E-Mail Controls in Office 2003

TiggsPanther writes "The BBC's Technology News reports than the next version of MS Office will include E-Mail controls which should limit way that e-mail messages can be forwarded. Being tied into the Information Rights Management concept, it might be interesting to see how quickly this gets taken up."

but but but....

the washington post (via msnbc) says dont bother with Office 2003 at all
http://www.msnbc.com/news/982713.asp?0dm=T15NT

fp?

Re:but but but....

[brolewis]

Ah,isn't it nice to see a Microsoft site (MSnbc) bashing an MS product? The irony.

Re:but but but....

[TedCheshireAcad]

It's entertaining to see that given all the "features" in Outlook, the best e-mail client ever is still Pine. I can get my e-mail anywhere there is an ssh client (or telnet if I'm feeling ballsy). There is no excuse for needing anything more than a 486 to get e-mail.

Some day, it's bound to happen, there will be some garbled pile of shit in my inbox sent from one of these Outlook clients, well, kids, (D)elete, e(X)punge, (Y)es, I'm sure. Done and done.

Re:but but but....

[theTerribleRobbo]

> the best e-mail client ever is still Pine.

Ahem. Mutt.

Re:but but but....

[Acidic_Diarrhea]

That's not so much ironic as it is refreshing. Most media outlets are tied in with parent companies that produce some type of media, which results in many biased reviews. It's good to see a news organization taking a look at a product without considering the parent company's interests - although I believe that NBC is the larger shareholder in the MSNBC venture.

Re:but but but....

[c4ffeine]

Damn straight. We just upgraded everything, but the only way to see our email is still through pine or using a crappy web-based system called IMP. Still, Pine is easier to use than most other systems

Re:but but but....

[jvj24601]

>> the best e-mail client ever is still Pine.

> Ahem. Mutt.

You misspelled "elm". Hope this helps.

Re:but but but....

Well, can pine handle imap over ssl ? Anyway, Evolution (Ximian) has the "Summary" features which enables one to get RSSed integrated Slashdot stories :)

What ? Pine ? Do you still boot in text mode ?

Re:but but but....

[}}mons{{]

4 me 8s Emacs, its not only an email client its a complete OS...

hmmmmm

[tetrahedrassface]

another reason NOT to use MSoft. AS if I needed one anyway..

Dialog Box

[Infernon]

We just received our Office 2003 discs yesterday. I installed Outlook 2003 because the vertical-side-panel-snap-together-do-hicky is pretty sweet.
If you use the e-mail DRM service(straight from the dialog box):
- You need a .NET Passport.
- Your documents won't be sent to or stored by Microsoft.
- If Microsoft decides to end the trial, you can access the restricted documents and e-mail for at least three months, as long your .NET Passport is active.
- Microsoft won't decrypt contect protected by the service unless a court order requires it.
I read something about being able to use DRM within an organization, but that it required running some sort of IRM server. Don't know anything else beyond that though.

Re:Dialog Box

[croddy]

If Microsoft decides to end the trial, you can access the restricted documents and e-mail for at least three months, as long your .NET Passport is active.

oh, WELL! ... THAT's good news!

!!

NOT

Re:Dialog Box

"Microsoft won't decrypt contect protected by the service unless a court order requires it"

I encrypt my data using a proper encryption system - PGP. There's no court order out there that can handle that little puppy.

Re:Dialog Box

[gsdali]

I wish MS would not tie things like this to .NET. There's a legitimate use and demand for IRM but why does everyone who uses it, (and people in certain organisations will be compelled to use this or feel its a good idea to use it), have to hand over personal details over to MS.

I'm fairly sure MS wouldn't use the data for nefarious purposes but it seems unnecessary for them to have it for this purpose.

Is there an open standard to compete with this?

Re:Dialog Box

[Saxerman]

At first I thought this was a patch to prevent future email worms, but this is just more DRM management. Besides sounding like the Emperor's New Clothes, for this to work wouldn't your mail client have to query the recipient to make sure they're going to pay attention to whatever rules you apply to your forwarded mail? And, of course, query it in such a way that you can't get a spoofed reply forged to look like a legit MS approved mail client?

This sounds like that phone plan where you only get the discounted rates if you get all your friends to sign up with the same plan. Except in this case the rates aren't any cheaper.

Re:Dialog Box

[Malc]

"I read something about being able to use DRM within an organization, but that it required running some sort of IRM server. Don't know anything else beyond that though."

Ya: they're working hard on tying the client to the server. For those who are happy with proprietary vendor lock-in, there is a lot to be said for these features. In another one, we were looking recently at ways to reduce the number of email attachments as some people had mailboxes over 2GB. Microsoft are working on client-server integration on this, which is interesting. I'm not sure if the cost is worth it, but they certainly make things easy, convenient and useful, which aren't things that are easily factored in to TCO.

Re:Dialog Box

[leifm]

The impression I get is that for the time being the Passport IRM will be free, though it does seem to imply that they will charge eventually. Within an organization you need Windows Rights Management Server running on 2003 server. I am not sure if this is already part of W3k, or if you have to purchase it. All in all I am not seeing Office 2003 selling particularly well, almost everything new is contingent on you running a pretty heavy amount of the MS stack. People who SA'd their Office licenses will be happy though, at least they get something on that one, I have a feeling there will be a lot of pissed off Windows SA people fairly soon.

Re:Dialog Box

the server is required for the DRM they want to implement. basically, the server acts as a keeper of the documents, and people 'log onto' Word, Excel, etc. When they access files, the server provides the access permissions to the client indicating what that user can and cant do. on the user's local machine, use a "stub" file that refers to the real on the server to allow the user to think the file on their local machine, and allows them to "email" the file to a co-worker. Encryption of the docs may not even be necessary, as it's really just the rwxrwxrwx pattern that's well known in UNIX, with some extentions to allow for different permissions.

should be easy for OpenOffice to come up with a suitable substitute or even some form of compatibility. (No DMCA here, it's development of a compatible system.)

And yes, there are many holes in this process (like having client-side enforce permissions for things like printing), but it's a start.

Re:Dialog Box

[Zocalo]

Microsoft won't decrypt contect protected by the service unless a court order requires it.

And there you have it. There is a back door in this here DRM technology, "just in case" of course... So not only is this technology flawed, even by DRM standards, but the necessary tools to circumvent it will be hitting your local dodgy site in 5... 4...

Re:Dialog Box

[DrEldarion]

Exactly how is it not good news? Would you rather have them deleted immediately or not be accessible unless you pay more?

-- Dr. Eldarion --

Re:Dialog Box

[croddy]

it disturbs me that people think of this as a reasonable way to manage content on their personal computers.

I wanna be able to read it until the frigging harddrive burns out. not when some company tells me I can.

on the bright side, 3 mos. might give some folks a chance to reverse-engineer it.

Re:Dialog Box

[JamesP]

Microsoft won't decrypt contect protected by the service unless a court order requires it.

But doing this would be a violation of the DMCA...

GOTCHA, MS!!!

Re:Dialog Box

[Laur]

What about the rest of Office?

Microsoft has also tweaked Word, Excel and Powerpoint, though the most obvious change is a new, blue colour scheme.

Wow, upgrade immediately for useless email DRM and a new blue color scheme! Seriously, Office is pretty much a fully mature product. How long will it be before people realize that upgrading to the new $300 office suit will not enhance their productivity? My company upgraded to Office XP from Office 2000 last year. All I noticed were new annoying "helpful" features I had to turn off. I couldn't tell you one new feature that was added during the change.

Re:Dialog Box

[DrEldarion]

A 3 month window gives you plenty of options. Most of the time you won't need the data anymore. If you do, 3 months gives you plenty of time to rerequest the data from whoever sent it to you in the first place. Also, this all depends on if MS kills the free service.

Anyways, keep in mind that this is only on protected files. If there's no way for you to get it back 3 months later, there's a pretty good chance that whoever sent it to you doesn't WANT you to have it 3 months later and that's pretty much the whole point of the system - giving the creator control over the contents.

-- Dr. Eldarion --

Re:Dialog Box

[timothy_m_smith]

You can also install their IRM server on your local intranet and tie identity to active directory.

Re:Dialog Box

[BrokenHalo]

3 mos. might give some folks a chance to reverse-engineer it.

It might, but this technology should ring alarm bells among managers concerned with security of their data (bearing in mind that it does NOT belong to Microsoft, no matter what tacky devices the latter may introduce into their EULAs).

I would not be at all surprised to see a jump in the number of organisations taking up alternative products. I have heard quite a few rumblings among a number of suits lately whom I would not formerly have credited with the foresight to examine this.

Seems to me that folks are realising that OpenOffice is very good at handling MSOrifice output, while the latter doesn't bother returning the favour. That, in itself speaks volumes.

Re:Dialog Box

[DrEldarion]

Lose what fight? The fight for your "right" to share things that were never yours to share in the first place? Despite what you may want to believe, not all information "wants" to be free. There is a lot of data out there that needs to be kept confidential, and to the creators of that data having a lot more security on it is a good thing. Of course the people who want to copy the data won't think it is, but guess what? You shouldn't be copying it anyways so you don't matter!

I find it amusing how Slashdot reacts to computer security issues with such fervor, but when a type of security comes around that they don't like, it's oh so evil!

-- Dr. Eldarion --

Re:Dialog Box

[letxa2000]

Seems like this is pretty silly. Trying to control what a recipient does with email after you sent it is like trying to reconstruct a nuclear bomb after it detonates. It's too late... it's out there and you really can't say what's going to happen.

If anything, this may give stupid senders a false sense of security. They may think "Well, since I put limits on this email it will never get out." Right. What about copy/paste? Ok, they probably disable copy/paste in the window context. What about a print-screen/snapshot of the entire email? Paint Shop Pro would certainly do the trick.

Also funny was the line "Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003." Yeah, I'm sure there'll be one available for Linux. Doesn't matter. If someone sends me a non-standard email that I can't read it goes to the bit bucket. I may or may not ask them to send it again.

Re:Dialog Box

[BrokenHalo]

I couldn't tell you one new feature that was added during the change.

And most of us would be hard pressed to find one useful feature that wasn't there in Office 97.

Re:Dialog Box

[RetroGeek]

What about a print-screen/snapshot of the entire email?

Or the ultimate un-stoppable copy device..... a camera.

Re:Dialog Box

Nope, wont. Once the DRM-stuff is feature-complete, no program will be able to take screenshot of a "secure" application, be able to print it or do cut-and-paste. Possibilites will range from no screenshot at all to blanking out just the secure apps. You will simply get a black box where your email once was on the screen. You can of course still take digi-cam pictures of your monitor and send these :-)

Re:Dialog Box

[geggibus]

Most people not reading slashdot could probably do everything they need(not want.. people want to do stupid things) with wordpad...

-K

Re:Dialog Box

[letxa2000]

I find it amusing how Slashdot reacts to computer security issues with such fervor, but when a type of security comes around that they don't like, it's oh so evil!

Well, it's Microsoft. We have reason not to trust them.

Plus, more effective encryption (PGP) is available and works on all platforms. So why invent the wheel in such a way that requires that Microsoft become some kind of middleman?

Again, the idea that an email will "self-destruct" is a lie. It will only give a false sense of security to computer users that will actually trust such a technology. It's more dangerous that they think they are protected and trust it than not being protected at all but knowing it.

Re:Dialog Box

[TedCheshireAcad]

The free viewing program is brilliant.

Phase 1: Create an e-mail format only your program can read.
Phase 2: Use that leverage to force organizations using the products of your competitors (e.g. Lotus) to switch to your product.
Phase 3: PROFIT!

Re:Dialog Box

Unless of course they change the file structures again so that as more and more people get the new version you receive more and more files that you can't open on your older version and so are forced to 'upgrade'.

Re:Dialog Box

OK, my users want to produce a series of pie charts from data downloaded from Bloomberg. Where do they do that in Wordpad?

Re:Dialog Box

[TomServo]

What I want to know is, what kinds of protections are there for when information *should* be free, especially if legal matters are involved.

Say a boss sends a sexually harassing e-mail to an employee, a message set to self-destruct in a short amount of time. Poof, there goes any proof that the employee had of the harassment going on.

Say another Enron pops up, only this time, there's no evidence of illegal accounting practices because there's no e-mail trail any longer.

Or, to play George W., what about any terrorists who are using e-mail to communicate? I'm sure that any e-mail communication currently going on is encrypted, but with enough time that encryption could be cracked. It can't if the e-mail just suddenly disappears.

It seems to me that, like most measures of this ilk, this feature is subject to all sorts of abuse. Nonetheless, like others have said, all you really have to do is retype the e-mail if you really want to duplicate it, or take a digital photo of the screen.

Finally, as far as my "right" to share things that were never mine to share in te first place, how does this, in any way, prevent me from *talking* about something I read in an e-mail?

In the end, I philosophically agree with this. Anything that improves privacy is something that I'm all for. The only issue is, I don't think this really does anything at all to improve privacy other than making it slightly more of a pain in the arse to violate it, and frankly, I don't trust Microsoft with my privacy.

Re:Dialog Box

[ichimunki]

Did you miss the part about this being optional?

However, if someone sends you email that is restricted, will you have the courage to ask them to send an unrestricted copy or you will be forced to ignore the email?

Finally, I wonder how this will work at work. I wonder if companies will have policies against it, or if there will be a single key belong to the company and the company will require it (such that access can be restricted outside the company and/or only to those within the company who have the keys-- no more sending incriminating documents to yourself at home, that sort of thing). If it weren't political suicide, it would be amusing to restrict completely recipients from any reuse, printing, etc, of any email. That would be the best example of why this trend is so scary when they can't even forward jokes because of DRM on the email.

Re:Dialog Box

[Johnny+Mnemonic]

The requirement of a .NET passport account probably means that the key for the decryption is held by MS directly. This is no surprise. However:

• Can corp customers manage the keys themselves, in essence being their own .NET passport server? I'm unaware if this opportunity exists in the .NET framework.
• If the answer to the above is yes, would it prevent someone outside the corp network from being able to authenticate against the corp .NET server, and thereby prohibited from reading the email?
• If the network becomes unavailable, will I not be able to get my auth key, and thereby not be able to read email on my local HD? Or once unlocked does the email remain unlocked?
• I'm never, ever, going to use a "MS viewer" for my email. If they expect this service to catch on, they would implement the key exchange as an open standard, that alternate email viewers could write plugins for. That's bad enough--but requiring a proprietary viewer? Emails sent to me requiring the use of this will be bounced back as "undeliverable".
• Not to mention, such email will probably not be scannable for attached viruses (presumably the entire email is encrypted, including attachments)--so either virus checkers will have to bounce them automatically, or let an unscanned email through their gateway. Great.
  
  In fact, that last is almost sure to kill this idea stillborn, once the threat is realized. Would you allow a certain percentage of your email through without being checked? Or would you bounce it back, first?

Re:Dialog Box

More DRM management.. More Digital Rights Management management? I bet you go to the ATM machine a lot, or like OSes based on NT technology...

Re:Dialog Box

[realdpk]

Insert -> Object -> Paint

Then double click that and you're in MS Paint, the best tool for pie charts and other such useless graphs.

Re:Dialog Box

[PainKilleR-CE]

Plus, more effective encryption (PGP) is available and works on all platforms. So why invent the wheel in such a way that requires that Microsoft become some kind of middleman?

So PGP allows you to prevent people to which you send an email from forwarding it to someone outside of your domain? Or from forwarding it at all? Granted you can't stop someone from bringing up another email window and typing it in by hand from the email on their screen and then sending it out, but I wasn't aware that PGP had these other features...

Re:Dialog Box

[gpinzone]

Huh? Who would be in violation? It's MS' encryption. They can "break" it if they like. Also, law enforcement is exempt from the DMCA.

Re:Dialog Box

Is this a serious question? Encryption and digital signing can solve all these "problems".

Re:Dialog Box

[Tin+Foil+Hat]

I don't think that there needs to be a way to query the recipient. Probably this will entail some sort of public key encryption system ala PGP, but unlocked by that ever secure .NET Passport instead of something that you control. Included in the encrypted message will be rules that state what the client program may or may not do with the message, including reading, replying, and forwarding. Apparently, the message may also contain a 'self-destruct' order that instructs the client to destroy it's copy if it meets certain requirements. Who knows if it's only the requirements set by the creator of the content.

Now, this only works if the client plays by the rules. To ensure this, only Microsoft created clients will be able to read the messages. Well, that's the idea at any rate. I leave it to you to ponder whether or not Microsoft's new system can be broken.

Now, having gotten the method out of the way, this brings up some serious issues for we in the OSS movement and for society at large.

Microsoft has stated that there will be a free viewer available that can read these messages. Note that's a viewer, not a true email client. Users of this viewer will not be able to send messages in the same fashion. It is very possible that they will not be able to do anything with the message other than view it, regardless of whether copyright controls contained therein allow for forwarding. Obviously, if you want to be able to use the messages sent to you by someone else, you must use a Microsoft product. That means that you must run Microsoft Windows. Given that Microsoft only makes software for Windows and Macintosh, and will be dropping support for the Mac, I must conclude that this is simply yet another way for Microsoft to control the market, and stifle competition.

Finally, to satisfy the requirements of my moniker, I should point out that Microsoft will be able to read these messages via it's Passport system. Therefore, by extension, the U.S. government will also be able to read those messages. Don't believe the crap that Microsoft is trying to sell you. This is not about you being able to control what happens to your content (as implied in the article by that bleeding heart story about the woman who sent embarassing material to her irresponsible boyfriend). No, this is about Microsoft controlling what you do on your computer with software that you own. It is also about the government being able to monitor your communication.

