Signers include current and former members of the Internet Engineering Task Force and Internet Corporation for Assigned Names and Numbers' committees, professors, CTOs, network security engineers, Internet architects, systems administrators and network engineers, and even one of the inventors of the Internet’s core communications protocol.
This isn’t the first time many of these engineers have spoken out on the need for open Internet protections. In 2015, when the EFF and ACLU filed a friend-of-the-court brief defending the net neutrality rules, dozens of engineers signed onto a statement supporting the technical justifications for the Open Internet Order.
The engineers’ statement filed today contains facts about the structure, history, and evolving nature of the Internet; corrects technical errors in the proposal; and gives concrete examples of the harm that will be done should the proposal be accepted.
The engineers explain that:
"Based on certain questions the FCC asks in the Notice of Proposed Rulemaking (NPRM), we are concerned that the FCC (or at least Chairman Pai and the authors of the NPRM) appears to lack a fundamental understanding of what the Internet's technology promises to provide, how the Internet actually works, which entities in the Internet ecosystem provide which services, and what the similarities and differences are between the Internet and other telecommunications systems the FCC regulates as telecommunications services."
The engineers point to specific errors in the NPRM. As one example among many: the NPRM tries to argue that ISPs, not edge providers, are the main drivers for services such as streaming movies, sharing photos, posting on social media, automatic translation, and so on. The NPRM also erroneously assumes that transforming an IP packet from IPv4 to IPv6 somehow changes the form of the payload.
The engineers explain how the Internet (and in particular broadband) has changed since 2002, when the FCC first explicitly classified broadband internet access service as an information service, and why that classification is no longer appropriate in light of technical developments. Drawing on this background information, they then respond to specific questions from the NPRM in order to correct the FCC's mistakes.
The statement provides nearly a dozen different examples of consumer harm that could have been prevented by the light-touch, bright-line rules—like when AT&T distorted the market for content by using its gatekeeping power to not charge its customers for its DIRECTV video service while charging third-parties more to similarly zero-rate data. It also gives several examples of consumer benefits that happened as a result of the 2015 Open Internet Order, like mobile service providers finally removing the prohibition that was stopping customers from tethering their personal computers to their mobile devices in order to use their mobile broadband connections.
The NPRM fundamentally misunderstands the basic technology underlying how the Internet works. If the FCC were to move forward with its NPRM as proposed, the results could be disastrous: the FCC would be making a major regulatory decision based on plainly incorrect assumptions about the underlying technology and Internet ecosystem that will have a disastrous effect on innovation in the Internet ecosystem as a whole.
The United States Trade Representative (USTR) has just released its trade negotiating objectives [PDF] for a revision of NAFTA, the North American Free Trade Agreement between the United States, Mexico, and Canada. NAFTA is expected to open up a new front in big content's neverending battle for stricter copyright rules, following the unexpected defeat of the Trans-Pacific Partnership (TPP). Meanwhile, big tech companies are now wielding increasing influence with the USTR, and demanding that it negotiate rules that protect their businesses also, such as prohibitions against restrictions on the cross-border transfer of data.
In EFF's comments to the USTR about what its negotiating objectives should be, we urged it not to include new copyright rules in NAFTA, because of how this would prevent the United States from improving its current law or adapting to technological change. We also expressed the need for caution about including some of the new digital trade (or e-commerce) rules that big tech companies have been asking for, for similar reasons, and because the trade negotiation process notoriously lacks the balance that would be required for it to negotiate a sound set of rules.
The negotiating objectives are hopelessly general, but it seems that our requests largely fell on deaf ears. The negotiating objectives on intellectual property relevantly include to:
Ensure provisions governing intellectual property rights reflect a standard of protection similar to that found in U.S. law.
Provide strong protection and enforcement for new and emerging technologies and new methods of transmitting and distributing products embodying intellectual property, including in a manner that facilitates legitimate digital trade. ...
