Security researchers: we need your help!
The World Wide Web Consortium has taken the extraordinary, controversial step of standardizing DRM in the form of something called Encrypted Media Extensions, which will be part of HTML5. Because of laws like the DMCA and its international equivalents, security researchers who reveal flaws in HTML5-compliant browsers will face punishing legal jeopardy. We're worried that this means that critical bugs in the browsers billions of people rely upon will take longer to come to light and are more likely to be exploited in the wild.
Last summer, some of the world's most prominent security researchers told the US Copyright Office that the DMCA kept them from coming hforward with flaws they've discovered.
EFF has proposed a way for the W3C to have its DRM cake without eating its security researchers, too. We've written a short, simple "covenant," a binding promise that W3C members would have to sign as a condition of continuing the DRM work at the W3C, and once they do, they not be able to use the DMCA or laws like it to threaten security researchers.
Tomorrow's browsers are supposed to be the universal interface for all of our automated systems, from medical implants to vehicles. The world's security researchers need to know that companies won't have the ability to gag them with legal threats when they embarrass companies by revealing their mistakes.
Free software advocates picketed a recent W3C meeting to call on the organization to reform its DRM work, and the Open Source Initiative says it won't consider a DRM standard to be "open" unless it adopts an agreement modelled on ours.
Its time for the W3C to hear from you, the security researchers whose future it holds in its hands.
If you're a security researcher and are able to lend your voice, please contact us to let us know. We'll forward your comments to Tim Berners-Lee, director of the W3C, and Jeff Jaffe, the organization's CEO.
Signatories:
Bruce Schneier, USA
Alan Cox, UK, Honorary Fellow University of Wales: Trinity St David
Emiliano DeCristofaro, UK, University College London
Dr Steven J. Murdoch, UK, Principal Research Fellow, University College London
Harry Halpin, France, INRIA
Ian Goldberg, Canada, University of Waterloo
Ron Deibert, Canada, Professor of Political Science and Director of the Citizen Lab at the University of Toronto
Jon Andersen, USA
Sergey Bratus, USA, Research Associate Professor, Computer Science Department, Dartmouth College
Joel R. Voss, USA
Paul Garrett Hugel, USA
Jacob Appelbaum, Germany, the Tor Project
Roger Dingledine, USA, the Tor Project
Ronald L. Rivest, USA, MIT
Prof. Dr. Tanja Lange, The Netherlands, Technische Universiteit Eindhoven
Frederic Jacobs,Switzerland, Swiss Institute of Technology (EPFL)
Dr Ian Brown, UK, Oxford Internet Institute, Professor of Information Security and Privacy, University of Oxford
Philipp Winter, USA, Princeton University
Sebastian Garcia, Czech Republic, Czech Technical University
Alex Kirk, USA
Robert Erbes, USA, Assoc. Principal at IOActive
Nadim Kobeissi, France, INRIA.
Sharon Goldberg, USA, Boston University
Roya Ensafi, USA, Princeton University
J. Alex Halderman, USA, University of Michigan
Jacobo Nájera, Mexico, Enjambre Digital
Seda Gurses, USA, Princeton University
Dr. Daniel C. Howe, Hong Kong, School of Creative Media
Marco Ermini, Germany
Gary Cohn, USA
Aaron Massey, USA, University of Maryland, Baltimore County
Greg Rose, USA
Juan Benet, USA, IPFS Project
Alex Leverington, Switzerland, Ethereum
Anil Madhavapeddy, UK, Computer Laboratory, University of Cambridge
Iván Arce, Argentina, Programa STIC, Fundación Dr. Manuel Sadosky
Rikard Linde, Sweden, Director, Fores
Conno Boel, Netherlands, Software Engineering student, Avans University of Applied Sciences, Den Bosch
