February 12, 2004

How will Office 2003 DRM impact interoperability?

Author: Dr. Paul Cesarini

In the near future, will we be able to open and access files from our coworkers, our clients, or our students? Will we be able to attach these files to email, for efficient and convenient dissemination, or print them if needed? Will we collectively be forced into expensive and in some cases platform-specific software migrations, just to maintain document interoperability?

Last October, OpenOffice.org released the 1.1 version of its office productivity suite. This update included native PDF and Flash conversion, complex text layout language support, and increased compatibility with Microsoft Office file formats.

Roughly a month later, Microsoft released Office 2003. This product was freshly-infused with digital rights management (DRM) technologies, dubbed "information rights management" by Microsoft, designed to secure and restrict access to documents as needed. Documents employing DRM created in Office 2003 may well only be accessible via Office 2003. More recently, Microsoft filed for numerous patent applications in New Zealand and Europe, covering the interoperability of XML-based word processing documents.

What do these tactics mean for interoperability between current and pending versions of Microsoft Office and competing products such as OpenOffice.org and StarOffice? Are the goals espoused by Microsoft, namely increased document security, the driving concern behind these moves, or is this a careful strategy designed to lock out competition? How, specifically, do the project leaders of these competing products intend to address this issue?

What is DRM?

Digital rights management has often been defined vaguely. Definitions range from it simply being "a system for protecting the copyrights of digital content that is distributed online" (TechEncyclopedia), to "the description, identification, trading, protection, monitoring and tracking of all forms of rights usages over both tangible and intangible assets including management of rights holders" (planet eBook). Given these seemingly harmless sounding definitions, it is easy to wonder why DRM appears to increasingly be the buzzword of choice in both technology publications and the mainstream media.

Whether we realize it or not, DRM has rapidly become pervasive in our daily lives, at home and at work. It often appears in areas we might not necessarily expect. For example, if you are reading this article at work right now, in your office, using your company owned computer, you probably use many programs controlled by another program on a central company server to manage site licenses. Sassafras Software's KeyServer is a common example of this. Rather than buying 100 copies of Freehand for your 100 employees who might need it, KeyServer allows for more efficient licensing. Of the 100 employees who might need access to Freehand, not all 100 would need it simultaneously. Using a tool such as KeyServer, IT departments could buy licenses for, say, 30 copies, but have it installed on all 100 computers. KeyServer would then dole out access to up to 30 people. If you are No. 31, you would need to wait until someone else quits Freehand on their computer.

Site licensing tools such as KeyServer are a fairly unobtrusive form of DRM, as opposed to the much-maligned hardware dongles QuarkXpress once used, or the questionable DRM schemes used by the entertainment industry, such as disposable DVDs and convoluted CD-burning rights in many digital download services.

DRM as a form of document security has existed for some time in a variety of different forms. Adobe's Acrobat, for example, has offered a range of security options for documents converted into PDF files. This security ranges in levels, from basic password protection to prohibiting printing, prohibiting selecting text and copying/pasting, to prohibiting any changing of the document itself. Much of this type of DRM evolved from "old school" UNIX file permissions.

As DRM continues to evolve, the technology may change, but the key issue remains essentially unchanged: What is the balance between convenience and flexibility, and security and (in some cases) potential loss of revenue?

Microsoft's DRM strategy

Currently, Microsoft's DRM efforts rely on an end-to-end Microsoft environment: Windows Server 2003, Windows Rights Management, Windows 2000 with Service Pack 3 or Windows XP, and Office Professional 2003. For those Windows users without access to Office Professional 2003, but with the other frontend and backend products, Microsoft offers a free Rights Management Add-on viewer for Internet Explorer. However, according to a Microsoft spokesperson, users of Office 2003 "will get the most value out of IRM capabilities," and the free viewer works "only if the recipient has permission to view the file."

In a potentially related move, Microsoft filed for a series of patents related to Microsoft Office file formats. These patents "cover word processing documents stored in the XML (Extensible Markup Language) format. The proposed patent would cover methods for an application other than the original word processor to access data in the document."

Naturally, a concern is that these patent applications could lead to interoperability barriers between Microsoft Office and competing suites. Microsoft has recently downplayed this possibility, though, claiming these moves are just standard procedures many businesses employ. Yet, if these tactics are so routine, why did Microsoft opt for these patents in New Zealand and Europe first, and not here in the U.S.? These patents, combined with the existing DRM features of Office 2003, are controversial at best, anticompetitive at worst.

More on page 2 ...

A different perspective: OpenOffice.org

Louis Suarez-Potts, OpenOffice.org's community manager, has another take on Microsoft's DRM efforts. He argues that the point of files using DRM is not to simply to make them more secure, but rather to enable an end-run around interoperability. "On a superficial level, the point of DRM is to limit free access to only those applications able to read DRM-delimited documents", Suarez-Potts said. "Put another way, MS Office will generate a class of files which only people with the same kind of MS Office will be able to open, let alone edit." Additionally, Suarez-Potts added that "[OpenOffice.org] will doubtless have better equivalents, ones that are just as secure and conceivably also as limiting."

Suarez-Potts also believes that Microsoft's strategy is unlikely to succeed, due to the required software investment in both server and client sides -- particularly since both the sender and receiver of IRM-enabled Office files would have to buy in to these upgrades. "Effectively," Suarez-Potts added, "it's a radically limiting strategy whose rhetorical bark is far worse than its effective bite. MS wants people to believe all will be using this feature -- but that set of users will first have to buy that particular brand of MS Office."

