Adobe Digital Editions 4 Spies on Users - Because of DRM

This column has written many times about the deep flaws of Digital Rights Management (DRM) - or "Digital Restrictions Management" as Richard Stallman rightly calls it - and the ridiculous laws that have been passed to "protect" it. What these effectively do is place copyright above basic rights - not just in the realm of copyright, but even in areas like privacy. Yesterday, another example of the folly of using DRM'd products came to light.

Share

This column has written many times about the deep flaws of Digital Rights Management (DRM) - or "Digital Restrictions Management" as Richard Stallman rightly calls it - and the ridiculous laws that have been passed to "protect" it. What these effectively do is place copyright above basic rights - not just in the realm of copyright, but even in areas like privacy. Yesterday, another example of the folly of using DRM'd products came to light.

It involves Adobe's Digital Editions 4 ebook reading software, as explained here by Nate Hoffelder on his blog, The Digital Reader:

Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.

That's right: not only is Adobe spying on your every move as you use its software, it is sending all that information unencrypted across the Internet. Here's Adobe's "justification" for this:

Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them. All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers. Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.

As you can see, it is collected "solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers" - because of DRM, in other words. Adobe seems to think that it has the right to gather that information so that it can check up on you. Indeed, it's possible that users did in fact give it permission to do something similar when they agreed to the terms and conditions for the software - except, of course, that nobody ever read those in detail until yesterday, when this became an issue.

So, once again, it turns out that a "free" (as in beer) app is paid for by the loss of something much more precious: your privacy. By opting to use Adobe's closed-source code, you give it permission to watch your every move. And ironically, because of the DRM that is the root cause of this surveillance, you can't necessarily move to use other software that does not spy on you. You are locked in.

This episode underlines well how free software and open file formats are not just technical issues. Ebooks without DRM that are read on free (as in freedom) software do not spy on you. Moreover, you get to choose which reader to use, because there is no lock-in.

It's not yet clear how the Adobe incident will play out. There's an interesting suggestion in Ars Technica that Adobe's actions could fall foul of US laws:

The unencrypted transmission of reader data, along with an apparent lack of coverage of the collection of that data in Adobe'e terms of service, may be in violation of a recently passed New Jersey Law, the Reader Privacy Act. And the collection has also raised concern among librarians. The American Library Association's Code of Ethics states, "We protect each library user's right to privacy and confidentiality with respect to information sought or received, and resources consulted, borrowed, acquired or transmitted."

I would also be interested to know what the position is under EU data protection laws, which are generally more stringent than those in the US. Do Adobe's terms meet the requirements there? Sending information unencrypted across the Internet seems likely to fall foul of them, because even if users have agreed to being spied upon, they certainly won't expect data about their activities to be exposed in this way.

What's striking about the present situation is that, once more, the flaws of DRM make unauthorised copies of ebooks with DRM stripped out even more attractive, since they can be read using any suitable software, including open source applications that don't spy on you. Indeed, the more companies abuse DRM in this way, the more people are likely to seek out pirated copies - not because they are free, but because they are more convenient and safer. As is so often the case, copyright companies are their own worst enemy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Promoted