Print
Discuss
Send to friend
RSS feedsIt would probably be kind to explain what information rights management (IRM) is all about, before asking 'who wants it', and the easy explanation will almost certainly be misleading.
Briefly, information rights involve files and who is allowed to read them. An easy example is email, and Microsoft in particular.
You could, if you had an IRM system, mark an email for distribution only to people inside the company you work for.
Then, if you sent it to a friend who was in the habit of doing a 'Reply to all' and his 'all' included a half dozen partners, customers or suppliers, then they simply wouldn't get it.
Or, if he tried to forward it to someone outside the company, he'd find the Forward button in Outlook disabled.
How it works is simple. The file is encrypted, and a licence to open it is sent to the authorised recipients.
And if you are reading a document that you are entitled to read but not to forward, you can't even do a Print Screen and capture an image of it.
Then it stops being simple. You have to have Microsoft Office 2003 - formerly Office 11 - and Windows Server 2003 to manage the certificates. Except there aren't any certificates, says Microsoft, and the authorisation system involves a link to Redmond which authenticates users.
What does it cost? As we went to press nobody in Redmond could say; guesses ranged from "it will probably be free of charge" to "a fee of around $30 per month per user or maybe per year" to "we'll design a hardware authentication server which you can buy and install on your local area network".
Who can use it? It may be better to ask who can't use it, which is anybody who doesn't use Windows 2003 Server and Office 2003.
That includes older versions of Windows, such as 98 and 2000, as well as new versions like Pocket PC 2002 and Phone edition. Oh, and you have to be connected to the internet to get validated.
So if you are having your email sent to your PDA, you can't read it if it's managed this way. You have to have a PC, be connected to the internet and, of course, Microsoft's authentication server has to be working.
The software was demonstrated to a group of international IT industry watchers, including yours truly, in San Francisco last month just before Office 2003 beta 2 was officially published. One consultant looked at it and asked: "Who would actually want this?"
We all came to the conclusion that the only company that really needs this system is Microsoft.
"Microsoft leaks information," observed the consultant. "Seattle is full of ex-Microsoft workers who have set up their own businesses, and have really good friends inside Redmond, and they keep them in touch.
"And analysts talk to these people and get information ahead of time. It's an industry. Microsoft really needs something to stop it leaking."
Frankly, nobody else does. If they do, there are better ways of controlling who gets to see documents than keeping track of email addresses.
In particular, most other people use operating software that isn't pure Windows Latest Edition, and will find that there is no way of sending protected documents to many of their customers, or even employees.
You won't even be able to synchronise a protected email with your PDA, or open a protected document on a notebook if you are out of internet range.
Does it really work? Hard to see how it can. For example, the Print Screen button may be disabled, but there are dozens of screen capture programs that aren't affected.
And nothing in this system will stop the leaking executive from picking up the phone, calling his external contact and reading the data to them from the screen.
My own opinion is that this is an embarrassing mistake by Microsoft. The company does have a large open wound labelled 'security' because, for some years, it has produced software that isn't secure, or can only be made secure by jumping through complex hoops.
It has been a big stick with which consultants have beaten the company but, increasingly, it is responding correctly.
Software these days comes with the security options switched on, and you have to deliberately disable it if you want 'usable' rather than 'locked' status. And generally, the message has been received in Redmond: think secure first.
Security is desirable, yes, but this approach isn't secure. It has cost money to produce, and Microsoft is looking to sell it to get some of that money back.
Worse, it is probably hoping that it will encourage people to buy the latest version of Windows, and stop using rival products.
It looks like the same old Trojan horse we used to have with new versions of Word, but an incompetent one since it doesn't allow you to use smartphones or pocket PCs. But what will it look like to rivals?
If I were Redmond's legal advisers and I saw something like this in the middle of my legal battle with the European Commission on unfair competition, I would tear my hair out.
del.icio.us
Digg this
reddit!
