The combination of the Trusted Platform module (TPM), the Digital Millennium Copyright Act (DMCA) and customary business rules mandated by law could make it illegal for software other than Microsoft’s to read future Office documents. That conclusion was reached in an Information Week article posted Tuesday.
Historically, important business documents have been saved in some kind of unencrypted and unprotected (if proprietary) file format. However, starting in 2003, Microsoft added Information Rights Management (IRM) to Office. This allows the user to specify who can read the document, what they can do with it and create a so-called “revokable” document. However, the required hardware and software technologies were not all in place.
Now, with Vista and a TPM module in modern PCs (including Macs), Microsoft can work closely with companies to satisfy their business need to encrypt sensitive documents on a routine basis. This makes compliance officers particularly happy, especially in regards to, for example, HIPPA (medical records) compliance. The ability to read these documents depends on Microsoft issuing an authorized key to Office to read these IRM’d files on a TPM equipped PC. Building a reader to break this encryption will violate the DMCA and give Microsoft control over which companies can legally publish software that reads IRM’d Office files.
Of course, the author of the document need not invoke the IRM, but the author, Cory Doctorow, points out that “No one ever opts for ‘less security.’ Naive users will pull the ‘security’ slider in Office all the way over the right. It’s an attractive nuisance, begging to be abused.”
The author concludes that “The deck is stacked against open file formats. Risk-averse enterprises love the idea of revocable documents…” He predicts that, while TPM has been on motherboards for years, Microsoft is finally in a position to satisfy corporations’ legal obligation to protect their documents and, incidentally, lock users into MS Office.