DRM can remotely delete files – I don’t think so?
Thank goodness the DRM industry does not take itself too seriously. There’s nothing worse than a group of sanctimonious zealots letting off steam about control of books that you can or can’t read.
Or is there?
Behind every cool idea there lurks the harbinger of doom. And so it is with DRM being used to delete distributed copies on the order of the DRM holder.
At first this sounds really cool – you don’t have permission to use this so I can DELETE your copy!
Remote file deletion is dangerous
Now I am not going, not for even the tiniest moment, to try and explain to Bank of America, or McGraw Hill, or PWC, or in fact anybody that I insist on them installing an application that can decide to delete files off their hard drives, and they are going to let me do it. Can you imagine what happens when the application goes wrong (which it will, and according to Murphy in the worst possible way at the most inconvenient time) and someone’s machine gets blue-screened? Well I plan not to even be a fly on the wall there. And the idea that some unauthorized administrator forces me to run an application that lets them see into my machines and report on my files, and then start deleting stuff – is about as far out as the NASA deep space exploration rockets.
Remote file deletion does not work
Apart from the impending disaster that is likely to incur, what about the reality? Well there is nothing stopping a user copying those files to another device that does not have any DRM installed on it, or storing them in a zip file, or a backup system, or simply changing the file permissions to read only. How can a DRM client delete them then? Well it can’t. It cannot delete files it does not have access to.
The whole remote file deletion idea is therefore not only dangerous but it is stupid and a great marketing ploy for the completely gullible.
So the EFF might, unusually, find itself with a supporter from a most unlikely source (I mean from those deleting files supporting the argument that DRM is a bad thing). Meantime back to the day job.
What are you trying to achieve with remote file deletion?
The most important point to consider is what are you trying to achieve by using remote file deletion – stopping access to a file.
With Locklizard DRM security, this can be done with file expiry and/or revocation. If you set a file to expire on a fixed date, after a number of days use, after a number of views/prints, etc. then once this has occurred the file is no longer usable. It does not matter if the user still has a copy on their device, they cannot open the file because the file is encrypted and can only be opened by a secure Viewer which obeys the expiry controls – so it is as good as having been deleted (well better actually because there is no option for the user to recover the deleted file and a backup copy has the same DRM controls). And if you don’t set a file to expire but decide a user, multiple users, or all users should no longer be able to access it, then you can revoke access at any time assuming of course the user is online (you can force users to always be online when viewing your protected documents). Once access has been revoked the file can no longer be used.