More bad technology choices
Scoble says this like it's a good thing:
Keith Hurwitz and I tried a little test tonight. He sent me an email protected with our digital rights management (restricted rights built into Outlook). I wanted to see if Kunal's OutlookMT tool would post it. It didn't. Test succeeded!
Does it break copy/paste? Because if it doesn't, it's achieved nothing. If it does, then it'll end up being a true annoyance. There's another question as well - what if you send a DRM marked mail to someone like me who doesn't use Outlook? Does this mean that I simply won't get the mail, or does it mean that the DRM will leak off? You could argue that it's broken either way.
IMHO, this is exactly the wrong way to fight this battle. Tell people that stuff is confidential, and then apply consequences if they violate that trust. This smacks me the same way that "zero tolerance" policies in the schools do - it assumes that everyone is too stupid to use judgement, and instead imposes lame policies on the entire class. Color me entirely unimpressed...
Comments
Re. DRM e-mail
[Steve Wart] September 28, 2004 8:54:49.949
How about if you take a screen shot and post a jpeg?
Our Citrix setup disables cut and paste, and it's highly annoying without offering any real security advantage. What's next green screens?
Consequences...
[Ian Bicking] September 28, 2004 13:35:52.739
I don't think consequences are necessarily enough. It's hard to say who leaked information, for example. Or the leak may have been entirely unintentional; technology could make confidentiality requirements explicit and mistakes less common. Or the harm to the company may be greater than any reasonable consequence.
Not that I like DRM. But it does address a certain problem (which is a very hard problem). Being a bit more of a radical, I think those problems are indicative of a social order that needs repair. I think leaky information is important and powerful, and we need more information to leak, not less. Still, my premise is that leaky information matters; for this very reason, I have to accept that there is a valid reason for DRM. Then it's a disagreement of motives and principles moreso than technology.
[Jeff Hiner] September 28, 2004 16:38:08.453
There's also something to be said for common sense. If you're communicating sensitive information to someone, that implies a level of trust. If that trust isn't solid enough for them not to copy and paste out of an email, you either need to reevaluate the trust level or the method used. Maybe email isn't the best way to send such data; if it's that sensitive, distribute paper copies with fancy un-OCRable ink, or self-destructing tape recorders.
There's a level beyond which you simply can't control leakage; if people have the information, and they really want to distribute it, they will find a way (memorizing and reciting books in Fahrenheit 451 comes to mind).
Re. bad choices
[Steve Wart] September 29, 2004 4:36:10.283
Good point about the social aspects, although I don't see it as something that needs fixing.
The big issue here is not so much people forwarding messages, but the proverbial loose lips. Information really does want to be free: the value of a secret is inversely proprotional to the number of people who know it.
Technology can't stop people from picking up their mobile phones and calling a reporter (well some people are working on it). Some companies record their employee's phone calls, log their mail and chat & attempt to block all non-approved forms of communication. Some governments do that too. People always find a way around it.