Safeguarding Data Has Companies Locking Digital Files

Interest in controlling use of documents after distribution is growing

3/6/2006 By Tom Sawyer

When executives want the ultimate in secure communications, they close the door, pull out a pen, write key words on a scrap of paper and expose it to the other party. Then they destroy the paper. That’s a tough level of protection for today’s high-tech security wizards to rise to. But they are making progress in that direction.

Every day, construction firms are exposed to enormous risk by entrusting operations to electronic data and transmitting it to others. The alternative—paper-based exchange—is becoming less and less practical when measured against the speed, reliability and storage efficiency of electronic data. But while speed and precision are attractions of digital communications, security risks are the bane.

“If you must send documents, being able to protect them so people cannot print, copy or do a whole lot with them other than read them, is invaluable,” says Muge Wood, an oil and gas solutions specialist with Microsoft, Redmond, Wash.

Through tools available with the Windows Server 2003 Professional software, companies can use Microsoft’s Rights Management System (RMS) to apply access, print, distribution and even expiration controls to documents that will take charge whenever anyone tries to use the documents, even off line. Only Internet Explorer Version 6, or higher will open them. It enforces the document controls.

“Some of our customers are companies that got really burned by this and they want to find a solution,” says Wood. “The CEO sends a confidential memo on their business strategy and the next thing they know, it’s in a newspaper. It’s fairly easy for them to see the value and want to use it. Then there are other companies taking a more proactive approach. They want to share, but protect their intellectual property.”

“By embedding RMS controls into the document, it gives you some assurance that no matter where it goes or how long it lives, those controls will persist,” says Gary Geddes, a Microsoft strategic security advisor. RMS controls can be applied to Microsoft Office documents, including PowerPoint, Excel and Word files. Third-party applications, including ones from Autodesk and Adobe are being added. “We are getting more and more partner uptake,” Wood says.

“If people haven’t started to think about it, they ought to,” says Kristine A. Fallon, president of design and construction technology consultant Kristine Fallon Associates Inc., Chicago. “Clearly, the electronic communications are becoming very important and suddenly you have all these concerns, like ‘can somebody alter the RFI response after the fact?’”

Fallon says good Web-based project management systems control document rights and audit access, but firms now are looking for similar controls outside of project systems “as an overlay on regular e-mail” and through properties embedded within the documents themselves.

As is often the case with meeting technology challenges, answers are being found not only in new inventions, but in clever combinations and improvements to existing ones. The increasing use of locked, but annotatable documents in formats such as Adobe’s Portable Document Format and Autodesk’s Digital Web Format, and the growing interest in embedding controls within them, are opening the door to increasingly sophisticated possibilities.

“It is moving from early adoption to industry practice,” says Amar Hanspal, vice president of Autodesk Collaboration Services. Hanspal describes three layers of document security, two of which are established, and a third that is coming into its own. First are document-level controls such as password protection, encryption and the publication of restricted views of the original data. Then there are server-level controls, such as tracking and check-in, check-out capabilities. But the use of embedded security tools like digital signatures that validate authenticity and integrity is growing. “That not only limits what people can see, but what people can do with the document,” Hanspal says.

Autodesk does not yet embed digital signatures within its DWF format, but is working on it, Hanspal says, adding that Autodesk’s original DWF definition, as a digital Web format, is evolving, too. “The way we think of it now is the Downstream Workflow Format,” he says.

DWF’s big rival, Adobe Acrobat, is much further along. It introduced digital signature creation and third-party verification, which uses a commercial certificate validation service to offer a high level of authentification, password protection and the ability to bundle multiple PDFs in a password-protected e-envelope in its current edition, Version 7. It also offers a server-based Digital Rights Management service similar to Microsoft’s RMS for controlling persistent permissions. In January, Adobe acquired the FileLine DRM division of Navisware, a Raleigh, N.C.-based technology company bridging CAD and enterprise data. Adobe will use it to enable its LiveCycle Policy Server to persistently protect documents in PDF, Microsoft Office and CAD formats.

“Adobe’s products are pretty interesting,” says Fallon. “I think they were the first to see it. What Autodesk has done is a CAD-centric thing. What Adobe has done is a generalizable thing. It’s a little more universal. Adobe has only gotten really smart about the CAD side of things in the last three years or so,” she says.

