Why DRM is is better than access controls for document security

Document security, access controls, & DRM.

Document security requires a lot more functionality than access controls to deliver a logical series of controls.  Here we look at how and why the extra controls in DRM are essential to delivering secure document systems.

A History of Document security

Whenever anyone mentions document security you can guarantee that everyone knows what they mean, and each viewpoint is different.  And that’s entirely normal.

For those still handling paper documents, document security means is the paper likely to catch fire or get flooded (when the fire brigade arrives) and does my system let me find documents in that stack of paper?

Large organizations moved over to microfilm/microfiche many years ago.  The questions for document security were: does it catch fire, can I search it electronically reliably and can I add tags so that it is quicker to do searches?

The digital age arrived and scanning was directly to images on a computer.  Now document security got a tad more complicated because, thanks to optical character recognition, you could search documents based on content – albeit slowly at first, but faster as machines got more powerful.

At the same time electronic documents grew in popularity, with Microsoft Word (see How to password protect a word document and why it is useless) becoming the leader in document creation for users, and Adobe Acrobat Portable Document Format (PDF) for creating a consistent form and format of document content.  This was initially for the printing industry, and subsequently for general organizations looking to get document security, this time meaning: can I lock the format, does it print the same whatever device I use, can I detect forgeries?

Document access controls and DRM

Then document security stepped into several new leagues.  The original document security controls were all about computer file access controls.  But they could be easy to change, usually by just moving them to a different computer.  And, following the computer network protocol Kerberos, which issued ‘tickets’ to grant users ‘rights’ to exchange information over an untrusted network, the idea grew that there should be some kind of digital document security control.  Digital Rights Management (DRM) for documents was invented.

But document DRM was to prove rather more complicated than the original file access controls because it had to address content security on top of the original access controls.

Adobe and PDF DRM security

As far as document security development is considered, the early work was done by Adobe.  There was other DRM class work done in the music and film industries but we are not considering them here.  Because Adobe had strong links to the printing industries they were more concerned with being able to provide proofs that could not be used for quality printing and being able to be certain that a printed copy would be faithful to the original, and could not be easily altered.

PDF DRM had begun.  But there were other requirements for PDF DRM than printing quality.  A major problem for all industries has been preventing users from readily copying and distributing documents, and readily extracting the content itself (text, pictures, links and so on).  PDF DRM has remained the focus of document security because the format is reliable and will appear the same almost regardless of the starting and ending operating systems.  So that is why PDF DRM is the focus for document security systems.

DRM developers have added a range of extra features and facilities to support sophisticated document and content security, and I now consider some of the subtler functionalities that have improved document handling and management.

Document DRM controls and encryption

Electronic document security has to have overarching controls aimed at preventing the unauthorized use (misuse) of document contents, including the following features:

• Not before or start date – the date before which the content should not be available to use
• Not after or end date – the date after which the content must not be available
• Watermarking on viewed screen with dynamic content (i.e. user’s name, email address, date/time stamp, etc.)
• Watermarking on print out with dynamic content

Of course you cannot leave the document in its original format because there are loads of tools available to process it and remove passwords and other mechanisms.  So you need to encrypt the documents so you can achieve secure document distribution.  And the key for the encryption has to travel separately from the file or it can be hacked, and not disclosed to the user (i.e. protected with a password the user must know) otherwise they could pass it on to others.

It would be very unwise to send documents that are only protected by access controls across the Internet or have them synchronised with remote folders.  But if you have encrypted the document and bonded to it the controls and rules that are to be applied, then you can safely let it be shipped around as an email attachment or on a flash drive.

Document revocation and online or offline security

Other essential document security controls include the ability to switch authorised use off and on dynamically.  This action may be at the document level (perhaps the document has incorrect information in it and needs replacing) or at the user level, (the user has taken on a new job and no longer has access to some documents).  These controls require the authorised user to be online to a license checking system that monitors access requests.  If the user is offline, then controls could not be enforced until the user was next online for some reason.

This creates a problem in that there are many reasons why you could not require users of secured documents to be online before they can be used.  Apart from the problems of getting online in aircraft (even mobile phones don’t always work) the signal may not be so good on the beach and some locations are more difficult than others (anyone had to lean out of a window to get a mobile signal?).   And there is nothing more annoying that an intermittent connection!  So compromises have to be thought about.  One approach is to check the use when the document is first opened, and never again.  This means it can be used anywhere anytime, but the controls can’t be changed once it has been opened.  This is very much the traditional book model – once purchased can be used until (unless?) it falls to bits or gets hit by a wave on the beach.

A different approach is to say that if an Internet connection is available then do a controls check, but not otherwise.  This is more user friendly approach because it does not demand an Internet connection before secured documents can be used.  But it does create an ability to make changes since few people can manage without an Internet connection for any length of time so a check is likely to happen fairly soon.

A compromise is to require a check every so often (say 90 days?) and allow a ‘grace’ period so a check can be made within a few days of the actual check date.  These kinds of licensing enforcement are much more acceptable than an inflexible demand to be online all the time (unless we are talking about an internal control system or highly sensitive material).

Content security and stopping document misuse

I mentioned earlier that content security is an essential part of document security.  This doesn’t just mean stopping people from ‘Saving’ the document in an uncontrolled form (or a different format).  It also means stopping the use of copy and paste, and preventing screen grabbing and re-assembling the content from collections of pictures.  Sometimes it is not possible to stop copying – what the eye can see is visible to the cell phone camera.  But with extra controls, such as watermarking, you can make the theft of content a much more difficult proposition.  Random watermarks that don’t obscure the text can dissuade someone because they can be very difficult to remove without wrecking the document content and they may identify the identity of the authorized user.  The user will not want to make it clear that they conspired to bypass controls.  It could not have been another user because the security controls link documents to licensed computer users so that documents can only be used by authorized users.

There are many other document security controls that can be applied.  Locklizard, a DRM specialist in controls and mechanisms for enforcing document DRM, produce systems that will assist you to obtain and retain control over your documents.  They deliver all the functionality I have described in this blog, and much more.