Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Microsoft Spam

E-Mail Controls in Office 2003 443

TiggsPanther writes "The BBC's Technology News reports than the next version of MS Office will include E-Mail controls which should limit way that e-mail messages can be forwarded. Being tied into the Information Rights Management concept, it might be interesting to see how quickly this gets taken up."
This discussion has been archived. No new comments can be posted.

E-Mail Controls in Office 2003

Comments Filter:
  • but but but.... (Score:2, Informative)

    by Anonymous Coward
    the washington post (via msnbc) says dont bother with Office 2003 at all
    http://www.msnbc.com/news/982713.asp?0dm=T15NT [msnbc.com]

    fp?
  • Dialog Box (Score:5, Informative)

    by Infernon ( 460398 ) * <infernon@gmai[ ]om ['l.c' in gap]> on Tuesday October 21, 2003 @08:10AM (#7269554)
    We just received our Office 2003 discs yesterday. I installed Outlook 2003 because the vertical-side-panel-snap-together-do-hicky is pretty sweet.
    If you use the e-mail DRM service(straight from the dialog box):
    - You need a .NET Passport.
    - Your documents won't be sent to or stored by Microsoft.
    - If Microsoft decides to end the trial, you can access the restricted documents and e-mail for at least three months, as long your .NET Passport is active.
    - Microsoft won't decrypt contect protected by the service unless a court order requires it.
    I read something about being able to use DRM within an organization, but that it required running some sort of IRM server. Don't know anything else beyond that though.

    • If Microsoft decides to end the trial, you can access the restricted documents and e-mail for at least three months, as long your .NET Passport is active.

      oh, WELL! ... THAT's good news!

      !!

      NOT

    • Re:Dialog Box (Score:5, Interesting)

      by Saxerman ( 253676 ) * on Tuesday October 21, 2003 @08:17AM (#7269642) Homepage
      At first I thought this was a patch to prevent future email worms, but this is just more DRM management. Besides sounding like the Emperor's New Clothes, for this to work wouldn't your mail client have to query the recipient to make sure they're going to pay attention to whatever rules you apply to your forwarded mail? And, of course, query it in such a way that you can't get a spoofed reply forged to look like a legit MS approved mail client?

      This sounds like that phone plan where you only get the discounted rates if you get all your friends to sign up with the same plan. Except in this case the rates aren't any cheaper.
      • Re:Dialog Box (Score:3, Insightful)

        I don't think that there needs to be a way to query the recipient. Probably this will entail some sort of public key encryption system ala PGP, but unlocked by that ever secure [com.com] .NET Passport instead of something that you control. Included in the encrypted message will be rules that state what the client program may or may not do with the message, including reading, replying, and forwarding. Apparently, the message may also contain a 'self-destruct' order that instructs the client to destroy it's copy if it
    • "I read something about being able to use DRM within an organization, but that it required running some sort of IRM server. Don't know anything else beyond that though."

      Ya: they're working hard on tying the client to the server. For those who are happy with proprietary vendor lock-in, there is a lot to be said for these features. In another one, we were looking recently at ways to reduce the number of email attachments as some people had mailboxes over 2GB. Microsoft are working on client-server integr
    • The impression I get is that for the time being the Passport IRM will be free, though it does seem to imply that they will charge eventually. Within an organization you need Windows Rights Management Server running on 2003 server. I am not sure if this is already part of W3k, or if you have to purchase it. All in all I am not seeing Office 2003 selling particularly well, almost everything new is contingent on you running a pretty heavy amount of the MS stack. People who SA'd their Office licenses will be ha
    • Why pay good money for a dialog box? Does this dialog box merit a change in ALL other apps - Excel, PPT etc? Okay, here's a dialog box:

      Do you think Office 2003 will improve office productivity? (not Office productivity, just your real office)

      -
    • Re:Dialog Box (Score:5, Insightful)

      by Zocalo ( 252965 ) on Tuesday October 21, 2003 @08:29AM (#7269780) Homepage
      Microsoft won't decrypt contect protected by the service unless a court order requires it.

      And there you have it. There is a back door in this here DRM technology, "just in case" of course... So not only is this technology flawed, even by DRM standards, but the necessary tools to circumvent it will be hitting your local dodgy site in 5... 4...

    • What about the rest of Office?

      Microsoft has also tweaked Word, Excel and Powerpoint, though the most obvious change is a new, blue colour scheme.

