Skip to main content

Electronic Frontier Foundation appeals web consortium’s DRM standards

digital rights management
Image used with permission by copyright holder
Last week, the World Wide Web Consortium (W3C) decided to officially recommend the use of Encrypted Media Extensions (EME) for protecting copyrighted video on the internet. This will enable web surfers to watch media in a browser that requires Digital Rights Management copy protection without the need for browser-based plugins.

“It moves the responsibility for interaction from plugins to the browser,” the consortium states. “As such, EME offers a better user experience, bringing greater interoperability, privacy, security, and accessibility to viewing encrypted video on the web.”

The W3C is an international organization that enforces standards for the internet. It develops protocols and guidelines to bring balance to the World Wide Web, and to reach the full potential of the latest technologies. Its stated mission is to push for a safe, open platform that can be used on all hardware scattered across the globe.

The W3C first introduced EME in 2013 as a specification for linking a web browser to a web-based software module that handles Digital Rights Management. It doesn’t include a specific type of content control, but instead provides means for web developers to insert scripts into web pages that can select the appropriate content management mechanism. Scripts can also control license and key exchanges between the browser and the protected content’s host server.

“It supports a wide range of use cases without requiring client-side modifications in each user agent for each use case,” the W3C states. “This enables content providers to develop a single application solution for all devices.”

Digital Rights Management is a necessary component for all consumable media. For instance, it thwarts the process of recording copyrighted video and selling the content for profit. Software developers use DRM to authorize the installation of their products on PCs, such as Microsoft’s Genuine Windows initiative. But Digital Rights Management can be problematic, eating up unnecessary resources and causing software-related issues.

Adding to that, browser-based plugins have proven to be insecure. That is the big push behind HTML5: to move content management, playback control, games, video conferencing, and more into the internet itself so that hackers don’t have a specific software-based target. It eliminates the need for Microsoft’s Silverlight and Adobe Flash, the latter of which has proven to be a highly attractive attack vector for hackers.

However, the W3C’s recommendation of the EME standard doesn’t come without criticism. The Electronic Frontier Foundation said last week that the standard has “no safeguards whatsoever for accessibility, security research or competition.” Even more, the standard enables content providers to control how web surfers will watch video in their browsers by enforcing specific “rules.”

Of course, the Electronic Frontier Foundation specifically states that it doesn’t support Digital Rights Management because it gives content owners the right to treat PC owners “as an adversary to be controlled.”

On Wednesday, the EFF decided to formally appeal the W3C recommendation, Ars Technica reports, a process that has not yet been successfully utilized in changing a W3C decision. Cory Doctorow, who represents the EFF on the W3C Advisory Committee, outlined the appeal as such:

“1. That the supposed benefits of standardizing DRM at the W3C can’t be realized unless there [are] protections for people who engage in lawful activity that DRM gets in the way of; and

2. That the W3C’s membership were never polled on whether they wished to institute such protections as part of the W3C’s DRM standardization project.”

But even within the W3C itself, turmoil surrounds the EME, including the argument that it provides inadequate protection for end users. Regardless, the EME standard is now an official recommendation based on a decision made by W3C Director Tim Berners-Lee and time will tell if the EFF appeal manages to achieve a first in the W3C’s history.

Updated: Noted that the EFF has officially appealed the W3C recommendation.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more