Monday, December 18, 2006

Microsoft set to lock down Office docs; enforced with encryption and DMCA

Ok, this is too much. Via Linux Journal I found an article in InformationWeek about MS's new Vista OS and how it will enable MS to criminalize open document readers and consequently kill open standards computing.

The gist of it is that Vista will enable Information Rights Management (IRM), a feature available since Office 2003, to control the hardware (yes, you read right -- see "trusted computing" below) and software required to open a document created with Office running on Vista while also allowing control over whether that document can be printed, edited, copied, forwarded or any number of other possibilities. These rights can even be "managed" remotely, though I imagine that would require being on a common MS network using Outlook or the network to obtain the document.

The Digital Millenium Copyright Act (DMCA) is invoked by the use of encryption to enforce the IRM. In short, bypass the encrypted formatting and break the law. The IRM features can be incorporated with "trusted computing" principles to completely lock down the documents at the hardware level of your PC.

The InformationWeek article talks of losing open document standards, but the Linux Journal article predicts much more dire consequences: the possible forced obsolescence of Linux and other open standards-based OSes. If most of the computing world is standardized on Microsoft platforms and products and it is illegal to even duplicate MS functionality for common document use, how useful will Linux be?

If Microsoft successfully implements these "features" then it has truly missed the boat of the Internet with a capital "I." The value of the Internet is that it does not matter what client you use as long as it supports the common and public standards the network (i.e., "Internet") uses to move data around. Once documents created with Microsoft products can only be opened or manipulated using Microsoft-approved systems, we've reverted to the earliest Apple/IBM incompatibility headaches and corresponding lack of sharing, communication and creativity among users.

Successful implementation may also create a pseudo net neutrality advantage to Microsoft users. Imagine corporations, who are by the way huge users of MS products, which will not accept documents unless they are submitted in a protected MS Office format or will only make press releases or other company information available in that same protected format. Who cares if your Linux box has as much bandwidth as some other guy's Windows machine -- your Linux-created document simply isn't getting through.

Such a corporate lockdown is not unrealistic given the fact that corporations' IT departments like the consistent, easy-to-manage, standardized (ironic, no?) infrastructure that a MS network provides, plus Microsoft sells IRM as a "company asset" in its description of the feature. What corporation or IT manager does not want "Information privacy, control, and integrity" incorporated into network management?

Please read both of the articles mentioned in the first paragraph and become informed about what software and computing companies are doing. Even if you are only a Microsoft user you should be concerned about your shrinking choices and limits on your free use of your own property.


C-had said...

You know, for some reason this isn't really scaring me. Every few years something comes up, like back in the early 90's it was threats to tax people who used phones for dialing AOL and stuff, then threats in the late 90's of charging per e-mail, and more recently the threat that large companies will be able to "Own" their piece of the internet. Frankly, I think the open source community is paranoid. I am pretty sure what will happen is businesses and agencies that want to use these features will, and the mac users and linux guys out on the internet won't. I don't see any case where a Mac user can't submit a resume, or a linux user won't be able to download a new song from the internet. Remember, over 8 years ago, Bill was saying how we wouldn't even be buying software in a year or two, we would all be connected to the internet and running software over broadband, it never happened. People will always demand control over their hardware and software and even MS isn't going to change that. Organizations that want to buy into this new paradigm may benefit however because compliance will become an issue for the creators of documents and not the stewards (backup and data storage professionals) which is the way it should be.

Raydoo said...

For a little over a year, a few years back, I was attached to a DRM project at work to protect sensitive technical documents my employer needed to exchange with its customers. It didn't take me long to recognize that (technically speaking) all DRM schemes boil down to 'security by obscurity', and that they essentially succeed in making content more difficult, expensive, and unreliable to share.

That said, I was constantly reminded of the 'content owner' position. In order to successfully defend their rights to control their content in court, they had to be able to demonstrate that they were taking measures 'in reality' to protect their rights. It was understood that 'secret' content *could be copied and shared* under their system, but it was enough that the system *encouraged appropriate use* and created a condition where (in court) it could be demonstrated that those leaking content could be shown to know they were taking steps to violate their agreement. It similar to the way that Kimberly-Clark is obligated to shit a brick when their Kleenex brand is used to describe generic facial tissue, even though the usage constitutes free marketing.

But I do think that the inclusion of optional DRM features in the Office products and its file formats is pretty harmless. The products have had more rudimentary content management like password protection, as do other document sharing file formats (e.g. Acrobat/PDF has a whole infrastructure for 'security plugins' in their API). These features are simply required for the file formats to 'compete', otherwise it can't be used by people who have content they need to 'protect'. At least these features are opt-in. They're not in play unless the content producers turn them on. If you don't use the features in your Office docs, they won't really mess with your life.

That's not to say Microsoft isn't doing some ugly things to Vista (such as this this )to appease the Sonys and Disneys of the world. DRM is going further because content providers are playing chicken with providers of high-tech viewers. They won't let the content out into a system that doesn't take measures necessary to protect their rights, and the would-be providers of viewers (be it Panasonic, Microsoft, Intel, or whoever) are scrambling to be there first and to lock up a piece of the distribution chain for this content.

On the one hand, and a lot of consumers will buy it, and will be happy to have their cinema-quality movies in the living room. But the saavy among us will not be excited about paying so much for crippled products just to 'adequately protect' people who are selling us $40 movies.

Fucking lawyers. ;)

Kevin said...

It's great to have such informed friends to peer review my work. :)

I think you're right, Chad, that it's unlikely this will ever be fully realized. Particularly given that MS has had this feature available since Office 2003 and it hasn't affected anything yet. Plus I don't think people would put up with it and as is stated in "Note C" of the "ugly things to Vista" article Raydoo references above, any encryption implemented will likely be cracked within a day to a week of release, if not before, and the bypass posted on the Internet, effectively negating any document protection.

I still like to bring these things up, however, as I think "closed source" software companies and content creators downplay these possibilities so they can be snuck in as "features" to allow control at some later point. For example, how many people know about the Image Constraint Token for high definition content that has the ability to downgrade HD resolution to SD resolution if the token is activated by the content creator and a non-encrypted analog component exists in your A/V chain from DVD player to HDTV?

You and Raydoo are correct about compliance (e.g., HIPAA health disclosures) and trade secret issues, and encryption combined with content management is surely invaluable for these situations in today's online data ocean.

So yeah, what's up with those lawyers, huh?