Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Prepares Office Lock-in

Posted by michael on from the stupid-business-lining-up-to-lock-themselves-in dept.

An anonymous reader writes "NEWS.COM has an article describing Office 2003's DRM features for documents. This will not only coerce those running older versions of Office to upgrade, which has been a problem for MS in the last few years, but it will also shut out competing software, such as OpenOffice. Now think about this for a second. Even if the developers of a competing office suite could figure out how to get their software to open an Office 2003 document, doing so would be a DMCA violation, since they'd be bypassing an anti-circumvention device. I certainly hope the OpenOffice team will kick development into high gear. If there was a time we need a viable competitor to Office, it's now."

19 of 1,127 comments (clear)

  1. Interoperability is protected by DMCA by TrentC · · Score: 5, Informative

    For those of you who like to throw DMCA around like a big, evil boogeyman, last time I checked, reverse-engineering for the purposes of interoperability is allowed by the DMCA.

    Jay (=

    1. Re:Interoperability is protected by DMCA by Fareq · · Score: 5, Informative

      that is correct, however OpenOffice (or any other similar product) would have to support all the DRM features that MS Office did.

      If it was possible for a user who shouldn't have access to a file to use another application to read it, then that app would be in violation of the DMCA because it is a circumvention device.

      If it respected all the DRM nonsense, then it would probably fall under the interoperability portion of the law. At least that's the way I read it.

  2. not by default... by ceswiedler · · Score: 5, Informative

    The article points out, and I agree, that it's unlikely DRM will be applied to documents by default, since implementing it requires configuring Windows Server 2003 and ensuring both the creator and reader of the document have access/accounts on the Rights server.

    It's really targeted at businesses which make heavy use of Active Directory already (or would switch to doing so), so that Finance people can restrict access to sensitive salary documents and such. Most people, even if they can apply DRM to a document, won't choose to do so. How many people change the rights for their local drives to remove access for 'Everyone'?

  3. Re:The straw that broke the PHB's back? by GrenDel+Fuego · · Score: 5, Informative

    Pointy-Haired Boss. it's a dilbert reference.

  4. RTFA by Lane.exe · · Score: 5, Informative
    From the first paragraph:

    for the first time will include tools for restricting access to documents created with the software. Office workers can specify who can read or alter a spreadsheet, block it from copying or printing, and set an expiration date.

    Users get to set it. It's not automatic.

    --
    IAALS.
  5. Re:The straw that broke the PHB's back? by vrt3 · · Score: 3, Informative

    http://www.catb.org/~esr/jargon/html/P/PHB.html

    --
    This sig under construction. Please check back later.
  6. Re:It's actually important to do this. by Lumpy · · Score: 3, Informative

    Right now they have to assume that a word document is unaltered upon receipt from a client.

    if your law firm does this, you need to switch to a competent law firm right away.

    Rule #1 in business and in law, NEVER EVER Trust anyone.

    #2 is Double check everything.

    Here, send me my recent bill in word format for me to review before you send it to me, no, I won't modify it.

    --
    Do not look at laser with remaining good eye.
  7. Re:I don't see the problem here. by Richard_at_work · · Score: 3, Informative

    You'd have to cripple the entire operating system while the document is open

    Not really, the applications do most of the limiting, and since you HAVE to open the restricted document within a trusted application, it can stop you: printing, faxing, taking screen shots of that application (you can arrange the windows in such a way that a screen shot will miss that window altogether, its all there in the win32 api and probably moreso in the extensions office 2k3 gives), it can limit copy-and-paste.

    So the only real way you can defeat this is by opening it in a non trusted application, and you can bet yo0ur ass that its encrypted, tho how long that will remain unbreakable is another arguement entirely.

    So, in summary, you havent read the article and are jsut spouting off things you think you can do to get around stuff. (They clear up most of your arguements in the article).

  8. Re:Mostly FUD by merlin_jim · · Score: 4, Informative

    It's perfectly reasonable for corporate customers to want to control access to their documents in the workplace, and that's what the Office 2003 DRM features are targeted towards. It's just a dumb client-server authentication scheme, people.

