Manage Learn to apply best practices and optimize your operations.

More questions than answers surround digital rights management

Bits & Bytes: Questions abound about digital rights management. John Weinhoeft takes a look at what you need to ask yourself about long-term content management.

E-mail and document retention issues tend to have more questions than answers. One of the more interesting questions is how to deal with Digital Rights Management (DRM).

In simple terms, DRM is the author's ability to control the use of electronic documents through various means that limit the receiver's ability to read, copy or forward an electronic document. In some cases, it is possible to limit the amount of time a document can be read even by the intended recipient.

While different methods exist to limit the existence of a readable copy of a document or e-mail. Let's assume a method that relies on a third party set of public/private encryption keys which must be retrieved from the third party every time the document is opened. These keys are only kept available for a pre-defined period of time. Outside the pre-defined window, the keys can not be retrieved and the document can not be read.

How will you read this document after the time period has expired? Will the original keys and valid date ranges need to be saved with each document so the discovery system can mimic the original environment? Will a untimed master key be necessary in order to read the documents in the event of a discovery order? Should your business revert to making a hard copy of every e-mail document?

Another possible DRM scheme is to have your e-mail deliver the information via a link to a normally inaccessible web page that is only available for retrieval for a limited period of time and by specific user ID. Will you have to maintain a copy of the web page in addition to a copy of each e-mail referencing it by recipient and userid? How will you keep the valid time periods straight for each e-mail?

Now imagine your business routinely uses one of these methodologies to secure your e-mail and business documents. As an administrator, how will you deal with archival storage of documents you may not be authorized to read? How will you properly file unreadable documents under some document content management scheme? Even using tape, will anyone ever have enough storage capacity to keep multiple copies of these type of files.

Lot of hard questions; no easy answers.

Send me your comments or your answers to these questions at

About John Weinhoeft:

For the past 30-plus years John Weinhoeft has had his hand in the computer industry. He recently retired from designing and managing the State of Illinois' centralized computer systems that served 100 agencies. John has authored and edited a number of analytical books published by Computer Technology Research Corporation. He is, or has been, a member of several computer organizations including the Computer Measurement Group and Central Illinois Personal Computer Users Group.

Dig Deeper on Data storage compliance and regulations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.