W3C responds to UNESCO concerns about Encrypted Media Extensions

April 6th, 2017

screenshot of title and logos for sdbpUNESCO recently published a letter and an article about Encrypted Media Extensions. Since we didn’t have an opportunity to set the record straight with them, we are responding here.

The spirit of the letter is anchored in UNESCO’s values and the concept of Internet Universality. We agree on the concept of Internet Universality. We even believe that those who are trying to restrict movies from the Internet are violating the concept of universality by preventing certain content from being on the Web.

We note that EME does in fact provide improvements in the way of privacy, security and accessibility over the alternatives.

  • The alternative to EME allowing interaction with copyrighted content in Web browser plugins is abandoning the Web. Without in-browser decryption ability, content providers would use their own native application, which will have much more leeway to spy on the user, and possibly infect their machine.
  • With EME, the browser protects the user from the worst effects of the DRM system, by putting it in a processing “sandbox”, such that access to network, user’s data or machine is only permitted as allowed by the sandbox, thus offering protection against things like the root kit problems and privacy beaches we have had in the past.
  • Regarding accessibility, testing confirmed that the specification’s approach for captions did not prevent access to captions for users with disabilities.

When UNESCO suggests that laws such as DMCA are against UN principles, we note that their colleagues at WIPO have been a motive force behind such laws. We would urge UNESCO to use its own weight to insist that Member States laws on the Internet are always reasonable and proportionate and respectful of human rights. We are a technical standards organization but litigating the laws of a single country or many nations (like the WIPO treaty) is the role of legal advocates such as the EFF or UNESCO.

EFF has, as a member of the Consortium, initiated a move to get the members of the working group developing EME to agree to a covenant that they would not sue under the DMCA, but the proposal was rejected by the Members. Following that, the Consortium is considering a strawman broader Best Practices document W3C Security Disclosures and Privacy Best Practices to protect Security researchers and others from the overreach of the law. We invite the public, experts, W3C Members and interested parties to advocate and get consensus on any changes needed to better help support researchers in security and privacy.

We intend to continue to address the public discourse with an update to our March 2016 Information about W3C and Encrypted Media Extensions.