Given that Microsoft has apparently made the SDKs for both Windows Rights Management and the Office 2003 XML schema publicly available, the potential may exist for Windows versions of OpenOffice.org, StarOffice, and similar applications to address these interoperability concerns. However, since these SDKs have only recently been made available, further examination of them will be required before any decisions are made.

When asked about the possibility of OpenOffice.org eventually being able to access DRM-enabled files from Microsoft Office, Suarez-Potts sees this as a largely uphill battle. He said that "the answer is probably, but also that it would be immensely difficult ... The XML schema have nothing to do with DRM, as that XML schema can be thought of as a house's blueprints, but the DRM as its material lock and door." He also added that OpenOffice.org certainly remains interested in the notion of furthering compatibility between OpenOffice.org and Microsoft Office, even potentially including Microsoft's DRM.

What about Sun?

As of late 2003, Sun had no plans to incorporate DRM into StarOffice. Jeorg Heilig, Sun's Director of Software Engineering, said that "we do not have plans to manage rights to a document. Nevertheless, the concept document states our plans on working on digital signatures and encryption using open APIs and open standards (such as XML signatures)."

Heilig said that "It would be a requirement for supporting DRM to have access to these APIs, but also to be able to replace the backend infrastructure that manages the certificates and the authentication behind the APIs." He added that he did not see "any indications that this information is going to be available soon. In the end it is the people who send documents around who will decide on how useful this feature is ... I rather see people asking for a back end infrastructure that is based on public standards and implementations from multiple vendors to choose from."

Heilig also cautioned that much of the perceived benefit of DRM often becomes an unintentional liability in the long term. "Nowadays, it is sometimes impossible to access documents written even 20 years ago on a vendor whose product has changed or is no longer supported. Without standards, users are left to the whims of the vendor."

For now, StarOffice features a simple password protection option that can be used on any StarOffice file. While not exactly a high-tech solution, Heilig said this method "provides a basic level of document security for those who need it, when they need it."

At the time, the SDKs for Windows Right Management Server were not yet available. Whether or not their recent availability will change Heilig's mind likely depends on how usable the SDKs are, whether these SDKs will only be released for the Windows platform, and whether or not it will be feasible to incorporate RMS compatibility into StarOffice. Whether or not Microsoft releases SDKs for back-end compatibility -- which is unlikely -- will also be a deciding factor. For right now, Heilig said even though the SDKs were available, he did not foresee using them in StarOffice due to these SDKs being platform-specific.

Office 2004: Second-class citizen?

With the recent announcement of Office 2004 at MacWorld Expo last month, it is easy to wonder how Office-to-Office interoperability with DRM-enabled files would work. Very little of the Office 2004 feature set has been made publicly available, and despite touting some Mac-only features, basic compatibility with Windows RMS and Office 2003 has not been mentioned at all.

Unfortunately, the outlook is not good. A spokesperson from Microsoft's Mac BU now confirms such compatibility will not be possible with Office 2004 and added that Microsoft has "no timeline to announce on supporting this IRM technology on the Mac." She did state, however, that the file formats will be the same and that "Mac Office and Win Office and Office 2004, v. X, 2001, and 98 users are able to open non-protected and password protected files from Office 2003 for Windows users."

As a workaround for this pending lack of interoperability between Office 2004 and DRM-wrapped Office 2003 files, she suggested users instead opt to password protect their Word and Excel files. She also added that the Mac BU is interested in learning how Mac OS X users of Microsoft Office will want to incorporate DRM functionality on their Windows networks, and stressed that they "will evaluate our Mac customers' feedback and needs and work to support them appropriately."

What of indirect compatibility? For example, Microsoft has for some time offered a Rights Management Add-on (RMA) plug-in for the Windows version of Internet Explorer, to enable those not currently using Office 2003 to still be able to have limited access to DRM-enabled Office 2003 files.

A second Microsoft spokesperson confirmed that there are no plans to offer a browser plugin, or similar RMA, for the now-discontinued version of Internet Explorer for Mac OS X or earlier, nor are there any plans to offer an RMA for non-Microsoft browsers such as Safari or Mozilla. However, she said that the RMA specifications are "fully documented to enable third-parties to produce similar functionality should they choose to do so."

Interoperability: An uncertain future

Despite the publicly available SDKs for Windows Rights Management Services, Microsoft's efforts to wrap documents in DRM will likely succeed or fail based on how much of the currently installed user base buys into it. As Microsoft is already having serious problems convincing existing customers to upgrade to the latest versions of Windows and Office, achieving a critical mass of users for Windows RMS seems challenging at best.

Suarez-Potts doubts this critical mass will occur. He believes Microsoft's insistence on pushing proprietary DRM methods to promote document security is "a disastrous ploy" at best. "Rhetorically", he added, "it is a strong one, but I am a little skeptical all will succumb, once they realize what the game is (that is, that your interlocutor must also posses your like application, and that it does not really make your file that much more secure, only limits some distribution of it). A better response by [OpenOffice.org] is to come up with a real, honest-to-god secure system that really does make docs secure and, if wanted, limits distribution (e.g., to a select group only), using tools that have been vetted by the open source community."

Dr. Paul Cesarini is an assistant professor in the Advanced Technological Education program at Bowling Green State University, Bowling Green, Ohio. His current research and work focuses on digital rights management and digital asset management, and the slow but steady erosion of fair use in higher education and at home.

Click Here!