Tue - October 21, 2003

Office 2003 introduces an information rights management (IRM) service that works in conjunction with Windows Server 2003. In theory, this service lets an executive mandate that a financial report or sensitive correspondence cannot be shared with others or that it will become unreadable after a certain date. The executive's IRM-protected message is stored only on the company's mail server. When a recipient opens the message in Outlook, the server tells the application whether she is empowered to edit, forward, copy, or print the message. Any unauthorized commands are disabled. If the exec sends a message outside the corporate environment—say, to an authorized user who does not have Outlook or Windows Server 2003—she can only read the message using a free plug-in for Internet Explorer.

Here are some of my questions (chime in if you know the answers!):

1. How secure is secure? It's axiomatic that for every technology, a counter-technology exists or soon will exist. IRM may secure email and documents within the Microsoft Office suite, but it can't prevent a corporate spy from photographing a secured email or capturing it with a screen capture utility. And it obviously can't prevent authorized correspondence viewers from leaving their printouts on a generally-accessible office printer. These facts don't make IRM useless, but they may cause users to overestimate how secure IRM-protected information really is.

2. How helpful is unreadable? One might think that IRM's ability to create messages that become unreadable at a future date would be a blessing. But the same feature could be a curse if: (a) it reduces productivity by compelling recipients to contact the originator of an email if the email must be shared and the originator has intentionally or mistakenly limited forwarding capabilities; (b) it results in confusion by imposing different privileges on different messages in an email thread; (c) it impairs companies' ability to use email to negotiate deal terms or to secure corporate approvals; or (d) it facilitates sexual harassment or a hostile work environment.

3. How unreadable is unreadable? Companies routinely produce documents in response to civil lawsuits and government investigations. Can information rendered unreadable by IRM be recovered for such purposes? If it cannot, exculpatory or otherwise essential documents may be unreadable when their recipients need them. If it can, Office 2003 users may adopt more reckless email habits under the mistaken impression that their emails will self-destruct.

4. Is IRM really optional? Once bar associations and insurers catch a whiff of IRM, you can expect them to analyze carefully whether to recommend IRM to their clients. Preserving the attorney-client privilege requires lawyers to take reasonable steps to safeguard the privilege for their clients. Some state bar associations and malpractice insurers encourage attorneys to encrypt their email communication for this very reason. Will these entities compel lawyers to adopt IRM as well?

5. Won't IRM cost more in the long run? Businesses that want to use IRM features must also run the latest version of Windows Server 2003. Whether this means that costs will rise substantially for companies that use the new document protection and must therefore license more products from Microsoft remains to be seen.

6. Won't this system extend Microsoft's monopoly to the internet? Companies must install Windows Server 2003 before they can take advantage of IRM features. This is good for Microsoft's server sales, but what happens if such sales are wildly successful? If IRM becomes a staple of email communication, then Microsoft alone will control the keys to email rights management and will be able to impose IRM licenses on third parties, or even to offer IRM protection as a for-pay, per transaction service. The result—Microsoft's domination of internet communications—may be more unpalatable than the ills IRM aims to cure.