Paul Mundt, Germany, Adaptant Solutions AG
Mark Seiden, USA, Internet Archive
Stephen Whitmore, USA, IPFS Project
Paul Lindner, USA
Trent McConaghy, Germany/Canada, BigchainDB/IPDB
Sandro Hawke, USA, MIT
David S. H. Rosenthal, USA, LOCKSS Program
Johannes Ernst, USA, Indie Computing Corp
Milos Miljkovic, USA, Tufts University
Sam Bowne, USA, Instructor, Computer Networking and Information Technology, City College San Francisco
John David Pressman
Aaron Zauner, Austria, Lambda: resilient.systems/SBA-Research/Consultant to EFF
Philip Wadler, UK, Professor of Theoretical Computer Science, School of Informatics, University of Edinburgh
Feross Aboukhadijeh, USA, WebTorrent, Stanford University
Harry J. W. Percival, UK
Ross Anderson, UK, Cambridge University
Patrick Durusau, USA
Marco Romano, USA
Thomas Sluyter, the Netherlands
Rens Groenewegen, the Netherlands, Cloud architect, CISSP
Dirk Krijgsman, The Netherlands
Erik Duemig, USA
Gaëtan Leurent, France, Inria
Jeffrey Vagle, USA, University of Pennsylvania Law School
Constantine A. Murenin, USA, NetBSD
Jeremy Tippit, USA
Randy Bush, Japan, IIJ Research Lab
Kraig Beahn, USA, CEO, Enguity Technology Corporation
Tony Vanquez, USA, Director of Regulatory Operations, L2Networks
Ben Tasker, UK
Vasily Kolobkov, Russia
Thomas Casey Stone, United Kingdom
Nicholas Keene, USA
Grif Rosser, USA, DataCentre Security
Chris Roberts, USA, Sidragon
John Brasher, USA,
Theodore C Newcomb, USA Managing Director, AhwatukeeBuzz
Brendan O'Connor, USA, Leviathan Security Group
Alan Rea, USA, Professor of Information Systems, Western Michigan University
James Vincent Ferrero, USA
Sebastian Schultheiss, Germany, Computomics
Steve Palmateer, Canada, Thalmic Labs
James Renken, Sandwich.Net, LLC
Tom Sullivan, USA, Sullivan Cybernetics, LLC
Gert Steenssens, Belgium, software developer & security researcher
Philip Haworth, UK
Carolyn Guertin, Canada, University of Ontario Institute of Technology
Greg Sadetsky, Canada
Stephen Kent Rose, USA, Lawyer, Attorney, and Counselor at Law
Declan Murphy, USA, electrical engineer
Joby Elliott, USA, Web Developer at University of New Mexico
Margaret Bartley, USA, retired
Micah Sherr, USA, Provost's Distinguished Associate Professor, Department of Computer Science, Georgetown University
Marcelo Elizeche Landó, Paraguay, Infosec Consultant
Nathan Freitas, USA, Guardian Project/Tor Project/Berkman Klein Center
Thomas G Easton, USA
Stephen J Taffee, USA, Retired IT Professional
Pedro Freire, Portugal, Senior IS Consultant
Grant Johnson, USA, Chairman, SIMCO
Jonas A. Hultén, Sweden, computer science student
Scott Kallio, USA, EPIPHANYSOLUTIONS LLC
Thomas Asmuth, USA, Assistant Professor-Digital/New Media, Director, Bachelor of Fine Arts Program, University of West Florida
Dustin Juliano, USA
Chris Collins, Ireland, Software Engineer
Russel Brooks, USA
Tom Ritter, USA
Daniel Haaser, Germany, Computerhilfe Feucht
Matthew L Daniel, USA
Elmar Lecher, Germany
Jose Antonio Ortega Ruiz, USA, CTO, BigML, Inc
Jonathan Poritz, USA
Christopher Brousseau, USA
André Igler, Austria, Chaos Computer Club
John F. Doyle, Ph.D., USA, Indiana University SE
greg vassie, Canada
John Adams, USA, Head of Security, Bolt Financial
K Moser, USA
Jamie Powers, Esq., USA, Data Rights & Privacy Advisors
Dmitri Dalheim-Baeza, Canada
Ben Dechrai, Australia
James Caruso, USA, InfraStructure Data Management International, Inc.
Ben Johnston,Australia
James L. McKee Jr., USA
Lou Ronnau, USA
Dr. Martin Krafft, Germany, independent security researcher, freedom activist, and Debian developer
Gary Joseph, UK
R Dwayne Ramey, USA
David Williams, USA
Andrew FigPope, USA
Mark Judman, USA
Marc Loehrwald, Germany
Siddharth Ravikumar, USA
Kevin Saylor, USA
Richard E. Robertson, USA, President, Basketcase Software, Missing Worlds Media, Inc.
