From DRM to Rights Management Services

miladus writes "Microsoft has formed an academic Think Tank on Trustworthy Computing. The Academic Board is to advise Microsoft on 'security, privacy and reliability enhancements in[...] products and technologies so that Microsoft can obtain critical feedback on product and policy issues related to its Trustworthy Computing.' An interview with two members of the board is an interesting read, especially concerning the global implications of privacy. Of note, is the absence of DRM discussion. But DRM shows up as 'Rights Management Services' in the promised Widows Rights Management Services to be released later this year. it will deliver a 'platform-based approach to persistent policy rights for Web content and sensitive corporate documents of all types'"

Re:Good stuff

"Things like this are really essential, especially for companies and organizations that have concerns about confidential information."

No. Good security is essential for people handling confidential information. Would you want your bank records littered around insecure networks, protected by unbreakable MS-Word encryption? I'd rather trust my information to people I knew had no Microsoft software anywhere.

You need to keep information separated at work? For things like that, most people would consider PGPDisk and BSD firewalls not enough protection. At one place I work, any computer connected to certain network has to have its disk removed daily and locked in a safe. At another place I visited, there were no network connections leaving the site at all. Anyone who uses Microsoft security solutions has no business being given access to confidential information.

Re:What happens when MS has a new version of Offic

[Billly+Gates]

But without evidence they can sniff all they want and will find nothing. No evidence no case.

It is very hard to go after a corporation. You have to prove that companyA knew about the corruption and hid it. Kenith Lay just recieved $200 million from his involvment with Enron and is retiring in peace as a wealthy man. Why? He claimed he didn't know about what was going on in accounting. Since he moved the money he recieved to his retirement fund he avoided litagation from angry stock holders and co-workers. A very sneaky loophole indeed. He can't be prosecuted or sued. Hiding information is key to avoiding prosecution and obsrtucing justice. With drm this makes the doj's and fcc's power void. Microsoft had been doing this for years and got away with an EU investigation in 93 because of it.

The doj could not even prove that Microsoft strong armed OEM's to bundle office because of lack of evidence. They decided to go only after IE because of the one email from Gates about chocking their air supply since someone forgot to delete the email.

Your innocent until proven guilty and corporations can drag court cases for years because they have so much money. Timebombing and drm is perfect. With no data you can not prosecute anyone.

Re:Good stuff

[stinky+wizzleteats]

If you are using a Microsoft document format to transfer confidential information, you have problems DRM cannot solve.

MS is, in my view, breaking new ground with this;

I'm sure attempting to use an umbrella as a submarine would be equally revolutionary. That doesn't make it a good idea.

Re:What happens when MS has a new version of Offic

When counterfeit comes into play the feds are alot more aggressive. MS isn't likely going to circumvent NSA friendly encrytion and the damaging effects of another goverment undertaking fraud during a bull run could cripple the markets for a very long time means somebody is/or will be watching.

I maybe paranoid but I believe pretty much everything sent over the internet has a copy someplace, with software constantly sniffing for profiles, patterns, etc...and comparing it to public data, simply because I would.

Happenstance or a socially engineered blunder is always doable, but a threat to national security and/or a potential charge of treason becomes applicable. Deterrent becomes the best form of prevention as well as seperating a greedy capitalist goat from a real terrorist/threat.

Trustworthiness and security

[voodoo1man]

The entire industry needs to place a higher priority on building trustworthy systems, even though this means building systems that have fewer features and that take longer to deploy because of increased development times.

So now we're supposed to waste our time fiddling our thumbs about broken trust and rights "management" crap? This is the same stunt MS pulled by claiming Windows met "Orange Book" (from the NSA Rainbow Series of books) "security" standards. Of course, Access Control Lists don't do much if your OS is full of buffer overflows and similar exploits, and this is ignoring the issue that ACLs don't do much at all and don't do it very well anyway. This seems like an overly expensive way of distracting customers from the real security issues (ha! like that one-month code review jerk-off session really accomplished anything).

