Windows Rights Management Debut Draws Concern

The latest manifestation of Microsoft's unified DRM technology roadmap has been made available for download.

Windows Rights Management (RM) is designed to extend Windows functionality to permit "DRM friendly" applications such as the forthcoming Office 2003 suite to lock down sensitive documents from prying eyes. The RM client provides fine-grained content protection across all product lines.

Windows Rights Management Client 1.0 entered beta testing last February and currently runs on Windows 2000 SP3, Windows 98 SE, Windows Me, Windows XP, as well as Windows Server 2003.

Users who want to open e-mail messages with restricted permissions must first download the rights management add-on for Internet Explorer – a "light" version of the RM client that reached beta in May.

According to OASIS's Cover Pages -- the mouthpiece for a not-for-profit consortium that seeks to drive e-business standards -- the Internet Explorer add-on will enable broad intranet and Internet portal scenarios by presenting rights-protected HTML to clients.

Both client-side technologies are engineered to work in cryptographic harmony with Windows Server 2003's Windows Rights Management Service (RMS) layer, formerly known as Tungsten.

A bounty of applications will surface from the addition of rights management to Windows.

"Rights management technologies have a broad application for a breadth of users. The need to protect digital assets extends far beyond the film and recording industries to include personal information, corporate information, and commercial content," a Microsoft spokesperson told BetaNews.

In the instance of the newly christened Office System 2003, permissions may be set to prohibit a confidential e-mail from being forwarded, printed or copied. Aside from the parties engaged in the dialog, only law enforcement -- with a proper warrant -- can access its contents.

Under the Hood

Microsoft's Windows RM technology utilizes certain Internet-based services during a process called machine activation. During this process, a hardware specific system component is created and saved on each device. This bit of information is the key to unlocking and accessing RM-protected content.

Microsoft briefed BetaNews on its efforts, stating that an effective rights management solution requires tight integration between the breadth of system components and devices, and must take into account the various touch points, pathways and destinations for digital information. Redmond says it is working with the industry as a means to this end.

Additionally, Windows RM requires a .NET Passport to authenticate users, such that everyone viewing protected content must have an active Passport. A certificate is also produced during the enrollment. In all, the security mix incorporates encryption, digital certificates and authentication.

Enterprises running Windows Server 2003 will have the option to "use active directory to do user authentication rather than Passport," according to Microsoft.

Critics Question Ulterior Motives

While document security is paramount, Microsoft's RM has drawn the ire of some critics questioning the company's motives.

Microsoft Watch's Mary Jo Foley wrote in an editorial earlier this year: "If you are a big company or organization with lots of correspondence and documents you want to keep secret, Windows RM is, indeed, a blessing. If you are a whistleblower, a journalist, a lawyer, a cop -- or anyone who has the audacity to want to use software other than Microsoft Windows or Office -- you should be very afraid."

While Microsoft has countered these claims and determined that its software should remain "platform agnostic" by supporting industry standards, critics harp that alternative operating systems must use XrML (Extensible Rights Markup Language) in exactly the same way Microsoft does.

Standards groups such as OASIS have been encouraged to "improve interoperability and reduce redundancy" by converging on a core and single set of paradigms. But these groups claim that the fix lies in the control Microsoft exercises over ContentGuard, the primary author of XrML.

Microsoft, together with other industry heavyweights such as Xerox and Sony, has held a small stake in ContentGuard since 2000.

In response to the barrage of criticism -- mainly the prospect of corporate and governmental malfeasance -- Jon Murchinson, product manager of Microsoft's security business unit, told BetaNews, "Windows Rights Management Services (RMS) no more hinders whistle blowing than do currently available and widely used methods such as printing documents on watermarked paper, numbered distribution of hard copy documents, and the use of shredders."

Murchinson continued, "Whistle blowers will still have the means necessary to bring suspected violations to the attention of the proper authorities. In the most notable cases, the whistle blowers had access to information through the normal course of business that led them to believe something was amiss. If they had been using an RMS-enabled application or server, they would still have had access to the same information and could have taken steps to notify the proper authorities of their suspicions."

Industry watchers expect Redmond to invest significant effort and dollars toward rights management in the future.

"Microsoft will continue to make major investments in rights management technologies that help our customers address their technology needs," said Murchinson, who foreshadowed significant innovations.

Microsoft currently offers RMS as a free trial, in addition to posting related pricing and licensing terms. Content protected by an author who opts out of the trial can be viewed for three months by those with valid .NET Passports.