Ensure standards of protection and enforcement that keep pace with technological developments, and in particular ensure that rightholders have the legal and technological means to control the use of their works through the Internet and other global communication media, and to prevent the unauthorized use of their works.
Provide strong standards [of, sic] enforcement of intellectual property rights, including by requiring accessible, expeditious, and effective civil, administrative, and criminal enforcement mechanisms.
These provisions are consistent with the U.S. demanding similar provisions to those that had been contained in the TPP, including life plus 70 year terms of copyright protection, criminal penalties for "commercial scale" copyright infringement, and legal protections for DRM—all of which would be new to NAFTA. Disappointingly, there is no reference to be found to the inclusion of a "fair use" exception to copyright, as we had requested in our submission.
Digital Trade (E-Commerce) Rules
As for digital trade, the objectives include to:
Ensure non-discriminatory treatment of digital products transmitted electronically and guarantee that these products will not face government-sanctioned discrimination based on the nationality or territory in which the product is produced.
Establish rules to ensure that NAFTA countries do not impose measures that restrict crossborder data flows and do not require the use or installation of local computing facilities.
Establish rules to prevent governments from mandating the disclosure of computer source code.
While some of these rules might not be harmful, if they were drafted in an adequately open and consultative fashion, we have previously expressed concerns that the ban on restrictions on crossborder data flows may not allow countries adequate policy space to protect the privacy of users' data. We are also worried about the possibility that a blanket ban on laws requiring the disclosure of source code could limit countries from introducing new measures to protect users from vulnerabilities in digital products such as routers and Internet of Things (IoT) devices.
Our New Infographic Makes Sense of It All
You might well be wondering how the new version of NAFTA will compare with other digital trade negotiations, such as the TPP (which could still rise again between the other eleven countries besides the United States), and the Regional Comprehensive Economic Partnership (RCEP, whose negotiators are meeting this week in Hyderabad, India). To help explain, we've put together this infographic which illustrates five of the major ongoing trade agreements that are likely to contain provisions on digital issues. It provides a quick overview of their current status, the countries involved, and the issues that they contain.
Click to view full-size
One thing that all of these agreements have in common is that there is no easy way for users to access them. Negotiation rounds take place in far-flung cities of the world, with little or sometimes no notice to the general public, and next to no transparency about the texts under discussion, and with little or no official means of access to the negotiators for public interest advocates such as EFF. Nevertheless, EFF is on the ground in Hyderabad this week to stand up for users, and we plan to do the same in the coming NAFTA negotiations too.
Despite today's release of the USTR's negotiating objectives for NAFTA, they are nowhere near detailed enough for us to know what rules the USTR will really be asking for from our partners. And that's dangerous, because we don't really know what we're fighting against, and whether our fears are justified or overblown. Worse, we might never know until the agreement is concluded—unless it is leaked in the meantime. That's just not acceptable, and it needs to change.
Keep reading Deeplinks for updates on the progress of each of these trade agreements, and how they will affect you. And if you'd like to support our difficult work in fighting for users' rights in all of these secretive venues, you can help by donating to EFF.
Border agents may not use travelers’ laptops, phones, and other digital devices to access and search cloud content, according to a new document by U.S. Customs and Border Protection (CBP). CBP wrote this document on June 20, 2017, in response to questions from Sen. Wyden (D-OR). NBC published it on July 12. It states:
In conducting a border search, CBP does not access information found only on remote servers through an electronic device presented for examination, regardless of whether those servers are located abroad or domestically. Instead, border searches of electronic devices apply to information that is physically resident on the device during a CBP inspection.
This is a most welcome change from prior CBP policy and practice. CBP’s 2009 policy on border searches of digital devices does not prohibit border agents from using those devices to search travelers’ cloud content. In fact, that policy authorizes agents to search “information encountered at the border,” which logically would include cloud content encountered by searching a device at the border.
We do know that border agents have used travelers’ devices to search their cloud content. Manynewsreportsdescribe border agents scrutinizing social media and communications apps on travelers’ phones, which show agents conducting cloud searches.
