DRM would have been bad for WikiLeaks.
If it worked, that is.
It does seem to me that discussions of the legality or illegality of what the publishers have done, what the participants in WikiLeaks have done, and of what the individual who allegedly leaked all the information did, are all really of secondary importance. The big issue is this: How is it possible that, with all the smart crypto and security experts at the disposal of the US government, such a large and diverse batch of classified data was made available in plaintext to one person without setting off alarms before it could be leaked? In this day and age, it seems to me that the biggest failure -- and the one that is most likely to go un-punished -- is that the expansion of both the amount of classified data and the number of people with clearances, has clearly and foreseeably exceeded the capabilities of the US government to effectively manage the human and physical elements of the system, but the government hasn't implemented a DRM system. It's not hard to conceive of how such a system would be implemented to provide convenient and reliable access to individual authorized users for specific documents while still providing strong protection for large batches of documents, No... it's not simple by any means, but work on such a system should have started a decade ago.
1. Henning Heinz11/30/2010 04:08:48 AM
Well the problem with DRM in the wild is that it almost always only bothers those who comply to the rules while those who don't just use a DRM free version.
2. John Head11/30/2010 01:10:02 PM
Henning - this isn't a consumer case, its an internal at a very large company. A document DRM solution is pretty much required in the US for companies that are regulated by things such as Sarbanes-Oxley (SOX - finances) and HIPPA (health care). HIPPA has a component where you can go to jail for not taking proper care of patient personal data. There is no reason that those documents couldn't have a DRM statement that requires them to be read on a computer with a hardware component.
In the enterprise, sometimes you have to do what is best for th company and not what is best for the individual user. Reading the IM/emails of the person who leaked the Afghan documents, even a simple DRM system would have stopped him.
3. John James11/30/2010 01:49:55 PM
I heard an interviewer on the radio ask how many people had access to that and similar data. 2.5 million or so.
That's a lot of monitoring to perform to figure out who is the bad apple, and who isn't. I think what is killing them is the scope of the monitoring to be done.
4. Henning Heinz11/30/2010 07:18:51 PM
No it is not a consumer case but I still don't believe that DRM would change much besides that DRM vendors could make some money.
Probably a much better method avoiding information leaks is to just stop recording everything people say, write or do.
Don't get me wrong. I have nothing against implementing DRM in this case. I just don't believe it would change much.