Home › Applying DRM

Applying DRM

This section provides standards and guidelines for use when a government agency wishes to apply DRM encumbrances to information. It addresses the risks that the encumbrance may result in recipient needs not being met, that DRM could be used for a purpose for which it is inadequate or inappropriate, and that the encumbrance could jeopardise government’s future ability to use the information.

3.1 Meeting recipient needs

Standard

Support informed consent of DRM recipients

Government agencies applying DRM encumbrances to information for supply to another party, whether government or non-government, must provide notification to the recipient of the presence of the encumbrance, and the details of the encumbrance,

If notification is provided through use of a Rights Expression Language (REL) wrapper, the REL must be a published standard, e.g. ISO/REL, ODRL.

Rationale

Government agencies must model the behaviour they require from others, in terms of declaring the presence of DRM encumbrances.

This standard supports Policy 1, Informed consent to externally-imposed digital encumbrance.

Guideline

Recording the link between encumbered copies and the record version

Agencies sending encumbered information to other parties should keep a record of what was provided and the nature of the encumbrance. Agencies should keep a record of the correlation between the sent version and their unencumbered record copy.

Guideline

Requirement to provide future support for use of encumbered copies

Circumstances may arise where an agency has provided an encumbered copy of information to another party. Agencies should make provision to support use of encumbered information for as long as the terms and conditions of access allow. If there are no explicit terms and conditions of access, the access should be supported for as long as the agency retains the unencumbered original. Supporting use of encumbered information will, for example, entail maintaining the servers and certificates required to allow access.

3.2 Is DRM appropriate for purpose?

Guideline

Is DRM appropriate for SIGS 2?

DRM may not be an appropriate mechanism to apply SIGS protections (e.g. ‘sensitive’, ‘confidential’). Agencies should check with the Government Communications Security Bureau as to whether particular DRM solutions are appropriate for a particular kind of use.

3.3 Providing for future access requirements

Guideline

Avoiding potential vendor lock-in

TC/DRM encumbrances could hamper the implementation of digital preservation strategies if they limit permissible management activities for information (e.g. reformatting), and they introduce additional complexity that needs to be managed over time.

Agencies accepting or creating TC/DRM-protected information should:

  • as far as possible, identify future digital preservation requirements, such as migration from data formats that are becoming obsolete
  • determine whether the TC/DRM technology will support these requirements
  • determine whether this locks the agency into a specific vendor’s proprietary solution.

Standard

Ensuring minimum government access requirements are met

Agencies applying digital restrictions to information must ensure that their record copy of the information is unencumbered.

Rationale

Keeping an unencumbered original copy of information as the record copy avoids any risk of TC/DRM-related access problems for other agencies with a requirement (possibly unanticipated) to access the information. It obviates the need for an independent agency to be able to take full control of the access rights, as prescribed in Policy 8, Independent usage capability.

Archives New Zealand will sometimes need to migrate information to a new file format for digital preservation purposes, due to impending obsolescence of the existing format. Having an unencumbered record copy will support this requirement.

This standard supports Policy 7, Common privilege definitions, and Policy 8, Independent usage capability.

2: SIGS – Security in Government Sector, a manual setting out security requirements for government agencies, see http://www.security.govt.nz/
[ Back | Next ]