It's no secret that FGI is strongly outspoken against DRM and has been tracking its use in libraries for some time. So it heartens us that DefectiveByDesign.org, a project of the Free Software Foundation (!), is calling out libraries to help stop the spread of Digital rights management (DRM). DefectiveByDesign has pointed out that libraries can have a hugely positive affect on encouraging the use of Free and open source software (FLOSS) and discouraging the implementation of DRM. They just published an open letter urging libraries to embargo the use of DRM immediately, as well as a template for citizens to personalize letters to their local libraries urging them to stop using DRM technologies. What a great idea! I hope you'll all go over and sign on to the letter and send one to your local library as well.

We call upon public libraries around the world to remove the unethical Digital Restrictions Management (DRM) technologies currently locking down many of their digital collections. DRM compromises public trust for the sake of providing limited access to popular works to some in the short-term. As concerned patrons, we request that libraries immediately establish policies against the use of DRM technologies.

DRM requires users to cede control of their computers to third-party corporations, so they can restrict when and how they may access "checked out" books or audio files. This is an inappropriate and unethical requirement for a public library to impose on its patrons. The notion of checking something out is based on physical scarcity -- to be manufacturing scarcity where none exists is entirely contrary to a library's mission.

Libraries that use DRM are submitting patrons to the onerous and unethical legal terms involved with purchasing, installing,
and using software such as Microsoft Windows and the Windows Media Player. In the case of Microsoft Windows, this entails agreeing to terms that allow Microsoft to delete software and data that the user legally owns and has created or installed on their own machines. For a library to require their patrons to agree to such End User License Agreements as a prerequisite for gaining access to its collection is an injustice.

These software requirements drive the sales of DRM technology vendors, such as Microsoft and OverDrive, providing an incentive for patrons to discontinue using software and materials that do not impose DRM. The common argument that DRM and proprietary software are necessary because publishers require them becomes a self-fulfilling prophecy, because the library is using its own market power to encourage their use, hurting the emergence of competing alternatives in the process.

Random House, the largest publisher of eBooks and audio books worldwide, recently announced its decision to drop DRM from the vast majority of its catalog. Random House made this decision after doing a study which found zero cases of DRM-free works being shared illegally. They found that it was ONLY the DRMed titles that were being shared.
The fear, uncertainty, and doubt used by the software industry to convince publishers and distributors to use DRM has blindsided the public and institutions of public trust. Little consideration has been given to the ethical and long-term implications of accepting and encouraging the use of DRM. Defending the public interest means thwarting DRM.

For these reasons, we ask that libraries immediately embargo the use of DRM on their collections and establish formal policies against it. There are undoubtedly many challenges facing libraries today that need to be considered, but few can be as timely or as important as the way the library defines itself and its role in our digital age.

We hadn't added much to our Best. Titles. Ever. humor page lately. I'm happy to end that dry spell with a document that is both humorously titled and useful:

Hills Bros. coffee can chronology : field guide, published by U.S. Dept. of the Interior, Bureau of Land Management in 2006.

Why does the Bureau of Land Management care about what coffee cans looked like in the 1910s? For a very good reason. According to the document's introduction, Hill's Brothers Coffee cans are a great way to date digs dating back to the late 1800s because of the tendency of Hills Brothers to change their can designs every so often.

I'd love to copy and paste their explanation into this post, but I can't. The BLM authors chose to lock their PDF into a form that cannot be copied from. You can make copies of the entire file and you can print pages from it, but you can't copy and paste the text nor can you extract the pictures from it. Yet as a public domain government document, there is no legal reason to impose these kind of restrictions. This is part of the future we fear, one of crippled electronic documents that aren't as reusable as they could be. Today BLM has decided we can't copy and paste from a public domain document. Maybe another agency will decide tomorrow that we shouldn't be able to print their document. That's what faces us unless the federal government has a consistent policy that renounces Digital Rights Management (DRM).