Jack Daniel, USA, Security BSides
Vasili Revelas, Greece
John Poole, USA
Adriano Peluso, Italy
Douglas Stetner, Australia
Stephen Edgar, Australia
Dominik Golle, Germany, Hertie Network on Digitalization
Tennille Christensen, USA
Aaron Steimle, USA, Glyph IP LLC
Jason Watson, USA
Edward Anderson, USA, Software Engineering Manager at On-Site.com
François Maes, Belgium
brannon rasmussen, USA
James Fowler, USA/Brazil
Alan Mayer, USA, CISA, CRISC and CISSP, Senior Information Security Consultant and Auditor
Félicien Fleury, Switzerland, Information Engineer HES/CISSP, Managing Director, NGSENS SARL
Joseph Lorenzo Hall, USA, Chief Technologist, Center for Democracy & Technology
Brett Campbell, USA
Greg Norcie, USA, Staff Technologist, Center for Democracy & Technology
Jeff Silverman, USA
Robert Walker, USA, CEO, PCPursuit Inc
Vlad Ionescu, USA, Red Team Operations, Mandiant/FireEye
Kent Williams-King, Canada, MSc student at the University of British Columbia
Martin Shelton, USA, The Coral Project and The New York Times
Adarsh Jagannatha, India, Indian Institute of Technology Kanpur (IITK)
Nchinda Nchinda, USA, student, MIT; intern, ConsenSys
Jeremy Pesner, USA, Georgetown University
David Roux, South Africa/USA, Blue Grass Airport, Lexington, KY, USA
Alexander Ose, USA, United States Digital Service
Flynn Joffray, USA
Marcel de Jong, The Netherlands
Salvatore LaMendola, USA
Alexander Urcioli, USA
Donald McFarlane, USA
Andrew Schuch, Canada, CEO of Halo Tech Consulting
David Olesik, Canada, CEGEP in Montreal, Quebec
Jean Harrington, USA
Holger Levsen, Germany, Debian
Chester Wisniewski, Canada, Sophos Inc.
Ryan Mitchkowski, USA
Fred Frazelle, Mexico, Fundación Anisa, A.C.
Charles Berret, USA, Columbia University
Michael Fischer, USA, Professor of Computer Science, Yale University
Thomas Greco, Singapore/Thailand/Japan/Indonesia, Omise/Ethereum
Joshua R. Simmons, USA, OSI Board Member
Cornel Punga, independent researcher, OWASP Timisoara, Romania
Alexander Finch, Argentina
Antonio Fontes, Switzerland, OWASP Geneva
Kevin W. Wall, USA, OWASP
Harish Pillay, Singapore, Red Hat and ISOC
Johanna Curiel, The Netherlands, independent researcher
Chris HJ Hartgerink, The Netherlands, Tilburg University
Alexander Sulzberger, Ghana, CEO, Ecoband Networks; member of AfriCERT; board member of GISPA; board member of the Ghana Internet Service Provider Association
Justin Comps, USA
Austin Prior, Ireland
Tiago Epifânio, Portugal
Stuart Ward, UK, Fellow, British Computer Society
Jay Sundu, USA, UC-Berkeley
Gianfranco Cecconi, UK, Digital Contraptions Imaginarium Ltd.
Micah Musick, USA, Virtual Fox Technologies
Lorin Ricker, USA
Ron Parachoniak, Canada
François Proulx, Canada, NorthSec
Tom Brennan, USA, OWASP Foundation
Greg Mestas, USA
Milton Smith, USA, OWASP
Katie Moussouris, USA, CEO Luta Security, Co-editor of ISO 29147 Vulnerability disclosure
Dan Zulla, Malta, Thiel Fellow, serial entrepreneur
Robert Rudeloff, USA, OCC (US Treasury)
Gary Dentremont, USA, AT&T
Zachary Falgout, USA, Texas Mutual Insurance
Craig Smith, USA, Research Directory of Transportation Security at Rapid7/Open Garages
Mike Francioch, USA
Richard Garrett Key, USA, University of Texas at Austin
