eWeek columnist Peter Coffee's May 2nd column, "It's Time to Stop Overpackaging and Underprotecting Content" starts out in the right direction but fundamentally misunderstands Digital Rights Management. If I understand what he's saying, it's that creators often fail to implement appropriate security given the nature and context of their information. So far so good.
Here's what I don't understand:
Digital rights management is a common stalking-horse for intrusive restrictions on moving bits from one place to another. Hypothetically, imagine being barred from attaching an Excel spreadsheet to an e-mail unless you give the e-mail service provider your authorization code for document-exchange rights from a registered copy of Microsoft Office.
I'll get to email in a moment, but DRM is, in my view, the association of rules governing use and use consequences with digital information of all kinds and the enforcement of those rules at a distance in time and space. DRM presumes that protected information will be widely distributed using any or all of the usual methods. What DRM does is to restrict use of protected information to those who are authorized to access the information.
In the consumer space, authorized users may be those who have paid for an item or bought a subscription or agree to look at advertising or who agree that that their usage information can be reported back and used for prespecified purposes. There are a great many possible business models.
In the Enterprise space, authorized users may be employees of a given company working on project specific documents. Rules may vary by role in the company or work group.
Let's agree that organizations may legitimately desire to control their most sensitive information. They may not want unpublished patent applications, strategic plans, quarterly financial results and other confidential information going out the door to unauthorized recipients.
DRM companies such as Liquid Machines have DRM-enabled email products ensuring that the most sensitive information does not get sent out to unauthorized or inappropriate recipients. In one example, an investment bank may not want those on the M&A side to communicate with those on the Research side of the company with respect to particular companies.
In my view, this is a far cry from saying as Coffee does that "Digital rights management is a common stalking-horse for intrusive restrictions on moving bits from one place to another."