March 29, 2016 | By Cory Doctorow

Interoperability and the W3C: Defending the Future from the Present

Imagine a new, disruptive company figured out a way to let hundreds of people watch a single purchased copy of a movie, even though the rightsholders who made that movie objected. The new company charged money for this service, and gave none of it back to the movie's creators. That's exactly the business model that a controversial project at the Web's premier open standards organization seeks to prevent.

Of course, it's also the business model of Netflix, circa 1997, not to mention every prior video rental service relying on the traditional principle that a copyright owner's control ended when they sold a copy of the work.

If the studios had been able to to lock out disruptive new companies by adding a bit of technology that was against the law to break, Netflix would have been stopped in its tracks. It never would have grown into the powerhouse it is today, a valued partner to the movie studios and independents alike, a production house in its own right -- and one of the principal advocates for standardizing digital restrictions on media use.

We get it: companies often become less revolutionary once they achieve success. But people love Netflix, and they will love the next Netflix even more.

By adopting a covenant to protect interoperability, the World Wide Web Consortium (W3C) can save innovators of tomorrow from those of yesterday.

The World Wide Web Consortium is is mired in conflict over its decision to standardize digital locks -- the technologies that allow other people to give your computer orders that you can't override. The first of these, "Encrypted Media Extensions" (EME) will be part of HTML5 is being designed as the primary interface between people and the smart devices of the Internet of Things, from medical implants to vehicles to power stations to security systems.

Sections 1201-12031 of the US Digital Millennium Copyright Act (DMCA) ban bypassing such restrictions, and have been used to shut down legitimate tools because their makers had to remove a lock to improve existing products, and to silence security researchers who came forward with revelations about defects in covered products.

Though EFF could not convince the W3C to abandon its commitment to adding digital locks to the Web, we have proposed a middle ground. We asked W3C to impose a promise not to use DMCA 1201 or similar laws to attack interoperable technologies or security research as a condition of participating in the EME standards-setting process.

The main event with digital restrictions isn't the technology: it's the law. It may be a dumb idea to design computers to disobey their owners and hide their internal workings from the humans that rely on them, but it's legal threats that keep security researchers and innovators from working with and improving products that use such restrictions.

It's easy to understand what we mean by protecting security researchers, of course, but what's all this about "interoperability?"

Interoperability means being able to have one product function with another product, sometimes in ways the original manufacturer didn't anticipate and wouldn't necessarily approve of. If you've ever plugged a cell-phone charger into a car's cigarette lighter, you've experienced interoperability -- though the original manufacturer never conceived of charging a not-yet-invented phone with a gadget intended to make heat to ignite tobacco products, someone else was able to invent a way to use that original gadget in a new and useful way.

Standards bodies play a key role in interoperability, specifying a common framework that manufacturers can cooperatively agree upon. That framework makes it much easier for one company to design something to work with another company's products and provides assurance that the products that are yet to come will be able to interoperate with both.

But as important as cooperative compatibility is, it's dwarfed by uncooperative compatibility, where companies get their products to work together without any kind of agreement. Sometimes, that's because the original maker is gone -- you might get an inkjet cartridge to go in an old printer whose manufacturer is out of business -- but sometimes, that's because the original manufacturer objects to the add-on.

This "adversarial compatibility" is the cornerstone of interoperability. The telephone network took a huge leap forward when the FCC handed down the 1968 "Carterphone" decision, ruling that phone subscribers could plug devices into AT&T's network even when AT&T objected to this practice. Carterphone led to the widespread deployment of answering machines, fax machines, modems, and, eventually, the Internet as we know it today.

EME is a framework for allowing interoperability for streaming video, within a set of parameters being decided upon at the W3C. But the W3C's EME framework does not enable many of the applications that the law allows. The digital locks that EME builds in stand in the way of these applications, and if the W3C does not adopt a covenant protecting interoperability, those applications will be threatened under laws like Section 1201 of the DMCA by the makers of digital restriction technologies.

Let's take a look at some of the interoperable applications that are blocked by the work of the W3C:

Implementations in free/open source code

The free software movement has a longstanding commitment to providing users with the ability to run computers whose code is open to inspection and modification by any party. Free software advocates want to know that there are no sneaky back-doors in their programs, they want to avoid lock-in by companies, they want to be able to learn from their computers, they want to be able to improve their computers, and they want to be able to share those improvements.