Re:Dialog Box

[1010011010]

Microsoft won't decrypt contect protected by the service unless a court order requires it.

Meaning they can decrypt it any time they want. Is it really "secure" if Microsoft has all your keys?

Re:Dialog Box

[1010011010]

I wonder how the "shatter" attack will interact with "secure outlook messages" ...

Re:Dialog Box

[letxa2000]

So PGP allows you to prevent people to which you send an email from forwarding it to someone outside of your domain? Or from forwarding it at all?

No, but as I said, neither will this. In reality, once you send something it's up to the receiver what happens to it. This MS stuff supposedly restricts what the receiver can do with it, but it's not that hard to get around. In worst case it can be screen-shot into a 3rd party app or a digital picture can be taken. The reality is that there's no way to stop emails from being forwarded. Yes, you can make it require a little more effort, but it still can be forwarded.

So now you'll have some people that blindly trust the marketing that will trust that when they set the "No forwarding" flag that it can't be forwarded and then will be shocked when it appears on a competitor's website.

The point is that for anyone to suggest that this actually impedes forwarding or printing is wrong. It makes it a little more difficult, but not that much more difficult. It's better that computer illiterate people realize that anything they send can be forwarded and thus are careful with what they send rather than giving them some false sense of security and having them trust that security to allow them to send stuff they would otherwise think twice of sending.

It really comes down to fairly simple logic: Don't send content to somebody you don't trust. If you're not sure someone is going to keep confidential information confidential, why are you sending it to them in the first place? In such a situation your security problem isn't the software, it's the human factor. And trusting technology to work so that you don't have to trust the human factor is just bad.

Re:Dialog Box

Well because the DRM With the .NET passport is a trial, and the DRM with a DRM Server in your organization is NOT a trial.

Re:Dialog Box

[homer_ca]

Close. PGP can set an eyes only mode for the message where it can only be viewed but not saved. I have no idea how robust it is, i.e. whether it depends on trusted client software or resists screenshot software, but the feature is there. This is really just protection against the casual user. It can't resist retyping by hand or a camera pointed at the screen.

Re:Dialog Box

DRM email is run off of an organizational server, and is designed to be use with Exchange Server and Windows Server 2003 and an Active Directory.

The .NET passport DRM is only an EXPERIMENT/TRIAL for HOME users who don't have an Active Directory. If you are a company you would NOT use the .NET passport encryption feature - you do NOT run a "corp .NET server".

There is a good reason this is not an open standard - your CLIENT has to be trusted. In a corporation, unless someone tries to HACK the system internally, the email won't get out. ITs not designed to stop critical information from getting out - you could always take a photograph of your computer screen - but its designed to keep people from accidentally adding someone to an email thread who isn't supposed to be there, or accidentally forward a message and add in a recipient that shouldn't be on there.

Office DRM just adds an extra layer of protection so in your busy day you don't accidentally send confidential info to one of your friends outside of the company. How many times have you responded to a thread, and thought 'maybe this person knows the answer' without reading the ENTIRE thread and realizing that something secret is earlier in the message?

Re:Dialog Box

[meatspray]

in a way yes, if i send you an encrypted email and you plainly forward it. The new recipient should get the encrypted version for which they should have no key right?

Re:Dialog Box

[rutledjw]

not all information "wants" to be free ... and to the creators of that data having a lot more security on it is a good thing.

And so somehow MS controlling it is a GOOD thing.

I find it amusing how Slashdot reacts to computer security issues with such fervor, but when a type of security comes around that they don't like, it's oh so evil!

OK, this qualifies as completely stupid. If the security implementation is POOR or not in the interest of the consumer why should people react any differently??? I find the Slashdot reaction gratifying! There may be a lot of noise on here, but sometimes the /. masses have a point.

What do you expect? There's a problem (at least in your perception) that "requires" DRM. A company (MS in this case) offers a poor solution. We're supposed to rejoice?

Re:Dialog Box

[CaptainSuperBoy]

You need to query a rights management server. Microsoft has a trial server set up but this is primarily intended for organizations to run their own server. The e-mail is encrypted and the rights management server has to provide you with the key before you can decrypt it.

Re:Dialog Box

[gnu-generation-one]

Okay, how does it work if you send an email to somebody not using exchange, not using outlook, not using hotmail, and without a passport account. Like for example, your customers, clients, suppliers, email newsgroups, friends at other companies, people you're emailing for support, etc.?

Do you just end up sending out encrypted emails that nobody can read?

Re:Dialog Box

Speaking of Lotus, they've been selling DRM-ed email for years. Boo Hoo for them.

Re:Dialog Box

[gsdali]

That sounds much better.

Re:Dialog Box

I installed Outlook 2003 because the vertical-side-panel-snap-together-do-hicky is pretty sweet.

I bet you installed XP for "pretty sweet" luna interface too didn't you? ;-)

Re:Dialog Box

[Fulcrum+of+Evil]

Lose what fight? The fight for your "right" to share things that were never yours to share in the first place? Despite what you may want to believe, not all information "wants" to be free. There is a lot of data out there that needs to be kept confidential, and to the creators of that data having a lot more security on it is a good thing.

Yes, Phillip Morris would have loved this technology, as would anybody wishing to conceal corporate misdeeds.

Re:Dialog Box

[_xeno_]

There are some... issues with using a camera.

I'd think copying the VGA output would produce a nicer result, personally. If LCD monitors can use standard VGA to create a pixel-based display, it's gotta be possible to steal the screen that way too.

Re:Dialog Box

[the_mad_poster]

Then the computer bitch-slaps you with the keyboard and sticks the mouse up your ass.

The problem is there's no DRM on the laws that govern the Universe. I think Microsoft needs to buy out this whole "heaven" outfit and DRM all of reality. Then, and only then, will we be safe from the original, highly advanced methods of unauthorized duplication and dissemination:

"Photography" and "Writing it down".

Ickgh... idiots...

Re:Dialog Box

[contrasutra]

You know, THUNDERBID 0.3 has the vertical side pane too. Its just as good (i've used both)

http://www.mozilla.org

Re:Dialog Box

[poptones]

Not to mention, such email will probably not be scannable for attached viruses (presumably the entire email is encrypted, including attachments)--so either virus checkers will have to bounce them automatically, or let an unscanned email through their gateway. Great.

In fact, that last is almost sure to kill this idea stillborn, once the threat is realized. Would you allow a certain percentage of your email through without being checked? Or would you bounce it back, first?

So then... just curious: do you also automatically bounce back any PGP encrypted email packets arriving at your office LAN?

Not trying to troll, but it seems to me if "this last [point] is almost sure to kill this idea stillborn" then perhaps that's why PGP has also not taken hold? By extension there is a real security risk of allowing ANY PGP encrypted packets onto your LAN that have not been encrypted to a key you control. So what do you do? No office banking? No secure transactions with other companies?

It's either a problem for everyone, or it's not a problem at all. Sounds to me like it's a problem for everyone - not unique at all to MS.

Not that I would trust MS as far as I could throw Steve Ballmer into a headwind... but some consistency is in order.

Re:Dialog Box

[thatguywhoiam]

This is not about you being able to control what happens to your content (as implied in the article by that bleeding heart story about the woman who sent embarassing material to her irresponsible boyfriend). No, this is about Microsoft controlling what you do on your computer with software that you own. It is also about the government being able to monitor your communication.

A round of applause for Mr. Tin Foil Hat, ladies and gentlemen!
Isn't he great? He's here until Thursday.

...

(I kid. BTW, he's right, you know.)

Re:Dialog Box

[Prof.Phreak]

Yeah, I'm sure there'll be one available for Linux. Doesn't matter. If someone sends me a non-standard email that I can't read it goes to the bit bucket. I may or may not ask them to send it again.

Good point. With the amount of spam, every e-mail only gets like a fraction of a second attention to determine if it's even worth looking at. If it's some encrypted gibberish (non PGP), then junk it goes.

Re:Dialog Box

I think that issues you encoutered are on your end. My take (1,121,341 bytes, straight from camera).

Re:Dialog Box

[McAddress]

Say another Enron pops up, only this time, there's no evidence of illegal accounting practices because there's no e-mail trail any longer.

Somewhere in Ken Lay's mind a little voice speaks. "Why didn't I wait until Office2003?"

Re:Dialog Box

[RodgerDodger]

Not necessarily. The key to decrypting the data is the .NET passport, right?

Who has complete access to every .NET passport?

All they need is a way of identifying which .NET passport signed the data, which would be pretty standard. No uber-password needed.

Of course, we all trust Microsoft, and have complete confidence that the registry of .NET passports will never be compromised. Damn, I nearly pulled that off with a straight face...

Re:Dialog Box

fuck you pal

Re:Dialog Box

[Safety+Cap]

Possibilites will range from no screenshot at all to blanking out just the secure apps.

(Un)Fortunately, the way Windoze works is that any given app cannot verify if a message comes from the system or another app. All you do is write your little application to subclass the "Mark" (in this case, Outlook), then send it a WM_PAINT and sit back while that bugger sends you its "screen."

Or, if you want to get super-jakey, write your own screen driver (like terminal services does) and steal the content that way.

The one nice thing I can think of that this foolish DRM does is make it harder to spoof email. Ask your average lUser if they know that emails can be faked, and you'll get back the blank stare. If, on the other hand, the message has some kind of signature key, it could be harder to spoof.

I'd be interested to see how well this works when transmitted over the internet. Ever try sending your home PC meeting notices from work? Doesn't work, 'cause you need Exchange server point-to-point (I believe you need port 135 across the board to get this "feature") to make it happen.

Re:Dialog Box

PGP secure viewer mode AFAIK will not let you copy it, you could foreward the encrypted message, but with the key it's useless.

not going to stop leaks

[jkcity]

I can't really see how this is useful as if you can read it you can copy it and then forward it.

Re:not going to stop leaks

[blastedtokyo]

Actually they thought of that. Cut/paste/print screen are disabled. Of course you can take a digital camera to it or write your own screen capture app but the intent is to prevent casual forwarding.

Re:not going to stop leaks

You could just open up a "Compose" window, and type in the message! Yes, your hands, keyboard, and the compose button are now considered munitions by the DMCA.

Re:not going to stop leaks

[mlush]

Actually they thought of that. Cut/paste/print screen are disabled. Of course you can take a digital camera to it or write your own screen capture app but the intent is to prevent casual forwarding.

casual forwarding is not a problem, its malicious forwarding it needs to hinder

Re:not going to stop leaks

[Keck]

my thoughts exactly; if it's REALLY important, someone will still do it, so this is a lot of effort for almost no gain. Except to piss off your paying customers, something that helps us free software folks .. maybe it's got a good side afterall?

Re:not going to stop leaks

It is impossible to stop malicious forwarding and they're not even trying to.

Casual forwarding is a problem for some corporations and this helps with it.

Re:not going to stop leaks

[MeNeXT]

What have they done about my polaroid?

If I need it, and I can see it, I will get it.

Re:not going to stop leaks

Install VNC.
Use another box to VNC into it.
View email.
Press Print Scrn.

Re:not going to stop leaks

[Laur]

So are you saying that the "Print Screen" button is disabled when you use the software? What about the hundreds of 3rd party screen capture programs out there, are they all disabled too?

Re:not going to stop leaks

[stephenbooth]

What if you do a reply with quote then copy from the edit box? That works in Lotus Notes, that's had this functionality for years. What if one of the recipents has a non-MS mailer? Will they be unable to read the mail or will Outlook realise that it doesn't have a key for them and send them a plain text copy, possibly throwing up a doalog box which 99.9999% of users will just click OK on without bothering to read it? For that matter how does the encryption (the messages have got to be encrypted else it would be a simple job to either intercept them enroute on the network or to write and app to read the mailfiles) work? Do I need to generate and send you a public key before you can send me a mail?

Stephen

Re:not going to stop leaks

[bobKali]

Still, all it requires is for one recepient to open up a compose email dialog and hand copy the text and it's out. This just doesn't make sense from a content-management perspective.

Now, it does make sense if the intent is to lock out competing email clients. And as email is more and more a necessary business tool, this could be leveraged to force companies to use Outlook if they want to communicate with (the majority of large US) companies who use Outlook.

Re:not going to stop leaks

[0123456]

You forget, it's the PHBs who are the paying customers, not the users. PHBs will love this kind of thing, even if the actual users hate it.

Re:not going to stop leaks

In many cases, probably. Directx is capable of bypassing whatever print screen sees. Take a bunch of screen captures of something playing in Windows Media Player and often times you just see a black box where the movie is.

Now the interesting part, as a post above stated, is what happens if you use VNC or remote desktop? Are they going to cripple these apps or somehow pass the "you can't print/capture this" DRM through the app?

In the end it will just be another way for those who know computers to leverage power over those who don't - thanks MS!

Re:not going to stop leaks

[Politburo]

Usually black boxes for video has to do with overlay, and not any sort of sneaky trick to get you to not take captures. Print Screen captures the screen before the overlay (video) is applied.

Re:not going to stop leaks

[MultisSanguinisFluit]

Don't bother... Just enable Terminal Services on the XP machine. Microsoft own client allows you to print screen.

I tried this with a protected message... it works.

Re:not going to stop leaks

[Sexy+Bern]

I got around this a while ago by setting everything to "no hardware acceleration". Bingo! PrtScr captured to clipboard, email-a-mondo.

Re:not going to stop leaks

[actiondan]

casual forwarding is not a problem, its malicious forwarding it needs to hinder

When I worked in corporateworld, casually forwarded emails made up about 50% of my total email workload - I must have wasted about an hour a day on that crap. Sure it's a problem!

Of course, it doesn't look like this new MS stuff is going to solve that problem, as most people aren't going to bother to specify the 'no forward' option. In fact, I think that there isn't really a technological solution - it's a cultural issue.

Re:not going to stop leaks

Yeah, but its designed not to stop all casual forwarding, but casual forwarding of confidential documents.

So you'll still get those stupid 'hey bob look at this new *****' emails but you won't get those 'company confidential, for group A only' emails anymore if you are not in group A.

Re:not going to stop leaks

[TiggsPanther]

The PHBs may pay for the software, but it's the Techies that install it.

and whatever it takes to work around it.

Tiggs

Re:not going to stop leaks

[cerberusss]

Cut/paste/print screen are disabled

When Crossover Office and/or Wine supports it, I guess they will LOVE to leave this particular "feature" unported. :)

Re:not going to stop leaks

[WoTG]

Others have already commented on how this makes casual forwarding and printing difficult.

Another way this is useful is that it automates the deletion of old emails (I think, I haven't really read the article!). This is very handy if a company is sued. If you don't have diciplined practices of DELETING old files and messages, you can be forced to dig up everything in you computer files and backups to supply the search for incriminating evidence. Using software to delete old messages is a good thing.

Re:not going to stop leaks

[westlake]

all it requires is for one recepient to open up a compose email dialog and hand copy the text and it's out. This just doesn't make sense from a content-management perspective

hand written copies can't be authenticated. more than likely, the ones you receive will be corrupted or bogus.

Re:not going to stop leaks

[bobKali]

without a digital signature (which isn't all that common in email today anyway) it can't currently be authenticated.

And for bogus email that's electronically coppied, just look at all the virus warning/urban legend emails out there.

Re:not going to stop leaks

[MrPower]

I can't really see how this is useful as if you can read it you can copy it and then forward it.

I was going to respond with the following,

"Yes, you certainly can, but as soon as you do, you are cannon fodder. Copyright legislation in many countries will see this as circumventing copy protection devices which can land you in gaol. Sometimes the weakest attempts at security can be just as effective if backed up by law.",

but I then had a thought. Needless to say, IANAL but copyright laws (at least in Australia) only protect "documents" against the circumvention of copy protection devices, if they are computer programs. The breach of copyright is then awarded to the owner of the program.

The email, however, is a document that is clearly not a computer program and what's more, the owner of that copyright is not the owner of the program that does the jiggery pokery (i.e. Microsoft).

Hence, by copying the mail item and forwarding it, you have still breached copyright, but your accountability will have nothing to do with taking on M$. I am sure that if there were a case of such copyright infringment, particularly if the hype was big enough, M$ would bring cash to fund the success of the copyright owner.

Having said that, copyright is still (mostly) a good thing. It's just that Bill has found a way to turn it around to retain market share - damn our thoughtcrime!

Re:not going to stop leaks

[topgun98]

This sounds like nothing more than a false sense a security.
I imagine that the damage done by making people think that the information they're sending is protected far outweighs the gains from preventing a small amount of casual forwarders.
I'd rather people just rely on better meathods of distributing information.

Re:not going to stop leaks

[mlush]

but you won't get those 'company confidential, for group A only' emails anymore if you are not in group A.

You won't get thoes 'company confidential, for group A only' emails so often It may prevent a mailing list of PHB's from leaking. But its no more than a 'do not forward this email' with mild enforcement. I'd be willing to bet that its the PHB's who demand the crack so they can 'just send the document home' etc.

boohoo

more we hate ms. boohoohoo

Re:boohoo

i hate you too if it makes you feel any better. i anxiously await the day they ship your job off to india.

E-Mail Controls

In Soviet Russia, E-Mail Controls you!

Re:E-Mail Controls

[Lord_Byron]

In the US too, buddy. Count on it.

