With the World Wide Web Consortium captured by the copyright industry, who will step up to lead web development next?

Posted on Sep 20, 2017 by Rick Falkvinge

The World Wide Web Consortium (W3C), which used to develop standards for the Web, has been captured by the copyright industry. In a doubly controversial vote, the W3C decided that media companies and not the user should be in control, ending their longstanding commitment to openness and the Internet’s core values. The open question is what new body web developers will choose to follow for future generations of standards.

This week, the World Wide Web Consortium (W3C) formally adopted Digital Restriction Measures (DRM) as part of the Web, thereby ending a policy of “the user is in control of their experience” and replacing it with “the copyright industry is in control”. The standard in question is called EME — Encrypted Media Extensions — and was pushed by all the pre-internet giants with vested pre-internet interests and Netflix.

Why is this bad? For all the reasons.

The W3C is — was — the body that defined standards for the World Wide Web, which browser developers implemented in turn into web browsers like Firefox, Chromium, Opera, and Safari. Having a third party publish the standards meant that no one browser team is in charge of standards development at the same time as they are making a browser, thereby encouraging interoperability between different browsers.

Now, having Digital Restriction Measures (DRM) as part of the Web means a number of very bad things, both principal, technical, and legal. First and foremost, on the principle level, the control of the experience has always been with the user. You don’t like a particular website’s color scheme? Turn it off. You don’t like ads? Turn them off. You’re blind? Have the page read out loud to you instead of displayed. The page scripts are annoying? Disable their scripts. The notion that the information is served, complete with a suggested layout, but with yourself as final arbiter as to how the website is allowed to show on your screen, has always been front row center to the development of the Web. Until this week, that is.

It’s important to realize that this encryption is not to the benefit of the user, like https is, but to the benefit of the copyright industry. In Cory Doctorow’s words, when somebody gives you a locked piece of data without the key, that lock is never there for your benefit.

From a technical perspective, this means that attacks delivered over the web — which are most of them today — can now be delivered in a standardized encrypted format, which means virus and malware checkers can’t intercept and prevent infection the way they can today.

From a legal perspective, it’s even worse, because it’s now illegal to research and prevent such attacks that are delivered over a channel protected by Digital Restriction Measures (DRM) in some of the biggest economies, like the United States and Europe. All other related research that seeks to circumvent the copyright industry’s control to the benefit of the user is also illegal, like providing accessibility to blind people (no, the standards don’t require it).

So why all this fuss just for a delivery channel of movies, in practice, which everybody gets from their favorite “unofficial sources” anyway?

Because there’s nothing limiting this delivery channel to just a movie. In theory, the entire web experience could be encrypted using new layers of technology. Yes, that includes mandatory advertising. Mandatory. Advertising. Yes, on your screen. The principal shift here, to put the media companies in control instead of the user, is the most important one with far-reaching ramifications.

When the RIAA calls a decision “a victory for common sense”, you know you’ve got it exactly wrong, W3C. — John Sullivan, FSF

This happened in a doubly controversial vote. Doubly because first, up until today, standards were never decided by vote, but by consensus, a threshold quite far above simple majority; and second, the vote passed by a mere 58%.

To quote John Sullivan, director of the Free Software Foundation, who tweeted at the W3C: “When the RIAA calls a decision ‘a victory for common sense’, you know you’ve got it exactly wrong, W3C.”

This is a textbook example of Regulatory Capture, this which just happened. The W3C was captured by the copyright industry.

Regulatory Capture is a term describing a form of government failure that occurs when a regulatory agency, created to act in the public interest, instead advances the commercial or political concerns of special interest groups that dominate the industry or sector it is charged with regulating. When regulatory capture occurs, the interests of firms or political groups are prioritized over the interests of the public, leading to a net loss to society as a whole. Government agencies suffering regulatory capture are called “captured agencies”. (Quote from Wikipedia.)

Seeing this regulatory capture firsthand, taking place against its formal objections, the Electronic Frontier Foundation immediately resigned from the World Wide Web Consortium.

The concept of regulatory capture is not an easy nut to crack. During the drafting of the U.S. Constitution, the Founding Fathers complained about this problem, which they called factions, and discussed how they could prevent the capture of regulatory bodies by those who would be regulated by it. In the end, it was one of the problems the Founding Fathers didn’t solve in creating the United States of America, and so it remains unsolved.

Except maybe not in this case, because the W3C has no formal authority. Its recommendations are — were — followed only based on trust in having done the right thing up until this week. It was a leader in the truest sense; somebody who others voluntarily choose to take advice from. The W3C was a standards body, but nobody is coerced into following their standards.

Therefore, the field is now open for a new publisher of web standards, one that doesn’t bend the knee to the copyright industry, and more importantly, a standards body that continues to put the user in control of their own computer and experience.

For once the developers see where the path goes when you put the copyright industry in charge of the experience, they will balk at that and do something else.

Failing that, there’s the next level of safety valve, the users themselves, which are likely to reject such an experience and lack of control altogether — just remember how Adblock started out as a niche plugin for Firefox, then gradually spread to a plugin for all browsers, and are now working its way into the mainline browser distributions. When many enough users say that they’ve had enough of something, that also counts for something.

In any case, the field is now open for somebody to step up to the plate and take charge of the future of web standards, with users front row center where they belong. The EFF themselves, perhaps?

Comments are closed.

6 Comments

  1. Ray Cutter

    I reported about my experiences re obvious collusion between Mozilla and Canonical with Google as a blatant violation of our expectations of the meaning of a free WWW.
    I obviously hit the mark as both are now deleted from this site.
    So much for open dialogue.
    I deleted Firefox yet am stuck with Thunderbird which only functions due to its fraught link with Google.
    Can someone build an Open Source Emailer that is truly free of the likes of Google.
    Who can assure us that VPN is a truly secure system?
    It’s own blurb denies such is the case.

    6 years ago
  2. Ray Cutter

    I concur based on my own experiences with Mozilla Firefox where the homepage has become an ad. for Google.
    To my amazement this appears to aided by Canonical,s Ubuntu upon which the distro I use is based.
    I’ve deleted Mozilla’s Firefox.
    Has Canonical done the same?
    Or is it an instrument of the end the “free WWW”, too?
    Eyes wide open folks.
    Forewarned should be enough.

    6 years ago
  3. davecb

    You wrote “there’s nothing limiting this delivery channel to just a movie”.

    In fact, that’s already happened in the cable-TV world in North America. My local monopolist, Rogers, encrypts everything that they put on the cable, including stations they get unencrypted over the air and merely rebroadcast. If you want to record a program, it’s illegal: you can’t decode something that wasn’t originally encoded, and so you can throw away your VCR and PVR.

    I used to have a nice, purpose-built PVR: it still exists, but I can’t use it as a recorder any more. My monopolist “made it illegal”, so that I’d have to buy one from them, at ten times the price.

    7 years ago
    1. Frank87

      It’s probably illegal, but you could record your screen with a simple camera, and stream it to your PVR.

      7 years ago
      1. davecb

        It’s hard to do that when I’m asleep or at work (;-))

        7 years ago
        1. Frank87

          Record all, use open source software to find the right pieces ;-)…
          I know: youtube and bittorrent probably do better.

          7 years ago