Encryption, DRM, and the Web Cryptography API

Resistance

These efforts have met with some resistance from the Electronic Frontier Foundation (EFF). The US organization for digital civil rights has fought DRM for years. In May 2013, the EFF submitted formal objection to the statutes of the HTML Working Group to the W3C: In the opinion of the Foundation, the Encrypted Media Extensions contradict W3C's vision of an open web and excludes certain browsers and platforms from the World Wide Web. EME obstructs interoperability and the participation of any interested party in the web.

The Free Software Foundation (FSF) has added its voice to this criticism, having always fought against "Digital Restrictions Management" (Figure 2). Activists have coined the term "Hollyweb" for the current threat, referring to an Internet that is based on the ideas of the movie corporations in Hollywood [11]. On May 3, 2013, they celebrated anti-DRM day and handed over a letter of protest to the W3C with tens of thousands of signatures.

Figure 2: The Free Software Foundation fights Digital Rights Management in its "Defective by Design" campaign.

A formal objection to EME has also been filed by software developer Andreas Kuckartz [12]. Kuckartz has been an Invited Expert in the W3C's HTML Working Group for two years. He sees problems with open source software licenses in EME: "Since GPLv3, DRM, and free software are no longer compatible." In his opinion, there is no obligation for the W3C to comply with the entertainment industry's desire for digital rights management. The standardization process still has several stages to go through, he says, and the output is unclear. "If the W3C leaves DRM out of the standards, anybody interested in doing so could design it on their own," he cautiously predicts.

W3C CEO Jeff Jaffe, on the other hand, argues that DRM will be present on the web anyway (through technologies such as Flash and Silverlight) regardless of whether the W3C throws its weight behind a technology standard. In an interview with CNET, Jaffe points out, "There is going to be protected content on the Web … . We should have one Web with as much commonality as possible, where one is able to access free content as well as protected content. The other approach is to say if someone wants to have DRM content, that should be its own walled garden, cordoned off. We don't want the Web to be a bunch of cordoned-off apps" [13].

The EFF counters that building restrictive technologies into an open standard is unworkable and contrary to the spirit of the W3C. "Accepting EME could lead to other rightsholders demanding the same privileges as Hollywood, leading to a Web where images and pages cannot be saved or searched, ads cannot be blocked, and innovative new browsers cannot compete without explicit permission from big content companies" [14].

As of now, the W3C seems committed to continuing the development and adoption of the Web Cryptography API, but even if the controversial API isn't accepted as an official W3C standard, you can bet the entertainment industry's effort to build DRM into the Internet isn't going to go away anytime soon.

Infos

  1. "HTML5 Video at Netflix": http://techblog.netflix.com/2013/04/html5-video-at-netflix.html
  2. BBC support for DRM: http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0153.html
  3. Web Cryptography API: https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
  4. Encrypted Media Extensions (EME): https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html
  5. Implementation in Chrome: http://www.chromestatus.com/features
  6. Crypto API in Mozilla:https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
  7. PolyCrypt: http://polycrypt.net
  8. Netflix WebCrypto: https://github.com/Netflix/NfWebCrypto
  9. AES: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
  10. RSA: http://en.wikipedia.org/wiki/RSA_encryption
  11. Formal objection to the EFF: https://www.eff.org/pages/drm/w3c-formal-objection-html-wg
  12. Formal objection by Andreas Kuckartz: http://lists.w3.org/Archives/Public/public-html-admin/2013May/0138.html
  13. "W3C Proceeds with Web Video Encryption Despite Opposition": http://news.cnet.com/8301-1023_3-57583619-93/w3c-proceeds-with-web-video-encryption-despite-opposition/
  14. "EFF Makes Formal Objection to DRM in HTML5": https://www.eff.org/press/archives/201305

« Previous 1 2

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Cryptography and Provable Security

    A concept called provable security brings the rigor of mathematics to the art of cryptography.

    more »
  • Doghouse – Privacy Matters

    "maddog" recalls some of the history of encryption and PGP and discusses why they should matter to everyone.

    more »
  • EncryptPad

    EncryptPad provides symmetric text encryption directly from the editor. You can also use EncryptPad to encrypt binary data.

    more »
  • DM-Crypt

    If you’re serious about keeping secrets, try hard disk encryption with DM-Crypt and LUKS.

    more »
  • Thunderbird Security

    Thunderbird offers several options for secure email, and the GnuPG-based Enigmail encryption add-on provides an additional layer of protection.

    more »
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

Price $2.95

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source