How will decisions about consumer electronics and entertainment affect you as a government information specialist?
Joab Jackson, of Government Computer News, hints at the answer to that question when he writes in his GCN technology blog:
Typically, we don’t cover Digital Rights Management. How Microsoft Corp. and other tech companies secure digital music and downloadable movies is more of a consumer issue, hence outside our charge. But a recent paper by New Zealand academic Peter Gutmann is worth reading in that it reveals the side-effects of the DRM hooks Microsoft buried in Vista. In short, Gutmann argues that the safety measures Microsoft put in place will complicate life for all users, not just those who want to watch high-definition movies on their computers.
— Paying the cost to run Vista. “Tech Blog” By Joab Jackson, Government Computer News, 01/02/07.
And, he might add, not just those that use PCs and Windows. The paper Jackson refers to is A Cost Analysis of Windows Vista Content Protection by Peter Gutmann. It has been receiving lots of comments and Gutmann continues to update it (the last version I read was updated on January 4, 2007). Gutmann’s paper examines the new version of Microsoft Windows called “Vista,” which will be available soon. In anticipation of its release, there has been a spurt of writing about it and about the digital rights management (DRM) technologies built into it. Here are two more:
- Feeding Frenzy by Robert X. Cringely “I, Cringely” PBS.org, December 29, 2006.
- How Vista Lets Microsoft Lock Users In By Cory Doctorow, InformationWeek Dec. 5, 2006.
Jackson summarizes some of the problems Gutmann finds: slowed performance, reduced fidelity of content, and the fact that peripherals could be remotely disabled by Microsoft itself. Gutmann’s own summary says that Vista’s content protection features will affect “all hardware and software that will ever come into contact with Vista, even if it’s not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server).”
Cringely looks more at the consumer and entertainment perspective and says that all “Digital Rights Management is really just an ecosystem for selling our own stuff to us again and again.”
Doctorow says that “Technology called ‘Information Rights Management,’ [IRM] combined with copyright law and Windows Vista, give Microsoft the tools to hold users’ data hostage in Office.”
This is important for government information specialists to understand because, as Doctorow points out, it means that information creators and distributors will control who can read a document and what they can do with it afterwards. Imagine a world in which government information is “protected” or “secured” or “authenticated” (choose your pseudonym of preference) with DRM/IRM:
With IRM, an Office user can specify whether her documents can be printed, saved, edited, forwarded — she can even revoke access to the documents after sending them out, blocking leaks after they occur. (Doctorow) [emphasis added]
This goes beyond what we already see in “locked” PDF documents. “Unlike a crippled PDF, a restricted Word file is encrypted. Only authorized readers will get the keys” (Doctorow). Vista will do this by relying on hardware and software built right into the hardware. The “Trusted Computing Module” on the motherboard of most PCs manufactured in recent years produces an “attestation” about the precise configuration of a PC. Cory says, “If your PC doesn’t pass muster — because you’re running a third-party document reader, or a modified OS, or an OS inside a virtual machine — then you don’t get any keys” and can’t read a document. And “Remote Attestation” allows software to be verified over a network. Forget about using open source or third party software to read documents written with these features.
No company has spent more time and money on preventing its competitors from reading its documents: remember the fight at the Massachusetts state-house over the proposal to require that government documents be kept in open file-formats? (Doctorow)
Here’s more from Cory’s article:
The deck is stacked against open file formats. Risk-averse enterprises love the idea of revocable documents — HIPPA compliance, for example, is made infinitely simpler if any health record that leaks out of the hospital can simply have its “read privileges” revoked.
No one ever opts for “less security.” Naive users will pull the “security” slider in Office all the way over the right. It’s an attractive nuisance, begging to be abused.
The Trusted Computing Module has sat silently on the motherboard for years now. Adding Vista and IRM to it is takes it from egg to larva, and turning on remote attestation in a year or two, once everyone is on next-generation Office, will bring the larva to adulthood, complete with venomous stinger.
All this adds up to handing the government ways to further control government information — even if libraries have digital copies of documents. We at FGI have repeatedly asked the Government Printing Office to eschew DRM, but GPO has never done so.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.