Using DRM to expire documents.
At the risk of stating the obvious, not all PDF documents are supposed to last forever.
It would be nice if books, fiction or non-fiction, had that ability. But many historic works have been lost for all time because the library they were in was burned down (this problem still goes on today).
Electronic or digital copies (PDF documents) have the possibility of surviving longer, perhaps because they may be stored far more widely than printed books can be, and perhaps because through the use of backup and recovery more effort is put into ensuring that copies survive and continue to be available perhaps to the horror of the creators.
The greater part of PDF documents created today are not intended to last forever. In fact the owners and distributors sincerely want them to be able to self-destruct in different ways and at different times, according to the circumstances.
Reasons for content owners wanting expiry to happen include:
- Document gets into unauthorized hands;
- Has a fixed life before the content goes out of date;
- Is for evaluation prior to acceptance/purchase;
- Gives limited rights, such as only 1 printed copy;
- Is being used in the wrong location;
- Be expired until formally released.
Document gets into unauthorized hands
One of the commonest industrial requirements is for a PDF document to self-destruct if it is being accessed from an unlicensed location. Sometimes it is proposed that if a protected PDF document finds itself in an unlicensed environment it should permanently delete itself, or it should do so when a licensing server finds it is not licensed and sends a trigger to delete. This whole idea is crazy at best. It is easy to guess the reaction of IT managers or ordinary users who find documents that go round deleting files, and it will not be pleasant. Apart from the problems caused just because the user gets the document before the license or credentials, and now has to start over. The whole thing is unnecessary because they should not be able to access an unlicensed document – period. And that should just use licensing control and nothing else. So just preventing anyone who does not have authorization from using a document is the same as causing the document to expire.
Has a fixed life
Internal documents may have a fixed life, after which they must be withdrawn. It may be because they are only valid until a given date (length of a project, end of a calendar year or a tax year or an academic year, expected product life). This requires a facility to fix a default end date for the PDF document, but also to be able to override that date if necessary (things often change).
Another reason for choosing a fixed life is to allow the owner the option to change their intentions at a later date – granting unlimited access cannot be revoked. Maybe an internal document should be replaced, but the update has been delayed and it is necessary to extend the use of the current document without losing control of the situation.
On the other hand it may be necessary to replace a document that contains errors or is incomplete, so it has to be possible to stop access to the current document to force users to update their version of the document.
So ‘fixed’ dates can be used to either shorten or lengthen the use of a document that has been issued without having to re-issue them.
Finally, using fixed dates identifies that the work is personally licensed for use, and not sold. Unlike books or magazines that are sold, and under Copyright law, can then be re-sold by the purchaser because the original owner’s rights have been exhausted. This also assists with the distribution of company internal documents, which are never intended for sale or onwards transmission.
Is for evaluation
Another reason for expiring documents can be that they are being sent out for evaluation, perhaps they are being inspected prior to approval or purchase. This can apply to analyst reports, market analyses, consultancy studies, forecasts, reference books, works of literature and fiction, guides, examination briefings, auction listings and so on. In point of fact almost anything that can be licensed may have a requirement for this kind of DRM control. It is a bit like going into a bookshop and being able to see the content of a book before purchasing it.
The two principal approaches to causing documents to expire are that they can be viewed up to a maximum number of times before expiry, or for a number of days after first being opened. Usually only one of these two conditions is used, and they are normally coupled to a fixed end date in order to prevent them being available for any great length of time.
Giving limited rights
A different form of document expiry control is to cause a document to expire once a particular right has been exercised. The commonest example of this is where the recipient is licensed to make a printed copy but having made that copy, no more may be obtained. This covers printing coupons that may be exchanged at shops, or educational course work and notes that are for one-time use.
Used in the wrong location
Document expiry may be required to comply with Data Protection regulations as well as by national laws.
EU Data Protection laws prevent the export of personal data (particularly if it is sensitive) – see https://ico.org.uk/for-organisations/guide-to-data-protection/principle-8-international/ as an example of current regulation and guidance. Problems may occur with laptop and BYOD device users who, perhaps unwittingly, take out of the EU personal data and fail to provide adequate security to protect it. This can be automatically achieved by setting the access controls geographic regions to the permitted regions. Then, when the user tries to open the document in an unauthorised location, it will behave as if it has expired and not be available. But once they are in an approved region the file(s) will become available again without any further action. This approach can simplify the requirements for achieving adequate data protection in unauthorized countries and prevent data leakage from BYOD devices being given away or swapped.
There are also occasions when a corporate body does not want documents to be available in specific locations, or want to restrict use to specific locations. This may be to do with healthcare or safety compliance rules, or where the use of cryptography is forbidden by local law. In either case, causing documents to ‘expire’ when accessed from the wrong location will achieve that purpose.
Be expired until formally released
There is a common requirement in many fields – particularly publishing of tenders, but also publishing political statements of policy, publishing share prospectus documents and so on.
The normal requirement is to be able to publish the documents in time to be sure that all receiving parties have been able to get them, and then have them become accessible at the same time for all recipients, thus being able to demonstrate that there was no unfair advantage gained from earlier knowledge of the content.
In this case, the document(s) behave as if they have expired (are unavailable), and then become available at a given time. Typically for tender documents, after a period of time (usually pre-set) they then expire. By using DRM controls it is possible to update the document expiry date to push it back, needed where perhaps a bidder pulls out before a conclusion is reached, or more time is required to give the requested responses.
In conclusion, it is clear that there are many reasons for requiring documents to expire electronically and they are all quite different. Document expiry is the intended result, but the method(s) of getting to document expiry, and the surrounding control processes both to enter and to leave document expiry, are many and various. Industries have varying requirements to meet in order to achieve and manage document expiry situations, and therefore the information owners and publishers require sophisticated DRM enforcing controls to be able to achieve and continnually manage the access to the documents that they are licensing.