The Web is 25 today, and its inventor, Tim Berners-Lee, has called for a "Magna Carta" for the Web, through which the people of the world will articulate how they want to curtail their governments' adversarial attacks on Internet freedom. Berners-Lee is particularly concerned with the Edward Snowden revelations about mass surveillance and systematic government sabotage of Internet security.
I'm delighted to see Berners-Lee tackling this. Everything we do today involves the Web and everything we do tomorrow will require it; getting Web policy right is the first step to getting everything else right.
I hope that this also signals a re-think of Berners-Lee's endorsement of the idea of standardizing "digital rights management" technology for Web browsers through the W3C. The majority of the Web's users live in a country in which it is illegal to report on vulnerabilities in DRM, because doing so might help to defeat the DRM's locks. The standardization of DRM in the deep structures of the Web means that our browsers will become reservoirs of long-lived, critical bugs that can be used to attack Web users -- just as Web users are massively expanding the activities that are mediated through their browsers.
If we are to have a Web that is fit for a free and fair world, it must be a Web where researchers are free to warn users about defects in their tools. We wouldn't countenance a rule that banned engineers from telling you if your house was structurally unsound. By standardizing DRM in browsers, the W3C is setting in place rules that will make it virtually impossible to know if your digital infrastructure is stable and secure.
Read the rest
My latest Guardian column is "What I wish Tim Berners-Lee understood about DRM," a response to the Web inventor's remarks about DRM during the Q&A at his SXSW talk last week.
Additionally, all DRM licence agreements come with a set of "robustness" rules that require manufacturers to design their equipment so that owners can't see what they're doing or modify them. That's to prevent device owners from reconfiguring their property to do forbidden things ("save to disk"), or ignore mandatory things ("check for regions").
Adding DRM to the HTML standard will have far-reaching effects that are incompatible with the W3C's most important policies, and with Berners-Lee's deeply held principles.
For example, the W3C has led the world's standards bodies in insisting that its standards are not encumbered by patents. Where W3C members hold patents that cover some part of a standard, they must promise to license them to all comers without burdensome conditions. But DRM requires patents or other licensable elements, for the sole purpose of adding burdensome conditions to browsers.
The first of these conditions – "robustness" against end-user modification – is a blanket ban on all free/open source software (free/open source software, by definition, can be modified by its users). That means that the two most popular browser technologies on the Web – WebKit (used in Chrome and Safari) and Gecko (used in Firefox and related browsers) – would be legally prohibited from implementing whatever "standard" the W3C emerges.
What I wish Tim Berners-Lee understood about DRM
Tim Berners-Lee, inventor of the World Wide Web, has blasted the UK government's Draft Communications Bill, which will allow bulk, warrantless, unaccountable surveillance of all Internet traffic by government agencies in the UK. TBL rightly points out that this will overturn the whole UK tradition of freedom and privacy. The Open Rights Group has a campaign to kill the bill, and you can help.
“If the UK introduces draconian legislation that allows the Government to block websites or to snoop on people, which decreases privacy, in future indexes they may find themselves farther down the list,” he said.
Sir Tim Berners-Lee accuses government of 'draconian' internet snooping