W3C

HTML Media Extensions to continue work

The HTML Media Extensions Working Group was extended today until the end of September 2016. As part of making video a first class citizen of the Web, an effort started by HTML5 itself in 2007, W3C has been working on many extension specifications for the Open Web Platform: capturing images from the local device camera, handling of video streams and tracks, captioning and other enhancements for accessibility, audio processing, real-time communications, etc. The HTML Media Extensions Working Group is working on two of those extensions: Media Sources Extensions (MSE), for facilitating adaptive and live streaming, and Encrypted Media Extensions (EME), for playback of protected content. Both are extension specifications to enhance the Open Web Platform with rich media support.

The W3C supports the statement from the W3C Technical Architecture Group (TAG) regarding the importance of broad participation, testing, and audit to keep users safe and the Web’s security model intact. The EFF, a W3C member, concerned about this issue, proposed a covenant to be agreed by all W3C members which included exemptions for security researchers as well as interoperable implementations under the US Digital Millennium Copyright Act (DMCA) and similar laws. After discussion for several months and review at the recent W3C Advisory Committee meeting, no consensus has yet emerged from follow-up discussions about the covenant from the EFF.

We do recognize that issues around Web security exist as well as the importance of the work of security researchers and that these necessitate further investigation but we maintain that the premises for starting the work on the EME specification are still applicable. See the information about W3C and Encrypted Media Extensions.

The goal for EME has always been to replace non-interoperable private content protection APIs (see the Media Pipeline Task Force (MPTF) Requirements). By ensuring better security, privacy, and accessibility around those mechanisms, as well as having those discussions at W3C, EME provides more secure interfaces for license and key exchanges by sandboxing the underlying content decryption modules. The only required key system in the specification is one that actually does not perform any digital rights management (DRM) function and is using fully defined and standardized mechanisms (the JSON Web Key format, RFC7517, and algorithms, RFC7518). While it may not satisfy some of the requirements from distributors and media owners in resisting attacks, it is the only fully interoperable key system when using EME.

We acknowledge and welcome further efforts from the EFF and other W3C Members in investigating the relations between technologies and policies. Technologists and researchers indeed have benefited from the EFF’s work in securing an exemption from the DMCA from the Library of Congress which will help to better protect security researchers from the same issues they worked to address at the W3C level.

W3C does intend to keep looking at the challenges related to the US DMCA and similar laws such as international implementations of the EU Copyright Directive with our Members and staff. The W3C is currently setting up a Technology and Policy Interest Group to keep looking at those issues and we intend to bring challenges related to these laws to this Group.

18 thoughts on “HTML Media Extensions to continue work

  1. > no consensus has yet emerged from follow-up discussions about the covenant from the EFF.

    Why is there no consensus yet? This seems like an obvious fallback position for the W3C to pursue, given that it is not dropping EME.

    It would be very useful to know what arguments against the EFF’s proposed security/interoperability covenant have been raised. Is it that there is some uncertainty that still needs to be investigated? Or are there actual parties that have objected to the EFF? Who are they?

    1. Hello Michael,

      As long as content providers make encrypted media available on the Web, we feel it is better for it to be discussed in the open at W3C, for the technology to be in a browser, and for everyone to use an interoperable open standard.

      EME enables communication between Web browsers and digital rights management (DRM) agent software to allow HTML5 video play back of DRM-wrapped content without third-party media plugins. EME does not create nor impose a content protection or Digital Rights Management system.

      EME enables video on the Web to be standardized on the Open Web.

      There is a more in-depth presentation of the EME work and a FAQ in the EME factsheet.

      1. “As long as content providers make encrypted media available on the Web, we feel it is better for it to be discussed in the open at W3C, for the technology to be in a browser, and for everyone to use an interoperable open standard.”

        As I understand “Encrypted Media Extension”, it includes proprietary components and therefore isn’t “open”. To include proprietary stuff in order to use an “open standard” is quite a contradiction.

