Will the W3C strike a bargain to save the Web from DRM?

The World Wide Web Consortium, which makes the standards the Web runs on, continues to pursue work on DRM — technology that you can't connect to without explicit permission, and whose bugs can't be reported without legal jeopardy lest you weaken it.

At the Electronic Frontier Foundation, we asked the W3C not to do this on principled grounds, saying that a standards body shouldn't be trying to create technology you're not allowed to connect to, nor introducing long-lived reservoirs of bugs into browsers. But they went ahead.

So we came back with another proposal, modelled on the W3C's existing policies: make DRM, but require those who participate in DRM-creation to promise not to sue people just for making interoperable technology or reporting vulnerabilities. If the companies who've joined the W3C for the purpose of making interoperable DRM are really there to make something interoperable — rather than to get the W3C's blessing on a technology whose major purpose is to let them sue programmers engaged in normal activity that's vital to the open Web — they'll agree.

Now the W3C group that is working on DRM is having its charter renewed and the W3C polled its members, many of whom came forward to ask for the EFF's proposal to be added to the group's charter. The W3C's leadership has to decide what to do — will they adopt DRM without any protection for the open Web, or will they stick to the principles that made them so vital to the Web's growth?

This isn't the first collision between proprietary rights and the W3C. In 1999, the W3C had to decide what to do about software patents. These patents were and are hugely controversial, and the W3C was looking for a way to be neutral on the question of whether patents were good or bad, while still protecting the Web's openness to anyone who wanted to develop for it.

They came up with a brilliant strategy: a patent nonaggression policy—a policy we modelled our DRM proposal on. Under this policy, participation in a W3C group meant that you had to promise your company wouldn't use its patents to sue over anything that group produced. This policy let the W3C take a position on the open Web (the Web is more open when your risk of getting sued for making it better is reduced) without taking a policy on whether patents are good.

The DRM covenant does the same thing. Without taking a position on DRM, it takes the inarguable position that the Web gets more open when the number of people who can sue you for reporting bugs in it or connecting new things to it goes down.

The World Wide Web Consortium is at a crossroads. Much of the "Web" is disappearing into apps and into the big companies' walled gardens. If it is to be relevant in the decades to come, it must do everything it can to keep the Web open as an alternative to those walled gardens. We're trying hard to help them do that. But if the W3C executive won't take the lead on keeping the Web open, they must, at a minimum, not impede those who haven't given up the fight.

You Can't Destroy the Village to Save It: W3C vs DRM, Round Two

(Image: HAL's camera eye, Cryteria, CC BY 3.0)