Archive for May, 2008

BS 10008: A new standard for legally admissible electronic information

May 24, 2008 Leave a comment

The British Standard Institute is due to publish a brand new standard entitled “Evidential Weight and Legal Admissibility of Electronic Information” in September 2008. This draft standard (BS 10008) is designed to deal with issues relating to the authenticity and integrity of electronic information which may be used as legal evidence, and is currently available for comment on the BSi website. Also it does make an interesting read when viewed in light of its applicability to enterprise DRM.

First of all, the BS 10008 standard is not entirely new, and is in fact based on an existing code of practice for “legal admissibility and evidential weight of information stored electronically” (or BIP 0008). This original code of practice was extended in 2005 to include the electronic communication of information and the linking of electronic identity to documents, which all together make up the new draft standard – as requested by adopters of BIP 0008. Also this effectively puts the new standard in direct oversight of things like document management, information security and enterprise DRM.

According to the BSi website, compliance with the new BS 10008 standard will help organisations to maximise the trustworthiness and reliability of their information, and to minimise the risk associated with long term storage of electronic information on their systems. The scope covers the accessibility and availability of verifiable information over a period of time, and includes the use of document management, storage, transmission, and retrieval systems as well as electronic identification / signatures and copyright management. The document and information may be in form of text, executable formulae, and / or multi-media (i.e. voice / video / images). The main body of the draft standard provides guidelines and directions on various aspects of electronic information management including:

  • Information management and security policies (covering the electronic storage and transfer of information), roles / responsibilities, reporting and documentation among other things.
  • System implementation and operations (covering information capture, transfer, storage, index and output, as well as features like identity, security, disaster recovery, outsourcing, version control and exercising)
  • System monitoring and review (including auditing and management reviews)
  • System maintenance, monitoring and improvement One is left, after reading this, with the overall impression that here is a well thought-out and fairly comprehensive example of a developing standard which will benefit from input by all interested, and affected, stakeholders.

So, by all means, do post any comments / suggestions on this standard directly onto the BSi website (needs registration) and, as ever, any other comments and thoughts (e.g. on its applicability and relationship to DRM, for example) are most welcome right here on this blog.


Note: This post was previously published on my BCS DRM Blog, where you can find the original post, and reader comments, in the archives.


And now for some Geospatial DRM

May 11, 2008 Leave a comment

As the name suggests this has to do with the application of DRM technologies to provide some control over the use of geographic information. In a world that has grown ever smaller, and more sophisticated, with the use technology to span great distances and deliver innovative location-based services, it has become increasingly obvious that geographic information will play a key role in enabling these services.

The whole point of DRM is intrinsically bound to the need to control information / data / content for a variety of reasons, most of which eventually relate directly to economics or good old filthy lucre. However like with any instrument, inappropriate use of DRM can often result in casualties (which may or may not involve its operator). Therefore it is always gratifying to come across organisations that show great promise of having this understanding well-embedded in their DNA before embarking on initiatives that involve the use of DRM technologies.

The Open Geospatial Consortium (OGC) may be one example of just such an organisation. According to theOGC website, it is a “non-profit, international, voluntary consensus standards organisation that is leading the development of standards for geospatial and location based services”. This is the exciting mash-up of geographic information with computing and communications technologies to provide innovative services that are relevant to that user’s location. The OGC has developed several technologies and standards relevant to geographic information, and they even have a cool demo of the OGC Web Services vision of interoperability.

A fundamental aspect of the work done by the OGC is its reliance on geographical data and information, which may be supplied and owned by third parties, therefore it is necessary to deploy systems that can effectively protect and manage such external Intellectual Property assets. To this end the Geo Rights Management Working Group has been tasked with enabling the adoption and adaptation of DRM for geospatial purposes. Among other things, this group has created and published a fairly detailed GeoDRM reference Model to be used in developing interface specifications for interoperable services as illustrated in their Web Services demo. It will be interesting to see how this will be adopted by the suppliers of Geographical information, or if other competing standards will win the day.

PS. I would be interested to hear of other interesting projects or initiatives that have elements of information control or rights management, and how they have been developed, or progressing, so do keep those comments coming.


Note: This post was previously published on my BCS DRM Blog, where you can find the original post, and reader comments, in the archives.