The EFF continues to demand that the W3C standardize DRM under a
rule
that protects security researchers from prosecution.
I do not support that demand, because the W3C would still be doing
wrong, and harm, if it standardized DRM with that exception. No small
exception can excuse support for DRM. The W3C should
refuse
to betray the users of the World Wide Web.
The EFF article uses the term "white hat" and "black hat" in an
unthinking way, assuming that trying to fix a bug is "right" while
trying to exploit the bug is "wrong". That's valid most of the time,
because most proprietary software does something to serve its users,
and most bug exploiters are
trying to hurt those users.
But there are exceptions, and DRM is one.
DRM software is pure malware: its purpose is to mistreat the users.
People who investigate bugs in malware in order to make it mistreat
people more reliably should be called "black hat". The white hats are
those that find bugs to enable users to break the DRM's chains. To
maximize the effect, they should release these bugs in the way that
will enable the largest possible escape from DRM.