The day is coming soon when you'll open an e-mail from a colleague and discover you don't have the right to print it, forward it or copy it. And maybe you won't even have the right to read it.

In October Microsoft is scheduled to release the client and server components of its Rights Management technology, including Information Rights Management (IRM) "awareness" built into Office 2003 applications . While Microsoft has been talking about its RM strategy for almost a year, many people remain unaware of it. And that's a problem, because your rights are definitely at stake.

What IRM does essentially is to allow the user to embed usage restrictions within a document or e-mail. The content creator can designate who gets to access the file and what they can do with it, and the restrictions persist even when the file moves beyond the firewall.

I should make it clear that we're not likely to see tons of IRM-protected Word and Excel files circulating the day after Office 2003 ships. IRM is initially targeted at internal corporate use, and a full-fledged implementation of the technology requires both Rights Management client and server software as well as Windows Server 2003. It also requires a dizzying array of CALs (Client Access Licenses), particularly if you want to share IRM-protected files outside of your organization. For instance, even if your organization and your friend's organization are fully licensed for Rights Management internally, you still need an "external connector" license to exchange IRM-protected files.

Sure, IRM has some nice-sounding security features, but there are already plenty of mature solutions for controlling document security within a corporate entity. The real appeal of Microsoft's IRM concept lies in the potential for it to become a widely adopted standard. In other words, it really only gets interesting if and when you can send IRM-protected e-mail and attachments beyond the firewall with some hope they can be read by those you designate. In that regard, Microsoft has said it will provide a "free" (Ed's Rule: There is no such thing as free software from Microsoft) IRM viewer to allow those without Office 2003 to read files to which they've been granted access rights.

How interested will corporate customers be in IRM? With our ever-increasing security consciousness, there's bound to be some real interest in confidentiality-sensitive businesses and professions. Just think of all the people who already regularly append boilerplate language to their e-mail informing you of the usage restrictions they would like you to observe. How tempted are those folks going to be by the ability to actually enforce those restrictions?

Of course, IRM is going to be a lot less palatable when you're on the receiving end. If the sender doesn't trust you to handle their message properly, why are they sending it at all? As it is, spam and viruses are already making many question the viability of e-mail, and a flood of unreadable Microsoft-encrypted messages might be the last straw. There's also the fact that with every download of Microsoft software, you are almost certainly "agreeing" to yet more changes in their license agreements that give away more information about you and what you do on-line.

And then there's the implications for Open Source and other non-Microsoft platforms should IRM become widely adopted. Microsoft officials have said their Rights Management technology is intended to be platform-independent, and there's no question they would like to license it for use in a variety of products besides Windows PCs. But given the licensing fees they want to charge corporate customers to license all the components, we aren't likely to see many IRM-enabled Linux applications in the near, semi-near, and far-near future.

If we forget for the moment that it's Microsoft doing this, I suspect a lot of folks could find things to like in IRM. But it is Microsoft that's doing it, and we know one thing that means: Rights Managment is going to have some serious flaws. After all, the series of security problems that have received so much attention lately are by no means an aberration when it comes to Microsoft software.

But beyond the fact it's from Microsoft, the real problem is that IRM is just DRM (Digital Rights - or Restrictions - Management) with a slightly different name. That it's DRM partially in the control of users won't make it any easier to tolerate the limitations, complexity, bugs, misapplications and outright disasters IRM will inevitably cause. Like DRM, IRM will just make it a little harder to deal with the digital world we live in.

--------------------

Post your comments about this column below or write me directly at Foster@gripe2ed.com. To receive this column every week in my free e-mail newsletter, please go to my subscription page and follow the instructions to opt-in for the EdFoster mailing list.