**Addition by James: I've attached a PDF of the document from which I was able to copy and paste. Please download this copy and leave a comment if you're *not* able to copy and paste.
**Addition by Daniel: Thanks for the demonstrating the power of a polite request. It's nice to see responsive and helpful gov't agencies.
**Further addition by James: While I believe in the power of a polite request, this one was Jim working his magic to subvert the copy-blocking. He saved the original pdf, printed/saved as pdf (macs let you convert to pdf from the print menu!), jiggered a few things and then the DRM was foiled. That's the PDF doc that is attached to this discussion :-)

The Veterans' Affairs Administration has recently instituted Microsoft’s Rights Management Services (RMS) (AKA DRM) to "manage" security of internal documents, email, handheld traffic. This sounds to me like a REALLY bad idea on so many levels, especially for a government that plays loose with emails, has a problem with classification and transparency. This seems to me a nuclear solution to a manageable social problem (duh! don't put home records of more than 26 millions veterans on a laptop PC that can be stolen!!), and one that will have far-reaching affect on open and transparent government.

"VA gets its rights: Department specifies how people can use — or not use — documents employees create." By Joab Jackson. Government Computer News, 3/3/08.

Perhaps not surprisingly, VA has become one of the earliest adopters — and thus far, the largest — of rights management software with its use of Microsoft’s Rights Management Services (RMS).

VA expected that by press time all employees would be able to set restrictions on what can be done with the documents they create.

When Word, PowerPoint or Excel files, or Outlook e-mail messages are sent to others, the authors can set permissions on what the recipients can do with those documents.

The creator of the document can decide whether it can be printed, forwarded or edited by other people. It’s the employee’s or the agency’s call.

Moreover, the documents are encrypted, so anyone without the appropriate permissions cannot see the contents.

"This ability provides our agency and users the assurance that only the author of the content or someone that has been given full-control permission to the content can remove the persistent protection from the e-mails and documents," De Sanno said.

"For instance, say I send you an e-mail and RMS that message," De Sanno said. "I can actually say you cannot print this [document], or that you cannot forward this. Or, it can evaporate in 30 days."

Among employees, contractors and other people, more than 250,000 individuals will shortly begin using this feature, the agency said.

In Part One we examined how Digital Rights Management (DRM) technologies and proprietary software allowed Google to make it impossible for users to watch videos that they had bought from Google even though they had downloaded the video files onto their own computers. In this part we examine why this story is important for government information specialists and Federal Depository Library Program (FDLP) librarians.

There are two connections between this story about commercial content -- like TV shows being sold for profit -- and non-copyrighted government information that is supposed to be freely available:

First, the government may want to restrict access to information and may welcome tools that make this easier. Certainly with the removal of government information from the web, the re-classification of previously declassified information, and the removal of information that was once available in the National Archives, government agencies have demonstrated an increasing willingness to control access to information -- even after its release to the public. (See "More Information" below for links to stories about these events.)

We are seeing the evolution of this most publicly with the Foreign Relations of the United States series. In 2001, the CIA wanted to cease distribution of a volume that was already printed and sent to depository libraries but, in the end, the volumes were distributed because "Destroying them would be a huge public relations disaster for the U.S. government.... Book burning is definitely not a politically correct thing to do." (State Dept Mulls "Book Burning", Secrecy News, September 21, 2001). By 2006, we saw an example of the next stage in this evolutionary process of control of public information: long delays in the release of documents as an attempt to avoid the embarrassing situation of recalling documents. A volume had been nearly ready for publication for over seven years, but intelligence screeners would not permit the release because of a handful of documents (Controversial FRUS volume release -- with a caveat...). This leads us to ask how long it will be before the government starts "releasing" documents that they can "recall" technologically without the embarrassing problem of gathering books and burning them -- without even having to notify FDLP librarians and asking them to withdraw something. And, in the Google Video premium service story, we can see a real-life example of existing technology that allows this to be done.

