Skip to content.
|Networking government in New Zealand.
You are here: Home » Policies » Trusted Computing & DRM » Principles and Policies » Summary of Principles & Policies

Summary of Principles & Policies

Information Availability Principle

For as long as it has any business or statutory requirements to do so, government must be able to:
  • use the information it owns/holds;
  • provide access to its information to others, when they are entitled to access it

Information Availability Policies

1. Informed consent to externally-imposed digital encumbrance

Any information that is relied on for execution of public business must be free from encumbrance by externally-imposed digital restrictions, except with the informed consent of government.

2. Conditions for externally-imposed digital encumbrance

If information is required for execution of public business, and is externally encumbered:

  • the agency must have full knowledge of the rights when consenting to the encumbrance;
  • the agency must be notified that an encumbrance exists, and be able to easily view the rights, at each use;
  • the rights must be fixed, except by mutual consent of the agency and the rights-holder
  • the rights assigned must be adequate for the uses of the information, including use by officials with responsibilities to audit and review.

3. Control of digital encumbrances

Any DRM encumbrance applied to the government's master copy of any information it owns, must be under the government's full and exclusive control.

4. Usage by all legitimate parties

When implementing solutions involving TC/DRM, agencies will ensure that adequate provision is made for the use of any information, at present and in the future, by all parties with statutory rights to use that information.

5. Assurance of future accessibility

If agencies' use of hardware or software can be limited by TC/DRM technologies, and access to information is reliant on that hardware or software, then agencies will take appropriate measures to ensure future accessibility of that information.

6. Minimum constraint on usage

Agencies will apply digital encumbrances to information only if there is a clearly identified business reason for doing so, and will apply only the minimum necessary degree of constraint.

7. Common privilege definitions

Agencies protecting information with TC/DRM encumbrances will use a common set of digital rights definitions, to ensure that access requirements are met consistently.

8. Independent usage capability

Agencies will apply TC/DRM restrictions to information only if a means to take full control of the access rights is vested in a designated independent government agency.

9. Modification/deletion by hardware/software

Agencies must not operate hardware or software with functionality that could modify, or hinder access to, information held by government, without explicit government approval.

Information Confidentiality and Integrity Principles

Government use of trusted computing and digital rights management technologies must not compromise the privacy rights accorded to individuals who use government systems, or about whom the government holds information.
 
The use of trusted computing and digital rights management technologies must not endanger the integrity of government-held information, or the privacy of personal information, by permitting information to enter or leave government systems, or be amended while within them, without prior government awareness and explicit consent.

Information Confidentiality and Integrity Policies

10. Awareness of TC/DRM functionality

When deploying hardware or software, or using information provided by an external party, agencies will take all reasonable measures to ensure that they are aware of the inclusion of TC/DRM functionality.

11. Knowledge of information flows

Agencies must know enough about any information flows into or out from their TC/DRM systems that could involve collection or transmission of personal information, to ensure knowledge and acceptance of:

  • when such events occur;
  • what is collected or transmitted;
  • the purpose of collection;
  • who is collecting the information;
  • who will receive and/or share the information;
  • for how long they will hold the information, and under what conditions; and
  • if applicable, who will amend and update the information and how it will get done.

12. Communications specifications

Agencies will operate a TC/DRM solution only if:

  • a specification is provided that documents the triggers and content of any communications (including attestation and other background communications) that leave from or arrive at the computer, and
  • the solution does not perform any communications that are not described in the communications specification, and
  • any communications that would be unacceptable to government can be 'opted out of'.

The solution should be verified for conformity to the communications specification by a competent authority recognised by the government for this purpose.

System Security Principle

The security of government systems and information must not be undermined by use of trusted computing and digital rights management technologies.

System Security Policy

13. Ability to identify harmful communications

Agencies will reject the use of TC/DRM mechanisms, and information encumbered with externally imposed digital restrictions, unless they are able to satisfy themselves that the communications and information are free of harmful content, such as worms and viruses.


[ Previous | Next ]