EFF will monitor whether actual CBP practice lives up to this salutary new policy. To help ensure that border agents follow it, CBP should publish it. So far, the public only has second-hand information about this “nationwide muster” (the term CBP’s June 17 document uses to describe this new CBP written policy on searching cloud data). Also, CBP should stop seeking socialmediahandlesfromforeignvisitors, which blurs CBP’s new instruction to border agents that cloud searches are off limits.
Separately, CBP’s responses to Sen. Wyden’s questions explain what will happen to a U.S. citizen who refuses to comply with a border agent’s demand to disclose their device password (or unlock their device) in order to allow the agent to search their device:
[A]lthough CBP may detain an arriving traveler’s electronic device for further examination, in the limited circumstances when that is appropriate, CBP will not prevent a traveler who is confirmed to be a U.S. citizen from entering the country because of a need to conduct that additional examination.
This is what EFF told travelers would happen in our March 2017 border guide, based on law and reported CBP practice. It is helpful that CBP has confirmed this in writing. However, CBP also should publicly state whether U.S. lawful permanent residents (green card holders) will be denied entry for not facilitating a CBP search of their devices. They should not be denied entry. Notably, Sen. Wyden asked CBP to answer this question about all “U.S. persons,” and not just U.S. citizens.
CBP’s responses leave other important questions unanswered. For example, CBP should publicly state whether, when border agents ask travelers for their device passwords, the agents must (in the words of Sen. Wyden) “first inform the traveler that he or she has the right to refuse.” CBP did not answer this question. The international border is an inherently coercive environment, where harried travelers must seek permission to come home from uniformed and frequently armed agents in an unfamiliar space. To ensure that agents do not strong-arm travelers into surrendering their digital privacy, agents should be required to inform travelers that they may choose not to unlock their devices.
Also, CBP should publicly answer Sen. Wyden’s question about how many times in the last five years CBP has searched a device “at the request of another government agency.” Such searches will usually be improper. Historically, courts have granted border agents greater search powers than other law enforcement officials, but only for purposes of enforcing customs and immigration laws. If border agents search travelers at the request of other agencies, they presumably do so for others purposes, and so use of their heightened powers is improper. While CBP’s document provides information about CBP’s assistance requests to other agencies (for example, to seek technical help with decryption), this sheds no light on other agencies’ requests to CBP to use a traveler’s presence at the border as an excuse to conduct a warrantless search, which likely would not be justified at the interior of the country.
EFF applauds Sen. Wyden for his leadership in congressional oversight of CBP’s border device searches. We also thank CBP for answering some of Sen. Wyden’s questions. But many questions remain.
CBP’s June 2017 responses confirm that much more must be done to protect travelers’ digital privacy at the U.S. border. An excellent first step would be to enact Sen. Wyden’s bipartisan bill to require border agents to get a warrant before searching the digital devices of U.S. persons.
A Minnesota sheriff’s office must release emails showing how it uses biometric technology so that the community can understand how invasive it is, EFF argued in a brief filed in the Minnesota Supreme Court on Friday.
The case, Webster v. Hennepin County, concerns a particularly egregious failure to respond to a public records request that an individual filed as part of a 2015 EFF and MuckRock campaign to track biometric technology use by law enforcement across the country.
EFF has filed two briefs in support of web engineer and public records researcher Tony Webster’s request, with the latest brief [.pdf] arguing that agencies must provide information contained in emails to help the public understand how a local sheriff uses biometric technology. The ACLU of Minnesota joined EFF on the brief.
As we write in the brief:
This case is not about whether or how the government may collect biometric data and develop and domestically deploy information-retrieval technology as a potential sword against the general public. That is just one debate we must have, but critical to it and all public debates is that it be informed by public [records]
The case began when Webster filed a request based on EFF’s letter template with Hennepin County, a jurisdiction that includes Minneapolis, host city of the 2018 Super Bowl. He sought emails, contracts, and other records related to the use of technology that can scan and recognize fingerprints, faces, irises, and other forms of biometrics.
