Digital Locks Can Cost You Your PrivacyOctober 9, 2014
On Monday, the Digital Reader revealed (confirmed in detail by Ars Technica here) that Adobe’s ebook reader, Adobe Digital Editions, was reporting the reading habits of its users, and the contents of their digital libraries, to Adobe.
All of this information was sent in plain text, unencrypted, over the Internet, making it trivial to intercept. Not only does the reader apparently report on all of the books and authors the user is reading, it also reports exactly what pages you’ve read, and when.
Why not just use a different reader? Because a number of books bought through Adobe Digital Editions can only be read through this compatible reader. If you’ve already invested in these locked books, this is the only way to get at what you’ve already paid for. As EFF notes, this is a klaxon of a reminder that digital locks on media—whether you call them Digital Rights Management (“DRM”), Technological Protection Measures (“TPMs”), or access controls—can cause actual harm to users and consumers.
Protecting the privacy of readers and their choice of books is such a fundamental value that it places libraries at the center of surveillance debates, where their efforts prevent people from being stigmatized or scrutinized just because of their desire to learn. Librarians, naturally, are alarmed at what these revelations might portend for reader privacy with libraries using Adobe systems. Whether someone has checked out a book on dealing with depression, or a copy of What to Expect When You’re Expecting is a telling insight into their lives, and one that deserves the most serious protection.
When Congress passed the Digital Millennium Copyright Act, it anticipated that digital locks could actually prevent people from doing completely lawful things. So there are some exemptions to the law against bypassing those locks. One of the exemptions allows users to circumvent locks for purposes of protecting their privacy, but the way it’s phrased, it seems like users can only protect their privacy if they can be certain that their actions wouldn’t let anyone else read their book.
This is insanity. It’s stating that your privacy is only important if it doesn’t impinge upon a publisher’s copyrights.
Luckily, the law also provides a means for additional exemptions to be created. Every three years, the Library of Congress must conduct a rulemaking to allow people who are “adversely affected” by the law. The commonsense way of reading that is that the Library should grant exemptions to the law when it prevents people from doing perfectly legal things with copyrighted works. For instance, blind people should be able to read ebooks with their text-to-speech readers, and circumvent any digital locks in place that prevent them from doing that. In that case, the adverse effect is not being able to access the copyrighted work that they have lawful access to, and that the digital locks, which control access, are preventing them from reaching.
The privacy-violating software on the Adobe reader is a different sort of thing. Though it controls access to a copyrighted work (certain books bought for it can’t be read outside of it), the adverse effect it creates isn’t the inability to read the work. The harm is the inability to read the work without disclosing all of my ebooks to the world. Hopefully, both a lack of legal access and an active impingement upon my privacy are things that would be considered “adverse effects” in the rulemaking process.
That process, incidentally, has just gotten underway, with the Copyright Office asking the public to tell it about digital locks that are keeping them from making lawful uses of copyrighted works. The deadline for these short comments is this November 3rd.
This process is an imperfect one—anyone who was paying attention through the cell phone unlocking ordeal will know that—but it’s the best path we have right now for ensuring that copyright law—and the technologies that have grown up around it—don’t end up costing us far more than they give.
Image credit: Flickr user Yuri Yu. Samoilov