Slashdot Mirror
Microsoft Prepares Office Lock-in
An anonymous reader writes "NEWS.COM has an article describing Office 2003's DRM features for documents. This will not only coerce those running older versions of Office to upgrade, which has been a problem for MS in the last few years, but it will also shut out competing software, such as OpenOffice. Now think about this for a second. Even if the developers of a competing office suite could figure out how to get their software to open an Office 2003 document, doing so would be a DMCA violation, since they'd be bypassing an anti-circumvention device. I certainly hope the OpenOffice team will kick development into high gear. If there was a time we need a viable competitor to Office, it's now."
Just imagine the backlash that will come from inter-company communication via Excel and Word. Hell, my company has had numerous problems with reporting (scripts that mine data from various sources, such as Excel, and generate reports) and document management systems just because of differences between Excel/Word 97 and 2000 files. This may be what FOSS needs to start making massive market penetration.
Who's with me?
Anyone?
+5, Female
As long as there is enough room under the door to shove a thin-crust pizza under it, I'm game.
Don't blame Durga. I voted for Centauri.
Next person to say something like "They made very sure that Office has these features that nobody else has" without specifying a single damn feature is getting slapped upside the head with a wet trout.
Whenever I ask people why they choose MSWord over a competing product, I always get the same answer: "It has more features." Feature like what? Ten different versions of "Clippy?" No wonder MS has the word procsessing industry in a kung-fu grip.
For those of you who like to throw DMCA around like a big, evil boogeyman, last time I checked, reverse-engineering for the purposes of interoperability is allowed by the DMCA.
Jay (=
Now all Sun needs to do is release an OS X native version, add a database that works more like Access (maybe php or jsp scripting) and MARKET THE HELL OUT OF IT.
Comment removed based on user account deletion
This article emphasizes the role of DRM in commercial settings. It's perfectly reasonable for corporate customers to want to control access to their documents in the workplace, and that's what the Office 2003 DRM features are targeted towards. It's just a dumb client-server authentication scheme, people.
Put away the aluminized headgear. This is not an anti-consumer technology, or even a consumer-oriented one.
The article points out, and I agree, that it's unlikely DRM will be applied to documents by default, since implementing it requires configuring Windows Server 2003 and ensuring both the creator and reader of the document have access/accounts on the Rights server.
It's really targeted at businesses which make heavy use of Active Directory already (or would switch to doing so), so that Finance people can restrict access to sensitive salary documents and such. Most people, even if they can apply DRM to a document, won't choose to do so. How many people change the rights for their local drives to remove access for 'Everyone'?
My impression from this document is that it is an optional feature, only active when the creator of the document specifies who can read it.
When the creator thinks it should only be readable on Windows 2003, and not on other software, that is his responsibility. And it is the responsibility of the reader to reject such documents as unusable.
This is hardly new. We use StarOffice 5.2 at work, and it cannot open password-protected documents from Office 95 or 2000. This is amongst the least problems when using that package in a mixed Office-StarOffice environment.
If I receive documents from suppliers and clients that I can't read, then I will ask them to send it again in another format, and they won't have a problem with that for now.
But five years from now, when everybody buying a Dell or Gateway machine has the latest version of Office bundled with their machine, I will likely be the only guy who can't read their documents, and their sympathy will have disappeared. I'll have to upgrade.
There's no particularly good way out of this using the marketplace; the marketplace will dictate it.
This is a feature some people want. It'd not on by default (how could it, be, since it requires a properly configured server to do the rights management).
It'll let businesses lock their documents down, for internal use. Nothing at all here gives any indication that all documents created will have DRM forced on. If a business or user doesn't want to use it, don't turn it on.
Does this not violate Microsoft's DoJ agreement? I mean, this is obviously anticompetitive behavior. I think that people will see this new "feature" and either not upgrade (unless it adds A LOT of worthwhile features) or save their files as RTFs or older doc formats. I think Microsoft is shooting themselves in the foot with this. People want compatibility, that's why they stick with Windows. People will reject this.
Help I'm a rock.
Pointy-Haired Boss. it's a dilbert reference.
Another thing to think about is this: Notice MS hasn't been soo forthcoming lately about linux as a competitor. I think maybe their "near silence" means they are actually getting worried.
In adding this to office, they are really going to separate the market. I bet they figure, if they do this, whoever jumps on board will likely STAY on board due to the fact that switchig to open-source in the future after you've already got a bulk of documents done in this "new office" will be MUCH harder.
I think they just drew a line in the sand. . and they figure they are KEEPING whoever doesn't cross now
for the first time will include tools for restricting access to documents created with the software. Office workers can specify who can read or alter a spreadsheet, block it from copying or printing, and set an expiration date.
Users get to set it. It's not automatic.
IAALS.
New version of [Software] has [feature1..featureN] that will make it incompatible with previous versions. Observers say that [Company] hopes this will drive sales of [Software].
Whatever.
Information wants to be $1.98/lb.
coerce those running older versions of Office to upgrade, which has been a problem for MS in the last few years
Yeah, it's so damn irritating when your customers pay you for something, and then expect to continue using it.
Dream on.
