FSFE
/
fsfe-website
Watch 20
Star 21
Fork 45
Code Issues 45 Pull Requests 6 Releases 2 Wiki Activity
Source files of fsfe.org, pdfreaders.org, freeyourandroid.org, ilovefs.org, drm.info, and test.fsfe.org. Contribute: https://fsfe.org/contribute/web/ https://fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37106 Commits
26 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
fsfe-website/activities/drm/open-letter-ec-drm-html.en....

open-letter-ec-drm-html.en.xhtml 8.6KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. <?xml version="1.0" encoding="UTF-8" ?>

  2. 

  3. <html>

  4. 	<head>

  5. 		<title>Open Letter on European Commission about DRM in HTML5</title>

  6. 	</head>

  7. 	<body>

  8. 		<h1>Open Letter to European Commission about DRM in HTML5</h1>

  9. 

  10.     <p>To: Commissioner Cecilia Malmstroem (Home Affairs)</p>

  11. 

  12.     <p>CC: Antonio Tajani (Enterprise)<br />

  13.        Viviane Reding (Justice)<br />

  14.        Joaquin Almunia (Competition)<br />

  15.        Michel Barnier (Internal Market)<br />

  16.        Neelie Kroes (Digital Agenda)</p>

  17. 

  18. 		<p>Dear Commissioner Malmstroem,</p>

  19. 

  20.     <p>we are writing to you on the occasion of the international Day Against

  21.     Digital Restrictions Management, which today is being celebrated around the

  22.     world. We are very concerned about the security of European citizens, and

  23.     we ask you to take action to protect them.</p>

  24. 

  25.     <p>The Free Software Foundation Europe (FSFE) is an independent charitable

  26.     non-profit dedicated to promoting Free Software and freedom in the

  27.     information society. Today we would like to direct your attention to a very

  28.     specific threat to the freedom and security of computer users

  29.     everywhere.</p>

  30.     

  31.     <p>Both at work and in our personal lives, we conduct a large part of our

  32.     activity through Web browsers. Ever more of our work and life migrates into

  33.     the digital domain, and many people use a growing number of web services to

  34.     work, create, socialise, and express themselves. Businesses and public

  35.     sector organisations similarly rely on web browsers as crucial tools to

  36.     perform their everyday tasks.</p>

  37.     

  38.     <p>Recently, the importance of the Web browser was highlighted when <a

  39.     href="http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being">numerous

  40.     state agencies and IT security companies warned about a long-standing

  41.     critical security problem in the widely used Microsoft Internet Explorer

  42.     browser</a>, soon followed by warnings of a <a

  43.     href="http://helpx.adobe.com/security/products/flash-player/apsb14-13.html">vulnerability

  44.     in the also widely used Adobe Flash Player</a>.</p>

  45.     

  46.     <p>These incidents were only the most recent ones to highlight the

  47.     importance of ensuring that such a crucial piece of software as the Web

  48.     browser is fully under the control of its user. The <a

  49.     href="https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_downloads/anwender/software/BSI-CS_071.html">German

  50.     Federal Office of Information Security (BSI) issued a list of

  51.     recommendations for secure Web browsers and their components</a> for

  52.     use in companies and public bodies on April 14. The BSI notes that due to

  53.     the way  they are used, "Web browsers are exposed to especially high risk

  54.     from malware".  In the list of recommendations for a secure Web browser,

  55.     the BSI includes the demand that <strong>Web browsers and their components should

  56.     be completely auditable</strong> (Point 1.6). </p>

  57.     

  58.     <p>Web browsers like Mozilla Firefox or the Chromium browser have succeeded

  59.     in this regard, providing the public with web browsers that are not only

  60.     fully auditable, but which can also be freely shared and improved. This is

  61.     in line with the <a href="/activities/os/def.html">Open Standards</a>

  62.     approach which has made it possible for the Internet and the World Wide Web

  63.     to thrive and grow into its current role as a vital platform for economic

  64.     activity, social interaction without borders, and unchained creativity.</p>

  65.     

  66.     <p>The protocols on which the Internet is built, such as the TCP/IP stack

  67.     and the HTML standard, are fully open and implemented in myriad <a

  68.     href="/about/basics/freesoftware.html">Free Software</a> products. Free

  69.     Software powers the vast majority of Web servers, smartphones, embedded

  70.     devices, and many other applications of technology. The rise of today's

  71.     leading Web companies, such as Google, Facebook, and Amazon, would not have

  72.     been possible without Free Software, and they could not operate without it

  73.     today. Whatever European companies step up to challenge them are inevitably

  74.     going to rely on Free Software and Open Standards as well. Free Software and

  75.     Open Standards are both the foundation of our digital world, and the condicio

  76.     sine qua non for its future.</p>

  77.     

