NZ draws line on DRM and trusted computing

New Zealand's lead state-sector authority has drawn a line in the sand to ensure government information security is not compromised by new "trusted computing" and digital rights management (DRM) technologies.The policies, released by the New Zealand State Services Commission (SSC) today, are an acknowledgement of the risks posed by the trusted computing and DRM initiatives being driven by international IT vendors and media organisations.

New Zealand's lead state-sector authority has drawn a line in the sand to ensure government information security is not compromised by new "trusted computing" and digital rights management (DRM) technologies.

The policies, released by the New Zealand State Services Commission (SSC) today, are an acknowledgement of the risks posed by the trusted computing and DRM initiatives being driven by international IT vendors and media organisations.

They also call for new standards and features to be developed and included in trusted computing and DRM systems to meet the needs of international governments.

The policies are designed, the SSC says, "to ensure that the use of trusted computing and digital rights management technologies does not adversely affect the integrity (including availability and confidentiality) of government-held information or related government systems."

The policies are not New Zealand-specific, the SSC says, and other governments are invited to make use of and contribute to them.

"We believe that collaboration between governments is vital to ensure that these technologies develop in a way consistent with government requirements. By agreeing on a common set of principles and policies that reflect their requirements, governments can more effectively influence ICT product vendors to develop standards and features that will meet these requirements, for example a standard for disclosing the DRM restrictions associated with a computer file."

The policies outline basic principles that oppose externally imposed restrictions on access to government information except where government has given informed consent. Government must also have full control of any DRM encumbrance over the master copy of any information it owns.

They also call for a common set of rights definitions and proscribe the use of hardware or software that could modify or hinder access to information held by government. Such systems also cannot compromise information privacy. Agencies must have knowledge about the information flows into and out of such systems.

Trusted computing systems can, broadly, restrict access to information if the client system is not operating properly while DRM restricts access to protect intellectual property.

The SSC is inviting other government, vendors and interest groups wishing to collaborate on the project to visit its Web site.

The "Trusted Computing and Digital Rights Management Principles and Policies" have been developed over the last year by officials from central and local government with input from vendors such as IBM, Hewlett-Packard and Microsoft.