Thursday, October 9, 2014

Oh Adobe

Here's the problem: a lot of our "stuff" - both individual and business - is now in the cloud. Leaving aside the security of servers, there are also potential compromises in the transmission to and from the servers.

The issue for libraries is patron confidentiality, which we are both professionally and legally (in all 50 states) bound to preserve. (See Andromeda Yelton's impassioned post about the quandary.) Adobe, for quite some time now the near-monopolistic provider of Digital Rights Management (DRM) for ebooks in libraries, has been outed as having problems with the clear text, unencrypted transmission of user information (probably more than is strictly required to enable syncing across devices, if the usually well-informed Eric Hellman is to be believed, and I do believe him). It's possible that Adobe Digital Editions (ADE) 4 is also doing a little snooping - rummaging around your hard drive looking for other ebook information, although that's still in doubt.

Right now, if you confine your library ebook borrowing to one of the mobile apps (Bluefire is the most popular), you're probably not affected. Likewise, if you use an older version of ADE, for now. But unprotested "features" have a way of moving into newer versions, and forced upgrades.

As has been noted elsewhere, librarians are just about the only trusted voice in our society that is sounding the alarm about such incursions. So what, speaking practically, can we do about this?

  1. Make noise to our distributors. Librarians need to contact their vendors - OverDrive, 3M, Baker and Taylor all use Adobe DRM - to express their strong concern, emphasizing potential legal violations, and asking for a timeline for a fix. (It might even be more effective to address these concerns via an attorney on behalf of your library or city. A simple "letter of discovery," asking for information about possible violations of state law should suffice.)

  2. Make noise to the public. Ultimately, librarians need to get the word out to more mainstream media. It's one thing to irritate your business partners, but even worse to take a reputational hit in the larger consumer market. Tell your boards. Pass along a link, or an editorial to your local newspaper. We're whistle blowers on this one, protecting our patrons' privacy. What to pass along, exactly? "The library is investigating the evidence that one of our ebook vendors has recently changed its software in ways that compromise our patron privacy." On second thought, let's give option 1 just a little time first. It's smart to get our facts straight first.

  3. Investigate alternatives. DRM is where the problem started: it was all in the name of "protecting" your stuff. Now, it has become license not only to conduct personal surveillance, but to broadcast it to anyone with the know-how to tune in. I know OverDrive was putting together a non-Adobe DRM system (to get out of paying Adobe the 8 cents per checkout they are now assessed), but OverDrive's interests are commercial, not about confidentiality.  It may be better. I hope it doesn't become our only other option.

We're still in the Wild West of ebook systems. This kind of screw-up is inevitable and unsurprising. But now is the time to stake out the ethical ground the library reputation depends on, and let people know the system is broken, and is urgent need of repair.


Peyton Stafford said...


Total BooX has our own DRM. We developed and patented it. We do not use Adobe's. With our business model of paying only for pages read, obviously we have to track pages read, but we do this as anonymously as possible.



Peyton Stafford , VP Library Services,
Toll-Free 866.428.5344 | Cell 503.720.7149 | | Skype peytonstafford

Jamie said...

Good to know! - Welcome

In November of 2018, I left my position at ALA in Chicago to return to my Colorado-based writing, speaking, and consulting career. So I'...