Slashdot Mirror
Microsoft Prepares Office Lock-in
An anonymous reader writes "NEWS.COM has an article describing Office 2003's DRM features for documents. This will not only coerce those running older versions of Office to upgrade, which has been a problem for MS in the last few years, but it will also shut out competing software, such as OpenOffice. Now think about this for a second. Even if the developers of a competing office suite could figure out how to get their software to open an Office 2003 document, doing so would be a DMCA violation, since they'd be bypassing an anti-circumvention device. I certainly hope the OpenOffice team will kick development into high gear. If there was a time we need a viable competitor to Office, it's now."
Who's with me?
Anyone?
+5, Female
As long as there is enough room under the door to shove a thin-crust pizza under it, I'm game.
Don't blame Durga. I voted for Centauri.
For those of you who like to throw DMCA around like a big, evil boogeyman, last time I checked, reverse-engineering for the purposes of interoperability is allowed by the DMCA.
Jay (=
This article emphasizes the role of DRM in commercial settings. It's perfectly reasonable for corporate customers to want to control access to their documents in the workplace, and that's what the Office 2003 DRM features are targeted towards. It's just a dumb client-server authentication scheme, people.
Put away the aluminized headgear. This is not an anti-consumer technology, or even a consumer-oriented one.
The article points out, and I agree, that it's unlikely DRM will be applied to documents by default, since implementing it requires configuring Windows Server 2003 and ensuring both the creator and reader of the document have access/accounts on the Rights server.
It's really targeted at businesses which make heavy use of Active Directory already (or would switch to doing so), so that Finance people can restrict access to sensitive salary documents and such. Most people, even if they can apply DRM to a document, won't choose to do so. How many people change the rights for their local drives to remove access for 'Everyone'?
My impression from this document is that it is an optional feature, only active when the creator of the document specifies who can read it.
When the creator thinks it should only be readable on Windows 2003, and not on other software, that is his responsibility. And it is the responsibility of the reader to reject such documents as unusable.
This is hardly new. We use StarOffice 5.2 at work, and it cannot open password-protected documents from Office 95 or 2000. This is amongst the least problems when using that package in a mixed Office-StarOffice environment.
If I receive documents from suppliers and clients that I can't read, then I will ask them to send it again in another format, and they won't have a problem with that for now.
But five years from now, when everybody buying a Dell or Gateway machine has the latest version of Office bundled with their machine, I will likely be the only guy who can't read their documents, and their sympathy will have disappeared. I'll have to upgrade.
There's no particularly good way out of this using the marketplace; the marketplace will dictate it.
This is a feature some people want. It'd not on by default (how could it, be, since it requires a properly configured server to do the rights management).
It'll let businesses lock their documents down, for internal use. Nothing at all here gives any indication that all documents created will have DRM forced on. If a business or user doesn't want to use it, don't turn it on.
Pointy-Haired Boss. it's a dilbert reference.
for the first time will include tools for restricting access to documents created with the software. Office workers can specify who can read or alter a spreadsheet, block it from copying or printing, and set an expiration date.
Users get to set it. It's not automatic.
IAALS.
coerce those running older versions of Office to upgrade, which has been a problem for MS in the last few years
Yeah, it's so damn irritating when your customers pay you for something, and then expect to continue using it.
Dream on.
Call me a cynic, but I've lost count of the number of times that MS forced upgrade cycles were going to be the end of the company. It hasn't yet, and won't be in the future, even with this. Enough people and companies will pay to make it a non-issue. Watch.
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Law firms, especially, need this feature.
Right now they have to assume that a word document is unaltered upon receipt from a client. Now, with DRM, they can guarantee it. They also need to control distribution of documents and readability.
Pretty much every major corporation will want this feature once they understand it.
So, instead of fighting DRM, jump on the bandwagon, and have --better-- rights management in Open Office.
I'm not actually convinced that you need to have compatability between Office suites. Really, most people can use their existing MS Office to edit their Office documents and their new Office to edit their new documents. That way, if the old Office license is expired by Microsoft, everyone can complain to MS about how they can no longer read their documents, whereas, Open Office would theoretically never have that problem.
So, I would educate customers that file compatibility is not particularly necessary.
This is my sig.
