Slashdot Mirror
How Do You Monitor Documents?
JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."
See topic - MS do something which seems to be essentially *exactly* what you want, and since you are using MS Office, I would suggest giving it a try.
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
The best solution to your problem probably would be using Microsoft's AD RMS.
http://technet.microsoft.com/en-us/library/cc753531.aspx
AD RMS provides you with the ability to control licensing, opening, printing, etc. of documents. This will provide you with the audit trail you migh tneed.
Of course, you can still photograph every screen while scrolling through the pages, so it's essentially worthless in practice, but it might satisfy your customers demands for proper paperworks.
Yep, implementing AD RMS will be a heck a lot of work, and you'll surely need to adjust your internal processes in order to incorporate AD RMS.
What you're planning on doing is DRM: Which is, as all Slashdot readers know, impossible with a properly determined person. And in your case (industrial espionage), there are better people working on it than a few hackers that try cracking Blue-Ray in their spare time.
You don't say what operating system you are running on the clients (I'm assuming windows of some variety), what network os you are using, or where the files are stored.
However, you want to turn on file access monitoring. It's pretty simple if you have one file server and all the files are there because you only have to turn it on once. Here's a good start:
http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch03n.mspx
If you are running linux, http://www.rootprompt.org/article.php3?article=10751 was the second article in a google search.
Depending on the number of users and files, your logs can fill up quite quickly. You may also want something like SNARE http://www.intersectalliance.com/projects/index.html to monitor workstations. They may be doing some server work this morning; I'm getting a time out on the web page.
The bigger question though is if your clients think you are cheating them, why will they believe your logs?
You may also want to get some books on windows and linux security monitoring.
I keep my sensitive documents in a locked cabinet. Never had an issue with a document opening itself in a foreign country.
Nobox: Only simple products.
The watermark doesn't even have to be high tech, it can just be a guid inserted at some point in the document, with a company policy that says when you can remove it (never?), when you should change it (when it crosses a boundary, like a departmental boundary) and how records should be kept (e.g. a central database of which event caused the creation of a new guid).
DRM is broken by design.
Document DRM is even simpler to circumvent. Tiny cellphone/digital cameras. Screenshot much? Notepads? A really good memory is anti-ddrm. The best you can do is log access, but once it is accessed, there is no control over specifications. YMWNV.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
You have completely missed the point of Ask Slashdot. It's just not about doing a 5 minute search and randomly choosing one. The reason people ask this group questions like this is because they want more detailed information from people who have hopefully had hands on experience doing these things. What worked? What didn't? Why did it, or did not work? How was implemented? You may not be able to find that kind of information easily even if you know what to search for. And once you have that information, there are other people to give their insights on what that persons stories. It has the potential to be one big chain of helpfulness.
Sure, it's a cheap and lazy way of getting someone else to do some of your work for you, but it's not generally a bad thing. I know if I was completely clueless about some tech related problem, I'd probably ask here. Wouldn't you?
That is the simple answer.
If you want to give something to someone, you can't control what they do with it. That is like saying "I want to give this hammer to a friend, but I want to prevent them from loaning it to someone else, or using it to smash computers with."
If you don't trust the person that you give something, then the chain of trust is broken. Everything we do is based on trust. I trust if I give you an emergency key to my house that you won't rob me. I trust that when I accept cash from you to pay for a service that it isn't counterfeit. I trust when you sign a contract with me, you will live up to your duties in the contract. I trust when you babysit my children you won't rape them. You pretty much asked for exactly what the whole point (and failure) of DRM is all about- trying to FORCE *everyone* to trust and comply with your wishes. You can't. Welcome to humanity.
No, you can't. If you want people to be able to read it, they can copy it. You can make it more cumbersome but nothing can prevent screenshots. You can waste a lot of time and money, but the best you will achieve is being able to say "we tried". Because you cannot succeed. You can't distribute a document and at the same time expect it to remain secret.
"how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended?"
"if one of our documents were opened in a foreign country, that would arouse suspicions."
"Logging access" is exactly what he's trying to do. The idea here would be at least knowing, and if you've only given a document to one external entity, you know you have a leak somewhere within that entity or your own organization. Simple managed watermarking can help to discover which.
And DRM in general may be broken, but it's not that black and white: DRM does prevent some casual theft of content, because it's a hassle...that's all anyone with a brain -- and who has paid attention to anything in digital media for the last decade and still employs DRM -- expects anymore.