RM Services

[IonPanel]

Looks like Microsoft are trying to make the evil RM services appear sweeter. Lets hope nobody falls for it.

Only looking out for themselves with this

[wang33]

The only reason they are doing this to stop the leakage of internal memo's about destroying linux etc. But I assume that employees will still be able to print emails, so its all kind of pointless imho.

Wang33

Re:Only looking out for themselves with this

[Tim+C]

But I assume that employees will still be able to print emails

Why do you assume that? Why do you assume that the print function will be enabled for protected emails or other documents?

Now, I grant you that no technological scheme can completely prevent information from being leaked - it can't stop me taking it down with paper and pen, or photographing the screen, etc, but it can at least make it difficult to do. Also, while the photogrpah would be harder to refute, my hand-written scrawl copy of an email could easily be dismissed as a forgery...

I can see this being very useful for companies and even some individuals, but essentially, there is no technological way of protecting data from redistribution by its intended recipient. It's not going to be as easy as just hitting print, though.

Re:Only looking out for themselves with this

[gl4ss]

it's just another scheme to make life hard for the legit users while they do essentially nothing to those willing to break the rules.

your photo would btw have the same amount of credibility(? right word?) as your hand written scrawl.

but i guess he assumes that things could be printed because phb's want stuff to be printed.
-

Re:Only looking out for themselves with this

[lonb]

Actually, I heard that O2003 alters the display frequency to make photography impossible. It also disables the ability of paper within the surrounding six feet of the computer unable to bond with any other chemicals. It also disables:

• Smoke Signals
• Loud yelling
• Short term and photographic memory of humans and chimpanzees
• Chalk
• Finger painting
• Sign language
• Clever blinking AND winking techniques
• Irish folk dancing
• Everything that has a penguin on it

Re:Only looking out for themselves with this

[0123456]

"your photo would btw have the same amount of credibility(? right word?) as your hand written scrawl."

And the same credibility as that file on your floppy disk which you _claim_ was an email from Bill Gates. A jury of idiots might be convinced, but anyone can write an 'email' in Notepad and stick Gates' name in the header.

The amusing thing is that this could actually have the opposite effect to the one intended, by making it harder for PHBs to deny they sent a particular email, since faking DRM-ed Outlook mailboxes is likely to be rather harder than faking a text file.

Re:Only looking out for themselves with this

[4of12]

stop the leakage of internal memo

This time bomb effect for email decryption will be interesting.

Some companies have Policies about records retention so that old emails are expected to disappear. This is helpful if they feel there are more potential legal liabilities associated with keeping old emails (which makes you wonder exactly what kind of business they're in). Classic examples of emails that some people wish disappeared include Monica Lewinsky's and those introduced by the U. S. Department of Justice at the MS anti-trust trial.

But wholescale destruction is harmful in terms of the lost accumulated knowledge and the inherent business value of data mining at some future time.

Emails don't all have compromising awkward content; some have valuable technical information in them. It's bad enough that old important information is lost amidst a sea of multiple obsolete word processor formats, but if it's in an email that cannot be searched by someone in the business in the future then there is a cost associated with that loss.

Once a corporate culture adopts a model of less trust, you can be sure that people will be less willing to be adventurous and creative and long-term profitability will decline.

Re:Only looking out for themselves with this

[jonbryce]

A photograph would be harder to refute than even a printout or a forwarded copy.

Re:Only looking out for themselves with this

[cerberusss]

I said this in another thread, but when I can run this Office version with Wine and/or Crossover Office, it's going to be as easy as just hitting print. :)

Re:Only looking out for themselves with this

[EddWo]

Someone should have modded this funny
I thought it was funny
Didn't anyone else think it was funny?
I honestly believe that this is funny.
Where are the +1 Funny moderations?

Re:Only looking out for themselves with this

Adobe PDF generally uses a printer driver for PDF creation. Having not seen the version of Office yet, but having spoken to chief MS technologists, this is just a stepping placeholder for where MS wants to be in 5+ years. The OS and Office will share in responsibilities for DRM. There are many "compliance" laws being passed by legislative bodies all over the world that will make these changes required for legal reasons.
The MS plan is ambitious and scary, but trying to meet the needs of large businesses. I expect all Office documents to be encrypted in order to support the DRM plans. They must do this to prevent open source projects from completely ignoring the DRM envelope which may require that the document be deleted after 13 months, or that only XYZ corp can open it.

Interesting requirements. Scary results.

Terrific .. another good idea ruined by MS

This is something that a lot of people will want, as it looks like a real feature.

The problem of course is that MS can't just provide good service. Stay tuned for how they plan to use this to further extort, alienate and harass customers, simultaneously using this to break existing standards, most likely having the result that no one will be able to recieve emails from folks using this feature unless the recipeient is also using Outlook.

Great.

Re:Terrific .. another good idea ruined by MS

[Kierthos]

Shit....

We get orders for printing e-mailed to us regularly. We don't use Outlook for our e-mail. We already have enough problems with the morons who either send no file, or send the wrong file, or send a file we don't have the program for.

How much do you want to bet this will just make things worse?

"I'm sorry, ma'am, but you need to disable all the security settings on your e-mail so we can print it."

"huh?"

Lather. Rinse. Repeat.

Kierthos

Suitable quote..

[Karamchand]

Trying to make bits uncopyable is like trying to make water not wet.
-- Bruce Schneier

Re:Suitable quote..

[spektr]

Trying to make bits uncopyable is like trying to make water not wet.

Don't feel too secure. Room 101 CAN make water not wet. The RIAA is kindly preparing you a test suite if you want to give it a try.

Re:Suitable quote..

[squaretorus]

I can't wait to tell everyone I know that sending emails like "isnt the boss a dick" and " julie from accounts has nice tits" to each other is now 100% SAFE because of the new Outlook options to stop forwarding.

Hilarity ensues!

Re:Suitable quote..

I can too. I just put it in the freezing compartment.

Re:Suitable quote..

To say nothing of the opportunity for corporate espionage, insider trading and general corruption.

Thanks Microsoft.

Re:Suitable quote..

[roystgnr]

I just put it in the freezing compartment.

Yup; the analogy is perfect. To you, the bits on my hard drive are completely uncopyable, because you can't break into my computer any more easily than I can break into your kitchen. If I were to send you some of the bits on my hard drive, however, then any attempt I made to make them "uncopyable" would be about as effective as you sending me a cooler full of ice: it only really works as long as the recipient cooperates.

Re:Suitable quote..

[BESTouff]

Trying to make bits uncopyable is like trying to avoid dupes on Slashdot

-- slightly modified from Bruce Schneier

Re:Suitable quote..

[giblfiz]

Trying to make bits uncopyable is like trying to make water not wet.

you mean you just need to lower the temperature below 0 degrees Celsius?

Re:Suitable quote..

Water below 0 degrees Celsius is not water. It's ice!

Re:Suitable quote..

[MntlChaos]

well if you lower the temp below 0 deg Celsius then whatever is holding those bits has a good chance of failing, so yes.

Re:Suitable quote..

unfortunately you've been too slow.

Re:Suitable quote..

[Colazar]

Well, you do that and it won't be wet anymore, true. But neither will it be water.

It will be ice.

Cutting and Pasting

[kneeo]

oh and cutting and pasting is so hard to do.

Re:Cutting and Pasting

[s20451]

Well, that might be prohibited under a strong DRM scheme. However, there's certainly nothing preventing me from whipping out my digital camera and taking pictures of the screen, then forwarding the images to whomever I please.

Better yet, it could be one of those cell phone cameras. Technology gives back what technology takes away.

Re:Cutting and Pasting

[byolinux]

Disabled, apparently.

Of course, this isn't going to be designed to stop it completely, just for the average user.

I doubt it's actually encrypted in any way.

Re:Cutting and Pasting

[Geek+of+Tech]

What's to keep me from hitting "Print Screen"? Take a bitmap of the entire contents of the screen, instead of Cut/Copy, Paste?

Re:Cutting and Pasting

[Lozzer]

What if you work somewhere where bringing a camera to work is a cautionable offence?

Re:Cutting and Pasting

[AllUsernamesAreGone]

If you're serious, get a minicamera or pinhole digital camera. As my sig says...

Re:Cutting and Pasting

[Zog+The+Undeniable]

Then I expect forwarding the Claire Swire e-mail to all your friends means being hanged at lunchtime in the staff canteen.

Re:Cutting and Pasting

[Faluzeer]

Hmmm

PrintScreen is also disabled...

Though of course most 3rd party screen capture programs won't be affected...

content management?

[Bandman]

Does it still support copy/paste?

How about printscreen?

Re:content management?

[blastedtokyo]

just tried it. copy/paste/prtsc are disabled. guess you need to break out the digital camera or run something like vmware.

Re:content management?

[great+om]

heck, how about print to paper and then scan in using an optical scanner?

How would they stop this -- too many people won't read their email directly, perfering to print it all out to read

Re:content management?

[leifm]

You can restrict printing if you are the document creator.

Re:content management?

[blizzardsoup]

Is print screen disabled if office is not the active/top window? If not, open a small window, leave it on top (out of the way), cap the entire screen and clip what you want.

If print screen is disabled whenever any office product is running (aka all the time since most users leave outlook running all day), this presents a serious usability issue for the desktop and would make it time to install a 3rd party screen capture app.

Re:content management?

[jkabbe]

have you tried any 3rd party screen capture software?

Re:content management?

[JohnFluxx]

Could you try hitting reply, and then trying to copy/paste it from the reply?

Re:content management?

[cyberformer]

You won't be able to do this for long. Third-party screen capture apps are one of the "security holes" that Palladium is intended to patch. Vmware is another. The analog screen output jack (could connect to a VCR) is a third.

The one thing it can't stop is an actual photograph. Time to buy one of those 3G phones...

Re:content management?

[jafuser]

The one thing it can't stop is an actual photograph. Time to buy one of those 3G phones...

That is at least until they manage to lobby our government to pass laws to force all chip manufacturers to put cop chips in all Analog to Digital converters.

Re:content management?

[jonbrewer]

Does it still support copy/paste?

How about printscreen?

I've run in to a few journal articles in Adobe PDF format that don't support copy/paste. (no, these aren't just in .tiff format, they're protected) Elcomsoft has a nice work-around called APDFPR, but I think Dimitri got in a little trouble for writing it. :-)

Hash, Rehash, and Dupe

[Gothmolly]

This has been discussed endlessly already - new DRM features control documents, how they can be saved, printed, forwarded, stored. Yes, it will be possible for documents to "expire" after a certain time, etc. etc.

How is this news?

Re:Hash, Rehash, and Dupe

This time it's DRM with a positive spin.

I still think the R should always be expanded as Restriction, not Rights, in these sorts of articles.

Re:Hash, Rehash, and Dupe

[_|()|\|]

How is this news?

It's been tried before (This Email Will Self Destruct...), but with the backing of a monopoly, it might actually take. Who else could convince users to slip into their own handcuffs?

Re:Hash, Rehash, and Dupe

[Overly+Critical+Guy]

His point was that Slashdot has already posted an article about this stuff. Should we just fish out and repost our comments from last time? Or did Slashdot want another article for people to bash Microsoft (and therefore continue the immature and unprofessional image of the Linux community)?

Re:Hash, Rehash, and Dupe

[1010011010]

Right, because (to OCG), grown-up professionals loooove Microsoft! And it's OK that MSFT libels and slanders Linux and its community ("Cancer! Pac-Man!"), that's grown-up too. It's all a matter of perspective. E.g., whether you share his perspective, or not.

Never mind that, when discussing Linux vs MSFT, only one of those is a repeatedly convicted but unrepentant criminal. And it's not the one that starts with an "L."

non MS mail clients

[martin]

will be interesting to see how this works with non-MS email clients, esp on non-MS O/S's

Re:non MS mail clients

[guido1]

will be interesting to see how this works with non-MS email clients, esp on non-MS O/S's

As the article stated, "Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003."

However, since this is squarely targeted at corporate enviornments, I don't forsee this becoming a large problem.

Sure, it's bad for the end user information wants to be free blah blah blah, but companies want more control over where their information is going, and MS is providing it in this product. Don't want the FY04 budget leaked? Put a do-not-forward flag on it... Sure, you'll be able to screen-cap things, but casual copying will be prevented.

(We all know that protection can be circumvented by anyone with enough will... This is simply raising the bar for how much desire is necessary.)

That being said, I won't use it, but I'm sure there are corporations out there that will.

Re:non MS mail clients

[martin]

well we won't - non MS-mail app (Mainly eudora/kmail) and non MS O/S MacOS 9orX or Linux. on the desktop at work..

Re:non MS mail clients

[DrEldarion]

Don't want the FY04 budget leaked? Put a do-not-forward flag on it... Sure, you'll be able to screen-cap things, but casual copying will be prevented.

Actually, according to another poster here, you won't be able to screen capture things - printscreen is disabled. Copy/Paste are disabled as well. You'd have to type it all in manually.

-- Dr. Eldarion --

Re:non MS mail clients

[andy1307]

Which non-MS clients work as well as outlook? And how many companies use Exchange server and non-MS clients?

Re:non MS mail clients

VNC, VMWare, Virtual PC, Bochs.

Can't disable Print Screen outside of the virtual environment now can they?[0]

[0]: O.K, they can in Virtual PC. Since they bought Connectix Microsoft have been working on VPC 2004, which apparently will include changes to make it meet "Stringent Microsoft Security Standards" (!) I'd guess that means the host & Virtual PC's will now happily work hand in hand on IRM & DRM issues like this. Still, there's always VMWare.

Re:non MS mail clients

[martin]

Thinking about email going outside the company, rather than integration with other clients and Exchange..

Re:non MS mail clients

[DrEldarion]

Yeah, it's POSSIBLE for people to copy it, but now it's significantly more difficult, and you actually have to have a good amount of computer knowledge to do it. A lot of things that would have gotten leaked before now won't due either to user incompetence, inability to accidentally forward things, or sheer laziness.

-- Dr. Eldarion --

Re:non MS mail clients

[erktrek]

Unless of course you had a 3rd party screen capture application... still remains to be seen of those will work..

Re:non MS mail clients

Indeed, but this now creates a false sense of security for the sender. They can now happily email out sensitive data with IRM enabled safe in the knowledge that "no one" can copy it. Excelent!

Until Mr. E. Ville comes along and sees this sensitive data that he knows he can sell and make a quick buck. When money is the motivator, you know as well as I do that it would take them no more than five minutes with Google learning how to use VNC or whatever to circumvent the "protection" scheme.

Re:non MS mail clients

[efflux]

"Sure, it's bad for the end user information wants to be free"....

I always thought that the expression "information wants to be free" simply pointed out the difficultly in locking down information as, by nature, it is easily reproducible. Here, however, you use it as "information should be free."

I don't mean to pick on you specifically, but the things that I see done to this phrase really is alarming.

Re:non MS mail clients

[16K+Ram+Pack]

The thing is that it only takes one person with the time (not much) and equipment (a video capture card to read from the monitor output) and the skills (knowing how to operate an OCR package) and you've taken that output and converted it back into a text file.

Then, the millions of people on the internet can read it as a circulated item.

Re:non MS mail clients

[pmz]

I'm sure there are corporations out there that will.

I wonder if those corporations will also be baffled at the sudden increase of HR costs (i.e., employee turnover).

Re:non MS mail clients

[westlake]

each step away from the original introduces new doubts that what you are reading is authentic.

each step away from the original can also reveal new clues to the source of the leak.

Re:non MS mail clients

[chrisis]

I don't think the problem is the "do-not-forward" bit. The real problem is that it is Microsoft, or some other 3rd party, that will enforce the bit. That puts control of a document NOT in the hands of the corporate, but some other third party. The rights to do things with content should be controlled by the owner, not some third party, and certainly not someone as evil as M$.

Main stream only picking up half the story

It saddens me that me that the 'trusted' sources are publishing this information in most part as a good thing, or as a cool gadgetry.

The whole wider debate about freedom of choice/DRM as a consumer is being lost in the 'he he, now you can retract that naughty email' haze. /R

office 2003?

Hey its almost 2004!! Get with it microsoft!!!!!!

Marketing uber alles

[Empiric]

(click)(drag)(Copy)(launch Mozilla)(Paste)(Send)

Really, how is this supposed to work? Even if Microsoft suppresses the clipboard for protected documents, I (or any other mildly knowledgeable user) can take a couple of screen captures and then put it into a jpg or pdf to resend. If someone can see the e-mail, there's a way to copy it.

Ah... so maybe the idea is, *they* sent it, so that it'll be on *my* machine, but *they* retroactively control what I do with it, without specifying up-front. I *knew* SCO had some marketable ideas for Microsoft in exchange for that investment...

Re:Marketing uber alles

Really, how is this supposed to work? Even if Microsoft suppresses the clipboard for protected documents, I (or any other mildly knowledgeable user) can take a couple of screen captures and then put it into a jpg or pdf to resend. If someone can see the e-mail, there's a way to copy it.

Right, but if you're doing that you know that you're deliberately trying to break the protection and send the document to someone unauthorised to see it. What this stops you doing is accidentally sending a document to someone who shouldn't have it - across a Chinese Wall, for example.

Re:Marketing uber alles

[DrEldarion]

Posted this before, but it fits here, too.

"Actually, according to another poster here, you won't be able to screen capture things - printscreen is disabled. Copy/Paste are disabled as well. You'd have to type it all in manually." I suppose it might be possible to get another program to screencap it, but they could probably get around that as well - ever try to take a screencap through media player while hardware acceleration was turned on? It just comes out as a black square. Of course, you'd have to have a supported video card...

