Companies must use caution when implementing digital rights management systems.
Digital rights management and copyright protection systems have been getting a lot of press lately, but usually more for what they promise than for what they actually do. DRM is a technology that has yet to prove its worth, either in the area of intellectual property protection—its traditional domain—or in the corporate arena, where vendors are hoping to make inroads.
There are plenty of examples of unsuccessful DRM measures, from DVD protections that can be defeated with a pen to the notorious restrictions that keep CDs from playing in car stereos. Part of the problem is the Catch-22 of DRM technology itself: Companies want DRM even if having it means no one will want to use their service or buy their content.
DRM technologies are often loved by content creators, who are happy to protect their content, and hated by end users, who dont want their fair-use rights abridged.
Most of the time, the users win in this fight. Just ask any software vendor that had to pull back on effective but annoying anti-piracy initiatives after its user base revolted over the additional hassles and problems caused by the protections.
That might change soon: Many of the new, post-Enron corporate governance initiatives, policies and laws, such as the Sarbanes-Oxley Act, may make DRM systems necessary for many businesses that previously hadnt considered deploying them. These laws and policies often specify that access to corporate documents and content be controlled and tracked, something that DRM systems can do very well.
Even if a company isnt using DRM to comply with corporate governance laws, there are still many reasons why some companies will want to control access to sensitive documents and content, both within and outside their company. Being able to ensure that only the right people see certain content, as well as to make it difficult for this content to be forwarded outside the trusted group, can be vital to the interest of many companies.
However, companies also need to make sure they restrict DRM to where it is necessary. Once a DRM system crosses over into annoyance, the desire to defeat it increases—and pretty much every DRM system can be defeated.
Another hurdle to corporate use of DRM technology is finding the right kind of system for the job. DRM technology, whether effective or not, is very mature and has been in use for some time safeguarding digital and entertainment media. On the other hand, the market for DRM systems in standard corporate environments is still very much in its infancy.
This is especially true for companies that prefer to go with a solution from a major software vendor. Although there are DRM products available from smaller vendors such as Authentica Inc. (see review
), solutions from vendors such as IBM and Microsoft Corp. are just coming to market now or are still in development.
Microsofts forthcoming Rights Management Services for Windows Server 2003, expected this fall, could make it possible for companies to apply strong DRM restrictions to standard content created in Microsoft Office. Because the system will work in conjunction with Office and the server, it will be possible to apply protections to the content within Office, then manage the permissions through access to the server.
One potentially very large drawback to this solution is that it will work only with the Microsoft 2003 series, meaning companies not using Office 2003, Outlook 2003 or Windows Server 2003 will not be able to take advantage of these protections. If the content can be viewed in a browser, however, it can be accessed using a plug-in for Internet Explorer.
Solutions from document creation vendors are another possible source of DRM protection for companies. For example, Adobe Systems Inc. provides some fairly detailed, capable rights management capabilities within Acrobat.
Using these features, companies can embed rights within the documents, ensuring that protections accompany the documents wherever they go. Embedded DRM has the advantage of being portable and letting approved users access documents anywhere and at any time.
Still, companies must understand that no matter what their choice, DRM is not a cure-all. In eWEEK Labs experience, any DRM restrictions can be easily defeated through the use of remote control, digital cameras, or even pen and paper.
Keep this in mind when deploying DRM because if the restrictions become too annoying, even a normally honest user might tap one of these methods to get around the hassles of DRM. And once this happens, your whole investment in DRM goes out the window.
Discuss this in the eWEEK forum.
Technical Director Jim Rapoza can be reached at jim_rapoza @ziffdavis.com.