Tuesday 19 September 2017

W3C makes idiotic decision, EFF resigns

This is terrible news. The World Wide Web Consortium (W3C) is the organisation that controls open standards for the web. It's mission has always been to protect the interests of ordinary web users as well as the corporate members of the W3C.  Today it abandoned the principle of empowering web users in favour of bowing to the pressure of corporate members acting in their own interests. The web is set to become a worse place because of this.

As Cory Doctorow writes at Boing Boing:
In July, the Director of the World Wide Web Consortium overruled dozens of members' objections to publishing a DRM standard [for video] without a compromise to protect accessibility, security research, archiving, and competition.
As a direct result, the Electronic Frontier Foundation (EFF) has resigned from the consortium. This is also very bad news indeed. The EFF has consistently had our collective interests at heart since its formation in 1990. Without their presence at the table, who knows what further havoc the W3C will wreak.

DRM (Digital Rights Management) is some electronic means by which content publishers can protect their content from being pirated. This would be perfectly acceptable - no reasonable person wishes to deprive artists or software writers of their rightful income - if it weren't for the fact that the model is deeply flawed.  DRM usually means that we don't, in fact, own the movie or the music or the software we just bought. We own a license to use that content, a license which can be taken away from us by the company if they don't like what we're doing with it.

This means that companies can prevent us from lending music or books to other people. They can stop us moving content to different media so we can back it up or play it in different circumstances (on our phones, from a CD, etc) It means they can summarily cut access to our content or stop our computers from working if they decide we've violated their terms and conditions. It means that they can stop us from using third-party ink in our printers because they want us to buy the more expensive kind from them. And it means they can artificially inflate the price of that ink in the knowledge that we'll have to pay.

In these days of the Internet of Shit Things, where all manner of devices in our lives - from light bulbs to cars - are internet connected, this is especially troubling. If manufacturers can turn off our cars if they think we're voiding the warranty or can tie us into mandatory deals with 'approved' insurance companies (who might also be able to turn off the car if they don't like the way we're driving or the places we're driving to) then we're pretty much fucked.

This is not an outlandish scenario. Some vehicle manufacturers already make it virtually impossible for a third party (or the owner) to service and fix their own vehicles because DRM prevents access to diagnostic tools.  This is made worse by bewilderingly terrible laws around the world which make it illegal to disrupt or bypass DRM.  For example, the Digital Millennium Copyright Act in the US makes bypassing DRM a federal offense. Modifying the software on a John Deere tractor in the US, for example, so that you can diagnose and fix a problem, can land you a five year prison sentence.

Not only do you not own your music and books, you don't own your car, tractor or many of the other things you think you own. They can be taken away from you on a whim and there's not a great deal you can do about it.

Adopting DRM as a web standard is especially troubling. It means that browsers get to decide how you can use content based on the arbitrary whim of the consortia providing that content. This has dire implications in a number of important areas:

  • Security researchers might not be permitted to break DRM to investigate whether products are safe. Users won't know whether the services they're using are secure and companies will likely be disincentiveised from ensuring their products are safe.
  • Archiving of important content will be impossible (without breaking DRM which is illegal in some countries and very likely to become so in many more very soon). The grief of losing a great work of art because of the selfish interest of the rights owner is tragic. The outrage of losing documentaries of atrocities and the true version of history is an abomination. That governments will seek to do so if they have the means is simply a given.
  • Accessibility will be compromised. For example, subtitling of videos is essential to those with hearing difficulties. 300 hours of video are uploaded to YouTube every minute. Automatic subtitling is the only way to cope with this volume and that would involve breaking DRM.
  • The big media and software companies reached their position through innovation: they provided new platforms that circumvented established companies who would otherwise have been their competitors. Adopting DRM as a web standard will prevent new companies from doing the same thing, stifling competition.
Read the article for more details, but I quote the EFF's letter of resignation from the W3C in full below. I have a feeling that the EFF won't mind.

The W3C's decision is due to pressure from its big consortium members. It has allowed the interests of a small number of rich people to run rough-shod over the interests of billions of internet users. This is the exact opposite of the freedoms it was established to protect. It wouldn't surprise me if its founder and current director, Tim Berners-Lee, found himself being appointed to the board of various member consortia in the near future. The most disappointing part of all this is that the W3C doesn't seem to understand (or understands but doesn't care) that it holds the power. What are the powerful consortium members going to do? Build a new web?

The EFF's campaign against DRM as a web standard has been exploratory. It has suggested compromises which would have given the pro-DRM everything they want (or at least, everything they claim to want) while protecting the rights of users.

