#1 In http://www.extremetech.com/article2/0,3973,906344,00.asp, this article on MS DRM states: "For example, it might be possible to view a document but not to forward or print it."
This is, of course, blatantly false. Of course it can, by using a screenshot, a camera, a cell phone with camera or, simply, human memory. With all due respect, the claim is snake oil. This is exactly what we in IT security must avoid. Insecure statements that create a false sense of security -- not to mention a real sense of angst. This statement, surely vetted by many people before it was printed, points out how much we need to improve in terms of a real-world model for IT security. And that is why, today, IT security failures are causing an estimated loss of $60B/year (ASIS, PricewaterhouseCoopers, 2001). #2 The second shot of snake oil came when some people, without realizing the trap, started to get alarmed by the snake oil shot #1 and started speculating on "the chilling effect that such measures could have on corporate whistleblowers" while others speculated on "another potentially devastating effect", that the DRM could, via a loophole in the DoJ consent decree, allow Microsoft to withhold information about file formats and APIs from other companies which are attempting to create compatible or competitive products -- compatible, that is, with the first shot of snake oil. The good conclusion from all of this seems to be that while humans are the weakest link in a virtuous security system, they can also help break a non-virtuous security system -- DRM snake oil claims notwithstanding. Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]