W3C moves to finalize DRM standardization, reclassifies suing security researchers as a feature, not a bug

The World Wide Web Consortium has announced that its members have until April 19 to weigh in on whether the organization should publish Encrypted Media Extensions, its DRM standard for web video, despite the fact that this would give corporations the new right to sue people who engaged in legal activity, from security researchers who revealed defects in browsers to accessibility workers who adapted video for disabled people to scrappy new companies who come up with legal ways to get more use out of your property.


The W3C suspended all work on a covenant to protect security researchers more than a year ago, after a mere 90 days' discussion. They refused to convene any kind of process to protect other people who might be harmed by this standard, including accessibility workers and innovators.

Rather than continue this work, the W3C has taken steps to legitimize suing security researchers, by convening a new group that will allow manufacturers to set voluntary guidelines for when this new right to sue people who tell the truth about defects in their products should be used.

They have characterized this as "protecting security researchers" despite the fact that it offers no protection to security researchers — even those who follow the guidelines will have no guarantee that W3C members won't sue them, as the rules are voluntary, rather than (say) a condition of membership, or the W3C's patent license.

Hundreds of security researchers have called on the W3C to protect their work.


Encrypted Media Extensions (EME), a mechanism by which HTML5 video providers can discover and enable DRM providers offered by a browser, has taken the next step on its contentious road to standardization. The World Wide Web Consortium (W3C), the standards body that oversees most Web-related specifications, has moved the EME specification to the Proposed Recommendation stage.

The next and final stage is for the W3C's Advisory Committee to review the proposal. If it passes review, the proposal will be blessed as a full W3C Recommendation.

DRM in HTML5 takes its next step toward standardization
[Peter Bright/Ars Technica]