One of the most endearing fantasies is the idea of the zero footprint security mechanism.  Whether it’s secured email or secured web pages – the hype is there – it is totally secure and nothing needs to be put in the desktop.

Of course everyone wants to be like the Red Queen (Alice in Wonderland), and believe six impossible things before breakfast.  It sounds so inviting.  You do nothing, magic occurs, and the impossible happens!

But it just isn’t like that in the security world.  Let me give you a concrete example of what I mean.  But please recall that in the modern world of Digital Millennium Copyright it is, as you will know, totally illegal to investigate technology security measures and find ways around them, and even more illegal to publish that information, so let me hasten to make it absolutely clear that what I am describing is a completely hypothetical system, and is not based upon the inspection of any actual mechanisms that may have been implemented by anyone for any purpose.

There has been a theoretical approach, discussed on some web sites, that you can secure the content of web pages just by adding some extra code to the web page.  The conceptual approach is that you include a bit of Java code which encrypts the page content. 

Of course anyone implementing such an approach would need to be ABSOLUTELY certain that programs like Internet Explorer (IE) did not leave copies of everything in its temporary folder – which it is ABSOLUTELY certain to have done – so the world and his wife can get hold of all the images on the web page without any effort at all.

Not much of  a security control, I hear you say.

But it gets better.

Now, suppose that you Save As the page that you have downloaded, and then open the files up with something handy, like – Notepad  (available on every Windows computer).  Look down the file and you will find, more than likely somewhere near the bottom of the file, the decryption key (sometimes called a password?) so you really do now have all the information you could possible want to crack this approach.

And it gets worse.

But you have to remember that IE is definitely not the only browser in town.  Hey, there are plenty more who want to be number one here.  So let’s consider, say, Firefox, for example.  Now a quick test will tell you that Firefox doesn’t implement Java controls in exactly the same way as IE, and you will more than likely find that you can do Copy and Paste from here of the information in the page, and just get everything without doing any real work at all.  Almost a no-brainer. 

And if that doesn’t work, then try one of the other browsers available.  Just be careful not to let any of them become the default because they are highly competitive bits of software and would seriously like to take over your desktop.  You see, no two browsers are alike, especially when it comes to security.

As a further, not entirely minor point, if I can do a copy of the entire page, and then drop it into one of the web page editors like Macromedia Dreamweaver then I can do whatever I feel like with the content, so that doesn’t make much for a DRM solution.

Now if you were to come across a company that claims to have implemented a theoretical solution like this one, then, without having to do any testing – hey – you wouldn’t want to break the law, would you, you already know the fundamental flaws in this theoretical approach, and you know to avoid the snake oil being offered.