[Bug 20965] EME results in a loss of control over security and privacy.

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20965

--- Comment #31 from Andreas Kuckartz <a.kuckartz@ping.de> ---
[Copied from a mail I sent to the W3C Restricted Media CG mailing list using
the subject "PRISM and EME":]

I would like to add another reason why the W3C should not endorse EME.

As we all know EME depends on "Content Decryption Modules". These are
binary executables. The source code of those executables in practice
will not be made available to users. They can not verify what the
executables are doing.

It is now known that the U.S. government is involved in large-scale
surveillance directed against the world population (PRISM). It is also
widely assumed that this surveillance is supported by two of the three
companies which are proposing EME (Google and Microsoft). Those
companies have issued "denials", but the formulations used in these
denials are very suspicius.

It is also known that the same government has distributed malware (such
as Stuxnet) to foreign users.

This all taken together implies a significant danger that the CDM
binaries will not only enable "silent monitoring" (Google Widevine) on
behalf of media companies but that surveillance malware will be added on
behalf of the U.S. government. The persons involved likely would be
gagged by a gag order.

It is unacceptable for an Open Standards body to take part in this by
endorsing EME.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 7 June 2013 19:56:04 UTC