Microsoft’s Mundie Sees DRM as Protection for Personal Data

Craig Mundie, senior advisor to Microsoft’s CEO, is proposing that a form of digital rights management can be used to secure personal data. He believes it is vital, since people do not currently have a method to ensure that the data they share will not be misused. However, DRM has been ineffective at preventing some illegal copying of media files. And many companies may oppose the idea as they require access to personal data for their businesses.

“There’s too much data being collected in so many ways, and a lot of it in ways that you don’t feel you had a role in the specific transaction,” according to Mundie. “Now that you’re just being observed, whether it’s for commercial purposes or other activities, we have to move to a new model.”

Speaking at the EmTech conference in Cambridge, Massachusetts, Mundie discussed the potential of a DRM technology system working in concert with laws and regulations a a solution. “I think we’re going to have to have a usage-based way of controlling this now,” he suggests. “One way to do that is to put cryptographic wrappers around these things that control uses of this data.”

Applications and services that use sensitive data, such as someone’s medical information or current location, would have to register with the authorities. A centralized authority would then allocate encryption keys to applications, approving them to have access to protected data as permitted by the users’ data.

“The use of cryptographic wrappers would ensure that an application or service couldn’t use the data in any other way,” reports MIT Technology Review. “But the system would need to be underpinned by new regulations.”

“You want to say that there are substantial legal penalties for anyone that defies the rules in the metadata,” says Mundie. “I would make it a felony to subvert those mechanisms.”

Although DRM was implemented to protect media files, it failed to prevent illegal sharing of downloaded music. This was due in part to the ease that unprotected files can be obtained, such as ripped from a music CD and distributed on peer-to-peer networks like Napster and BitTorrent.

Many businesses that use personal data would most likely reject Mundie’s proposal, and he acknowledges that some type of data are so useful that companies are likely to be exempt from restrictions. “I believe that this is going to end up going both ways,” he notes. “I predict that we will find there are certain classes of data that become so important to society, for health, education, or security reasons, that society will decide that people can’t opt out.”

Mundie was previously in charge of Microsoft’s research wing, serving as its chief research and strategy officer.