Last September, the World Wide Web Consortium (W3C), representing “major organizations such as Google, Microsoft, Netflix, Mozilla, Apple, [and] Adobe,” published specifications for Encrypted Media Extensions (EME) and recommended its adoption as a modern web standard. According to the Consortium, EME will allow playback and streaming of encrypted media content. Among EME features, there are content protection mechanisms, encryption/decryption modules, the concept of “licensing servers,” and distribution packaging services for EME-compatible content. While EME serves many purposes, it clearly supports Digital Rights Management (DRM) practices that bind reproduction of media to a client or user with the proper key or license.
Since the beginning of the initiative, dating as far back as 2013, W3C member Electronic Frontier Foundation (EFF) manifested its disappointment. In EFF’s view, EME goes against some of the principles of “Open Web,” including accessibility, interoperability, innovation, and above all, control in the hands of the end user. Anecdotal history of DRM practices supports the grievances users face when content brings with it restrictions on the way it can be consumed or shared. Not the least of potential dangers is data security.
An exemplary case of DRM overreach could allow companies to limit the forms and periods of time in which users can access media, effectively removing their ownership. Through a license-based contract, key functionality could be taken away after years of payment. It could have been seen as an extreme case if reality had not come with a colorful illustration. Last October, tractor company John Deere made headlines when an update to their End User License Agreement forbade customers to repair or modify software embedded in tractors and equipment bought. Legal and technological ramifications involving terms such as “fair use doctrine,” “right-to-repair laws,” and “tractor jailbreaking” continue.
As events unfolded, EFF became more vocal, adding to their complaints doubts about the decision processes at W3C, as support of its position by organizations including the Free Software Foundation, the Open Source Initiative, and WHATWG was dismissed too easily in EFF’s view. The W3C responded by defending the transparency of the decision process and attributing the “anger, concerns and disagreement” to inevitable “conflicting values” as the web faces the issue of “appropriate accommodations for commercial use of the web.” The W3C stressed the fact that technically EME is not equivalent to DRM and that the decision to recommend EME was democratic.
Claiming that “a core of EME proponents was able to impose its will on the Consortium,” EFF decided to resign from the W3C. The Consortium once again denied the allegations, this time bringing to the arena the voice of Tim Berners-Lee, inventor of the World Wide Web and long-time thought advocate for neutrality and openness. His main argument stems from the commercial use accommodation perspective. Given that companies will try to develop businesses on the web, and that “we do have copyright,” it is better for users that DRM practices take place within the EME standard, his argument goes. Otherwise, each content provider would create their own siloed technologies. But in EFF’s argument, that burden in fact works as a deterrent for DRM, which an EME standard only facilitates. Berners-Lee is personally against DRM, but makes clear his views do not represent W3C’s position. As W3C Director, he declared DRM a legal matter outside of the scope of W3C, and therefore any objection to EME based on DRM overruled.
Outcomes of complex technological standards take a long time to become clear. They depend on the ability of users to exercise their preferences, contrasted with the economic viability of businesses. But the fairness becomes distorted when power is unequal. If users get their way, unbounded freedom to access and share content could allow them to take advantage of piracy without fronting its economic costs. (Not that these have ever been proven to be unambiguously ruinous or even harmful.) On the other end, companies have every incentive to dominate the markets where they operate, even at the social cost of reduced consumer choice. And for that there are always examples in current-day technology.
In Moodle, an active movement of openness in technology and educational resources seems to protect us from any negative consequences of this predicament, at least for the time being. Just like when commercial LMS started to appear after Moodle, competitive open source solutions continued to thrive and do to this day. Still, no purely economic argument for openness exists that is fully convincing. Until more satisfying evidence appears, it’s best to assume that the existence of technologies like Moodle relies on ideology and values –even at the risk of looking paranoid– rather than strictly financial sense, for open source’s own sake.
Usahidi, Webpack and RiseUp, main recipients of Mozilla’s MOSS grants totaling over $500 million USD
Funding for the Mozilla foundation and MOSS comes from individual donations and royalties from search engine referrals. Besides Firefox, it supports the MDN knowledge base, cross-platform standards for video, graphics and recently, virtual reality, as well as advocacy in issues ranging between surveillance, encryption, copyright and patent law, cybersecurity, web literacy and inclusion, and net neutrality.
Apache Struts condemned, then swiftly absolved from the massive Equifax data breach
When news first broke that the system supporting Equifax, the consumer credit reporting agency subject of the largest data breach yet, was open source Apache, and that malicious access exploited a vulnerability found in the Apache Struts development framework, accusations were quick to flow onto open source software to the point of declaring Linux the “new headache” across IT departments. Little time passed before it became obvious where the responsibility truly lay. The vulnerability exploited in the Equifax breach had been identified last March, for which a patch was developed and made available the same day. The breach itself took place between May and July. In the name of open source enterprise software, Apache declared: “the Equifax data compromise was due to their failure to install the security updates provided in a timely manner.” Open source doesn’t jeopardize people’s information: People jeopardize people’s information.