Adding DRM to PDFs with Safeguard PDF DRM Security: control PDF access & use
Beginners guide to PDF digital rights management
What is PDF Digital Rights Management (PDF DRM)?
Although Adobe might like the mantle of having invented digital rights management for documents, there is no effective evidence to support that suggestion. However, it would be correct to point out that that the general adoption of the PDF format as a common presentation across multiple platforms has catapulted the Adobe approach to controls being those that are generally accepted as the default situation.
So what are these ‘default’ controls?
Well, the initial controls were:
- no printing
- changing the document
- copying or extraction, Disable accessibility
- no adding or changing comments or form fields.
These were later augmented to:
- printing – fully allowed, low resolution, not allowed
- allow content copying and extraction
- enable content access for the visually impaired
- allow only document assembly *
- allow only form field filling or signing *
- comment authoring field fill-in or signing *
- general editing, form field fill-in or signing *.
* these choices are mutually exclusive.
And then refined into:
- changing the document
- document assembly
- content copying or extraction
- content extraction for accessibility
- filling of form fields
- creation of template pages.
And one must not forget the control of watermarking, either on-screen or on printed output, or both.
Are PDF Digital Rights Management controls effective?
It is important to understand the difference between providing PDF rights management controls and them being effective.
In many instances proposed PDF rights management controls have been so poorly implemented (see PDF password protection) that you have been able to drive the proverbial coach and horses through them. Indeed there are some web sites who offer tools dedicated to the cracking of much of the Adobe implementation. Not suprisingly, third party vendors have moved to providing implementations and controls that are less open to many of the attacks that have been popularized by such companies as Elcomsoft.
Some PDF Security vendors have gone down the route of PDF plugins but these can be overriden by other plugins and often fail to operate when Adobe Acrobat is updated. See PDF Security Issues, Flaws and Cracks for articles relating to these attacks.
Other companies such as Locklizard have produced dedicated secure PDF Viewers so that they are not exposed to vulnerabilities in other applications, ensuring that DRM controls can be effectively enforced.