W3C: Protect browser researchers who are security experts

We need security researchers!

The World Wide Web Consortium took the controversial and unusual step of standardizing DRM through something called Encrypted Media Extensions. This will become part of HTML5. Security researchers that expose flaws in HTML5 browsers can be punished by the DMCA or its international counterparts. This could lead to critical bugs being discovered in browsers that billions of users rely on, and more people exploiting them in the wild.

Some of the most respected security researchers in the world said last summer that they were prevented by the DMCA from coming forward with any flaws discovered.

EFF proposed that the W3C have DRM without having to eat its security researchers. is a brief, easy “covenant” that W3C members must sign to continue DRM work at W3C. Once they have signed, they will not be able use the DMCA and similar laws to harm security researchers.

The future’s browsers will be the interface to all automated systems. Security researchers around the world need to be aware that they won’t be able to use legal threats against companies if they reveal their errors.

Free Software Advocates protested at a W3C meeting in an effort to demand that the organization reform its DRM work. The Open Source Initiative stated it will not consider any DRM standards to be open until it signs an agreement similar to ours.

The W3C needs to hear from security researchers, whose future is in their hands.

Contact us if you are a security researcher who would like to voice your opinion. Your comments will be forwarded to Tim Berners Lee, Director of the W3C and Jeff Jaffe (CEO).

Signatories:

Bruce Schneier, USA

Alan Cox (UK), Honorary Fellow University of Wales Trinity St David

Emiliano DeCristofaro (UK, University College London)

Dr Steven J. Murdoch UK Principal Research Fellow University College London

Harry Halpin (France, INRIA)

Ian Goldberg (Canada, University of Waterloo)

Ron Deibert Canada, Canada Professor of Political Science, Director of Citizen Lab, University of Toronto

Jon Andersen, USA

Sergey Bratus (USA), Research Associate Professor Computer Science Department Dartmouth College

Joel R. Voss, USA

Paul Garrett Hugel, USA

Jacob Appelbaum (Germany, Tor Project)

Roger Dingledine USA, Tor Project

Ronald L. Rivest USA, MIT

Prof. Dr. Tanja Lange, The Netherlands, Technische Universiteit Eindhoven

Frederic Jacobs (Switzerland), Swiss Institute of Technology, EPFL

Dr Ian Brown UK, Oxford Internet Institute Professor of Information Security and Privacy University of Oxford

Philipp Winter (USA, Princeton University)

Sebastian Garcia, Czech Republic, Czech Technical University

Alex Kirk USA

Robert Erbes, USA, Assoc. Principal at IOActive

Nadim Kobeissi, France, INRIA.

Sharon Goldberg USA, Boston University

Roya Ensafi, USA, Princeton University

J. J.

Jacobo Najera, Mexico, Enjambre Digital

Seda Gurses USA, Princeton University

Dr. Daniel C. Howe Hong Kong School of Creative Media

Marco Ermini, Germany

Gary Cohn USA

Aaron Massey USA, University of Maryland Baltimore County

Greg Rose, USA

Juan Benet, USA, IPFS Project

Alex Leverington (Switzerland, Ethereum).

Anil Madhavapeddy (UK, Computer Laboratory University of Cambridge)

Ivan Arce, Argentina, Programa STIC, Fundacion Dr. Manuel Sadosky

Rikard Linde, Sweden, Director, Fores

Conno Boel (Netherlands), Software Engineering student at Avans University of Applied Sciences in Den Bosch

Paul Mundt (Germany, Adaptant Solutions AG)

Mark Seiden, USA, Internet Archive

Stephen Whitmore (USA, IPFS Project)

Paul Lindner USA

Trent McConaghy, Germany/Canada, BigchainDB/IPDB

Sandro Hawke, USA, MIT

David S. H. Rosenthal USA, LOCKSS Program

Johannes Ernst, USA, Indie Computing Corp

Milos Miljkovic USA, Tufts University

Sam Bowne (USA), Instructor Computer Networking and Information Technology City College San Francisco

