Receiving Information
This section provides standards and guidelines for use when agencies are receiving digital information. Any information an agency receives could come with TC/DRM encumbrances, or packaged with TC/DRM software (e.g. DRM-protected music CDs). Receipt of such information generates risks for the integrity of government information. Therefore this section is oriented around detection, and applies to all situations where government receives digital information.
1.1 Detecting TC/DRM encumbrances and functionality
Guideline
Detecting DRM encumbrances
In order to comply with Policy 1, Informed consent to externally-imposed digital encumbrance, agencies will need to be able to detect the presence of DRM encumbrances when receiving information.
It is likely that DRM encumbered information will be encrypted. Any DRM system that doesn't encrypt encumbered information would be easy to circumvent.
File readers and content filters can read the vast majority of file types, so if such readers or filters cannot read a file, the file is probably encrypted. If information is encrypted, then it could be because of a DRM encumbrance. If a program can read encrypted information but can't save it in unencrypted form, then it is almost certainly encumbered.
Agencies can use the following decision logic to assess whether information is encumbered with DRM:
| Is it a file type known not to support DRM? | |||
| Yes Assume no DRM |
|||
| No (it is either an unknown file type, or a file type that may support DRM) Is it encrypted? |
|||
| Yes Is it planned encryption, e.g. scheduled data interchange,session-type activity? |
|||
| Yes Either no DRM issues, or agency has already given informed consent. |
|||
| No If the file can be decrypted but can't be saved in decrypted form, then it is almost certainly encumbered. |
|||
| No Assume no DRM |
|||
Some DRM systems could store encumbrance details in a non-encrypted Rights Expression Language (REL) wrapper 1, for which there are published standards such as ISO/REL and ODRL. An agency can use the information in an REL wrapper both as a confirmation of the presence of an encumbrance, and also to obtain the actual details of the encumbrance.
Standard
Requirement for contractual declaration of DRM features
When information is supplied to a government agency under a commercial arrangement, there must be a legally enforceable document signed by the vendor stipulating all and any DRM features on the information being passed. If information is stated to be unencumbered, this should be checked by the agency and if found to be encumbered, it should be treated as a breach of contract and penalties enacted.
Rationale
It will not always be easy for an agency to check for the presence of DRM encumbrances, as there is no universal technical standard for confirming their presence or absence. Thus the onus should be on vendors of such information to advise its nature.
This standard supports Policy 1, Informed consent to externally-imposed digital encumbrance.
1: An REL wrapper is a data structure that 'wraps' around other data in the file, and expresses the digital rights and restrictions associated with that data.
[ Back | Next ]
