Open Letter to European Commission: Stop DRM in HTML5
On today's "Day against DRM", the Free Software Foundation Europe (FSFE) has sent an open letter to the European Commission, asking the EC to prevent Digital Restrictions Management technology from being closely integrated with the HTML5 standard.
FSFE is concerned about efforts currently in progress at the World Wide Web Consortium (W3C), to encourage the integration of Digital Restriction Management (DRM) technology into web browsers. The W3C oversees many of the key standards on which the World Wide Web is based.
A W3C working group is currently standardising an "Encrypted Media Extension" (EME), which will allow companies to easily plug in non-free "Content Decryption Modules" (CDM) with DRM functionality, taking away users' control over their own computers. Most DRM technologies impose restrictions on users that go far beyond what copyright and consumers' rights allow.
"Integrating DRM facilities into HTML5 is the antithesis of everything that has made the Internet and the World Wide Web successful," says FSFE's President Karsten Gerloff. "It is directly contrary to the interests of the vast majority of Internet users everywhere."
Auditing the DRM modules will be both difficult and illegal. Their source code will be a closely held secret of the company which distributes the module. Performing an audit and reporting security flaws would also be illegal in the many countries which have adopted so-called "anti-circumvention" laws. Reporting a security problem in the DRM module would expose the reporter to the risk of lawsuits from the makers of that module.
FSFE asks the European Commission to:
- Engage with the W3C and ensure that the organisation takes these concerns on board as it decides on the adoption of the Encrypted Media Extension (EME).
- Pledge not to make use of the Encrypted Media Extension in its own infrastructure, even if EME were to be standardised by W3C.
- Protect people and companies from prosecution who reverse-engineer DRM technology and report vulnerabilities.