      Wow, upgrade immediately for useless email DRM and a new blue color scheme! Seriously, Office is pretty much a fully mature product. How long will it be before people realize that upgrading to the new $300 office suit will not enhance their productivity? My company upgraded to Office XP from Office 2000 last year. All I noticed were new annoying "helpful"

    • Re:Dialog Box (Score:3, Insightful)

      by letxa2000 ( 215841 )
      Seems like this is pretty silly. Trying to control what a recipient does with email after you sent it is like trying to reconstruct a nuclear bomb after it detonates. It's too late... it's out there and you really can't say what's going to happen.

      If anything, this may give stupid senders a false sense of security. They may think "Well, since I put limits on this email it will never get out." Right. What about copy/paste? Ok, they probably disable copy/paste in the window context. What about a print

    • Re:Dialog Box (Score:3, Interesting)


      The requirement of a .NET passport account probably means that the key for the decryption is held by MS directly. This is no surprise. However:
      • Can corp customers manage the keys themselves, in essence being their own .NET passport server? I'm unaware if this opportunity exists in the .NET framework.
      • If the answer to the above is yes, would it prevent someone outside the corp network from being able to authenticate against the corp .NET server, and thereby prohibited from reading the email?
      • If the networ
  • The only reason they are doing this to stop the leakage of internal memo's about destroying linux etc. But I assume that employees will still be able to print emails, so its all kind of pointless imho.

    Wang33
    • by Tim C ( 15259 ) on Tuesday October 21, 2003 @08:16AM (#7269618)
      But I assume that employees will still be able to print emails

      Why do you assume that? Why do you assume that the print function will be enabled for protected emails or other documents?

      Now, I grant you that no technological scheme can completely prevent information from being leaked - it can't stop me taking it down with paper and pen, or photographing the screen, etc, but it can at least make it difficult to do. Also, while the photogrpah would be harder to refute, my hand-written scrawl copy of an email could easily be dismissed as a forgery...

      I can see this being very useful for companies and even some individuals, but essentially, there is no technological way of protecting data from redistribution by its intended recipient. It's not going to be as easy as just hitting print, though.
      • it's just another scheme to make life hard for the legit users while they do essentially nothing to those willing to break the rules.

        your photo would btw have the same amount of credibility(? right word?) as your hand written scrawl.

        but i guess he assumes that things could be printed because phb's want stuff to be printed.
        -
        • "your photo would btw have the same amount of credibility(? right word?) as your hand written scrawl."

          And the same credibility as that file on your floppy disk which you _claim_ was an email from Bill Gates. A jury of idiots might be convinced, but anyone can write an 'email' in Notepad and stick Gates' name in the header.

          The amusing thing is that this could actually have the opposite effect to the one intended, by making it harder for PHBs to deny they sent a particular email, since faking DRM-ed Outlook
  • Suitable quote.. (Score:5, Insightful)

    by Karamchand ( 607798 ) on Tuesday October 21, 2003 @08:12AM (#7269579)
    Trying to make bits uncopyable is like trying to make water not wet.
    -- Bruce Schneier
    • Trying to make bits uncopyable is like trying to make water not wet.

      Don't feel too secure. Room 101 CAN make water not wet. The RIAA is kindly preparing you a test suite if you want to give it a try.
    • by squaretorus ( 459130 ) on Tuesday October 21, 2003 @08:26AM (#7269755) Homepage Journal
      I can't wait to tell everyone I know that sending emails like "isnt the boss a dick" and " julie from accounts has nice tits" to each other is now 100% SAFE because of the new Outlook options to stop forwarding.

      Hilarity ensues!
  • by Bandman ( 86149 ) <bandman@gm a i l .com> on Tuesday October 21, 2003 @08:13AM (#7269584) Homepage
    Does it still support copy/paste?

    How about printscreen?
    • just tried it. copy/paste/prtsc are disabled. guess you need to break out the digital camera or run something like vmware.
      • Is print screen disabled if office is not the active/top window? If not, open a small window, leave it on top (out of the way), cap the entire screen and clip what you want.

        If print screen is disabled whenever any office product is running (aka all the time since most users leave outlook running all day), this presents a serious usability issue for the desktop and would make it time to install a 3rd party screen capture app.
  • This has been discussed endlessly already - new DRM features control documents, how they can be saved, printed, forwarded, stored. Yes, it will be possible for documents to "expire" after a certain time, etc. etc.

    How is this news?
  • will be interesting to see how this works with non-MS email clients, esp on non-MS O/S's

    • by guido1 ( 108876 ) on Tuesday October 21, 2003 @08:22AM (#7269699)
      will be interesting to see how this works with non-MS email clients, esp on non-MS O/S's

      As the article stated, "Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003."

