gets you a copy of their giant, amazing book of global safety standards, but there are interesting and awesome premiums at price-ranges from $10 (public acknowledgement on the Wall of Safety) to $475 (the Big Box of Propaganda!). I've put in my $115 -- not for the book, but as a way to thank Carl and co for the amazing work they do, and as a means of funding more of it. I hope you'll give, too.

Read the rest

IETF proposal to Prism-proof the Internet

A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.

Read the rest

This is the crypto standard that the NSA sabotaged

The New York Times has published further details of last week's leaked documents detailing the NSA's program of sabotage to crypto products and standards. The new report confirms that the standard that the NSA sabotaged was the widely-suspected NIST Dual EC DRBG standard. The Times reports that the NSA then pushed its backdoored standard through the International Organization for Standardization and the Canadian Communications Security Establishment.

NIST has re-opened the comments on its standard with the hope of rooting out the NSA sabotage to the random number generator and restoring trust in its work products.

Read the rest

Firsthand account of NSA sabotage of Internet security standards


On the Cryptography mailing list, John Gilmore (co-founder of pioneering ISP The Little Garden and the Electronic Frontier Foundation; early Sun employee; cypherpunk; significant contributor to GNU/Linux and its crypto suite; and all-round Internet superhero) describes his interactions with the NSA and several obvious NSA stooges on the IPSEC standardization working groups at the Internet Engineering Task Force. It's an anatomy of how the NSA worked to undermine and sabotage important security standards. For example, "NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!)."

Read the rest

All of India's public safety standards now online for free

Rogue archivist Carl Malamud writes,

For the first time, a full standards bureau is now available on the Internet for people to examine. This archive is published for the people of India and the people of the world who wish to see the technical specifications for public safety that govern our modern society. The archive includes 18,825 standards. Many of them have txt file extracts and over 600 are already available in HTML, SVG, or MATHML renditions.

Read the rest

EFF and Public Resource fight back against copyrighted, paywalled laws

Rogue archivist Carl Malamud sez, "Happy mutants may remember a post on August 8 about why standards bodies explain why access to standards should be copyrighted and paywalled. The piece explained the perspectives of Standards Development Organizations (SDOs) in their suit against Public.Resource.Org. I'm pleased to announce that in the matter of SDOs v. Internet, Team Internet has now made a first appearance. EFF has the details on their site." Cory 3

Standards bodies explain why they think the law should be copyrighted and paywalled


Public Resource is being sued for publishing building standards that the public is legally required to follow. These standards were developed by private-sector industry bodies who make millions off of access fees charged to the public. In other words, a large block of American law is privately owned, secret, and accessible only for a fee. Three Standards Development Organizations (SDOs) are suing and they've released a statement to the media explaining why the law should not be free for all.

The SDOs underwrite the substantial costs of developing standards, in whole or in significant part, by relying on revenues from the sales and licensing of their copyrighted standards. This funding model allows SDOs to remain independent of special interests and to develop up-to-date, high quality standards.

An article in the Washington Post's Wonkblog by Lydia DePillis delves more deeply into the issue:

There are various pieces of administrative precedent and case law in different courts that support either side. Essentially, though, it’s a question of principle vs. practicality: Code is law, Malamud says, and it’s owned by the public. But good code is also expensive, the standards development groups maintain, and charging for copies is the least bad way to pay for it.

(Thanks, Carl!)

EFF and Public Resource win: public safety standards aren't copyrighted

Dave from the Electronic Frontier Foundation sez, "Remember that time an air-conditioning association tried to bully Carl Malamud into taking down safety standards from Public.Resource.Org, claiming they owned the copyright to a public law? Well, Carl and EFF fought back--and won. The Sheet Metal and Air Conditioning Contractors Association backed down and signed an agreement allowing Public.Resource.Org to publish the safety standards. It's a major win for free speech and open government." From the article: "Whether it's the Constitution or a building code, the law is part of the public domain," (EFF Intellectual Property Director Corynne McSherry). Cory 0

W3C insider explains what's wrong with cramming DRM into HTML5 - and what you can do about it

I've written before here about the move to get the World Wide Web consortium (W3C) to cram digital rights management (DRM) into the next version of HTML, called HTML5. This week, EFF filed a formal objection with the group, setting out some of the risks to the open Web from standardizing DRM in the Web's core technical specs. Now, writing in the Guardian, W3C staffer Dr Harry Halpin makes an important, well-thought-through case for keeping DRM out of the HTML5 standard. Haplin's got an invaluable insider view of the "crisis of representation" that let a few giant companies shift the most open, most vital standards body involved with the Web into the position of standardizing ways to have your computer and browser take control away from you, and to set the stage for a ban on free and open source software in Web browsers and computers.

