Windows Rights Management Services:
Protecting Electronic Content in Legal Organizations
Microsoft Corporation
Published: October 2003
Updated: April 2005
Abstract
This white paper discusses the role of Microsoft? Windows? Rights Management Services (RMS) for Windows
TMServer 2003 in the legal environment. Windows RMS is information protection technology that works with RMS-enabled applications to help legal organizations better control and protect their digital information from
unauthorized use.
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.
? 2005 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
Contents
Introduction ............................................................................................................................... 1 Situation .................................................................................................................................. 1
Scenario 1 – Ensuring Attorney-Client Privilege .................................................................... 1
Scenario 2 – Ensuring the Secrecy of Negotiations ............................................................... 1 Extending Protection Beyond the Firewall ................................................................................ 2 What Is Windows Rights Management Services (RMS)? .......................................................... 2 Flexible Information Protection ................................................................................................. 3 Creation, Enforcement, and Consumption of Protected Information ..................................... 5 Creating Rights-Protected Information...................................................................................... 5 Enforcing RMS Protections ...................................................................................................... 5 Consuming Rights-Protected Documents ................................................................................. 5 Protecting Your Organization’s Interests .................................................................................. 6 Benefits ................................................................................................................................... 6 What Can RMS Do for Legal Organizations? ........................................................................... 7
Increased Confidentiality ...................................................................................................... 7
Increased Productivity .......................................................................................................... 8
Improved Time Control ......................................................................................................... 8
Streamlined Court Documentation ........................................................................................ 8 Reduced Risk .......................................................................................................................... 8 Improved Audit Capabilities...................................................................................................... 9 Summary ................................................................................................................................. 10 System Requirements: ........................................................................................................... 10 Related Links ........................................................................................................................... 11
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
Introduction
Today there exist countless ways to protect physical networks and information assets—from perimeter
firewalls and intrusion detection systems to data encryption and sophisticated password protection
systems. While each of these systems plays an important part in preventing unauthorized access to
information, they are limited to controlling access to a file inside the network or the secure transport of a
file to a recipient outside the network. They do not protect a file from unauthorized usage by an
authorized recipient. A Microsoft Office Word 2003 document containing information protected by
attorney-client privilege may be housed in a highly secure data repository, but there is no protection for
that document if someone distributes a copy of it to an external recipient via e-mail, removable media,
or by printing it out. While secure Web access can prevent unauthorized users from accessing Web-
based information, current security features do not prevent that user from unauthorized copying of the
information and sharing it with others. And once that information—be it a document, a utility, or an
executable file—moves outside the protection of the secure network, anyone can do with it what they
will, and the owner’s ability to control that information is lost. RMS protects a file from unauthorized
access and unauthorized usage both inside and outside of the firewall.
Situation
Legal firms constantly work with sensitive and privileged information. Trial lawyers prepare strategies
for the defense or prosecution of cases, and they do not want unauthorized individuals obtaining
information that could prejudice the trial. Other lawyers prepare wills and trusts, documents that need to
be kept private until such time the instrument must be exercised. Still other lawyers create contracts,
mediate complex business deals, and provide advice to individuals and businesses about the legal
ramifications of an action.
Scenario 1 – Ensuring Attorney-Client Privilege Many businesses will route documents for review to their legal team. Once the team has received the
document, it is protected under the laws governing attorney-client privilege. But that protection is largely
a formality. If someone were to obtain an electronic copy of the document, it is likely that that person
could open the file, read, and even revise the document. That person could print the file and or send it
as an e-mail attachment—and soon the contents of the document are no longer private at all. This
could have disastrous consequences for the business that created the document and for many others
as well.
The need to protect documents covered by attorney-client privilege can hardly be limited to documents
created in a business setting. This same need pertains to settings where an attorney’s client is in prison,
working through plans for a trust, setting up a new business venture, or virtually any other setting
involving an attorney and a client. These materials must be protected, but there are many ways in
which this protected information can fall into unauthorized hands.
