E-Mail Controls in Office 2003

TiggsPanther writes "The BBC's Technology News reports than the next version of MS Office will include E-Mail controls which should limit way that e-mail messages can be forwarded. Being tied into the Information Rights Management concept, it might be interesting to see how quickly this gets taken up."

Dialog Box

[Infernon]

We just received our Office 2003 discs yesterday. I installed Outlook 2003 because the vertical-side-panel-snap-together-do-hicky is pretty sweet.
If you use the e-mail DRM service(straight from the dialog box):
- You need a .NET Passport.
- Your documents won't be sent to or stored by Microsoft.
- If Microsoft decides to end the trial, you can access the restricted documents and e-mail for at least three months, as long your .NET Passport is active.
- Microsoft won't decrypt contect protected by the service unless a court order requires it.
I read something about being able to use DRM within an organization, but that it required running some sort of IRM server. Don't know anything else beyond that though.

Re:Dialog Box

[Saxerman]

At first I thought this was a patch to prevent future email worms, but this is just more DRM management. Besides sounding like the Emperor's New Clothes, for this to work wouldn't your mail client have to query the recipient to make sure they're going to pay attention to whatever rules you apply to your forwarded mail? And, of course, query it in such a way that you can't get a spoofed reply forged to look like a legit MS approved mail client?

This sounds like that phone plan where you only get the discounted rates if you get all your friends to sign up with the same plan. Except in this case the rates aren't any cheaper.

Re:Dialog Box

[Zocalo]

Microsoft won't decrypt contect protected by the service unless a court order requires it.

And there you have it. There is a back door in this here DRM technology, "just in case" of course... So not only is this technology flawed, even by DRM standards, but the necessary tools to circumvent it will be hitting your local dodgy site in 5... 4...

Re:Dialog Box

[letxa2000]

Seems like this is pretty silly. Trying to control what a recipient does with email after you sent it is like trying to reconstruct a nuclear bomb after it detonates. It's too late... it's out there and you really can't say what's going to happen.

If anything, this may give stupid senders a false sense of security. They may think "Well, since I put limits on this email it will never get out." Right. What about copy/paste? Ok, they probably disable copy/paste in the window context. What about a print-screen/snapshot of the entire email? Paint Shop Pro would certainly do the trick.

Also funny was the line "Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003." Yeah, I'm sure there'll be one available for Linux. Doesn't matter. If someone sends me a non-standard email that I can't read it goes to the bit bucket. I may or may not ask them to send it again.

Re:Dialog Box

[TedCheshireAcad]

The free viewing program is brilliant.

Phase 1: Create an e-mail format only your program can read.
Phase 2: Use that leverage to force organizations using the products of your competitors (e.g. Lotus) to switch to your product.
Phase 3: PROFIT!

Re:Dialog Box

[Tin+Foil+Hat]

I don't think that there needs to be a way to query the recipient. Probably this will entail some sort of public key encryption system ala PGP, but unlocked by that ever secure .NET Passport instead of something that you control. Included in the encrypted message will be rules that state what the client program may or may not do with the message, including reading, replying, and forwarding. Apparently, the message may also contain a 'self-destruct' order that instructs the client to destroy it's copy if it meets certain requirements. Who knows if it's only the requirements set by the creator of the content.

Now, this only works if the client plays by the rules. To ensure this, only Microsoft created clients will be able to read the messages. Well, that's the idea at any rate. I leave it to you to ponder whether or not Microsoft's new system can be broken.

Now, having gotten the method out of the way, this brings up some serious issues for we in the OSS movement and for society at large.

Microsoft has stated that there will be a free viewer available that can read these messages. Note that's a viewer, not a true email client. Users of this viewer will not be able to send messages in the same fashion. It is very possible that they will not be able to do anything with the message other than view it, regardless of whether copyright controls contained therein allow for forwarding. Obviously, if you want to be able to use the messages sent to you by someone else, you must use a Microsoft product. That means that you must run Microsoft Windows. Given that Microsoft only makes software for Windows and Macintosh, and will be dropping support for the Mac, I must conclude that this is simply yet another way for Microsoft to control the market, and stifle competition.

Finally, to satisfy the requirements of my moniker, I should point out that Microsoft will be able to read these messages via it's Passport system. Therefore, by extension, the U.S. government will also be able to read those messages. Don't believe the crap that Microsoft is trying to sell you. This is not about you being able to control what happens to your content (as implied in the article by that bleeding heart story about the woman who sent embarassing material to her irresponsible boyfriend). No, this is about Microsoft controlling what you do on your computer with software that you own. It is also about the government being able to monitor your communication.

Suitable quote..

[Karamchand]

Trying to make bits uncopyable is like trying to make water not wet.
-- Bruce Schneier

Re:Suitable quote..

[squaretorus]

I can't wait to tell everyone I know that sending emails like "isnt the boss a dick" and " julie from accounts has nice tits" to each other is now 100% SAFE because of the new Outlook options to stop forwarding.

Hilarity ensues!

Re:not going to stop leaks

[blastedtokyo]

Actually they thought of that. Cut/paste/print screen are disabled. Of course you can take a digital camera to it or write your own screen capture app but the intent is to prevent casual forwarding.

Re:Only looking out for themselves with this

[Tim+C]

But I assume that employees will still be able to print emails

Why do you assume that? Why do you assume that the print function will be enabled for protected emails or other documents?

Now, I grant you that no technological scheme can completely prevent information from being leaked - it can't stop me taking it down with paper and pen, or photographing the screen, etc, but it can at least make it difficult to do. Also, while the photogrpah would be harder to refute, my hand-written scrawl copy of an email could easily be dismissed as a forgery...