We allready use OpenOffice for all our end user's here. Just be sure the Pc has 128 megs of ram, and put the office quicklaunch on startup, or they will complain about how long it takes to start. Otherwise, it works awesome for all standard end user word / excel tasks (99% of end users). As soon as your company gets one of those audit letters, spring the OpenSource and the management will come flocking. =)
No I didnt spell check this post...
IIRC, the DMCA specifically permits circumvention of copy protection/DRM/anything else if it is done specifically for purposes of interoperability (not just to allow unauthorized access to information). That means that OpenOffice or any other competitor would be allowed to crack their encryption in order to allow their users to read .doc files. Right?
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
At the same time, Microsoft has been fairly savvy in protecting its {monopoly|competitive advantage} without really ticking off the media. The Messenger lockdown is pretty blatant, and I haven't seen much public outrage - primarily because the people using Trillian et al are not the mainstream (yet). The big companies that are locked into their Microsoft investments make choices every 2-5 years when they upgrade their desktops. If Microsoft can create FUD - by claiming incompatibility or building it into new products - then they can hold off OpenOffice for another few years. I wonder if the EU would see this as anti-competitive (the US won't/can't do anything even if it does).
warning: epoll_wait is not implemented and will always fail
All web forms get automatic spell checking under OS X, with no third party app required.
Grammar the other hand is no proper checking way.
taken! (by Davidleeroth) Thanks Bingo Foo!
First of all, DRM wouldn't be a requirement for all documents, it would most likely be a "feature".
.02
Second, what the hell does Linux have to do w/Anti-DRM and people switching? Linus has specifically stated that he has no opinion either way. If you want it, woo, if not, woo. People aren't sick and tired of DRM and it's not BS (no matter what "we" think)
Linux is taking a foothold because other software companies have expensive software.
You think that an alternative to Office is going to help? There have been alternatives (Corel, etc) did it matter? Do you think because they are creating a new version of Office it will render the other files incompatible? That would be really really dumb for MS to do (no ability to bring in your old stuff? retype? what?)
The only reason for a switch is PRICE. Honestly, no matter what bullshit people spread on here about how good OO, SO, etc, are, they aren't what MSO offers. Not even close.
Until the OO, SO, etc, get some strong following and somehow create something better than Office, no one is going to care unless it is money related and even then, I doubt a few hundred dollars is going to matter...
Just my worthless
As often happens, people have reacted to a Microsoft article without understanding the real issue.
There have been many times when I have wanted to keep an email or a document out of the hands of other people. I once got in trouble for sending an email joke to people whom I knew would enjoy the humor. Alas, they forwarded the email to others who forwarded it to others... and so on... so that eventually it ended up in the hands of someone who took the value on "diversity" a bit too far and were offended.
The DRM feature in Office and Outlook enables a user to prevent emails and documents from being forwarded to and viewed by people not specified by the sender/creator. That's all this feature is. The sender/creator certainly has the option of not embedding DRM into the email or document so that there is no rights management involved.
This feature is one I have wanted for many, many years. I want to control who has access without having to expose the recipient to the mystery and overhead of encryption.
-Everyone laughs at lemmings but no one ever wants to admit to ever being one.
...unlike in the previous years where a lowly secretary could get her hands on an executive document detailing such things as fleecing the investors, dumping (on accident or on purpose) HIGHLY toxic chemicals into the local residential area's water supply or other scandalous corporate activities will simply cease to be.
Unless the rights to print such a document are still allowed, it would mean that corporations can get away with hundreds upon hundreds of scams, illegal activites and everything else that our nation's current corporate climate has bred.
Now, if we had a culture of doing the right thing, being honest and trusting, then there would be no issue with having such DRM capabilities being built into an office software package... Of course, that kind of feature would never be used in such a world as there wouldn't be any reaon, if people could be trusted.
I know that DRM makes sense on protecting a company's assets, but it can be the carte blanche to the CEO's of the world to forgo legal business practices...
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
Yes there is always the arguement that DRM will never stop an employee jotting stuff down from screen to paper and walking with that info, but there is a hell of a better chance someone is going to spot him copying 400+ pages of information, whereas with no DRM he could jsut copy the document and walk.
