Communications - September 2008

company has to have a copy of them.

GReG GanGeR: Let’s be careful. There are two interrelated things going on here: Does the company have a copy of the information, and can a company control who else gets a copy? What Erik just brought up is an example of the latter. What Steve has been talking about is more of the former.

steVe Kleiman: Margo has been saying that companies may not have a copy. I fundamentally disagree with that. That’s what it pays the employees to generate. The question is, can the company control the copy? My working assumption is that this is beyond the scope of any storage system. DRM systems are going to have to come into play and then it’s key management on top of that.

maRGo seltzeR: I’m not sure I buy this. Yes, companies care that employees do their jobs, but very few companies tell their employees how to do their job. If my job is to produce some information and data, I may be traveling for a week and it may take some time for that to happen. In the meantime, I may be producing valuable corporate data on my laptop that is not yet on any corporate server. Whether it gets there or not is a process issue and process issues don’t always get resolved in the way we intend.

mache cReeGeR: You’re both right.

Margo wants to create value for her company in whatever way she is comfortable—on a laptop while she’s traveling, at home—whichever way works that produces the highest value for her employment contract. If the company values Margo’s work, they will be willing to live, within reason, with Margo’s work style.

On the other hand, from Steve’s perspective, sooner or later, Margo will have to take what is a free-form edge document and check it into a central protected repository and live with controls. She can then go on to the next production phase, which might be a Rev. 2 derivative of that original work, or perhaps something completely different.

eRiK RieDel: You certainly have to be careful. You’re moving against the trend here. The trend is toward decentralization. Corporations are encouraging people to work on the beach and at home.

steVe Kleiman: Nothing I’ve said is in conflict with that. Essentially, the distilled intellectual property has to come back to the corporation at some point.

eRiK RieDel maRGo seltzeR: Sometimes it’s the the general trend process that’s absolutely critical. Did I

steal the code or write it myself? That

for the last several information is only encapsulated on my years is for more laptop. Regardless of whether I check it into Steve’s repository, when Mary’s

distribution, not company comes and sues me because I
less. People use stole her software, what you really care _about _is _the _creation _process _that _dida lot of high- or did not happen on my laptop.
^capacity, ^portable ^eRic ^{BRe WeR}^: ^I ^don’t ^think ^that’s ^theday-to-day problem of a storage admin-
devices of all istrator. What we’re talking about is
_sorts, _such _as whether the first goal is to know which _of _the _copies _you _don’t _want _to _lose,BlackBerrys, which is a different problem than cop-
ies leaking out to others.
portable usB steVe Kleiman: I do think that the
^devices, ^and ^legal ^system ^still ^counts. ^Technologycan’t make that obsolete. You still have
laptops. for a system a legal obligation to a company. You
_{administrator,} _the still have an obligation not to break the _law. _Any _technology _that _we _can _comeability to capture up with, someone will probably find a
data is much more ^{way of circumventing it, and that will}require the legal system to fill in the
threatening today. gaps. That’s absolutely true with all
the stuff on laptops that we don’t know
how to control right now.
maRGo seltzeR: I also think it’s more
than just copies that we need to be
concerned with; it’s also derivative
works, to use the copyright term. It’s
“Oh, look: File A was an input to File B
which was an input to File C and now I
have File D, and that might actually be
tainted because I can see the full path
of how it got there.”
mache cReeGeR: Maybe what we’re
seeing here is that we need to intuit
more semantics about the bits we are
storing. Files are not just a bunch of
bits; they have a history and fit in a con-
text, and to solve these kinds of prob-
lems, companies are going to have to
put processes and procedures in place
to define the context of the storage ob-
jects they want to retain.

maRY BaKeR: You can clamp down to some extent, but it’s the hidden channel problem, even through processes that are not malicious. Say I’m on the beach and the only thing I’ve got is a non-company PDA and I have some ideas or I talk to somebody and I record something. It can be very hard to

Cover
CII
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
CIII
CIV

one page

share

print

SlideShow

fullscreen

Open Article

article text for page

< previous story | next story >

add comment | read comments

Share this page with a friend
Save to “My Stuff”
Subscribe to this magazine
Search
Help