I can see this being very useful for companies and even some individuals, but essentially, there is no technological way of protecting data from redistribution by its intended recipient. It's not going to be as easy as just hitting print, though.

Wrong

[tbone1]

The days when you could forward an embarrassing e-mail to your colleagues could be a thing of the past.

Uh, no. Nothing is foolproof because fools are just too damned clever.

Re:non MS mail clients

[guido1]

will be interesting to see how this works with non-MS email clients, esp on non-MS O/S's

As the article stated, "Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003."

However, since this is squarely targeted at corporate enviornments, I don't forsee this becoming a large problem.

Sure, it's bad for the end user information wants to be free blah blah blah, but companies want more control over where their information is going, and MS is providing it in this product. Don't want the FY04 budget leaked? Put a do-not-forward flag on it... Sure, you'll be able to screen-cap things, but casual copying will be prevented.

(We all know that protection can be circumvented by anyone with enough will... This is simply raising the bar for how much desire is necessary.)

That being said, I won't use it, but I'm sure there are corporations out there that will.

Simple question:

[jkrise]

Will it improve productivity in my office? Not my Office, but my real office?

Simple answer: No, it would reduce it.

Thanks for another useless product.

-

Yeah, and it'll stop paraphrasing too. Not.

[Schlemphfer]

Steve,

Great having beers with you last night.

I just got a memo that they'll be laying off 30 people in engineering, starting with Dan. The fucktards have disabled forwarding permissions for it, but drop by my desk on your way to lunch if you want to see.

Ron

Been There, Done That in Lotus Notes

[borkus]

Since at least version 4 (maybe version 3.0) of Lotus Notes, you could prevent copying, printing and forwarding of a message. Under the delivery options when you're composing a new message, there is an option "Prevent Copying".

With notes, you could still grab a screen shot by pressing "Print Scrn", since that's tied into the OS, not the app.

Some facts

[Some+Bitch]

Ok, this thread is full of people assuming MS are dumb. Monopolists they may be but dumb they're not.

1. IRM allows you to block forwarding of a message.

2. IRM allows you to block printing of a message.

3. Cut and paste is disabled for protected messages.

4. You cannot get round it by using a non-MS mail client, the client will simply not be able to open the email at all.

5. Screenshots are feasible but how many large corporations filter images in email sent externally? I know we do!

This is not going to be as trivial to work round as many are suggesting.

The real agenda?

[femto]

from the article:

>Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003.

Why would one need a special reader if email standards are adhered to? Presumably this is an attempt to hijack the email system by getting all Office users to send email in a format which is unreadable by non-Office users. The only way to read email from a windows user will be to get a copy of Office 2003.

Personally I will be replying to all such emails with a polite message that the message got garbled in transmision and could the sender please fix the problem in their system.

Re:The real agenda?

I can think of a few reasons why I would not permit this system in my business:

Hate mail: If a (criminal) employee sends another employee hate mail or simply inapropriate mail that (s)he can't print, forward or save the company will be sued (eventually) for creating a hostile work environment.

Legality: Self destructing communication is almost certainly illegal where it concerns the company's finances, policies, environmental records etc.

Security1: A false sense of security will encourage people to write e-mail that they would NEVER put in open communications.

Security2: Employees will be able to mail items such as source code, to trusted recipients while making it hard to detect the content of the messages or prove it later.

Security3: Rights management implies encryption or it is readily circumvented. Do you want your company's essential and confidential documents encrypted and managed by Microsoft software? What happens if the system administrator gets a bug up his/her but and encrypts the whole lot with a truly random key and quits? Trust the backdoor? Did anybody out there lose data on a Win2000 or XP encrypted folder because you forgot the key or re-installed the SW? What if the SW is faulty and corrupts the document database?

Security4: What about a virus or worm that exploits some 'feature' of the system and it kills your mail system or the patch makes it incompatible with earlier versions that inadvertently expires your entire document database?

Security5: If the message arrives encrypted I can not scan it for malicious attachements. The intended recipient opens it and executes the attachment. Back to square one with incoming viruses. I would like to bounce all encrypted incoming mail with a polite meassage asking that the mail be re-sent in a standard format.

Except for the encryption issue, all the points raised here have solutions but it makes my life more difficult. Also, the existing e-mail system is not broken so why fix it. Secure mail through PGP is possible, easy and dare I say it? Really secure.

There was a time when a company could not safely fire its DP manager or senior programmers. I see that state of affairs coming back to haunt us all.

Re:Yeah, and it'll stop paraphrasing too. Not.

[BenjyD]

Of course, it will if MS makes wearing a DRM Helmet part of the EULA.

Typical slimy behaviour

[swordgeek]

Look, can we put the DoJ onto this NOW, rather than after MS releases it? Clearly sending proprietary format email violates the MS anti-trust settlement, and if we get someone working on it now, we won't have to deal with this piece of shite.

There is nothing here--NOTHING--that can't be done with existing protocols. PGP anyone (or GPG if you prefer)? I seem to recall that it had a 'read-don't-save' flag that you could set.

Furthermore, this won't help anyways. Hasn't anyone heard of screencaptures?

This new "feature" has no purpose other than to lock people into MS Office even further. It's a political trojan horse.

Re:not going to stop leaks

[actiondan]

casual forwarding is not a problem, its malicious forwarding it needs to hinder

When I worked in corporateworld, casually forwarded emails made up about 50% of my total email workload - I must have wasted about an hour a day on that crap. Sure it's a problem!

Of course, it doesn't look like this new MS stuff is going to solve that problem, as most people aren't going to bother to specify the 'no forward' option. In fact, I think that there isn't really a technological solution - it's a cultural issue.