Call me a cynic, but I've lost count of the number of times that MS forced upgrade cycles were going to be the end of the company. It hasn't yet, and won't be in the future, even with this. Enough people and companies will pay to make it a non-issue. Watch.
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Where does it say *all* docs will be protected?
If its just docs you choose to use DRM with, then whats the problem? You choose to do that knowing the limitations because it makes sense for your use case. If thats a problem, you don't use it.
If I, as a company, choose to require all outgoing docs to have DRM, its my need to protect my information thats locking people in, not Microsoft.
And for what its worth, I don't use a speck of Microsoft software outside of work, and wouldn't. But lets get real here.
Law firms, especially, need this feature.
Right now they have to assume that a word document is unaltered upon receipt from a client. Now, with DRM, they can guarantee it. They also need to control distribution of documents and readability.
Pretty much every major corporation will want this feature once they understand it.
So, instead of fighting DRM, jump on the bandwagon, and have --better-- rights management in Open Office.
I'm not actually convinced that you need to have compatability between Office suites. Really, most people can use their existing MS Office to edit their Office documents and their new Office to edit their new documents. That way, if the old Office license is expired by Microsoft, everyone can complain to MS about how they can no longer read their documents, whereas, Open Office would theoretically never have that problem.
So, I would educate customers that file compatibility is not particularly necessary.
This is my sig.
We allready use OpenOffice for all our end user's here. Just be sure the Pc has 128 megs of ram, and put the office quicklaunch on startup, or they will complain about how long it takes to start. Otherwise, it works awesome for all standard end user word / excel tasks (99% of end users). As soon as your company gets one of those audit letters, spring the OpenSource and the management will come flocking. =)
No I didnt spell check this post...
IIRC, the DMCA specifically permits circumvention of copy protection/DRM/anything else if it is done specifically for purposes of interoperability (not just to allow unauthorized access to information). That means that OpenOffice or any other competitor would be allowed to crack their encryption in order to allow their users to read .doc files. Right?
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
Of course it's a calculated risk.. Some people will hate the DRM, but a lot of companies will really like it. Being able to say that a document can only be opened by managers in your company, for example, is worth lots of PHB points.
http://www.catb.org/~esr/jargon/html/P/PHB.html
This sig under construction. Please check back later.
The server software will record permission rules set by the document creator, such as other people authorized to view the document and expiration dates for any permissions. When another person receives that document, they briefly log in to the Windows Rights Management server--over the Internet or a corporate network--to validate the permissions.
I read this as follows:
You cannot read a document when not connected to the internet. If, by some chance, a DDOS attack is launched against a company's 'Rights Management Server' (which MUST be exposed to the 'net), or it is otherwise hacked into and shut down, then ALL of the documents with this 'feature' in them will cease to function.
Pardon me, but it is utterly stupid to rely on a single server/service to remain running just so I can read something. A DDOS attack can literally shut down a company at this point.
You can accomplish anything you set your mind to. The impossible just takes a little longer.
At the same time, Microsoft has been fairly savvy in protecting its {monopoly|competitive advantage} without really ticking off the media. The Messenger lockdown is pretty blatant, and I haven't seen much public outrage - primarily because the people using Trillian et al are not the mainstream (yet). The big companies that are locked into their Microsoft investments make choices every 2-5 years when they upgrade their desktops. If Microsoft can create FUD - by claiming incompatibility or building it into new products - then they can hold off OpenOffice for another few years. I wonder if the EU would see this as anti-competitive (the US won't/can't do anything even if it does).
warning: epoll_wait is not implemented and will always fail
I wonder what this will do for companies such as Apple who are building in MS office document readability/writeability into their applications/operating systems? Right now I can read and write .ppt files in Keynote, and .doc files with, ahem other bits of software on my OS X boxes. So, is this simply an attempt at providing a more secure environment or is Microsoft doing an end run around other folks to make it a federal crime in the name of security to compete with them?
Visit Jonesblog and say hello.
...or even know about this.
Us here at SlashDot tend to take a dim view of Microsoft (even though many of us like some of their products-- I myself like their mice, and MS Word is nice), but most people don't even realize there's a choice.
I apply for Unix Systems Administrator positions sometimes, and virtually ALWAYS I get asked for my resume in... MS Word format.
Giving them a PDF isn't good enough. They just ask you for the Word version again as if you'd said nothing.
I'm starting to think that MS's slogan should be "But EVERYONE uses Microsoft!", since that seems to be the way most end-users seem to think (without even realizing it). Or, of course, it could just be "Microsoft: You WILL use our software, whether you want to or not...")
This sort of thing is getting really tiresome. When will MS finally get the Grand Cosmic Smackdown for doing this sort of thing? How long can an ill-gotten monopoly last? (And why do so many SlashDotters seem to like defending MS?)
Honey, I shrunk the Cygwin
MicroSoft is in my opinion doing a wrong thing by making their documents unsharable. WordPerfect documents can be shared almost seamlessly from versions 6 thru 11. Forcing everyone to upgrade to share documents is expensive and impractical. People should start encouring exporting to PDF to make their documents sharable and hopefully Adobe won't do something as stupid as this.
First of all, DRM wouldn't be a requirement for all documents, it would most likely be a "feature".
