A potential compromise on EME?

I would like to propose a compromise on the issue of EME going forward
that I think might make both sides, so to speak, a bit sad and a bit
happy at the same time:

The idea would be to adopt a covenant, but make it very narrow.

That is, we would essentially limit the scope of a litigation
non-aggression covenant to specifically cover privacy and security
researchers examining implementations of w3c specifications for
privacy and security flaws. For example, the batteryStatus research
from Lukasz and Arvidn (and subsequent pulling of that feature from
browsers) is a good example of the kind of work we want to make sure
researchers know they will face little risk working on:
http://randomwalker.info/publications/battery-status-case-study.pdf )

Since there were so many objections (23 I believe), the Director has a
firm basis for saying that  there is definitely substantial support
for a covenant here, but by limiting the scope of the covenant to a
very narrow set of activities related to discovering privacy and
security flaws in implementations of w3c specifications, the covenant
will be less open-ended to those opposed to the covenant and gets to
the heart of a core concern of the supporters (security research
protections).

This may be a crazy idea, but I think it could actually move things
forward (it is a typical CDT answer: everyone will be a little upset,
rather than some people being very very upset and some not at all).

I'd of course welcome thoughts as this strikes me as a very unusual
place for w3c members and w3m to be in.

Cheers, Joe

-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

Received on Wednesday, 28 June 2017 21:51:27 UTC