After the county basically ignored the request, Webster sued. An administrative law judge ruled in 2015 that the county had violated the state’s public records law both because it failed to provide documents to Webster and because it did not have systems in place to quickly search and disclose electronic records.
An intermediate appellate court ruled in 2016 that the county had to turn over the records Webster sought, but it reversed the lower court’s ruling that the county did not have adequate procedures in place to respond to public records requests.
Both Webster and the county appealed the ruling to the Minnesota Supreme Court. In its appeal, the county argues that public records requesters create undue burden on agencies when they specify that they search for particular key words or search terms.
EFF’s brief in support of Webster points out the flaws in the county’s search term argument. Having requesters identify specific search terms for documents they seek helps agencies conduct better searches for records while narrowing the scope of the request. This ultimately reduces the burden on agencies and leads to records being released more quickly.
EFF would like to thank attorneys Timothy Griffin and Thomas Burman of Stinson Leonard Street LLP for drafting the brief and serving as local counsel.
"The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia", said Australian Prime Minister Malcolm Turnbull today. He has been rightly mocked for this nonsense claim, that foreshadows moves to require online messaging providers to provide law enforcement with back door access to encrypted messages. He explained that "We need to ensure that the internet is not used as a dark place for bad people to hide their criminal activities from the law." It bears repeating that Australia is part of the secretive spying and information sharing Five Eyes alliance.
But despite the well-deservedmockerythatensued, we shouldn't make too much light of the real risk that this poses to Internet freedom in Australia. It's true enough, for now, that a ban on end-to-end encrypted messaging in Australia would have absolutely no effect on "bad people", who would simply avoid using major platforms with weaker forms of encryption, in favor of other apps that use strong end-to-end encryption based on industry standard mathematical algorithms. It would hurt ordinary citizens who rely on encryption to make sure that their conversations are secure and private from prying eyes.
However, as similar demands are made elsewhere around the world, more and more app developers might fall under national laws that require them to compromise their encryption standards. Users of those apps, who may have a network of contacts who use the same app, might hesitate to shift to another app that those contacts don't use, even if it would be more secure. They might also worry that using end-to-end encryption would be breaking the law (a concern that "bad people" tend to be far less troubled by). This will put those users at risk.
If enough countries go down the same misguided path, that sees Australia following in the steps of Russia and the United Kingdom, the future could be a new international agreement banning strong encryption. Indeed, the Prime Minister's statement is explicit that this is exactly what he would like to see. It may seem like an unlikely prospect for now, with strong statements at the United Nations level in support of end-to-end encryption, but we truly can't know what the future will bring. What seems like a global accord today might very well start to crumble as more and more countries defect from it.
We can't rely on politicians to protect our privacy, but thankfully we can rely on math ("maths", as Australians say). That's what makes access to strong encryption so important, and Australia's move today so worrying. Law enforcement should have the tools they need to investigate crimes, but that cannot extend to a ban on the use of mathematical algorithms in software. Mr Turnbull has to understand that we either have an internet that "bad people" can use, or we don't have an Internet. It's actually as simple as that.
Broadband privacy? Say what? That was probably what you were asking yourself in March when you read about Congress’s vote to repeal privacy rules for your Internet provider. If you were paying attention—and you should in an era where free press, voter privacy, and other constitutional rights are being challenged—you quickly realized what Congress did. It sold out your right to keep your browsing history and personal information private so the cable companies can sell it and make even more money off of you than they already do. Nice, right?
Luckily, many states, including California, have stepped up to the plate for you. They have introduced bills that give back to you the right to control how your private information is used by the companies that control the Internet pipeline into your home. In California, lawmakers in Sacramento are considering a bill that would reinstate those privacy rules, requiring Internet providers to get your permission before they can profit off of your personal information.