  78.     <p>HTML5 is the latest revision of the HTML standard. It is hard to think

  79.     of a standard that is more crucial for the World Wide Web. HTML5 will

  80.     deliver a number of important improvements, and is set to be the basis of

  81.     the World Wide Web for the coming years, and to allow for the kind of rich,

  82.     responsive interactivity that will allow browsers to replace "apps" as

  83.     controllers for everything from thermostats to automobiles.</p>

  84.     

  85.     <p>This is why we are very concerned about efforts currently in progress at

  86.     the World Wide Web Consortium, which oversees many of the key standards on

  87.     which the Internet and the World Wide Web are based, to <strong>encourage use of

  88.     the Content Decryption Module (CDM)</strong> which cannot be audited. The CDM,

  89.     though not specified in the HTML5 standard itself, is required by  the

  90.     so-called "Encrypted Media Extension" (EME), developed by a W3C working

  91.     group. This extension's primary purpose is to satisfy the desire of a

  92.     limited number of content providers with traditional business models to

  93.     generate revenue through restrictive distribution practices. With EME, the

  94.     W3C would be <strong>building a bridge to let content providers take control of

  95.     users' computers</strong>, letting them impose restrictions far in excess of what

  96.     consumers' rights and copyright allow.</p>

  97.     

  98.     <p>The discussion about EME at W3C is largely driven by a few large

  99.     US-based companies, and except the BBC <a

  100.     href="http://blogs.fsfe.org/gerloff/2014/04/29/w3c-whos-working-on-drm-in-html5/">takes

  101.   place without significant European involvement</a>.  Given these

  102.     circumstances, the discussion will likely result in a solution that fails to

  103.     take the needs of European citizens, businesses and governments fully into

  104.     account.</p>

  105.     

  106.     <p>Auditing the Content Decryption Module will be difficult, because the source

  107.     code of this functionality will be a closely held secret of the company

  108.     which provides it. Performing such an audit and reporting security flaws

  109.     would also be <strong>illegal in the many countries which have adopted so-called

  110.     "anti-circumvention" laws</strong>. Reporting a security problem in CDM would expose

  111.     the reporter to the risk of prosecution for making a circumvention

  112.     device.</p>

  113.     

  114.     <p>In consequence, individuals, companies and organisations (including the

  115.     European Commission) would likely end up increasing the amount of software

  116.     with unknowable security problems which it uses in a high-risk setting.</p>

  117.     

  118.     <p><strong>Integrating DRM facilities into HTML5 is the antithesis of everything

  119.     that has made the Internet and the World Wide Web successful</strong>. It is

  120.     directly contrary to the interests of the vast majority of Internet users

  121.     everywhere, and especially in Europe.</p>

  122.     

  123.     <h2>Recommendations</h2>

  124.     

  125.     <p>The discussions within W3C are now at a crucial juncture in this regard.

  126.     It is still just about possible to prevent the W3C from making it too easy

  127.     to effectively require the inclusion of such secret, inauditable software

  128.     in Web browsers.</p>

  129.    

  130.     <ul>

  131.     

  132.       <li>We urge the Commission to engage with the W3C and ensure that the

  133.       organisation takes these concerns on board as it decides on the adoption

  134.       of the Encrypted Media Extension (EME).</li>

  135.     

  136.       <li>We further ask the Commission to underline its commitment to the

  137.       security and freedom of Europe's citizens by pledging not to make use of

  138.       the Encrypted Media Extension in its own infrastructure, even if EME

  139.       would be standardised by W3C.</li>

  140.     

  141.       <li>At a minimum, the W3C should require covenants from EME participants

  142.       through which they promise not to take action against entities who report

  143.       and demonstrate vulnerabilities in EME and the CDM; and covenants to

  144.       safeguard entities who reverse-engineer and publish details of EME and

  145.       CDM implementations for the purpose of interoperability, including

  146.       interoperability with Free Software.</li>

  147. 

  148.     </ul>

  149.     

  150.     <p>At FSFE, we look forward to supporting the Commission in taking the

  151.     appropriate actions to safeguard the interests of Europe's citizens and

  152.     companies, and remain at the Commission's service.</p>

  153. 

  154.  		<p>

  155.       Sincerely,<br />

  156.       Karsten Gerloff, President Free Software Foundation Europe

  157. 		</p>

  158. 

  159. 	</body>

  160. </html>