For some time now Microsoft has been pushing its SD3+C initiative and we have seen some satisfaying and some less satisfaying results coming from these efforts (check out What does Microsoft’s SD3+C campaign really stand for?).
Vista is the first operating system to begin to use the features of the Trusted Computing Module, though for now, Microsoft is eschewing the use of “Remote Attestation” where software is verified over a network. For how long nobody knows.
_What does this offer for legal compliance?
Risk-averse enterprises probably love the idea of revocable documents. HIPPA compliance, for instance, is made infinitely simpler if any health record that leaks out of the hospital can simply have its “read privileges” revoked.
Unfortunately, this will not make patients’ data more secure. One could argue that DRM ir IRM will help in revoking people’s access to certain medical information if it was leaked. In turn, this might go some way towards satisfying picky compliance officers. Hence, we can expect to see mail-server advertising that implies that unless you buy some fancy product that auto-converts plain Office documents to “revocable” ones, the firm could be negigent.
In part this is caused by the fact that no executive responsible for risk management or legal compliance will ever opt for “less security.” Unfortunately, it will also mean that less security savvy PC users will pull the “security” slider in Office all the way over the right. In turn, the attractive feature is basically turned off, making it useless.
The Trusted Computing Module has sat silently on the motherboard of most PCs sold the last four years or so. Adding Vista and IRM to it is takes it from plan to installation. As a result, turning on remote attestation in a year or two, once everyone is on next-generation Office, will mean the feature is switched on.
_What is the difference between encrypting a document and having Information Rights Management a la Microsoft?_
Cryptography is similar to an automatic teller machine (ATM) that releases the money to you (decrypts the doc) after you have authenticated yourself with the card as well as the PIN number (public and private key). IRM is like a nefarious big brother that was hired by the bank to follow you around after you got the money from the ATM, making sure that you spend it ‘appropriately’ or what the ‘big brother’ considers to be just.
In turn, Microsoft does not just control who opens the document but it also controls what they can do afterwards:
It seems as if in the U.S. and some European countries, the deck is stacked against open file formats in part because of the copyright legislation. Hence, to make your life easier any effort that increases the use of the Open Document Format will help to avoid Microsoft from gaining even more power over users than it has already and, as importantly, avoids us being controled of how we use and what we do with a Word file thereafter:
If the Open Source Software spreads and government organizations continue to insist on the use of the Open Document Format, consumers and citizens will be greatful a couple of years down the line. Otherwise Microsoft will tell us what we can and what we cannot do with documents that we have created using a licensed version of Microsoft Office.
Check out this story:
Bill Gates, DRM, express upgrade to windows vista, France, HIPPA, Information Rights Management, IRM, ISO, ISO standard, Microsoft Office, Open Document Format, Open Source Software, policy, privacy, regulation, SD3+C, standards, technology, trend, Truted Computing Module, upgrade planning windows vista, vista capable, vista premium ready, windows anytime upgrade, Windows Vista