The free software movement has given us many of the Internet's core technologies: the GNU/Linux operating system, the Apache web-server, NGINX, OpenSSL encryption,  and much, much more.

To implement an EME-capable browser, you must have a "Content Decryption Module." These modules are all presently implemented in closed, proprietary code. This isn't unusual: many core technologies begin life as proprietary blobs, and the normal course pursued by free software advocates is to reverse-engineer that proprietary software and make free, open implementations.

However, a reverse engineering attempt on an EME-CDM system can implicate DMCA 1201 and similar laws, meaning that anyone attempting to make a free/open equivalent would face potential lawsuits simply for undertaking this common activity.

A covenant that protects implementers from W3C members' use of  anticircumvention laws to attack interoperability solves this problem, at least for lawsuits initiated by parties to the covenant. Without it, anyone wanting to run a browser compatible with the video applications that the W3C is standardizing will have to run opaque, unauditable, unimprovable, non-distributable proprietary code, even if they're prepared to make a free/open alternative without any help from the original manufacturer.

New browsers

The W3C has always stood for the ability of anyone to make a browser. By following the recommendations of the W3C, new companies and projects can make a browser that can view all the standards-compliant documents and files on the entire World Wide Web. While there are only a few major browsers in use today, they include several of relatively recent vintage, and are vastly outnumbered by all the browsers that have come and gone since the first days of the Web.

The Web's future depends on new browsers coming into existence to replace the ones that will inevitably fade away.

Any new browser coming on the scene after the standardization of EME will enter a fundamentally different world than all the ones that have come before: for that browser to receive and display content that is defined by the W3C, it will have to enter into a commercial partnership with one of a handful of companies that have been blessed as being entitled to produce a CDM.

A browser that can't strike such a partnership -- either because all possible partners are in exclusive relationships with existing browsers, or because it lacks the commercial or structural ability to enter into a commercial partnership (say, because it is a community-based free software project) will be frozen out of rendering part of the standards-defined Web.

It would be a return to the bad old days of websites that advised that they were "Best viewed with Netscape" or "Best viewed with Internet Explorer," because the new browsers would be locked out of some of their content.

However, if there is a covenant protecting interoperability, new browsers can bypass the refusal to deal from incumbent manufacturers and make their own EME-CDM combination that can play all the content that meets the W3C's standards.

Archiving

Around the world, archives and libraries have the statutory right to make long-term copies of copyrighted works, even against the wishes of rightsholders. However, this statutory right is interfered with by the rules prohibiting breaking digital locks. Sometimes, governments grant exemptions for libraries (in the USA, the Copyright Office has granted some exemptions to the DMCA for the purposes of archiving), but these exemptions have serious defects. Most of the US exemptions, for example, expire every three years and must be renewed through a costly and cumbersome process, and only cover the right to use a tool to break the digital lock in order to make archival copies: they do not cover the right to make or share that tool, meaning every library must figure out how to make such a tool from scratch, and not share it.

If the W3C adopts the covenant permitting interoperability, it would help vendors who serve the library and archive sectors to make tools to accomplish the institutions' cultural duty by making a lawful use.

Public domain videos, Creative Commons, Crown and Parliamentary copyrights

Many videos are not in copyright. In some cases, the copyright on these videos has expired. In others, the videos are produced by governments that cannot assert copyright in their productions (this is the case for the US government). Other videos are in copyright, but governed by separate rules that allow the public to record and share them -- in Commonwealth countries, government works are bound by Crown Copyright or Parliamentary Copyright, under which the public enjoy automatic rights that are broader than the rules governing works made by individuals and companies.

Then there are works that are licensed under free/open content licenses, such as Creative Commons and the GNU Free Documentation License. More than a billion works have been licensed under Creative Commons alone, and all of those works allow viewers to record and share them, and moreover, many of them prohibit the use of digital locks like EME-CDM systems.

Despite the fact that the public is entitled to make use of these works, the companies that distribute them -- broadcasters, cable operators, webcasters, etc -- often lock them up with digital locks, and will continue to do so under EME.

