FreedomHTML Working Draft

1. Foreword (informative)

• why the FreedomHTML initiative was created
• how the FreedomHTML initiative is organized
• how the FreedomHTML profile specification has been developed and approved

2. Introduction (informative)

• What is HTML
  • 20 years success open standards story
  • What is a profile specification
  • Informative vs. normative text in a specification
  • Why two conformance classes (Strict and Experimental)

3. Motivation (informative)

• “Hollyweb” petition against DRM support in HTML5 http://www.defectivebydesign.org/no-drm-in-html5 which W3C has promptly chosen to ignore; the concerned draft spec has been advanced to “First Public Working Draft” status on May 10.

4. Fundamental rights and ICT standards (informative)

Certainly there is no consensus that what DRM proponents demand, namely absolute control of how their publications may be used, would be appropriate.

Copyright law gives them a lot of control, some think it's too much control, others think it's too little. Some think that something must be done to prevent Internet-based phenomena from eroding the economic power of publishers; others think that as the Internet and other technical developments make it much easier for people to create and publish cultural goods, it is only appropriate for the economic power of specialized publishing companies to diminish, and that copyright law should be weakened correspondingly. In any case, the legal situation in every jurisdiction is that there are limits to the scope of legal control granted by law to copyright holders.

To a large extent, national copyright systems are shaped by the principles of the Berne convention which have not been updated for the Internet age. In the view of many people, the resulting laws are simply wrong (in a variety of ways: morally wrong, violating human rights, and failing to achieve the intended purpose) in the context of the Internet age.

These legal systems may therefore not be a good source of inspiration for shaping and building the open web of the future.

Consequently, FreedomHTML aims to be guided directly by the relevant first principles, in particular human rights and other fundamental rights, for which there is a very broad consensus in democratic societies.

4.1 Relevant human rights

• right of peoples to self-determination (IECSR, Article 1; ICCPR, Article 1)
• right to take part in cultural life (IECSR, Article 15(1a)).
• right to enjoy the benefits of scientific progress and its applications (IECSR, Article 15(1b)).
  • This is violated by attempts to control what client-side application software is allowed to be used.
    • One mechanism for such control is when it is accepted for standards-essential patents to exist which are not made available to all in a non-discriminarory and royalty-free way.
    • All DRM systems that currently exist or have been seriously proposed have the same problem.
    • A historical example is that telecom companies were granted the ability to control what devices people were allowed to connect to their telephone lines.
• right of authors to benefit from the protection of the moral and material interests resulting from their scientific, literary or artistic productions (IECSR, article 15(1c)).
• states shall take the necessary steps for the conservation, the development and the diffusion of science and culture (IECSR, Article 15(2)).
• states shall respect the freedom indispensable for scientific research and creative activity (IECSR, Article 15(3)).
• right to personal privacy, right to protection from the risk of violation of personal privacy (ICCPR, Article 17).
• right to protection of correspondence (ICCPR, Article 17).
• right to protection from unlawful attacks on one's honour and reputation (ICCPR, Article 17).
• freedom of thought, conscience and religion (ICCPR, Article 18).
• freedom of opinion and freedom of expression (ICCPR, Article 19).
• cultural freedoms of minorities (Article 27).
• right of persons with disabilities to participate equally, and obligation of states to ensure that this is possible (Convention on the Rights of Persons with Disabilities, see in particular Article 9)

4.2 Other relevant fundamental rights

• right to privacy of business secrets

4.3 Threats to human rights and other fundamental rights

• Large-scale surveillance by governments
  • PRISM (large-scale surveillance by the U.S. government directed against the world population)
• “Great Firewalls” and persecution of dissidents by totalitarian countries

4.4 What the Internet techno-ecosystem as a whole should be like in order to appropriately address these threats

• software for which the source code is not available and which cannot be forked in inherently untrustworthy
  • therefore, it is not acceptable if any component of the Internet-based information and communication system is not fully accessible using FOSS
    • if something cannot be implemented in a GPLv3 compatible way, there is probably a reason why it cannot be implemented in FOSS
    • GPLv3 conforming implementability is therefore a key “open web” requirement
• since it is a human rights violation to take action to deny the people in some country the ability to fully participate in the globalized, Internet-based part of culture, it is not acceptable to create a techno-ecosystem for cultural goods that is based on a concept of making content available only to people in specific countries

4.5 Conclusion: The right to fully control your computer

4.6 Principle of non-discrimination

4.7 Consequences for ICT standards in general

• importance of strict “open standards” principles
  • GPLv3 conforming implementation must be possible
  • strictness: The specification shall be formulated precisely and sufficiently strictly, so that it ensures interoperability of conforming implementations within the scope of its stated objectives.
• if for a feature there are no known significant use cases that are in accordance with the principle of fully upholding and implementing all human rights, then the feature shall not be included in any standards

4.8 Consequences for “web” standards specifically

• Web standards need to promote specifically the “open web”, i.e. web technologies which can be fully implemented in Free and Open Source Software (FOSS).