.02
Second, what the hell does Linux have to do w/Anti-DRM and people switching? Linus has specifically stated that he has no opinion either way. If you want it, woo, if not, woo. People aren't sick and tired of DRM and it's not BS (no matter what "we" think)
Linux is taking a foothold because other software companies have expensive software.
You think that an alternative to Office is going to help? There have been alternatives (Corel, etc) did it matter? Do you think because they are creating a new version of Office it will render the other files incompatible? That would be really really dumb for MS to do (no ability to bring in your old stuff? retype? what?)
The only reason for a switch is PRICE. Honestly, no matter what bullshit people spread on here about how good OO, SO, etc, are, they aren't what MSO offers. Not even close.
Until the OO, SO, etc, get some strong following and somehow create something better than Office, no one is going to care unless it is money related and even then, I doubt a few hundred dollars is going to matter...
Just my worthless
As often happens, people have reacted to a Microsoft article without understanding the real issue.
There have been many times when I have wanted to keep an email or a document out of the hands of other people. I once got in trouble for sending an email joke to people whom I knew would enjoy the humor. Alas, they forwarded the email to others who forwarded it to others... and so on... so that eventually it ended up in the hands of someone who took the value on "diversity" a bit too far and were offended.
The DRM feature in Office and Outlook enables a user to prevent emails and documents from being forwarded to and viewed by people not specified by the sender/creator. That's all this feature is. The sender/creator certainly has the option of not embedding DRM into the email or document so that there is no rights management involved.
This feature is one I have wanted for many, many years. I want to control who has access without having to expose the recipient to the mystery and overhead of encryption.
-Everyone laughs at lemmings but no one ever wants to admit to ever being one.
...unlike in the previous years where a lowly secretary could get her hands on an executive document detailing such things as fleecing the investors, dumping (on accident or on purpose) HIGHLY toxic chemicals into the local residential area's water supply or other scandalous corporate activities will simply cease to be.
Unless the rights to print such a document are still allowed, it would mean that corporations can get away with hundreds upon hundreds of scams, illegal activites and everything else that our nation's current corporate climate has bred.
Now, if we had a culture of doing the right thing, being honest and trusting, then there would be no issue with having such DRM capabilities being built into an office software package... Of course, that kind of feature would never be used in such a world as there wouldn't be any reaon, if people could be trusted.
I know that DRM makes sense on protecting a company's assets, but it can be the carte blanche to the CEO's of the world to forgo legal business practices...
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
If you read the article (which it seems the submitter didn't even do), you'll see that Microsoft says that applying DRM to a file will be an exception, not the default behavior. This means that the OpenOffice team will be able to figure out the Office 2003 file formats without DRM features, and open and manipulate those files just fine.
The only files that they won't be able to work with will be files that someone has chosen to apply DRM to. And from the document creator's point of view, this is a good thing. The ability to open the file in another app that was not beholden to Microsoft's DRM server would render the DRM completely useless. And DRM itself is not a bad thing. If you think so, perhaps you should execute "chmod -R 777
The first interesting thing will be to see where MS goes from here. Will Office 2004 have DRM as a default? If so, that would make interoperability a great deal more difficult. But more interesting is how the open source community will respond. DRM on documents is an important feature. If I'm putting out a document, it might be useful for me to be able to specify who can view it, who can edit it, and so on, without having to resort to filesystem ACLs. Sure, it's not absolute security on the document, but it's another layer. So it might be a good thing to consider to have some sort of open source DRM alternative for OpenOffice.
-Todd
"The details of my life are quite inconsequential..."
Remember, the DMCA (17 USC 1201(a), in this case) only concerns itself with works protected under the copyright act... We got into this discussion the other night in class, when someone suggested that they could simply encrypt an uncopyrightable simple compilation of facts and thus protect it under the DMCA. No; if the data itself isn't copyright(able|ed), simply adding encryption doesn't make it a DMCA violation.
The issue, obviously, becomes thornier when you distribute software (OpenOffice) that can circumvent... But again, the DMCA might not apply here either. It's at least arguable, if the ability to open DRM-protected documents is only incidental; see 17 USC 1201(a)(2).
Finally, I seriously doubt Office 2003 will save documents protected with DRM by default, given the overhead (an available Windows 2003 server to authenticate/authorize) required. Never mind interoperability and backwards compatibility; you couldn't work on such a document on your laptop on a plane, or anywhere you didn't have connectivity and VPN access... No way would the business community put up with that sort of crippling as SOP, even if they wanted to turn it 'on' for certain documents.
geek. lawyer.
Yes there is always the arguement that DRM will never stop an employee jotting stuff down from screen to paper and walking with that info, but there is a hell of a better chance someone is going to spot him copying 400+ pages of information, whereas with no DRM he could jsut copy the document and walk.
It says in the article that this was a feature that customers had requested, and I for one can fully beleive that. Expire documents when they become dangerously out of date? Fantastic (think of health and safety!). Dont want an accountant to walk with sensative finacial information they get emailled? Dont let them print the document or do anything other than view it.
Employers need to trust employees, certainly, but that trust also needs to be earnt. And yes you can emulate a lot of DRM with other means (no printer) but then that restricts peripheral things as well.