It says in the article that this was a feature that customers had requested, and I for one can fully beleive that. Expire documents when they become dangerously out of date? Fantastic (think of health and safety!). Dont want an accountant to walk with sensative finacial information they get emailled? Dont let them print the document or do anything other than view it.
Employers need to trust employees, certainly, but that trust also needs to be earnt. And yes you can emulate a lot of DRM with other means (no printer) but then that restricts peripheral things as well.
Even if the developers of a competing office suite could figure out how to get their software to open an Office 2003 document, doing so would be a DMCA violation, since they'd be bypassing an anti-circumvention device
This isnt MSs fault, this is the fault of a dumb law, and thats it. Want to blame someone for that? Blame the people who let it get voted in - the US populas.
It has been said before that MS Office has not had any real good features since office 97, and that this is a feature that will force people to upgrade. My view is that yes a lot of people will upgrade because of this, but not forcable. They will upgrade because tehy WANT these IRM features, as it gives them more control.
The last paragraph in the article states: ""It's not going to be adopted en masse, but I think they'll have a good rollout department by department for people dealing with more sensitive documents." and this is precisely what the office 2003 release is aimed at, the people who requested the features and who want them. If OOo had this feature before MS Office, I bet you could have enticed quite a few businesses over from the Office series jsut based on IRM.
(Yes, I know it's silly, but anyway.)
Curmudgeon Gamer: Not happy
A few facts and then an opinion:
1) DRM technology will be available to businesses which choose to run a DRM server on Windows 2003. It will not be enabled by default.
2) The technology will allow a management (or really the top level key holders) to limit document access rights to specific individuals or a group within the organization. A very valuable feature for many businesses.
3) Without a doubt, MS will abuse this technology to lock their customers into the new Office document format, which they will further abuse to limit document exchange from MS to third party applications.
The problem here is not 1) and 2). Those are perfectly reasonable features that most businesses want to buy. The problem is 3), the vendor lock-in issue. The Open Office project could write the same kind of DRM services into their suite, while at the same time offering document portability to those who hold top level keys to an organization's documents. IMO, this is where they should go long term, since it's obvious MS has hit upon a valuable technology - but like they're always abt to do, they're first instinct is to use the new technology to lock their customers in rather than sell their customers on their new features, quality engineering, and support. Businesses want both the DRM controls and document portability across a wide range of applications. MS always fails their customers in this regard and that's one reason why they've got such a bad reputation.
JMO.
Maynrd
"Newest MS Office to have encryption features."
Would anybody be upset if they integrated PGP into MS Outlook? No? Well, now they're doing it with Word. This is fine.
Obviously, encryption would require changes to the file format. This is a pretty standard sort of upgrade arm-twisting. They're adding a new feature. Woo.
There are no trails. There are no trees out here.
You all hope this would backfire and blow up in Microsoft's face.
I think that is wishful thinking. "Why?" you say? It's quite simple, Microsoft has proven to have more business saavoy than anyone here. I'm just going to trust that Microsoft knows what they are doing when it comes to manipulating the market.
This is just yet another slashdot pipe dream of the demise of Microsoft, Think about how many other articles showing how MS will fail there have been here.
“Common sense is not so common.” — Voltaire
OK. Let me get this straight. A private company introduces software that basically introduces built-in encryption for word documents, spreadsheets, and email. This technology is designed to allow companies to prevent emails and documents from accidentally "leaking" to the press or into the hands of corporate spies. This won't even affect the home user AT ALL because home users don't have the necessary software to make use of IRM anyway (it requires a separate Windows 2003 Server in addition to MS's Information Rights Management software).
And the availability of this product is somehow an example of "blatant abuse of the law"? I think some people here are suffering from some kind of paranoia.
I tried your bloody chmod and this is what i got...
/
C:\>chmod -R 777
'chmod' is not recognized as an internal or external command, operable program or batch file.
C:\>
be a bit more helpful next time.
Or you just get out your trusty camera and take a picture of it. If you want to get higher tech, capture the EM signal generated by the monitor. It's just like bypassing music DRM by recording from a line out. This sort of security will stop casual snoops, but somebody who wants the information will get it.
This sig has been temporarily disconnected or is no longer in service
Number one most important feature of this that it seems noone is getting:
2 00 30603b.html
This is just Public Key Cryptography based on open and documented standards!
