Slashdot Mirror
Microsoft Prepares Office Lock-in
An anonymous reader writes "NEWS.COM has an article describing Office 2003's DRM features for documents. This will not only coerce those running older versions of Office to upgrade, which has been a problem for MS in the last few years, but it will also shut out competing software, such as OpenOffice. Now think about this for a second. Even if the developers of a competing office suite could figure out how to get their software to open an Office 2003 document, doing so would be a DMCA violation, since they'd be bypassing an anti-circumvention device. I certainly hope the OpenOffice team will kick development into high gear. If there was a time we need a viable competitor to Office, it's now."
Comment removed based on user account deletion
This article emphasizes the role of DRM in commercial settings. It's perfectly reasonable for corporate customers to want to control access to their documents in the workplace, and that's what the Office 2003 DRM features are targeted towards. It's just a dumb client-server authentication scheme, people.
Put away the aluminized headgear. This is not an anti-consumer technology, or even a consumer-oriented one.
My impression from this document is that it is an optional feature, only active when the creator of the document specifies who can read it.
When the creator thinks it should only be readable on Windows 2003, and not on other software, that is his responsibility. And it is the responsibility of the reader to reject such documents as unusable.
This is hardly new. We use StarOffice 5.2 at work, and it cannot open password-protected documents from Office 95 or 2000. This is amongst the least problems when using that package in a mixed Office-StarOffice environment.
If I receive documents from suppliers and clients that I can't read, then I will ask them to send it again in another format, and they won't have a problem with that for now.
But five years from now, when everybody buying a Dell or Gateway machine has the latest version of Office bundled with their machine, I will likely be the only guy who can't read their documents, and their sympathy will have disappeared. I'll have to upgrade.
There's no particularly good way out of this using the marketplace; the marketplace will dictate it.
This is a feature some people want. It'd not on by default (how could it, be, since it requires a properly configured server to do the rights management).
It'll let businesses lock their documents down, for internal use. Nothing at all here gives any indication that all documents created will have DRM forced on. If a business or user doesn't want to use it, don't turn it on.
Another thing to think about is this: Notice MS hasn't been soo forthcoming lately about linux as a competitor. I think maybe their "near silence" means they are actually getting worried.
In adding this to office, they are really going to separate the market. I bet they figure, if they do this, whoever jumps on board will likely STAY on board due to the fact that switchig to open-source in the future after you've already got a bulk of documents done in this "new office" will be MUCH harder.
I think they just drew a line in the sand. . and they figure they are KEEPING whoever doesn't cross now
New version of [Software] has [feature1..featureN] that will make it incompatible with previous versions. Observers say that [Company] hopes this will drive sales of [Software].
Whatever.
Information wants to be $1.98/lb.
Dream on.
Call me a cynic, but I've lost count of the number of times that MS forced upgrade cycles were going to be the end of the company. It hasn't yet, and won't be in the future, even with this. Enough people and companies will pay to make it a non-issue. Watch.
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Where does it say *all* docs will be protected?
If its just docs you choose to use DRM with, then whats the problem? You choose to do that knowing the limitations because it makes sense for your use case. If thats a problem, you don't use it.
If I, as a company, choose to require all outgoing docs to have DRM, its my need to protect my information thats locking people in, not Microsoft.
And for what its worth, I don't use a speck of Microsoft software outside of work, and wouldn't. But lets get real here.
Law firms, especially, need this feature.
Right now they have to assume that a word document is unaltered upon receipt from a client. Now, with DRM, they can guarantee it. They also need to control distribution of documents and readability.
Pretty much every major corporation will want this feature once they understand it.
So, instead of fighting DRM, jump on the bandwagon, and have --better-- rights management in Open Office.
I'm not actually convinced that you need to have compatability between Office suites. Really, most people can use their existing MS Office to edit their Office documents and their new Office to edit their new documents. That way, if the old Office license is expired by Microsoft, everyone can complain to MS about how they can no longer read their documents, whereas, Open Office would theoretically never have that problem.
So, I would educate customers that file compatibility is not particularly necessary.
This is my sig.
Of course it's a calculated risk.. Some people will hate the DRM, but a lot of companies will really like it. Being able to say that a document can only be opened by managers in your company, for example, is worth lots of PHB points.