John David Pressman

Aaron Zauner, Austria, Lambda: resilient.systems/SBA-Research/Consultant to EFF

Philip Wadler (UK), Professor of Theory Computer Science, School of Informatics University of Edinburgh

Feross Aboukhadijeh, USA, WebTorrent, Stanford University

Harry J. W. Percival (UK)

Ross Anderson (UK, Cambridge University)

Patrick Durusau USA

Marco Romano, USA

Thomas Sluyter (the Netherlands)

Rens Groenewegen (Netherlands, Cloud architect), CISSP

Dirk Krijgsman (The Netherlands)

Erik Duemig USA

Gaetan Leurent, France, Inria

Jeffrey Vagle USA, University of Pennsylvania Law School

Constantine A. Murenin USA, NetBSD

Jeremy Tippit USA

Randy Bush, Japan IIJ Research Lab

Kraig Behrn, USA CEO, Enguity Technology Corporation

Tony Vanquez USA Director of Regulatory Operations at L2Networks

Ben Tasker, UK

Vasily Kolobkov (Russia)

Thomas Casey Stone, United Kingdom

Nicholas Keene, USA

Grif Rosser, USA, DataCentre Security

Chris Roberts USA, Sidragon

John Brasher USA

AhwatukeeBuzz Managing Director: Theodore C Newcomb USA

Brendan O’Connor USA, Leviathan Security Group

Alan Rea (USA), Professor of Information Systems at Western Michigan University

James Vincent Ferrero USA

Sebastian Schultheiss (Germany, Computomics)

Steve Palmateer, Canada, Thalmic Labs

James Renken, Sandwich.Net, LLC

Tom Sullivan, USA, Sullivan Cybernetics, LLC

Gert Steenssens (Belgium, Software Developer & Security Researcher)

Philip Haworth (UK)

Carolyn Guertin (Canada, University of Ontario Institute of Technology

Greg Sadetsky, Canada

Stephen Kent Rose USA Lawyer, Attorney and Counselor of Law

Declan Murphy USA electrical engineer

Joby Elliott USA Web Developer, University of New Mexico

Margaret Bartley, USA, retired

Micah Sherr (USA), Provost’s distinguished associate professor, Department of Computer Science at Georgetown University

Marcelo Elizeche Lando, Paraguay, Infosec Consultant

Nathan Freitas, USA, Guardian Project/Tor Project/Berkman Klein Center

Thomas G Easton USA

Stephen J Taffee (USA), Retired IT Professional

Pedro Freire, Portugal, Senior IS Consultant

Grant Johnson USA Chairman SIMCO

Jonas A. Hulten, Sweden, computer science student

Scott Kallio, USA, EPIPHANYSOLUTIONS LLC

Thomas Asmuth, USA, Assistant Professor-Digital/New Media, Director, Bachelor of Fine Arts Program, University of West Florida

Dustin Juliano, USA

Chris Collins (Ireland, Software Engineer)

Russel Brooks USA

Tom Ritter, USA

Daniel Haaser, Germany, Computerhilfe Feucht

Matthew L Daniel USA

Germany, Elmar Lecher

Jose Antonio Ortega Ruiz, USA, CTO, BigML, Inc

Jonathan Poritz, USA

Christopher Brousseau USA

Andre Igler, Austria, Chaos Computer Club

John F. Doyle, Ph.D., USA, Indiana University SE

greg vassie, Canada

John Adams USA Head of Security Bolt Financial

K Moser USA

Jamie Powers, Esq., USA, Data Rights & Privacy Advisors

Dmitri Dalheim-Baeza, Canada

Ben Dechrai (Australia)

James Caruso USA, InfraStructure data Management International Inc.

Ben Johnston (Australia).

James L. McKee Jr.

Lou Ronnau, USA

Dr. Martin Krafft (Germany), independent security researcher, liberty activist and Debian developer

Gary Joseph, UK

R Dwayne Ramey USA

David Williams USA

Andrew FigPope, USA

Mark Judman USA

Marc Loehrwald, Germany

Siddharth Ravikumar, USA

Kevin Saylor USA

Richard E. Robertson, USA, President, Basketcase software, Missing Worlds Media, Inc.

