Common myths about stopping copying, emailing and downloading

Stop copying, saving, emailing & downloading files

It is a common myth that you can stop copying, emailing, and downloading of files, yet you cannot readily prevent this.  What you can stop is the use of content by unlicensed users.

    MYTH 1: You can stop copying of files

Back in the eighties, particularly with the advent of CD-ROM devices, a lot of work was done to try and implement systems that prevented copying films and soundtracks.  The most successful approaches were probably the Digital Audio Tape (DAT) standard (it failed because the public would not buy a product that did not allow them to copy their own tapes) and an attempt to modify the MP-3 standard failed because it proved unworkable.

So despite what people say or think, unless hardware is involved, it is not practically possible to stop people from making copies of files, one way or another.  You have similar problems with trying to stop people saving files once they have opened them with an application.

So if it is impractical to stop file copying (ask the film industry about this one) what can you do?

The simple answer is you have to encrypt the file that is to be protected, and then make sure that the application that can decrypt the file cannot be used to make an uncontrollable version. If you do that, then you can control who can actually use the file and what they can do with it.  It doesn’t stop them from making copies – but it DOES prevent anyone unauthorised who receives a copy from using it. And, when it comes to it, that’s the same thing.

   MYTH 2: You can stop downloading

Well actually stopping downloading of files is theoretically possible if you handcraft your own application to receive information from a server, perhaps a printed line at a time (?) and display it on screen, also a line at a time.  Not very usable, you might say, but it does minimize caching (just an up-scale version of downloading).

Of course, working that way does create really serious performance problems.  Searching a document for a given word suddenly becomes unbelievably slow, and everything comes to a halt if you meet a picture or want some fancy font rendering.

That is why the Internet uses caching, PDF (and any other) documents use downloading and work with local copies.  Anything you view in a browser is downloaded to a temp folder on your disk and loaded into the browser from there.  It’s not that stopping downloading cannot be done, it’s more that we have learned that it simply is not practical, even with today’s apparently huge bandwidths.

   MYTH 3: You can stop emailing content

Back in the early 2000’s it looked like stopping emailing of content and files might actually be possible. Some manufacturers and the corporate IT departments had got their acts together and invented eMail scanning (a bit like anti-virus, but using books of rules) to figure out what should be allowed out of the corporate firewall, and what should not.

And in the corporate world that might have worked but for a couple of inventions along the way.  The use of flash (USB) drives suddenly became very popular (and it was amazing how much you could copy onto them), but arguably worse, the ‘Bring Your Own Device’ (BYOD) market took off, led by the Blackberry and quickly followed by everyone else.  And these latter devices came with their own email clients, their own network connections inside or outside the firewall, and their own ways of connecting to USB drives.  And the rest, as they say, is history.

So push comes to shove, the average mobile phone user can get past the most sophisticated security systems there are.  And the only way to stop them is to make sure that any file you want protecting can only be used by licensed users.  Because they can send the files anyway, so the only question is how do you stop them being used by the recipient?

How the Locklizard DRM Security approach busts the myths

Although it is true to say files can be copied, what Locklizard achieve is to make the copied files of no use to the recipient.  This solves the problem by neatly avoiding it.

What Locklizard do is encrypt the PDF file(s) into a proprietary format – the PDC file.  This is not like a PDF file, so the start of the encrypted file is random rather than a known plaintext (makes it harder to attack the encrypted file).

The decryption key is not in the encrypted file, so the Elcomsoft type of attack does not work.  Key materials are transported secretly, encrypted, and locked to specific devices, so the end user is not able to obtain them even if they use any of the SSL type attacks for disclosing secured content.

Locklizard Secure Viewer applications to do not have Save or Save As functionality in the code (never mind just greying out buttons in a browser) so the user cannot obtain that functionality even if they want to.

Finally, even if someone else installs a Viewer to read a PDC file, they have to register a license with a cloud based server, so that license must be available, and cannot be re-used.  And that server can identify the devices it has registered and will not even download keys unless the requesting user passes all the tests.

So, although you can copy Locklizard protected files, they are only of any use to people with valid current licenses to use the protected documents.