I can see only two benefits coming from this. Likely the grants those professors are receiving from MS will trickle down to some poor, hungry grad students who actually deserve it. Also, if the quote above has any relevance to MS's own development plans (but I'm not holding my breath), maybe people forced to use MS software will have to suffer through less feature bloat and mandatory-upgrade new versions.

easy to do

[infonography]

Here's a good one check out this about CORDS [loc.gov]

" The U.S. Copyright Office Electronic Registration Recordation and Deposit System is the Copyright Office's system for registering claims over the Internet. Through the Internet, copyrighted works become available throughout the world instantaneously. As copying these digital works becomes easier, copyright protection is imperative."

Actually this could be cool, however following it to a illogical conclusion there are loopholes for massive abuse. A media file would have a locatable Digital signature that a filtering router could read. Check against a database for known bootlegs and you got your filter. (hmmm, run it on a linux box and finally get some RIAA/Evil use out of those longhaired geeks)

If no Digital sig is found then implant one and forward the file and new sig so the RIAA can add it to the registry for later review. Cause it could be a new burn of the latest N'Sync song or that one about Fred Durst telling Britney Spears to drop dead. you could plot the movement of files from user/site to user/site and show who gave what to who and when. You end up with a nifty tracking scheme.

This is a classic 'Man in the Middle' attack, one of those things the RIAA/MPAA wanted to do not so long ago.

Opps, You would have a way to hit them back. Say your ISP, the UofWhereEver goes and alters a music file with a fingerprint then they are subverting your property. If the file is legally obtained say self-produced then the original artist (you) will have a very clear case for copyright infringement. They will have created and distributed a reproduction of your recording for 'Commercial Gain' (acting as an agent for a speculative RIAA lawsuit), which is 99.94%, exactly the same as your copyrighted material.

So they have just violated Federal Copyright law by clandestinely adding a digital fingerprint. You can extract this new tag by doing a diff of the file against the orginal. Even a certain lackwitted judge in say Pennsylvania would be able to understand it then.

yes this is a rerun

yet another gripe about microsoft

[CjKing2k]

Operating systems perform basic tasks, such as recognizing input from the keyboard, sending output to the display screen, keeping track of files and directories on the disk, and controlling peripheral devices such as disk drives and printers.[webopedia.com]
Nowhere in does this mention anything about deciding what programs/documents the user can and cannot open. An OS is desined to give functionality to a computer, not a tool to implement bureaucratic policies and legal restrictions (e.g. the Palladium and other DRM nightmares).

Now, getting back to WRMS (for Stallman's sake I'll call it WRMS from now on). The difference between this and paper shredding is that you now get to keep the documents you're trying to hide. Think of how many Enrons and Arther Andersens still out there now have digital protection! Once again, Microsoft caters to big corporations that invest lots of money into the computer industry and want to see things their way. This does not help the rest of us, and if the Enron scam happens again because of this (and it will), then it will hurt our economy again.
Enter Palladium, just another part of Microsoft's new restrictive practices. I think we should petition Intel against killing its own platform. We've gone very far from the 80's now, and I think if this does not stop it will only get worse. I'm no legal expert, but I see Palladium as a violation of the 4th amendment in the US constitution. Your PC is as much private to you as your house is. Criminals can break into computer just as well as a burglar can crawl through that open window in your back yard when you're not home. However, the police still can't get in without your permission or a warrant. DRM is, by design, used to find illegal material and warezed software then delete it or report it. How is this any different from search and seizure?

Now for those of you who are worried are going to lose your freedoms, just remember who's really at fault here. It is the people who swap thousands of MP3's every day, download warez and illegal keys.. basically those too cheap to actually pay for your software and music. Granted, I don't think it's right for Microsoft to charge 200 bucks for an OS, but that's one of the reasons I'm using Linux. I still don't believe it's right what they're doing, but the blame should really be placed on most of the /. h4x0r w4nn4b3's who are adding fuel to the fire. If you're a corporation and you're really paranoid about your sensitive documents getting into the wrong hands, then maybe you should be more concerned about keeping your networks secure (one way would be by not using Microsoft products) and choosing your employees wisely.