Download What is Trusted Computing and Digital Rights Management

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Cyber-security regulation wikipedia , lookup

Computer security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Medical privacy wikipedia , lookup

Information security wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Social engineering (security) wikipedia , lookup

Trusted Computing wikipedia , lookup

Digital rights management wikipedia , lookup

Transcript 
Version 1.0
February 2015
Trusted Computing (TC) and Digital Rights
Management (DRM) for Records
Managers
Archives New Zealand is the custodian of the Trusted Computing and Digital Rights Management (TC / DRM)
Standards and Guidelines. This role includes communicating the Standards and Guidelines to a wider
government audience and consulting with stakeholders as the technological landscape changes. Digital
Rights Management, in particular, has the potential to affect current records management practices.
What is Trusted Computing and Digital Rights
Management
Trusted Computing (TC) is a group of technologies which can be used to intentionally limit access to the data
and facilities on a computer. The hardware for TC is included in most laptop and desktop computers sold
today. TC hardware can be useful to governments by guaranteeing that their machines have not been
tampered with or to prevent unauthorised access to stolen machines.
Digital Rights Management (DRM) software provides a way for information providers to control access to
information while making it available to other people’s computers. It is widespread in the entertainment
industry and is now available in office applications. In conjunction with TC, DRM could provide strong
control over access to documents and emails.
What is the purpose of Trusted Computing and
Digital Rights Management?
TC provides security at a hardware level which can be used to establish trust between systems. Examples
include the Trusted Platform Module chip imbedded in most PCs which can enable the computer to confirm
that its software hasn’t been tampered with.
DRM allows for persistent item level protection. DRM can be used to protect intellectual property and
copyright control over individual digital items. DRM protections travel with the items and are independent
of the system which creates or uses them. Examples of DRM include the printing restrictions one can place
on a PDF document and the Information Rights Management feature in Microsoft Office which allows
creators to restrict which readers can open a Word document.
What are the risks associated with Trusted
Computing and Digital Rights Management?
DRM can adversely affect the full usability of documents. Information providers can encumber documents
with restrictions and conditions imposed by the provider. For example, providers can set a document to
become unusable after a period of time without notifying the agency which receives the document. Public
offices would therefore lack control over incoming documents.
There is also a TC feature that can be used in conjunction with DRM called ‘remote attestation’ which allows
information to be sent to an external server when the item is opened. The government agency holding the
document may have no way of knowing what information is transmitted. Many TC and DRM systems
therefore have the potential to undermine the security of government systems and the privacy of people
who use them.
How does Digital Rights Management affect records
management?
DRM can impede the management of official records by preventing the capture of records into an EDRMS or
by preventing printing so that a paper copy can be kept. DRM may facilitate the illegal disposal of records by
setting time-based actions (such as access expiry or restrictions) not desired or authorised by the recipient
of the records. Through access expiry, modification or restriction DRM may prevent access to information to
those otherwise entitled to it.
One of the most important first steps you can take is to decide if your organisation will accept DRM
encumbered information and if so, how you will handle it. Key questions to ask yourself are:




Is it a record which is affected?
Will the information be needed on an on-going basis?
What are the costs and limitations of access to the information?
Do you have hardware or software in place which detects DRM or can you put those tools in place?
If you are considering creating DRM-encumbered information take the following steps:
 Update your recordkeeping policy to include TC and DRM issues.
 Determine if your DRM deployment is appropriate under the Security in Government Sector (SIGS)
manual.
 Inform people of the DRM restrictions you are placing on documents and be prepared to justify the
restrictions.
 Ensure continued access to records you are required by law to create and maintain.
 Finally, ensure compliance of any new systems with the Trusted Computing and Digital Rights
Management Standards & Guidelines published by the State Services Commission by seeking a
declaration about DRM from vendors in their tender or RFP response. The declarations should detail
the TC / DRM features of the product, which TC / DRM features are turned on by default, and what
the limitations are of using or not using these features. This will help you determine whether you can
comply with the Standards & Guidelines if you implement their system.
About the Principles & Policies, Standards &
Guidelines
The Principles & Policies and the Standards & Guidelines were originally developed by the TC / DRM Working
Group headed by the State Services Commission under the E-government Interoperability Framework (eGIF). They provide a deliberately generic framework for examining and dealing with TC and DRM issues. The
Principles & Policies were designed to be usable by any government department (in any country) and they
cover the full spectrum of issues relevant to government-held information, including privacy, accessibility,
intellectual property and information security. The Standards & Guidelines were written to assist
government agencies implement the Principles & Policies appropriate to their own needs.
Key Trusted Computing and Digital Rights
Management Principles & Policies for Records
Managers
 System Security Principle
The security of government systems and information must not be undermined by the use of trusted
computing and digital rights management technologies. (Principle 4)
 Information Availability Policy
Government must know about encumbrances, have control over them, and explicitly agree to them.
(Policy 1)
 Information Confidentiality and Integrity Policy
Government must know about information flows and be able to identify harmful communications.
(Policy 11)
Further information about the Principles and Policies can be found on the ICT.govt.nz website.
Related documents
United Nations Disaster Coordination Working Group
United Nations Disaster Coordination Working Group
slides
slides
Some topics in application level security
Some topics in application level security
PRODUCT TESTING AND CERTIFICATION
PRODUCT TESTING AND CERTIFICATION
Digital Right Management and Watermarking of Multimedia Content
Digital Right Management and Watermarking of Multimedia Content
Abundance in Supply & Diversification of Demand
Abundance in Supply & Diversification of Demand
Detrital Remanent Magnetization (DRM)
Detrital Remanent Magnetization (DRM)
Progress and Future Perspectives capitalizing the Province of
Progress and Future Perspectives capitalizing the Province of
Vietnam
Vietnam
Mihir Bhatt, IPCC SREX, Preparedness through DRR and DRM
Mihir Bhatt, IPCC SREX, Preparedness through DRR and DRM