The Crisis of Standardizing DRM: The Case of W3C Encrypted Media Extensions

  • Harry HalpinEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10662)


The process of standardizing DRM via the W3C Encrypted Media Extensions (EME) Recommendation has caused a crisis for W3C and potentially other open standards organizations. While open standards bodies are considered by definition to be open to input from the wider security research community, EME led civil society and security researchers asking for greater protections to be positioned actively against the W3C. This analysis covers both the procedural issues in open standards at the W3C that both allowed EME to be standardized as well as for vigorous opposition by civil society. The claims of both sides are tested via technical analysis and quantitative analysis of participation in the Working Group. We include recommendations for future standards that touch upon some of the same issues as EME.


Digital Rights Management W3C Security Privacy Standardization 


  1. 1.
    Bai, G., Hao, J., Wu, J., Liu, Y., Liang, Z., Martin, A.: TrustFound: towards a formal foundation for model checking trusted computing platforms. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 110–126. Springer, Cham (2014). CrossRefGoogle Scholar
  2. 2.
    Batchelor, B., Jenkins, T.: FA premier league: the broader implications for copyright licensing. Eur. Compet. Law Rev. 33(4), 157–164 (2012)Google Scholar
  3. 3.
    Berners-Lee, T.: On EME in HTML5 (2016).
  4. 4.
    Berners-Lee, T., Fischetti, M.: Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web by its Inventor. Harpers Information, New York (2000)Google Scholar
  5. 5.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)CrossRefGoogle Scholar
  6. 6.
    Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994). Google Scholar
  7. 7.
    US Congress: Digital millennium copyright act. Pub. Law 105(304), 112 (1998)Google Scholar
  8. 8.
    Doctorow, C.: Security researchers: tell the W3C to protect researchers who investigate browsers (2016).
  9. 9.
    Dorwin, D., Smith, J., Bateman, A., Watson, M.: Encrypted Media Extensions (2017).
  10. 10.
    EFF: Objection to the rechartering of the W3C EME group: Covenant (2016).
  11. 11.
    Gupta, H.: (Lack of) representation of non-western world in process of creation of web standards (2016).
  12. 12.
    Halderman, J.A., Felten, E.W.: Lessons from the Sony CD DRM episode. In: USENIX Security Symposium, pp. 77–92 (2006)Google Scholar
  13. 13.
    Halpin, H.: DRM and HTML5: it’s now or never for the Open Web. Guardian (2013).
  14. 14.
    LaMacchia, B.A.: Key challenges in DRM: an industry perspective. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 51–60. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Mercuri, R.T., Neumann, P.G.: Security by obscurity. Commun. ACM 46(11), 160 (2003)CrossRefGoogle Scholar
  17. 17.
    Petrick, P.: Why DRM should be cause for concern: an economic and legal analysis of the effect of digital technology on the music industry. Berkman Center for Internet and Society at Harvard Law School Research Publication (2004)Google Scholar
  18. 18.
    Prakash, P.: Technological protection measures in the Copyright (Amendment) Bill 2010 (2016).
  19. 19.
    Rosenblatt, B.: DRM, law and technology: an American perspective. Online Inf. Rev. 31(1), 73–84 (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.InriaParisFrance

Personalised recommendations