5. Definitions (normative)

5.1 browser

5.2 website

6. Conformance (normative)

6.1 Strict FreedomHTML website conformance

6.2 Strict FreedomHTML browser conformance

6.3 Experimental FreedomHTML website conformance

6.4 Experimental FreedomHTML browser conformance

7. Assertion of Conformance (normative)

8. Features of Strict FreedomHTML (normative)

9. Features of Experimental FreedomHTML (normative)

• HTML5 Image Description Extension (longdesc)

10. Analysis of unacceptable features (informative)

10.1 Encrypted Media Extensions (EME)

• EME is not about access control to content. It is about trying to control usage of content after it has been accessed and downloaded to a user's computer. That violates the “right to fully control your computer” principle. (By contrast, access control on a server, about who is granted access to a given data file is not contrary to the “right to fully control your computer” principle. Quite on the contrary, the “right to fully control your computer principle” principle implies that when you operate a server, you have the right to control who may use your server to download a given file.)
• When, as clearly forseen as a possibility in the EME specification, the CDM bypasses the browser when Frames have been decrypted, that also bypasses interfaces to assistive technologies provided by the browser. Interfaces to assistive technologies might still be provided by the OS, but context information which the CDM can be make available to the interfaces to assistive technologies is limited by what information is available to the CDM in the first place. It would be better to implement the Interfaces to assistive technologies in the browser.
• There is little reason for CDM providers not to require stringent “trusted platform module” based OS checking.
  • There is little reason for CDMs to be made available for FOSS operating system platforms.
    • threat to FOSS operating system platforms
      • contrary to W3C's stated principle “We should be able to access the web from any kind of hardware that can connect to the Internet” (W3C » Standards » Browsers and Authoring Tools - http://www.w3.org/standards/agents/Overview.html )
• in the absence of any stated use case for the “simple clear key decryption”, it can be expected that this would not be used in practice - likely this feature was added to the specification only to diffuse criticism about impatiblity with FOSS, but without any actual use cases, the presence of this feature in the specification cannot be expected to make the situation better
  • Therefore, in the context of the EME specification, the “simple clear key decryption” feature does not render the specification acceptable, even if that feature could be implemented in FOSS.
• a CDM implementation that meets the expectations of DRM proponents who are content providers must necessarily contain secrets that are intended to be kept secret for as long as possible, however closing source code for the CDM implementation would make it rather easy to extract those secrets
  • contrary to the principle that the specification should provide sufficient information to achieve interoperability
  • contrary to the principle that it must be possible to participate in every aspect of Internet based information and communication systems while using FOSS
• There are known patent claims which cast significant doubt on the implementability of the EME features without infringing the patent or obtaining a patent license (which is not likely to be available to be compatbile with the requirement of FOSS implementability).
• If content is encrypted so that a “virus scanner” can't look at it, what prevents the content from containing malware?
  • Content malware might exploit bugs in the browser's or operating system's rendering system to compromise the user's computer.
  • When, as foreseen in EME specification, the CDM is able to access an operating system's “hardware protected media pipeline”, that means that software which is explicitly not under the control of the user is granted significant low-level access. This raises concerns about the creation of a new vector for problems like screen locks and display corruption.

11. Answers to counterarguments (informative)

• The open web is strong enough and innovative enough to win against the current trend of app-ification. There are challenges in that area, yes, but they can be overcome without sacrificing any of the Web's and W3C's integrity to the idols of the DRM proponents. Openness is very powerful. This power of openness is what has brought the DRM proponents to the point of being willing to work through W3C. The key problem is that if W3C goes along with this, and no effective actions are taken outside of W3C to counteract what I see as the likely influence of a W3C EME specification, then the power of the open web is essentially put into the hands of the DRM proponents to use as they please. That would be a very serious and significant shift of power.

12. Fundamental “democracy deficit” problem (informative)

• A key problem here is that W3C is organized as an industry consortium so that a small number of industry members can --in total disregard of negative social consequences for the rest of the world-- essentially unilaterally decide that a web standard of a certain type will be created. This situation needs to be challenged.
• Likely root problem that causes much of the lack of progress in many Internet governance debates: Lack of widely used and widely understood methods for making a reasonably complete analysis of systemically complex decision situations, and for having a reasonable discourse about such analysis and proposed conclusions.
• Human rights implementation is primarily the responsibility of governments, but governments are currently ill-equipped to do so effectively.

• We wouldn't want to trade the “Hollyweb” for a “Balkanized web”.