The server software will record permission rules set by the document creator, such as other people authorized to view the document and expiration dates for any permissions. When another person receives that document, they briefly log in to the Windows Rights Management server--over the Internet or a corporate network--to validate the permissions.
I read this as follows:
You cannot read a document when not connected to the internet. If, by some chance, a DDOS attack is launched against a company's 'Rights Management Server' (which MUST be exposed to the 'net), or it is otherwise hacked into and shut down, then ALL of the documents with this 'feature' in them will cease to function.
Pardon me, but it is utterly stupid to rely on a single server/service to remain running just so I can read something. A DDOS attack can literally shut down a company at this point.
You can accomplish anything you set your mind to. The impossible just takes a little longer.
At the same time, Microsoft has been fairly savvy in protecting its {monopoly|competitive advantage} without really ticking off the media. The Messenger lockdown is pretty blatant, and I haven't seen much public outrage - primarily because the people using Trillian et al are not the mainstream (yet). The big companies that are locked into their Microsoft investments make choices every 2-5 years when they upgrade their desktops. If Microsoft can create FUD - by claiming incompatibility or building it into new products - then they can hold off OpenOffice for another few years. I wonder if the EU would see this as anti-competitive (the US won't/can't do anything even if it does).
warning: epoll_wait is not implemented and will always fail
strictly speaking your right, but.. (or is it butt? ;)) the DMCA allows slapdown letters first, and litigation to prove, in court, with lawyers and other expensive accoutrements, that you are legally allowed to do what you did.
The DMCA is not based on the criminal code assumptions of innocence until proven guilty, rather you must prove that the infraction (and reverse engineering IS an infraction) is explicitly permitted within the code.
bwh
MicroSoft is in my opinion doing a wrong thing by making their documents unsharable. WordPerfect documents can be shared almost seamlessly from versions 6 thru 11. Forcing everyone to upgrade to share documents is expensive and impractical. People should start encouring exporting to PDF to make their documents sharable and hopefully Adobe won't do something as stupid as this.
First of all, DRM wouldn't be a requirement for all documents, it would most likely be a "feature".
.02
Second, what the hell does Linux have to do w/Anti-DRM and people switching? Linus has specifically stated that he has no opinion either way. If you want it, woo, if not, woo. People aren't sick and tired of DRM and it's not BS (no matter what "we" think)
Linux is taking a foothold because other software companies have expensive software.
You think that an alternative to Office is going to help? There have been alternatives (Corel, etc) did it matter? Do you think because they are creating a new version of Office it will render the other files incompatible? That would be really really dumb for MS to do (no ability to bring in your old stuff? retype? what?)
The only reason for a switch is PRICE. Honestly, no matter what bullshit people spread on here about how good OO, SO, etc, are, they aren't what MSO offers. Not even close.
Until the OO, SO, etc, get some strong following and somehow create something better than Office, no one is going to care unless it is money related and even then, I doubt a few hundred dollars is going to matter...
Just my worthless
Integration with Excel
Integration with Powerpoint
Integration with Outlook, and by extention,
Integration with Exchange
All of which are irrelevant if you're looking to replace MS Office in the first place.
How about perfect compatibility with everyone in the business world.
You haven't exchanged docs between Office 97 and Office 2K much because there are plenty of incompatibilities that arise between the two without even counting document corruptions.
Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
for the first time will include tools for restricting access to documents created with the software. Office workers can specify who can read or alter a spreadsheet, block it from copying or printing, and set an expiration date.
this will be great when someone quietly locks 10 years worth of documents he created before getting laid off... a week later, after his Win* user ID has been deleted, his boss will loooooove the new DRM features implemented by Microsoft.
there's no place like ~
A few facts and then an opinion:
1) DRM technology will be available to businesses which choose to run a DRM server on Windows 2003. It will not be enabled by default.
2) The technology will allow a management (or really the top level key holders) to limit document access rights to specific individuals or a group within the organization. A very valuable feature for many businesses.
3) Without a doubt, MS will abuse this technology to lock their customers into the new Office document format, which they will further abuse to limit document exchange from MS to third party applications.
The problem here is not 1) and 2). Those are perfectly reasonable features that most businesses want to buy. The problem is 3), the vendor lock-in issue. The Open Office project could write the same kind of DRM services into their suite, while at the same time offering document portability to those who hold top level keys to an organization's documents. IMO, this is where they should go long term, since it's obvious MS has hit upon a valuable technology - but like they're always abt to do, they're first instinct is to use the new technology to lock their customers in rather than sell their customers on their new features, quality engineering, and support. Businesses want both the DRM controls and document portability across a wide range of applications. MS always fails their customers in this regard and that's one reason why they've got such a bad reputation.