Cory Doctorow again:
EFF appealed the decision, the first-ever appeal in W3C history, which concluded last week with a deeply divided membership. 58.4% of the group voted to go on with publication, and the W3C did so today, an unprecedented move in a body that has always operated on consensus and compromise. In their public statements about the standard, the W3C executive repeatedly said that they didn't think the DRM advocates would be willing to compromise, and in the absence of such willingness, the exec have given them everything they demanded.
They "didn't think" the pro-DRM partners would be willing to compromise so instead of forcing them to compromise or taking the motion off the table entirely, they decided to screw us all.

Here's the EFF's resignation letter:

Dear Jeff, Tim, and colleagues, 
In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing “Encrypted Media Extensions,” an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem. By doing so, the organization offered the use of its patent pool, its staff support, and its moral authority to the idea that browsers can and should be designed to cede control over key aspects from users to remote parties.
When it became clear, following our formal objection, that the W3C's largest corporate members and leadership were wedded to this project despite strong discontent from within the W3C membership and staff, their most important partners, and othersupporters of the open Web, we proposed a compromise. We agreed to stand down regarding the EME standard, provided that the W3C extend its existing IPR policies to deter members from using DRM laws in connection with the EME (such as Section 1201 of the US Digital Millennium Copyright Act or European national implementations of Article 6 of the EUCD) except in combination with another cause of action.
This covenant would allow the W3C's large corporate members to enforce their copyrights. Indeed, it kept intact every legal right to which entertainment companies, DRM vendors, and their business partners can otherwise lay claim. The compromise merely restricted their ability to use the W3C's DRM to shut down legitimate activities, like research and modifications, that required circumvention of DRM. It would signal to the world that the W3C wanted to make a difference in how DRM was enforced: that it would use its authority to draw a line between the acceptability of DRM as an optional technology, as opposed to an excuse to undermine legitimate research and innovation.
More directly, such a covenant would have helped protect the key stakeholders, present and future, who both depend on the openness of the Web, and who actively work to protect its safety and universality. It would offer some legal clarity for those who bypass DRM to engage in security research to find defects that would endanger billions of web users; or who automate the creation of enhanced, accessible video for people with disabilities; or who archive the Web for posterity. It would help protect new market entrants intent on creating competitive, innovative products, unimagined by the vendors locking down web video.
Despite the support of W3C members from many sectors, the leadership of the W3C rejected this compromise. The W3C leadership countered with proposals — like the chartering of a nonbinding discussion group on the policy questions that was not scheduled to report in until long after the EME ship had sailed — that would have still left researchers, governments, archives, security experts unprotected.
The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew — and the large corporate members continued to reject any meaningful compromise — the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate.  In essence, a core of EME proponents was able to impose its will on the Consortium, over the wishes of a sizeable group of objectors — and every person who uses the web. The Director decided to personally override every single objection raised by the members, articulating several benefits that EME offered over the DRM that HTML5 had made impossible.
But those very benefits (such as improvements to accessibility and privacy) depend on the public being able to exercise rights they lose under DRM law — which meant that without the compromise the Director was overriding, none of those benefits could be realized, either. That rejection prompted the first appeal against the Director in W3C history. 
In our campaigning on this issue, we have spoken to many, many members' representatives who privately confided their belief that the EME was a terrible idea (generally they used stronger language) and their sincere desire that their employer wasn't on the wrong side of this issue. This is unsurprising. You have to search long and hard to find an independent technologist who believes that DRM is possible, let alone a good idea. Yet, somewhere along the way, the business values of those outside the web got important enough, and the values of technologists who built it got disposable enough, that even the wise elders who make our standards voted for something they know to be a fool's errand. 
We believe they will regret that choice. Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. They give media companies the power to sue or intimidate away those who might re-purpose video for people with disabilities. They side against the archivists who are scrambling to preserve the public record of our era. The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they’ll be able to ensure no one ever subjects them to the same innovative pressures.
So we'll keep fighting to fight to keep the web free and open. We'll keep suing the US government to overturn the laws that make DRM so toxic, and we'll keep bringing that fight to the world's legislatures that are being misled by the US Trade Representative to instigate local equivalents to America's legal mistakes.
We will renew our work to battle the media companies that fail to adapt videos for accessibility purposes, even though the W3C squandered the perfect moment to exact a promise to protect those who are doing that work for them.
We will defend those who are put in harm's way for blowing the whistle on defects in EME implementations. 
It is a tragedy that we will be doing that without our friends at the W3C, and with the world believing that the pioneers and creators of the web no longer care about these matters. 
Effective today, EFF is resigning from the W3C. 
Thank you,
Cory Doctorow
Advisory Committee Representative to the W3C for the Electronic Frontier Foundation


No comments:

Post a Comment