Protect documents – control use with DRM security

Secure Documents & DRM controls.

It may seem strange but there’s plenty of knowledge about protecting data in computer files (yes, I know that the knowledge is there but the practice is rather patchy – this year is the best yet for fessing up to some major personal data losses), but there is rather less about protecting the humble document.

The importance of the document

The document is the major Human Computer Interface (HCI) for information transfer.  The other interface is the API – Applications Program Interface).  It presents the user with recorded information where the information controller provides a human user with something in a form and format that they can understand (and may be a requirement of law).

This is very different from protecting machine processible data files.  But we hear plenty about how important it is to protect computer data and almost nothing about how we should protect documents that are the carriers of that information in a human usable form.

Legal aspects of the document

Thing is, maybe we have just become too familiar with physical documents down the years, and expect a lower standard?  A judge can understand you losing a briefcase containing highly sensitive information on the train going home or in a taxi going to a bash.  He can even understand firms of solicitors faxing client confidential information to their opponents.  “To err is human, to forgive divine,” said Alexander Pope (not The Pope).  So that’s alright, unless you managed to do it using a computer when all should be sweetness and light?

Then that’s fine?  If we are running manually we can commit more errors?  Not a good plan.

Ways of sending and protecting documents

The boundary between the computerised and manual worlds has too many shades of grey (and NO I don’t mean 50).  What happens when you get the computer to send out sensitive information to be delivered as documents?  Do we need to protect the documents?  You can hardly send them out as the body text of an eMail. Years ago (before 2000 at least) body text in eMail was compared with picture postcards for security against being read! But you want to store and distribute documents electronically because it is easier, more efficient – and cheaper.

And why are we sending documents instead of (say) web pages.  Well there are many reasons.  Things that have legal effect have to be in document format because lawyers have to be more than confident that the format and layout cannot have been changed when presented to the human being.  It sounds a little thing, but when HTML pages reformat themselves dynamically according to form factors there is a very real risk that the actual layout appearance may change.  That would be like having the US Constitution reformat itself depending on what device you used to read it (now don’t be naughty and say that might be a valuable possibility – even if politicians might say so).  It is not a ‘good thing’ and documents are preferred to web pages.

But if you can’t put documents in the eMail body they have to go out as attachments.  And again if it can’t be a web page as processed by a browser and plugins it has to be a document.  So that means you have to protect documents in some effective way to prevent the hoi polloi (the public) from being able to read them, and maybe even stop the security services.  Who knows.  What is certain is that if you don’t take some positive steps to protect documents containing sensitive or personal information and anything goes wrong, you could well end up facing reputational loss if not prosecution.

So just, say, preventing copying, does not go far enough.  And just putting watermarks on does not stop copying.  You have to start using encryption to protect the content of the document.  And then include the additional controls you require, such as how long the document can be seen for, if it can be printed, if it has a watermark to prevent falsification, if it can be used offline, if usage must be tracked, and so on and so on.  The business of protecting documents is more complicated than first meets the eye.

Approaches to stopping distribution of protected documents

There are a number of companies who offer services such as automatically scanning email text and attachments to see if they have ‘sensitive’ content, but they tend to either refuse to allow the content to go out (a gatekeeper approach) or to encrypt the content for authorised recipients.  This is not the same as protecting the continuing use of the document and preventing it from being passed on by the recipient(s).

Generally, the creators of company documents are very structured and know a great deal about the intended distribution and audience: if documents are for sale to the general public or if they are for controlled internal distribution only.  And they are often working with Document Management Systems (DMS) to manage the automated assembly and distribution of documents, where adding controls to protect documents can also be automated (assuming that the DRM system you are using has a Command Line API to integrate with the DMS).

So document scanning systems have a role to play in preventing improper document distribution by unauthorized users.  But they add their real value when DRM controls are used to complement them.

What are we protecting?

Most enterprises need to be able to distribute protected documents. Some are for purely internal use, some for external and some are a mixture. Typical examples of sensitive documents with short or fixed end dates include:

  • Monthly price lists
  • Urgent instructions
  • Monthly performance reports
  • Previews for launches
  • Industry competitor analyses and SWOT results

Although IRM suppliers such as Microsoft have well developed email handling services in their Outlook product range, with many elements such as preventing forwarding, allowing for encryption and signature, having start and stop document dates.  We cannot comment on the effectiveness of the controls and would recommend you check them out, but we note that it seems that recalling (revoking) an email simply tells the recipient that the email has been recalled.  It does not remove it from the message store or prevent the recipient viewing it.

There is relatively little mention in IRM based systems about such topics as stopping screen grabbing, preventing printing, adding watermarks and other typical DRM class controls that are applied to controlled documents.  Indeed one might come to the conclusion that some manufacturers would rather facilitate copying than support a DRM class background to protect documents from misuse?

Conclusions for protecting and controlling documents

It seems that when you set out to protect documents you need to take into account a lot of different things that were never addressed by the classical ‘access control’ mechanisms.  Knowing that you are distributing documents that have to be protected is very different from trying to stop people from sending emails.  And you have to be able to send protected documents anywhere, not just on the Intranet, but anywhere in the cloud, and be able to rely on the document protection to work and enforce the controls that you are looking for.  When you protect documents, you are looking to achieve rather more control than that provided by simple, traditional access control systems which fail to address DRM/IRM requirements.

It turns out that the range of documents you need to protect is much larger than you initially think, in part because you are used to thinking in the paper world where little protection is applied, but the governance of the electric world is very different.

Upcoming EU regulation (GDPR May 2018) will become a key driver that will compel more stringent control of personal data distributed in digital form than applies today.  Going beyond names and email addresses this covers biometric data as “Special categories of personal data,” which require higher levels of control.  This may be bad news for biometric security approaches to access control?  Automated scanning systems may provide some assistance in stopping Information Leakage (IL) but are not helpful in controlling post distribution usage and preventing copying.

But it is with Digital Rights Management (DRM) applications, developed to protect documents no matter where they reside, that you find the most pragmatic route forwards to enabling effective document protection for the enterprise when dealing with internal staff or external customers.  Locklizard have significant experience in helping corporate bodies and publishers achieve the right balance of DRM security to protect documents – you can achieve the level of document control that you wish to establish, versus the attractiveness and usability of the protected documents.