JMO.
Maynrd
Well, looks like Microsoft finally figured it out. DRM file formats and protocols have been on my mind for quite awhile as potential tools that they could could use to *specifically* target Open Source. Here's why:
What Microsoft will do with the Word DRM is "license" the technology to other commercial interests that wish to maintain file compatibility. They know that THIS is the wedge they can drive into things to split off the open-source projects, because A) no self-respecting open-source project would license MICROSOFT technology, and B) even if they would, they likely couldn't afford it.
Look for this to happen with the next round of media file formats as well. On a more sensationalistic note, what if MS bribed say, NVidia to DRMize their hardware interface. Nobody could then make calls to that hardware without either having a license or violating the DMCA. Again, commercial interests can afford the license, but do you think RedHat and such would like to bankroll Open Source's hardware compatibility licenses? Perhaps at first, but eventually I think not...
Watch out.
-JT
OK. Let me get this straight. A private company introduces software that basically introduces built-in encryption for word documents, spreadsheets, and email. This technology is designed to allow companies to prevent emails and documents from accidentally "leaking" to the press or into the hands of corporate spies. This won't even affect the home user AT ALL because home users don't have the necessary software to make use of IRM anyway (it requires a separate Windows 2003 Server in addition to MS's Information Rights Management software).
And the availability of this product is somehow an example of "blatant abuse of the law"? I think some people here are suffering from some kind of paranoia.
for the first time will include tools for restricting access to documents created with the software. Office workers can specify who can read or alter a spreadsheet, block it from copying or printing, and set an expiration date.
Users get to set it. It's not automatic.
For now... but they can always change that. Who's to say that our helpful friends in Redmond won't "default" this behavior in newer versions, after it's been pseudo-released in this version? It's not like they don't have a history of doing this same sort of behavior (see DOJ vs. Microsoft).
This feature is off by default. Certain companies will want to lock-in their documents. This is a 100% complete non-issue.
"Sufferin' succotash."
Or you just get out your trusty camera and take a picture of it. If you want to get higher tech, capture the EM signal generated by the monitor. It's just like bypassing music DRM by recording from a line out. This sort of security will stop casual snoops, but somebody who wants the information will get it.
This sig has been temporarily disconnected or is no longer in service
The DRM feature in Office and Outlook enables a user to prevent emails and documents from being forwarded to and viewed by people not specified by the sender/creator.
I presume this means that every email you forward to me has to be read in outlook. Somehow I don't think Microsoft will write a plugin for lotus notes (what I'm stuck using at work) or PINE or mutt. So now I'm forced into using a Microsoft product which I'll have to pay for to read all those emails. And a couple of versions in the future I may no longer be able to copy/paste between half my emails and documents because people got used to leaving the DRM button checked. And I won't be able to make easy backups of my email because the DRM thinks I'm making illegal copies and sending them on...
If I want to keep something anonymous I just tell people in person. I'd much rather do that than deal with all the potential hassle.
So you're anti-DRM...but what you wrote seems anti-crypto too. Is crypto OK to use just so long as "evil corporations" stay away from it? Crypto is for everyone...plain-old-folks-like-you-and-me, scientists, inventors, admin assistants, doctors, lawyers, salesfolk, plumbers, students, and yes -- corporate officers. Did you have the same reaction when PGP or GPG was released? It isn't like this is the first crypto to come to the Windows world. "Bad people" could've had their hands on it before just now. If this comes down to your not liking MS' implementation of it, don't use it. Otherwise, everyone who has ever written an encryption scheme for general consumption has had to think about the repercussions of "bad people" using it...and again, it's not like it wasn't available before (and it's been done quite well -- so well, that I do not believe that the NSA is able to break much of it).
In your rationale for keeping DRM away from businesses you point to their general dishonesty. It seems like you're suggesting that every officer at every company is corrupt...and I don't think that you could be any more wrong. Come on...is everyone who tries to sell a product or service (and make a buck in the long run) an evil empire run by an evil genius?
