W3C: What is to be done?

The techie scandal du jour is W3C and their acceptance of Digital Restrictions Management (DRM) as a formal web standard. This paves the way for more of the World Wobbly Web to turn into inscrutable cryptoblobs, for all sorts of bad stuff to be delivered to every web browser by suspicious agencies and for it to be completely illegal to attempt to reverse engineer or work around the DRM - even for security research purposes or to try to fix bugs. Some people are saying that this is the end of the open web - i.e. the point at which the web ceases to be standardized by engineers and starts to be run primarily by Big Business. And of course EFF has ragequit W3C over the whole affair.

"EFF no longer believes that the W3C process is suited to defending the open web. We have resigned from the Consortium, effective today"

This is all pretty bad. So what is to be done?

The first thing to recognize is that W3C is not actually that big of a deal. Do web developers carefully study the standards before writing a new app? I'm not a web developer, but I don't think they do. Instead it always seems to have been true that the web runs on rough consensus plus running code. Standards often begin somewhere out there on the wild frontiers, become de facto, and only later maybe become formal W3C standards if they're lucky and someone is willing to go through the agony of all the meetings.

Commit to non-implementation

So the first practical thing which can be done is to encourage the makers of web browsers not to implement EME in the first place. You can't be jailed for trying to reverse engineer or fix something which you never implemented to begin with. Try to make this particular standard a persona non grata among standards.

Of course this will be difficult. Browsers made by companies such as Microsoft, Google and maybe Mozilla will be lost causes. But there are other browsers out there, and it's always possible to fork from a version before EME was introduced.

Start a new standards organization

Maybe W3C could reform from within, but the way it's set up I think that's very unlikely. It's too beholden to a few member companies, and the fact that senior W3C staffers have been unable to give straight answers over the EME debacle indicates that their management is just untrustworthy.

If you start a new standards body then seek a broad membership, diverse in every sense. Avoid stratification of membership fees and just have one set fee. If there are multiple membership levels make the fees for the top one not much more than the standard rate. This will avoid situations where a small number of member companies pay almost all of the bills and so have disproportionate influence over decisions.

Also critical is to have the decision process and voting on any proposed web standard be fully transparent. No secret ballots, we should know who voted for what. There should be no "smoke filled rooms" in which opaque deals are done. If code is law and code depends on standards, we should be able to see and critique the process by which the sausage gets produced.

TBL should not get a free pass

I'm not advocating harassing him or being disrespectful towards him, but I think that TBL deserves real criticism for the EME decision. It appears that he was in a critical position to defend the open web, but failed to do so. EME will likely not remain confined to movies and more of the web will become enclosed by it. When TBL shows up in future interviews or AMAs the difficult questions need to be asked.