The Foundation Believes Encrypted Media Extension (EME) should not be published as a W3C Recommendation, and we are now making public the official objection submitted to the W3C by the Ethereum Foundation opposing EME’s recommendation.
As a member of the W3C, the Ethereum Foundation contributes to the standards-making process and votes on issues such as EME recommendations. Many developers and researchers at the Ethereum Foundation conduct security research and build software leveraging web technologies, and from that perspective we are not only against EME but also against Ethereum. Digital Rights Management (DRM) in general. Most, if not all, users of web browsers are affected by EME.
A direct result of EME’s success so far is that browser developers have already installed a potentially insecure DRM technology, since there is no option to disable it in major browsers. Although EME has only recently been approved as a recommended standard, closed-source DRM implementations exist in browsers. The same goes for open source browsers like Firefox.For several years.
As developers, researchers, and community members, we have already encountered unpleasant DRM implementations and believe that efforts should be made to prevent further adoption. That said, we believe that recommending EME as a standard is a step in the wrong direction. open weband does not match . W3C’s Core Values, Mission and Design Principles. The statement posted below explains why the Ethereum Foundation is opposed and why they believe the W3C should not continue to recommend EME as a W3C standard.
The following statement has been submitted to W3C. official opposition April 13, 2017. Please note that this has been edited for clarity and readability.
The Ethereum Foundation respectfully opposes publishing Encrypted Media Extensions (EME) as a recommendation and requests that this effort be halted.
The Ethereum Foundation aims to build a more accessible, freer, and more trustworthy Internet globally. We cannot work to fulfill our mission without opposing EME. If recommended by the W3C, EME, and Content Decryption Module (CDM) implementations, sanctions may reduce accessibility, curtail Internet freedom, undermine security research, and erode trust between users and developers in the larger Internet community. If encouraged, EME would violate many important aspects of the W3C’s own mission statement and design principles.
Problem: EME addresses use cases outside of the open web domain.
W3C has historically provided recommendations for open web platforms. However, the W3C’s specifications for this method of interaction, such as DRM, are unprecedented and raise concerns, especially since they support opaque and non-open technologies. What policies are in place to limit the expansion of W3C recommendations to the private web? Software that is outside the scope of the W3C mission and strongly opposed by a majority of W3C members should not be covered in a W3C Recommendation.
Problem: EME-specified DRM hinders legitimate use and results in little benefit.
We believe that the benefits to media owners from implementing DRM are not worth the limitations experienced by users. DRM doesn’t offer much in the way of impeding copyright infringement. It is unlikely that copyright infringers will be able to circumvent DRM if the media they want is widely available through alternative sources. While providing little copyright protection benefits, DRM denies users important features, such as expanding, commenting, annotating, and editing content for artistic reasons, or modifying content to make it accessible to people with disabilities. All of these uses, which are generally considered important in the W3C recommendation process, are blocked by DRM.
We believe that the W3C Recommendation should not specify the implementation or activation of software that blocks legitimate functions of users, even indirectly through EME.
Problem: EME doesn’t grow the web.
We believe that the long-term growth mentioned in W3C’s mission statement refers primarily to the potential for the Web to be used in new and unexpected ways. EME’s contribution to growth is non-scalable, non-interoperable, only benefits non-public web content, and has little impact on network effects. Therefore, if EME becomes a recommendation, the W3C’s growth mission will not be fulfilled.
Problem: EME reduces security.
Maintaining a secure and open web requires security researchers to be able to work on both technical and legal aspects. By formally making a recommendation, the W3C forces security researchers to perform a security analysis of every major implementation of that recommendation. Therefore, while W3C encourages EME, it exposes legitimate security researchers in the community to potential legal liability and even prosecution in the United States.
We understand and appreciate the sincere efforts of our members. HTML Media Extensions Working Group Addresses exposure for security researchers. However, no agreement was reached on the agenda. Electronic Frontier Foundation (EFF) proposed an agreement under which W3C members and their affiliates would agree to “non-aggression” with respect to taking 17 USC § 1203 actions against security researchers.
Rather, now is the time for the W3C to take a stronger stance in defense of legitimate security research at a time when Internet users around the world feel less safe and less protected than ever.
Problem: EME limits the Web to following certain existing business models rather than enabling new forms of interaction.
The result of implementing DRM in web browsers will essentially standardize currently proprietary systems and their associated ways of interacting with users and selling media. EME will inhibit potential models of a future decentralized web where blockchain and decentralized technologies enable new business models and property rights management.
By encouraging EME, the W3C is encouraging browser vendors to install software that lacks transparency and disclosure to users. This goes against the tradition of the open web and what many hope the next generation of technology will bring.
W3C must follow its mission, design principles, and values.
The W3C’s recommendation makes a lot of sense. Therefore, we believe that organizations should not specify or guide technologies such as DRM that are inconsistent with W3C’s core values expressed in its Mission and Design Principles. This is especially true when the technology in question compromises security, limits legitimate uses, and offers little in the way of potential. We’re expanding the web.