      However, since this is squarely targeted at corporate enviornments, I don't forsee this becoming a large problem.

      Sure, it's bad for the end user information wants to be free blah blah blah, but companies want more control over where their information is going, and MS is providing it in this product. Don't want the FY04 budget leaked? Put a do-not-forward flag on it... Sure, you'll be able to screen-cap things, but casual copying will be prevented.

      (We all know that protection can be circumvented by anyone with enough will... This is simply raising the bar for how much desire is necessary.)

      That being said, I won't use it, but I'm sure there are corporations out there that will.
    • Which non-MS clients work as well as outlook? And how many companies use Exchange server and non-MS clients?
  • (click)(drag)(Copy)(launch Mozilla)(Paste)(Send)

    Really, how is this supposed to work? Even if Microsoft suppresses the clipboard for protected documents, I (or any other mildly knowledgeable user) can take a couple of screen captures and then put it into a jpg or pdf to resend. If someone can see the e-mail, there's a way to copy it.

    Ah... so maybe the idea is, *they* sent it, so that it'll be on *my* machine, but *they* retroactively control what I do with it, without specifying up-front. I *knew* SC
  • Using cut and past? Stopping screen capture utilities?

    And when are they going to have the email etiquette checker working? And the filter for bad joke forwarding - thats what I really need.

  • So when will they release details of the encryption scheme used so that non-Outlook mail clients can be used......? I'm not holding my breath.
  • ... they love to set rules and access rights and controls - instead of actually managing employees conscionably and using resources responsibly.

    mostly i imagine this will appeal to the less savory huge corporations who wish to stop seeing their internal memos and severance packages on f*ckedcompany.

    but inevitably, if the information would actually be interesting to someone outside the desired recipient list, it will be shared. to borrow a cliche, 'information wants to be free' - good information anyway.
  • OK I will start out by saying that I don't think that this should be controlled by M$, but I don't think that tying DRM to email is a bad idea. Hell I think it is one of the only good uses of DRM.

    Spam is a huge problem and the only way it is going to be effectively controlled is to change the open nature of email. Putting controls onto who can do what to the email is the next step. You don't always want emails to be forwarded especially if the email is signed from you. The same goes for company internal
    • Spam is a huge problem and the only way it is going to be effectively controlled is to change the open nature of email. Putting controls onto who can do what to the email is the next step. You don't always want emails to be forwarded especially if the email is signed from you. The same goes for company internal emails it is fine them being sent internally but most often they are not for third party use.

      The new DRM features have absolutely nothing to do with spam. How is spam related to your forwarded e

  • Wrong (Score:4, Funny)

    by tbone1 ( 309237 ) on Tuesday October 21, 2003 @08:21AM (#7269689) Homepage
    The days when you could forward an embarrassing e-mail to your colleagues could be a thing of the past.

    Uh, no. Nothing is foolproof because fools are just too damned clever.

  • There's going to have to be a fundimental change in the protocol and how people use e-mail if it's going to ever become remotely secure. Sure, there's always PGP, but how many average users even know what PGP stands for? And I doubt they'll disable both cut and paste and screen capture programs - if someone wants to forward your e-mail bad enough, they'll find a way.
  • First, and slightly OT, but that screen shot makes it look like I had better plan on a 19" monitor or greater. It was a tiny screen cap but the proportions of title bar to window contents make me think Microsoft has given up on the notion that a 15" screen should be usable. (See Also: Visual Studio.NET)

    Anyway, this who "can't forward" thing might have nice side effects. I'd love it if documents on the hard drive could be flagged "do not forward", so my dad would stop pestering me about "what if I get a vir
  • Simple question: (Score:5, Insightful)

    by jkrise ( 535370 ) on Tuesday October 21, 2003 @08:23AM (#7269716) Journal
    Will it improve productivity in my office? Not my Office, but my real office?

    Simple answer: No, it would reduce it.

    Thanks for another useless product.

    -
  • by Schlemphfer ( 556732 ) on Tuesday October 21, 2003 @08:23AM (#7269721) Homepage
    Steve,

    Great having beers with you last night.

    I just got a memo that they'll be laying off 30 people in engineering, starting with Dan. The fucktards have disabled forwarding permissions for it, but drop by my desk on your way to lunch if you want to see.

    Ron

  • Every time a PGP article is posted, everyone here starts panting about how everyone should send signed & encrypted email and how wonderful the world would be, yatta yatta.