Second, whether the government intends to restrict access to its information or not, policies change, budgets constrict, and intentions evolve. As Daniel pointed out "...Google didn't start up the service with the intention of shutting it down..." Nevertheless, in the end, they did shut it down. In addition, when the government relies on commercial tools for digital information distribution, those tools can impose the rules for distribution and use of information that the government cannot change. We have seen how government cannot always afford to do things in an open way and is forced by costs to do things that restrict access (e.g., FEMA requires Internet Explorer and What the Copyright Office / Internet Explorer rule tells us about government information and GPO's Budget and Priorities). Lawrence Lessig has documented the process of how technology can all too easily supersede good intentions and even the law in Code and Other Laws of Cyberspace.

How hypothetical is this? So far, we have been pretty lucky that the government has not explicitly implemented these kinds of technological information control. But we have seen precursors. In 2004, The Government Printing Office (GPO) released its own annual report using a proprietary reader that requires registration, includes DRM, and has built in "audit controls" (Annual Report 2004 Zinio Interactive Version (Registration Required) -> Get the GPO 2004 Annual Report in digital form now!). Most recently, we have seen GPO use proprietary software with the "call home" feature to authenticate documents in its Authenticated Public and Private Laws, Beta Release. With this system "Users must be connected to the Internet in order to have the ability to validate a digital signature on a PDF document." While the document is still readable if a user is not connected to the Internet, the user cannot validate the document. While the document is readable using software other than Adobe Acrobat or Reader version 7 or later, validation does not work without this proprietary software.

In summary, Google video used proprietary software with phone-home DRM to deny access to files that users had legally paid for and downloaded. GPO has used and is using proprietary software for distribution of government information and it is using DRM "phone home" features in its attempt to technologically "authenticate" government documents. While GPO certainly is not claiming that it wants to withdraw access to distributed publications, the technology is there for it to do so and it is experimenting with it.

Think of the Google Video premium service story as a useful cautionary tale -- a warning of how information can be withdrawn even if digital files were deposited with FDLP libraries or downloaded by conscientious librarians and digital preservation projects. This is something that government information specialists, FDLP librarians, and citizens should be watching closely. I urge you to write your Congressional delegation and the copyright office and suggest an explicit government document exemption to the DMCA. And write GPO and ask for an explicit, written policy rejecting the use of DRM and proprietary software and proprietary formats.

More information

• Homefront Confidential Prepared by The Reporters Committee for Freedom of the Press, SIXTH EDITION, September 2005, "How the War on Terrorism Affects Access to Information and the Public's Right to Know"
• Chronology of Disappearing Government Information (Data collected through May 8, 2002) Compiled by Barbara Miller for ALA/GODORT Education Committee With special assistance of Karrie Peterson
• Secret reclassification of US documents by Michele McGinnis, (2006-02-21)
• Secret Agreement Reveals Covert Program to Hide Reclassification from Public by James R. Jacobs (2006-04-20)
• The Technical is Political by James A. Jacobs and Karrie Peterson, Of Significance... 3(1) 2001, p.25-35. Association of Public Data Users. (Full text PDF file)

As Daniel pointed out on Tuesday (Another Example of Access Bad, Ownership Good), when Google shut down its premium video service on August 15, it was able to prevent customers who had bought and paid for videos from Google from ever watching those videos again. But there is a bit more to the story -- and it has implications for how government information is distributed.

In this, Part One of a two part look at the issues, we examine how Digital Rights Management (DRM) technologies and proprietary software allowed Google to make it impossible for users to watch videos that they had bought from Google even though they had downloaded the video files onto their own computers. In Part Two we examine why this story is important for government information specialists and Federal Depository Library Program (FDLP) librarians.

While it wasn't obvious from the initial news stories about this, Google used DRM and proprietary software to deny access to files users had paid for and downloaded. Although the Government Printing Office (GPO) has not used identical techniques, it has experimented with similar ones and has never explicitly rejected use of techniques that could provide government a way to deny access to information even if users have copies of files on their own computers. More on that below.

Google's premium video-purchase-and-download service overlapped with with Google's YouTube-like service, Google Video, which offers streaming video without charge and some free downloads. But in early 2006, Google announced a service as part of Google Video that would allow users to pay to rent or buy certain videos (such as NBA basketball games and TV shows such as CSI) and it is that service that changed this week and those videos that people purchased that they no longer can watch.

