Slashdot Mirror
How Do You Monitor Documents?
JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."
".. And in your case (industrial espionage), there are better people working on it than a few hackers that try cracking Blue-Ray in their spare time.."
Alas...A good story, but I suspect there are very few industrial spies that are better at cracking DRM than the Blue-Ray hackers. Indeed, if there were any, DRM would be much harder to break.
And (and I speak from experience here), government has even less capabilityof clever cracking. It can throw a lot of money at a prpblem, but these problems are never solved in this way. They are solved the way Turing broke Enigma - get a brilliant eccentric years ahead of his time, put him in a relaxed setting, and wait...
DRM is broken by design.
Document DRM is even simpler to circumvent. Tiny cellphone/digital cameras. Screenshot much? Notepads? A really good memory is anti-ddrm. The best you can do is log access, but once it is accessed, there is no control over specifications. YMWNV.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
You have completely missed the point of Ask Slashdot. It's just not about doing a 5 minute search and randomly choosing one. The reason people ask this group questions like this is because they want more detailed information from people who have hopefully had hands on experience doing these things. What worked? What didn't? Why did it, or did not work? How was implemented? You may not be able to find that kind of information easily even if you know what to search for. And once you have that information, there are other people to give their insights on what that persons stories. It has the potential to be one big chain of helpfulness.
Sure, it's a cheap and lazy way of getting someone else to do some of your work for you, but it's not generally a bad thing. I know if I was completely clueless about some tech related problem, I'd probably ask here. Wouldn't you?
That is the simple answer.
If you want to give something to someone, you can't control what they do with it. That is like saying "I want to give this hammer to a friend, but I want to prevent them from loaning it to someone else, or using it to smash computers with."
If you don't trust the person that you give something, then the chain of trust is broken. Everything we do is based on trust. I trust if I give you an emergency key to my house that you won't rob me. I trust that when I accept cash from you to pay for a service that it isn't counterfeit. I trust when you sign a contract with me, you will live up to your duties in the contract. I trust when you babysit my children you won't rape them. You pretty much asked for exactly what the whole point (and failure) of DRM is all about- trying to FORCE *everyone* to trust and comply with your wishes. You can't. Welcome to humanity.
No, you can't. If you want people to be able to read it, they can copy it. You can make it more cumbersome but nothing can prevent screenshots. You can waste a lot of time and money, but the best you will achieve is being able to say "we tried". Because you cannot succeed. You can't distribute a document and at the same time expect it to remain secret.
This ask slashdot seems a little suspicious to me, it does seem to exactly match the feature set of a suite of microsoft products.
Anyone worth thair salt as a system administrator that works with microsoft tools should know the features of microsoft office and the add on server components to get the DRM system working in an enterprise.
It sounds suprisingly close to what you would find in a microsoft pamphlet.
First, though, if you don't have a document handling and marking policy for PAPER documents, you're unlikely to succeed implementing one for electronic documents. In other words, if you don't presently mark printed documents with restrictive handling requirements ('secret', 'confidential', 'proprietary', 'atty-client privileged'), it won't do you any good to try to control their electronic versions.
Second, Windows has never been designed to try to enforce more than discretionary controls. What does that mean? It means that EVERYONE who touches the machine or its data is presumed to be cleared to see whatever is on the machine. They may not have the need to know what's there (that's what DAC does), but they're cleared to see it - so they're TRUSTED to handle it correctly.
If that doesn't describe your environment, you should reconsider whether a single-level system, like Windows, is suitable for storing, printing and using your documents in your environment.
have a look at microsoft sharepoint, they have document checkout so you can see exactly who did what with the document http://www.microsoft.com/Sharepoint/default.mspx
I don't think you can find a good solution just by technical means alone. Having run into this problem as a company attorney, I can say that the best defense is to define and enforce a strong document management policy. Technical solutions without a defined policy will only make you a pariah. Also, you should check to see how the specs came to light in the document at issue. I recall one episode where one of our business development personnel sent a draft contract (in Word format) to a potential customer having used an earlier contract with another customer as a template. The BD person deleted the details from the earlier contract and inserted new (less favorable) terms. The other party turned on the redline mode to see the deletions and insertions and demanded the same terms as the earlier party. Everyone involved at our end was pretty embarrassed. The solution was to require than all drafts of all legal and business documents be sent in PDF or a "scrubbed" version of the Word document using a product from Workshare.
