Document Encryption & DRM

Document DRM: Replacing Encryption as the Standard for Document Protection.

Encryption is used to protect files but does not control the distribution of information – once a user can decrypt a file they can do what they like with it.  DRM is better able to protect content from copying & redistribution.

Encryption is the tool we have used historically to protect information from getting into the wrong hands.  But changes in the use of information are forcing us to look at more sophisticated methods of controlling the distribution of information – Document Rights Management (DRM) in an age when copying and distributing vast amounts of information is a trivial exercise.

For many centuries encryption has been the tool of choice for protecting sensitive and confidential information – secrets.  The ancient Egyptians used encryption to protect military information as well as trade messages.  And the information was protected when being transferred or being at rest.

The limitations of encryption for information protection

Today the commonest use of encryption is the ubiquitous Secure Sockets Layer (SSL) used to protect information being transferred over the Internet.

And very successful it is, except that it only protects the information whilst it is travelling and not when it is at rest on a computer or server.

But the needs of government and industry have also changed, making new demands and requirements.  Encryption protected information from being disclosed to the unauthorised, and prevented forgery, but it did not stop the recipient from doing exactly what they wanted once they had decrypted the file.  Control of Intellectual Property (IP), distribution of trade secrets, transmission of personal data, managing technical know-how such as engineering design are just a few examples of information residing in documents that has to be protected.  And that can also include proof of validity and prevention of falsification.

These are not addressed by pure cryptography because it does not address questions about the identity of the user or what they are permitted to do with the content of the document.  These require additional controls that can circumscribe the ability of the authorised user to ignore desired controls and process the content in any way that suits them.

Document protection beyond encryption

It is not unreasonable to take the view that internal distribution of corporate information is subject to mistakes (people get the wrong mail, are on the wrong distribution list, think that others should be aware of some document content, think it would be interesting to compare with outside opinions, and so on) without worrying about deliberate attempts to steal information or pass it on to competitors or the press, which could be far more serious.  As we noted, document encryption on its own is poorly equipped to solve these issues because it was not designed to protect the content from further usage but rather the file containing the document(s).

The document DRM controls that are emerging as ‘standards’ required for modern document protection include restricting access by location, by date or time, by device rather than relying on user credentials, as well as preventing making non-DRM protected copies of protected documents.

Document DRM also addresses copying by other means with active controls to prevent unauthorized use of content:

• stopping sharing by locking document use to only authorized devices
• stopping Print Screen or screen grabbing
• stopping editing
• stopping copy and paste
• stopping printing
• ability to add dynamic watermarks that disclose the source of unauthorised activity

Microsoft have pointed out that pure encryption cannot enforce controls on its own.  If you choose to allow document reading on screen you expose a document to being photographed, and if you allow printing you cannot prevent photocopying.  But you can take steps to make these unattractive to the authorised user by adding watermarking.

Document DRM application integration

Generally adding these DRM controls requires proprietary architectures, because in the past the urgency to develop product and get to market has been more important than including specialist features that do not translate immediately into more product sales or higher performance.

Also, Document DRM applications must be resistant to tampering as a result of using system level debugging tools or not leaving uncontrolled temporary working files scattered around if the application does not close in an orderly manner, and not permitting caching in the system paging file.  These again are rarely the subject of interest in applications product development where application performance and speed of operation are essentials that must be achieved first.

It may seem strange, but it is almost impossible to reverse engineer security functionality into applications, because they simply were not designed to operate in a secure manner and using functions that are often portrayed (or considered) as detrimental to functionality and ease of operation.  Security is perceived to be a restriction on the system user to be able to do what they wish.

This can contribute some operational difficulties where management policy and standards (which will always include implementing systems that confirm to privacy regulations) insist on controls that limit access and authority over the document content.

Document DRM Security replacing encryption for document protection

Document DRM has been evolving steadily for a number of years now and products like Safeguard Enterprise incorporate the higher-level protection features, as well as including user licensing controls, document licensing controls and usage monitoring to complete the overall architecture.  Other security functions include methods of device authentication and automated cryptographic key management to avoid users having to grapple with highly technical complexities.

Document DRM functionalities have certainly replaced pure encryption as the standard for document protection.  However, they are still a long way from being a fully specified API with reliable hooks into wide ranges of applications.  Also, they have some way to go to trying to address the latest thinking in collaboration documents, where multiple authorised recipients are able to interact with a single document and Document DRM protection is applied on-the-fly.  In particular much investigation remains to be done addressing the requirement for ‘transitive trust’ where rights to change the Document DRM may be given by authorised users.  The current Document Digital Rights Management controls and functions are well established and the implementations reliable where they do not rely on integration into third party applications.