YouTube and Google Video use "streaming" video technology so that you watch the stream of video as it comes to you. It is also possible to download videos in some cases. But the Google premium video service allowed users to pay for videos, download them, keep the video files, and watch them without streaming or re-streaming the content. Customers had the files on their own computers and could copy them and put them on different machines as if they really did "own" them. But there was a catch.

Actually, there were three catches. First, users of this service had to download and install the proprietary "Google Player" software. (The software was originally downloadable from http://video.google.com/playerdownload but even the Google cache of that page disappeared this week.) It served a similar function to Windows Media Player or Quicktime or other media players, but it used its own proprietary format (".gvi"). Only the Google Player could play Google Videos.

Second, you could watch the proprietary format using the proprietary player only if you were connected to the internet and authenticated yourself as the purchaser.

Since the Google Player was the only player that could read the files one purchased, users were locked-in to the DRM of authentication-over-the-internet (sometimes called the "phone home" feature). So, even if you paid for a video and "owned" the file you downloaded, you couldn't watch it unless Google allowed you to do so -- every time you watched it. This week Google simply turned off the ability for users to authenticate. Presumably, this is the way the Google rental service operated from the start: after 24 hours, you no longer had permission to view the file you downloaded. It turned out that the "purchase" program was just a temporary service as well.

This is why The Guardian described the situation this way:

Google handed opponents of digital rights management (DRM) a huge weapon this week when it announced that DRM-protected videos bought from its online video store will no longer work, and that customers will not be reimbursed.
  -- Kiss goodbye to your DRM-protected Google Video clips, by Charles Arthur The Guardian, August 16 2007

And that brings us to the third catch: the Digital Millennium Copyright Act (DMCA). Although there are hacks, work-arounds, and other technical tricks that allow one to circumvent the Google phone-home DRM, they are against the law. Again, The Guardian saw the implication of this for libraries:

But the fact that thousands of purchased files will cease working will give pause to organisations charged with creating public archives of published information - such as the British Library and, in the US, the Library of Congress. The latter in particular was anyway considering whether any redrafting is needed on the Digital Millennium Copyright Act (DMCA): the idea of offering a loophole to circumvent DRM on products that no longer work properly was rejected in its last consideration. Google's decision might lead to a reversal in thinking.

There is more about this story and its implications for FDLP libraries in Part Two.

More information:

• Google Video robs customers of the videos they "own", BoingBoing August 10, 2007
• Google Video service to go black by Dawn C. Chmielewski and Alex Pham Los Angeles Times, August 11, 2007
• Google's permanent video sales less-than-permanent by Cade Metz, The Register, August 11, 2007
• Google Video DRM: Why is Hollywood more important than users? by Cory Doctorow, BoingBoing, February 14, 2006
• More On Google Copy Protection by Mike Masnick, TechDirt, Mon, Jan 9th 2006
• Google's Copy Protection: Supplying The Tools For Others To Be Evil by Mike Masnick, TechDirt, Fri, Jan 6th 2006
• Google Video (beta) by Troy Dreier, CNet, 2/7/06
• Google Video Player Terms and Conditions Google Video
• Good Uses for DRM Jimmy Palmer, DRM Blog (September 2. 2005) [good description of "phone home" DRM]

Once again, DRM is in the news and the news is bad. Very Bad.

• AACS DRM tentacles reach far into operating systems, by Ken Fisher, Ars Technica (August 12, 2007)

AACS is the "Advanced Access Content System" set up by IMB, Intel, Microsoft, Panasonic, Sony, toshiba, Disney, and Warner Brothers. It is Digital Rights Management (DRM) for the next generation of content including high-definition optical discs. (For more see: Overview : AACS - Advanced Access Content System.) There has been a fair amount written about how Microsoft is embedding DRM/AACS technology into Windows and how hardware manufacturers are supporting it as well (see Strategy to Thwart Movie Copying Could Frustrate Innocent Users and How Windows Vista Will Affect Government Information and Microsoft Vista takes control). But this article in Ars Technica says that "...the bigger story here is the technical nightmare created by AACS and how its tentacles are reaching into the consumer technology we all use daily."