So anyway, you'd have to go through even greater trouble to do it - take pictures with a digital camera or something. It seems like they actually thought this through pretty well.

-- Dr. Eldarion --

And are they going to stop you from

[jj_johny]

Using cut and past? Stopping screen capture utilities?

And when are they going to have the email etiquette checker working? And the filter for bad joke forwarding - thats what I really need.

has to be said

[KFT]

If I can see or hear it, I can copy it. This might stop people from forwarding casually interesting letters, but the things where it matters will be copied anyway. I don't see the point. If they do find a way to do this well, I'd love to have this possibility, otherwise it's just yet another way to make people feel secure without actually being so.

O2003 DRM

[thirdofnine]

Yes, it exists, but nothing stops you copying and pasting the text into a new e-mail.

Third of Nine

Re:O2003 DRM

[blastedtokyo]

Except for office 2003 which disables copy/paste/prtsc/print for DRM locked documents. whaddya expect. they wrote the OS.

Re:O2003 DRM

Apart from the fact that copy and paste are disabled, you're right.

Non-Outlook mail clients?

[rosbif]

So when will they release details of the encryption scheme used so that non-Outlook mail clients can be used......? I'm not holding my breath.

Re:Non-Outlook mail clients?

[rmohr02]

All they've done in that regard is make a viewer for these emails, but the viewer only works in 2000 and XP.

Re:Non-Outlook mail clients?

I hope that was a rheotorical post. Of course they aren't going to allow non-Outlook clients into their sandbox. They have a monopoly to maintain, ya know.

Re:Non-Outlook mail clients?

[the_womble]

Thats why this will kill non MS OSes and Office suites.

Once a few big corporations start sending all their email out this way, and circulating only DRMed office docs, then everyone else will have to use MS office to do business with them

Example: All the investment banks send institutional clients emailed research, with a notice on it saying it is not to be circulated further. Now they will be able to enforce it, and they will.

Every busienss will have at least one big customer who will insist on this.

All this assumes the DMCA will stop reverse engineering.

Re:Non-Outlook mail clients?

[HermanZA]

Remember Lotus Notes? Nothing new here.

New features?

[Martigan80]

More significantly, Outlook can automatically block images embedded in e-mails, a common tactic used by spammers.

Is this not automatic? Any how when will MS put this stuff in IE too? I mean I love how Mozilla lets me diable Javascripting, why doesn't MS catch on to this.

And E-mail SPAM filtering? I just opened an MSN account to use the MSN messenger and I got five SPAM immediatly, why don't they try to stop it further away from the machine? Because even you filter it Outlook will down load the message first to look at it.

Re:New features?

[molarmass192]

Mozilla mail also lets you disable loading images in emails: Edit -> Preferences -> Privacy & Security -> Images -> Do not load ...

Granted these are remote images rather than embedded.

Most Important Changes

Microsoft has also tweaked Word, Excel and Powerpoint, though the most obvious change is a new, blue colour scheme.

Ahh, priorities. Is that the same "BSOD" shade of blue I see far too often? Where do I send my $ for the upgrade?

Re:Most Important Changes

Wooh, a new colour scheme. *Please* take my $700...

corporations will be all over this...

[*weasel]

... they love to set rules and access rights and controls - instead of actually managing employees conscionably and using resources responsibly.

mostly i imagine this will appeal to the less savory huge corporations who wish to stop seeing their internal memos and severance packages on f*ckedcompany.

but inevitably, if the information would actually be interesting to someone outside the desired recipient list, it will be shared. to borrow a cliche, 'information wants to be free' - good information anyway.

perhaps the 'leaker' will have to retype the message, but more likely he'll cut/paste or (if that's disabled) take a screenshot and email that.

and as soon as an email leaves the corporate structure once, all those controls don't mean a thing.

the platform-specific nature, and the fact that most leaks come through corporate partners who have limited email access/correspondence (some may even be on public distro lists) will mean that its effectiveness will be entirely limited to internal corporations.

though, if momentum builds behind this, a trusted email standard may not be far away. and if nothing else, perhaps that would alleviate some spam? if you consider the price worth the cost.

Hrm

[jeek]

So what's stopping a third-party from making their own client that can read the e-mails and doesn't give a damn about DRM or any sort of document expiration?

Regarding my e-mail address... mind the gap, please.

Re:Hrm

[I8TheWorm]

Lack of published standards on the part of M$?

Re:Hrm

[jeek]

I said 'stop', not 'slow down'.

Re:Hrm

[AllUsernamesAreGone]

The DMCA and fellow Jackboot Laws? If the document can be classed as "protected", selling something to get around it may be a possible DMCA/EUCD violation (you can bet Microsoft would try for it if they could make a case for it).

Just wait until Outlook starts storing and transmitting the emails encrypted using a company or machine-based key system. Then things will get really nasty.

Re:Hrm

[I8TheWorm]

True, but then you have the DMCA worries. If the specs are unpublished, then you're feasably hacking the package to get what you want out of it. And if the data is encrypted, your worries include jail time.

As much as I enjoy the idea of open standards, they're not worth sitting in a cell to me.

Monopoly anyone??

Well, now everybody must have a microsoft product installed on their machines to read these documents... yeah, it is free, but then, microsoft got in your system.

is this such a bad thing?

[jez_f]

OK I will start out by saying that I don't think that this should be controlled by M$, but I don't think that tying DRM to email is a bad idea. Hell I think it is one of the only good uses of DRM.

Spam is a huge problem and the only way it is going to be effectively controlled is to change the open nature of email. Putting controls onto who can do what to the email is the next step. You don't always want emails to be forwarded especially if the email is signed from you. The same goes for company internal emails it is fine them being sent internally but most often they are not for third party use.

OK you are not going to stop people cutting and pasting then forwarding but at least it will not be verified as being from you. Just wish that some open consortium had come up with standards for this sort of thing before M$ got their mitts on it.

Re:is this such a bad thing?

[Laur]

Spam is a huge problem and the only way it is going to be effectively controlled is to change the open nature of email. Putting controls onto who can do what to the email is the next step. You don't always want emails to be forwarded especially if the email is signed from you. The same goes for company internal emails it is fine them being sent internally but most often they are not for third party use.

The new DRM features have absolutely nothing to do with spam. How is spam related to your forwarded emails?

If you don't want your e-mails viewed by 3rd parties you put a disclaimer on them that "The information contained in this e-mail is only for the intended recipient for the purposes of doing business yada yada yada..." This opens the 3rd party up to potential litigation if the email is abused, and is the same thing you would do with mailing hardcopies. If you truly don't want the information shared you should encrypt it or just don't share it! If you snail mail a letter to someone they can photocopy it and send it out to whoever they want, why do you think that with e-mail you can somehow restrict what people can do with information that is now in their possession? This DRM crap is just Microsoft pedaling useless snake oil.

Re:is this such a bad thing?

As I understand the system of PGP and GnuPG, it is possible to encrypt a message to somebody and sign it. If someone forwarded such a message, then to make it readable to the new recipient they would have to decrypt it, which would verify the digital signature (so they'd know it was from you) but not keep the signature attached to the document (so that the unintended recipients cannot tell).

Therefore, by the same logic there is no actual proof that someone sent such an email, so this system (or maybe an s/mime system for large companies) would be perfectly good for denying that someone composed an email that's been forwarded.

Ubiquitous use of such software would render spoofing emails from someone else futile because they wouldn't be signed.

I think that this is the best way forward; if you are going to tell someone something sensitive then you should be able to trust them anyway and nothing is stopping them from forwarding the information by other means.

Have a look at http://www.gnu.org/philosophy/can-you-trust.html, this has some very interesting insights (imo)

Re:is this such a bad thing?

This has nothing to do with spam, it has to do with M$ seeing another way to tie people in to M$ products by making it impossible to read emails unless you run M$ software and have a M$ passport.

Wrong

[tbone1]

The days when you could forward an embarrassing e-mail to your colleagues could be a thing of the past.

Uh, no. Nothing is foolproof because fools are just too damned clever.

Re:Wrong

[marktoml]

The job of the engineer is to make things idiot proof. The job of the universe is to make better idiots. So far, the universe is winning.

Why bother?

[tbase]

There's going to have to be a fundimental change in the protocol and how people use e-mail if it's going to ever become remotely secure. Sure, there's always PGP, but how many average users even know what PGP stands for? And I doubt they'll disable both cut and paste and screen capture programs - if someone wants to forward your e-mail bad enough, they'll find a way.

Re:Why bother?

[WuphonsReach]

And PGP is primarily concerned with security during transport and security during storage.

Once the end-user decrypts a PGP message, they can do whatever they want with the contents.

Digital restrictions for e-mail is a non-starter... I'm sure there were at least half a dozen startups that tried the concept during the boom. (Heck, document DRM on the whole is a non-starter. If the user can see the text, it can be copied.)

A better method is to use fingerprinting / watermarks to track the flow of restricted information and to prosecute the leaks.

Don't worry

[LargeNemo]

You can still create a .net passport without e-mail verify. It's easy. I still have president@whitehouse.gov as a .net passport.

Only on Outlook 2003?

[_Pablo]

I am guessing that if I send a nice libelous email to someone using any email client other than Outlook 2003 (and Exchange 2003?), then these magical "cannot forward" and "delete in x days" features will not work...or is there a new RFC covering this enhanced email functionality?

Re:Only on Outlook 2003?

This is a good thing.

Outlook/Office users will no longer be able to communicate with normal standard Internet users. The MS environment will become part of the internal corporate network and will become quarantined from the Internet at large.

Outlook/Office documents will drop out of the Internet. No more VBA/VBS worms, woo-hoo!

Good unintended side effects

[banky]

First, and slightly OT, but that screen shot makes it look like I had better plan on a 19" monitor or greater. It was a tiny screen cap but the proportions of title bar to window contents make me think Microsoft has given up on the notion that a 15" screen should be usable. (See Also: Visual Studio.NET)

Anyway, this who "can't forward" thing might have nice side effects. I'd love it if documents on the hard drive could be flagged "do not forward", so my dad would stop pestering me about "what if I get a virus and it sends my Quicken files?"

This functionality was created to appease corporate America (to stop things ending up on InternalMemos.com, among other things) but it might have positive side effects for the home user.

Re:Good unintended side effects

[lonb]

15" -- what's that? I've been running 19 and 21" monitors since 1996. How does anyone work without them! I'm curious what the average monitor size of /. readers is, especially compared to the overall average. Next monitor: 23" flat panel.

Re:Good unintended side effects

Actually.. vs.net is quite usable on 15" and smaller screens. Every side panel can be set to autohide, and leaves a very little table on the side. Move the mouse over it and it slides out... once you've finished with it it will slide back. This leaves the coding space nice and big.

Re:Good unintended side effects

[SoTuA]

A couple of 17"s here. Trying for the 19s, but the cash is scarce, computer parts are expensive on this side of the world and I'm getting married :D (goodbye, senseless computer hardware expenditures!)

Re:Good unintended side effects

[lonb]

I give my sister total credit for this word, and I hope it gets used regularly... She calls her husband's machine: "Computewhore" say it fast it sounds right.

Re:Good unintended side effects

[HeghmoH]

Anyway, this who "can't forward" thing might have nice side effects. I'd love it if documents on the hard drive could be flagged "do not forward", so my dad would stop pestering me about "what if I get a virus and it sends my Quicken files?"

Don't make the rest of us pay just because you or someone you know is dumb enough not to open attachments from people he doesn't know. My 82-year-old grandfather knows better than that. Some whacko DRM is not the solution. The solution is to stop being stupid, and stop using e-mail programs with large, numerous security holes.

Re:Good unintended side effects

[tetrad]

Whacko DRM? What's so whacko about it? Actually, I think it sounds like a pretty cool feature.

Re:Good unintended side effects

[pmz]

"what if I get a virus and it sends my Quicken files?"

Don't worry, the next generation of viruses will simply use a local root exploit in Windows to do whatever they want, anyway. Passport will not stop this. Palladium will not stop this.

to stop things ending up on InternalMemos.com

So, InternalMemos gets an envelope with Polaroids in them, and someone types them up. Nothing short of Matrix implants will stop this.

Re:Good unintended side effects

At work I have three monitors 17" LCD - 21" CRT - 17" LCD

At home, I have just one 21" CRT =)

Re:Good unintended side effects

[HeghmoH]

All DRM is whacko (I think I meant to say "wacko" there, oops). As another poster quoted, trying to make bits uncopyable is like trying to make water not wet. This is the kind of feature that sounds cool if you're the sender, and sucks really hard if you're the recipient. It's fun to be able to send things to people and not allow them to forward it, but it's very annoying to recieve e-mail that you can't forward. It's also stupid, because it's ineffective; if the bits exist in your machine, you can get them out.

(If this is posted multiple times, sorry, slashdot is giving me those error 500s again. "Not reproducable" my ass.)

Simple question:

[jkrise]

Will it improve productivity in my office? Not my Office, but my real office?

Simple answer: No, it would reduce it.

Thanks for another useless product.

-

Re:Simple question:

[cerberusss]

I expect the company I work at to buy licenses for Office 2003, in say, 2006. CrossoverOffice/Wine will probably then support it. And I will use it, if the current Office software situation stays the same. And in the current situation, using OpenOffice/AbiWord/xxx will decrease my productivity because it's more difficult to exchange documents.

Re:Simple question:

[Spiked_Three]

An that got moderated insightful? I'd moderate it naive.
In particular, the defense department and other agencies with a need to protect data have been trying to compartmentalize data for as long as computers has been around. If your company doesn't have a need to protect it's (obviously valueless) information it does not mean other companies do not.
I for one would welcome the ability to forward new product information to potential customers without having to worry about it showing up at the next design meeting of my competitor. And while initially this may not prevent taking a picture of the screen, I suspect the hardware version in the not to distant future just might.
It's useless for you? What do you do, sweep floors?

"rights management" and spam containment

[ericspinder]

Looks like the two biggest additions to Outlook 2003 is spam containment and rights management. Adding more easily configurable spam containment is an important feature (maybe the spammers will just give up!), and much needed. The rights management is very hard to judge, I'll have to see it in operation.

I am sure that the experience Microsoft had with it's emails and the Justice Dept. had a lot to do with this feature. I can see where it would be a good idea for some people to restrict certain messages, but I believe that this serious knock to accountability

Yeah, and it'll stop paraphrasing too. Not.

[Schlemphfer]

Steve,

Great having beers with you last night.

I just got a memo that they'll be laying off 30 people in engineering, starting with Dan. The fucktards have disabled forwarding permissions for it, but drop by my desk on your way to lunch if you want to see.

Ron

Re:Google bug

Thank you for bringing this to our attention. After investigating this site, we found that the popup blocker is working correctly. If you visit the site, you will notice that the mouse pointer changes to briefly display the popup icon and the popup count increases.

If you disable the popup blocker, additional windows containing similar images will open spontaneously. We understand that you may be referring to the window itself moving across your screen. Unfortunately, the popup blocker cannot prevent this sort of behavior since it is considered to be part of the webpage.

Please let us know if we can assist you further.

Regards,
The Google Team

Another example of Microsoft "innovation"

[Yekrats]

From the article:

Microsoft has also tweaked Word, Excel and Powerpoint, though the most obvious change is a new, blue colour scheme.

So, if you make it shiny and blue enough, people may ignore...

One of the key changes is the Orwellian-sounding Information Rights Management.

Re:Another example of Microsoft "innovation"

[PaulGrimshaw]

new, blue colour scheme.

See.. they always said the BSOD was a feature !! :)

Paul.

Palladium?

[derbs]

So i guess e-mail is encrypted and stored on Microsoft's own servers huh? How will people read this mail if not on a Windows machine with XP and the latest version of Office? Not only is this Microsoft trying sneak their Palladium crap through the back door, but also, imo, this is a monopolistic act far worse than bundling Explorer with their OS

If i have information i don't want other people seeing, i don't send it in an e-mail!

$400 for a Dialog Box???

[jkrise]

Why pay good money for a dialog box? Does this dialog box merit a change in ALL other apps - Excel, PPT etc? Okay, here's a dialog box:

Do you think Office 2003 will improve office productivity? (not Office productivity, just your real office)

-

Notes tried this one too

[tizzyD]

Yep, been in Notes since, what, 1997?!

Cut and paste were disabled, as I recall. A quick PrintScreen twarted that quite quickly.

If you see it on the screen, it can be copied. Perhaps not as well, but yep, it can be copied.

Re:Notes tried this one too

[Skater]

They still are if you click on the appropriate box when you send the message. Forwarding is also disabled.

--RJ

Re:Notes tried this one too

[ch33kymonk3y]

yep - no extra software required to do this one

Isn't this what /.'ers want?

[duffbeer703]

Every time a PGP article is posted, everyone here starts panting about how everyone should send signed & encrypted email and how wonderful the world would be, yatta yatta.

Well, Microsoft did it -- you'll see the amount of encrypted email increase substantially as companies adopt this new version of Office and implement their own identity management servers.

So what's the big hub-ubb? If you are being investigated, a court order will result in the police getting your GPG/PGP private key anyway, so that argument is out...

I guess since it is Microsoft, it has to be bad!

Re:Isn't this what /.'ers want?

Encrypted is not DRMed. Two different technologies. Also, who says someone at MS won't be snooping regardless of what Bill promises and the law says? How would we find out?

I can just see it now: Adobe emails its plans from for a new product one office to another, and surprise - they get a phone call from Bill asking them to keep it MS only.