Those who which to pirate content will ALWAYS be able to do so, regardless of any protections put in place. Perhaps someday those who favor DRM will realize that the losses from hassle to honest customers or prospective customers outweighs anything "gained" from having DRM in place.
But back to the issue at hand, which is a different one: an organization wants to track -- and potentially prevent, under some circumstances -- access to original documents representing proprietary data. A "DRM" model (like that employed by Microsoft Rights Management Server) can help to accomplish this. Of course, once someone discovers it's in place, then any number of untrackable circumvention options, such as those you mentioned, can easily be employed. So, the best option for this case is passive tracking/logging.
This ask slashdot seems a little suspicious to me, it does seem to exactly match the feature set of a suite of microsoft products.
Anyone worth thair salt as a system administrator that works with microsoft tools should know the features of microsoft office and the add on server components to get the DRM system working in an enterprise.
It sounds suprisingly close to what you would find in a microsoft pamphlet.
OK, you've gone for a tech solution to a problem before really asking what the problem here is. So what's the real problem? Legal libility, of course. Your customer X is accusing you of sharing data with their competition Y.
Create an job to track sensitive documents. If you only have a few, then it would be additional duties for someone. If you have a lot, it's a new position. This job is to track who has legitimate access to sensitive documents. When customer X starts throwing allogations you've shared data with customer Y, everyone that has legitimate access to the data is required to sign an affidavit that they did not share the data with people not autorized to have the info. Now customer X has to PROVE that one of your employee's did indeed do so, and that their affidavit is a lie. MUCH harder to prove and a lot cheaper for your company to defend against.
Of course, that won't stop customer X from THINKING you did, and that may cost you that customer, but absent using a full up sensitive document control system like the government does, there's no real inexpensive solution I've found. I'd be interested to see if /. comes up with one though.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
RMS wouldn't be very cooperative. You'd have to try and convince him to drop his aversion of proprietary software.
First, though, if you don't have a document handling and marking policy for PAPER documents, you're unlikely to succeed implementing one for electronic documents. In other words, if you don't presently mark printed documents with restrictive handling requirements ('secret', 'confidential', 'proprietary', 'atty-client privileged'), it won't do you any good to try to control their electronic versions.
Second, Windows has never been designed to try to enforce more than discretionary controls. What does that mean? It means that EVERYONE who touches the machine or its data is presumed to be cleared to see whatever is on the machine. They may not have the need to know what's there (that's what DAC does), but they're cleared to see it - so they're TRUSTED to handle it correctly.
If that doesn't describe your environment, you should reconsider whether a single-level system, like Windows, is suitable for storing, printing and using your documents in your environment.
have a look at microsoft sharepoint, they have document checkout so you can see exactly who did what with the document http://www.microsoft.com/Sharepoint/default.mspx
I don't think you can find a good solution just by technical means alone. Having run into this problem as a company attorney, I can say that the best defense is to define and enforce a strong document management policy. Technical solutions without a defined policy will only make you a pariah. Also, you should check to see how the specs came to light in the document at issue. I recall one episode where one of our business development personnel sent a draft contract (in Word format) to a potential customer having used an earlier contract with another customer as a template. The BD person deleted the details from the earlier contract and inserted new (less favorable) terms. The other party turned on the redline mode to see the deletions and insertions and demanded the same terms as the earlier party. Everyone involved at our end was pretty embarrassed. The solution was to require than all drafts of all legal and business documents be sent in PDF or a "scrubbed" version of the Word document using a product from Workshare.
Comment removed based on user account deletion
EMC IRM (Formerly Authentica (yes, there is a typo in the summary))
Oracle IRM (Formerly SealedMedia)
Liquid Machines
Adobe LifeCycle Rights Management
Hummingbird rocks, in my experience. It involves a fundamental shift in the way people create and access documents, since it doesn't work with network shares. It also means that you have to enter the meta-data associated with the files every time. However, it does have very strong permissions, access controls, and versioning support, and would likely solve your problem, since you can prevent those who don't need access to a document or project from access, or even viewing that the document exists. On the down side, it's fairly expensive. (In our organization, implementation was at least 5-figures, and probably 6) and it requires a lot of support and baby-sitting (1/2 to 1 FTE, with an organization of about 500).
OK...
I can do this. I am, after all,
a superhero!