    I was there at TechEd 2003 when a VP of Verisign took the stage during the keynote address and announced these features.

    It is not dumb client-server authentication. It is a public key encryption package. You need access to a centralized server for typical key management operations, including looking up the public keys of parties with whom you have not communicated in the past.

    However you will certainly be able to access the documents in a disconnected fashion, as long as your local keystore contains the right information.

    Oh and at the time they also announced that the USPS would be supporting a stamping feature for this. Just like today, you can take a document and send it through the mail (to yourself) just to get it stamped with the current date. The USPS will digitally stamp the document with their current date/time. They didn't go into details on how this would work, but I imagine it's a typical hash/signature style function...

    --
    I am disrespectful to dirt! Can you see that I am serious?!
  9. READ THE FRIGGEN LAW by C10H14N2 · · Score: 3, Informative

    The DMCA clearly and unambiguously allows reverse-engineering and circumvention to achieve interoperability.

    Don't just assume and feed absurd conspiracy theories. READ THE LAW.

    http://www.loc.gov/copyright/legislation/dmca.pd f

  10. Do some research everyone! by merlin_jim · · Score: 5, Informative

    Number one most important feature of this that it seems noone is getting:

    This is just Public Key Cryptography based on open and documented standards!

    How do I know? I was there when it was announced. In early June at TechEd 2003 in Dallas Texas. Some Korean VP of Verisign showed it off. His accent gave it a very scary "All your base are belong to us" kind of feel, but there it is.

    Here's the press release from that day:

    http://www.verisign.com/corporate/news/2003/pr_2 00 30603b.html

    Please read this before you spout off one more cockeyed comment on how Microsoft is evil cause you won't be able to read this on the plane or how it's proprietary and noone will ever understand it or work with it ever again.

    --
    I am disrespectful to dirt! Can you see that I am serious?!
  11. VB-type scripting in Spreadsheets - OpenOffice by Decaff · · Score: 4, Informative

    Open Office 1.1 rc3 does exactly this. There is a macro recorder that produces Basic scripts. This will run unchanged on Windows, Linux, Solaris, and MacOS/X.

    http://www.openoffice.org

  12. Re:Mostly FUD by BobTheLawyer · · Score: 4, Informative

    None - when you deliver documents etc subject to a subpoena you have to deliver the means of access to the document.

  13. It's not *that* bad by GarfBond · · Score: 4, Informative
    Let me preface by stating that I participated in the Office 2003 beta, so I can give a small description on how this feature works (no tomatoes please).

    This feature can be activated by selecting "Document Permissions" from either the toolbar or the File menu. Documents are NOT created with this feature enabled by default, although there might be some random little option somewhere to make it the default option.

    In Word, this feature enables you to specify which people can read it, and it automagically turns off Print Screen and Printing if I remember correctly, and maybe the clipboard too. In Outlook this prevents you from forwarding or copying the text to clipboard too.

    As for home users being able to use it, for the purposes of the beta Microsoft allowed users to use their .net passport as the method of authenticating users, in addition to whatever 2k3 server they might have had. I'm not sure if they're going to allow .net passports after the Office 2003 launch, but only time will tell. Office 2003 users will have to download some additional program (will probably also be on the CD too) to gain access to restricted documents.

    For what it's worth, here's what the microsoft help document has to say on the issue:

    NoteYou can create content with restricted permission using Information Rights Management only in Microsoft Office Professional Edition2003, Microsoft Office Word2003, Microsoft Office Excel2003, and Microsoft Office PowerPoint2003.

    Today, sensitive information can only be controlled by limiting access to the networks or computers where the information is stored. Once access is given to users, however, there are no restrictions on what can be done with the content or to whom it can be sent. This distribution of content easily allows sensitive information to reach people who were never intended to receive it. Microsoft Office2003 offers a new feature, Information Rights Management (IRM), which helps you prevent sensitive information from getting into the hands of the wrong people, whether by accident or carelessness. IRM essentially helps you control your files even after they have left your desktop!

