Acrobat 7 Security Features

[Bobby H]

I have been playing around with Acrobat 7 Professional, as part of the Adobe Creative Suite 2 Premium upgrade. One of the areas where I have been experimenting is in saving encrypted and password protected PDF files.

I've been using the Acrobat PDF format as a means of delivering sketches to clients for close to a decade. Many know the risks involved in sending plainly distilled PDFs and have taken numerous steps in protecting the artwork. The issue is you don't want a client shopping your sketch around to other rival sign companies. In the past, I've rasterized vector art down to fairly low levels of resolution and include odd translucent patterns to ruin any attempts at auto-tracing. But these steps take extra time and can bloat PDF file sizes.

The security provisions in Acrobat 7 seem promising. I can encrypt the document and restrict specific permissions for viewing, printing, altering, etc. with a password. Pretty cool.

I haven't found a standard desktop drawing app or sign making app able to cull embedded vector art from a password protected PDF file. The password dialog box comes up in Illustrator, Corel, Freehand, Flexi and Canvas.

The question I'm finally coming around to ask is: has anyone reading this forum found an app able to extract vectors from a password protected PDF?

I would prefer to send vector-based PDFs due to their smaller file size, better quality printing of graphics and better on screen viewing. I'll probably still throw in some patterning stuff on top of artwork to throw off anyone trying to autotrace a good screen grab.

Anyway, Acrobat 7 would appear to make my PDF creation process more simple and more secure. I just want to be certain about it.

 

[Bobby H]

An update:
I've been doing a little further research on the subject of security in Adobe PDF and found some problems.

First, there are two utility programs available (both available for around $30 each) which can remove password restricted permission functions inside PDFs. Verypdf's PDF Security Remover is one tool and AEBPR from Elcomsoft is another. They'll remove both 40-bit and 128-bit passwords. The tool from Elcomsoft will also remove digital rights management schemes from PDF-based e-books.

Adobe has an active copyright infringement lawsuit against Elcomsoft. I don't know if they're taking any legal action against Verypdf.

Aside from the tools available online, Adobe has this statement in one of their PDF creation documents:

"Note: PDF cannot enforce the document access privileges specified in the encryption dictionary. It is up to the implementors of PDF viewer applications to respect the intent of the document creator by restricting access to an encrypted PDF file according to the passwords and permissions contained in the file."

The big problem with this statement is the "respect the intent" nonsense. What in the world is that!? It sounds an awful lot like "the honor system" and we all know how well that works in the area of software: not at all. The technology to secure PDF should be something that works absolutely regardless of whether other developers want to "respect the intent" of it or not.

There is one bright side to this.

Both the utilities I mentioned will not work if the PDF document is created where a user password is required to open the document. I think this is an area where you can have a would be customer nailed dead to rights if the PDF or any of its embedded artwork were to find its way into the hands of a rival sign company.

Basically, you get the customer to sign a kind of release (read: contract) to get the PDF document's password. Terms in that release can specify conditions that must be honored to open the document. If the end user has the password to open the document those other utilities can be used to extract the artwork from the PDF. You would at least have a signed release as some means of legal recourse.

OTOH, how well would something like this go over with customers? It doesn't come off very friendly to require a would-be customer to sign releases and use passwords to open a document. At least some people could read it that way.

In the end, the solution is just not simple at all. Very obviously, I'm going to need to continue embedding low resolution rasterized versions of artwork in most client PDFs. I'll only be able to embed vector-based artwork in PDFs sent to clients that have a very long relationship with our company.

Adobe really needs to do something to radically improve the security features of Acrobat PDF. One online writer described the security like a locked doorknob with the screws installed on the outside of the door.