At the recent W3C TPAC meeting the TAG convened a special session to discuss, among other things, Cory Doctorow’s call for a “non-agression covenant.” The concern Cory has voiced is related to the unintended consequences of certain pieces of legislation which have had a chilling effect on security research on software. Although Cory’s concerns have mostly been related the implementation of Encrypted Media Extensions, we believe there is a larger architectural issue at stake which needs to be called out. The TAG therefore agreed the following resolution:
The Web has been built through iteration and collaboration, and enjoys strong security because so many people are able to continually test and review its designs and implementations. As the Web gains interfaces to new device capabilities, we rely even more on broad participation, testing, and audit to keep users safe and the web’s security model intact. Therefore, W3C policy should assure that such broad testing and audit continues to be possible, as it is necessary to keep both design and implementation quality high.