Re:Isn't this what /.'ers want?

PGP doesn't stop me accessing, printing or forwarding a threatening mail sent to me by a third party does it?

Re:Isn't this what /.'ers want?

It is all about control. With PGP the control still lies with the end user. The end user has control over the content on their computer.

As for a court order resulting in getting your private key - you can just delete it. You maintain control over your private key - it is not located on some external server.

Finally, this is just another way for Microsoft to increase its staggering monopoly. Free email clients such as Thunderbird will be rendered useless as the corporate world standardizes on Outlook. Every will start sending IRM messages requiring a Microsoft email client to view them.

It's about control - I want control of MY computer. With DRM, IRM, MSBIOS, etc - our control is slowly being eroded and placed in the hands of a monolithic corporation. As it is, I cannot install an MS product without the software reporting back - Then if I wish to purchase a new computer in a year I have to beg Microsoft to let me reinstall the software on a new system.

We don't need to irrationally hate MS - there are plenty of rational reasons to hate (and fear) them. This is some scary stuff...

Re:Isn't this what /.'ers want?

[duffbeer703]

If you are in an environment that requires information security standards be ahered to (ie medical office, police, software development, etc). Whomever owns the information you work with needs the control.

If you are an insurance examiner working with my medical records, I don't want YOU to to control the information on "YOUR" computer. Your employer, who is legally responsible for that information, doesn't either.

And if a court ordered you to produce a private key and you deleted it, you would be held in contempt and charged with hindering an investigation -- and probaly go to prision for a few years.

Re:Isn't this what /.'ers want?

If you are in an environment that requires information security standards be ahered to (ie medical office, police, software development, etc). Whomever owns the information you work with needs the control.

If you are an insurance examiner working with my medical records, I don't want YOU to to control the information on "YOUR" computer. Your employer, who is legally responsible for that information, doesn't either.

In the olden days, the solution to this problem was not to hire fucktards.

And if a court ordered you to produce a private key and you deleted it, you would be held in contempt and charged with hindering an investigation -- and probaly go to prision for a few years.

That may be preferable to the alternative.

Re:Isn't this what /.'ers want?

[1010011010]

1) PGP is open, standards-based, has implementations on most platforms, and does not mandate a particular host software package.

2) Outlook's new features are outlook only, only on Windows. Closed system, closed software, zero interoprability.

I guess since it is Microsoft, it has to be bad!

Doesn't have to be. Often is. Microsoft cannot be trusted. They've been teaching people that for decades, by their actions. C'mon, they even thought they could lie and present manufactured evidence to a federal judge in his own court.

Hello?

Would it not be more sensible NOT to send sensitive information to untrusted parties?

1. Read Protected Email
2. File -> New
3. Type juicy bits.
4. ???
5. Profit!!

-AC

Been There, Done That in Lotus Notes

[borkus]

Since at least version 4 (maybe version 3.0) of Lotus Notes, you could prevent copying, printing and forwarding of a message. Under the delivery options when you're composing a new message, there is an option "Prevent Copying".

With notes, you could still grab a screen shot by pressing "Print Scrn", since that's tied into the OS, not the app.

Re:Been There, Done That in Lotus Notes

[jrumney]

Before the conspiracy theories start about Microsoft being able to do things their competitors can't because of their access to secret APIs, I'd like to point out that grabbing the Print Screen key for your own use is trivial, and there is no reason why Lotus Notes could not have done this.

Re:Been There, Done That in Lotus Notes

[Theatetus]

I'd like to point out that grabbing the Print Screen key for your own use is trivial

Not if your window is out of focus. I haven't messed with Windows signals for a while but I don't think your app would even receive the interrupt, would it?

Re:Been There, Done That in Lotus Notes

[jrumney]

True, the window would have to have focus to grab "Print Screen" and stop it doing anything. Someone with access to MS Office 2003 might want to try that one.

Re:Been There, Done That in Lotus Notes

wrong.. it's possible to add to the input handling chain and capture all input regardless of focus.. see any keygrabber for reference.

Re:Been There, Done That in Lotus Notes

With notes, you could still grab a screen shot by pressing "Print Scrn", since that's tied into the OS, not the app.

Isn't this just another example of Microsoft using their monopoly in the operating system market to extend their business in the office suite market? Or are they going to let Notes use the API to disable screenshots (and did they inform Lotus of the API at the same time as the Office developers?)

Re:Been There, Done That in Lotus Notes

[Theatetus]

OK, that's true, you can make it so that your process receives the signal, but you can't keep an in-focus process (in this case, the OS) from receiving the signal too. I guess you could use the print screen key signal to scramble the text for a little bit in the hopes that the print screen wouldn't work.

Re:Been There, Done That in Lotus Notes

[jkabbe]

If they were worried about print screen they would have simply made the contents of a protected email disappear when the window did not have the focus. Problem solved.

Re:Been There, Done That in Lotus Notes

[jot445]

You can do this in the front end, for sure. Keep your coworkers from forwarding your e-mail jokes to your boss... lol.

However, the back end is a completely different story. Using LotusScript, you should be able to forward the document. Further, you could likely change the form used to view the document to a form which doesn't prevent forwarding. You might also be able to remove any fields that prevent forwarding via LotusScript. All of these techniques could be used to circumvent this style of protection.

Anyone that thinks that Lotus Notes is a secure mail platform is deluded. If you think differently, just let me know your e-mail address, and i'll send you a document with "form stored in document" and a little post-open code for your pleasure. Lotus Notes is extremely insecure to those who know it, particularly e-mail.

Jot - PCLP, R5 Application Developer

Re:Been There, Done That in Lotus Notes

[sean.peters]

Anyone that thinks that Lotus Notes is a secure mail platform is deluded. If you think differently, just let me know your e-mail address, and i'll send you a document with "form stored in document" and a little post-open code for your pleasure.

An exploit that is rather easily defeated with ECL's. If I don't know you, I'm not going to authorize your code to run.

Sean, just a lowly R5 CLP, App Developer

Re:Been There, Done That in Lotus Notes

[Ben+Hutchings]

There is an "input hook" to which one can attach a handler function in a DLL that will then get all input events. This is how Windows mouse support software makes the mouse-wheel work (somewhat) in old applications.

Re:Been There, Done That in Lotus Notes

[MrScience]

You can't use Print Screen to grab a DRM message in Outlook.

Re:Been There, Done That in Lotus Notes

[Animats]

Microsoft can do better than that. Try Print Screen on Microsoft Media Player and you'll get a black hole where the movie was.

Re:Been There, Done That in Lotus Notes

[mbbac]

With notes, you could still grab a screen shot by pressing "Print Scrn", since that's tied into the OS, not the app.

Lucky for us that Microsoft controls the application and the OS. That way they'll be able to lock down simple functions like screenshots.

Re:Been There, Done That in Lotus Notes

[IntlHarvester]

The primary reason for that is because WMP is using the overlay hardware in your video card. DRM is just a side-benefit.

Try minimizing then maximizing the player -- you can sometimes get a screenshot that way.

Re:Been There, Done That in Lotus Notes

Translation for the non-Lotus types.

All code in a Notes environment is signed by the author and runs in a sandbox.

The system administrator can control which authors can perform what functions via code using a "Excution Control List" (ECL).

Thus the system admin can prevent lowly users from altering internal message details. They usually don't, but the power is there.

Java and NET have similar systems, but they aren't as well integrated and aren't as universal as the Lotus system.

Re:Been There, Done That in Lotus Notes

[3vi1]

And it was easily circumvented. The first thing I did was write an agent that would remove this flag and the "read receipt" flag from every mail as it entered my inbox.

It made the messages easier to deal with, and I didn't have people calling me on the phone 2 minutes after they saw I opened their message, wondering why I hadn't replied yet.

Re:Been There, Done That in Lotus Notes

[jafuser]

I remember coming across an audio driver which you could install that would pipe all sound played on the system to a file. The driver would then call YOUR driver to play the audio as normal.

How long until someone writes a generic video driver which overrides this in the same manner?

And then how long beore MS starts requiring signed drivers to prevent these kind of tricks?

Re:Been There, Done That in Lotus Notes

[ymgve]

A better way to get screenshots in Media Player is to turn hardware acceleration down to zero. Then you can grab shots easily.

Re:Been There, Done That in Lotus Notes

[jot445]

ECL's are most certainly the solution. However, almost no one uses them, and they are quite difficult to manage. Do you want to click on "Allow" for each action that could be performed by LotusScript, for each document that is processed, for each database that is opened, or for each form that is used? The burden of doing so far outweighs the benefits achieved if only everyone agrees to play nice. In speaking with Lotus at a BOF during LotusSphere, they acknowledge the issue, but do not have a solution that doesn't trust the developers to play nice.

Re:Been There, Done That in Lotus Notes

"do not have a solution that doesn't trust the developers to play nice"

Nor could they. For some reason Notes engenders this desire to keep things secure from your own IT staff. Practically impossible.

The point is that you could implement a solution that does not trust the regular users to play nice.

Re:Been There, Done That in Lotus Notes

[Animats]

It's important to understand, though, that Microsoft's "trusted computing" initiative will tighten up that. "Crypto to the monitor" is coming.

even more whoreabull corepirate nazi .controlls?

makes the pateNTdead eyecon0meter kode expand to include more&more fauxking phonIE feechurn ideNTification strings.

is there a remedy for all of these softwar gangster payper liesense georgewellian fuddite execrable BugWear(tm) debacles? of course there is.

that would be the creator's increasingly popular planet/population rescue initiative (formerly unknown as the oil for babies program), which coincides perfectly (we do not use that word lightly) with the onset of the gnu millennium.

secure? why this stuff is unbreakable, & works on several (more than 3) dimensions.

the daze of the phonIE payper liesense corepirate nazi stock markup fraud execrable is WANing into coolapps/the abyss, at the speed of right. not much secure IT to be had with those fauxking foulcurrs.

the pateNTdead eyecon0meter kode has been used extensibly, in helping to eXPose many of the ?pr? ?firm? hypenosys fallicIEs surrounding the efforts of the felonious billyonerrors softwar gangsters' to mask their greed/fear/ego based misdeeds, & ongoing frauduleNT behaviours.

still much to be done. see you there.

consult with/trust in yOUR creator regarding decisions of the heart/mind/wallet. that's the spirit, moving you.

for each of the creator's innocents harmed, there is a badtoll that must/will be repaid by you/US, as the aforementioned perpetraitors of the life0cide against the planet/population, will not be available to make reparations.

get ready to see the light. there's no going back, & no where to hide.

Gimme!

[freeweed]

the next version of MS Office will include E-Mail controls which should limit way that e-mail messages can be forwarded

I hope they include a control that prevents email from being forwarded once the subject line contains more than one Fwd: in it.

I swear, many days I get more "Fwd: Fwd: Fwd: Fwd: Fwd: Fwd: THIS COULD SAVE SOMEONE'S LIFE!" than I do spam. The latest and greatest is the "gang initiation - guy sneaks into a woman's backseat at the gas pump", which I haven't seen making the rounds for a couple of years now.

Eliminate crap like this, and watch worker productivity double.

And yes, my tongue is ever-firmly pressed into my cheek :)

Re:Gimme!

the "gang initiation - guy sneaks into a woman's backseat at the gas pump"

OMG, that really happened?? That's horrible!! the poor woman!!! I have to stop working right now and forward this to everybody I know!!!

Must be easy to crack

[lintux]

begin DRM protected message
You are only allowed to read this message after paying $700 to SCO...
end

Hmm, unfortunately SlashDot refuses to show the *two* spaces after "begin". Most people from Usenet should get the idea though.

At least we know MS-DRM won't work on SlashDot. :-)

Not a completely new feature

[hargettp]

Lotus Notes has long a had a feature to prevent copying or forwarding of messages. With an installed base upwards of 80 million, Notes is one of the most secure e-mail products on the planet, with notable usage among the government and intelligence organizations. Good cryptographic controls are built into the product, so it's easy for individual users to put these kinds of policies in force for their own messages.

Re:Not a completely new feature

..and is a bigger piece of shit than any version of Outlook, Eudora or Pegasus.

Having used Lotus Notes, I was begging to go back to using VM to check my email when IBM forced everyone onto Notes.

Re:Not a completely new feature

[ncr53c8xx]

Good cryptographic controls are built into the product, so it's easy for individual users to put these kinds of policies in force for their own messages.

Do those policies include giving away 24 of the 64 bits in the key? Makes me feel really secure.

Re:Not a completely new feature

[hargettp]

Could you elaborate? Notes isn't perfect, but it's more secure than many other products of it's class. Of course, it was built in a different era, so I wouldn't be surprised if it was built with keysizes in mind that are no longer "good."

Re:Not a completely new feature

[ncr53c8xx]

Could you elaborate? Notes isn't perfect, but it's more secure than many other products of it's class. Of course, it was built in a different era, so I wouldn't be surprised if it was built with keysizes in mind that are no longer "good."

Notes encryption had a key length of 64 bits, but 24 of those bits were escrowed with US government agencies. As you know, 40 bit keys are trivially easy to break. It was a big issue about 8 years ago. However, I doubt it was discussed in the mainstream press. As for your comment about security, there is no way to know since no one has audited the full source.

Re:Not a completely new feature

[IntlHarvester]

Note that Netscape and Microsoft also gave the NSA part of their SSL keys as well. So this situation was not unique to Lotus and was mandated by US government regulation for "export" products. According to IBM/Lotus, there was no key escrow for the North American version.

However, that was years ago -- US corporations can now export the full encryption versions of their products.

Re:Not a completely new feature

[ncr53c8xx]

Note that Netscape and Microsoft also gave the NSA part of their SSL keys as well. So this situation was not unique to Lotus and was mandated by US government regulation for "export" products.

I doubt Netscape was involved. The Netscape international version was only 40 bit anyway, so what would they escrow? People could probably break it using pencil and paper. Microsoft claimed that the strength of their cipher was determined by the server they connected to, so no reduction in key strength was required.

According to IBM/Lotus, there was no key escrow for the North American version.

The big issue was that IBM/Lotus didn't tell their non-US clients about the escrow until they were found out.

Re:Not a completely new feature

[IntlHarvester]

OK, it sounds like Netscape didn't go with the escrow plan.(http://www.networkcomputing.com/704/704f3mai n.html -- historical information on the WWW, what a stroke of fate).

Microsoft did distribute seperate versions of their products until the restrictions were lifted.

> The big issue was that IBM/Lotus didn't tell their non-US clients about the escrow until they were found out.

That's incorrect. It was documented, publicized in tech rags, and even sold as a feature for international customers. It became an issue maybe because IBM oversold the product, but probably mainly for political reasons. (Both international politics and some typical My Vendor Can Beat Up Your Vendor stuff,)

Re:Not a completely new feature

[ncr53c8xx]

That's incorrect. It was documented, publicized in tech rags, and even sold as a feature for international customers. It became an issue maybe because IBM oversold the product, but probably mainly for political reasons.

Why is escrow a feature? Did they promise TLA protection for companies who went bought the software? :-) Or something along the lines of "it's not a bug, it's a feature"?

Re:Not a completely new feature

[IntlHarvester]

Well, as you pointed out, their competitors like Netscape were selling products that could be cracked by anyone, while partial-escrow was only reasonably crackable by the US Government.

All in all, I think that IBM thought the export regs are as stupid as you and I do, and I can see how a foreign government might have reasonably decided that US software wasn't the best option. However, that doesn't mean that there was any big secret there, except for the sake of political scandal.

Re:Not a completely new feature

[ncr53c8xx]

I can see how a foreign government might have reasonably decided that US software wasn't the best option. However, that doesn't mean that there was any big secret there, except for the sake of political scandal.

I can see why the German government is funding gnupg. However, one shouldn't blame people who buy software to expect "fitness for merchantibility" (although that is explicitly excluded in the EULA, go figure).

Worm ?

[cwernli]

should limit way that e-mail messages can be forwarded.

But it won't stop Outlook to be vulnerable to any kind of attack, such as a worm which "forwards" itself to everybody in your address book ?

won't help anybody but the liars

everyone should be allowed to have secrets. even companies should be allowed to have secrets. secrets like how to manufacture product X, or get Y working, or how to solve problem Z that nobody else can. it's being able to keep secrets like that that makes the economy work, because i know i can make scads of cash if i hit on the right secret to keep, so i'll stay up at night to figure it out.

the DRM/IRM bullshit won't protect that in the least, because, yes, you can paraphrase a secret like the one above. important secrets are things people have to know within the company to do their jobs. the only way to keep those kinds of secrets is to (gasp) treat your employees well enough that they feel like they have a stake in your company. god freaking forbid.

no, this program won't keep those secrets. what it will keep secret is the incriminating evidence -- the smoking gun e-mail where the tobacco exec says "addict kids" or the ms exec says "spread fud on open source." the only secrets this program will keep are the secrets we pay journalists to uncover for the public good -- the secrets that expose the lies that companies present to the public.

THOSE secrets require the e-mails to be quoted, because the point is not the information -- it's the source, and the way it's said. thanks, microsoft, for helping to make the world a little more like your own house.

Re:won't help anybody but the liars

[zorak1103]

no, this program won't keep those secrets. what it will keep secret is the incriminating evidence -- the smoking gun e-mail where the tobacco exec says "addict kids" or the ms exec says "spread fud on open source." the only secrets this program will keep are the secrets we pay journalists to uncover for the public good -- the secrets that expose the lies that companies present to the public.