The most important part is what you can do to help shift the direction of the W3C back towards the open Web:

The Advisory Committee of the W3C is composed of companies as well as universities and non-profits. If your employer is a W3C member, now is the time to open the discussion internally with your management. Questions over whether DRM should be part of the HTML Working Group or part of another Working Group - or outside of W3C entirely! - are dealt with in the review of charters by Advisory Committee representatives. It's at this level that the EFF objected to EME in HTML. If your organisation is not a member, your organisation can join the W3C. W3C membership fees have been adapted to organisations large and small, for-profit and non-profit, start-ups, and for organisations in developing countries.

If you work for a W3C member, now is the time to join the HTML Working Group. The HTML Working Group are working through the technical details of Encrypted Media Extensions in the HTML Working Group Media Task Force. Also, the HTML WG has a very liberal Invited Expert policy to allow participation by those domain experts who don't work for W3C member organisations. Questions and objections that go beyond the technical content and charter are generally considered out of scope.

Questions that go beyond technically working on EME should be aimed at the Restricted Media Community Group, which anyone can join. Unlike Working Groups, W3C Community Groups provide a forum for discussion but do not themselves publish standards. Disappointingly, so far the discussion has been pretty weak, but this Community Group is monitored by many people deeply involved in the DRM debates.

Also, W3C Working Groups such as the HTML Working Group take technical comments from anyone on the entire web. Public comments can be made by ordinary users; the Working Group must formally address these comments if the comment is within the scope of the charter and done before the standard is complete. That means you can in public comment on EME or any other standard like the cryptographic primitives as pursued by the Web Cryptography Working Group, which can be used to exchange private messages between human rights activists as well as be part of Netflix's plan to switch to HTML5.

DRM and HTML5: it's now or never for the Open Web

EFF files formal objection against DRM's inclusion in HTML5

Regular readers will know that there's a hard press to put DRM in the next version of HTML, which is being standardized at the World Wide Web Consortium (WC3), and that this has really grave potential consequences for the open Web that the WC3 has historically fought to build.

The Electronic Frontier Foundation has joined the WC3 and filed a formal objection to this work item; EFF's Danny O'Brien has written an excellent explanation of what's at stake:

EFF is not the only group concerned here. When EME was finally ultimately declared in-scope for the HTML working group, the decision was made by W3C’s executive team, despite discontent among key standards developers and the subsequent protest of more than twenty thousand technologists and groups, including EFF. While disappointment at that decision outside the W3C has been widespread, the debate on the problems of DRM for that the web platform within the consortium has been muted. Its strategic advisory committee of W3C members has until now not spoken on the decision, despite many of that community having privately expressed concern.

EFF has a lot of experience working within these kinds of standards processes in an attempt to combat the effects of DRM. In 2002, we joined the activities of Broadcast Protection Discussion Group to highlight the dangers of its proposed digital TV DRM standard, which briefly became the government-mandated Broadcast Flag before being struck down in the courts. Subsequently we participated in Europe’s Digital Video Broadcasting (DVB) project, as they considered implementing imposing similar controls on European consumers. This new W3C standard comes from exactly same roots: Hollywood's desire to supress innovation and quash othe wishes of individual computer owners.

The entertainment industry's threats to impose control remain the same: if you don’t do as we say, you won’t get our premium content, and your technology will be rendered irrelevant. As we’ve seen with both music, and digital TV, the threat is empty. Commercial content goes where the users are. And users go where their rights and desires are best respected. We think that the guardian of those rights on the Web should be the W3C, and we’re happy to be help it ensure that remains the case.