Even if the developers of a competing office suite could figure out how to get their software to open an Office 2003 document, doing so would be a DMCA violation, since they'd be bypassing an anti-circumvention device
This isnt MSs fault, this is the fault of a dumb law, and thats it. Want to blame someone for that? Blame the people who let it get voted in - the US populas.
It has been said before that MS Office has not had any real good features since office 97, and that this is a feature that will force people to upgrade. My view is that yes a lot of people will upgrade because of this, but not forcable. They will upgrade because tehy WANT these IRM features, as it gives them more control.
The last paragraph in the article states: ""It's not going to be adopted en masse, but I think they'll have a good rollout department by department for people dealing with more sensitive documents." and this is precisely what the office 2003 release is aimed at, the people who requested the features and who want them. If OOo had this feature before MS Office, I bet you could have enticed quite a few businesses over from the Office series jsut based on IRM.
(Yes, I know it's silly, but anyway.)
Curmudgeon Gamer: Not happy
for the first time will include tools for restricting access to documents created with the software. Office workers can specify who can read or alter a spreadsheet, block it from copying or printing, and set an expiration date.
this will be great when someone quietly locks 10 years worth of documents he created before getting laid off... a week later, after his Win* user ID has been deleted, his boss will loooooove the new DRM features implemented by Microsoft.
there's no place like ~
A few facts and then an opinion:
1) DRM technology will be available to businesses which choose to run a DRM server on Windows 2003. It will not be enabled by default.
2) The technology will allow a management (or really the top level key holders) to limit document access rights to specific individuals or a group within the organization. A very valuable feature for many businesses.
3) Without a doubt, MS will abuse this technology to lock their customers into the new Office document format, which they will further abuse to limit document exchange from MS to third party applications.
The problem here is not 1) and 2). Those are perfectly reasonable features that most businesses want to buy. The problem is 3), the vendor lock-in issue. The Open Office project could write the same kind of DRM services into their suite, while at the same time offering document portability to those who hold top level keys to an organization's documents. IMO, this is where they should go long term, since it's obvious MS has hit upon a valuable technology - but like they're always abt to do, they're first instinct is to use the new technology to lock their customers in rather than sell their customers on their new features, quality engineering, and support. Businesses want both the DRM controls and document portability across a wide range of applications. MS always fails their customers in this regard and that's one reason why they've got such a bad reputation.
JMO.
Maynrd
"Newest MS Office to have encryption features."
Would anybody be upset if they integrated PGP into MS Outlook? No? Well, now they're doing it with Word. This is fine.
Obviously, encryption would require changes to the file format. This is a pretty standard sort of upgrade arm-twisting. They're adding a new feature. Woo.
There are no trails. There are no trees out here.
You all hope this would backfire and blow up in Microsoft's face.
I think that is wishful thinking. "Why?" you say? It's quite simple, Microsoft has proven to have more business saavoy than anyone here. I'm just going to trust that Microsoft knows what they are doing when it comes to manipulating the market.
This is just yet another slashdot pipe dream of the demise of Microsoft, Think about how many other articles showing how MS will fail there have been here.
“Common sense is not so common.” — Voltaire
Well, looks like Microsoft finally figured it out. DRM file formats and protocols have been on my mind for quite awhile as potential tools that they could could use to *specifically* target Open Source. Here's why:
What Microsoft will do with the Word DRM is "license" the technology to other commercial interests that wish to maintain file compatibility. They know that THIS is the wedge they can drive into things to split off the open-source projects, because A) no self-respecting open-source project would license MICROSOFT technology, and B) even if they would, they likely couldn't afford it.
Look for this to happen with the next round of media file formats as well. On a more sensationalistic note, what if MS bribed say, NVidia to DRMize their hardware interface. Nobody could then make calls to that hardware without either having a license or violating the DMCA. Again, commercial interests can afford the license, but do you think RedHat and such would like to bankroll Open Source's hardware compatibility licenses? Perhaps at first, but eventually I think not...
Watch out.
-JT
OK. Let me get this straight. A private company introduces software that basically introduces built-in encryption for word documents, spreadsheets, and email. This technology is designed to allow companies to prevent emails and documents from accidentally "leaking" to the press or into the hands of corporate spies. This won't even affect the home user AT ALL because home users don't have the necessary software to make use of IRM anyway (it requires a separate Windows 2003 Server in addition to MS's Information Rights Management software).
And the availability of this product is somehow an example of "blatant abuse of the law"? I think some people here are suffering from some kind of paranoia.
It's a Catch-22 for Microsoft. Either force people to upgrade by mandating DRM (and risk losing everything), or continue supporting legacy versions (and eliminate the incentive to upgrade or use DRM).
I think the only customers who will be "locked into" an Office upgrade are those dumb enough to use the DRM features. The Darwin effect is coming soon, to an office near you.
Get the company legal department and managers involved. Point out that company policy and/or the law requires certain things be done with documents, eg. certain finance-related documents must be kept for certain lengths of time or the company can face fines, certain documents must have file copies made, policy dictates that certain people receive copies of documents. The DRM features in the new Office software may, depending on what the sender sets, prevent the required things from being done. If the creator specifies "no copies", archive copies of financial and/or legal documents couldn't be made which must be made. Since some of the senders may not be within the company and may very well have good reason to prevent a record being made, this could put the company in the position of being legally liable while not being able to control their liability. That's the kind of stuff that makes lawyers nervous, and the lawyers have the ear of the board of directors and executives.