According to Fallon, Adobe’s informal partnership with Bentley Systems has helped “inform how they are going forward,” particularly with respect to Adobe’s new ability to create PDFs from 3D design files. She also laudes Adobe for submitting the PDF format for ISO certification to help it gain status as an international standard and ensure its archival value.

Hanspal says the big driver in the development of digital rights tools is entertainment. “Hollywood is driving digital rights management,” he says. “It’s not that engineering is less important, but they are creating a path for us. We will learn from those guys. We will look at pieces and see what we can reuse.”

Hanspal says the early big users in construction are government agencies, large public utilities and the oil and gas sector. “You can see how it could work for engineering,” Hanspal adds. “You send out a document and it can only be used for 30 days—and then it explodes.”

Automating Processes

Geddes says Microsoft’s RMS “has public key infrastructure under the hood.” Just as with digital signatures, RMS uses personal encryption codes, with public decoding keys distributed to the designated recipients.

Those same tools embedded within documents are being leveraged by a bevy of third-party software developers to create new products that really could change the industry. Some are creating PDF’s with an emphasis on high fidelity and gang processing, or using them with digital certification to automate processes. Such files, if accepted by all parties in a document-exchange, have the potential to eliminate the paper flow.

Nashville-based architect John TeSelle has bought into the concept. Annoyed by the tedium of finishing design projects with hours-long signing sessions at the reprographic shop, and intrigued by the potential of digital signatures, TeSelle looked for software to adapt the process to his drawings. “The immediate need that I was trying to solve with it was to digitally stamp and sign my drawings and then FTP them to my reprographer, who can print them out and send them where they are supposed to go,” says TeSelle. “The way it was...it was a big waste of time.”

	Digital Seals. Providing a missing link?

TeSelle needed something that not only would behave as a digital lock and key, but also would have the graphic features demanded by the state licensing boards. Not finding what he needed, he created it. TeSelle started LineType Software in 2002 to market Banjo, a $99 digital signature plug-in for Adobe Acrobat that lets architects and engineers affix digitally signed seals with the look and feel of the old thing, and the functionality of the new. Recipients can verify the signatures with the free PDF viewer, Adobe Reader, with a free Banjo Viewer plug-in installed.

Many design software products have digital signature features, says TeSelle, “but what they don’t allow you to do is customize exactly the way that signature and seal is going to look.”

Jason Kilgore, a Chattanooga, Tenn.-based structural engineer calls Banjo “an excellent idea, especially since I live 700 miles from most of my projects. I have emailed PDFs directly to the reprographic companies and they plotted them and sent them to the contractors. I apply my signature with a little disclaimer: ‘This document has been digitally signed by Jason W. Kilgore in accordance with....’ Hopefully somebody in a city government who may have never heard of electronic signatures will see it and say, ‘Oh, I suppose it’s OK.’”

Pepper Construction, Chicago; R.D. Olson Construction, Irvine, Calif.; and about 40 other contractors are in various stages of testing or implementing a new service called Textura, from Textura LLC, Lake Bluff, Ill., that automates construction payment management.

“R.D. Olson is a general contractor licensed in 28 states. Each state has its own requirements when it comes to lien releases and what owners want in contracts,” says Jackie Buck, Olson’s executive vice president for finance and administration and a recent national past president of the Construction Financial Management Association, Princeton, N.J. “Some want different affidavits that you sign, [and] every customer requires a general contractor to provide certain documents that they feel they need to protect them,” she says.

The traditional invoice-authorization, submission, approval, lien-releasing, check-splitting, check-cutting, check signing, payment system can be a mind-numbingly manual, complex, Byzantine process. There are opportunities show-stopping errors and Textura wants to change that. “It’s charming,” says Buck. “When they showed it to us, we were sitting there with our mouths open saying, ‘Why didn’t we think of this?’”

	Cahill

Textura moves the entire process to an audited, self-checking browser and e-mail-based system that circulates all of the documents between the owner, general contractor, subcontractors, suppliers and banks. It gathers digital signatures and even notarizations and automatically transfers funds for payment. It costs nothing to set up and handles transactions for a flat fee—$5 for amounts up to $2,000 and topping out at $50 per $100,000. “I see Textura becoming an industry standard. How can it not?” says Buck.

Dan Cahill, a former Pepper project manager who joined Textura last October states the company’s future simply: “We want to be the ATM network for the construction industry.”