Robert Gellman | @Info.Policy : Government should use DRM sparingly

Digital rights management is a hot topic for copyright and technology. For those just tuning in to the debate, DRM is associated with a set of technologies designed to enforce access restrictions to digital information imposed by the information provider.

DRM has obvious applications for music, video recordings and any other copyright-protected digital materials. But it also has sparked controversy between data users and copyright owners over privacy, fair use, regional coding, data sharing, backup, rootkits and other indicia. The Center for Democracy and Technology just published a useful background paper at, Quickfind 694.

DRM use in a government context is a new issue, at least for me. A recent paper from the New Zealand State Services Commission opened my eyes. The subject is government use of DRM as opposed to government regulation of DRM technologies and applications. The paper is titled “Trusted Computing and Digital Rights Management Principles & Policies.” You can find it at, Quickfind 695.

A good illustration of the problem arises if we consider information submitted to the government in the form of a comment on a proposed government regulation.

Comments of this type are usually public documents, and today they are often available on the Internet. What happens if a commentator used DRM to restrict access to the text?

A similar issue came up years ago when I worked for a House of Representatives subcommittee. Someone submitted testimony for a hearing with a prominent copyright notice. Did that mean that the testimony could not be distributed or printed? No one was quite sure, but we took the easy way out. We ignored the copyright notice. The submitter never objected, preferring to influence and not anger the committee. With a DRM-restricted document, however, subsequent dissemination of that testimony could have been difficult or impossible.

Another example could arise with a contractor report paid for by an agency. If the contractor used DRM to allow online access only to agency officials, the agency could end up in hot water under the Freedom of Information Act if it could not produce a copy in response to a request for disclosure.

Application of DRM to information in government hands could prevent public access to documents, or prevent agencies from sharing data.

The New Zealand report’s first principle states that a government agency with a business or statutory requirement to use the information it holds, or to provide access to others, must be able to do so. DRM cannot be a barrier to fulfilling those missions. That makes a lot of sense.

The report also discusses other conflicts that could arise through DRM-controlled government information. These include privacy, security, the need to update or amend information, and the archiving of permanent government records. The report does not, however, suggest a blanket rejection of DRM. Appropriate applications of DRM to government information are OK, but conflicts must be avoided, and the government must proceed with informed consent when it acquires DRM materials.

The New Zealand report isn’t long, but it does an excellent job of setting out the issues and the principles that should determine government acceptance of DRM. Any use by government of DRM functionality is a can of worms that should be opened, if at all, with great care.

Nikita Khrushchev reportedly once said that he intended to take over the entire world except for New Zealand. Why the exception? Khrushchev said that he needed a free market somewhere to set prices. A good point, to be sure, but I think that he undervalued New Zealand. The DRM paper is only the latest in a series of admirable information policy laws, rules and documents produced there.

Robert Gellman is a Washington privacy and information policy consultant. ([email protected])

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected