DOC

Windows Rights Management Services Protecting Content in Legal

By Billy Peterson,2014-07-11 09:28
12 views 0
Windows Rights Management Services Protecting Content in Legal ...

Windows Rights Management Services:

    Protecting Electronic Content in Legal Organizations

Microsoft Corporation

    Published: October 2003

    Updated: April 2005

Abstract

    This white paper discusses the role of Microsoft? Windows? Rights Management Services (RMS) for Windows

    TMServer 2003 in the legal environment. Windows RMS is information protection technology that works with RMS-enabled applications to help legal organizations better control and protect their digital information from

    unauthorized use.

    TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper

This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.

    The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

    This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

    Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

    Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

    The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.

    ? 2005 Microsoft Corporation. All rights reserved.

    Microsoft, Active Directory, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

    The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

    TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper

Contents

    Introduction ............................................................................................................................... 1 Situation .................................................................................................................................. 1

    Scenario 1 Ensuring Attorney-Client Privilege .................................................................... 1

    Scenario 2 Ensuring the Secrecy of Negotiations ............................................................... 1 Extending Protection Beyond the Firewall ................................................................................ 2 What Is Windows Rights Management Services (RMS)? .......................................................... 2 Flexible Information Protection ................................................................................................. 3 Creation, Enforcement, and Consumption of Protected Information ..................................... 5 Creating Rights-Protected Information...................................................................................... 5 Enforcing RMS Protections ...................................................................................................... 5 Consuming Rights-Protected Documents ................................................................................. 5 Protecting Your Organization’s Interests .................................................................................. 6 Benefits ................................................................................................................................... 6 What Can RMS Do for Legal Organizations? ........................................................................... 7

    Increased Confidentiality ...................................................................................................... 7

    Increased Productivity .......................................................................................................... 8

    Improved Time Control ......................................................................................................... 8

    Streamlined Court Documentation ........................................................................................ 8 Reduced Risk .......................................................................................................................... 8 Improved Audit Capabilities...................................................................................................... 9 Summary ................................................................................................................................. 10 System Requirements: ........................................................................................................... 10 Related Links ........................................................................................................................... 11

    TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper

Introduction

    Today there exist countless ways to protect physical networks and information assetsfrom perimeter

    firewalls and intrusion detection systems to data encryption and sophisticated password protection

    systems. While each of these systems plays an important part in preventing unauthorized access to

    information, they are limited to controlling access to a file inside the network or the secure transport of a

    file to a recipient outside the network. They do not protect a file from unauthorized usage by an

    authorized recipient. A Microsoft Office Word 2003 document containing information protected by

    attorney-client privilege may be housed in a highly secure data repository, but there is no protection for

    that document if someone distributes a copy of it to an external recipient via e-mail, removable media,

    or by printing it out. While secure Web access can prevent unauthorized users from accessing Web-

    based information, current security features do not prevent that user from unauthorized copying of the

    information and sharing it with others. And once that informationbe it a document, a utility, or an

    executable filemoves outside the protection of the secure network, anyone can do with it what they

    will, and the owner’s ability to control that information is lost. RMS protects a file from unauthorized

    access and unauthorized usage both inside and outside of the firewall.

    Situation

    Legal firms constantly work with sensitive and privileged information. Trial lawyers prepare strategies

    for the defense or prosecution of cases, and they do not want unauthorized individuals obtaining

    information that could prejudice the trial. Other lawyers prepare wills and trusts, documents that need to

    be kept private until such time the instrument must be exercised. Still other lawyers create contracts,

    mediate complex business deals, and provide advice to individuals and businesses about the legal

    ramifications of an action.

    Scenario 1 Ensuring Attorney-Client Privilege Many businesses will route documents for review to their legal team. Once the team has received the

    document, it is protected under the laws governing attorney-client privilege. But that protection is largely

    a formality. If someone were to obtain an electronic copy of the document, it is likely that that person

    could open the file, read, and even revise the document. That person could print the file and or send it

    as an e-mail attachmentand soon the contents of the document are no longer private at all. This

    could have disastrous consequences for the business that created the document and for many others

    as well.

    The need to protect documents covered by attorney-client privilege can hardly be limited to documents

    created in a business setting. This same need pertains to settings where an attorney’s client is in prison,

    working through plans for a trust, setting up a new business venture, or virtually any other setting

    involving an attorney and a client. These materials must be protected, but there are many ways in

    which this protected information can fall into unauthorized hands.

    Scenario 2 Ensuring the Secrecy of Negotiations Consider the case where a law firm is working on a merger or an acquisition for a company. Both sides

    in the deal need access to sensitive financial and business information, but each side needs to be able

    to control the degree to which this sensitive information is shared. While the legal team from the

    acquisition target may prepare a Word document containing sensitive financial and business details,

    Windows Rights Management Services: Protecting Electronic Content in Legal Organizations 1

    TMMicrosoft? Windows? Rights Management Services (RMS) for Windows Server 2003 White Paper

they want to make sure that these details stay within a narrow circle of business managers and legal

    advisors at the company considering the acquisition. Yet if the document is sent in a hardcopy form,

    they can be sure that a secretary within the acquiring company will make copies of it to distribute to the

    appropriate executives. Those copies could later end up in an recycling bin that is not headed

    immediately for the shredderand could then end up in the hands of any number of individuals who

    have no business seeing this information. If the legal team sends the document by e-mail or on a floppy

    disk, there are opportunities for the recipient of the document to forward it to the appropriate readers

    as well as to others who may not be authorized to view the content. The file on a disk could simply end

    up somewhere outside the organization, where the acquisition target has no control over the

    information whatsoever.

    Extending Protection Beyond the Firewall

    RMS changes all that. RMS helps organizations protect digital content (business files such as e-mail,

    documents, etc.) from inappropriate access, even after it is shared or distributed. Applications that are

    RMS-enabled allow the author to stipulate a set of rulesor policy rightsthat govern how the

    information may be used, by whom, f