Confidential Data Control

What we really needed instead of DRM

In the earliest days of building the Web, people working in the networked hypertext community criticized it for lacking support for several features Ted Nelson has decreed to be essential. These included indexing and search but the biggest show stopper for them was that there was no guarantee that hypertext links would point to a valid document.

Leaving these difficult to implement features out of the core Web specifications entirely allowed a design that was simpler and more flexible than its rivals. In time, the lack of a native search function led to a highly competitive market to develop Web search engines, eventually leading to the development of the Google page rank system and its many imitators.

I believe that we are at a very similar situation with DRM and CRM systems. In the early 1990s there was a lot of interest in developing mechanisms to 'protect' copyright content from 'theft'. There were many problems with these systems in their intended field of use and so many were rebadged as 'Content Rights Management' systems that corporations were to use to protect their digital assets.

Thus far, CRM has been even less successful than DRM as the spate of breaches at the US State department, NSA, CIA, etc. etc. demonstrate. One of the core problems being that they are trying to solve two problems:

These are both important problems but there is absolutely no reason we should insist on the solution to the first being joined to the second. Meeting the first problem only requires software. Meeting the second requires a hardware approach.

A better way.

Confidential Document Control, is a subset of the Content Rights Management problem that allows control of the initial distribution of controlled documents but does not attempt to control redistribution of documents by parties authorized to receive them.

A CDC application running on a trusted platform may restrict what the user is allowed to do with a controlled document and the CDC protocols may provide features that allow an application to advise a service that this is a feature it supports. But the problem of how an application can enforce those restrictions or assure the service that it will do so are very complex and well outside our problem scope.