Don't get me wrong, I LOVE OpenOffice.org. But I don't see how getting into "high gear" is going to do any good unless OO.o manages to completely revolutionize the office suite paradigm far beyond what MS has. OO.o is a great *alternative*, but it's not really doing much more than MS Office does and there are some features missing. To get "mind share" (profit can go to hell since that's not why most of us are here), OO.o is going to have to provide above and beyond what MS Office provides. Is that possible? I don't think it is.
Sure, some people might want to jump ship when they figure out that MS is going to hold them hostage with DRM. But that's only going to be a small fraction of office suite users. The majority will grudgingly hand the cash over to MS and upgrade. The only way to get more people to WANT to move over to OO.o or some other alternative is to provide exactly what most coders despise: features. This is what Joe Average is interested in. Yes, I am aware that OO.o has some features that distinguish it from MS Office, but it's not enough of a difference to really count.
An example of a feature that an average user would find "useful" no matter how stupid it might sound to a true geek, is say... self-contained executable documents. If a user could write something and then save it as a "self contained" document that was platform independent, I think it would be a feature that goes beyond MS Office. Think about it... the user saves the doc and then e-mails it to someone. The recipient can then just open the attachment WITHOUT needing to have OO.o installed on their machine... or MS Office... or ANY office suite. Instead the document itself comes with an exectutable that provides basic reader fearures, possibly an executable that will install a lightweight editor, or even contains an editor itself. Obviously it wouldn't have all the features that OO.o contains, but just enough to read and maybe edit.
Or... maybe the document would never get sent to the recipient. Instead the document would remain on an HTTPS accesible document store. The recipient would get an attachment that contains authentication to allow seamless access to the https document store and a path to the document. Along with this document store is the ability to "edit locally" which would give the user the option to run an editor over the HTTPS link or use a locally installed editor depending on the situation. This would go well beyond anything the MS Office suite does now and would appear to be far beyond MS's current mode of thought.
That's where things need to go if MS is to be usurped of the office suite mindshare that it currently posseses.
Un-news
This feature is off by default. Certain companies will want to lock-in their documents. This is a 100% complete non-issue.
"Sufferin' succotash."
Unless the rights to print such a document are still allowed, it would mean that corporations can get away with hundreds upon hundreds of scams, illegal activites and everything else that our nation's current corporate climate has bred.
This isn't going to change anything. Today a technically competent corporation can secure documents using certificates, PGP, etc. If they really want to cover their tracks they can do so. Better yet, they can do their dirty work only on paper, then shred it when the feds show up. Seemed to work just fine for enron.
This sig has been temporarily disconnected or is no longer in service
The DMCA clearly and unambiguously allows reverse-engineering and circumvention to achieve interoperability.
d f
Don't just assume and feed absurd conspiracy theories. READ THE LAW.
http://www.loc.gov/copyright/legislation/dmca.p
Or you just get out your trusty camera and take a picture of it. If you want to get higher tech, capture the EM signal generated by the monitor. It's just like bypassing music DRM by recording from a line out. This sort of security will stop casual snoops, but somebody who wants the information will get it.
This sig has been temporarily disconnected or is no longer in service
The DRM feature in Office and Outlook enables a user to prevent emails and documents from being forwarded to and viewed by people not specified by the sender/creator.
I presume this means that every email you forward to me has to be read in outlook. Somehow I don't think Microsoft will write a plugin for lotus notes (what I'm stuck using at work) or PINE or mutt. So now I'm forced into using a Microsoft product which I'll have to pay for to read all those emails. And a couple of versions in the future I may no longer be able to copy/paste between half my emails and documents because people got used to leaving the DRM button checked. And I won't be able to make easy backups of my email because the DRM thinks I'm making illegal copies and sending them on...
If I want to keep something anonymous I just tell people in person. I'd much rather do that than deal with all the potential hassle.
If Sun or some open source team developed an import filter that circumvented microsoft's drm, microsoft would never win a legal case against them. It's easy to use the DMCA to try to go after people who have all the appearance of pirates. It's an entirely different thing to go after a corporation that's clearly using the cirumvention to provide compatibility and competition.
Furthermore, if Microsoft won the DMCA suit, they could be immediately prosecuted for using the DRM as a lockout to maintain their monopoly. Hell, they could be sued even before that.
This sig has been temporarily disconnected or is no longer in service
Number one most important feature of this that it seems noone is getting:
2 00 30603b.html
This is just Public Key Cryptography based on open and documented standards!
How do I know? I was there when it was announced. In early June at TechEd 2003 in Dallas Texas. Some Korean VP of Verisign showed it off. His accent gave it a very scary "All your base are belong to us" kind of feel, but there it is.
Here's the press release from that day:
http://www.verisign.com/corporate/news/2003/pr_
Please read this before you spout off one more cockeyed comment on how Microsoft is evil cause you won't be able to read this on the plane or how it's proprietary and noone will ever understand it or work with it ever again.
