Rights management is a term for control systems that allow a rights owner to exert control over information immediately.
It enables publishers of information to control what recipients can do with it in order to prevent intellectual property theft, stop unauthorized sharing and piracy.
Rights Management Systems & document control
Rights management is a generic term that covers most forms of information control – whether this be document rights management (control of documents), information rights management (IRM), enterprise rights management (ERM) or digital rights management (DRM). Effectively they are all the same thing and are interchangeable terms. IRM and ERM are the terms most often used when referring to protecting and controlling information within an Enterprise, whereas document rights management and DRM are used when sharing documents securely or for the licensing and control of paid content.
There are two types of rights management to consider:
When we use the word ‘work’ we mean, very loosely, anything that has been stored in a digital form. So this could be (almost) anything, an ebook, a video, a picture, a trademark, a document, music, data, an elearning course, or a film. It is worth mentioning that all these works have different rights for those involved in their creation, but this note was not prepared as an analysis of author’s rights. If anyone wants a detailed statement we recommend Copyright Law in the United Kingdom by Sterling and Carpenter, published by Legal Books Pty in 1986 with addendum. For database rights in Europe we recommend the following EU Directive – http://europa.eu.int/ISPO/legal/en/ipr/database/text.html
Generally, when we talk about rights management we mean that the author/owner of a work has the ability to define, by a license, rights that may (or may not) be granted to the user or recipient of a work in a digital form or format.
In simple terms, rights are usually:
Rights management is therefore the ability to be able to apply rights being granted such that the recipient is bound by them in compliance with the license agreement made between them and the owner. For digital content protection and control, rights management in the form of Digital Rights Management or DRM, Information Rights Management, or Enterprise Rights Management is highly effective at controlling document use and preventing unauthorized users from accessing content. Some online systems (where access rights and controls can be instantly changed) refer to their rights management technology as Active Rights Management. This also performs the same function – preventing unauthorized access and controlling use of content whether that be digital documents, emails, web pages, music, movies, etc. – but is marketed using different terminology. In the past, DRM was more closely associated with video and music content but now equally applies to documents and emails – although some companies market this as Information Rights Management or Enterprise Rights Management. So while all the different terminology may seem confusing, all companies selling rights management products or services are providing the same thing – the ability to control access to and use of content, with both online and offline use.
There may be statutory rights granted by law that override rights granted by license, such as the right to produce criticism or parody. These may not be refused by the owner, and they may vary from country to country.
In some cases, rights management may also be understood to be an employer exerting their authority to control rights in information owned or licensed by an Enterprise. In this case the meaning of rights management is much broader, covering trade secrets, secrets in the course of litigation, and is primarily covered by a contract of employment which may contain terms and penalties that would not be appropriate in a license agreement.
In all cases, Court orders may require the disclosure of any information, whether the subject of rights management or not. If you receive a direction from a Court to disclose information you should take legal advice.
In 2003, Microsoft released Rights Management Services (RMS) for Windows 2003 server which enabled administrators to encrypt MS document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by authorized users. Specific document operations like printing, copying, editing, forwarding, etc. could be allowed or disallowed. However, an alleged attack in 2016 showed that authorized users could remove the protection, thus rendering it useless.
Since then, various companies have produced rights management for documents that use plugins to the underlying application (i.e. Word, Adobe Acrobat, etc.) to add additional security. These however are not without their problems. Another plugin could compromise the security (say by recording the decryption key) or stop the rights management plugin from working altogether. An update to the application could prevent the plugin from working, or underlying security issues of the application could also compromise the overall security of the system. These issues have all been prevalent in the real world.
Other companies such as Locklizard have created standalone applications that can provide additional security. The security of the system is not at the mercy of the original application and other security controls can be added at the Operating System level (i.e. the prevention of third party screen grabbers or printing to file drivers) since the application has direct control. Preventing plugins from loading stops an easy way in to attack the system.
Rights management software has also been widely implemented in the browser using either HTML5 or flash technology to control access to and use of documents. This approach is popular with secure data room systems to securely share information that is confidential – e.g. controlling use of board documents, due diligence and M&A material. However, since no software is installed on the client computer, there is less control available over what users can do with documents. For example, users can take screenshots of documents or print to file drivers (if printing is allowed), so a browser based rights management system is not as secure as a device installed one. There is also the obvious security issue that users can share login information with others so you need to lock users to specific locations if you want to prevent this, and of course the incovenience of users having to be always online to view protected documents.
When choosing a rights management system you therefore need to decide what you are trying to achieve, what document controls you require, and how users will access your protected content.
To learn more about rights management, take a look at History of Rights Management.
Why Locklizard for Document Rights Management?
Locklizard takes your document protection seriously. We provide total document control with US Gov strength AES encryption, public key technology, DRM and licensing controls to ensure your documents remain protected no matter where they reside.