How do I know? I was there when it was announced. In early June at TechEd 2003 in Dallas Texas. Some Korean VP of Verisign showed it off. His accent gave it a very scary "All your base are belong to us" kind of feel, but there it is.
Here's the press release from that day:
http://www.verisign.com/corporate/news/2003/pr_
Please read this before you spout off one more cockeyed comment on how Microsoft is evil cause you won't be able to read this on the plane or how it's proprietary and noone will ever understand it or work with it ever again.
I am disrespectful to dirt! Can you see that I am serious?!
As much as I hate the idea of being sucked into XP or 2003, let alone Office getting DRM built-in,
1 - The rights-management stuff is off by default, says the article.
2 - I do infosec work regularly and I can't get people to use good passwords, and the further from geekdom they get, the faster they forget or circumvent password mechanisms. That's something easy. Key management and other DRM aspects are complex enough to get wrong any one of a dozen ways (either too tight or too loose).
3 - Imagine a pointy-hair reacting to you telling him that he just DRM'd his ass out of his own spreadsheet... forever.
I predict this 'great idea' will be rarely used since 99% of people can't be bothered to do much easier and less dangerous security tasks. Further, some companies will probably just ban it's use (since an employee can lock the boss out or stuff could accidentally get wrongly locked). It will inspire fear when people get burned. And a fair number of 'forced adopters' will go to gray market earlier versions and stop the upgrade treadmill completely, or jump to alternatives.
Oh, and imagine the fun if it does get put in: the boss makes you work overtime to get a report in by Friday night (Monday won't cut it!), so you stick in DRM to expire it at 9am Monday, so he has to call for a resend. Send inflamatory messages with a one-read, no-print, expires-forever rule so your flamage has a chance of evaporating after impact. And the geek-chic power of being able to screenshot someone that does the same thing back at you and get their ass fired.
A last comment: if you want to help the undoing of the MSOffice stranglehold, take stock of your own personal and business relationships and pressure anyone you can (not customers, not the boss or people who will hurt you for doing so) to use non-office methods. Politely ask sales drones to resend stuff in a non-Doc/Excel/Powerpoint/Viso format. When asked, spread FUD!: blame microsoft-laden viruses and them being less-trusted. But start the revolution by inconveniencing them. The monopoly is due to habits.
Sure, permission caching can be self-defeating if you set the cache to hold on to an authentication token for a year. But this is a general problem with permission cacing in general, and not unique to anything Microsoft might choose to implement.
Maximum security requires frequent re-authorization. Daily. Hourly. Every 15 minutes.
A good authentication server would be able to tell you who has a cached authorization token, so then when you decide to revoke access to a file you can tell which people have a cache token on their laptops that you need to kill ASAP.
So far as leaking secrets to competitors, the DRM "solution" simply requires you to convert across an independent medium... printout, screenshot, photograph of screen. The only thing this "DRM" provides is the ability to mass-distribute a document within a company without worrying that someone might be on a mailing list that they're not supposed to be on... since everyone has to authenticate to read the attached document, they'd have to use an authenticated account to read it.
..only now it'll be as easy as clicking a checkbox -- or perhaps:
Clippy: Hi, I can see you're trying to [take over the world] -- would you like me to enable DRM?
You guys even bother reading the article at all?
The technology is designed to enable secure document transfer between trusted parties. For instance, documents containing trade secrets or engineering specs for a company's latest greatest apps. The creator of the document can secure it so only specified people can read it, limiting potential leaks outside of the company, or the document falling into the wrong hands.
It is not enabled by default and it requires an internal infrastructure to implement (Windows Server 2003 with Windows Rights Management) so the average joe blow isn't going to even be able to use it.
As for "competing products" not being able to read these secured documents, well that's the whole point right? If you're publishing secure documents, you're securing them for a reason, and you're only going to want those who can read it to read it.
There could be an argument for Microsoft to publish an open standard for interoperation, but this is America, not a socialist state, so that argument is a little weak.
Personally, I think this is a cool feature, and one I'm personally going to be using for my day to day work.
Probably redundant... but here goes...
According to the article, it is not the default behavior for O2K3 to use Information Rights Management. In fact, in order for Office to lock a document, there has to be a Win2K3 Server running the rights manager suite somewhere on the LAN...
Nothing to see here... move along...