[Linux-aus] Microsoft Office 2003 lock-in via DRM

Wed Sep 3 13:49:01 UTC 2003

Since this is a Linux list, perhaps not everyone is familiar with the
current PKI setup in Windows 2000 et. al. It's worth remembering that
said PKI setup for file encryption only really works as a security
model when the machines involved are part of an "Active Directory

It seems to me that it's fair to say DRM features will only work
within the "AD Domain" also. This means that:

- For documents created at $company to be readable in Office2K3 on
someone's home computer, DRM will have to be turned off.

Thus whilst OSS office programs will have to rewrite their MS file
compatibility again, which we all agree is unfortunate, they will be
able to do so for widespread documents.

Also, the network effects of MS Office dominance are actually somewhat
disrupted by these technologies. Many C*O's of big companies are no
doubt entranced by the hype, but I think we'll find that making it
harder for people to do work at home doesn't always improve productivity.

- In order to use MS DRM, an organization must upgrade to at least an
entirely Active Directory system. (i.e. Windows 2000 and above.) Many
of the organisations most likely to find DRM useful in controlling
their business documentation still haven't upgraded all their
machines, either because of cost or compatibility. No doubt MS hopes
the "feature" that is DRM will persuade them to upgrade, but it's not
necessarily a done deal in today's budget climate.

Equally, this all raises the question, are there FOSS solutions to
make PKI simpler? To automate file encryption in conjunction with LDAP
or the like? It's not something I've looked into, but making just
these kind of security tasks easier in large companies could be
important in staving off DRM.


Indranath Neogy
<indy at the-tech.mit.edu>

More information about the linux-aus mailing list