        An “open” web isn’t about offering as much content as possible but about being open. So your argument I’ve cited above isn’t an argument for an open web but rather a concession to the media industry. I don’t need to be able to watch every video on the net. If anyone decides to limit the access to its contents, that’s ok. They won’t get as many viewers (or listeners) as they’d like to have and will change in the process. And even if they don’t change, I’d be fine without access to their content.

        I’m not ok with giving up on “open standards”, however, just to be able to watch some videos I don’t care about.

        1. @Coralie Mercier Even a passing look at this comment stream, leaves me with the curious question of why “answer” such a candid comment, when there are more incisive questions or comments that go beyond a mere expression of a wish!

          Moreover, the lack of participation here raises questions. People don’t care? I think they do. People are aware? I think they don’t. People understand? Most, not really. Does the W3C make an effort to inform and collect opinions from the ‘beloved’ users of the web? Make an effort to translate beyond closed doors activity? (check @Ron Waldon & @ Colin Principe comments).

          By the way… I’m not giving you my email… it is enough that you most likely collect my IP!

  2. Does the W3C feel that there is not enough data regarding problematic reporting and enforcement of DMCA violations to warrant suspending this work? W3C should be focused on improving delivery of content, not restricting it.

  3. Dear W3C,

    Most of you care about an open Internet as much or even more than I do. So I really, really can’t understand why you are bowing to the pressure of the same media groups that tried once and again to destroy, restrict and control the Internet landscape to maintain their ancient business models as they are.

    DRM is bad. Period. If they need DRM, let’s make them use THEIR implementation, not insert it INTO THE WEB STANDARDS. STANDARDS MUST BE OPEN. Any closed standard is not a standard, is an imposition.

    This will only enable them to restrict or sue anyone that tries anything new, and will open new venues for litigation against companies and initiatives, even the ones that are OUTSIDE THE USA and should not be subjected to the outrageous DMCA rules.

    Please think: why would the EFF be so vocal against it if it was a good thing? Are they THAT dumb? A XKCD cartoon once remembered us that they are, instead, heroes of the Internet. I like to think that you, the W3C people, are too. Please don’t disappoint us…

    Regards, Andre

  4. w3c is for open standards not propiatry. maybe its time to create a new community of standards and drop the w3c?

  5. You do know that your plans will kill future browsers if they are not Chrome, Edge or Safari?

    Why you want to destroy diversity and replace it with more monopoly?

    Guess you have never heard that diversity is a good thing!

  6. Definition:
    Terrorist: The one that use his/her power, special ability or skills in a very bad way.

    Example 1: That ISIS man has a gun, he use it to kill innocent people.
    – By definition he is a terrorist.

    Example 2: W3C has the power to set new web standards. W3C want to use its power to kill open web… to kill firefox and other opensource browsers … yeah to kill our good things about web and internet :|
    – By definition W3C will be a … :(

  7. “The only required key system in the specification is one that actually does not perform any digital rights management (DRM) function”
    You may think that this is not really DRM but when the lawyers get a hold of this they will argue that it is an “technical protection measures” and will use that to control anything they dont like.

    Just take it out of the standards

  8. Huh? I’m no expert and so rely on people who are experts (and who I trust) to look out for my interests in privacy and in access to information (EFF in this case). I DO know that anytime an organization is doing what the “owners” want and not what the owners have a right to do, it is a bad idea for individuals and small organizations.

    If the w3 is in any way beholding to capital, perhaps it is time to trusting them to look out for my interests.

  9. Thank you all, for taking the time to express your opinions and concerns.

    We can not emphasize enough that working on EME allows playback of protected content on the Open Web Platform, that putting the CDM under browser control is what enables us to add the various user security and privacy requirements included in EME, that EME is not DRM and that W3C can’t be doing what the “owners” want or what “giants” want, as we’ve seen wrongly characterised.

    Our process is built around the open standards principles: due process, broad consensus, transparency, balance, openness.

    We have a long factsheet because people have a lot of concerns; please, take the time to read it:
    https://www.w3.org/2016/03/EME-factsheet.html

Comments are closed.