Records Management & Information Management, Perth and Western Australia

Home About Us News Services Products Publications
» Articles by Laurie » Presentations by Laurie Varendorff » Other Articles
Information FAQ's Testimonial Partners Contact Us
©2005

Trojan Horse Programs - March 2004

Is this the Records and Archive Management Armageddon?

Abstract

Development by the Microsoft Corporation and IBM of “rights management” software … commentators have nicknamed it the ‘Trojan Horse program” … gives e-mail authors control over their electronic messages after they have sent them, even to the point that the emails may erase themselves. The potential for these self-destructing records has given archives and records managers some sleepless nights, says the author, a records and information management consultant and educator in Perth, Western Australia. Legislators have got to do something, he insists.

Now that we appear to have systemized information deletion outside of our control via the good works of Microsoft and IBM, what does the future hold for Records and Archives Management?

The recent release of Microsoft Office 2003 with its Digital Rights Management (DRM) and Information Rights Management (IRM) features allows the creator/sender of electronic communications to control the printing, forwarding and copying of the message. Additionally and of the greatest importance, the features allow the creator to set a time for the expiration of e-mails, Word, Excel and PowerPoint documents at their, not the recipients’ volition. It raises question like • What is the legality of ownership of a letter, fax or e-mail? • Does the sender own the communication or is the recipient the legal owner?

Not being a legal practitioner I can only pose these questions and one other: is George Orwell's 1984 society finally arriving 20 years late?

If my evaluation of this new facility is correct, in the near future there may not be any records for us end users, records managers or archivists, to manage and retain. If we, as professionals, thought that the introduction of the personal computer was a calamity for records management that precipitated the demise of the registry system in government operations, this new feature could be viewed as Armageddon.

I am troubled over the concept of managing security risks by way of IRM or DRM from Microsoft or the Electronic Media Management System (EMMS) that includes DRM of some sort from IBM.

Storming the Gates

Has hacking now been legitimized? Inclusion of the Trojan Horse program in the commercially available software product offerings by these two IT mammoths would make it appear so.

Legislators in government and business circles along with the records management and the archives profession should be storming the walls, or should that be the “Gates”, of both Microsoft and IBM demanding that this be stopped immediately.

Why?

Because, by including this legitimized Trojan Horse program as part of an electronic communication, the sender may, if it is wished, disallow the recipient’s right to print, forward, copy or retain a business or legally-related electronic communication about a business transaction.

What is this devilish plot? Why are Microsoft and IBM able to legitimize the insertion and distribution of Trojan Horse Programs in their DRM product offerings without a reaction from the legislative community? The software designers just adopting an admittedly useful tool to prevent the abuse of copyright in the music and movie/video industry and migrating it to e-communications without, I am certain, any intellectual evaluation or understanding of the potential consequences.

For an e-mail recipient, a restriction on printing, forwarding or copying of a particular electronic communication may not be a big issue so long as the message can be captured and stored. However, it is potentially very dangerous and I personally have a violent objection to the feature that allows the sender to add what is formally called a “delete/kill, date-time” feature into an electronic communication without the recipient’s knowledge or approval. My belief is that it is tantamount to the sender holding the recipient to ransom. The description of the function alone is enough to raise the hairs on the nape of nervous necks: “delete/kill – date/time”. Heaven preserve us!

Has the use of Trojan Horse Programs the potential to change the course of history? You betcha! If this tool had been in place in the 1980’s, Admiral Poindexter’s “Well done” e-mail to good old Ollie North and other data may not have been there for investigators to discover and the Iran-Contra hearings could not have been as thorough as they were.

Think it through. See the delete, date-time feature repeated hundreds, thousands or millions of times and we will not need historians to document and assess history as there will be no history to assess.

An easy answer

Is there an easy answer to this matter? Sure there is!

Microsoft and IBM plus any other supplier who has this IRM or DRM delete/kill - date/time Trojan Horse program incorporated in their commercial software products must be made to remove the feature immediately.

Software developers who want to make a quick killing could create software able to identify the Trojan Horse program and warn recipients. This would allow recipients to negotiate with the senders to have the program removed. If approval was not forthcoming, it would allow the insidious monster to be overridden and recipients to carry on legitimate day-to-day business activities without a fear of a commercially or legally important e-communication disappearing without consent.

Legislators in both government and business must make provisions to monitor the use of Trojan Horse programs in commercially available software products. These legislators will need to either outlaw the process or somehow safeguard recipients. It is time for legislators and records and archive management professionals to take a stand against this appalling development.

Happy record management into the future! Maybe!

Laurie Varendorff ARMA

The Author

Laurie Varendorff, ARMA, a former RMAA Western Australia Branch president and national director, has been involved in records management for 30 years. He has his own consulting and training business near Perth, Western Australia, and has tutored in recordkeeping and archival storage and preservation at Perth’s Edith Cowan University. Phone: +61 (0)8 9291 6925; mobile: 0417 094 147; email @ Laurie Varendorff

This article was published in the Records Management Association of Australasia - RMAA InfoRMAA Quarterly - IQ MagazineThe Peach Volume 20 Issue 2 May 2004 @ RMAA IQ Magazine Article Archive

This article was published in the Green Sheet Magazine ISSN 1476-3842, Issue 31 February 2005 on page 17 @ The Green Sheet

This article was commented on in the online newspaper USAToday.com available @ USAToday.com on the September 22, 2004 in an article by Eric J. Sinrod titled: The legal implications of self-destructing e-mail.

The USAToday.com article - The legal implications of self-destructing e-mail - was picked up by legal websites internationally and redistributed @ the Duane Morris LLP website and the Other Law Blogs and the NETLAWBLOG Internet Tools for Lawyers and the e-evidence info @ The Electronic Evidence Information Center and the TRUSTe ADVOCATE and the MIRLN -- Misc. IT Related Legal News [September 2004; v7.12] and the BestTechie.net Forums::Open::On The Web and by other parties.

This article was reproduced in the ARMA Atlanta Chapter Newsletter The Peach Volume XXXIX, Issue 1 September 2004 @ atlantaarma.org

This article was listed in The Victorian Governments eGovernment Resource Centres - Information Technology Section updated 4 February 2005 The eGovernment Resource Centre of the Victorian Government - Information Technology Section

The author, Laurie Varendorff of the Varendorff Records Management Consultancy - TVC - Helping clients manage their e-World gives permission for the redistribution or republishing of this article by individuals and non profit professional organisations without cost based on the condition that he as well as the URL of the article are recognised at the introduction of the article when redistributed or republished.

SPECIAL NOTE: Use of this article by publishers, commercial, government, or educational organisations requires a financial agreement to be negotiated with Laurie as the copyright holder for this work.