A violation of privacy
A very disturbing discovery has been made. The software used by the St. Mary’s library, University System of Maryland and Affiliated Institutions (USMAI) libraries, and countless other academic and public libraries to lend ebooks is knowingly violating users’ privacy.
As documented in Ars Technica, Adobe Digital Editions tracks and compiles data on which ebooks users download and read, and exactly what each user does with those books. Worse yet, Adobe is sending that information to its servers in plain text, using unencrypted channels, so just about anyone could access that information. Nate Hoffelder of The Digital Reader made the discovery on October 6, 2014, but the violation is believed to have started with the release of Adobe Digital Editions 4.0 in early September.
How it works
Adobe Digital Editions is used by many libraries as a PDF reader for ebook lending to control the digital rights management (DRM) on all borrowed ebooks. This software is essentially what “returns” a borrowed ebook when the loan expires by removing it from a borrower’s computer. Most ebook publishers require a DRM as part of the licensing or sales agreement to ensure intellectual property rights are not violated by end users (a.k.a. book borrowers or library patrons).
Librarians are furious. As you may recall from when Edward Snowden leaked the NSA’s secrets, librarians value their patrons’ privacy and take every possible precaution to ensure privacy is maintained. The American Library Association (ALA) has issued this statement and the Library and Information Technology Association (LITA) has published this blog post in reaction to the news. Quoted from the ALA statement:
In response to ALA’s request for information, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.
Here at St. Mary’s, we will be keeping a close eye on the situation.