W3C Encrypted Media Extensions Standard Development Tangles With EFF Proposal
The Electronic Frontier Foundation and other World Wide Web Consortium interests differed about the state of support among W3C stakeholders for an EFF-proposed covenant that would obligate all W3C stakeholders not to file or join a lawsuit against entities under the Digital Millennium Copyright Act (DMCA) and similar laws for circumventing technological protection measures (TPMs) for security research purposes, they told us. EFF said it's “cautiously optimistic” it made headway during a Sunday-Tuesday W3C Advisory Committee meeting in Cambridge, Massachusetts, in convincing other stakeholders to support adoption of the covenant. Another party said support for the covenant remains minimal.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
EFF has repeatedly objected to the W3C HTML Media Extensions Working Group’s development of a standardized application programming interface (API) for encrypted media extensions (EME) on the grounds that it would formally standardize use of digital rights management (DRM) software on the Internet, said International Director Danny O’Brien, EFF’s W3C representative. EFF’s “non-aggression” covenant “isn’t a perfect solution but it’s an important first step,” he said. EFF proposed the covenant in late 2015 as a condition for rechartering the working group’s EME API development process, which is currently up for an extension, O’Brien said. W3C Executive Director Tim Berners-Lee is likely to extend rechartering negotiations, O’Brien said. A W3C spokeswoman confirmed the working group’s current charter expires March 31. She didn’t comment on the rechartering process because of W3C confidentiality rules.
The HTML Media Extensions Working Group began working on the EME API in 2013 in a bid to create an interoperable open standard to enable communication between Web browsers and DRM software and allow HTML5 playback of streaming video and other DRM-protected content without the need for third-party plug-ins, the W3C spokeswoman said. W3C and industry stakeholders have disputed EFF’s claims about EME API development. EME isn't required to play HTML5 video and development of the EME API doesn’t further standardize DRM, W3C said in a fact sheet. Many plug-ins have long supported DRM online, and major Web browsers like Firefox and Google Chrome, along with Apple and Microsoft-developed browsers, already support EME standards, W3C said.
O’Brien and others declined to discuss specifics of discussions during the W3C Advisory Committee meeting due to W3C confidentiality rules. Some indicated the meeting didn’t resolve whether the proposal would move forward. EFF is “clearly very vocal but based on what I saw at the meeting, there wasn’t a lot of support” for the covenant, said a stakeholder opposed to the EFF proposal. O’Brien said he believes he made progress during the meeting in arguing for the covenant, saying W3C members were aware of a Free Software Foundation-led protest outside W3C’s Cambridge headquarters during the meeting, seeking adoption of the covenant. O’Brien spoke to the protesters.
Some W3C members are opposed to EFF’s proposal because W3C isn’t a policymaking organization equipped to address the concerns EFF raises with the DMCA and other anti-circumvention laws, a stakeholder said. Congress and the Copyright Office are both better suited to address EFF concerns about barriers to security research via ongoing reviews of issues related to DMCA’s Section 1201 anti-circumvention rules, the stakeholder said. The CO is studying Section 1201 issues, including its current triennial rulemaking process for evaluating exemptions to Section 1201’s anti-circumvention rules (see 1512280030). The Library of Congress adopted 10 Section 1201 exemptions that the CO recommended at the end of its latest triennial review in October, including an exemption for “good-faith” security research involving implanted medical devices, vehicles, voting machines and other individual consumer products as long as circumvention doesn't violate the Computer Fraud and Abuse Act (see 1510270056).
Some are opposed to the EFF proposal because it would restrict their ability to enforce copyrights under the DMCA, the stakeholder said. “What they’re asking people to do is not to use” laws like DMCA “to sue people” who circumvent TPMs, the stakeholder said: “I’m not too sure there’s a lot of support” among lawyers for the stakeholders “to give up that right.” The W3C won’t comment specifically on the proposal, but it’s not a policymaking organization, the spokeswoman said. The W3C will continue to listen to EFF’s concerns but believes a viable long-term solution on TPM circumvention issues is more under the purview of Congress and CO, she said.
EFF is likely to continue promoting the covenant as a way of protecting security researchers against lawsuits under the DMCA, though EFF is also concerned about interoperability issues raised by the EME API, O’Brien said. Explaining how the EME API might amplify the risk that security researchers face under the DMCA “is a pretty clear argument, while interoperability issues” tend to be more difficult to understand despite such issues being closer to W3C’s traditional technical remit, O’Brien said. “The last thing that even the strongest DRM supporters want is for EME to be associated with a threat to security research.” Opponents of the EFF proposal “don’t disagree that security research is important, but we just don’t believe that W3C is the venue” for addressing flaws in existing anti-circumvention rules, a stakeholder said. EFF’s opposition to the EME API “is not about security research” but about overall opposition to DRM, the stakeholder said.