- From: Andreas Kuckartz <A.Kuckartz@ping.de>
- Date: 9 Jun 2013 06:17:08 +0200
- To: "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>
I wrote: > I would like to add another reason why the W3C should not endorse EME. > > As we all know EME depends on "Content Decryption Modules". These are > binary executables. The source code of those executables in practice > will not be made available to users. They can not verify what the > executables are doing. > > It is now known that the U.S. government is involved in large-scale > surveillance directed against the world population (PRISM). It is also > widely assumed that this surveillance is supported by two of the three > companies which are proposing EME (Google and Microsoft). Those > companies have issued "denials", but the formulations used in these > denials are very suspicius. > > It is also known that the same government has distributed malware (such > as Stuxnet) to foreign users. I also would like to point to an old but very interesting mail correspondence involving someone from Microsoft on _NSAKEY from April/May 2000: http://cryptome.org/nsakey-ms-dc.htm The Wikipedia page provides no newer information: http://en.wikipedia.org/wiki/NSAKEY > This all taken together implies a significant danger that the CDM > binaries will not only enable "silent monitoring" (Google Widevine) > on behalf of media companies but that surveillance malware will be > added on behalf of the U.S. government. The persons involved likely > would be gagged by a gag order. > > It is unacceptable for an Open Standards body to take part in this by > endorsing EME. Cheers, Andreas
Received on Sunday, 9 June 2013 04:23:31 UTC