Sorry to vent this off onto you, but I'm getting kinda tired of the contention that every businessperson (and everything associated with it) being "evil". So some guys were (and are) dirty. Some psychiatrists take advantage of their patients to extort money and sex from them. Are they bastards? Sure -- but it does not say a single thing about the lot of them. How many executive officers do you know? How many of these people that you know (not know of, but actually know) are "evil corporate bastards"? Can you actually prove it?
I'm not asking you to go back to work and hug your CFO, but just think about what you're saying.
IANAEO
I Am Not An Executive Officer (or even close!)
I do use, and encourage the use of strong encryption for everyone.
P.S. Wouldn't this be alot easier if strong encryption just didn't work when the evil bit's set?
-Turkey
If you give up on freedom, precisely what you describe is likely to happen because people are not going to give up word processing or editing databases, so they'll go with whatever software is available to meet their needs. There is another path: teach people the value of software freedom.
The Free Software movement proves that "the marketplace" is not the almighty immobile force you describe (or perhaps you're just interpreting too much in terms of the marketplace in order to make it appear unchanging; hence whatever happens it will be seen through that lens). When the GNU project began, many people said nobody would write software without being paid and when people are paid to write software, they are being paid to write non-free software. History clearly shows those people were wrong. In fact a number of the organizations that distribute non-free software now use the GNU Compiler Collection (gcc) as their chief compiler, and ship part of the rest of the GNU operating system too. People have been paid to write Free Software and governments are getting the idea that their people's ability to communicate freely using a computer rests on using Free Software.
I think the key is to teach more people about software freedom. Take this opportunity to show people that with Free Software you won't be beholden to any proprietor's interests. As the pool of people using Free Software grows your chances for being able to get by with Free Software grows too.
Digital Citizen
Most nations do not have a DMCA. The decryption work will simply be performed outside the sphere of influence of this facism.
Microsoft could choose to emulate Adobe and trigger an FBI investigation of OOO within the borders of the US. In doing so, they would trigger a fight with Sun.
Sun is much larger than Elcomsoft, and it would be the fight of the century. It might actually be the key moment where the IT industry overthrows the DMCA (as should have happened some time ago).
When Sun wins (Microsoft legal will find a way to screw it up), the DMCA will suffer a mortal blow. Congress would be extremely unwise to attempt to strengthen it; those who endorse such an action will face the wrath of some well-organized lobbiests.
Microsoft, choose your battles carefully.
A DRM push by Microsoft might drive a few more OEMs into this camp.
The DRM feature in Office and Outlook enables a user to prevent emails and documents from being forwarded to and viewed by people not specified by the sender/creator. That's all this feature is.
100% Wrong. You clearly do not understand how proprietary DRM systems work. All 'security' whatsoever hinges upon the assumption that the client's application will play by the rules. Once you have the sent document and the decryption key(s) on your computer, all faith is in the application software. The moment that someone releases a hack for the new Office and Outlook that allows a user to access the plaintext or override the "do not copy / re-send / print" flag, all supposed DRM security will be entirely worthless. It is truly this simple: If you can read it, you can copy it. The DRM being proposed here is security through obscurity. Microsoft is betting that people won't find the proverbial "key hidden under the doormat." Even if this DRM system was eventually backed up by hardware (which doesn't look very likely at this point), people could still take a picture of the screen and use OCR to recover the text.. that is until the hardware itself is cracked.
Furthermore, I would like to point out that not all of your e-mail recipients use or want to use Outlook. Anyone who doesn't won't be able to read your emails, so enabling DRM isn't really a viable option anyhow.
I want to control who has access without having to expose the recipient to the mystery and overhead of encryption.
What you're asking for is an impossible pipe dream. For the reasons explained above, you will never be able to have true control over what someone does with information you send them. Using encryption, you can protect that information up to the point where they receive it, but you cannot reliably keep them from sending it to someone else. The best you can ever hope to do is build trust among the people you communicate with.
By the way, you cannot avoid the "overhead" of encryption. It's the foundation of any DRM system. The only difference is that the new Outlook / Office / etc. will try to make it mostly invisible to the user. You'll still need keyrings, signing, and passphrases if that encryption is to be of any value whatsoever.
So, in summary:
1.) proprietary DRM systems are not very cool
2.) proprietary DRM systems are, in fact, insidious. They do not offer true security but they DO try to force people to all use the same email, office, whatever software.