    Well, Microsoft did it -- you'll see the amount of encrypted email increase substantially as companies adopt this new version of Office and implement their own identity management servers.

    So what's the big hub-ubb? If you are being investigated, a court order will result in the police getting your GPG/PGP private key anyway, so that
  • by borkus ( 179118 ) on Tuesday October 21, 2003 @08:31AM (#7269816) Homepage
    Since at least version 4 (maybe version 3.0) of Lotus Notes, you could prevent copying, printing and forwarding of a message. Under the delivery options when you're composing a new message, there is an option "Prevent Copying [ibm.com]".

    With notes, you could still grab a screen shot by pressing "Print Scrn", since that's tied into the OS, not the app.
  • the next version of MS Office will include E-Mail controls which should limit way that e-mail messages can be forwarded

    I hope they include a control that prevents email from being forwarded once the subject line contains more than one Fwd: in it.

    I swear, many days I get more "Fwd: Fwd: Fwd: Fwd: Fwd: Fwd: THIS COULD SAVE SOMEONE'S LIFE!" than I do spam. The latest and greatest is the "gang initiation - guy sneaks into a woman's backseat at the gas pump", which I haven't seen making the rounds for a coupl
  • Lotus Notes has long a had a feature to prevent copying or forwarding of messages. With an installed base upwards of 80 million, Notes is one of the most secure e-mail products on the planet, with notable usage among the government and intelligence organizations. Good cryptographic controls are built into the product, so it's easy for individual users to put these kinds of policies in force for their own messages.
  • Worm ? (Score:3, Funny)

    by cwernli ( 18353 ) on Tuesday October 21, 2003 @08:40AM (#7269884) Homepage

    should limit way that e-mail messages can be forwarded.

    But it won't stop Outlook to be vulnerable to any kind of attack, such as a worm which "forwards" itself to everybody in your address book ?

  • The Pentagon announced the return of Admiral John Poindexter and Colonel Oliver North to their staff as lead team for an upgrade of all Pentagon internal mail systems to Outlook 2003.
  • Create a chain mail letter saying this must be forwarded to five of your friends, and set the controls to prevent it from being forwarded.

    Should be good for a chuckle or two.
  • Just turn on text-to-speech features for the blind, capture the output, and then later use speech-to-text.

    If they disable features for the blind, sue Microsoft.

    PROFIT!
  • by pwagland ( 472537 ) on Tuesday October 21, 2003 @08:45AM (#7269931) Journal
    Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003.

    <snip>

    But the programs will only run on a PC with Windows XP or 2000.

    So, what happens when you want to send the e-mail to your family, who run Mac/Win 95/Win 98/Linux/Other Unix Variant?

    Platform lockin anyone?

    Having said that, it is a good idea. But totally non-enforceable without community buyin, and when you have community buyin it is easily circumventible...

    • They won't need it. I do not care what happens the the emails I send home to momo and pop, but I do care about internal memos and sensitive corporate information. If one has a company that stands to loose millions if data is leaked then this is a worthwhile upgrade. Meanwhile if mom and pop back home have windows 9x they won't care to upgrade because the bundled Works suite works just fine, and you won't be sending them a digitally signed, DRMed, encrypted, protected confidential email. If you need to s
      • And what happens if someone sends a non encrypted email that has a self destruct and/or non forwarding flag set on it but the recipient is
        not using Outlook? And don't tell me that'll never happen if the software allows it , of course it will. Its all pointless apart from the encryption since you can never guarantee
        what client the recipient will be using. This is just more blah blah for MS to put on the box when flogging Office to the gullible.
    • So, what happens when you want to send the e-mail to your family, who run Mac/Win 95/Win 98/Linux/Other Unix Variant?

      Then you don't encrypt it. Duh.
      If you want to make a point, be sure you have one to make before trying.
    • So, what happens when you want to send the e-mail to your family, who run Mac/Win 95/Win 98/Linux/Other Unix Variant?

      They use an internet explorer plug-in to read your document. Essentially the same as if you sent a PDF or flash document.

      Or, alternately, you can just turn the darn thing off for that message.

      As for it being "easily circumventable"--while you'll always be able to pick up a digital camera, they can (at least on Windows) block the text-select and print-screen functions, which will easily t
    • totally non-enforceable without community buyin

      If you're familiar with DVD restrictions, this is like CSS, which uses encryption, rather than region encoding, which uses the honor system. If some idiot sends me one of these messages, it will look like gibberish, probably preceded by an advertisement encouraging me to register for a .NET passport account.

