The latest version of Microsoft鈥檚 hugely successful Office software suite launches on Tuesday, with its most eye-catching feature a new ability to give documents and emails an expiry date.
Experts say the feature should act as a barrier against sensitive information being copied or leaked, but they say it is unlikely to stop any determined attempt.
Office 2003 features new versions of Word, Outlook, Excel and PowerPoint, along with various usability tweaks and new functionality. But the software also comes with the ability to let users control the way other people use the documents they create. This can be used to prevent other people forwarding, copying or even printing a protected email message or document.
Advertisement
鈥淚t should work,鈥 says Simson Garfinkel, a computer forensics expert at Massachusetts Institute of Technology (MIT). 鈥淏ut it could be defeated by a hostile user. There鈥檚 no way you could prevent someone from taking a digital picture of the screen.鈥
Garfinkel told New Scientist that the problem is similar to the one faced when trying to develop copy-protected music formats. Even the most tightly controlled music can be recorded as it is played through a speaker, a problem referred to as 鈥渢he analogue hole鈥.
Time stamp
The rights control feature in Office 2003 depends on having an intermediary computer system with Windows Server 2003 and a software package called Rights Management Service installed.
A protected email message sent between two users is encrypted and the recipient鈥檚 version of Outlook will be told whether that user is allowed to edit, copy or forward the message. A time-stamp can also be applied to make the message unreadable after a certain date.
Other documents that can be stored on a user鈥檚 machine, such as Word files, are encrypted in order to control access. Each user鈥檚 version of Word will access the central server to determine how that person is allowed to use the document.
Early reports described the technology as a self-destruct feature. Others raised concerns that automatically deleting email messages and documents could cause legal problems with, for example, financial regulators who demand by law that all company records are kept.
But Microsoft says the new feature is not designed to remove all traces of a file. 鈥淭he message will still be in various places,鈥 says Mike Pryke-Smith, marketing manager for Microsoft鈥檚 Information Worker Group in the UK. He says the functionality is more about enforcing company policy. 鈥淩ight now you can put 鈥榗onfidential鈥 on a document, but that鈥檚 all.鈥
All traces
鈥淭echnology like this is really about helping people obey security policies, rather than trying to force them, even though it does have that effect on less-technical users,鈥 says Garfinkel.
Computer scientists also say removing all trace of an email message, even one sent within a company, would be extremely difficult.
鈥淚t would not be that tough to erase all traces of an email on a user鈥檚 computer,鈥 says Aviel Rubin a computer security researcher at Johns Hopkins University. 鈥淗owever, it would be much harder to erase all traces of a message on the intermediate servers.鈥