It's happening! It's happening! W3C erects DRM as web standard

The World Wide Web Consortium has formally put forward highly controversial digital rights management as a new web standard.

Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time. The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams.

The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members.

That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out.

The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improved online privacy.

But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection.

The W3C has also received three formal objections:

• It does not provide adequate protection for users
• It will be hard to include in free software
• It doesn't legally protect security researchers

The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure."

It also notes that some of the issues of accessibility that were raised were actually outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

It has been a long and winding road getting to the point where the W3C has formally proposed a standard that allows controls to be placed on content – something that many internet engineers remain philosophically opposed to. But despite the lengthy efforts to address a plethora of concerns, the formal notice still goes out of its way to note that "publication as a Proposed Recommendation does not imply endorsement by the W3C membership."

There is little opportunity for those bitterly opposed to the measure to stir up a grassroots campaign against the spec, due to the entry barriers for W3C membership and the fact that only members can vote on approval.

It is that barrier – created to make the W3C financially sustainable – that some feel is pushing the organization down a path too closely aligned with corporate interests rather than the will of internet engineers. ®