Amazon Feared the Bad, Crushed the Good, and Made the Bad WorseMarch 18, 2009
Technology is never inherently bad, it may have bad uses. So we must encourage the good uses and steer from the bad. When hobbyists at mobileread.com wrote a guide for reading legally purchased third-party books on a Kindle, Amazon lawyers demanded the guide’s removal. Instead of encouraging the good uses, Amazon feared the bad and made it worse.
Many eBook sellers—including the Kindle—use the MobiPocket eBook file format. Mobi’s DRM imposes a strict regimen, typical of DRM. The Mobi file is encrypted to display on at most four devices, each specified by ID. When you buy a Mobi book (or more precisely, buy “access”) from a seller, you must provide this device ID and the seller encrypts the file to display only on that device. If you get a new device, you must repeat the process with the new ID.
The Kindle does not reveal its device ID. Amazon keeps that to itself. Without this ID you cannot add the Kindle as a device to your library of non-Amazon Mobi books. Back in 2007, Igor Skochinsky cured this disability with a product of his tinkering: a script that takes a Kindle serial number (from the side of the box or the back of the device) and translates it into the corresponding Mobi device ID. With this ID, you can read your legally purchased Mobi library on your Kindle, all without removing any DRM.
The guide at mobileread.com gave detailed instructions on how to use this script—in the good way—to read your Mobi books on your Kindle. Amazon’s other takedown demands targeted forum posts by community users as they constructed the guide.
Three things make this more complicated.
Kindle looks at a custom field in the device record within the encrypted Mobi book. Before displaying the book, this field must be set. To fix the file for the Kindle, Igor released another script to peel back the DRM and set the field. Afterward it leaves the DRM intact.
Anytime you unwrap DRM it raises DMCA concerns. But here, Igor’s script is adding a new field so that the Kindle can support an additional body of DRM content. It is not circumventing, it is introducing the old prison to the new keeper. It does not remove the DRM. It leaves all restrictions intact—including Mobi device restrictions.
The encryption that Mobi uses has been cracked. This separate circumvention tool, that actually strips the DRM, requires as input both the Mobi file and the device ID. So Igor’s script to reveal the Kindle’s device ID provides a needed input to someone using the separate DRM-removing tool.
This stripping of DRM is the bad use that Amazon wants to avoid, but instead, they have attacked a guide for a good use. The guide did not tell how to strip the DRM. It did not link to any of the tools for stripping the DRM. It did not even mention the name of the tool to strip DRM. It explained how to read books on the Kindle that you have legally purchased.
Igor shared an update to the script to work with the iPhone Kindle App. This still accepts a serial number as input and translates it into the corresponding Mobi device ID—but now the input can also be an iPhone serial number. The timing of this update together with Amazon’s takedown demand cannot be coincidence. Igor’s Kindle-only script and mobileread.com’s guide had been around for over a year without complaint. By adding support for Kindle on the iPhone, Amazon lost an element of control. As it introduced this new opening, we all waited to see how Amazon would behave.
Many sites carried information on the script, including the author’s Google-hosted blog. But Amazon did not pursue the powerful, it targeted a small volunteer community of passionate hobbyists. This weakness is unbecoming.
By hurling legal grenades at hobbyists who are teaching each other to read legally purchased books, the effort is a twofold failure. First, it steers the hobbyists toward bad uses since they are attacked for even explaining the good. And second, Amazon comes off as a petulant tyrant instead of the enlightened titan of the Net that we know they can be.