October 16, 2014

Adobe is under fire from librarians for breach of ebook privacy


Adobe is collecting information from the Adobe Digital Editions app and sending it back to their servers.

Adobe is collecting information from the Adobe Digital Editions app and sending it back to their servers.

Adobe Digital Editions (ADE) a reading app that is used by most libraries across the United States and many readers around the world to access ebooks with DRM, is collecting and sending information back to Adobe. This discovery was reported by Nathan Hoffelder in a post last week for the The Digital Reader:

A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe’s DRM for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s epub app, seemed to be sending an awful lot of data to Adobe’s servers.

My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers.

On Monday, the ALA responded to this news by issuing a press release condemning the practice: “The American Library Association (ALA) decries confirmed reader data breaches by Adobe and calls for immediate corrective action to encrypt and protect reader information.” The ALA says they received a response from Adobe that they are working on something to correct the issue which would be announced by the week of October 20. Overdrive, the main vendor for ebooks in libraries has yet to comment. ADE is used for all ebooks accessed through Overdrive.

Publishers Weekly suggests that this discovery may be similar to what the music industry experienced in terms of DRM:

The Electronic Frontier Foundation’s Corrynne McSherry suggested that “the publishing world may finally be facing its “rootkit scandal,” in a blistering post. “And it’s all being done in the name of copyright enforcement.”

In 2005, the music industry faced a major revolt when a computer security researcher revealed that a major label’s anti-piracy software was based on a “rootkit,” a damaging system often used by hackers in conjunction with spyware and malware. “The rootkit scandal put several nails in the coffin of DRM and music,” EFF notes, calling the Adobe discovery a potential silver lining. “If enough readers, librarians, publishers and authors speak up, perhaps this latest scandal will do the same for DRM and books.”

Librarian Jenny Arch has been posting updates about the situation on her blog, highlighting in particular concerns about DRM from a librarian’s point of view. She quotes open source programmer Galen Charlton on the issue:

Charlton, too, pointed back to DRM as the root of these troubles, and highlighted the tension between access and privacy…. “Accepting DRM has been a terrible dilemma for libraries – enabling and supporting, no matter how passively, tools for limiting access to information flies against our professional values.  On the other hand, without some degree of acquiescence to it, libraries would be even more limited in their ability to offer current books to their patrons.”


Claire Kelley is the Director of Library and Academic Marketing at Melville House.