W3C's Encrypted Media Extensions Standard Development Seen Advancing Despite Objections
The World Wide Web Consortium (W3C) appears to be in the final stages of its work on development of a standardized application programming interface (API) for encrypted media extensions (EME), several W3C participants told us. W3C began work on the EME API in 2013 in a bid to create an interoperable open standard to enable communication between web browsers and digital rights management (DRM) software and allow HTML5 playback of streaming video and other DRM-protected content without the need for third-party plug-ins.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
W3C's process appears likely to wrap up in the coming months despite ongoing objections from the Electronic Frontier Foundation and others that believe a W3C recommendation on EME would formally standardize use of DRM software on the internet, stakeholders said. Supporters and critics of W3C's EME work have clashed repeatedly since the EME work began, resulting in a 2016 charter extension for the HTML Media Extensions Working Group, which led development of the recommendations (see 1603240055).
W3C now anticipates it will complete its EME work the first week of May, in line with the current April 30 expiration of the HME Working Group's charter, a spokeswoman said. W3C Executive Director Tim Berners-Lee appeared to give that process a significant boost last week, saying in a blog post he believes the “logical answer” is to move forward with the EME standard because it will improve interoperability and online privacy. Advancing the EME standard also makes sense because W3C “does not have any power to forbid” stakeholders from using it, Berners-Lee said.
W3C “is a place for people to talk, and forge consensus over great new technology for the web,” Berners-Lee said. “Yes, there is an argument made that in any case, W3C should just stand up against DRM, but we, like [King] Canute, understand our power is limited.” A W3C spokeswoman confirmed that Berners-Lee intends to “endorse the EME work,” but the process “is ongoing and the timeline is still several weeks out.”
EFF believes Berners-Lee's stated intention to endorse the EME work “is really uncharted territory” since W3C has a “normal” standardization process in which the W3C Advisory Committee takes a member poll to inform the executive director's decision before he can announce it, said Special Adviser Cory Doctorow, EFF's W3C representative. The advisory committee plans to do the member poll between mid-March and mid-April as part of W3C's “internal review” of the recommendations, the W3C spokeswoman said.
Doctorow said he believes 40-50 W3C members are prepared to vote “against any further progress for EME without protections for legitimate reasons for bypassing DRM,” Doctorow said. Those members include public interest groups, virtual currency entities, research institutions and advocates for the visually impaired, Doctorow said. That number isn't a majority because W3C has 446 members, but “a small fraction of them vote” in any given poll, he said. Doctorow said the number of entities voting against EME has increased over the course of three successive W3C polls.
W3C published a set of best practices last week that can be a template for entities to use to protect security and privacy researchers' work to identify a particular platform's EME-related flaws based on Netflix's Responsible Vulnerability Disclosure program. The best practices don't mandate protections for researchers but “tell them when and how they're allowed to talk about these true facts that have enormous salience” to users, Doctorow said. Major corporations may be in favor of W3C endorsing EME as is, but smaller entities have the right to be heard given W3C's reputation as a consensus-based body, he said.
Other W3C members told us they believe it's appropriate for W3C to move ahead on EME given the publication of the security research protection best practices. The security research protection issue has been a significant problem with W3C's EME work but the best practices “seem to be the best result we're going to get” for researchers given the lack of an alternative model that stakeholders can agree on, one W3C member said. “Nothing about this compromise is perfect,” but the delays in W3C's work on EME made the best practices' publication “inevitable,” another W3C member said. The consortium's members were “at what I believe was an impasse” that required action, the member said.