"If you're a senior executive and you're carrying around your five-year business plan, you probably want to have that information secured so only you can read it," he said.
If you're carrying around very sensitive data the only methods you should be relying on are tried and tested encryption, and physically restricting access
Businesses can lock down such documents now with third-party tools such as encryption software, but embedded rights management tools in the document creation software are much easier and more likely to be used, Gartenberg said.
"The harder you make security to use for the end user, the less people are going to use it," he said.
The safer you make people feel, the more risks they will take - someone said that about anti-lock breaking systems
This comment does not represent the views or opinions of the user.
Think about:
The system is ultimately ineffective (screen shots anyone?, hand made copies?, pocket cell-phone cameras?), and false security is worse than none
It requires additional infrastructure (cost) and software upgrades (cost) then locks you in to the M$ implementation
Companies (financial) will have to manage (cost) the new documents to meet compliance issues (ie: you can NOT have documents that are required to be kept for compliance be protected from copying or have them expire - and how do you stop it?)
Single point of failure:What if the DRM server is down (temporary downtime company-wide for M$ Office)
What if the DRM server crashes and can't be restored (permanent loss of important data)
Will M$ provide a backdoor (for Law Enforcement, PATRIOT ACT, etc), what if it's leaked ?
THIS IS A DOCUMENT MANAGEMENT ISSUE - not a security problem, people need EDM/ECM not more gimmicks !
'Hacking' into the document to provide interoperability or to recover data may be a FEDERAL OFFENSE under DMCA
What about search/rescue for the users who screw up and lock themselves or others out of documents accidentally ???
Forced upgrades (al la Win2K) just to continue to use YOUR OWN (DRMed) corporate assets
Louts Notes has had a (less user-friendly) version of this since R2, and very few shops use it (encryption keys)
On the bright side:
There are a huge number of users/customers/vendors/partners who will not be able to use the DRM documents (requires upgrade), so it will take years to even marginally implement for external communications (which is one of the main items people want it for in the first place)
Some obvious possibilities for abuse include:
Stopping Whistleblowers (Enron, Pentagon, Worldcom/Arthur Anderson, Whitewater)
Erasing potential evidence: stockbroker send you bad advice in a doc that expires in 30 days
Erasing potential evidence: boss tells you to do something unusual that gets you into trouble
Erasing potential evidence: employees colluding to do things detrimental to a company (embezzle?)
Mafia can us it for betting slips, other low-level secure comms
Word/Excel macro viruses could be set to self-destruct to protect the guilty
Restricting fair-use rights
The Terrorists could use it !
See Also:
http://www.securityfocus.com/columnists/165
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
1) Will DRM or other features in the new Office break backward compatibility with earlier Word/Excel/etc formats? In other words, will opening and editing and saving a Word 97 file in the new Word prevent older Word versions (or 3rd party applications) to open that file later?
2) Will Microsoft make any encoding APIs freely available to the public for 3rd party applications to open and use those files?
3) If the answer to 2) is no, will Microsoft license any encoding APIs to 3rd parties and will these be non-discriminatory?
4) If the answer to both 2) and 3) is no, will Microsoft agree not to invoke legal action in the event that 3rd parties reverse engineer any encoding APIs?
5) If the answers to all of 1) through 4) is no, is Microsoft not concerned about US or EU anti-trust authorities ruling that the Office file strategy is anti-competitive?
You have it quite wrong. DRM is not encryption. It is amazing to me that people so often confuse the two.
Encryption is the art of securing a communication that both parties want secret. An example of encryption is the Pentagon-Kremlin hotline.
DRM is the art of securing a communication that only the sender wants secret. The whole point of DRM is that you are trying to keep the communication from leaking even in the face of an adversarial recipient.
The distinction is a really big deal! It's the whole reason why DRM is so difficult (and, to some, so objectionable).
Disclosure: I work for Microsoft, in the cryptography/anti-piracy/DRM group.
Digital rights management requires a whole closed system to make it hard to crack.
It's not possible to implement many features of DRM management using open-source software -- it's too easy for someone to code a loophole when the source is available.
For example, what if you wanted to mark a document was as read-only and unprintable for everyone except the author? If OpenOffice.org supported DRM like this, one would simply hack the program to to disregard such restrictions. It would be a sure bet that someone would create a DRM-circumventing variant, and the DRM-enforcing version would quickly become irrelevant.