"The biggest trick the devil ever pulled was in getting folks to blame someone other than Hollywood for video DRM."
--not Keyser Soeze

AACS and DRM is not just about Microsoft and PCs and Windows. "Apple will also have to adopt a strict DRM regimen at the most fundamental levels of Mac OS X in order to be able to (legally) play back AACS-protected Blu-ray or HD DVD discs (e.g., most commercial discs in those formats)... The same would be true for Linux, except that AACS won't be licensed for Linux desktop use. There's no way to securely implement it since desktop Linux is an open environment, and AACS requires keeping secrets."

Government information does not exist in a vacuum. Any digital government information, whether packaged by the government itself or re-packaged by the private sector, will have to conform to standards that Hollywood is designing to protect content. This means that, potentially, some government information will be unavailable on some platforms (e.g., Linux) that refuse to conform to Hollywood DRM. It means that content that does conform to these standards will be locked by its constraints.

Users should be outraged at these developments, but directing that outrage at Microsoft (or Apple) misses the point. The movie industry's fear of fair use and casual piracy is so great that it uses its considerable weight to influence innovation in personal computing. They can create a technology (AACS) and a license for that technology without ever having to prove its utility or safety for consumers. The situation is made more deplorable by the fact that AACS seems to be nothing more than a stab in the dark at the problem: it has already been cracked! AACS is unproven technology with amazingly complex demands. And it's being rolled into operating systems essentially unproven and with little care for how much havoc it wreaks.

• NARA says no to DRM software, by Jason Miller, FCW, June 18, 2007.

  Officials at the National Archives and Records Administration have growing concerns about the effect of digital rights management software on federal records. Allen Weinstein, the nation's archivist, has issued a new policy stating that NARA will not accept electronic records that include such software.

• NARA Bulletin 2007-02 April 30, 2007; TO: Heads of Federal agencies; SUBJECT: Guidance concerning the use of Enterprise Rights Management (ERM) and other encryption-related software on Federal records

The NARA bulletin refers to "ERM" this way:

Enterprise rights management (ERM) software manages and enforces information access policies and use rights of electronic documents within an enterprise; its development has been predicated on digital rights management (DRM) technology.

Although the National Archives and Records Administration (NARA) bulletin says that it will scan electronic records during accessioning and reject those that contain "ERM protection" and return them to the originating agency for removal of the ERM protection, NARA also gives advice to agencies that still want to use ERM.

NARA suggests agencies choosing to deploy ERM or encryption technologies take steps to evaluate the effect that this will have on records management practices and consider instituting policies and procedures that will minimize adverse consequences.

Thanks to Patrice McDermott and GovInfo News (7-6-2007)!

Digital Rights Management (DRM) tools are ostensibly aimed at preventing "piracy" of commercial movies and music recordings, but the DRM tools are being embedded in the hardware that we use to access all information. That can be disastrous for legitimate access to public information.

There has been a lot in the press in the last few months about one particular technology called "key revocation" that is aimed at limiting access to Blu-ray and HD DVD disks. The Wall Street Journal today describes how it is designed to work: "Anyone who pops one of the new discs into their personal computer without installing a software upgrade will find that it destroys the computer's ability to play any high-definition DVD at all.

• Consumers May Get Caught in Piracy War [subscription required] Keith Winstein. Wall Street Journal. (Eastern edition). Jul 5, 2007. pg. B.3. (no registration required here)

We at FGI have been urging for a long time that the Government Printing Office (GPO) and all government agencies explicitly refuse to use DRM technologies, but they have not yet done so. Unfortunately, technologies like these that change the way the hardware works may endanger access to government information regardless of what GPO does. Librarians should be fighting against these technologies at the policy, regulation, and law level. Don't be confused by industry rhetoric that equates these technologies with private property protection and protection against illegal "piracy." They are, in fact, bad ideas that will harm information use.

