The proliferation of personal computing devices in recent years, especially mobile personal computing devices, combined with a growth in the number of widely-used communications formats (e.g., text, voice, video, image) and protocols (e.g., SMTP, IMAP/POP, SMS/MMS, XMPP, YMSG, etc.) has led to increased concerns regarding the safety and security of documents and messages that are sent over networks. Users desire a system that provides for the setting of custom, e.g., user-defined, content-agnostic permissions at a message-, document-, and/or sub-document—(i.e., a part of the document that comprises less than the entire document) level through a communications network. Such a system would allow customized privacy settings to be specified at various levels of social distance from the user sending the document or message (e.g., public, private, followers, groups, Level-1 contacts, Level-2 contacts, Level-3 contacts, etc.). Such a system may also allow the user to apply customized privacy settings and encryption keys differently to particular parts of a document, e.g., making a first part of a document available only to a first class of users and other parts of the document available to the first class of users and a second class of users.
Thus, a system for providing Adaptive Privacy Controls (APC) is described herein. APC comprises a user-controllable or system-generated, intelligent privacy system that can limit viewing, editing, and re-sharing privileges for files and other digital objects of all types stored in a compatible system (e.g., message objects, user profile fields, documents, etc.). APC allows users to share whatever information they want with whomever they want, while keeping others from accessing such information via assorted rights management techniques and/or encryption processes that can be initiated by user command or via system intelligence on entire objects or portions of objects. APC techniques may be applied to individuals, pre-defined groups, and/or ad-hoc groups. Customized encryption keys may further be applied to particular parties or groups of parties to enhance the security of the permissions settings.
APC may also be used to apply privacy settings to only particular parts of a document. For example, User A in an organization may need to see the entire content of the organization's annual report drafts, but other users in the organization may only need to see a version that has sensitive financial/pro-forma data redacted. For example, pages 1-20 of the annual report would be available to User A, but only pages 1-19 would be available to the other users.
Thus, according to some embodiments, the network-based, user-defined, content-agnostic (i.e., agnostic as to both format and subject matter) document and message permissions systems, methods, and computer readable media described herein may provide a seamless, intuitive user interface (e.g., using touch gestures or mouse input) allowing a user to block out particular areas of interest in a document or message from particular recipients or groups of recipients, as well as to specify privacy and permissions settings for a single document or message—or across all documents owned by the user.
The protections offered by APC techniques may, however, be complicated when applied to structured document file formats and/or file types that may, e.g., be represented by a markup language. In the case of spreadsheet documents or other Extensible Markup Language (XML)-based file types, dynamically calculated content can present a challenge to accurately display to unauthorized or ‘out-of-system’ viewers, because APC's encryption of document content at the individual cell- or value-level can create corrupted regions within formulas, charts, features, or other dynamically-rendered content that relies on or refers to the encrypted content's value(s) in order to be rendered correctly. For example, if APC protection techniques are applied to one or multiple spreadsheet cells that are referenced in a formula of a second spreadsheet cell, the second cell's formula output will likely contain a Reference Error when viewed by an unauthorized or ‘out-of-system’ viewer and thus appear invalid—even if the sender had actually intended the recipient to be able to see the value of the second cell (i.e., the value of the second cell at least as of the time the sender sent the document to the recipient).
The subject matter of the present disclosure is directed to overcoming, or at least reducing the effects of, one or more of the problems set forth above. To address these and other issues, techniques that enable the setting of user-defined, content-agnostic permissions at a message-, document-, and/or sub-document-level through a communications network—including for structured document file types that may contain both dynamically-rendered content and statically-rendered content—are described herein.