Topical items and views on the impact of digitisation on publishing and its content and the issues that make the news. This blog follows the report 'Brave New World',
(http://www.ewidgetsonline.com/vcil/bravenewworld.html ), published by the Booksellers Association of the UK and Ireland and authored by Martyn Daniels. The views and comments expressed are those of the author.
Details about the extent of the Adobe security snoop into
individual’s reading habits and harvesting of data is becoming clearer and the arrogance adopted by
them over what is personal data would appear to many to raise the question as
to whether they are fit to manage many services digital content.
There explanation of what they monitor conveys no remiss and
some would say carries the usual ‘read the small print’ caveat and even more
interestingly appears to blame publishers and others for asking for those controls
even though many appear to be naïve to the fact that the controls are not only
enforced locally but that the information about them is sent back to Adobe to
The information has been confirmed by a number of sources to
be unencrypted and therefore open to potentially many parties to read or intercept
which in this day and age beggars belief and is clearly any responsibility or
care. Their privacy statement can be found at Adobe
‘Is my Personal Information Secure?’ states:
‘We understand that the security of
your personal information is important. We provide reasonable administrative,
technical, and physical security controls to protect your personal information.
However, despite our efforts, no security controls are 100% effective and Adobe
cannot ensure or warrant the security of your personal information’.
We all understand that many services such as Kindle,
Overdrive, etc synchronise our reading such to assist our being able to
continue to start where we left off. We respect that there is a wealth of
information that goes with that. But these transfers are secured and not open
and remain within their walled gardens. Anything that resides in Adobe’s
Digital Editions 4 library appears fair game to Adobe snooping and data
harvesting, even documents and non DRM ebooks!
Adobe may now find itself under pressure from large library services
and others to explain their approach and given their ACS4/5 history, the solid umbilical
cord to ADE and their apparent approach to ‘act first think later’, some may now
be prompted to look at alternative options. However that in itself is not an easy
route. It is also clear that this is not an old data harvesting feature but
only applicable to ADE4 and probably tied to the ACS5 features they are desperate
to get adopted by all.
It is sobering to think that they know and send via an open
·Unique User ID which aligns to registration
·Device ID to restrict number of devices re DRM
·Certified App ID to ensure only certified apps
(licenced sales and rentals)
·Device IP to determine geo-block
·Duration of reading to meter reading against
·Percentage of the Book Read to enable publishers
to align to subscription models and determine if the book has been ‘read’
·Date of Purchase/Download
·Distributor ID and Adobe Content Server Operator
·Metadata provided by Publisher (title, author, publisher
list price, ISBN number etc)
It is also reasonable to ask why the new controls aren’t performed
at a local level by ADE4 and why the data has to go back to the mothership at
all. Surely if the publisher states x, y and z rules these can be enforced locally
and the only validation required is at the offset to stamp the file as genuine?
Perhaps that’s too simple and perhaps Abobe feel that would loosen their tight
control and not give them that rich seam of data that they could………
The question of privacy on the internet has once again
raised its head with the posting by Digital Reader on Adobe’s ACS DRM system
and what is claimed to be excessive data gathering of personal information from
We can’t comment on whether the facts as presented are true
or false, but we are able to say that if true, they are a significant shift
from where Adobe started from and seriously question the role of DRM and
whether consumer privacy rights have been breeched.
Abobe DRM history goes back many years. ACS3 was widely used
by retailers but effectively broken and open. The start of the latest ebook
revolution was initiated with the introduction of the eInk readers and when
Sony entered the fray they wanted a DRM system which would effectively give
them a march on the rest. Adobe also wanted to regain control of a space they
had clearly lost. Overdrive had also built a ACS4 beta that they were using to
control their market. We remember Adobe’s introduction of ACS4 and their lack
of market awareness and often rigid mind-set and coupled with Sony’s desire to
rule the world, we had many often fraught conversations with the two of them
but the rest of the market wasn’t ready and so they won the initial battle.
Years later it’s a different story and many have either migrated to their own
DRM. Amazon and Apple never did join and Kobo and Nook grew alternative offers
and Overdrive stuck with their own variant.
Adobe then went into what can best described as the Dark
Ages where they still championed interoperability, but where leaderless and
gave up trying to manage micropayments and gave this up to a small handful of
agents who managed the retail facing activity and collected the money. They
then came up with ACS5 or a tighter model which was part born out of the fact
that ACS4 could easily be broken by anyone who asked the right questions on the
Internet and part by the fact that they were clearly being squeezed out by the
big channels. Unfortunately ACS5 has some basic issues which forced Adobe to
retract their initially statements and backtrack on their timelines to force
full migration to the new platform.
So today we have the news that Abode appear to be data
gathering consumer usage information at title level and also at library level. What
was read when, what wasn’t read, and probably much more? Is this right or
Well Adobe provide a DRM locking service aimed at validating
ownership and stamping this such that they can ensure rights are managed with
respect to devices, etc. Why on earth do they want to gather data on usage
other than to sell back to publishers, retailers and libraries. Did they offer
and opt in, or opt out to consumers is a mute question and we would suggest
that they had to in order to snoop.
They apparently doing this not through the standard
interface with hosting sites but through a mole application in Digital Editions
that they plant into the consumer library or device. We would like to see the
snooper application flagged as unauthorised by the security systems and users
being given at least the choice of allowing it in. Whether the Adobe service
will work without the mole is an interesting question.
We have to accept that Amazon, Apple, Nook, Kobo and
Overdrive all can gather information on their consumers and their walled
gardens allow this, but they are walled gardens. Adobe promotes itself as open
and interoperable and importantly does not have consumer customer relationships
to build in the same way. Again it begs the question what do they intend to do
with this information and is it being resold and if so to whom?
However, all this a new news and we await more information
about Abode’s intent and what is behind the intrusion into consumer’s private
libraries and reading habits.
Personally, if the facts bear up to what has been reported,
then Adobe has single handily done more harm to DRM than all the articles every
written about it. Consumers if made aware of it will probably shun and question
the violation of their privacy.
Finally, we hope that the wider media picks this story up
and fully investigates it and if collaborated exposes it to the consumer.