Jack Daniel USA Security BSides

Vasili Revelas (Greece)

John Poole USA

Adriano Peluso, Italy

Douglas Stetner, Australia

Stephen Edgar, Australia

Dominik Golle, Germany, Hertie Network on Digitalization

Tennille Christensen, USA

Aaron Steimle USA, Glyph IP LLC

Jason Watson USA

Edward Anderson, USA Software Engineering Manager at Onsite.com

Francois Maes, Belgium

brannon rasmussen, USA

James Fowler, USA/Brazil

Alan Mayer USA, CISA and CRISC, CRISC, and CISSP Senior Information Security Consultants and Auditor

Felicien Fleury, Switzerland, Information Engineer HES/CISSP, Managing Director, NGSENS SARL

Joseph Lorenzo Hall, USA, Chief Technologist, Center for Democracy & Technology

Brett Campbell, USA

Greg Norcie, USA, Staff Technologist, Center for Democracy & Technology

Jeff Silverman USA

Robert Walker, USA CEO, PCPursuit Inc

Vlad Ionescu (USA, Red Team Operations), Mandiant/FireEye

Kent Williams King, Canada, University of British Columbia MSc student

Martin Shelton USA, The Coral Project, and The New York Times

Adarsh Jagannatha (India, Indian Institute of Technology Kanpur, IITK).

Nchinda Nchinda USA student, MIT, intern, ConsenSys

Jeremy Pesner USA Georgetown University

David Roux from South Africa/USA Blue Grass Airport Lexington, KY USA

Alexander Ose, USA, United States Digital Service

Flynn Joffray, USA

Marcel de Jong (The Netherlands).

Salvatore LaMendola USA

Alexander Urcioli USA

Donald McFarlane USA

Canada’s Andrew Schuch is the CEO of Halo Tech Consulting

David Olesik Canada, CEGEP Montreal, Quebec

Jean Harrington USA

Holger Levsen, Germany, Debian

Chester Wisniewski, Canada, Sophos Inc.

Ryan Mitchkowski, USA

Fred Frazelle, Mexico, Fundacion Anisa, A.C.

Charles Berret USA Columbia University

Michael Fischer (USA), Professor of Computer Science at Yale University

Thomas Greco, Singapore/Thailand/Japan/Indonesia, Omise/Ethereum

Joshua R. Simmons (USA, OSI Board member)

Cornel Punga, independent researcher, OWASP Timisoara, Romania

Alexander Finch, Argentina

Antonio Fontes, Switzerland, OWASP Geneva

Kevin W. Wall USA, OWASP

Harish Pillay (Singapore, Red Hat, and ISOC)

Johanna Curiel (The Netherlands), independent researcher

Chris HJ Hartgerink (The Netherlands, Tilburg University)

Alexander Sulzberger (Ghana), CEO of Ecoband Networks, member of AfriCERT, board member GISPA, board member Ghana Internet Service Provider Association

Justin Comps USA

Austin Prior, Ireland

Tiago Epifanio, Portugal

Stuart Ward (UK), Fellow, British Computer Society

Jay Sundu, USA, UC-Berkeley

Gianfranco Cecconi (UK), Digital Contraptions Imaginarium Ltd.

Micah Musick, USA, Virtual Fox Technologies

Lorin Ricker, USA

Ron Parachoniak, Canada

Francois Proulx, Canada, NorthSec

Tom Brennan, USA, OWASP Foundation

Greg Mestas, USA

Milton Smith USA, OWASP

Katie Moussouris USA CEO Luta security, co-editor ISO 29147 Vulnerability Disclosure

Dan Zulla (Malta), Thiel Fellow, Serial Entrepreneur

Robert Rudeloff USA OCC (US Treasury).

Gary Dentremont USA AT&T

Zachary Falgout USA, Texas Mutual Insurance

Craig Smith (USA), Research Directory of Transportation Security on Rapid7/Open Garages

Mike Francioch, USA

Richard Garrett Key USA, University of Texas at Austin