Enterprise Right Management vs. Traditional Encryption Tools

Jon Callas jon at callas.org
Wed May 9 15:48:49 EDT 2007


On May 8, 2007, at 10:16 AM, Ali, Saqib wrote:

> I was recently asked why not just deploy a Enterprise Right Management
> solution instead of using various encryption tools to prevent data
> leaks.
>
> Any thoughts?

What problem are you trying to solve?

If you're dealing with a rights-management problem, such as how do  
you give someone a document that they can read on the screen but not  
print, you aren't going to solve that with a cryptosystem.

However, rights management systems have characteristics that are  
different.

Rights management systems work against polite attackers. They are  
useless against impolite attackers. Look at the way that  
entertainment rights management systems have been attacked.

The rights management system will be secure so long as no one wants  
to break them. There is tension between the desire to break it and  
the degree to which its users rely on it. At some point, this tension  
will snap and it's going to hurt the people who rely on it. A  
metaphor involving a rubber band and that smarting is likely apt.

One way this fails is the good old "analog hole." People can still  
take pictures of their screens.

Another way this fails is for people to rely upon rights management  
as a cover for sloppiness, anger, or mendacity. If you think you can  
revoke a message or send Mission Impossible documents, you will.  
Someday, someone on the receiving end will use the analog hole. Oops.  
Imagine the case where a tech support person tells off an obnoxious  
customer, who takes a picture of the screen.

Furthermore, there are subtle problems with rights-management and  
policy. Let's suppose that I run an organization that needs to  
archive documents. I therefore *must* reject documents that I cannot  
archive.

I have personally stuck more to having crypto be a form of access  
control (once you get to a document, you have it) than as use control  
because:

	* The former problem is hard enough
	* We know that DRM of any sort will untimately fail
	* Human nature will lead people to get into trouble *because* of
	  rights management.

I think that the operational issue -- that rights management *cannot*  
work -- trumps everything else, and turns the social issues (if you  
can tell someone off and deny it, will you?) into -- into nothing  
other than a information bomb. You're going to end up looking like  
Wile E. Coyote, with a blackened face and stunned, blinking eyes.

	Jon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list