Silicon Valley should rally behind Chau’s AB 375 and ensure online privacy protections for all Californians —San Jose Mercury News
California has always led the country on many fronts: the environment, civil liberties, to name a few. It’s time for us to lead now. California’s top media organizations have gotten behind this legislation, A.B. 375, introduced by Assemblymember Ed Chau, a Democrat from Monterey Park.
If you care about your online privacy, you should, too. Here’s what the editorial boards of the state’s leading newspapers have to say:
AT&T, Comcast and other Internet service providers can continue to track every search you make and website you visit and sell that information to the highest bidder, under legislation recently signed by President Donald Trump.
That legislation, which reversed an Obama regulation, ought to alarm any American who ventures online, no matter their political persuasion. Now comes Assemblyman Ed Chau, a Democrat from Monterey Park, carrying a bill that for Californians would reverse the legislation and provide some privacy at a time when seemingly nothing is private.
Assembly Bill 375 would require Internet service providers to have customers “opt in” before they are allowed to sell information on their online searches and visits. Here’s hoping state lawmakers realize the value of having such a law and reject the telecom companies’ claim that it is “unfair” to not let them capitalize on the sort of information that Facebook and Google accumulate about their users.
The difference, of course, is that people pay heavily for Internet service because in the modern era, it is akin to a must-have utility. Facebook and Google are free. It is absurd that consumers paying companies for a service should be expected to accept that the price paid includes a gross loss of privacy.
AB375, by Assemblyman Ed Chau, D-Monterey Park (Los Angeles County), would address actions taken in March by President Trump and the Republican-dominated Congress that killed an FCC privacy rule allowing customers to prevent giant phone and cable companies from gathering and using personal data such as their financial and health choices. Chau’s bill, which is still in committee, would restore those protections for Californians. It should pass.
California is uniquely able to take a strong stand in favor of consumer privacy. If the digital age has a technological and corporate center, it is here. We’re also large enough to make a difference nationally.
California has an obligation to take a lead in establishing the basic privacy rights of consumers using the Internet. Beyond being the right thing to do for the whole country, building trust in tech products is an essential long-term business strategy for the industry that was born in this region. California Assemblyman Ed Chau, D-Monterey Park, understands this. After Congressional Republicans erased Americans’ Internet broadband privacy protections in March, Chau crafted A.B. 375 to at least provide these rights to Californians.
If you happen to be a fan of the heavy metal band Isis (an unfortunate name, to be sure), you may have trouble ordering its merchandise online. Last year, Paypal suspended a fan who ordered an Isis t-shirt, presumably on the false assumption that there was some association between the heavy metal band and the terrorist group ISIS.
Then last month Internet scholar and activist Sascha Meinrath discovered that entering words such as "ISIS" (or "Isis"), or "Iran", or (probably) other words from this U.S. government blacklist in the description field for a Venmo payment will result in an automatic block on that payment, requiring you to complete a pile of paperwork if you want to see your money again. This is even if the full description field is something like "Isis heavy metal album" or "Iran kofta kebabs, yum."
These examples may seem trivial, but they reveal a more serious problem with the trust and responsibility that the Internet places in private payment intermediaries. Since even many non-commercial websites such as EFF's depend on such intermediaries to process payments, subscription fees, or donations, it's no exaggeration to say that payment processors form an important part of the financial infrastructure of today's Internet. As such, they ought to carry corresponding responsibilities to act fairly and openly towards their customers.
Unfortunately, given their reliance on bots, algorithms, handshake deals, and undocumented policies and blacklists to control what we do online, payment intermediaries aren't carrying out this responsibility very well. Given that these private actors are taking on responsibilities to help address important global problems such as terrorism and child online protection, the lack of transparency and accountability with which they execute these weighty responsibilities is a matter of concern.
The readiness of payment intermediaries to do deals on those important issues leads as a matter of course to their enlistment by governments and special interest groups to do similar deals on narrower issues, such as the protection of the financial interests of big pharma, big tobacco, and big content. It is in this way that payment intermediaries have insidiously become a weak leak for censorship of free speech.
