State Services Commission

Crown Copyright www.ssc.govt.nz

TC/DRM Standards & GuidelinesWhat? Why?

Archives New Zealand Recordkeeping Forum

5 March 2008

State Services Commission

Crown Copyright www.ssc.govt.nz

A little history …

• November 2003 formal advice from SSC

• October 2004 Briefing paper

• 2005 a Steering Committee and a Working Group established

• 2006 Principles & Policies

• 2007 Standards & Guidelines

State Services Commission

Crown Copyright www.ssc.govt.nz

A little more history

• 2003 – Warning signals starting to appear

• 2005 – General media concern over Sony rootkit on Sony CDs

• 2006 – IWGDPT adopts NZ recommendations on TC/DRM Principles and Policies

State Services Commission

Crown Copyright www.ssc.govt.nz

Trusted Computing and Digital Rights Management

• “… are emerging technologies, and their use and development are only beginning to be realised. Their characteristics and functionalities, and the ways that they can be used, are expected to evolve and change significantly over time. “

• “Basic definitions … acknowledged that these are indicative only.”

State Services Commission

Crown Copyright www.ssc.govt.nz

So why all the concern?

• Protections:– Ensure that data cannot be accessed

unless the user’s computer system is operating as expected and has not been tampered with, and

– Enable restrictions on the use of information to be digitally and inextricably bound to the information

State Services Commission

Crown Copyright www.ssc.govt.nz

Benefits & Risks

• Response to threats of malware and hacking

• Response to risks to intellectual property

• Some concern for ease of use for consumer

• DRM itself seen as malware

• “Phone home” features

• Risks to long term availability

• Risks to integrity of government-held information

State Services Commission

Crown Copyright www.ssc.govt.nz

Making it personal

• Who knows what you read in the paper this morning?

• Which pages in that book did you read more than once?

• Where did you pause and re-play that DVD?

• What happened to your favourite recipe in that e-book?

State Services Commission

Crown Copyright www.ssc.govt.nz

Principles & Policies

• Provide the framework

• Deliberately generic– Not defined by NZ laws– Adoptable/adaptable by other

jurisdictions– Flexibility to apply as technologies

evolve

• Potential to influence that evolution

State Services Commission

Crown Copyright www.ssc.govt.nz

Availability &Security Principles

Information Availability PrincipleFor as long as it has any business or statutory requirements to do so, government must be able to:• use the information it owns/holds; • provide access to its information to others, when they are entitled to access it.

System Security PrincipleThe security of government systems and information must not be undermined by use of trusted computing and digital rights management technologies.

State Services Commission

Crown Copyright www.ssc.govt.nz

Confidentiality & Integrity Principles

Government use of trusted computing and digital rights management technologies must not compromise the privacy rights accorded to individuals who use government systems, or about whom the government holds information.

The use of trusted computing and digital rights management technologies must not endanger the integrity of government-held information, or the privacy of personal information, by permitting information to enter or leave government systems, or be amended while within them, without prior government awareness and explicit consent.

State Services Commission

Crown Copyright www.ssc.govt.nz

Policies

• Making the Principles concrete

• 14 Policies – covering for example:– Government must know about

encumbrances, have control over them, and explicitly agree to them

– Government must know about information flows & be able to identify harmful communications

State Services Commission

Crown Copyright www.ssc.govt.nz

TC/DRM Standards & Guidelines

• The practicalities of applying the Principles & Policies

• Standards set out what must be done and Guidelines tell how to meet those requirements

• Managed under e-Government Interoperability Framework

State Services Commission

Crown Copyright www.ssc.govt.nz

Questions?

Lindy Siegertlindy.siegert@ssc.govt.nz

04 495 2854

http://www.e.govt.nz/policy/tc-and-drm

State Services Commission

Crown Copyright www.ssc.govt.nz

Background reading

• Trusted Computing and Digital Rights Management – a case study in new technologies and privacy. Victoria University Human Rights Research Journal v.4, 2006. www.victoria.ac.nz/nzcpl/HRRJ/vol4/Siegert.pdf

• Digital Rights Management Technology and Technology http://www.privacy.org.nz/digital-rights-management-drm-technology-and-privacy/?highlight=siegert

• International Working Group on Data Protection in Telecommunications http://www.datenschutz-berlin.de/content/Europa+%252F+International

• New Zealand: TC/DRM: government use and implications for privacy and FOI. Data Protection Law & Policy v.3 issue10, October 2006