Intellectual property comes in many forms. For ebook publishers it is the books they write and sell, for organizations it is confidential documents they share, and for consultancy companies it is the reports they distribute.
Regardless of the intellectual property involved, these electronic documents all must be given to others, and therefore protected against falling into the wrong hands, or preventing revenue loss from unauthorized distribution. This is where PDF security comes in.
Most companies publish documents that do not need to be edited in PDF format. This is because it ensures a consistent look and feel (brand) regardless of the user’s operating system or viewing software. Applying PDF Security places controls over PDF documents to prevent use of facilities such as editing and printing.
Some PDF security software goes further by letting you apply dynamic watermarks that identify the document user, and expiry dates which enforce when the document can no longer be used.
The most common form of PDF Security is password protection. This is because it is normally part of the software used to create PDF files. You can specify two types of passwordsone which the user must enter to open a document, and another to change the access controls (edit, print, copy, etc.) to be applied to a document.
Whilst PDF password protection may seem secure (especially when a strong algorithm and key length is mentioned) there are numerous tools available on the Internet which can break this kind of protection. Generally people use weak passwords, and even if a strong password is used there are then dictionary and brute force attacks – it is not if the password will be broken, but when.
The main problem, however, is that you have to rely on others not to share the document password(s) if you want to prevent unauthorized access. A mean feat at best! Once someone can open a document, removing the access controls is trivial.
Some applications go one step further and ‘hide’ the document password from the user, but these too can be easily defeated (the‘key’ has to be stored somewhere, and generally it is within the document itself). The most secure type of PDF Security software uses DRM controls, stores decryption keys within a separate keystore (also stored encrypted), and locks the keystore to specific devices so that it cannot be copied along with the protected documents to allow use on another computer.
Apart from greater security, this type of PDF securitygenerally provides enhanced access controls (like controlling the number of prints, number of views, expiry in x days from opening, etc.), and enables you to instantly revoke any documents you have published.
So what is the downside? Well for simple password protection users don’t have to install any additional software assuming of course they have Adobe Reader already installed. More secure systems require users to install additional software (this may be in the form of a separate Viewer or a plugin to an existing application).
Since these applications must be licensed (and therefore need to communicate with a licensing server), firewalls may have to be configured to allow this. In other words there is another step users must take to view the document for the first time.
From a publisher’s point of view this can seem like a minor point when their intellectual property is at stake, but users don’t necessarily like to be told what they can or can’t do with content they are using.
So choosing and using a PDF security solution is a balancing act. You need to find something that supports a wide range of devices (PC, Mac, iOS, Android), is flexible in letting you decide what controls you apply, is not too restrictive (e.g. online use only) and that works for everyone.