I am disrespectful to dirt! Can you see that I am serious?!
As much as I hate the idea of being sucked into XP or 2003, let alone Office getting DRM built-in,
1 - The rights-management stuff is off by default, says the article.
2 - I do infosec work regularly and I can't get people to use good passwords, and the further from geekdom they get, the faster they forget or circumvent password mechanisms. That's something easy. Key management and other DRM aspects are complex enough to get wrong any one of a dozen ways (either too tight or too loose).
3 - Imagine a pointy-hair reacting to you telling him that he just DRM'd his ass out of his own spreadsheet... forever.
I predict this 'great idea' will be rarely used since 99% of people can't be bothered to do much easier and less dangerous security tasks. Further, some companies will probably just ban it's use (since an employee can lock the boss out or stuff could accidentally get wrongly locked). It will inspire fear when people get burned. And a fair number of 'forced adopters' will go to gray market earlier versions and stop the upgrade treadmill completely, or jump to alternatives.
Oh, and imagine the fun if it does get put in: the boss makes you work overtime to get a report in by Friday night (Monday won't cut it!), so you stick in DRM to expire it at 9am Monday, so he has to call for a resend. Send inflamatory messages with a one-read, no-print, expires-forever rule so your flamage has a chance of evaporating after impact. And the geek-chic power of being able to screenshot someone that does the same thing back at you and get their ass fired.
A last comment: if you want to help the undoing of the MSOffice stranglehold, take stock of your own personal and business relationships and pressure anyone you can (not customers, not the boss or people who will hurt you for doing so) to use non-office methods. Politely ask sales drones to resend stuff in a non-Doc/Excel/Powerpoint/Viso format. When asked, spread FUD!: blame microsoft-laden viruses and them being less-trusted. But start the revolution by inconveniencing them. The monopoly is due to habits.
If you give up on freedom, precisely what you describe is likely to happen because people are not going to give up word processing or editing databases, so they'll go with whatever software is available to meet their needs. There is another path: teach people the value of software freedom.
The Free Software movement proves that "the marketplace" is not the almighty immobile force you describe (or perhaps you're just interpreting too much in terms of the marketplace in order to make it appear unchanging; hence whatever happens it will be seen through that lens). When the GNU project began, many people said nobody would write software without being paid and when people are paid to write software, they are being paid to write non-free software. History clearly shows those people were wrong. In fact a number of the organizations that distribute non-free software now use the GNU Compiler Collection (gcc) as their chief compiler, and ship part of the rest of the GNU operating system too. People have been paid to write Free Software and governments are getting the idea that their people's ability to communicate freely using a computer rests on using Free Software.
I think the key is to teach more people about software freedom. Take this opportunity to show people that with Free Software you won't be beholden to any proprietor's interests. As the pool of people using Free Software grows your chances for being able to get by with Free Software grows too.
Digital Citizen
Open Office 1.1 rc3 does exactly this. There is a macro recorder that produces Basic scripts. This will run unchanged on Windows, Linux, Solaris, and MacOS/X.
http://www.openoffice.org
Do you think MS doesn't even use their own software?
It doesn't matter if M$ uses their own software, they don't produce even good crap. At least from my experience, it doesn't matter whose dog food they are eating, it is still processed dog food, i.e., shit.
One. In 1987 or so, I had to use the M$ debugger. Whenever you stepped into a C subroutine that it didn't have the source for, it dropped automatically into asm mode, and when you stepped back into the source code, it did not erase the registers and other parts of the asm debug display before putting the source code back on the screen, so it was a weird mixture of asm register leftovers and source code and line numbers. How could they ship crap like that, did they never use it themselves?
Two. In the early 90s, I had to use Word to maintain technical documents. Whenever we revved the software, even for minor tweaks like the copyright date, we also had to rev the documents. So we would edit, changing only the date and rev number, and it would screw up the pagination, with the last page printing as page 33 of 32. This happened maybe half the time. Sometimes a quick change and backspace would cure it, sometimes a print preview, sometimes half an hour of cursing and fussing would be required. You will never convince me they hadn't encountered this bug themselves. We all ran into it.
Three. Several years ago, I had to use the M$ development environment. In the first day alone, I found four bugs. Now maybe I just don't use it like the manual says, but they shouldn't have been present anyway. The only one I remember now is that I would click on the button to add a function or variable, it would do so, I would hit the X to close the window, and apparently that was not the proper way, because the next time it had to open that file, it would yap that the disk file had changed, horrors, should it reload?
I hardly ever use M$ software, those three periods were probably the only times in the last 15 years, which means they are 3 for 3 in producing shit. That's a pretty atrocious record.
M$ produces crap software. That is why I have never liked their products, along with frozen unconfigurable features, lack of control, updates which introduce incompatibilities just for the sake of forcing upgrades, and so on. Dislike of Bill Gates' ethics is a poor second to all these reasons.
Infuriate left and right
Most nations do not have a DMCA. The decryption work will simply be performed outside the sphere of influence of this facism.
Microsoft could choose to emulate Adobe and trigger an FBI investigation of OOO within the borders of the US. In doing so, they would trigger a fight with Sun.