Even though you have the legal right to record and re-use these videos, EME will prevent you from doing so, and anticircumvention laws will prevent anyone else from making a tool to enable you to bypass EME and exercise your legal rights.

A covenant protecting interoperability will give organizations, individuals, and companies a firm legal footing on which to make such a tool and enable the public to accomplish lawful activities with videos they are entitled to.

Bandwidth arbitrage

In the developing world, use of the Web is strongly limited by the high cost of mobile data. What frees them to participate in the Web is time- or place-shifting their usage. Throughout the global south, we see a widespread usage pattern of downloading large files while in wifi range, for later use. This "bandwidth arbitrage" enables the poorest Internet users to approximate the kind of access to rich media assets that the rest of us take for granted.

A tool to allow for offline storage and playback of EME-locked videos would fall afoul of many countries' equivalents to DMCA 1201 -- the US Trade Representative having made the adoption of these laws a condition of trade with the USA -- but an interoperability covenant would protect local entrepreneurs and developers who produced a tool to enable this use.

Accessibility

Media companies invest in accessible versions of their products — sometimes they're legally obliged to provide them. But people with disabilities have diverse access needs, and statutory requirements or centrally-provided dispensations barely cover the possible ways that content, including video, could be made available to a wider audience. That's one of the reasons why the W3C's other work on media standardization is so exciting. HTML5's unencrypted media extensions not only provide built-in accessibility features, they also offer the possibility of third-party programs that can transform, re-interpret, or mix original content in order to make it accessible to an audience that can't accept the default presentation methods.

To give a few examples of what the future of HTML accessibility might include:

  • YouTube attempts to create closed captions on the fly using speech recognition. It's not always perfect, but it's getting better every day. A smart web browser displaying video could hand over audio to be recognised locally, creating captioning for content that doesn't have it. Add to that auto-translate, and your movie gets a global audience, unlimited by language barriers.
  • While we wait for better algorithms to improve captioning, many take advantage large volunteer subbing communities that create subtitling and captioning independent of any rightsholders. Synchronizing such content with the original video is sometimes an exercise in frustration for the users of these subtitles. In the future, subbers could create webpages with javascript that seeks for audio and video cues in existing media to correctly synchronize their unofficial subtitles on the fly (as dubbing companies like RiffTrax have had to do with their own synchronization workarounds).
  • Security researcher Dan Kaminsky has developed a method for transforming the color space of video, in real time, so that red-green colorblind viewers can see images with real reds and greens. The DanKam could be applied to HTML5 video to let the color blind see a fuller range of color.
  • One in four thousand people rely on video passing "the Harding test," a method for determining whether movies contain flashing imagery that may cause harm to those suffering from photosensitive epilepsy. But the Harding test doesn't catch footage for every person with epilepsy, and not every video source is checked against it. In the future, we can envisage a website that could pro-actively run flash and pattern identification on incoming video and warn users or skip dangerous content.

All of this, and more, shows the promise of interoperable video browser standards. But not for those presented using EME. Each of these techniques involve reaching into the plain, unencrypted version of the video stream and examining or transforming the plain text data. To do that, they'd have to circumvent its protection. The W3C's standards and accessibility teams have been working hard to anticipate every way media might be used, but without permissionless interoperability, they'll never be able to tap the endless innovation of the Web's open development environment. Without the covenant, developers (including developers with disabilities) attempting to transform encrypted media for unaddressed access needs would face a legal barrier to peeling back the CDM. With a covenant of all the W3C's members, those with accessibility needs are better situated to take matters into their own hands, or work with others to improve their access to all media.

  • 1. Section 1201 defines the activities that are prohibited, with Section 1202 adding some additional prohibitions about removing metadata. Section 1203, which is what the covenant refers to, creates a right to sue.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Email is a critical link in your digital security chain. Here's how to enable two-factor authentication for Gmail. https://www.eff.org/deeplinks...

Dec 9 @ 4:44pm

Consensus at the Internet Governance Forum: closed, secretive trade negotiations must be urgently reformed. https://www.eff.org/deeplinks...

Dec 9 @ 4:35pm

US government employees can give through the Combined Federal Campaign: Designate EFF, CFC ID 10437, by next week! https://www.opm.gov/combined-...

Dec 9 @ 2:04pm
JavaScript license information