W3C home > Mailing lists > Public > public-html-media@w3.org > July 2017

Notice to the W3C of EFF's appeal of the Director's decision on EME

From: Cory Doctorow <cory@eff.org>
Date: Wed, 12 Jul 2017 09:22:15 -0700
To: "'public-html-media@w3.org'" <public-html-media@w3.org>
Message-ID: <d69a1ecd-5e7d-9a3c-471d-b6544b080be5@eff.org>
Dear Tim, Jeff, and W3C colleagues

On behalf of the Electronic Frontier Foundation, I would like to 
formally submit our request for an appeal of the Director's decision to 
publish Encrypted Media Extensions as a W3C Recommendation, announced on 
6 July 2017.

The grounds for this appeal are that the question of a covenant to 
protect the activities that made DRM standardization a fit area for W3C 
activities was never put to the W3C membership. In the absence of a call 
for consensus on a covenant, it was improper for the Director to 
overrule the widespread members' objections and declare EME fit to be 
published as a W3C Recommendation.

The announcement of the Director's decision enumerated three ways in 
which DRM standardization through the W3C -- even without a covenant -- 
was allegedly preferable to allowing DRM to proceed through informal 
industry agreements: the W3C's DRM standard was said to be superior in 
its accessibility, its respect of user privacy, and its ability to level 
the playing field for new entrants to the market.

However, in the absence of a covenant, none of these benefits can be 
realized. That is because laws like the implementations of Article 6 of 
the EUCD, Section 1201 of the US Digital Millennium Copyright Act, and 
Canada's Bill C-11 prohibit otherwise lawful activity when it requires 
bypassing a DRM system.

1. The enhanced privacy protection of a sandbox is only as good as the 
sandbox, so we need to be able to audit the sandbox.

The privacy-protecting constraints the sandbox imposes on code only work 
if the constraints can't be bypassed by malicious or defective software. 
Because security is a process, not a product and because there is no 
security through obscurity, the claimed benefits of EME's sandbox 
require continuous, independent verification in the form of adversarial 
peer review by outside parties who do not face liability when they 
reveal defects in members' products.

This is the norm with every W3C recommendation: that security 
researchers are empowered to tell the truth about defects in 
implementations of our standards. EME is unique among all W3C standards 
past and present in that DRM laws confer upon W3C members the power to 
silence security researchers.

EME is said to be respecting of user privacy on the basis of the 
integrity of its sandboxes. A covenant is absolutely essential to 
ensuring that integrity.

2. The accessibility considerations of EME omits any consideration of 
the automated generation of accessibility metadata, and without this, 
EME's accessibility benefits are constrained to the detriment of people 
with disabilities.

It's true that EME goes further than other DRM systems in making space 
available for the addition of metadata that helps people with 
disabilities use video. However, as EME is intended to restrict the 
usage and playback of video at web-scale, we must also ask ourselves how 
metadata that fills that available space will be generated.

For example, EME's metadata channels could be used to embed warnings 
about upcoming strobe effects in video, which may trigger photosensitive 
epileptic seizures. Applying such a filter to (say) the entire corpus of 
videos available to Netflix subscribers who rely on EME to watch their 
movies would safeguard people with epilepsy from risks ranging from 
discomfort to severe physical harm.

There is no practical way in which a group of people concerned for those 
with photosensitive epilepsy could screen all those Netflix videos and 
annotate them with strobe warnings, or generate them on the fly as video 
is streamed. By contrast, such a feat could be accomplished with a 
trivial amount of code. For this code to act on EME-locked videos, EME's 
restrictions would have to be bypassed.

It is legal to perform this kind of automated accessibility analysis on 
all the other media and transports that the W3C has ever standardized. 
Thus the traditional scope of accessibility compliance in a W3C standard 
-- "is there somewhere to put the accessibility data when you have it?" 
-- is insufficient here. We must also ask, "Has W3C taken steps to 
ensure that the generation of accessibility data is not imperiled by its 
standard?"

There are many kinds of accessibility metadata that could be applied to 
EME-restricted videos: subtitles, descriptive tracks, translations. The 
demand for, and utility of, such data far outstrips our whole species' 
ability to generate it by hand. Even if we all labored for all our days 
to annotate the videos EME restricts, we would but scratch the surface.

However, in the presence of a covenant, software can do this repetitive 
work for us, without much expense or effort.

3. The benefits of interoperability can only be realized if implementers 
are shielded from liability for legitimate activities.

EME only works to render video with the addition of a nonstandard, 
proprietary component called a Content Decryption Module (CDM). CDM 
licenses are only available to those who promise not to engage in lawful 
conduct that incumbents in the market dislike.

For a new market entrant to be competitive, it generally has to offer a 
new kind of product or service, a novel offering that overcomes the 
natural disadvantages that come from being an unknown upstart. For 
example, Apple was able to enter the music industry by engaging in 
lawful activity that other members of the industry had foresworn. 
Likewise Netflix still routinely engages in conduct (mailing out DVDs) 
that DRM advocates deplore, but are powerless to stop, because it is 
lawful. The entire cable industry -- including Comcast -- owes its 
existence to the willingness of new market entrants to break with the 
existing boundaries of "polite behavior."

EME's existence turns on the assertion that premium video playback is 
essential to the success of any web player. It follows that new players 
will need premium video playback to succeed -- but new players have 
never successfully entered a market by advertising a product that is 
"just like the ones everyone else has, but from someone you've never 
heard of."

The W3C should not make standards that empower participants to break 
interoperability. By doing so, EME violates the norm set by every other 
W3C standard, past and present.

Through this appeal, we ask that the membership be formally polled on 
this question: "Should a covenant protecting EME's users and 
investigators against anti-circumvention regulation be negotiated before 
EME is made a Recommendation?"

Thank you. We look forward to your guidance on how to proceed with this 
appeal.
Received on Wednesday, 12 July 2017 16:22:48 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 12 July 2017 16:22:49 UTC