Sun is much larger than Elcomsoft, and it would be the fight of the century. It might actually be the key moment where the IT industry overthrows the DMCA (as should have happened some time ago).
When Sun wins (Microsoft legal will find a way to screw it up), the DMCA will suffer a mortal blow. Congress would be extremely unwise to attempt to strengthen it; those who endorse such an action will face the wrath of some well-organized lobbiests.
Microsoft, choose your battles carefully.
A DRM push by Microsoft might drive a few more OEMs into this camp.
Sure, permission caching can be self-defeating if you set the cache to hold on to an authentication token for a year. But this is a general problem with permission cacing in general, and not unique to anything Microsoft might choose to implement.
Maximum security requires frequent re-authorization. Daily. Hourly. Every 15 minutes.
A good authentication server would be able to tell you who has a cached authorization token, so then when you decide to revoke access to a file you can tell which people have a cache token on their laptops that you need to kill ASAP.
So far as leaking secrets to competitors, the DRM "solution" simply requires you to convert across an independent medium... printout, screenshot, photograph of screen. The only thing this "DRM" provides is the ability to mass-distribute a document within a company without worrying that someone might be on a mailing list that they're not supposed to be on... since everyone has to authenticate to read the attached document, they'd have to use an authenticated account to read it.
Have a nice little TCP server that authenticates a user through a SSL connection, accepts an encrypted document, see if user has permissions, and if so, decrypt data with the creator's private key and spit it back to the client OOo program, which will display it in the document window. I don't think it would be really hard to code.
OOo people, do you copy me? (pun intended)
Esquire generally just means "Gentleman." That is, I am a gentleman. Versus being a crass slob or something. Attorneys use it because they have such a bad reputation in this world, adding Esq to their name tries to cover that up. Just like when a news channel says "Fair & Balanced." you know that they are trying to cover something up.
The DRM feature in Office and Outlook enables a user to prevent emails and documents from being forwarded to and viewed by people not specified by the sender/creator. That's all this feature is.
100% Wrong. You clearly do not understand how proprietary DRM systems work. All 'security' whatsoever hinges upon the assumption that the client's application will play by the rules. Once you have the sent document and the decryption key(s) on your computer, all faith is in the application software. The moment that someone releases a hack for the new Office and Outlook that allows a user to access the plaintext or override the "do not copy / re-send / print" flag, all supposed DRM security will be entirely worthless. It is truly this simple: If you can read it, you can copy it. The DRM being proposed here is security through obscurity. Microsoft is betting that people won't find the proverbial "key hidden under the doormat." Even if this DRM system was eventually backed up by hardware (which doesn't look very likely at this point), people could still take a picture of the screen and use OCR to recover the text.. that is until the hardware itself is cracked.
Furthermore, I would like to point out that not all of your e-mail recipients use or want to use Outlook. Anyone who doesn't won't be able to read your emails, so enabling DRM isn't really a viable option anyhow.
I want to control who has access without having to expose the recipient to the mystery and overhead of encryption.
What you're asking for is an impossible pipe dream. For the reasons explained above, you will never be able to have true control over what someone does with information you send them. Using encryption, you can protect that information up to the point where they receive it, but you cannot reliably keep them from sending it to someone else. The best you can ever hope to do is build trust among the people you communicate with.
By the way, you cannot avoid the "overhead" of encryption. It's the foundation of any DRM system. The only difference is that the new Outlook / Office / etc. will try to make it mostly invisible to the user. You'll still need keyrings, signing, and passphrases if that encryption is to be of any value whatsoever.
So, in summary:
1.) proprietary DRM systems are not very cool
2.) proprietary DRM systems are, in fact, insidious. They do not offer true security but they DO try to force people to all use the same email, office, whatever software.
"If you're a senior executive and you're carrying around your five-year business plan, you probably want to have that information secured so only you can read it," he said.
If you're carrying around very sensitive data the only methods you should be relying on are tried and tested encryption, and physically restricting access
Businesses can lock down such documents now with third-party tools such as encryption software, but embedded rights management tools in the document creation software are much easier and more likely to be used, Gartenberg said.
"The harder you make security to use for the end user, the less people are going to use it," he said.
The safer you make people feel, the more risks they will take - someone said that about anti-lock breaking systems
This comment does not represent the views or opinions of the user.
This feature can be activated by selecting "Document Permissions" from either the toolbar or the File menu. Documents are NOT created with this feature enabled by default, although there might be some random little option somewhere to make it the default option.
In Word, this feature enables you to specify which people can read it, and it automagically turns off Print Screen and Printing if I remember correctly, and maybe the clipboard too. In Outlook this prevents you from forwarding or copying the text to clipboard too.
As for home users being able to use it, for the purposes of the beta Microsoft allowed users to use their .net passport as the method of authenticating users, in addition to whatever 2k3 server they might have had. I'm not sure if they're going to allow .net passports after the Office 2003 launch, but only time will tell. Office 2003 users will have to download some additional program (will probably also be on the CD too) to gain access to restricted documents.
For what it's worth, here's what the microsoft help document has to say on the issue:
You guys even bother reading the article at all?
