The Fight Over DRM Standards for Streaming Video Is Over and Big Business Won

By Kate Conger on at

A fight over the future of video streaming has been brewing for years—and it finally came to a head today, with a major electronic privacy organisation bowing out of the consortium that sets standards for the web.

The Electronic Frontier Foundation (EFF) resigned from the World Wide Web Consortium (W3C) today over the W3C’s freshly-released recommendations on protecting copyright in streaming video. W3C, which is directed by the inventor of the internet Tim Berners-Lee, should be a natural ally of the EFF—but the fight over protecting security researchers who uncover vulnerabilities in video streaming has driven a wedge between the two organisations.

“The whole problem that we have here is this is a super technical, relatively boring, unbelievably important issue. That’s such a horrific toxic cocktail,” Cory Doctorow, the EFF’s advisory committee representative to W3C, told Gizmodo. “The W3C is using its patent pool and moral authority to create a system that’s not about empowering users but controlling users.”

The dispute focuses on Digital Rights Management (DRM), which enables media companies in the US to surveil their consumers and make sure they’re just binge-watching episodes of Game of Thrones, not binge-pirating. (Although DRM is most commonly found in video streaming platforms, it also makes appearances in everything from coffee machines to tractors.) DRM gets legal backing from the Digital Millennium Copyright Act (DMCA) in America, which makes it a crime for security pros to find and disclose vulnerabilities in DRM. Though the DMCA is a US copyright law, the W3C's decision sets a worrying precedent that could be followed on an international scale.

DRM is usually managed by plugins like Adobe Flash or Microsoft Silverlight, but W3C’s recommendations make it possible for DRM to be managed by browsers. The EFF and other organisations wanted browsers that adopt the standard to agree to protect security researchers and not pursue them under the DMCA, but W3C didn’t make that part of the standard—pissing off a bunch of security professionals and open web advocates. It feels cynical and hypocritical for an organisation founded on principles of openness to cave to the constraints of DRM and not stick up for researchers and users.

W3C normally makes decisions based on consensus, but switched to a majority-vote system because DRM was so divisive amongst its members, Doctorow said. CEO Jeff Jaffe called the dispute “one of the most divisive debates in the history of the W3C Community.”

“I know from my conversations that many people are not satisfied with the result,” Jaffe wrote of the recommendations. “And there is reason to respect those who want a better result. But my personal reflection is that we took the appropriate time to have a respectful debate about a complex set of issues and provide a result that will improve the web for its users.”

Doctorow told Gizmodo that he proposed a compromise to protect security researchers from prosecution, but that W3C rejected it. “We will stand down on our views on DRM but you have to promise that you’ll only use DRM law like the DMCA when there is some other cause of action like a copyright infringement,” he explained. That way, if researchers broke DRM only to expose a security flaw, they would be protected. But W3C members like Netflix weren’t interested in discussing a compromise, he said.

“The irony here is that Netflix only exists because they did and continue to do something that outraged the entertainment industry,” Doctorow explained. “The web should have the same standard that you guys had when you were starting. It should be legal to do things that are legal, and if that upsets you you should make a better product or convince Congress to stop it.”

Because of the changes to W3C rules, the EFF lost faith in the process. “We don’t think that there’s any use in throwing our donor’s money, our energy and our limited time at a process where we don’t think the other side carried themselves in good faith,” Doctorow said.

In an open letter explaining EFF’s decision to walk away from W3C, Doctorow wrote: “The business values of those outside the web got important enough, and the values of technologists who built it got disposable enough, that even the wise elders who make our standards voted for something they know to be a fool’s errand.”

In addition to the lack of protections for security research, EFF says the W3C recommendations harm the automation of making video accessible to people with disabilities and archiving the internet.

For their part, W3C members Netflix, Microsoft, Comcast, the Motion Picture Association of America, and the Recording Industry Association of America
all praised the decision.

“Integration of DRM into web browsers delivers improved performance, battery life, reliability, security and privacy to users watching their favourite TV shows and movies on Netflix and other video services,” wrote Netflix in a statement. “We can finally say goodbye to third-party plugins, making for a safer and more reliable web.” [EFF, W3C]