What's to prevent someone from removing the watermark on a copy and then sending it off? I thought the idea of watermarking was to make it automatic and invisible to the ordinary user.
Scary thought to rely on Microsoft to solve this problem. I see quite a few other Microsoft pointers in the comments.
The problem seems to be what *people* do with the documents, not what the software does. Think sales person handing out brochures plus other informational material, sending emails with attachments etc.
The solution to this *people* problem is simply : policies + training.
Stephan
http://stephan.sugarmotor.org
The problem is: How can you prevent users with job responsibilities that require them to have access to the data for client A from sharing that (directly or indirectly) with client B. There really isn't a good way to do this, since in the worst case, the user can manually copy the material onto paper or take a picture with their cellphone.
Your best approach is a group of mitigation procedures that make it difficult for information to be intercepted between you and client A, and at least provide audit trail capability for users accessing confidential information.
The bad news is that you probably have no way to win client A's trust back. They've already made the accusation, and since you didn't have any pre-existing mechanism in place to monitor and prevent, you can't investigate their claims effectively. Also, if it turns out that employees of your company shared this information as a short-cut for supporting client B, you're really screwed in terms of legal responsibility and employee ethics. You'd have to fire both the source and the recipient in the data share, just for starters.
For the future: keep confidential documents in an encrypted content-management repository with user access and rights controls that can support segregation of groups, projects and so on. Have all your clients encrypt their data with your company's public key so that there is no MITM risk for items they are sending to you over the net (or Fedex for that matter). Institute a training program that emphasizes the segregation of projects for different clients (especially competitors) unless you are developing a project that is explicitly designed and marketed as a shared or commercial offering. And institute a security policy for your employees and contractors that identifies penalties including termination of employment, civil and criminal liability if data confidentiality policies are violated. You should probably also have a project "non-compete" clause where one person cannot work on projects for competing customers within 6 months of each other (or whatever timeframe is reasonable).
You may also want to look at the physical security of your facilities. If your people are leaving confidential documents in unlocked cabinets or leaving their PCs logged in, anyone with access to the office area (visitors, delivery people, cleaning service) could have taken the information.
We are the 198 proof..
yes, but once its open, it's open. and people are highly likely to open the archive, and keep the document unencrypted on their laptops.
here some form of document DRM could be a quite workable solution. I've been using Microsoft RMS as work as part of a pilot and while it has a few gotcha's, and while it does sometimes seem that MS just don't "get" how people use their software, it does seem to work.
the documents are encrypted within office apps (word, excel, outlook and powerpoint) and it has to authenticate itself to the RMS servers to get the keys.
dave
The solution to this *people* problem is simply : policies + training.
I don't completely disagree with you, but I'd extend it to say "Policies + training + audit".
the microsoft solution, amongst others, provides a way to do this audit. it's not perfect, there are ways around the protection, but those ways rely on the person actively trying to get around the system. they know they are doing something wrong. these document DRM systems provide a framework so that the users can easily see what what they are supposed to be able to do and it prevents them from doing what they're not supposed to be able to do.
it also logs all document requests which can be viewed later. in the OP's case, he stated that requests to open a document from overseas might be suspicious. he can audit the logs from a DRM server to see where requests to get keys come from.
dave
Furthermore, I'd argue that what makes locks effective is not the difficulty in opening them per se; most locks are actually not difficult to open. Heck in many cases all you need to do is break a window which could hardly be called difficult.
Also after breaking a window, one burglar has finally enough access only for himself, and he - alone - will be able to rob the house.
After breaking the DRM and managing to make 1 single unlicensed copy, thanks to the power of the internet suddenly everyone else in the world is instantly able to have access to this broken copy.
It is as if the same window broke on all houses of the same street and all the world's burglars where auto-magically teleported inside these houses to rob them at the same time.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]