Encryption, DRM, and the Web Cryptography API


These efforts have met with some resistance from the Electronic Frontier Foundation (EFF). The US organization for digital civil rights has fought DRM for years. In May 2013, the EFF submitted formal objection to the statutes of the HTML Working Group to the W3C: In the opinion of the Foundation, the Encrypted Media Extensions contradict W3C's vision of an open web and excludes certain browsers and platforms from the World Wide Web. EME obstructs interoperability and the participation of any interested party in the web.

The Free Software Foundation (FSF) has added its voice to this criticism, having always fought against "Digital Restrictions Management" (Figure 2). Activists have coined the term "Hollyweb" for the current threat, referring to an Internet that is based on the ideas of the movie corporations in Hollywood [11]. On May 3, 2013, they celebrated anti-DRM day and handed over a letter of protest to the W3C with tens of thousands of signatures.

Figure 2: The Free Software Foundation fights Digital Rights Management in its "Defective by Design" campaign.

A formal objection to EME has also been filed by software developer Andreas Kuckartz [12]. Kuckartz has been an Invited Expert in the W3C's HTML Working Group for two years. He sees problems with open source software licenses in EME: "Since GPLv3, DRM, and free software are no longer compatible." In his opinion, there is no obligation for the W3C to comply with the entertainment industry's desire for digital rights management. The standardization process still has several stages to go through, he says, and the output is unclear. "If the W3C leaves DRM out of the standards, anybody interested in doing so could design it on their own," he cautiously predicts.

W3C CEO Jeff Jaffe, on the other hand, argues that DRM will be present on the web anyway (through technologies such as Flash and Silverlight) regardless of whether the W3C throws its weight behind a technology standard. In an interview with CNET, Jaffe points out, "There is going to be protected content on the Web … . We should have one Web with as much commonality as possible, where one is able to access free content as well as protected content. The other approach is to say if someone wants to have DRM content, that should be its own walled garden, cordoned off. We don't want the Web to be a bunch of cordoned-off apps" [13].

The EFF counters that building restrictive technologies into an open standard is unworkable and contrary to the spirit of the W3C. "Accepting EME could lead to other rightsholders demanding the same privileges as Hollywood, leading to a Web where images and pages cannot be saved or searched, ads cannot be blocked, and innovative new browsers cannot compete without explicit permission from big content companies" [14].

As of now, the W3C seems committed to continuing the development and adoption of the Web Cryptography API, but even if the controversial API isn't accepted as an official W3C standard, you can bet the entertainment industry's effort to build DRM into the Internet isn't going to go away anytime soon.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Cryptography and Provable Security

    A concept called provable security brings the rigor of mathematics to the art of cryptography.

  • Doghouse – Privacy Matters

    "maddog" recalls some of the history of encryption and PGP and discusses why they should matter to everyone.

  • Coming of Age

    Age, a modern encryption tool, could soon replace PGP and GPG when it comes to file encryption.

  • EncryptPad

    EncryptPad provides symmetric text encryption directly from the editor. You can also use EncryptPad to encrypt binary data.

  • DM-Crypt

    If you’re serious about keeping secrets, try hard disk encryption with DM-Crypt and LUKS.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More