Scenario 2 – Ensuring the Secrecy of Negotiations Consider the case where a law firm is working on a merger or an acquisition for a company. Both sides
in the deal need access to sensitive financial and business information, but each side needs to be able
to control the degree to which this sensitive information is shared. While the legal team from the
acquisition target may prepare a Word document containing sensitive financial and business details,
Windows Rights Management Services: Protecting Electronic Content in Legal Organizations 1
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
they want to make sure that these details stay within a narrow circle of business managers and legal
advisors at the company considering the acquisition. Yet if the document is sent in a hardcopy form,
they can be sure that a secretary within the acquiring company will make copies of it to distribute to the
appropriate executives. Those copies could later end up in an recycling bin that is not headed
immediately for the shredder—and could then end up in the hands of any number of individuals who
have no business seeing this information. If the legal team sends the document by e-mail or on a floppy
disk, there are opportunities for the recipient of the document to forward it to the appropriate readers—
as well as to others who may not be authorized to view the content. The file on a disk could simply end
up somewhere outside the organization, where the acquisition target has no control over the
information whatsoever.
Extending Protection Beyond the Firewall
RMS changes all that. RMS helps organizations protect digital content (business files such as e-mail,
documents, etc.) from inappropriate access, even after it is shared or distributed. Applications that are
RMS-enabled allow the author to stipulate a set of rules—or policy rights—that govern how the
information may be used, by whom, for how long, and so forth. Protection is achieved through industry
security technologies, including encryption, XrML-based certificates, and authentication.
Simply put, RMS gives organizations a mechanism for protecting electronic information even when it
leaves the confines of the secure network. Information can be rights-protected so that only individuals
with specific credentials named by the file author can view it, and no one, inside or outside the
organization, can view or manipulate that information without the author’s permission. This greatly
reduces the risk of an information leak. It gives IT administrators and information owners a level of
protection that extends beyond the perimeter of the secure network. It brings control to an area that has
historically been beyond their control.
What Is Windows Rights Management Services (RMS)?
Windows RMS is information protection technology that works with RMS-enabled applications to help
safeguard digital information from unauthorized use. RMS combines Windows Server 2003 features,
developer tools, and industry security technologies–including encryption, XrML-based certificates, and
authentication–to help organizations create reliable information protection solutions for their valuable and sensitive business file content.
The Windows RMS solution requires:
? Windows RMS for Windows Server 2003
? RMS client application programming interface (API) for Windows clients (Windows 98 Second Edition
and later)
? eXtensible rights Markup Language (XrML), a powerful rights expression implementation of the
eXtensible Markup Language (XML) for the integration of powerful digital rights technology
? RMS client and server software development kits (SDKs) that enable Windows-based client and server
applications to become ―rights-enabled‖
RMS is a premium information protection service of Windows Server 2003 and is responsible for all
machine activation, licensing, enrollment, and other administration-related activities. The creation and
consumption of RMS-enabled documents is the responsibility of RMS-enabled client software such as
Windows Rights Management Services: Protecting Electronic Content in Legal Organizations 2
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
the Microsoft Office 2003 Editions, or an RMS-enabled browser such as Microsoft Internet Explorer with
the Rights Management Add-on (RMA). RMS allows users to apply information protection with great
ease and efficiency from within their customary software environment. Any Windows platform
application can work with the API in the SDK to support RMS. RMS must establish a trust ecosystem,
where a PC, user, application, and server are all integral and trusted components. This trust is
established and validated through the use of XrML certificates for each component. Every PC must
receive a ―Machine Certificate‖ and RMS ―lockbox‖ to become ―trusted‖ and each user must receive a
Rights Management Account Certificate (RAC) to be recognized by RMS. Additionally, each user must
have a Client Licensor Certificate (CLC) if they wish to publish rights-protected content on their machine
without a connection to RMS.
1RMS-enabled client software also works closely with Microsoft’s Active Directory? directory services
technology, a component of the Microsoft Windows Server operating system, to identify users and
distribution groups and to assist in assigning/enforcing access and usage rights. Through the use of
Active Directory roles and group policies, information managers can create a wide range of distinct user
communities, each of which can have different information access rights.
RMS deployment is straight-forward and demands minimal resources. Organizations can roll out RMS
across the network by using, for example, Microsoft Systems Management Server. Users do not need
to have administrative privileges to active RMS on their desktops, nor do they need access to the
Internet.
Flexible Information Protection
RMS capabilities can also be employed at a much more granular level. For example, an organization
may create a report that contains both sensitive and non-sensitive information. Non-sensitive sections
of the report could be rights-protected to be accessible to a broad audience, while sensitive sections 2could be made accessible only to a select group of users. RMS even enables an organization to create
documents with multiple authorized user communities—so different recipients of the same document
file can be assigned different usage rights.
