Re: Formal objections to Encrypted Media Extensions

Hi Harry,

We haven't chatted in a while. I hope to see you at TPAC. I'd love to talk to you one on one about this.

Regarding your proposal for disabling EME by default, I really don't see how the proposal solves any of the claimed DMCA vulnerabilities for either security researchers or for the general population of web users. Let's consider each case:

1. Security researchers: For security researchers, who are the group discussed in the citations, disabling EME by default would not seem to be useful for security researchers who are studying EME/DRM security issues. Security research of EME/DRMs would seem to always need EME and DRMs enabled, not disabled. How do you study EME, CDMs or DRMs if they're not there?

I'm not a lawyer, so I can't speak to the DMCA legal issues, but It seems that the claimed vulnerability under DMCA for security researchers comes only from the act of circumvention. Your cited EFF blog claims DMCA vulnerability to "researchers who circumvent DRM", not researchers who simply use a browser with EME. So disabling EME by default wouldn't affect security researcher DMCA vulnerability.

2. General web users: For regular users who are browsing the web, whether using sites with or without EME, there's no circumvention involved. So disabling EME by default would have no effect on general web user DMCA vulnerability, since there's no circumvention in either case.

So, I don't see how the proposal meets the stated goals for either security researchers or for general web users.

Regarding the W3C Priority of Constituencies, we would need to compare the population sizes of the affected groups and the impact that disabling EME by default would have. Disabling EME by default would clearly cause strong inconvenience and confusion to a vast population when many of the most popular websites that work fine today, suddenly stop working and sending users to find some option to set. Consumption of encrypted video makes up a large usage of the internet and the web in terms of both bandwidth and time spent. At the same time, as shown above, this option would offer no users any protection from DMCA, since it is irrelevant to circumvention. Adding a great inconvenience to vast numbers of end users in such a common usage of the web for no actual benefit would seem to go against the Priority of Constituencies.

Thanks,
mav

On Sep 6, 2016, at 11:16 PM, David Singer <singer@apple.com<mailto:singer@apple.com>> wrote:


On Sep 7, 2016, at 0:37 , Harry Halpin <hhalpin@w3.org<mailto:hhalpin@w3.org>> wrote:

Paul,

My change requested is a "substantive change", as it would effect conformance. The change is within charter, but adds more user protection given the controversy. However, has the EME Working Group officially considered this as a possibility?

I did not see much official discussion on either github, the mailing list, or the telecon.
I do not think that it is unreasonable and would allay (I hope) the large number of concerns that this can be met via this simple technical change that involves *no legal or policy questions be resolved*. I believe this earlier problem was the main reason the EFF covenant and Wendy's objection were overriden.

Mark Watson did not seem to think the proposal was unreasonable, but that it was a in principle difference over whether the UA or a user should be able to judge the security of a controversial feature. Given that users have this choice with regards Geolocation and other powerful features and given some of the UAs also have a business model in getting as many people to adopt DRM as possible (thus their work on EME at W3C), I think giving users the choice of opting-in to EME and DRM is common sense. I do strongly believe the web should take the interest of rights of users first. See the Priority of Constituencies document: https://www.w3.org/TR/html-design-principles/#priority-of-constituencies.  It is possible some users won't turn it on, in order to respects their rights we MUST allow them that choice given the level of legal uncertainty and security issues that EME raises.

David Singer thought there was not clear evidence that DRM and EME could cause 'user harm’.

No, I repeatedly asked you to substantiate your claim that it would or might. You have so far failed.

First, it does not appear the Working Group has thought through the possibility that clearKey, despite being ineffective, may be covered by the DMCA (I do not see an open github issue on this rather important matter).

And where is the possibility of user harm in this?

Second, the security research community believes this feature in browsers can cause 'user harm': https://www.eff.org/deeplinks/2016/06/call-security-community-w3cs-drm-must-be-investigated.


Have you linked the wrong article?  This is Cory’s argument that there is risk to security researchers.  ‘User harm’ does not appear in the article, indeed ‘harm’ does not, and ‘user’ only to refer to billions of them.

While I respect David's desire to know more about the details of user harm,

Evidence, or a reasonable argument. Not more, which implies you have documented some; any evidence of a possibility of ‘user harm’.

You’re asking the specs to insist something is done in order to mitigate user harm, but have yet to show what harm you’re trying to mitigate, so we have no idea whether the cure matches the problem (if there is a problem).

the many signatories of this web-page have produced ample work in this regard (as referenced from Wikipedia) and I'm sure some would be happy to discuss in more detail. It does set a precedent that in terms of user security and privacy that this Working Group is overriding the concerns not just of W3C's legal counsel, Wendy Seltzer, but also notable security researchers such as Bruce Schneier and Ron Rivest.

Now you’re mixing things up again. Please.


Thus, I would like the Working Group and the Chair to reconsider closing this issue. I'm happy to come to the next telecon to discuss if I am given a spot on the agenda. If not, I hope the Director takes this objection, which does require any legal discussions unlike Wendy or the EFF proposals, but is *purely technical*, into account and rules in its favour.

 cheers,
    harry




On 09/06/2016 08:26 PM, Paul Cotton wrote:
The HME WG has recently received several Formal Objections to EME progressing to Proposed Recommendation.

These recent formal objections are listed below:

a) ISSUE-288: "EME is not intended to be an interface to technical protection measures"
https://github.com/w3c/encrypted-media/issues/288

Author: Wendy Seltzer

b) ISSUE-304: Turn off EME by default and activate only with express permission from user
https://github.com/w3c/encrypted-media/issues/304

Author: Harry Halpin

c) ISSUE-305: Formal objection to Encrypted Media Extensions advancing to Proposed Recommendation
https://github.com/w3c/encrypted-media/issues/305

Author:  Ruben Rodriguez

Since these formal objections:
a)      cannot be satisfied without making “substantive changes” [1] to the EME specification or halting work on the specification entirely, and/or
b)     are identical to previous formal objections that the Director has chosen not to sustain, and/or
c)      there is no consensus within the HME WG for the required changes especially this late in the EME specification development,
in my role as HME WG Chair I am ruling that these issues should be closed with no action for EME V1.

Each of these Formal Objections will be added to the summary page of formal objections [1] and will be presented to the Director when he reviews a request to progress EME to Proposed Recommendation status.

FTR I responded with background earlier on the topic of EME formal objections in:
https://lists.w3.org/Archives/Public/public-html-media/2016Aug/0081.html

https://lists.w3.org/Archives/Public/public-html-media/2016Aug/0078.html


/paulc
HME WG Chair

[1] http://www.w3.org/2015/Process-20150901/#substantive-change

[2] https://dev.w3.org/html5/status/formal-objection-status.html


Paul Cotton, Microsoft Canada
17 Eleanor Drive, Ottawa, Ontario K2E 6A3
Tel: (425) 705-9596 Fax: (425) 936-7329




David Singer
Manager, Software Standards, Apple Inc.

Received on Wednesday, 7 September 2016 08:46:41 UTC