World Wide Web Consortium and Digital Rights Management: Innovating Stagnation
The history of “Digital Rights Management” software while relatively new, has been quite controversial. Oftentimes advocates of online privacy and security argue about the possibilities of abuse stemming from such DRM technologies, along with activists and proponents of the “open source” initiatives. These supporters of openness are constantly trading blows with advocates of corporate ownership and copyright protection. Both of these sides seem to have valid reasons for their arguments, however after a closer inspection one can easily distinguish the underlying motivations of the two groups and make a decision as to who might be in the right.
What Is DRM?
Digital Rights Management (DRM), “is a collective term for tools whose purpose is to enable owners of copyright works to control their use” (Clarke 1), additionally Mulholland (3) describes DRM as a series of systems that are deployed in order to protect Intellectual Property. This Is were the first counter argument is found, generally in the works of open(free) software researchers and activists. Richard Stallman on the other side argues that DRM is not used to “manage rights” but to restrict them (88). Seeing things from the side of the consumer he argues that DRM should be in fact called “Digital Restrictions Management”, since it is restricting the users control over their machines and their content while also providing countless opportunities for abuse by corporations and lawmakers (Stallman 131).
What is EME?
As of 18th of September 2017 the World Wide Web Consortium, better known as “W3C”, has officially released “Encrypted Media Extensions” (EME) as a standard recommendation, thus effectively standardizing the creation of browser extensions that could be used control access to specific forms of media. However, there are certain well structured and long standing arguments against the implementation of such technologies, especially when it comes to their use as web browser plug-ins.
What is the W3C?
The world Wide Web Consortium (W3C) according the their website is “an international community where Member organizations, a full-time staff, and the public work together to develop Web standards”. Standards like the current HTML 5 are used in the creation of most, if not all current websites and were created by the W3C and their collaborators. In the case of the “Encrypted Media Extensions” (EME), the research and creation of the web standard was spearheaded by corporations like Microsoft, Google and Netflixi (According to the official document released by the W3C detailing the research and creation of the proposed EME the necessary work was conducted by David Dorwin from Google Inc. Jerry Smith from Microsoft Corporation, Mark Watson from Netflix Inc and Adrian Bateman from Microsoft Corporation), with this initiative beginning back in 2013. Consequently the fact that the current EME standard was created by representatives from the aforementioned corporations testifies as a good example of corporate control over the current DRM rhetoric within W3C. Indeed Clarke (3) seems to have predicted the permeation of corporate interests into the main body of W3C back in 2001. Clarke claimed that the current political trajectory of “economic rationalism” could lead to corporations actively trying to “subjugate consumers” (3).
What are some of the main arguments surrounding the standardization of EME?
Specifically W3C argues in their description of EME about the levels of security and privacy that this API can give to users:
“The EME specification has been developed with a focus on the security and privacy of the user. Compared to previous methods of viewing encrypted video on the Web, EME has the benefit that all interactions happen within the browser. EME moves the responsibility for interaction with encrypted video from plugins to the browser, which acts as a true user agent”, (Le Hégaret 1)
On the opposite site of the argument Cory Doctorow, of the Electronic Frontier Foundation, in an open letter directed at the members of the W3C argues that EME act with the exact opposite function. In fact he argues that EME is a danger to both the privacy and the security of the user. Doctorow argues that, “those very benefits (such as improvements to accessibility and privacy) depend on the public being able to exercise rights they lose under DRM law — which meant that without the compromise the Director was overriding, none of those benefits could be realized, either”. He also argues that by not including any protection against security specialists breaking the DRM in order to discover security issues, EME becomes less secure, since every attempt to break their code (ever for security research) is now illegal. In addition to that, according to the EME specifications there is no provision protecting security researchers cracking and accessing the application’s code for security reasons (Doctorow). Therefore any attempt by specialists to identify potential vulnerabilities within the plugins is deemed as illegal. This opens a potential “Pandora’s box” for exploitation of the various vulnerabilities that unavoidably come with every new technology.
