state services commission crown copyright tc/drm standards & guidelines what? why? archives new...
TRANSCRIPT
State Services Commission
Crown Copyright www.ssc.govt.nz
TC/DRM Standards & GuidelinesWhat? Why?
Archives New Zealand Recordkeeping Forum
5 March 2008
State Services Commission
Crown Copyright www.ssc.govt.nz
A little history …
• November 2003 formal advice from SSC
• October 2004 Briefing paper
• 2005 a Steering Committee and a Working Group established
• 2006 Principles & Policies
• 2007 Standards & Guidelines
State Services Commission
Crown Copyright www.ssc.govt.nz
A little more history
• 2003 – Warning signals starting to appear
• 2005 – General media concern over Sony rootkit on Sony CDs
• 2006 – IWGDPT adopts NZ recommendations on TC/DRM Principles and Policies
State Services Commission
Crown Copyright www.ssc.govt.nz
Trusted Computing and Digital Rights Management
• “… are emerging technologies, and their use and development are only beginning to be realised. Their characteristics and functionalities, and the ways that they can be used, are expected to evolve and change significantly over time. “
• “Basic definitions … acknowledged that these are indicative only.”
State Services Commission
Crown Copyright www.ssc.govt.nz
So why all the concern?
• Protections:– Ensure that data cannot be accessed
unless the user’s computer system is operating as expected and has not been tampered with, and
– Enable restrictions on the use of information to be digitally and inextricably bound to the information
State Services Commission
Crown Copyright www.ssc.govt.nz
Benefits & Risks
• Response to threats of malware and hacking
• Response to risks to intellectual property
• Some concern for ease of use for consumer
• DRM itself seen as malware
• “Phone home” features
• Risks to long term availability
• Risks to integrity of government-held information
State Services Commission
Crown Copyright www.ssc.govt.nz
Making it personal
• Who knows what you read in the paper this morning?
• Which pages in that book did you read more than once?
• Where did you pause and re-play that DVD?
• What happened to your favourite recipe in that e-book?
State Services Commission
Crown Copyright www.ssc.govt.nz
Principles & Policies
• Provide the framework
• Deliberately generic– Not defined by NZ laws– Adoptable/adaptable by other
jurisdictions– Flexibility to apply as technologies
evolve
• Potential to influence that evolution
State Services Commission
Crown Copyright www.ssc.govt.nz
Availability &Security Principles
Information Availability PrincipleFor as long as it has any business or statutory requirements to do so, government must be able to:• use the information it owns/holds; • provide access to its information to others, when they are entitled to access it.
System Security PrincipleThe security of government systems and information must not be undermined by use of trusted computing and digital rights management technologies.
State Services Commission
Crown Copyright www.ssc.govt.nz
Confidentiality & Integrity Principles
Government use of trusted computing and digital rights management technologies must not compromise the privacy rights accorded to individuals who use government systems, or about whom the government holds information.
The use of trusted computing and digital rights management technologies must not endanger the integrity of government-held information, or the privacy of personal information, by permitting information to enter or leave government systems, or be amended while within them, without prior government awareness and explicit consent.
State Services Commission
Crown Copyright www.ssc.govt.nz
Policies
• Making the Principles concrete
• 14 Policies – covering for example:– Government must know about
encumbrances, have control over them, and explicitly agree to them
– Government must know about information flows & be able to identify harmful communications
State Services Commission
Crown Copyright www.ssc.govt.nz
TC/DRM Standards & Guidelines
• The practicalities of applying the Principles & Policies
• Standards set out what must be done and Guidelines tell how to meet those requirements
• Managed under e-Government Interoperability Framework
State Services Commission
Crown Copyright www.ssc.govt.nz
Questions?
Lindy [email protected]
04 495 2854
http://www.e.govt.nz/policy/tc-and-drm
State Services Commission
Crown Copyright www.ssc.govt.nz
Background reading
• Trusted Computing and Digital Rights Management – a case study in new technologies and privacy. Victoria University Human Rights Research Journal v.4, 2006. www.victoria.ac.nz/nzcpl/HRRJ/vol4/Siegert.pdf
• Digital Rights Management Technology and Technology http://www.privacy.org.nz/digital-rights-management-drm-technology-and-privacy/?highlight=siegert
• International Working Group on Data Protection in Telecommunications http://www.datenschutz-berlin.de/content/Europa+%252F+International
• New Zealand: TC/DRM: government use and implications for privacy and FOI. Data Protection Law & Policy v.3 issue10, October 2006