There is nothing more deadly than a fight that is boring, complicated and important. This toxic trio lies at the heart of disasters as wide-ranging as climate change, the 2008 financial crisis, and now, a sea-change in the very nature of the World Wide Web Consortium (W3C), the most prominent force in the creation and maintenance of "open standards" for the web.

Standards are boring, complicated and important. Reasonable people can debate at length the optimal gauge for a railroad track or voltage for a mains socket, but in the absence of an agreement at the end, your trains will go off the rails as your kettle will burst into flames.

Every W3C standard until 2017 formalised some technological means of giving users control over their computers, from the power to display a certain kind of image format to the power to render complicated web-pages in browsers. This week, the W3C published a first-of-its-kind recommendation titled Encrypted Media Extensions (EME) that does just the opposite. It enables media companies from Netflix to the BBC to remotely control your computer while you are enjoying copyrighted works, preventing you from (for example) saving a programme for later, without regard to whether you have the legal right to do so.

The W3C's rationale for doing this is that apps have made the web less important, so that Netflix, the BBC and other media companies can plausibly threaten to withhold all content unless they can dictate the design of browsers to give them EME’s extraordinary powers. The W3C also says that, left to their own devices, browsers and media companies would produce a hodge-podge of difficult-to-support, privacy invading one-off solutions. If something as dangerous as EME is to be produced, let it be produced under the W3C's stewardship (or, as Terry Pratchett's Lord Vetenari was fond of quipping, "If there is to be crime, at least let it be organised crime").

But technologies like EME don't just present technical dangers, they also present legal risks. Under laws such as Section 1201 of the US Digital Millennium Copyright Act and the national implementations of Article 6 of the EUCD, bypassing a copyright-control technology like EME can lead to severe civil and criminal penalties, even if you are doing something that is otherwise perfectly legal. EME's designers can use these laws to silence security researchers who discover defects in their products, accessibility workers who mass-process videos to add subtitles or other assistive features, archivists who preserve our digital heritage, and competitors who dream up new, legal ways to enjoy copyrighted works (think of how Netflix made its stake by putting DVDs in the post, despite protests from movie studios).

I was part of the EME negotiations, serving as W3C representative from the Electronic Frontier Foundation (EFF), a non-governmental organisation devoted to the free and open web. EFF is well aware of the legal dangers of EME, because we're often the first port of call for people who face those dangers.

Our initial plea to the consortium was to reject EME altogether, as the risks to the open web were far greater than the risks of not being able to watch iPlayer in Chrome. We were rebuffed, and the W3C leadership said our complaint was chiefly with laws such as EUCD 6 and DMCA 1201, not with EME itself (actually, we think both are problematic).

The W3C is a multistakeholder body based on consensus, and that means that members are expected to compromise to find common ground. So we returned with a much milder proposal: we'd stand down on objecting to EME, provided that the consortium promised only to invoke laws such as the DMCA in tandem with some other complaint, like copyright infringement. That meant studios and their technology partners could always sue when someone infringed copyright, or stole trade secrets, or interfered with contractual arrangements, but they would not be able to abuse the W3C process to claim the right to sue over otherwise legal activities, such as automatically analysing videos to prevent strobe effects from triggering seizures in people with photosensitive epilepsy.

This proposal was a way to get at the leadership's objection: if the law was making the mischief, then let us take the law off the table (EFF is also suing the US government to get the law overturned, but that could take years, far too long in web-time). More importantly, if EME's advocates refused to negotiate on this point, it would suggest that they planned on using the law to enforce "rights" that they really shouldn’t have, such as the right to decide who could adapt video for people with disabilities, or whether national archives could exercise their statutory rights to make deposit copies of copyrighted works.

"In the absence of an agreement at the end, your trains will go off the rails as your kettle will burst into flames"

Cory Doctorow

But EME's proponents – a collection of browser vendors, entertainment industry trade bodies, and companies selling products based on EME – refused to negotiate. After 90 days of desultory participation, the W3C leaders allowed the process to die. Despite this intransigence, the W3C executive renewed the EME working group's charter and allowed it to continue its work, even as the cracks among the W3C's membership on the standard's fate deepened.

By the time EME was ready to publish, those cracks had deepened further. The poll results on EME showed the W3C was more divided on this matter than on any in its history. Again, the W3C leadership put its thumbs on the scales for the entertainment industry's wish-lists over the open web's core requirements, and overrode every single objection raised by the members.

This, in turn, triggered the first-ever appeal in W3C history, which the leadership insisted on framing as a confidence vote on the web's deservedly beloved creator Tim Berners-Lee, director and founder of the W3C (the W3C's own expert was overruled when she recommended that the appeal vote be taken on a less emotive question). When the appeal vote concluded last week, 58.4 per cent of the participants voted to let Berners-Lee's decision stand, a far cry from consensus.

But the W3C moved ahead with the publication of EME, celebrating the occasion with jubilant quotes from RIAA, MPAA, CableLabs, Comcast and Microsoft. The W3C trumpeted EME's benefits: a strong privacy framework and built-in tools for adding subtitles and other assistive data. But they didn't mention that no security researcher could audit that privacy framework to ensure it was working without risking legal reprisals; nor that automatically generating those subtitles meant risking titanic fines.

The W3C has squandered a moment of leverage that the web desperately needed. The inclusion of EME bequeaths a permanent and unauditable attack surface to browsers used by billions, endangering those working on web-scale accessibility for video, and giving incumbents the whip-hand over archivists and spunky startups alike. EME's authors needed the W3C every bit as much as the web needs Netflix and iPlayer: without the W3C's patent-sharing mechanism, protection from antitrust scrutiny (especially in the European Union), and (not least) moral authority, EME would have been a much harder project.

The chance that EME's proponents would simply start over somewhere else were purely speculative, and assumed that they'd be willing to risk years of effort in order to secure a tawdry and illegitimate legal advantage.

The unwillingness to prioritise something so obviously vital, compounded by the W3C leaders' partisanship for big entertainment companies over their other members caused a collapse in our confidence in the W3C process. That is why the EFF left the consortium on Monday, when the W3C announced that it would go ahead and publish EME without a single shred of protection for the open web.

It was a sad day for EFF, and for the web. The open web needs all the friends it can get, especially in these dangerous times.