Think those DRM mandates and rules won't affect you when accessing the Web at work? Think again IF AN EMPLOYEE or contractor uses your network to trade music or pick up pirated software, your company could be liable — that’s the hidden catch in the DRM (digital rights management) discussions. An ISP can claim that it can’t police all the content passing through its vast network. In contrast, most businesses already restrict and monitor employees’ Internet access, so it’s reasonable for Sony, AOL Time Warner, Microsoft, and the like to argue that your company can identify illegal files as easily as it now ferrets out porn and hate speech. Can you imagine a better way for content owners to force the universal adoption of DRM than to take those who don’t use it to court? Remember, Napster wasn’t taken down because it engaged in the trading of illicit content; Napster got busted for failing to prevent it. The RIAA (Recording Industry Association of America) didn’t sue individuals for infringement, it sued businesses. This issue puts companies in an awkward position. It’s good policy to make employees feel trusted. Moderate access to harmless nonwork-related sites such as news and weather helps break up the monotony of the day. If your company permits personal calls on business phones, it’s hard to justify the blocking of IM and chat programs. Besides, IM has become an important business tool. So it’s generally good for morale and productivity to block only the most extreme content — better to identify individual abusers instead of assuming every employee lacks the willpower to resist the urge to surf the Web instead of work. Still, even companies with liberal Internet access policies block hate speech, obscenities, and malicious code. It’s also wise to try to keep trade secrets from leaving the building. For every measure a security vendor cooks up, a hacker soon creates a countermeasure, a way to gain unlogged, unrestricted access to the network. Eventually, every network linked to the Internet will have to do two things: Verify the origin and authenticity of data, and analyze content to look for malware and other impermissible traffic. Funny thing, that’s exactly what the RIAA, MPAA (Motion Picture Association of America), and BSA (Business Software Alliance) want to do. When IT organizations can analyze every bit that passes through their networks, it’s a cinch that companies, with their deeper pockets, will be forced to answer for their employees’ actions. It is already possible to analyze and filter content at wire speed — I’ve got a box from FortiNet that does just that — and Intel has announced plans to develop hardware for that purpose. Hardware DRM is, at most, a year or two away. It’s time to let employees know that privacy and anonymity don’t exist on your corporate network, and that every bit that enters or leaves your router is logged, analyzed, and traced to its source. Individuals and ISPs must resist efforts to regulate the use of the Internet, but businesses can no longer shield themselves by claiming they can’t look at every packet that traverses their networks. Software Development