The technology is designed to enable secure document transfer between trusted parties. For instance, documents containing trade secrets or engineering specs for a company's latest greatest apps. The creator of the document can secure it so only specified people can read it, limiting potential leaks outside of the company, or the document falling into the wrong hands.
It is not enabled by default and it requires an internal infrastructure to implement (Windows Server 2003 with Windows Rights Management) so the average joe blow isn't going to even be able to use it.
As for "competing products" not being able to read these secured documents, well that's the whole point right? If you're publishing secure documents, you're securing them for a reason, and you're only going to want those who can read it to read it.
There could be an argument for Microsoft to publish an open standard for interoperation, but this is America, not a socialist state, so that argument is a little weak.
Personally, I think this is a cool feature, and one I'm personally going to be using for my day to day work.
Their real reason for DRM in Office...
To stop the Halloween Documents from leaking year after year!
Think about:
The system is ultimately ineffective (screen shots anyone?, hand made copies?, pocket cell-phone cameras?), and false security is worse than none
It requires additional infrastructure (cost) and software upgrades (cost) then locks you in to the M$ implementation
Companies (financial) will have to manage (cost) the new documents to meet compliance issues (ie: you can NOT have documents that are required to be kept for compliance be protected from copying or have them expire - and how do you stop it?)
Single point of failure:What if the DRM server is down (temporary downtime company-wide for M$ Office)
What if the DRM server crashes and can't be restored (permanent loss of important data)
Will M$ provide a backdoor (for Law Enforcement, PATRIOT ACT, etc), what if it's leaked ?
THIS IS A DOCUMENT MANAGEMENT ISSUE - not a security problem, people need EDM/ECM not more gimmicks !
'Hacking' into the document to provide interoperability or to recover data may be a FEDERAL OFFENSE under DMCA
What about search/rescue for the users who screw up and lock themselves or others out of documents accidentally ???
Forced upgrades (al la Win2K) just to continue to use YOUR OWN (DRMed) corporate assets
Louts Notes has had a (less user-friendly) version of this since R2, and very few shops use it (encryption keys)
On the bright side:
There are a huge number of users/customers/vendors/partners who will not be able to use the DRM documents (requires upgrade), so it will take years to even marginally implement for external communications (which is one of the main items people want it for in the first place)
Some obvious possibilities for abuse include:
Stopping Whistleblowers (Enron, Pentagon, Worldcom/Arthur Anderson, Whitewater)
Erasing potential evidence: stockbroker send you bad advice in a doc that expires in 30 days
Erasing potential evidence: boss tells you to do something unusual that gets you into trouble
Erasing potential evidence: employees colluding to do things detrimental to a company (embezzle?)
Mafia can us it for betting slips, other low-level secure comms
Word/Excel macro viruses could be set to self-destruct to protect the guilty
Restricting fair-use rights
The Terrorists could use it !
See Also:
http://www.securityfocus.com/columnists/165
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
1) Will DRM or other features in the new Office break backward compatibility with earlier Word/Excel/etc formats? In other words, will opening and editing and saving a Word 97 file in the new Word prevent older Word versions (or 3rd party applications) to open that file later?
2) Will Microsoft make any encoding APIs freely available to the public for 3rd party applications to open and use those files?
3) If the answer to 2) is no, will Microsoft license any encoding APIs to 3rd parties and will these be non-discriminatory?
4) If the answer to both 2) and 3) is no, will Microsoft agree not to invoke legal action in the event that 3rd parties reverse engineer any encoding APIs?
5) If the answers to all of 1) through 4) is no, is Microsoft not concerned about US or EU anti-trust authorities ruling that the Office file strategy is anti-competitive?
Googling for pdf_sec.ps along with "Adobe" or whatnot should give you more info.
General Electric has announced that they will begin producing bread. This bread will have special ingrediants so that it only works in GE toasters.
If you use non-GE bread, your toast will come out over-cooked, so it is highly recommended that you buy the new bread from GE, which costs $30 a loaf.
If you attempt to mix a slice of their bread with a slice of Wonder bread (such as you only have 1 slice of GE bread left), you will be in violation of the Gormet Millenium Copyright Act of 2010, and could be fined up to $30,000.
General Electic will also be shipping all new toasters with titanium alloys. This innovative feature ensures safety by preventing people from trying to open their toaster when it stops working. To improve user friendliness, the toasters will lock onto the power cords and secure them, so users will be unable to accidently unplug their toasters and become confused about why it isn't toasting.
Hypocrisy is the 8th deadly sin.
Probably redundant... but here goes...
According to the article, it is not the default behavior for O2K3 to use Information Rights Management. In fact, in order for Office to lock a document, there has to be a Win2K3 Server running the rights manager suite somewhere on the LAN...
Nothing to see here... move along...
You have it quite wrong. DRM is not encryption. It is amazing to me that people so often confuse the two.
Encryption is the art of securing a communication that both parties want secret. An example of encryption is the Pentagon-Kremlin hotline.
DRM is the art of securing a communication that only the sender wants secret. The whole point of DRM is that you are trying to keep the communication from leaking even in the face of an adversarial recipient.
The distinction is a really big deal! It's the whole reason why DRM is so difficult (and, to some, so objectionable).
Disclosure: I work for Microsoft, in the cryptography/anti-piracy/DRM group.