Information managers can use RMS to control which recipients can view a file and what they can and
cannot do with the information they are authorized to view. For example, an individual may be
authorized to view a Word document. However, because of the way that the author has defined the
rights, one individual may be unable to cut, copy, print, e-mail, or save/save as from a document, while
another has only the rights to save and print. The familiar Alt+PrtScn capability is also disabled by RMS,
although an authorized user with malicious intent could capture and reproduce the essence of the
information through the use of an ―analog attack,‖ such as the use of a digital camera, pen and paper,
or voice recorder. Of course, those users must first be authorized with at least ―View‖ privileges by the
author of the file in order to open it. This risk highlights that RMS is not intended to be a 100-percent
bulletproof solution, although it will help to eliminate accidental leaks of information. Rights-protected e-
mail messages may be non-forwardable and non-printable if the author so chooses. Rights-protected
documents of any kind can even be set up for time-restricted access—and after that author-defined
period of time has elapsed, the files can no longer be opened as the ―use license‖ will have expired.
1 RMS requires Active Directory 2000 or later. 2 The Rights Management Client SDK offers this section-specific Rights Management capability; however the implementation must be done by the ISV or the Solutions Integrator. It will not be available with Microsoft Office 2003 Editions.
Windows Rights Management Services: Protecting Electronic Content in Legal Organizations 3
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
This helps assure that only the latest version of a document is available since all of the older versions
will have expired and cannot be opened any longer.
Windows Rights Management Services: Protecting Electronic Content in Legal Organizations 4
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
Creation, Enforcement, and Consumption of Protected Information
The creation, enforcement, and consumption of rights-protected information involve separate but
related steps and technologies.
Creating Rights-Protected Information
Using RMS-enabled application software—such as Microsoft Office 2003 Editions—to create rights-protected information is as easy as clicking the new ―Permissions‖ button in the toolbar. It is also
possible to create rights policy templates in which usage rights are pre-defined and published as
templates by your RMS administrator. Templates make it very easy for authors to assign rights to their
files. Users simply choose the correct template (for example, ―Company Confidential‖ or ―Project Team-
Only‖) from the File/Permissions drop-down menu, and the appropriate access and usage rights are
automatically assigned to the authorized users in the background. Template creation will be done by
the RMS administrator and is a simple process of checking boxes, choosing individuals and/or Active
Directory distribution groups, and naming and saving the templates. Templates are stored at the RMS
server for easy updating by the RMS administrator and are distributed to the client applications via
group policy, a script in Microsoft Systems Management Server 2003, or a similar method. Each RMS-
enabled application will display the list of templates available to the authors.
Enforcing RMS Protections
Applications using the RMS SDK become ―RMS-enabled applications‖ and can communicate with RMS servers. An RMS-enabled application can publish rights-protected information using a publishing
license that the application binds into the document file via either 128-bit AES encryption or 56-bit DES 3encryption. Microsoft Office 2003 Editions use 128-bit AES encryption. If the author has the Client
Licensor Certificate (CLC) on their PC, they may publish rights-protected information offline, without a
connection to their RMS server. The recipient merely double-clicks to open the file, and a request for a
use license is made to RMS. RMS checks the publishing license to see if the recipient requesting a use
license has been granted rights and, if so, which rights were granted. It uses Windows authentication to
validate the user, issues the use license, and the RMS-enabled application enforces the rights
expressed in the publishing license as defined by the content author. If the entity to which the rights are
granted is an Active Directory distribution group, RMS will call upon Active Directory to do group
expansion and validate that the individual requesting a use license is a current member of the named
group. If so, the license will be granted and the rights will be enforced according to the author’s wishes. If the user is not a group member, then the request will be denied and no use license will be granted.
The file will not open.
Consuming Rights-Protected Documents
To consume rights-protected documents, a user must use applications that have been RMS-enabled,
such as the Microsoft Office 2003 Editions (specifically core programs Microsoft Office Outlook? 2003,
Microsoft Office Word 2003, Microsoft Office Excel 2003, and Microsoft Office PowerPoint? 2003).
Earlier versions of Office System programs can neither create nor consume rights-protected content by
themselves, but users with the Rights Management Add-on can consume protected information with the
3 The RMS SDK offers the application developer a choice of using either 128-bit AES or 56-bit DES encryption.
Windows Rights Management Services: Protecting Electronic Content in Legal Organizations 5
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
rights enforced. Microsoft is proactively working with independent software vendors (ISVs) and solution
integrators (SIs) who are interested in RMS-enabling their solutions. Any application that writes to the
Windows RMS client APIs can publish and enforce rights-protected content. Individuals who attempt to
access rights-protected information without using RMS-enabled applications will find that they cannot
access the rights-protected information at all. If they attempt to crack into the file through some other
means, they will see nothing but screen garbage.
