Skip to content.
|Networking government in New Zealand.
You are here: Home » Policies » Trusted Computing & DRM » Principles and Policies » Preface

Preface

Introduction

The New Zealand Government Trusted Computing and Digital Rights Management Principles and Policies were developed in 2006 in anticipation of the growing usage of trusted computing and digital rights management technologies. The aim of the principles and policies is to ensure that the use of trusted computing and digital rights management technologies does not adversely affect the integrity (including availability and confidentiality) of government-held information or related government systems.

The Principles and the Policies have been drafted with the intention of universal applicability – to be relevant in overseas jurisdictions as well as in New Zealand. Therefore, requirements or references peculiar to New Zealand (for example, references to New Zealand's Privacy Act) are omitted from policy statements, and are confined to the 'Scope and Interpretation' sections that accompany each statement.

Trusted computing and digital rights management are emerging technologies, and their use and development are only beginning to be realised. Their characteristics and functionalities, and the ways that they can be used, are expected to evolve and change significantly over time.

These technologies promise some advancement for the security and management of information, and many expect their use to become ubiquitous - potentially incorporated within every conceivable type of electronic device.

At the same time, these technologies present challenges and risks to government in the protection of the integrity of government-held information. In response to such challenges, and to mitigate the risks, the New Zealand government has developed this set of principles and policies for the use of these trusted computing and digital rights management technologies.

Trusted Computing and Digital Rights Management - Uncertainty of Definition

The definitions for the terms "trusted computing" and "digital rights management" are still being widely debated. Some definitions focus on specifications for the software and hardware. Some focus on their functionality and what they will do. Others focus on who will have control of the functionalities.

Basic definitions for each of these terms have been included within the glossary to this paper, to provide some helpful context for the principles and policies. But it is acknowledged that these are indicative only.

Integrity of Government-held Information - Certainty of Definition

The underlying tenet for the development of these principles and policies has been the protection of the integrity of government-held information. While the implications of trusted computing and digital rights management have been the catalyst for this work, the focus has been on the obligations and responsibilities of government.

This has enabled certainty in our work in the context of the uncertainty of these emerging technologies. Our aim has been to develop principles and policies that will remain valid regardless of how the technologies may evolve and be implemented.

"TC/DRM" Used Instead for the Purposes of this Paper

The term "TC/DRM" has been used in this paper to refer to trusted computing and/or digital rights management, functioning separately or working together. This does not mean that the terms are considered to be interchangeable: it is acknowledged that trusted computing and digital rights management are distinctly different technologies. However, they each offer some similar risks to the integrity of government held information, and will have the potential to mutually reinforce each other. "TC/DRM" is a convenient term to represent any of a wide range of potential manifestations of the technologies.

The principles and policies reflect the importance to government of its being able to continue to exercise control of its data and computing environments, in order to ensure the integrity of its information. TC/DRM technologies have the potential to enhance or diminish that control, depending on how they may be deployed. The extent to which it may be appropriate for government to make use of these technologies will be a function of the degree of control it is able to continue to exercise, and the consequent risks to the integrity of information it holds. These principles and policies have been developed to support this risk assessment and decision-making process.

The principles and policies will establish a framework within which individual agencies can develop operational practices, appropriate for their own business drivers and statutory responsibilities. Some guidance will be provided through the development of practice notes to assist agencies with this important work.

Framework for Principles, Policies & Standards

Principles…

are fundamental truths, laws or requirements as the basis for reasoning or action.

Principles have the following characteristics:

  • they articulate the basis - the “Why” - of the Policies;
  • they reflect concerns, risks, issues, and emphases;

  • adherence to them is qualitatively assessable.

Policies…

are high-level courses of action.

Each policy statement is accompanied by a scope and interpretation section, and a rationale.

Each policy supports one or more of the principles.

Policies have the following characteristics:

  • they deal with “What” we will do to implement the Principles;
  • adherence to them is qualitatively assessable.

Standards…

generally set out specific, measurable or observable goals that support the policies.

The goals may be behavioural, though they may be implemented by means of systems.

Standards have the following characteristics:

  • deal with “How” we will implement the Policies;
  • adherence to them is measurable or observable.

[ Previous | Next ]