Trojan Horse Programs: Is this the Records and Archive Management Armageddon?

Abstract Development by the Microsoft Corporation and IBM of “rights management” software … commentators have nicknamed it the ‘Trojan Horse program” … gives e-mail authors control over their electronic messages after they have sent them, even to the point that the emails may erase themselves.

The potential for these self-destructing records has given archives and records managers some sleepless nights, says the author, a records and information management consultant and educator in Perth, Western Australia.

Legislators must do something, he insists.

Now that we appear to have systemized information deletion outside of our control via the good works of Microsoft and IBM, what does the future hold for Records and Archives Management?

The recent release of Microsoft Office 2003 with its Digital Rights Management ( DRM ) and Information Rights Management ( IRM ) features allows the creator/sender of electronic communications to control the printing, forwarding, and copying of the message.

Additionally, and of the greatest importance, the features allow the creator to set a time for the expiration of e-mails, Word, Excel and PowerPoint documents at their, not the recipients’ volition. It raises questions like

• What is the legality of ownership of a letter, fax, or e-mail?

• Does the sender own the communication or is the recipient the legal owner?

Not being a legal practitioner, I can only pose these questions and one other: is George Orwell’s 1984 society finally arriving 20 years late?

If my evaluation of this new facility is correct, in the near future there may not be any records for us end users, record managers or archivists, to manage and retain.

If we, as professionals, thought that the introduction of the personal computer was a calamity for records management that precipitated the demise of the registry system in government operations, this new feature could be viewed as Armageddon.

I am troubled over the concept of managing security risks by way of IRM or DRM from Microsoft or the Electronic Media Management System (EMMS) that includes DRM of some sort from IBM.

Storming the Gates Has hacking now been legitimized?

Inclusion of the Trojan Horse program in the commercially available software product offerings by these two IT mammoths would make it appear so.

Legislators in government and business circles along with the records management and the archives profession should be storming the walls, or should that be the “Gates”, of both Microsoft and IBM demanding that this be stopped immediately.


Because, by including this legitimized Trojan Horse program as part of an electronic communication, the sender may, if it is wished, disallow the recipient’s right to print, forward, copy or retain a business or legally related electronic communication about a business transaction.

What is this devilish plot?

Why are Microsoft and IBM able to legitimize the insertion and distribution of Trojan Horse Programs in their DRM product offerings without a reaction from the legislative community?

The software designers just adopting an admittedly useful tool to prevent the abuse of copyright in the music and movie/video industry and migrating it to e-communications without, I am certain, any intellectual evaluation or understanding of the potential consequences.

For an e-mail recipient, a restriction on printing, forwarding, or copying of a particular electronic communication may not be a big issue so long as the message can be captured and stored.

However, it is potentially extremely dangerous, and I personally have a violent objection to the feature that allows the sender to add what is formally called a “delete/kill, date-time” feature into an electronic communication without the recipient’s knowledge or approval.

My belief is that it is tantamount to the sender holding the recipient to ransom.

The description of the function alone is enough to raise the hairs on the nape of nervous necks: “delete/kill – date/time”. Heaven preserve us!

Has the use of Trojan Horse Programs the potential to change the course of history?

You Betcha!

If this tool had been in place in the 1980’s, Admiral Poindexter’s “Well done” e-mail to good old Ollie North and other data may not have been there for investigators to discover and the Iran-Contra hearings could not have been as thorough as they were.

Think it through.

See the delete, date-time feature repeated hundreds, thousands or millions of times and we will not need historians to document and assess history as there will be no history to assess.

An easy answer – Is there an easy answer to this matter?

Sure, there is!

Microsoft and IBM plus any other supplier who has this IRM or DRM delete/kill – date/time Trojan Horse program incorporated in their commercial software products must be made to remove the feature immediately.

Software developers who want to make a quick killing could create software able to identify the Trojan Horse program and warn recipients.
This would allow recipients to negotiate with the senders to have the program removed.

If approval was not forthcoming, it would allow the insidious monster to be overridden and recipients to carry on legitimate day-to-day business activities without a fear of a commercially or legally important e-communication disappearing without consent.

Legislators in both government and business must make provisions to monitor the use of Trojan Horse programs in commercially available software products.

These legislators will need to either outlaw the process or somehow safeguard recipients.

It is time for legislators and records and archive management professionals to take a stand against this appalling development.

Happy record management into the future!


Laurie Varendorff ARMA The Author Laurie Varendorff, ARMA, a former RMAA Western Australia Branch president & national director, has been involved in records management and the micrographic industry for 37 years.

Laurie has his own microfilm equipment sales & support organisation – Digital Microfilm Equipment – DME – and a – records & information management – RIM – consulting & training business – The Varendorff Consultancy – TVC – located near Perth, Western Australia, & has tutored & written course material in recordkeeping & archival storage & preservation for Perth’s Edith Cowan University – ECU.

Phone: +61 417 094 147; email @ Laurie Varendorff

This article was published in the Green Sheet Magazine ISSN 1476-3842, Issue 31 February 2005 on page 17 @ The Green Sheet

This article was commented on in the online newspaper available @ on September 22, 2004, in an article by Eric J. Sinrod titled: The legal implications of self-destructing e-mail.

The article – The legal implications of self-destructing e-mail – was picked up by legal websites internationally and redistributed @ the Duane Morris LLP website and the Other Law Blogs and the NETLAWBLOG Internet Tools for Lawyers and the e-evidence info @ The Electronic Evidence Information Center and the TRUSTe ADVOCATE and the MIRLN — Misc. IT Related Legal News [September 2004; v7.12] and the Forums: Open:On the Web and by other parties.

This article was reproduced in the ARMA Atlanta Chapter Newsletter the Peach Volume XXXIX, Issue 1 September 2004

This article was listed in The Victorian Governments eGovernment Resource Centres – Information Technology Section updated 4 February 2005 the eGovernment Resource Centre of the Victorian Government – Information Technology Section

The author, Laurie Varendorff gives permission for the redistribution or republishing of this article by individuals and nonprofit professional organisations without cost based on the condition that he as well as the URL of the article are recognised at the introduction of the article when redistributed or republished.

SPECIAL NOTE: Use of this article by publishers, commercial, government, or educational organisations requires a financial agreement to be negotiated with Laurie as the copyright holder for this work.