In addition to the current discussion surrounding the very recent creation (suggested in 2013 standardized in 2017) of EME by the W3C, there have been several other arguments against the creation and implementation of DRM systems in general. To fully gasp the significance of the recent events, one must take a look at the political, social and economic context that surrounds the creation of such systems.
Adding to Doctorow’s critique against DRM systems are the various privacy and security issues arising from the use of such technologies. For example Poorvi, Reynolds, and Dickinson underline the many ethical and political issues originating from the extensive recording and profiling of personal information that DRM technologies require in order to function, as well as the various issues stemming from the accumulation of such information by corporate interest groups(1). One example of the dangers hidden behind this massive accumulation of personally identifiable information are the recent Equifax leaks that had the personal information of millions leaked on the web, thus underlining the corporate responsibility issuing from such occurrences.
When it comes to social and ethical issues W3C failed to consider accessibility workers trying to provide access to people with disabilities trying to use EME. Therefore, any attempt to modify the DRM systems in order to provide access to people with disabilities is now illegal (since every attempt to modify the system is not permitted) according to the new standard. However, the need to consider placing safeguards for people with disabilities has been a long standing proposal according to an article by Yun and Tan written back in 2012. They argue about the need to include Visually Impared people in all considerations surrounding the creation and implementation of DRM standards. As it can be seen in the final version of the EME document from W3C, this was not the case. Even despite initial arguments from members such as the EFF, the final version of EME disregards any and all arguments about the rights of accessibility specialists to developing and using the standard in order to provide access to people with disabilities.
Furthermore, Gupta argues about the lack of representation of non western world actors in process of web standard creation (1). As Gupta describes, within the main body of W3C, there is a serious lack of representatives of non western countries, as well as a lack of females and members of minorities(1). This observation significantly undermines the validity of many controversial decisions the W3C has made , including the standardization of the EME, since the decision was taken by a majority of representatives from western corporate interest groups.
Taking a look at the technical issues:
Conclusion, innovating stagnation:
By concluding this short argument, one must wonder how an organization like the W3C created for fair and equal access, or better put a “web for all” and a “web for everything” (as it can be seen in the about section of their website) could work to create and standardize EME, a technology built to restrict access and innovation. In essence DRM systems are created to restrict and control access to the users, while also giving unprecedented power (and the ability to abuse said power) to the already extremely powerful media corporations (Stallman 131).
The future of W3C and DRM technologies:
Finally, there seems to be a continuous tendency for increased corporate control over both the technical and the political infrastructure of the web. Moreover, this recent development within the W3C indicates the deep roots corporate interests have within the most important organizations and structures of the INTERNET. As it has always been the case, corporations do not care for the consumer or in this case the user, their only drive is more profits and subsequently more control over their products (in this case via DRM technologies). If this trend continues unobstructed we may very soon find ourselves battling for the right to control our computers and our online lives.
Doctorow, Cory. Content: selected essays on technology, creativity, copyright, and the future of the future. San Francisco: Tachyon Publications, 2008.
Doctorow, Cory, et al. “Digital Rights Management (DRM): a failure in the developed world, a danger to the developing world. A paper for the International Telecommunications Union, ITU-R Working Party 6M Report on Content Protection Technologies.” (2005): 1-28.
Gupta, Harsh. “(Lack Of) Representation of Non Western World in process of creation of Web standards.” arXiv preprint arXiv:1609.01996 (2016).
Mulholland, Judie. “Digital Rights (mis) Management.” W3C DRM Workshop. 2001.
Simmons, John C., and D. S. Arbanowski. “Interoperability, Digital Rights Management and the Web.” (2013).
Stallman, Richard. Free software, free society: Selected essays of Richard M. Stallman. Lulu. com, 2002.
Vora, Poorvi, Dave Reynolds, and Ian Dickinson. “Privacy and digital rights management.” A position paper for the W3C Workshop on Digital Rights Management. Publishing Systems and Solutions Lab., Hewlett-Packard Laboratories, 2001.
Yun, Corinne Tan Hui. “Moving towards a More Inclusive Copyright Regime for the Visually Impaired.” Singapore Academy of Law Journal 24.2 (2012): 433-469.