Cigarettes, Sex, Drugs, and Copyright
For example, if you're a smoker, and you try to buy tobacco products from a U.S. online seller using a credit card, you'll probably find that you can't. It's not illegal to do so, but thanks to a "voluntary" agreement with law enforcement authorities dating back to 2005, payment processors have effectively banned the practice—without any law or court judgment.
Another example that we've previously written about are the payment processors' arbitrary rules blocking sites that discuss sexual fetishes, even though that speech is constitutionally protected. The congruence between the payment intermediaries' terms of service on the issue suggests a degree of coordination between them, but their lack of transparency makes it impossible to be sure who was behind the ban and what channels they used to achieve it.
A third example is the ban on pharmaceutical sales. You can still buy pharmaceuticals online using a credit card, but these tend to be from unregulated, rogue pharmacies that lie to the credit card processors about the purpose for which their merchant account will be used. For the safer, regulated pharmacies that require a prescription for the drugs they sell online, such as members of the Canadian International Pharmacy Association (CIPA), the credit card processors enforce a blanket ban.
Finally there are "voluntary" best practices on copyright and trademark infringement. These include the RogueBlock program of the International Anti-Counterfeiting Coalition (IACC) in 2012, about which information is available online, along with a 2011 set of "Best Practices to Address Copyright Infringement and the Sales of Counterfeit Products on the Internet," about which no online information is found. The only way that you can find out about the standards that payment intermediaries use to block websites accused of copyright or trademark infringement is by reading what academics have written about it.
Lack of Transparency Invites Abuse
The payment processors might respond that their terms of service are available online, which is true. However, these are ambiguous at best. On Venmo, transactions for items that promote hate, violence, or racial intolerance are banned, but there is nothing in its terms of service to indicate that including the name of a heavy metal band in your transaction will place it in limbo. Similarly, if you delve deep enough into Paypal's terms of service you will find out that selling tickets to professional UK football matches is banned, but you won't find out how this restriction came about, or who had a say in it.
Payment processors can do better. In 2012, in the wake of the payment industry's embargo of Wikileaks and its refusal to process payments to European vendors of horror films and sex toys, the European Parliament Committee on Economic and Monetary Affairs made the following resolution:
[The Committee c]onsiders it likely that there will be a growing number of European companies whose activities are effectively dependent on being able to accept payments by card; [and] considers it to be in the public interest to define objective rules describing the circumstances and procedures under which card payment schemes may unilaterally refuse acceptance.
We agree. Bitcoin and other cryptocurrencies notwithstanding, online payment processing remains largely oligopolistic. Agreements between the few payment processors that make up the industry and powerful commercial lobbies and governments, concluded in the shadows, can have deep impacts on entire online communities. When payment processors are drawing their terms of service or developing algorithms that are based on industry-wide agreements, standards, or codes of conduct—especially if these involve governments or other third parties—they ought to be developed through a process that is inclusive, balanced and accountable.
The fact that you can't use Venmo to purchase an Isis t-shirt is just one amusing example. But the Shadow Regulation of the payment services industry is much more serious than that, also affecting culture, healthcare, and even your sex life online. Just as we've called other Internet intermediaries to account for the ways in which their "voluntary" efforts threaten free speech, the online payment services industry needs to be held to the same standard.
ISPs that oppose effective net neutrality protections say that they've got the right to earn as much money as they can from their networks, and if people don't like it, they can just get their internet somewhere else. But of course, the lack of competition in network service means that most people can't do this.
Big entertainment companies -- some of whom are owned by big ISPs! -- say that because they can make more money if they can control your computer and get it to disobey you, they should be able to team up with browser vendors and standards bodies to make that a reality. If you don't like it, you can watch someone else's movies.
Like ISPs, entertainment companies think they can get away with this because they too have a kind of monopoly --copyright, which gives rightsholders the power to control many uses of their creative works. But just like the current FCC Title II rules that stop ISPs from flexing their muscle to the detriment of web users, copyright law places limits on the powers of copyright holders.