More links about the technology and recent background:

• AACS Key Revocation: The Future of DRM? EFF Deep Links, April 11, 2007 ("Because this "revoke and blacklist" approach is a standard feature of next-generation DRM systems, legitimate consumers are increasingly going to have something to fear from "upgrades" and "blacklists" hidden in the media they legitimately purchase")
• Hackers v Hollywood, Round 2, by Jon Healey, Los Angeles Times, April 09, 2007.
• First AACS Blu-Ray/HD-DVD Key Revoked ("pretty much confirms that the key revocation has already taken place for all newly released Blu-Ray and HD-DVD discs.")
• AACS hacked to expose Volume ID: WinDVD patch irrelevant, by Thomas Ricker, Engadget, Apr 10th 2007.

It's been one of those crazy weeks with lots going on. So rather than blog all the things that I had planned to blog about this week (and last week while in Seattle for ALA!), here's the list of open tabs on my browser. Ahhhhh, I feel better now :-)

• Sloan Foundation funds "open" alternative to Google Book Search [Shoutout to Rick Prelinger!]
• Copyright, DRM Technologies, and Consumer Protection March 9 & 10, 2007 ~ University of California at Berkeley, Boalt Hall School of Law
• The Daily We: Is the Internet really a blessing for democracy?. article by Cass R. Sunstein
• Why reference and authority matter [Thanks jessamyn!]
• GODORT's new wiki!. Try it, you'll like it!!
• How to disable Google personalized search. For you privacy nuts...er...concerned folks out there.
• Jake Appelbaum lecture on anonymous communication. And another for the privacy-concerned.
• WIPO anti-podcasting treaty refuses to die
• BoingBoingBoing podcast 9: Matt Haughey of MeFi
• Sen. "Series of Tubes" Stevens introduces DOPA II: the sequel

At FGI, we continue to wonder why GPO has never said that they will avoid using "Digital Rights Management" (DRM) tools to authenticate government publications. DRM technologies, which are designed for use by the entertainment industry to protect content from copying, are (or should be) antithetical to open, freely available, reusable government information. A different way to authenticate a digital document is with a "cryptographic hash."

[A] cryptographic hash algorithm is a highly complex math formula that can be used to create digital signatures and authenticate data to ensure it hasn't been tampered with.

[NIST] is looking for "unclassified, publicly disclosed" algorithms that would be "royalty-free" and "capable of protecting sensitive government information well into the foreseeable future."

-- NIST announces competition for new cryptographic hash algorithm, by Ellen Messmer, Network World, 01/23/07

Such "digital signatures" (each one essentially a string of numbers) could even be included in library OPAC records along with a link to the algorithm so that any user could verify the authenticity of any document using open tools that run on any platform.

• NIST Wants Comments on Draft ‘Hash’ Requirements, NIST. January 23, 2007
• Announcing the Development of New Hash Algorithm(s) for the Revision of Federal Information Processing Standard (FIPS) 180–2, Secure Hash Standard. Notice and request for comments., DEPARTMENT OF COMMERCE, National Institute of Standards and Technology, [Docket No.: 061213336–6336–01] Federal Register Vol 72, no. 14, January 23, 2007, p. 2861.

See also: Draft requirements for new hashing standard open for comment, by William Jackson, GCN, 01/23/07

How will decisions about consumer electronics and entertainment affect you as a government information specialist?

Joab Jackson, of Government Computer News, hints at the answer to that question when he writes in his GCN technology blog:

Typically, we don't cover Digital Rights Management. How Microsoft Corp. and other tech companies secure digital music and downloadable movies is more of a consumer issue, hence outside our charge. But a recent paper by New Zealand academic Peter Gutmann is worth reading in that it reveals the side-effects of the DRM hooks Microsoft buried in Vista. In short, Gutmann argues that the safety measures Microsoft put in place will complicate life for all users, not just those who want to watch high-definition movies on their computers.
-- Paying the cost to run Vista. "Tech Blog" By Joab Jackson, Government Computer News, 01/02/07.

