Britons! Ask the W3C to protect disabled access, security research, archiving and innovation from DRM


With two days to go until the close of the World Wide Web Consortium members' poll on finalising DRM and publishing it as an official web standard, the UK Open Rights Group is asking Britons to write to the Consortium and its founder, Tim Berners-Lee, to advocate for a much-needed, modest compromise that would protect the open web from the world's bizarre, awful, overreaching DRM laws.


Around the world, DRM is protected by "anti-circumvention" rules that indiscriminately ban bypassing digital locks, even for legitimate purposes, such as adapting technology to help people with disabilities participate in the web.

This legal regime means that the W3C's normal procedures for evaluating its standards are not adequate for DRM. For example, the W3C has a stringent set of accessibility tests, but these normally represent the minimum set of accessibility adaptations for a standard. If your disability requires further adaptation, nothing in a normal W3C standard stops you from making those changes. But since bypassing DRM is against the world's laws, even for legitimate purposes like accessibility, any accessibility tests the W3C checks its DRM against represent the maximum level of adaptation, not the minimum — the floor becomes a ceiling.

This is also true for other legitimate activity, including revealing security defects that endanger literally billions of web users. The W3C has proposed a wholly inadequate fix for this: a voluntary measure that its members can opt into to set out their rules for when they'll choose to sue whistleblowers who reveal defects in their products. This treats the ability to censor bug-reports as a feature, not a bug — and legitimises the idea that companies should have the right, at least some of the time, to decide who can tell the truth about their mistakes.

EFF has proposed a very small, but very important fix that represents a fair compromise: a change to the W3C's existing rules about when its members can sue web developers. Under current rules, W3C members can't use their patents to attack people who implement W3C standards; EFF has proposed that W3C members should also promise not to use DRM laws to attack people who implement the W3C's DRM, including security researchers, archivists, accessibility workers, and competitors who add legal features to the DRM.

Under EFF's proposal, members would still be able to use their DRM rights to sue anyone who was committing an actual offense, like copyright infringement. What EFF is taking off the table is the right to sue over things that no law bans — just because DRM has to be bypassed to accomplish some technological end, it should not be made into a crime.

Open Rights Group is asking UK supporters to write to the W3C's UK office. They will be joining UNESCO, the Royal National Institute for Blind People, Oxford University, Open University, and many other public interest, security, cryptocurrency, research and commercial groups around the world in calling for this compromise — in the teeth of still opposition from the world's largest tech and entertainment companies.

The W3C operates on consensus, and when no consensus can be reached, Tim Berners-Lee has the final say in deciding what it will do. This is easily the most controversial standard in W3C history, and the organisation's future and reputation are on the line. Your email to the UK office will help them make the right choice.

Large media companies have lobbied hard for DRM to be made a web standard. DRM will likely help the largest companies stay large and make it more difficult for new companies to innovate. This is bad for the long-term future of the open web.

When media is without DRM, people with disabilities have options to make that media easier for them to access. Adding DRM's technical restrictions to media risks making the web less accessible for people with disabilities. DRM would restrict our ability to improve subtitles for deaf people, transform colours for colourblind viewers, and easily check video for flashing imagery that can harm people with epilepsy.

The security of the web is also put at risk by making DRM a web standard. DRM hides the code that is running in the browser making it difficult for security researchers to look for flaws that could put users at risk. Finding flaws in DRM could help people bypass DRM. And because bypassing DRM is illegal in many countries, researchers risk having legal action taken against them if these plans go ahead.

Say no to DRM as a web standard

[Open Rights Group]