I don't think they will stop even this. If I want to leak information I will certainly find a way to do so.
If it's important I'll get myself a digicam, I'll make a screenshot, I'll use terminal services, I'll use VNC. Hell, I'll even speak it into my MP3 player and type it into my typewriter at home.
Noone is going to stop me from leaking information if there's a secret to leak.
M$ cannot stop it. At least not this way. Companies have to ask them why information gets out. It's employees hateing their work, big money from the outside buying insiders, ...
You cannot block this with DRM. I think you cannot block this at all.

Re:won't help anybody but the liars

it's not foolproof, but i think this "IRM" will have the intended effect. you and i may be savvy enough to get around it but there are a number of problems:

1. will journalists believe you when you e-mail them your transcription of your mp3? what's to stop you from editing?

2. the people who really have the power to break the big news *aren't* tech savvy. they are the middle management with a conscience, they are the scientists, they are the secretaries. those people won't know what to do -- and perhaps the extra labor to do it if they can will make them stop and think twice.

And in other news ....

[kalidasa]

The Pentagon announced the return of Admiral John Poindexter and Colonel Oliver North to their staff as lead team for an upgrade of all Pentagon internal mail systems to Outlook 2003.

who cares

the only feature outlook has which other email clients don't is the exchange integration for the stupid meeting stuff. I personally don't use it and think it's junk, so why would I care. It's not to say there isn't any value in those features, just that it could just as well be a separate client. All this digital rights management stuff is total BS and just makes me despise outlook. Outlook is already a huge virus risk and I have no faith the new version will be any better.

Drive people nuts...

[earthforce_1]

Create a chain mail letter saying this must be forwarded to five of your friends, and set the controls to prevent it from being forwarded.

Should be good for a chuckle or two.

Text-To-Speech

[Saint+Stephen]

Just turn on text-to-speech features for the blind, capture the output, and then later use speech-to-text.

If they disable features for the blind, sue Microsoft.

PROFIT!

And non- Windows-2000+ platforms?

[pwagland]

Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003.

<snip>

But the programs will only run on a PC with Windows XP or 2000.

So, what happens when you want to send the e-mail to your family, who run Mac/Win 95/Win 98/Linux/Other Unix Variant?

Platform lockin anyone?

Having said that, it is a good idea. But totally non-enforceable without community buyin, and when you have community buyin it is easily circumventible...

Re:And non- Windows-2000+ platforms?

[secondsun]

They won't need it. I do not care what happens the the emails I send home to momo and pop, but I do care about internal memos and sensitive corporate information. If one has a company that stands to loose millions if data is leaked then this is a worthwhile upgrade. Meanwhile if mom and pop back home have windows 9x they won't care to upgrade because the bundled Works suite works just fine, and you won't be sending them a digitally signed, DRMed, encrypted, protected confidential email. If you need to send secure data home use the USPS and send a registered letter.

Re:And non- Windows-2000+ platforms?

[bahamat]

So, what happens when you want to send the e-mail to your family, who run Mac/Win 95/Win 98/Linux/Other Unix Variant?

Then you don't encrypt it. Duh.
If you want to make a point, be sure you have one to make before trying.

Re:And non- Windows-2000+ platforms?

[Viol8]

And what happens if someone sends a non encrypted email that has a self destruct and/or non forwarding flag set on it but the recipient is
not using Outlook? And don't tell me that'll never happen if the software allows it , of course it will. Its all pointless apart from the encryption since you can never guarantee
what client the recipient will be using. This is just more blah blah for MS to put on the box when flogging Office to the gullible.

Re:And non- Windows-2000+ platforms?

[Planesdragon]

So, what happens when you want to send the e-mail to your family, who run Mac/Win 95/Win 98/Linux/Other Unix Variant?

They use an internet explorer plug-in to read your document. Essentially the same as if you sent a PDF or flash document.

Or, alternately, you can just turn the darn thing off for that message.

As for it being "easily circumventable"--while you'll always be able to pick up a digital camera, they can (at least on Windows) block the text-select and print-screen functions, which will easily take out most of the easy ways of cirumventing this.

It's impossible for it to be "uncrackable", but MS can make it too hard to bother for the target audience.

Re:And non- Windows-2000+ platforms?

[_|()|\|]

totally non-enforceable without community buyin

If you're familiar with DVD restrictions, this is like CSS, which uses encryption, rather than region encoding, which uses the honor system. If some idiot sends me one of these messages, it will look like gibberish, probably preceded by an advertisement encouraging me to register for a .NET passport account.

I don't think "enforceable" is the right word, here. In my mind, this is less about forcing DRM on us, than it is about embracing and extending for the platform lock in you mentioned. Just as IE bastardizes the Internet, Outlook bastardizes email. It's bad enough when I get a five-line memo as a Word attachment. Now that memo will be encrypted and restricted as company confidential. A VP of something will like that idea, effectively forcing me to use Outlook and Windows.

Re:And non- Windows-2000+ platforms?

[stephenbooth]

They use an internet explorer plug-in to read your document.

I wasn't aware that Internet Explorer had been released for Linux and BeOS. I read somewhere that you can run IE under WINE but then i also read more recently that IE 6.x will be the last version that can be installed other than as part of a Windows OS install.

Stephen

Re:And non- Windows-2000+ platforms?

[Planesdragon]

Ah, I mis-read you. Linux, BeOS, UNIX, Solaris, and possibly PalmOS, WinCE, and Apple will all be likely unable to read "IRM" files.

The last three might get readers and/or a native office port, as they're parts of many company's IT systems. But Linux is probably out of luck.

The good news, of course, is that if you're using Linux, your company probably won't get Windows Server 2003, and thus won't be able to use the "IRM" system.

Re:And non- Windows-2000+ platforms?

[jafuser]

So, what happens when you want to send the e-mail to your family, who run Mac/Win 95/Win 98/Linux/Other Unix Variant?

MIME.

When you send email, it gets several mime layers.

There's usually a plain text segment which says something like "This message has been MIME encoded". I think some smarter email clients will put the plain-text version of the formatted text in this segment.

There's a formatted text segment, which I think is usually tagged as as text/html.

And with the new DRM thing, it is another MIME segment which contains the message itself, while probably using the text/plain and/or text/html segments to remind you to "upgrade" to Office 2003 if you use one of the restrictive options.

I'd hope that if you use none of the restriction options, it would just send the message in the text/plain and/or text/html segments, but who knows...

Re:And non- Windows-2000+ platforms?

[pwagland]

So this is then meant to mean that you would never want to send private e-mails to friends and family then... The case in point here was Claire Swire... she was sending an e-mail to a friend.

How would this of helped her?

Actaully...

[cnelzie]

The new controls features a new piece of equipment that is to be connected to the side of the PC. What is does is permanently blind you after you read a 'protected' email message. Of course, it also cuts off your hands and your tongue, so there is no way you could possibly ever duplicate or transmit the email to another.

What about 'nix clients?

[erioshi]

How will DRM email respond to being opened in 'nix clients? Also, since I assume the "document viewer" will be a Windows program, will it run under WINE (or some such)?

The answers to these questions would be interesting. Office 2003 may well make using 'nix desktops in a MS 2003 shop more dificult. It may also keep Office 2003 out of existing mixed environments.

I doubt it works

Just send the correct events to the window to enable cut/paste/print.

Sounds like it will only work between Outlook...

[daBass]

...so get ready to send those "you idiot" emails to dumb users that decide it's a good idea to send "protected" emails to those without Outlook 2003.

I for one will be ignoring any emails I get this way.

Two tier email system

[Simon+Woodman]

Is this going to be the start of "two tier emails"? i.e. those that any email client can read and those that only an MS approved/DRM enabled client can read? Surely this is a _bad_ thing? I don't want to have to read some of my emails with one client and some with another!

What are the implications for those running email clients on other platforms? Are MS going to make viewers available for Linux?

S.

Re:Two tier email system

Are MS going to make viewers available for Linux?

Having procmail redirect all MS docs & html email to /dev/null works fine for me.

Some facts

[Some+Bitch]

Ok, this thread is full of people assuming MS are dumb. Monopolists they may be but dumb they're not.

1. IRM allows you to block forwarding of a message.

2. IRM allows you to block printing of a message.

3. Cut and paste is disabled for protected messages.

4. You cannot get round it by using a non-MS mail client, the client will simply not be able to open the email at all.

5. Screenshots are feasible but how many large corporations filter images in email sent externally? I know we do!

This is not going to be as trivial to work round as many are suggesting.

Re:Some facts

Install VNC.
Use another box to VNC into it.
View email.
Press Print Scrn.
(Optional) Use OCR for plain text

Re:Some facts

[vrai]

Solution - throw together a little app that screen caps the message window and pipes the various text fields through an OCR program.

Result - point-and-click copying of these alledgly 'protected' emails. Remember if you can see or hear it, then it can be easily copied.

Re:Some facts

Also, if Office 2003 can be under WINE (big if) it should be pretty simple to modify the source to ignore disabling cut/copy/printscrn stuff.

Re:Some facts

[0123456]

PHB solution: force all users to wear blindfolds while in the office so they can't read the mail they've copied.

Re:Some facts

[Bakaneko]

How about un-MIMEed UUENCODED text conversion of the picture in the general body of the email? Sure, average Joe may not be able to do this, or at least, not till he's shown.... once.

Re:Some facts

[mitheral]

re: Screenshots are feasible but how many large corporations filter images in email sent externally? I know we do!
Are you filtering BinHex and UUencoding even if they are not tagged as such. How about zipped text files? Word documents with embedded images? Do you frisk your employees at the door to make sure they don't have camera phones on their person? Unless your employer is CIA/FBI/DOD like circumvention seems trivial.

Re:Some facts

Or use a black marker to write down the note...or hold the shift key...or download some "rogue patch" to unblock it. You give these marketoids more credit than they deserve. History isn't ever on their side.

Re:Some facts

[Inode+Jones]

If I reply to an email, will I be permitted to edit the quoted material (say, to cut down on the quoted material?)

If so, to what extent will cut & paste work?

Re:Some facts

[tnak]

5. Screenshots are feasible but how many large corporations filter images in email sent externally? I know we do!

This is not going to be as trivial to work round as many are suggesting.

Ever hear of Optical Character Recognition?

Re:Some facts

[LordSah]

cut and paste does not work with Outlook DRM protected emails. If you reply, the reply note has a blank body.

Re:Some facts

[Haeleth]

> Ever hear of Optical Character Recognition?

Okay, and then the next version might display all text using CAPTCHA-style distortion to baffle OCR software. Wouldn't stop you typing it all in again, but the idea here is to make copying this stuff impractical, not impossible.

merge of e-mail and document management

[kon_ig]

This is what this new feature really is.

In our company, when I want to send out some confidential document, I copy it to a special document server which has all restriction access built it, and send out a link. However, many people are too lazy to do so, as it is much easier to simply drag and drop a document to Outlook window.

Granted, i cannot restrict what people do with my document once they download it from the server, though if need to, I can create PDF document with cut/paste and print restricted. But you can still send it out for other people to see, and it can't expire.

What this new feature supposedly does it merges these two systems - regular e-mail and central server-based document management - into one.

Therefore, I think this is a good feature in a corporate environment, that is.

The real agenda?

[femto]

from the article:

>Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003.

Why would one need a special reader if email standards are adhered to? Presumably this is an attempt to hijack the email system by getting all Office users to send email in a format which is unreadable by non-Office users. The only way to read email from a windows user will be to get a copy of Office 2003.

Personally I will be replying to all such emails with a polite message that the message got garbled in transmision and could the sender please fix the problem in their system.

Re:The real agenda?

[thejackol]

Yes but we know now that we'll never get to see 'protected' documents from Outlook users. There won't be an Unix version see.

I'll be doing just what you do. Reply with a polite message saying "Please stop using Outlook. It's got a serious bug that Microsoft has not and will not acknowledge. I cannot read your message.".

The bug being the product itself which is not standards compliant.

Re:The real agenda?

Really? Considering that people have to opt-in to protect their email I bet you won't have much problems. Microsoft is not forcing anybody to use this. This protection is better suited toward other businesses who want to have some kind of control of internal email. My guess is that business requested it and Mirosoft answered.

Re:The real agenda?

[MultisSanguinisFluit]

One can adhere to e-mail standards and still require special readers...

The MIME type for these messages is "application/x-microsoft-rpmsg-message".

Re:The real agenda?

Just like Microsoft didn't opt its users into sending HTML email by default? Sure the check box will default to unchecked to start with, but once users are used to seeing it there the default will be changed.

All email will then be sent in Microsoft DRM format. The default permission setting will probably be 'uncontrolled', so users will not even be aware they are sending a message in DRM format that requires a special program to read it. (How many newbies sent HTML email, and didn't even know that HTML existed, in the days when many clients could not read HTML email?)

Re:The real agenda?

[femto]

My mistake. I meant to say 'The only way to read email from a windows user will be to get a copy of Windows'. Do you think MS will be releasing a Linux version of the email reading program?

Re:The real agenda?

[praedor]

But you are blind to the real agenda: kill off whistleblowers, the only true heros in the corporate/government world. A person with actual ethics and morals would spill the beans on M$ illegalities (or DOJ unethical behavior, or Administration illegal behavior). M$ seeks to make this impossible as all internal emails will be unprintable, unforwardable, uncopyable.

There is no legitimate purpose for this other than to kill the ability of people of ethics standing in the way of unethical behavior. M$ wants to get away with murder (and the DOJ and Administration would be all over this too - no damn undesired leaks, just the officially OK'd leaks about CIA operatives for political gain).

I WILL start carrying a small digital camera with me whenever such nonsense becomes commonplace in any organization. M$ will NOT stop me from being a whistleblower should I ever come across any unethical/illegal activities within ANY organization I am a part of.

Re:The real agenda?

More significantly: Do you think the Windows version will use some obscure API so that it doesn't run under Wine?

Re:The real agenda?

I can think of a few reasons why I would not permit this system in my business:

Hate mail: If a (criminal) employee sends another employee hate mail or simply inapropriate mail that (s)he can't print, forward or save the company will be sued (eventually) for creating a hostile work environment.

Legality: Self destructing communication is almost certainly illegal where it concerns the company's finances, policies, environmental records etc.

Security1: A false sense of security will encourage people to write e-mail that they would NEVER put in open communications.

Security2: Employees will be able to mail items such as source code, to trusted recipients while making it hard to detect the content of the messages or prove it later.

Security3: Rights management implies encryption or it is readily circumvented. Do you want your company's essential and confidential documents encrypted and managed by Microsoft software? What happens if the system administrator gets a bug up his/her but and encrypts the whole lot with a truly random key and quits? Trust the backdoor? Did anybody out there lose data on a Win2000 or XP encrypted folder because you forgot the key or re-installed the SW? What if the SW is faulty and corrupts the document database?

Security4: What about a virus or worm that exploits some 'feature' of the system and it kills your mail system or the patch makes it incompatible with earlier versions that inadvertently expires your entire document database?

Security5: If the message arrives encrypted I can not scan it for malicious attachements. The intended recipient opens it and executes the attachment. Back to square one with incoming viruses. I would like to bounce all encrypted incoming mail with a polite meassage asking that the mail be re-sent in a standard format.

Except for the encryption issue, all the points raised here have solutions but it makes my life more difficult. Also, the existing e-mail system is not broken so why fix it. Secure mail through PGP is possible, easy and dare I say it? Really secure.

There was a time when a company could not safely fire its DP manager or senior programmers. I see that state of affairs coming back to haunt us all.

Re:The real agenda?

[Tyreth]

Do you think that wine users will really want to run this? I'd much rather reply telling them their message was garbled, making it hard to adopt Microsoft software, than trying to bend to MS's will.

Halloween documents

Does it mean that we won't see them anymore ?

Bad design or impossible dream?

[Simon+Lyngshede]

Yet a not wonderful DRM tool that only works because it's not open source. The copy paste functions are being disabled for protected email... okay, so what if someone writes a client that doesn't disable copy? Oh wait, they can't, Microsoft won't tell them how. I havn't seen one DRM solution from Microsoft that would work if it was open source. Most of Microsofts security is in the restriction of the source code. Sorry but this just not good enough. Im not sure that you could write an open source DRM system, but we don't really want it anyway, so we lose nothing.

Re:Bad design or impossible dream?

[LordSah]

You'd have a tough time writing an open-source DRM system. That would allow anyone who could see the source code know where the real bits lie, and hack together their own non-DRM'd client to read DRM'd data.

There isn't any getting around that--the unencrypted bits are stored in memory at _sometime_, and somebody could get at them if they knew the source code.

How it probably works

[DaleP]

I suspect what happens is that when a 'protected' message is sent, M$ encrypt the document and upload the key that was used to protect that document to a central server (hence the need for a Passport) along with the details of the people that the message was sent to.

When the recipients want to read the message, they connect to the central server (using their Passport) and the server sends them the key.

The document probably includes the IP/name of the server to connect to as an unencrypted field so that large Corporate clients can manage there own security (with the help of more expensive software from M$).

The only other option, is that the key is just embedded in the client software, but that really sucks. So my guess is that you'll need to have a network connection to read the mail.

Still the fundamental flaw with the system is that the client MUST be provided with the key at some point (since the documents are never sent to M$). Hence, it must be possible to write software which just connects to the server, authenticates using the users Passport, gets the key and then just ignores the access controls.

Mute the world

[LittleBongoMonkey]

I just see the next wave of Worms setting lifetimes on all my email to 0 and blocking all incoming mail from people in my office. Genius.

