Adobe Spyware Reveals (Again) the Price of DRM: Your Privacy and Security

Print Friendly, PDF & Email

Adobe Digital Editions logoThe pub­lish­ing world may final­ly be fac­ing its “rootk­it scan­dal.” Two inde­pen­dent reports claim that Adobe’s e-book soft­ware, “Dig­i­tal Edi­tions,” logs every doc­u­ment read­ers add to their local “library,” tracks what hap­pens with those files, and then sends those logs back to the moth­er-ship, over the Inter­net, in the clear. In oth­er words, Adobe is not only track­ing your read­ing habits, it’s mak­ing it real­ly, real­ly easy for oth­ers to do so as well.

And it’s all being done in the name of copy­right enforce­ment. After all, the great “promise” of Dig­i­tal Edi­tions is that it can help pub­lish­ers “secure­ly dis­trib­ute” and man­age access to books. Libraries, for exam­ple, encour­age their patrons to use the soft­ware, because it helps them com­ply with the restric­tions pub­lish­ers impose on elec­tron­ic lend­ing.

How big is the prob­lem? Not com­plete­ly clear, but it could be pret­ty big. First, it appears Adobe is track­ing more than many read­ers may real­ize, includ­ing infor­ma­tion about self-pub­lished and pur­chased books. If the inde­pen­dent reports are cor­rect, Adobe may be scan­ning your entire elec­tron­ic library. Bor­row­ing a copy of Moby Dick from your pub­lic library shouldn’t be a license to scan your cook­book col­lec­tion.

Adobe claims that these reports are not quite accu­rate. Accord­ing to Adobe, the soft­ware only col­lects infor­ma­tion about the book you are cur­rent­ly read­ing, not your entire library. It also col­lects infor­ma­tion about where you are read­ing that book, how long you’ve been read­ing it, and how much you’ve read. Still dis­turb­ing, if you ask us.

Sec­ond, send­ing this infor­ma­tion in plain text under­mines decades of efforts by libraries and book­stores to pro­tect the pri­va­cy of their patrons and cus­tomers. (Adobe does not deny trans­mit­ting the infor­ma­tion unen­crypt­ed.) Indeed, in 2011 EFF and a coali­tion of com­pa­nies and pub­lic inter­est groups helped pass the Read­er Pri­va­cy Act, which requires the gov­ern­ment and civ­il lit­i­gants to demon­strate a com­pelling inter­est in obtain­ing read­er records and show that the infor­ma­tion con­tained in those records can­not be obtained by less intru­sive means. But if read­ers are using Adobe’s soft­ware, it’s all too easy for folks to bypass those restric­tions.

Third and most depress­ing: this flaw may have been unin­ten­tion­al, but we prob­a­bly should have seen it com­ing. As our friend Cory Doc­torow has been explain­ing for years, DRM for books is dan­ger­ous for read­ers, authors and pub­lish­ers alike. Whether or not Adobe actu­al­ly intend­ed to cre­ate this par­tic­u­lar vul­ner­a­bil­i­ty, if your com­put­er is col­lect­ing infor­ma­tion about you, and then trans­mit­ting it in ways you can’t con­trol, chances are you’ve got a secu­ri­ty prob­lem.

But there may be a sil­ver lin­ing to all of this. Sev­er­al years ago, music fans were shocked and dis­mayed to dis­cov­er that copy-pro­tec­tion soft­ware on music from Sony artists was actu­al­ly allow­ing Sony to mon­i­tor the fans’ lis­ten­ing habits, send­ing infor­ma­tion home to Sony, and cre­at­ing a mas­sive secu­ri­ty vul­ner­a­bil­i­ty. Sound famil­iar? That dis­cov­ery led to a pub­lic rela­tions melt­down for Sony, not to men­tion numer­ous law­suits. When the dust had cleared, Sony’s DRM cost it mil­lions in fees and set­tle­ments, and, of course, did noth­ing to inhib­it infringe­ment. For Sony, and many oth­ers in the music indus­try, the price of DRM final­ly became too high, and it has since been large­ly aban­doned.

So we’re going to try to be opti­mistic. The rootk­it scan­dal put sev­er­al nails in the cof­fin of DRM and music. If enough read­ers, librar­i­ans, pub­lish­ers and authors speak up, per­haps this lat­est scan­dal will do the same for DRM and books. In the mean­time, we’ll be tak­ing a hard look at our e-read­er pri­va­cy chart.