And, he might add, not just those that use PCs and Windows. The paper Jackson refers to is A Cost Analysis of Windows Vista Content Protection by Peter Gutmann. It has been receiving lots of comments and Gutmann continues to update it (the last version I read was updated on January 4, 2007). Gutmann's paper examines the new version of Microsoft Windows called "Vista," which will be available soon. In anticipation of its release, there has been a spurt of writing about it and about the digital rights management (DRM) technologies built into it. Here are two more:

• Feeding Frenzy by Robert X. Cringely "I, Cringely" PBS.org, December 29, 2006.
• How Vista Lets Microsoft Lock Users In By Cory Doctorow, InformationWeek Dec. 5, 2006.

Jackson summarizes some of the problems Gutmann finds: slowed performance, reduced fidelity of content, and the fact that peripherals could be remotely disabled by Microsoft itself. Gutmann's own summary says that Vista's content protection features will affect "all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server)."

Cringely looks more at the consumer and entertainment perspective and says that all "Digital Rights Management is really just an ecosystem for selling our own stuff to us again and again."

Doctorow says that "Technology called 'Information Rights Management,' [IRM] combined with copyright law and Windows Vista, give Microsoft the tools to hold users' data hostage in Office."

This is important for government information specialists to understand because, as Doctorow points out, it means that information creators and distributors will control who can read a document and what they can do with it afterwards. Imagine a world in which government information is "protected" or "secured" or "authenticated" (choose your pseudonym of preference) with DRM/IRM:

With IRM, an Office user can specify whether her documents can be printed, saved, edited, forwarded -- she can even revoke access to the documents after sending them out, blocking leaks after they occur. (Doctorow) [emphasis added]

This goes beyond what we already see in "locked" PDF documents. "Unlike a crippled PDF, a restricted Word file is encrypted. Only authorized readers will get the keys" (Doctorow). Vista will do this by relying on hardware and software built right into the hardware. The "Trusted Computing Module" on the motherboard of most PCs manufactured in recent years produces an "attestation" about the precise configuration of a PC. Cory says, "If your PC doesn't pass muster -- because you're running a third-party document reader, or a modified OS, or an OS inside a virtual machine -- then you don't get any keys" and can't read a document. And "Remote Attestation" allows software to be verified over a network. Forget about using open source or third party software to read documents written with these features.

No company has spent more time and money on preventing its competitors from reading its documents: remember the fight at the Massachusetts state-house over the proposal to require that government documents be kept in open file-formats? (Doctorow)

Here's more from Cory's article:

The deck is stacked against open file formats. Risk-averse enterprises love the idea of revocable documents -- HIPPA compliance, for example, is made infinitely simpler if any health record that leaks out of the hospital can simply have its "read privileges" revoked.

No one ever opts for "less security." Naive users will pull the "security" slider in Office all the way over the right. It's an attractive nuisance, begging to be abused.

The Trusted Computing Module has sat silently on the motherboard for years now. Adding Vista and IRM to it is takes it from egg to larva, and turning on remote attestation in a year or two, once everyone is on next-generation Office, will bring the larva to adulthood, complete with venomous stinger.

All this adds up to handing the government ways to further control government information -- even if libraries have digital copies of documents. We at FGI have repeatedly asked the Government Printing Office to eschew DRM, but GPO has never done so.

A recent article in GROKLAW critiques the extreme way one library is implementing digital rights management (DRM) and how it impacts fair use, first-sale, and re-usability of information. While focusing on the British Library, it does an excellent job of pointing out the dangers of DRM. Can we imagine the Future Digital System having documents that expire, that can't be printed, that are bound by contractual restrictions (not copyright!), that can be read on only one machine, that can't be copied, etc. etc.?

GPO should disavow such uses of DRM, but it has never done so.

• The British Library - "The world's knowledge" DRM'd and for a price. by Pamela Jones. GROKLAW (May 07 2006)