You know, I use something like this

[Theatetus]

But it's called GnuPG. It keeps people from reading my emails if I don't want them to. Come to think of it, it's on by default on Evolution and Mozilla mail.

Two Words

[jcrash]

Print Screen

Re:Yeah, and it'll stop paraphrasing too. Not.

[BenjyD]

Of course, it will if MS makes wearing a DRM Helmet part of the EULA.

Protection already bypassed!!!

[davFr]

From Reuters and AFP:

PARIS 9.00 AM. Today a Ph.D. student announced that he had discovered a technic to bypass new 'e-mail control' features in Microsoft's Office 2003. The student described in a published whitepaper how he found out that the 'email control' protection is circumvented when pressing a single key on the keyboard.
Later in the morning, Microsoft announced that thanks to DMCA the exact position of the key on the keyboard will remain unpublished, and the protection is still safe to use. Nevertheless, a patch is scheduled for early 2004...

What's to stop..

[MImeKillEr]

.. someone from simply highlighting the entire text of the original email and composing another email with all the information - and none of the restrictions - and then sending this to everyone?

If you can read it, you can circumvent this.

Can someone let me know

[bahamat]

...what the headers are so I can get a head start with procmail recipies?

That's really fatuous.

Trying to make bits uncopyable is like trying to make water not wet.

No, but you can make it difficult to copy them, possibly even provably difficult.

Anyone with some spare time on their hands can crack a public key/private key exchange - all's you gotta do is factor that big product of primes. And no one has even proved that that's a hard problem in and of itself, yet there's a whole industry built on the faith that it is.

Re:That's really fatuous.

[Ben+Hutchings]

Surely someone can find out how to do the decryption by running Outlook 2003 under a debugger, then write my own client that does the same thing. Alternately someone could modify Outlook to remove the permission checks. Maybe there's anti-tampering code there, but this has been done so many times before in copy-protection and has generally been cracked before long. Until they can store the secret keys in hardware (which will probably happen soon) this isn't going to work.

W3K??

[nahojd]

Somehow I doubt that W3k is a good abbreviation for Windows 2003. You know, it is Windows 2003, not Windows 3000...
You'll have to wait a couple of years for W3k.

Re:W3K??

[leifm]

Yeah, a couple is right:)

Recall

[pheared]

I love when I get an e-mail from someone on Windows saying the message they sent has been recalled.

My mbox doesn't seem to care though.

Why???

[Rutje]

Can *anyone* thing of one single example of an email that may not be forwarded by the recepient??

Re:Why???

[stephenbooth]

Those chain emails where you have to forward it to 10 people within 24 hours or your cat will fart and cause your house to fall down on the same day that all your relatives die and the IRS repossess your car because they cocked up your tax records. Forward one of those to people you hate but ban then from forwarding it.

Stephen

2 words

[redcaboodle]

>CTRL-C CTRL-V
Wihich probably means I'll now get sued for breaking a protection scheme like that guy who told everyone about the spacebar.

Re:Yeah, and it'll stop paraphrasing too. Not.

[cmj]

If I can see it I can get it out of the computer.

Try copy/paste. If you can't copy the text content then how about a screen shot (Alt-Print Screen). Until the OS only runs signed drivers and doesn't expose this stuff over remote control apps like VNC or Windows Terminal services there's always going to be a back door.

Since the idea doesn't seem to be to completely protect against a smart user it would appear that they're just trying to cover the casual forwarding along by managers.

In any case I know that I for one have no intention of accepting mail like this. "Sorry, my IT department won't let me install that software" is going to be my flat response to any mail in this new format. :)

This is a Good Thing

[4of12]

Why?

Because it introduces people to the molasses and chains that are DRM.

From this experience, more people will be in a position to recognize TCPA for what it really is.

Re:This is a Good Thing

[Dalcius]

I don't know. Knowing Microsoft, they'll keep this pretty transparent. Sure, folks will get curious when they're denied access to forward an email, but the dumb ones will assume they're breaking the rules, leave it alone, and the smart ones will just copy and paste.

This could be bad.

Passport Required...

[webzombie]

Ok maybe I missed something but when Microsoft LOST the "trial of the century" and was declared a monopoly, one of the restrictions placed on Microsoft was that they could not require the use of one application/service to promote another application or service.

So, if now certain functionality of new applications requires Passport, a separate service/application, then isn't Microsoft in violation of the judgement?

Seems top me that MS has adopted this bury the requirements for other products and/or services within the application's functionality and this trend seems to be appearing throughout their product and service lines.

Re:Some facts - Snagit for Windows!!!

Ever heard of Snagit for Windows...

It's got a handy dandy "Text Capture" which can grab any text from ANY window and put it to a file, clipboard etc...

ta da... text copied! RM defeated... bingo!

Congratulations

The rights control feature in Office 2003 depends on having an intermediary computer system with Windows Server 2003 and a software package called Rights Management Service installed. - New Scientist

Congratulations RMS, for finally destroying Microsoft!

-- do not copy, print or forward this message --

Very suspect...

[BrokenHalo]

The claim that they won't decrypt content smacks of "he doth protest too much".

The fact that they are raising this issue says to me that I would be damn stupid if I left a critically important and/or confidential document in their hands.

Furthermore, there is nothing stopping me from setting up a filter to reject emails sent under this protocol. If anybody really wants to communicate with me, he or she can do it in plain text or not at all.

Re:Very suspect...

[Malc]

"Furthermore, there is nothing stopping me from setting up a filter to reject emails sent under this protocol. If anybody really wants to communicate with me, he or she can do it in plain text or not at all."

So if it's company policy then you're happy to look for a new job? If it's not a business environment then these features are unlikely to be that common, and so not something to get worked up about.

Re:Very suspect...

[Kevitt]

So if it's company policy then you're happy to look for a new job?

yes

RTFP[osts above.]

RTFP[osts above.]

great but what of ctr+c ctr+v

[edoug]

aside from controls, does anything prevent cut and paste or print screens? doesn't seem to matter much if u can still move the content...

Re:great but what of ctr+c ctr+v

This feature is meant to please the suits in Corporate America. Not like then know about ^C and ^V.

Re:great but what of ctr+c ctr+v

[myz24]

Funny, just got back from a presentation on this. No, you cannot copy n paste or do a print screen or any kind of desktop capture.

I asked about those who do not have outlook and the lame answer I got was, "I sent an attachment to someone once and it wouldn't work." That was their answer! So evidently Outlook 2003 does break the ability for others to read attachements. Can I assume then that this feature sends the message as a specially crafted attachement? And that I a Mozilla Mail user can't read it at all? I guess that does prevent me from forwarding the message or anything else.

Also of note is it's ability to send InfoPath files directly to others. They claimed it would show up as an HTML message if you didn't have InfoPath, but I would assume you need Outlook 2003 anyway.

Bottom line, I walked away from the conference feeling like I had just found out I only had a few months to live. There was no mention of compatibility between Office versions nor non office users. It's a forced upgrade through and through, if you for some reason decide to update to Office 2003 and you do business with me, it won't be long before I must upgrade as well and so on and so on.

Just create new email, and type in the sent one

[anti-NAT]

Much simpler than screen capping etc.

Or have Microsoft stopped you from creating a new email while you are reading one you have been sent ?

Re:Just create new email, and type in the sent one

[anti-NAT]

Even better, have they stopped you from running another email client to send a typed in copy ? I doubt it, although this _is_ Microsoft.

Re:Just create new email, and type in the sent one

Yeah and now instead of accidentally pumping out confidential information you willingly pumped out confidential information.

Nice going dumbass, instead of having an excuse (Woopse I added joeblow@pr.com by accident since the first half of the message pertained to him)you're now fired.

One solution for rights' management in Email

[bs_02_06_02]

Plagiarism.

portable e-mail & signing/encrpting & repl

[hrbrmstr]

I wonder how all those folks who have RIM devices will feel once they need to buy a new device that can understand the new DRM (since I really doubt that the existing RIM's will support it). And, if the RIM can't understand the new DRM, then there will be much angst on both the part of users and the device manufacturers.

we (large F100) have been doing our own CA for a while and have trained users in how to do digital signing/encrypting of their messages using the cert on their USB tokens. the ones that do bother either screw it up or tick people off who haven't figured out how to do it. the usage % of the signed/encrypted is also extremely small *despite* the fact that it's one freakin' click. M$ may have gone one step further with the DRM part, but folks will still be too lazy/stupid to use it.

and, finally, i would encourage someone who deploys W2K3 server, the necessary Exchange rev, and O2K3 to submit their first occurrance of a DRM-enabled "reply to all" message that some idiot sends out.

i like the idea of message control (especially *within* an organization), but would have like to see some type of standard developed with both open and closed source choices for implementation rather than M$ be the only pace setter.

Who do you serve, and who do you trust?

Cryptography is a means, not an end. PGP and similar systems exist to provide security to both sender and recipient against third-party attacks. After decryption, the recipient may do with the data as he wishes. The Office 2003 DRM, and all digital restriction management systems, exist to provide security to the sender against the recipient. One provides mutual benefit; the other unilateral control.

If you don't see the difference, you need look no further than the last version of Office. Outlook for years has supported X.509 certificates. (It also deserves mention that PGP and X.509 are open standards and widely interoperable, while Microsoft's DRM is proprietary.)

If you are being investigated, a court order will result in the police getting your GPG/PGP private key anyway, so that argument is out...

It isn't the LEOs people are worried about. If Microsoft can decrypt messages by court order, it has the ability to decrypt messages at any time. Whether this is done via escrow or a master key, it inherently weakens the cryptosystem. If the police want your PGP private key, they don't go to PGP Corporation for it, because PGP Corporation doesn't have it.

Typical slimy behaviour

[swordgeek]

Look, can we put the DoJ onto this NOW, rather than after MS releases it? Clearly sending proprietary format email violates the MS anti-trust settlement, and if we get someone working on it now, we won't have to deal with this piece of shite.

There is nothing here--NOTHING--that can't be done with existing protocols. PGP anyone (or GPG if you prefer)? I seem to recall that it had a 'read-don't-save' flag that you could set.

Furthermore, this won't help anyways. Hasn't anyone heard of screencaptures?

This new "feature" has no purpose other than to lock people into MS Office even further. It's a political trojan horse.

PHB can now FULLY control their pawns, er, employe

A PHB in a brokerage firm wants to do a risky stock deal but not blamed if it bad.
So using Outlook 2003 he sends an email to an employee to buy 1,000,000 shares in SCOX thinking it should go up higher the next week or so. "Do it now or else you are fired" says the message. The PHB also sets the message to expire in 7 days.

If SCOX stock goes up: the PHB can take all the credit. after all it was his idea...

If SCOX stock tanks: The PHB deletes his message from his sent folder. The employee has no proof since the email expired and is fired. Another bad employee taking outrageous risks...

OT Re:Cutting and Pasting

[RetroGeek]

-- Convoy? Michael you're hanging around with a person who uses a collective term for a single object..

Sort of like multi-media. It SHOULD be multi-medium, or just media, by hey, you cannot argue with brain-dead talking heads....

Yeah, it's all of the keys on the keyboard

[anti-NAT]

My post on how to get around it

click

Wonderful tool for all the Enrons and Worldcoms

[NoSuchGuy]

What a wonderful tool for all the Enrons and Worldcoms and all the PACs out there.

• A public company sends it's SEC documents to SEC. Settings: Open next next day at 10:30 am.
  
• An analyst got this mail with an other setting: Open once, then destroy mail.
  
• This analyst can mail the CEO/CFO of this company that he will rate this company as "strong buy". The Settings are: Not printable, only visible for 24h - then delete
  There is no evidence of insider trading. "Evil managers" get a "secure" tool to do evil things. Without a proof the is no court case!
  
• I blackmail a company for baby food. Settings: not printable, read only once, delete after 120 seconds
  
• A big big company/lobby organisation mails a politican: "Hey make this law like we mailed you last year and we donate you 200k USD" Settings: not printable, read once and destroy mail

These are only some paranoid ideas, I think you got your own ideas.

NoSuchGuy

Sweet

Now I can prevent my Nigerian mail scams from being forwarded to security and my spams from being forwarded to spam corpi.

And what about disabilities?

[241comp]

So, what about those who are disabled? Will screen-readers be able to read these documents? If not, will major corporations bother using this? If so, what's to stop the screen reader from placing the content on the clipboard or in some other usable place?

Re:And what about disabilities?

>what about those who are disabled?

We get closer every day to just letting them die in the streets like stray dogs. Maybe if they're humane about it they will build concentration camps, but my money's on abandonment.

gnupg

[sdibb]

When I read this "Microsoft says this is in response to concerns from its customers about how to prevent sensitive information from falling into the wrong hands." and this "Forwarding is obviously the key issue," said Mr Pryke-Smith. "This puts control into the hands of the person sending the e-mail, as opposed to allowing the proliferation of messages.", the first thing that came to mind was, wouldn't GNUPG solve this problem? You encrypt the email with someone's key, so only they can read it. Theoretically (not technologically) isn't it the same idea?

Re:gnupg

[alecto]

You encrypt the email with someone's key, so only they can read it. Theoretically (not technologically) isn't it the same idea?

Until they decrypt it . . .

Anyway, attempting to stop leaks is pretty much an intractable problem. If there's a smoking gun memo, the fact that the author attempted to lock it with IRM will be just one more piece of information that leaks along with the memo itself.

Bill? I never knew?

[Aetrix]

In this picture what in the world is Bill holding in his hand? Bill - you nicotine fiend! I didn't know you were a smoker! Maybe this is a stock photograph from an image archive of Phillip Morris and Microsoft "Axis of Evil" merger discussions.

Mike Pryke-Smith

[ChicagoBiker]

Mike Pryke-Smith

Ok, so lemme get this straight, the guy hypenated his name so it a) appears lower in the directory listing. Or b) becomes the most common sirname in the United States?

Ok there's always c) Mrs. Smith is not only his wife but his dominatrix and if he wanted to get that red rubber ball out of his mouth he had to do it once she OwNeD him.

Re:Mike Pryke-Smith

[mitheral]

His parents probably couldn't agree. I can wait until the theissen-smiths, cox-arquettes, and carpenter-wilsons start getting married.

md5

[sdibb]

I just encrypt all my outgoing email's with an md5 hash. That way, nobody's gonna snoop on my messages!

Re:Yeah, and it'll stop paraphrasing too. Not.

I'll forward it anyway. Bochs.

IRM and Email?

[utlemming]

Does anybody know if you can mail an IRM email to a non-IRM email reader -- ie, Outlook to Pine? I mean this looks like a rather bold attempt to hijack a good portion of the email readers. If you think about it, if companies start to require IRM emails, then that will trickle down to the home user. Following the same logic, then people could be forced to switch away from their tried and proven email clients to a M$ one. It just stinks of problems for me.

ack!

[1eyedhive]

i gave up on outlook back with O2k, my dad still uses it (he's too damned attached to it, and it does run his one man business), otherwise i use eudora (win2k), squirllmail (anywhere) or Evo on the penguin. this is a bad thing, glad i don't do MS, i have a feeling that my pal over at bitdiddles, who installs windoze servers for a living (him = MCSE...) is gonna have a field day with this one. I'll just stick to OpenOffice thank you, does everything M$ can do and is faster, cheaper, etc and outputs PDF without even thinking.

"Sorry DOJ...

[wingspan]

...we can't answer your subpeona with any e-mails; we can't read them."

"Because forensic examination of the subject's computer failed to find any evidence of child pornography distribution..."

Of course there is a back door. Attorneys in civil suits and law enforcement need it.

Oh crap!

I am a researcher who has blown a huge hole in the Microsoft IRM technology in Office! [Prt Scr] + [CTRL+V]

What, you say? They'll release a patch to prevent me from using Print Screen? Good thing digital cameras take good pictures of LCD monitors.

Or, even worse, I can use a pen and paper to copy the document manually!

Then again, this is Microsoft... can we really expect them to store this in memory in some protected form? (maybe they will, but I doubt it)

And I wonder if this runs under Linux... maybe the viewer will work under Wine, but who knows.

Crap the Microsoft DMCA lawyers are after me...... aaaaaargh!

Plausible deniability

[dubstop]

I think that the point is that, yes you can copy the text (by hand, OCR, or whatever), but when you do that, you remove the headers, and thus any association with the original sender. Headers can provide legal evidence of sender and recipient, and can prove a chain of communication existed. This is as much a plausible deniability tool, as it is a secrecy tool.

Microsoft has been burned a few times in court cases due to emails. That wouldn't have happened if either the emails themselves had automatically become unreadable due to expiry, or if it was simply the text of the email, without the incriminating headers. Without the headers, the text of the email is just hearsay.

Re:Plausible deniability

[Lehk228]

I do not doubt your claims although it is totally asinine seeing as email headers can be forged and truely any digital record is open to tampering

I found a workaround!

[ClarifyAmbiguity]

Copy + Paste.

Yet another reason...

[ENOENT]

to call people who mail Word documents idiots.

Biggest Outlook Beef

[Chanc_Gorkon]

Besides the holes they have had (which are patched), my one beef about Outlook is that you cannot, so to speak, unpatch the patch. I had someone wanting to send me a EXE file and bloody Outlook has NO WAY that I can find to temporarily disable the blocking of EXE attachments. Probably the easiest way around it is to have the sender resend to a Hotmail account, or send you the exe in a zipped format. I realize why they block exe's (mostly to protect stupid users from themselves), but why can't I disable it for like 10 minutes or so and have it re-enable itself or something. This is a royal pain in the butt when your trying to get something done.

