Rethinking stored document encryption: Part 2
Having decided yesterday to focus on the problem of preventing the unintentional disclosure allows us to avoid a large number of issues that are certainly intractable without trustworthy hardware and quite probably intractable in any case:
Consider the commonly occuring use case for DRM: Alice and Bob are doctors, Alice sends confidential patient records to Bob who may make use of them himself but must not forward them to Ingrid the insurer.
Designing a system that makes it impossible for Bob to forward the records is a very hard problem. We can imagine any number of ways in which Bob might subvert his personal computer to provide access to an unrestricted copy of the information. And even if the possibility of application tampering, malware or the like are excluded, preventing Bob from printing out the data or using hardware screen capture requires a whole additional level of trustworthy hardware which can in any case be circumvented through use of a digital camera.
But in most cases Bob is not the enemy. Designing a system for Bob to use every day that is proof against attack by Bob is a very hard problem. But designing a system that makes it difficult for Bob to disclose the data unintentionally is much easier.
Rather than preventing Bob from disclosing the record to Ingrid, we would like to achieve the same level of security that is afforded by use of paper records: We will attempt to prevent unintentional disclosure and attempt to mitigate intentional disclosure but accept the fact that we cannot provide an absolute guarantee that Bob will not disclose the records without insisting on security measures that Alice and Bob are both likely to find intollerable.
