(2017-09-08) W3C Recommends EME DRM

The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining... EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion.

Nov27'2017 EFF details: In 2013, Netflix and a few other media companies convinced the W3C to start work on a DRM system for the web. This DRM system, Encrypted Media Extensions (EME), represented a sharp departure from the W3C's normal business. First, EME would not be a complete standard: the organization would specify an API through which publishers and browser vendors would make DRM work, but the actual "content decryption module" (CDM) wouldn't be defined by the standard. That means that EME was a standard in name only: if you started a browser company and followed all the W3C's recommendations, you still wouldn't be able to play back a Netflix video. For that, you'd need Netflix's permission... Every W3C standard until 2017 was on the side of people controlling computers. EME breaks with that. It is a subtle, but profound shift... Apps are used to implement DRM, so DRM-using companies are moving to apps. To keep entertainment companies from killing the web outright, the Web must have DRM too... By the time the dust settled, EME was published after the most divided votes the W3C had ever seen, with the W3C executive unilaterally declaring that issues for security research, accessibility, archiving and innovation had been dealt with as much as they could be (despite the fact that literally nothing binding was done about any of these things).

Jan'2020: At the time, the Electronic Frontier Foundation warned that, by approving its first non-unanimous standard, the W3C would give control over browser design to the big browser companies, and two years later, that warning has fully proven out. First, Google — whose proprietary technology must be licensed in most cases if you want to make a new browser — stopped permitting open source browsers to use its DRM technology, effectively requiring all new browsers to be proprietary... Samuel Maddock has been trying to create a rival “indie” browser, and has been to each of the EME DRM vendors and has been sent away by all of them... DRM laws like Section 1201 of the DMCA allow software vendors to threaten whistleblowers who disclose bugs without permission with both civil and criminal liability, and the W3C specifically turned down every single proposal to make its members promise not to abuse this power.