The publishing world may finally be facing its “rootkit scandal.” Two independent reports claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to their local “library,” tracks what happens with those files, and then sends those logs back to the mother-ship, over the Internet, in the clear. In other words, Adobe is not only tracking your reading habits, it’s making it really, really easy for others to do so as well.
And it’s all being done in the name of copyright enforcement. After all, the great “promise” of Digital Editions is that it can help publishers “securely distribute” and manage access to books. Libraries, for example, encourage their patrons to use the software, because it helps them comply with the restrictions publishers impose on electronic lending.
How big is the problem? Not completely clear, but it could be pretty big. First, it appears Adobe is tracking more than many readers may realize, including information about self-published and purchased books. If the independent reports are correct, Adobe may be scanning your entire electronic library. Borrowing a copy of Moby Dick from your public library shouldn’t be a license to scan your cookbook collection.
Adobe claims that these reports are not quite accurate. According to Adobe, the software only collects information about the book you are currently reading, not your entire library. It also collects information about where you are reading that book, how long you've been reading it, and how much you've read. Still disturbing, if you ask us.
Second, sending this information in plain text undermines decades of efforts by libraries and bookstores to protect the privacy of their patrons and customers. (Adobe does not deny transmitting the information unencrypted.) Indeed, in 2011 EFF and a coalition of companies and public interest groups helped pass the Reader Privacy Act, which requires the government and civil litigants to demonstrate a compelling interest in obtaining reader records and show that the information contained in those records cannot be obtained by less intrusive means. But if readers are using Adobe's software, it’s all too easy for folks to bypass those restrictions.
Third and most depressing: this flaw may have been unintentional, but we probably should have seen it coming. As our friend Cory Doctorow has been explaining for years, DRM for books is dangerous for readers, authors and publishers alike. Whether or not Adobe actually intended to create this particular vulnerability, if your computer is collecting information about you, and then transmitting it in ways you can't control, chances are you've got a security problem.
keyboard shortcuts: V vote up article J next comment K previous comment