Standards Publishing and the Security of the Resulting Documents
The certification of individual companies and their products does not come easy. As company proprietors will tell you, it is a process that involves time and money to get those credentials. It also helps to regulate the product quality people consume every day in today’s consumer culture.
The first step in getting certification is usually paying for the certification, for example a certificate in the ISO series. This is generally followed by the standardizing or certification body providing training and the standards required to officially get that badge of quality. After a considerable period, allowing the company in question to incorporate the standards into their day-to-day routines, there is an inspection. This ascertains whether everything is up to standard and the certification is awarded as a result.
As you can probably guess, the creation process for these standards and the training materials take time and money. This money is remunerated to the standardizing body when the companies that need the certification pay for it. Remuneration can also be in the form of membership fees for informal standardization bodies. Unfortunately, the standards bodies can all come crashing down if they do not get reimbursed for their role in creating the standards and certifying other companies. With that, product quality would reduce significantly.
In today’s world, these standards are relayed electronically through PDF documents as that is the only format that will allow consistency of print and view format across devices. But, electronic distribution brings about a lot of contention, as it may enable unlawful distribution by parties other than the distributing bodies. For example, an individual can get access to a standards file and can post it on a torrent website, making that information available to everybody. If this happens often enough, the collapse of the standards body would be inevitable.
So, the documents created by the certification bodies need to be protected. Most people without sufficient knowledge on the matter may give suggestions such as, “Just add password protection to the files”. This is not an adequate solution. Password protection means giving the users the same level of control as you have and so they can do anything with the file as long as you give them the decryption key. The result could be that the file could still end up on a torrent site.
Instead, to protect the documents, you would need continuing controls, even after the distribution of the documents to the bodies that paid for the certification. DRM which uses proprietary document viewers are ideal in this regard. The benefits of such DRM systems could be as follows:
- Copying options disabled – The “save” and “save as” options are disabled, leaving the user with only the copy you give them.
- No password weakness – Passwords have one major flaw in that they can be readily shared. If you remove the password and hide the decryption key from the user, the user will have nothing to share. This is precisely what a good document DRM system does.
- Dynamic watermarking – A watermark could be added dynamically every time a user opens a document. Their details will then be displayed on the document, whether it is in print form or on screen. In print form, the watermark could help prevent photocopies. On screen, it could discourage the users from taking photos or using screen grabbers.
- Limiting printed copies – Standardization bodies will likely get a breakdown of employee numbers before they take on the challenge of training them on the standards. Therefore, estimating the number of copies to be allowed should be easy to do and reduces the chances of a document straying into the wrong hands.
- Time management – Both the training and evaluation should be done promptly. This necessitates options like limiting how many times a user can open the document, setting an expiry date for the training, and even setting a date for the evaluation.
A document DRM system should allow for both online and offline use to allow for a little flexibility, while still enforcing the controls put in place. As for offline use, it necessitates that a copy of the file should stay on the user’s computer. As long as the DRM is in place, that should not be a problem.
Another approach to offline use is loading the document onto a USB disk. It allows you to load all the information, including the viewer, documents which you deem do not need any controls, and those documents that you feel need strict use guidelines, onto one drive.
Standardization bodies need to ask themselves whether they are doing all they can to ensure their longevity. DRM use is a critical step in this process. And, since this technology is already available, there is no reason not to make the most of it.