I am unabashedly supportive of Digital Rights Management, or Enterprise Rights Management as the sly DRM vendors say, trying to change the non-existent perception that DRM is bad and ERM is good. (It seems to me that any enterprise security professional intuitively understands the value of his/her organization’s intellectual property, so the vendors must want to change the name in order to ‘trick’ the pundits – good luck). Okay, on to the point of this note.
One of the true questions within DRM is at what point does transfer of ownership take place? This point is very clear in situations where the intellectual property is licensed, shared under non-disclosure, or the content is protected in some other way. That is, the ownership is never transferred. Under these circumstances, DRM is a no-brainer.
Things get a bit more difficult with communications like email messages and instant messaging. Should we be allowed to "takeback" an email message after a period of time? What if it is a mistaken email like the one sent out the other day? Again, I err on the side of protection against stupidity and mistakes first (my own, in particular ). It isn’t nearly as clear-cut to me, though, and it will be interesting to see how these controls develop.