Protecting Your Organization’s Interests
It is important to note that, in the event a file author or owner becomes incapacitated or is terminated,
RMS provides a license safety net through its ―Super Users‖ feature. During deployment, the RMS
administrator will set-up Super User privileges for a highly-trusted group of people. This group will have
the highest level of rights and will automatically have full-access use licenses to all files licensed by
RMS. While this feature would rarely be used, it protects an organization’s intellectual property and
information integrity when an unexpected situation arises. The Super Users feature is also valuable
during an audit, when responding to a subpoena, or while conducting an in-house investigation. We
recommend that organizations use standard security best practices for deciding who should be given
this level of access.
Benefits
RMS provides organizations with an easy-to-use rights management solution, augmenting their security
strategies by providing protection of information through persistent usage policies, which remain with
the information no matter where it goes. RMS can be used for all types of digital business information,
including e-mail, database-backed dynamic content, documents, and presentations. It enables the
enforcement of policies such as print restrictions, ―do not forward,‖ permissions expiration, the optional requirement of new licenses every time a user opens a rights-protected file, and other corporate
policies. RMS is designed to leverage existing infrastructure investments by using Windows
authentication and Active Directory for discovering services within the environment.
Windows Rights Management Services: Protecting Electronic Content in Legal Organizations 6
TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper
What Can RMS Do for Legal Organizations?
In today’s global marketplace, lawyers frequently work across great distances with other lawyers
outside of their firms or organizations—often across state lines and country borders. Lawyers are aware
that when they use the Internet, it is not a secure transmission. In effect, e-mail is a postcard, and the
attachments are open books.
Until now, it has been quite difficult to protect electronic information from falling—either accidentally or
by design—into inappropriate hands. Law firms around the world are forced to rely on the trustworthiness of the individuals who come in contact with sensitive information. And while it is
important that a firm be able to trust its employees and those with whom it has a formal legal
relationship, it is also important that a firm have tools to enforce policies governing access to sensitive
information.
Windows RMS provides a mechanism to reduce vulnerabilities throughout the flow of information within
the legal process. Consider how RMS can reduce the vulnerabilities in the scenarios outlined at the
beginning of this paper:
? Any Word document containing content deemed to be protected by attorney-client privilege can be
protected using an RMS-enabled application. The author could restrict the document so that no one but
the attorney and the client could view the sensitive content. If someone outside the firm were to acquire
the file, they would be unable to view the content—even if they were to try to open the file on a system
over which they had complete control. RMS could be used to restrict file access to a small legal team,
and privileges could be set up so that only certain members of the team could edit or save changes to
the document. Other members might be able to view the document but not print or share its contents
with anyone.
? RMS could be used in a similar fashion to protect information associated with a proposed acquisition.
The legal team in the acquisition target could use Microsoft Office 2003 Editions to prepare the Office
Word and Office Excel documents with all the financial and business details and then use RMS to limit
access to the content to certain specified executives at the company proposing the acquisition.
Regardless, then, of whether the document was sent on a disk or through electronic mail, RMS would
not allow any other users to view the protected content. The legal team at the target company could use
RMS’ time-expiry functionality to place a time limit on access to the information in the file, expiring the
use license of a file on a specific future date. Although the file remained in the hands of the executives
at the company proposing the acquisition, no one at that company could view or use the sensitive
information after the time expiration of the RMS ―use license.‖
Increased Confidentiality
RMS enables attorneys to send confidential documents back and forth via e-mail in a way that reduces
the risk of the information ending up in the wrong hands. In addition to facilitating work with outside
4counsel, RMS also enables lawyers to route confidential communications within their organizations and, 5in a limited way, to their external clients. This could be an enormously beneficial security program for
4 Note: There are several RMS deployment issues to work through with inter-organizational RMS support. 5 While RMS is intranet-focused, there will be trusted third-party organizations and individuals who can facilitate Internet-based implementations such as extranet deployments or third-party hosting services. Please contact Microsoft for more information.
Windows Rights Management Services: Protecting Electronic Content in Legal Organizations 7