Anne van Kesteren

Translation from PR-speak to English of selected portions of “Perspectives on security research, consensus and W3C Process”

From “Perspectives on security research, consensus and W3C Process”:

There have been a number articles and blog posts about the W3C EME work but we’ve not been able to offer counterpoints to every public post…

There has been enough of a shitstorm about W3C and DRM that we had to write something.

First, the W3C is concerned about risks for security researchers.

We are concerned with the PR-optics of the EFF rallying against us.

W3C TAG statements have policy weight.

The W3C TAG has no place in the W3C Process.

This TAG statement was reiterated in an EME Factsheet, published before the W3C Advisory Committee meeting in March 2016 as well as in the W3C blog post in April 2016 published when the EME work was allowed to continue.

The W3C TAG gets some publicity, but has no place in the W3C Process.

Second, EME is not a DRM standard.

We are actively enabling DRM systems to integrate with the web.

The W3C took the EFF covenant proposal extremely seriously.

We proposed it to the four-hundred-and-some conservative Member companies and let them do the dirty work, per usual. We will only lead the web to its full potential when there is agreement among the four-hundred-and-some conservative Member companies.

One criteria for Recommendation is that the ideas in the technical report are appropriate for widespread deployment and EME is already deployed in almost all browsers.

We will continue to ignore the actual ramifications of browsers shipping DRM systems.