      I don't think "enforceable" is the right word, here. In my mind, this is less about forcing DRM on us, than it is about embracing and extending for the

  • Some facts (Score:4, Informative)

    by Some Bitch ( 645438 ) on Tuesday October 21, 2003 @08:49AM (#7269972)
    Ok, this thread is full of people assuming MS are dumb. Monopolists they may be but dumb they're not.

    1. IRM allows you to block forwarding of a message.

    2. IRM allows you to block printing of a message.

    3. Cut and paste is disabled for protected messages.

    4. You cannot get round it by using a non-MS mail client, the client will simply not be able to open the email at all.

    5. Screenshots are feasible but how many large corporations filter images in email sent externally? I know we do!

    This is not going to be as trivial to work round as many are suggesting.
    • Solution - throw together a little app that screen caps the message window and pipes the various text fields through an OCR program.

      Result - point-and-click copying of these alledgly 'protected' emails. Remember if you can see or hear it, then it can be easily copied.

  • The real agenda? (Score:5, Insightful)

    by femto ( 459605 ) on Tuesday October 21, 2003 @08:50AM (#7269977) Homepage
    from the article:

    >Microsoft says a free viewing program will be available for those who receive a protected document but are not using Office 2003.

    Why would one need a special reader if email standards are adhered to? Presumably this is an attempt to hijack the email system by getting all Office users to send email in a format which is unreadable by non-Office users. The only way to read email from a windows user will be to get a copy of Office 2003.

    Personally I will be replying to all such emails with a polite message that the message got garbled in transmision and could the sender please fix the problem in their system.

    • Re:The real agenda? (Score:3, Interesting)

      by Anonymous Coward
      I can think of a few reasons why I would not permit this system in my business:

      Hate mail: If a (criminal) employee sends another employee hate mail or simply inapropriate mail that (s)he can't print, forward or save the company will be sued (eventually) for creating a hostile work environment.

      Legality: Self destructing communication is almost certainly illegal where it concerns the company's finances, policies, environmental records etc.

      Security1: A false sense of security will encourage people to writ
  • Comment removed based on user account deletion
  • I just see the next wave of Worms setting lifetimes on all my email to 0 and blocking all incoming mail from people in my office. Genius.
  • But it's called GnuPG. It keeps people from reading my emails if I don't want them to. Come to think of it, it's on by default on Evolution and Mozilla mail.

  • .. someone from simply highlighting the entire text of the original email and composing another email with all the information - and none of the restrictions - and then sending this to everyone?

    If you can read it, you can circumvent this.
  • ...what the headers are so I can get a head start with procmail recipies?
  • by swordgeek ( 112599 ) on Tuesday October 21, 2003 @09:38AM (#7270481) Journal
    Look, can we put the DoJ onto this NOW, rather than after MS releases it? Clearly sending proprietary format email violates the MS anti-trust settlement, and if we get someone working on it now, we won't have to deal with this piece of shite.

    There is nothing here--NOTHING--that can't be done with existing protocols. PGP anyone (or GPG if you prefer)? I seem to recall that it had a 'read-don't-save' flag that you could set.

    Furthermore, this won't help anyways. Hasn't anyone heard of screencaptures?

    This new "feature" has no purpose other than to lock people into MS Office even further. It's a political trojan horse.
  • This isn't Email (Score:3, Interesting)

    by onyxruby ( 118189 ) <onyxruby&comcast,net> on Tuesday October 21, 2003 @11:50AM (#7272111)
    This isn't email, this is a server based document viewing system. Email is a system of forwarding text from one computer to another through at least one email server. It can have attachments, and even shiny graphics. But it is a message that has been sent.

    It stores the material on the server, and truely just sends a notification to someone. The notification itself is email, but that's where email ends and DRM begins. Since the email is really just a link to a server where the document can be viewed, it can't be viewed by "untrusted" platforms.

    This is why these emails are only accessible by people with certain operating systems that can be "trusted". Since they can never truely lock out any MS OS short of W2K or XP (arguable on those as well), they aren't going to have a client for anything else. Even with these you'll have to have the client DRM software. You know the software that intercepts calls for things like "print screen", the software that could only be written in Redmond?

    This is one way for Microsoft to get the masses to install DRM enforcement software. You know that new job your looking at? The one that requires completing paperwork through a DRM compliant system?

    There is a reason that this feature requires Server 2003 and so on, it is because it is an interlocking and interdependent license obtainment system. So the question becomes, since this isn't email, what do you call a centralized document viewing system?

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...