The State Services Commission is helping creating an international community of government agencies to tackle the IT industry's introduction of digital rights management.
Concern in government circles has been raised over long-term access to data which may have been created using DRM-based software.
Laurence Millar, the director of the SCC's e-government unit, says he is putting together a steering group to oversee the response of government agencies to issues surrounding DRM. That group will in turn create a working group to act on its decisions.
"We've got a number of people from several government agencies as well as externally from within the IT industry," says Millar.
In November 2003, the e-government unit advised agencies not to enable DRM features in Microsoft's Windows Server 2003 and Office 2003 because of privacy and security concerns. Millar says that advice stands today.
"There are three main issues we're pursuing: what to do about archiving of documents for the long term; principles for government use of DRM generally; and the building of a network of government agencies internationally." Millar says while New Zealand has taken something of a lead role on the issue, most OECD countries are only now trying to address the problem of retaining long-term access and even control over data that may have been created or modified using DRM software or hardware.
The Trusted Computing Platform Alliance, or TCPA, was formed by Compaq, HP, IBM, Intel and Microsoft in April of 2003 to try to protect intellectual property rights. However, concern has been raised that it gives the IT vendors access to and, in some cases, control over data created by end users.
In 2003 the Centre for Critical Infrastructure Protection (CCIP), part of the New Zealand's Government Communications Security Bureau (GCSB), released a discussion document about the platform, warning that Microsoft was moving away from non-proprietary rights management software and that could lead to problems in the future.
“Before an organisation implements a technology or product that is designed to restrict access to their resources, they should assess the risk of them losing access to the resources themselves or being tied into a solution that could restrict their future options to one technology or vendor,” the document says.
Millar says the SSC has been in contact with Microsoft and other vendors about the issues and says they have been "receptive" to governments' concerns.
"This isn't a problem we can address only in New Zealand. It's an international issue that's going to take international cooperation.
Millar's unit is working on a set of principles to guide government departments and agencies in handling DRM issues and will be issuing advice on how to set firewalls to reject DRM files. He expects those principles to be ready by early 2006.