    Creating content with restricted permission

    IRM allows an individual author to create a document, workbook, or presentation with restricted permission for specific people who will access the content. Authors use the Permission dialog box (File | Permission | Do Not Distribute or Permission on the Standard toolbar) to give users Read and Change access, as well as to set expiration dates for content. For example, Bob can give Sally permission to read a document but not make changes to it. Bob can then give John permission to make changes to the document, as well as allow him to save the document. Bob may also decide to limit both Sally and John's access to this document for 5 days. Authors can remove restricted permission from a document, workbook, or presentation by simply clicking Unrestricted Access on the Permission submenu or by clicking Permission again on the Standard toolbar.

    Additionally, administrators for companies can create permission policies that are available in Microsoft Office Word2003, Microsoft Office Excel2003, and Microsoft Office PowerPoint2003, on the Permission submenu and define who can access information and what level of editing or Office capabilities users have for a document, workbook, or presentation. For example, a company administrator might define a policy called "Company Confidential," which specifies that documents, workbooks, or presentations using that policy can be opened by users inside the company domain only. Up to 20 customized policies can be displayed (in alphabetical order) on the Permission submenu at one time so that individual authors can use them for the content they create.

    In Word, Excel, and PowerPoint, authors can re

  14. Yet more alarmist FUD by earache · · Score: 5, Informative

    You guys even bother reading the article at all?

    The technology is designed to enable secure document transfer between trusted parties. For instance, documents containing trade secrets or engineering specs for a company's latest greatest apps. The creator of the document can secure it so only specified people can read it, limiting potential leaks outside of the company, or the document falling into the wrong hands.

    It is not enabled by default and it requires an internal infrastructure to implement (Windows Server 2003 with Windows Rights Management) so the average joe blow isn't going to even be able to use it.

    As for "competing products" not being able to read these secured documents, well that's the whole point right? If you're publishing secure documents, you're securing them for a reason, and you're only going to want those who can read it to read it.

    There could be an argument for Microsoft to publish an open standard for interoperation, but this is America, not a socialist state, so that argument is a little weak.

    Personally, I think this is a cool feature, and one I'm personally going to be using for my day to day work.

    1. Re:Yet more alarmist FUD by multi+io · · Score: 4, Informative
      As for "competing products" not being able to read these secured documents, well that's the whole point right?

      Um, no it is not. The point that unauthorized users shouldn't be able to read the documents. Competing products should be able to read them, provided they know the required keys and can access the DRM server. This requires that MS documents the encryption format. Just as GnuPG etc do.

  15. Re:Disgruntled employees by doorbot.com · · Score: 3, Informative

    this will be great when someone quietly locks 10 years worth of documents he created before getting laid off... a week later, after his Win* user ID has been deleted, his boss will loooooove the new DRM features implemented by Microsoft.

    Window's EFS has a recovery key so an "administrator" can recover the files. In a simple networked environment, this would typically be the domain Administrator, or anyone else the admins designate. These users can unencrypt (and thus read/recover) a deleted user's files. I would guess that IRM-protected files would be recoverable through a similar method.

  16. PDF unencrypting solution by interiot · · Score: 4, Informative
    You'll still have some problems with ghostscript since the Adobe PDF somehow adds some rogue postscript in your printer output that makes the ps2pdf crap out. Ghostscript somehow has a "feature" that supports Adobe's lameness, implemented in its pdf_sec.ps file. You just have to override it with a hacked version like this and you should be good.

    Googling for pdf_sec.ps along with "Adobe" or whatnot should give you more info.

  17. The submitter didn't RTFA by EmagGeek · · Score: 5, Informative

    Probably redundant... but here goes...

    According to the article, it is not the default behavior for O2K3 to use Information Rights Management. In fact, in order for Office to lock a document, there has to be a Win2K3 Server running the rights manager suite somewhere on the LAN...

    Nothing to see here... move along...