W3C’s EME/DRM: Standardizing Abuse and Evasion

Among the bizarre arguments in favor of Encrypted Media Extensions (EME), this one stuck with me:

Standardizing an API for Abuse of Users.

The argument runs something like this:

DRM is already present on the Web using plugins for browsers, each with a different API. EME, standardizing a public API, enables smaller browsers to compete in offering DRM. Not to mention avoiding security nightmares like Flash.

As a standards geek, I often argue the advantages of standardization. Claiming standardizing an API for abuse of users as beneficial, strikes me as odd.

Conceptually DRM systems don’t have to infringe on the rights of users to fair use, first sale, modification for accessibility, but I don’t have an example of one from a commercial content provider that doesn’t. Do you?

Moreover, confessed corporate behavior, false bank accounts (Wells Fargo), forged mortgage documents (Ally (formerly known as GMAC), Bank of America, Citi, JPMorgan Chase, Wells Fargo), etc., leave all but the most naive certain user rights will be abused via the EME API.

A use of the EME API that does not violate user rights would be a man bites dog story. Sing out in the unlikely event you encounter such a case.

(I got to this point and my post ran away from me.)

Is there an upside to ending the crazy quilt of DRM plugins and putting encrypted media delivery directly into browsers for users?

With EME as the single interface for delivery of encrypted web content, what else must be true?

Ah, there is a single point of failure for encrypted web content, meaning if the security of EME is broken, then it is broken for all encrypted web content.

There’s a pleasant thought. Over-reaching to gut user’s rights, the DRM crowd created a standardized, single point of failure. A single breach spells disaster on a large scale.

Looking forward to the back-biting and blame allocation sure to follow the failure of this plan to rain greed over the world. (Wasn’t some company named ContentGuard (sp?) involved in an earlier one?)

Not happy with a standardized API for abusing users but having a single API is like the Windows market share. Breach one and you have breached them all. I take some consolation from that fact.

Leave a Reply

You must be logged in to post a comment.