That competitive balance makes an important distinction between "breaking the law" (not allowed) and "rocking the boat" (totally allowed). Companies that want to rock the boat are allowed to enter the market with new, competitive offerings that go places the existing industry fears to tread, and so they discover new, unmapped and fertile territory for services and products that we come to love and depend on.
But overbroad and badly written laws like Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) upset this balance. DMCA 1201 bans tampering with DRM, even if you're only doing so to exercise the rights that Congress gave you as a user of copyrighted works. This means that media companies that bake DRM into the standards of the web get to decide what kinds of new products and services are allowed to enter the market, effectively banning others from adding new features to our media, even when those features have been declared legal by Congress.
ISPs are only profitable because there was an open Internet where new services could pop up, transforming the Internet from a technological curiosity into a necessity of life that hundreds of millions of Americans pay for. Now that the ISPs get steady revenue from our use of the net, they want network discrimination, which, like the discrimination used by DRM advocates, is an attempt to change "don't break the law" into "don't rock the boat" -- to force would-be competitors to play by the rules set by the cozy old guard.
For decades, activists struggled to get people to care about net neutrality, and their opponents from big telecom companies said, "people don't care, all they want is to get online, and that's what we give them." The once-quiet voices of net neutrality wonks have swelled into a chorus of people who realize that an open web was important to their future. As we saw yesterday, the public broadly demands protection for the open Internet.
Today, advocates for DRM say that "People don't care, all they want is to watch movies, and that's what we deliver." But there is an increasing realization that letting major movie studios tilt the playing field toward them and their preferred partners also endangers the web's future.
Don't take our word for it: last April, Professor Tim Wu, who coined the term "net neutrality" and is one of the world's foremost advocates for a neutral web, published an open letter to Tim Berners-Lee, inventor of the web and Director of the World Wide Web Consortium (W3C), where there is an ongoing effort to standardize DRM for the web.
In that letter, Wu wrote:
I think more thinking need be done about EME’s potential consequences for competition, both as between browsers, the major applications, and in ways unexpected. Control of chokepoints has always and will always be a fundamental challenge facing the Internet as we both know. That’s the principal concern of net neutrality, and has been a concern when it comes to browsers and their associated standards. It is not hard to recall how close Microsoft came, in the late 1990s and early 2000s, to gaining de facto control over the future of the web (and, frankly, the future) in its effort to gain an unsupervised monopoly over the browser market.
EME, of course, brings the anti-circumvention laws into play, and as you may know anti-circumvention laws have a history of being used for purposes different than the original intent (i.e., protecting content). For example, soon after it was released, the U.S. anti-circumvention law was quickly by manufacturers of inkjet printers and garage-door openers to try and block out aftermarket competitors (generic ink, and generic remote controls). The question is whether the W3C standard with an embedded DRM standard, EME, becomes a tool for suppressing competition in ways not expected.
This week, Berners-Lee made important and stirring contributions to the net neutrality debate, appearing in this outstanding Web Foundation video and explaining how anti-competitive actions by ISPs endanger the things that made the web so precious and transformative.
Last week, Berners-Lee disappointed activists who'd asked for a modest compromise on DRM at the W3C, one that would protect competition and use standards to promote the same level playing field we seek in our Net Neutrality campaigns. Yesterday, EFF announced that it would formally appeal Berners-Lee's decision to standardize DRM for the web without any protection for its neutrality. In the decades of the W3C's existence, there has never been a successful appeal to one of Berners-Lee's decisions.
The odds are long here -- the same massive corporations that oppose effective net neutrality protections also oppose protections against monopolization of the web through DRM, and they can outspend us by orders of magnitude. But we're doing it, and we're fighting to win. That's because, like Tim Berners-Lee, we love the web and believe it can only continue as a force for good if giant corporations don't get to decide what we can and can't do with it.