Copy/paste is disabled? The ability to take local screen caps? The ability to make notes with a pen and paper?
For documents that really, truely need to be tracked, you use a canary trap. That is, each copy is slightly and uniquely different. Each copy is receipted by a specific person. If you find a copy in the wild, you can find a key phrase and track down who leaked it.
Vintage computer games and RPG books available. Email me if you're interested.
DRM is snake oil
DRM is snake oil in the way it's used to protect media from copy.
Because at the same time DRM is supposed to enable one to show the content (and thus give the key to the individual holding a copy) and exactly at the same time its supposed to stop unlicensed copies (thus preventing the exact same person using the exact same keys to copy the exact same media in a different way).
It's snake oil, because in the classical cryptographic triangle - A(lice) sending a crypted message to B(ob) without C(harles) snooping it - DRM makes B and C the exact same person.
Hence the contradiction, and hence DRM is doomed to eternally fail to protect media, no matter how contrived means are applied to it.
Here the reader ask a completely different question :
he wants A to be in the headquater, B to be an employee in Omaha, and C is some person doing industrial spying in Russia or China.
Some people are supposed to have the cryptographic keys to the documents, other people aren't supposed to have the keys.
In that circumstance, cryptography might help...
(Well, that's assuming that the thieve is an external person. Of course if that was an inside job, we're back at a situation that movies are in. But then the company has a much bigger problem of trust toward its employee to tackle first).
MS claims to do something which seems to be essentially *exactly* what you want
Well, the real problem is at the beginning of the sentence :
MS do something which seems to be essentially *exactly* what you want
Given their long history in term of computer security, you can count on MS to completely botch their solution...
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Let's say that up until now you haven't had the ability to monitor documents to the extent specified. You can't prove whether or not the leak occurred from within your domain. Neither can they: they don't have the ability either, or you'd know. So, neither can they can't disprove your (forthcoming) assertion that the leak came from within their domain, and you can't support it. But as we can see commonly happen, accusations carry more weight than mere questions, rightly or wrongly. Accusing them will wake them up and put you on even footing. From then on you can develop a mutually acceptable and workable security system.
It'll have to be rigorous, as in enlisting the OS to assist. Otherwise one could simply copy the file and open it outside a secured domain. And that too will take oversight, by one such as a security admin who'll be able to track the file's circulation including any instances of it being copied. Note that opening for editing constitutes an explicit copy until (at least) the changes are saved, which would show up, and copying the data from memory to a swap file would constitute an implicit copy that wouldn't normally get reported. It could, however, be used to grab a copy (of a copy) of the file just as we used to use a browser's cache for grabbing copies of streamed media that weren't otherwise easily snagged.
Of course you could use the information above to show they can't support their assertion and so you could sue them for defamation. Better, you could give them the choice of that or joining you in investigating the security problems and solutions, and possibly investigating the competitor for espionage. Once again, accusations can carry a lot of weight. But then the competitor might be willing to join the investigation in order to be able to track their own as well as (as could everyone) prove that any infringements didn't come from their domain. The best security comes when all are watchers and all watch each other in the open.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
As a retired Navy officer, I have a little familiarity with the subject of "security". Does the name "Walker family" ring any bells? The Walkers were three security-cleared, top-secret-crypto-certified Soviet spies. For YEARS, they gave communications crypto codes to the Soviets, which allowed the Russians to read U.S. ciphers. Against dedicated spying like this, there is NO WAY to GUARANTEE the security of your documents. Microfilm cameras have evolved into cell phone cameras, and high resolution digital copiers have made things harder to control, but if an trusted-but-untrustworthy person has access to a document, he has an excellent chance of being able to transmit the secret information to another party. At best, you can hope to detect when he has done so. Because no matter what the vetting process, spies DO get through.
The simple solution is to use google docs and tie your documents to google analytics.
Furthermore, I'd argue that what makes locks effective is not the difficulty in opening them per se; most locks are actually not difficult to open. Heck in many cases all you need to do is break a window which could hardly be called difficult.
Also after breaking a window, one burglar has finally enough access only for himself, and he - alone - will be able to rob the house.
After breaking the DRM and managing to make 1 single unlicensed copy, thanks to the power of the internet suddenly everyone else in the world is instantly able to have access to this broken copy.
It is as if the same window broke on all houses of the same street and all the world's burglars where auto-magically teleported inside these houses to rob them at the same time.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]