The Crisis of Standardizing DRM: The Case of W3C Encrypted Media Extensions

@inproceedings{Halpin2017TheCO,
  title={The Crisis of Standardizing DRM: The Case of W3C Encrypted Media Extensions},
  author={Harry Halpin},
  booktitle={SPACE},
  year={2017}
}
  • H. Halpin
  • Published in SPACE 13 December 2017
  • Computer Science
The process of standardizing DRM via the W3C Encrypted Media Extensions (EME) Recommendation has caused a crisis for W3C and potentially other open standards organizations. While open standards bodies are considered by definition to be open to input from the wider security research community, EME led civil society and security researchers asking for greater protections to be positioned actively against the W3C. This analysis covers both the procedural issues in open standards at the W3C that… 
Vision: A Critique of Immunity Passports and W3C Decentralized Identifiers
TLDR
This analysis shows that this group of technical identity standards are based on under-specified and often non-standardized documents that have substantial security and privacy issues, due in part to the questionable use of blockchain technology.
Exploring Widevine for Fun and Profit
TLDR
This work presents a structural view of Widevine as a protocol with its complete key ladder, and develops WideXtractor, a tool based on Frida to trace Widevine function calls and intercept messages for inspection.
Exploring Widevine for Fun and Profit
TLDR
This work presents a structural view of Widevine as a protocol with its complete key ladder, and develops WideXtractor, a tool based on Frida to trace Widevine function calls and intercept messages for inspection.
Decentralizing the Social Web - Can Blockchains Solve Ten Years of Standardization Failure of the Social Web?
TLDR
This chapter delves deep into the lessons of failed attempts to replace DNS like XRIs, identity systems like OpenID, and metadata formats like the Semantic Web, all of which were re-cuperated by centralized platforms like Facebook as Facebook Connect and the “Like” Button.
Formal verification of the W3C web authentication protocol
TLDR
It is demonstrated how formal verification can be used to analyze new protocols such as the W3C Web Authentication API and uses ProVerif to show that without further mandatory requirements in the specification, the claimed privacy properties do not hold.
WideLeak: How Over-the-Top Platforms Fail in Android
TLDR
This study explores OTT compliance with Widevine guidelines regarding asset protection and legacy phone support, and evaluation of premium OTT apps brings to light that most apps adopt weak and potentially vulnerable practices.
Security Standardisation Research: 6th International Conference, SSR 2020, London, UK, November 30 – December 1, 2020, Proceedings
TLDR
A slight modification is presented for the nonce generation in TLS 1.3 which withstands full fault attacks on the handshake protocol and differential faults, where the adversary can flip selected memory cells, do not seem to be harmful to key derivation in the pre-shared-key mode for the handshake.
Access to Information of Disabled People on the Web: A Dispute between Accessibility and Digital Rights Management
Objective - The study aims to explore the dispute between accessibility and Digital Rights Management (DRM) for disabled people in accessing information on the Web. More specifically, this paper
Can Antitrust Trust Blockchain?
TLDR
This chapter explores the delicate balance between regulation of and for blockchain.
Global Competition for Leadership Positions in Standards Development Organizations
Increasing participation of Chinese companies in many global Standard Development Organizations (SDO) has fueled global competition for influence over the development of critical Information and
...
...

References

SHOWING 1-10 OF 23 REFERENCES
Lessons from the Sony CD DRM Episode
In the fall of 2005, problems discovered in two Sony-BMG compact disc copy protection systems, XCP and MediaMax, triggered a public uproar that ultimately led to class-action litigation and the
Key Challenges in DRM: An Industry Perspective
TLDR
The lack of a general-purpose rights expression/authorization language, robust trust management engines and attestable trusted computing bases (TCBs) all hamper industrial development and deployment of DRM systems for digital content.
Security by obscurity
TLDR
The belief that code secrecy can make a system more secure is commonly known as security by obscurity, but many election equipment tests are performed in secret, thus making it impossible to ascertain the level of rigor applied.
Tracing traitors
TLDR
This work gives cryptographic schemes that help trace the source of leaks when sensitive or proprietary data is made available to a large set of parties, in the context of pay television, where only paying customers should be able to view certain programs.
Technological protection measures in the courts
TLDR
The aim of this article is to explore legal reasoning as it applies to the technological protection measures (TPMs) through consideration of the content scramble system litigation in the United States under the Digital Millennium Copyright Act (DMCA).
(Lack Of) Representation of Non Western World in process of creation of Web standards
TLDR
This work focuses on the ongoing controversy related to Encrypted Media Extensions (EME) and found that there was a serious lack of participation from people from non western countries in the EME debate.
Why Drm Should Be Cause for Concern: An Economic and Legal Analysis of the Effect of Digital Technology on the Music Industry
In response to piracy and online file trading, the music industry has begun to adopt technological measures, often referred to as digital rights management (DRM), to control the sale and distribution
DRM, law and technology: an American perspective
TLDR
Developments in American copyright law, DRM technology, and digital content markets exert heavy influences on the spread of DRM in Europe, but the legal and technological frameworks are not different, giving rise to incompatibilities.
Remote timing attacks are practical
TrustFound: Towards a Formal Foundation for Model Checking Trusted Computing Platforms
TLDR
TRUSTFOUND is proposed, a formal foundation and framework for model checking trusted computing platforms that includes a logic for formally modeling platforms, a model of trusted computing techniques and a broad spectrum of threat models that can be used to check platforms on security properties.
...
...