'Scrutiny' of Working Group's Proposed Encrypted Media Extensions Standard Needed, EFF Says
Electronic Frontier Foundation Special Adviser Cory Doctorow said the security research community should subject a World Wide Web Consortium (W3C) HTML Media Extensions Working Group recommendation on a standardized application programming interface for encrypted media extensions (EME) to the “closest…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
possible scrutiny.” The working group's published recommendation is still a draft document and “does not imply endorsement” by W3C members, the consortium said. The HME Working Group's recommended application program interface (API) would be an interoperable open standard to enable communication between web browsers and digital rights management (DRM) software. The API also would allow HTML5 playback of streaming video and other DRM-protected content without the need for third-party plug-ins. The API “does not define a content protection [DRM] system,” the HME Working Group said in the recommendation: “Rather, it defines a common API that may be used to discover, select and interact with such systems" and with simpler content encryption systems. DRM implementation “is not required to be implemented as a common baseline,” the working group said. EFF repeatedly has objected to the HME Working Group's development of the EME API and sought W3C stakeholders' support for an EFF-proposed covenant that would obligate all consortium stakeholders not to file or join a lawsuit against entities under the Digital Millennium Copyright Act and similar laws for circumventing technological protection measures for security research purposes (see 1603240055 and 1604050056). “We will keep working to persuade the W3C to adopt our sensible proposal” Doctorow said in a Wednesday blog post. Meanwhile, he said, scrutiny of the EMI API recommendation is needed because “the black hats who are already doing this are not bound by fear of the DMCA, and they are delighted to have an attack surface that white hats are not allowed to investigate in detail.”