Re:Biggest Outlook Beef

[txsable]

Try Attachment Options from Slovak Technical Services. I have had need of this ability since we patched our Office 2K installs to SP1 (or was it SP3?), but the shareware app from Slovak allows you to un-block certain extensions (or all extensions) to a prompted level instead of a "can't find the bloody attachment even though it's still taking up space" level. (Disclaimer - I do not work for nor have any connection with Slovak Technical Services, just a happy user of their product.)

Re:Biggest Outlook Beef

[mitheral]

Or how about email for messages and FTP for file transfers. :)

Re:Biggest Outlook Beef

[Chanc_Gorkon]

FTP does not always work...especially when the vendor e-mailing you the executable is mailing you something that is nto for the general public....it's only for folks having the issue. There are GOOD reasons for keeping things like this out of the hands of the clueless user reading the web page and good reasons for mailing executables. The virus proliferation by clueless users is why mailing executables got a bad name.

Re:Biggest Outlook Beef

This is for Outlook 2000. Not for 2002.

the future is elsewhere

[jbeamon]

Let me inquire from a crowd that would know.

How often in the Star Trek universe, from which we derive designs for membrane keypads and restaurants and flip-top cell phones among other things, does one hear the terms "intellectual property", "rights management", "file permissions", or any other such claptrap? Not that I worship at the feet of Roddenberry, but the general sci-fi vision of the future is usually more predictive than fantastical. I find that "access denied" occasionally answers requests for ship schematics or command functions, but even personal logs and communiques are commonly shared on these shows. Just curious.

Re:Yeah, and it'll stop paraphrasing too. Not.

[Guido+von+Guido]

Hell, take a picture of the screen with your digital camera...

I own a SonyEricsson T610

[gsfprez]

so this DRM thing really couldn't stop me much.

(hint: it has a built in camera)

Sounds like it is really to stop legal Discovery

[jbs0902]

Let me see MSFT gets embarrassed over old emails in a few lawsuits and suddenly they come out with an email program that self-destructs email and won't let other people read/forward the email. It sounds like a CYA feature for MSFT to say what they want and keep incriminating statements out of court.

Imagine how much the tobacco companies would have loved it if their reports and internal memos could have been kept out of court. (Not that that would have stopped billion dollars jury awards. Public opinion had turned against them.) That is just one example.

It seems like we are entering an era where "smart" companies will be able to hide their criminal or tortious behaviour using DRM. "Sorry your honour. I'd love to open that email as you ordered, but it can't be printed or forwarded, and the other emails ... well damn if they just didn't delete themselves. I want to obey that court order, but this computer? (shrugs)." So, it will be harder for people to police corporate behaviour, and it wasn't easy to police when you had discovery of internal memos.

Re:Yeah, and it'll stop paraphrasing too. Not.

[statusbar]

Yes, either this feature breaks Windows Terminal Services, reducing the functionality of the whole system - or it is ineffectual.

--jeff++

Keeping e-mail out of the hands of lawyers

[eric76]

Maybe Microsoft just wants to keep their e-mail from falling into the hands of opposing lawyers who might use it against them.

I can see it now.

But your honor. We did give them all of the e-mail they asked for in discovery. They just don't have the digital rights to read some of it. And there's nothing we can do about it.

Re:PHB can now FULLY control their pawns, er, empl

If you are willing to take actions that could have major legal or financial ramifications, just on a verbal agreement or an email, you should understand the risks and cover your ass accordingly.

"Do it now or else you are fired" should be the last conversation you have with ANY supervisor.

e-mail will self-destruct on pine or evolution?JA!

[garaged]

Obviously they are tring to force companies to use e-mail services from MS too !!, I need a passport to send an email ?? damn no !!, I do have one, but I dont care about it, I have it because I made a hotmail account before it was from MS

so, is my evolution going nuts after I recieve a "restricted" e-mail from any msOffice 2003 ?? , I dont think so

So lets stop this madness

It seems to me that MS is counting on the rest of the world to allow the extension to go unfettered. If enough of us choose to stop it, it will flip this whole thing on its arse. Lets start configuring mailservers to bounce any emails send with this kind of attachment. While we are at it, lets get mozella and other mail software to do it too. They can bounce the message with something along the lines of "This message contains encoding that is not compatible with this mail server. You will need to resend your message without the DRM for it to be processed." Short, sweet, and will be enough of a pain to stop it. Especially if AOL / Yahoo were to get on board with it.

Finally!

[Angst+Badger]

This will put a stop to unauthorized transmission of information too stupid to cut and paste! It's about time Microsoft moved to punish the clueless market segment.

Oh wait, they've been doing that all along.

In all seriousness, though, I wonder if the decision-makers at MS know that this is a useless feature being used as marketing fluff, or if they really are dumb enough to believe their own hype.

Typical MS "innovation"

[cyberformer]

Lotus Notes (now Domino) has had this "feature" for five years!

Now, I hate Lotus Notes as much as the next person who is forced to use it at work, but I think Lotus deserves credit for this. Its documentation even says that it is "not a security feature", because it is so easily bypassed. Contrast IBM honesty to MS hype.

This isn't Email

[onyxruby]

This isn't email, this is a server based document viewing system. Email is a system of forwarding text from one computer to another through at least one email server. It can have attachments, and even shiny graphics. But it is a message that has been sent.

It stores the material on the server, and truely just sends a notification to someone. The notification itself is email, but that's where email ends and DRM begins. Since the email is really just a link to a server where the document can be viewed, it can't be viewed by "untrusted" platforms.

This is why these emails are only accessible by people with certain operating systems that can be "trusted". Since they can never truely lock out any MS OS short of W2K or XP (arguable on those as well), they aren't going to have a client for anything else. Even with these you'll have to have the client DRM software. You know the software that intercepts calls for things like "print screen", the software that could only be written in Redmond?

This is one way for Microsoft to get the masses to install DRM enforcement software. You know that new job your looking at? The one that requires completing paperwork through a DRM compliant system?

There is a reason that this feature requires Server 2003 and so on, it is because it is an interlocking and interdependent license obtainment system. So the question becomes, since this isn't email, what do you call a centralized document viewing system?

Actual E-mail from Network Admin

[ddavis539]

Our Network administrator sent this out last week. Apparantely the new Outlook 2003 client is not backwards compatible with older versions of exchanger server.

Attention All Employees:

Until further notice, Outlook 2003, which was just recently released on the market, should not be installed on any company computer system. It must not be used to access your Outlook/Exchange Email accounts. This applies to all companies, all locations, all laptops, and all home PC's used to connect to your company email. This also includes any new PC's or Laptops purchased that have Outlook 2003 pre-installed. If you now have, or in the future aquire, a PC or laptop with Office 2003 installed, please contact the IT department to ensure that Outlook 2003 is removed and a previous version is installed before attempting to access your email account.

If any individual uses Outlook 2003 to access their email account, Outlook Web Access (OWA) will stop functioning for everyone. The subsequent remedy would require Outlook 2003 to be removed, the email account accessed would have to be completely deleted from the server and reinstalled from scratch, and the server would need to have some components re-installed. That is not a very pleasant prospect.

I understand that some individuals are always excited about having the very latest software available. But there are several previous versions that still provide full functionallity and allow you to effectively perform your job functions. In this case installing the "latest and greatest" software has proven to be very detrimental to our systems. While the permanant fix is not yet available, I appreciate your cooperation in preventing these problems by refraining from using Outlook 2003.

Thank You.

Network Manager

Expensive!

[rob_from_ca]

I dug around until I found the licensing page for Windows Rights Management. You have to have a "Rights Management Service Client access license" on top of the normal Windows 2003 CAL. Which is $37 a seat! That's pretty expensive for enterprise use. Plus if you want to use it over the internet, you need a "rights management connector license", which will run you $18,000 per server. That's a lot to pay for something that basically provides nothing more than peice of mind.

dear moderator,

[LifesABeach]

i must be in rear form today. a second m$ posting, and a second reply to the time sink m$ is becoming.

openOffice has no such limitations. children use it for their homework, non-computer users use it with mozilla to communicate their thoughts.

it looks like m$ is in the process of removing the 'p' in 'pc'.

Email Lockin?

[nurb432]

So does this mean that if my company uses DRM-ized email and a private key server, I cant read it at home on Kmail?

Or if a friend gets 2003 home edition and uses passport for his key server.....

Regardless of any potential 'good' uses, it sounds like an exerting of monopoly power to control a related market.

Email should not be tied to a single vendor, haven't they heard of standards?

What is next, preparatory web pages? ( yes that was a joke. I know they exist now.. ' you must use IE version bla bla to view this web page ' )

What about DRM-ized word documents.. when the powers that be decide I cant have a document that shows how ludicrous gun control is it goes *poof*? ( or anything else that is legal to speak about now, but becomes 'banned speech' later )

Another step away from free speech...

DMCA?

[bitkid]

Maybe that's just my paranoia, but assume for a moment that they implement it in a silly way (instead of mstnef), i.e. with an X-Do-not-forward header or something like that. Then every non-Outlook email program that doesn't have a full implementation of these extensions is a circumvention device (though not for the /sole purpose/ as the DMCA reuqires).

Maybe we should implement that first for Mutt and then we sue MS for circumventing our "security system" :-)

Does anybody know any details of how MS's system works? Is it some special attachment or something like that?

How long are your emails?

[IthnkImParanoid]

Long enough that you couldn't copy it, word for word, in less than 3 minutes?

DRM is useless.

[rice_burners_suck]

I have an idea that can prevent piracy and other digital rights problems: The next version of Windows and Office should present the user with a display that has icons, pull-down menus, and all the other parts of a GUI. But anything the user tries to do, whether it involves clicking the mouse or pushing a key on the keyboard, it will display an error message that says:

DRM Violation: You are not authorized to perform that operation. Your crime has been reported to the BSA. All your base are belong to us.

To avoid legal action from the BSA, write a check for $10,000.00, payable to Bill Gates and mail to the following address, postmarked no later than today:

ATTN: Protection Department
One Microsoft Way
Redmond, WA 92044-7300

Computers that can do nothing and make all the decisions for their users will prevent people from using data. But these computers will be useless. A powerful computer, which allows its user to make decisions, not the other way around, will be truly useful.

For this reason, I think there is going to be an increasingly large backlash against Microsoft and other organizations out there that are pushing all this DRM bullshit.

Re:Sounds like it is really to stop legal Discover

[MadHungarian1917]

Answer to this reply from the bench. Mister X would you please step down and surrender yourself to the Bailiff. Bailiff, Please charge Mr. X with wilful destruction of evidence and escort him to a holding cell. It's magic!, instant criminal charge for what was a civil case!. Thanks Microsoft! To paraphrase another poster Technolgy giveth what technology takes away!

Way around it?

If it just disables prntscrn while that window is in focus, could you not just create an app that fills the screen which is just a huge transparent box? Though I suppose it would just cover the document when its own window is not in focus similar to chips challenge or something.

How to bypass

[Qrlx]

Just hold down the "Shift" key when opening your email and you can bypass all this DRM stuff!

Useful

[praxis]

When working for a company that treats its employees right, when someone recieves and email with red text on top saying "Confidential" and forward/clipboard/printing disabled, they know this information is to stay inside. It's still circumventable for whistleblowers and people who really want to get around it, but loyal employees won't acidentally print it to read on the train home in public, etc.

Re:Useful

[alecto]

If the company treats its employees right, they wouldn't need anything but the text on top that says "Confidential."

Re:Yeah, and it'll stop paraphrasing too. Not.

[ymgve]

Hey, if DRM helmets are one step forward to getting full-immersion VR, where I can have sex with seven ladies at once, I'm all for it!

Re:Yeah, and it'll stop paraphrasing too. Not.

[Peachy]

Come to think of it Steve, I've taken a photo of it with my digicam, here's the jpg.

DRM in email - new fun toy for spammers

[cicho]

I don't know how many people are still fighting spam the old-fashioned way, analysing headers, tracerouting, forwarding results to proper abuse departments. But if a piece of spam comes that you can't copy, print or forward, that avenue is pretty much dead and gone.

Re:DRM in email - new fun toy for spammers

[Thuktun]

But if a piece of spam comes that you can't copy, print or forward, that avenue is pretty much dead and gone.

I had this very same thought, and you can bet that spammers are thinking it.

One word

[Kwil]

Disabled.

Are they using RFC 1911 perchance?

From RFC 1911 section 4.2 (Message Header Fields)

Sensitivity

The sensitivity header, if present, indicates the requested privacy level. The case-insensitive values "Personal" and "Private" are specified. If no privacy is requested, this field is omitted.

If a sensitivity header is present in the message, a conformant system MUST prohibit the recipient from forwarding this message to any other user. If the receiving system does not support privacy and the sensitivity is one of "Personal" or "Private", the message MUST be returned to the sender with an appropriate error code indicating that privacy could not be assured and that the message was not delivered [X400].


Yes it's X400, but there is prior art on this. :) Wonder if they are embracing, or extending....

mmm, julie's tits

i'd hit it.

Clarification

The above ONLY apply if you use Microsoft's public key server. You can run your own server in-house. So the anti-Microsoft zealots can sit back down.

Re:Clarification

Yeah, on the free Windows Server 2003 platform, of course.

From the article...

Whereas Office can cost hundreds of pounds, OpenOffice can be downloaded for free over the internet.

at first when i read that, i thought it said..

Whereas Office can cost hundreds of pounds, OpenOffice can weigh hundreds of pounds.

Re:Yeah, and it'll stop paraphrasing too. Not.

[Nept]

or, here's an attachment of an AlT+PrtSc I took of the email... have fun.

Hope companies don't use this for registerations!

[jbarr]

I can see it now. I purchase some downloadable software and the company emails me the registration information (download URL, serial number, etc.) in a "self-destructing" email.

I later need to re-install the software and "boom" the email is gone. Real nice.

I tend to keep registration emails for future reference. this system could potentially screw customers.

What if I change email providers?

[jbarr]

I like to keep archived email online so that I can easily reference it from anywhere through my web-based email account.

Now, say I change to a different email proveder and I simply want to forward all my email to the new provider for safe-keeping. Not gonna happen if all the emails are "forward-protected."

What about "Web Mail"?

[jbarr]

What happens if I receive one of these emails, using my (non-Microsoft) Web-based email account? Will I be able to read it? Seems like I won't. Yet another example of Microsoft writing their own "standards".

Re:Yeah, and it'll stop paraphrasing too. Not.

[PCM2]

OK, OK, obviously the market for this is companies that are tired of internal emails being leaked to sources outside the company ... competitors, journalists, analysts, etc...

Hearsay like you describe is a lot less damning than having an actual copy of the email.

Also terrorists...

A few articles ago, Linux zealots were compared to terrorists - meanwhile, Microsoft is actively and openly supporting exactly the kind of communication that today's cyberterrorists depend upon. We, as faithful servants of open source, must be sure to put Microsoft's terrorist harboring in the media, or the terrorists will win.

[x] For Linux zealot's eyes only. [x] Post Anonymously

why it's wrong, and why it will be widely adopted

[kipple]

"dear Joe Average Employee,
please do . If you won't do it I'll fire you.

sincerely,

your Boss."

if Joe goes to court then Microsoft COULD unlock the mail - but what if the mail was deleted? How can Joe Average prove what the Boss told him? How can he even compete with the Corporation Lawyers?

And why it will be widely adopted:
- new worms scaring people
- FUDs from microsoft
- new fancy things
- office 2003 will come with DRM enabled by default
- corporations will get discounts on it
- no more support for "older" version ..and there we go.

I'm sorry I have to live in such a sad world.

Ah screw you MS

[t_allardyce]

Microsoft is trying to spread this like a "cancer" (hint hint) as people start down-grading to the next gen of office, other people wont be able to read email from them anymore, this will lead to these people eventually giving up and going to Microsoft. Ofcourse if they think students will pay 120 for that crap then Bill Gates must be on crack, but even if people do pirate it it will like giving in. Microsoft will then tie this into "licensed" emailing to reduce spam and will be seen as the good guys for it.

Just hope we can crack this bull-shit attempt at DRM in record time:P

MOD THIS UP

[Evil+Pete]

One of the few intelligent posts here. Hmmm, the legal stuff itself is very worrying. Wonder what MS's legal team .... oh wait .... marketing rules all, the legal team may not even know about it.

with enough time...

[Dwonis]

I'm sure that any e-mail communication currently going on is encrypted, but with enough time that encryption could be cracked.

Heh. I think that's an understatement.

Yes, this will truly end screwing around with...

[Daishiman]

e-mail. Hypersnap DX and an OCR scanning program. that's that.

Intent

[xixax]

And even if people are able to circumvent it, they are not going to be able to plead "oops" if they get busted. In fact, wouldn't circumventing it contravene the DMCA?

Xix.

copy/paste and screenshots are disabled

[honold]

i went to the office 2003 launch today and learned all about it. they demonstrated that none of it worked.

i didn't, however, see any mention of requiring a .net passport. that would probably be for PUBLIC email that you wanted to control. for internal mail, you run your own drm server against which the mail recipient authenticates.

Re:Yeah, and it'll stop paraphrasing too. Not.

Can't you just cut&paste?

DRM Management?

[JThundley]

Please don't call it DRM management.
DRM stands for Digital Rights Management, and putting management after it is redundant, just like NT Technology, and PIN Number.