Two news reports over the past week together demonstrated just how fragile “ownership” of digital books is for consumers. Of course, alert readers will know that they don’t actually own e-books anyway, they license them, usually under terms that give readers very little actual control over the content. However, it would be pretty to think that I could at least move the e-books that I have purchased from one location to another, or reload them on a new device with ease. That would make it simple to buy books from any vendor that I choose, instead of feeling like I have to go to Amazon, the biggest vendor available, which uses its own proprietary format. But that’s not the case.
In some ways the scariest story involved Adobe’s deployment plans for a new, updated DRM system. Adobe’s Adobe Content Server (ACS) has been used by vendors such as Sony, Kobo, Barnes & Noble, and many others, to apply restrictions to ebooks at the behest of publishers. Although ubiquitous, even ACS is not left untouched; Barnes & Noble has tweaked ACS, and Kobo also uses its own proprietary DRM. But many users of e-book stores’ reading apps invoke ACS through a software library, and many e-Ink devices embed ACS in the firmware.
Like all DRM, it’s reasonably painless as long as you walk the straight and narrow path, but try to do something “unusual,” like borrow a DRM protected library book, and you might quickly encounter the constraints that DRM enables. Over time, library e-book lending has gotten easier, but there are still many prohibitions on sharing, printing, or copying that often trip up unsuspecting users. Notably, Amazon uses its own DRM system, not Adobe’s, although they too must impose publisher-mandated restrictions.
ACS has never made Adobe a pile of money, although it receives revenue not only from its initial license, but also from a “tax” on every DRM transaction. The way that Adobe DRM is constructed, every ACS transaction calls home to Adobe to make sure each party, the ebook fulfiller and the reader, is digitally representing itself as whom they claim to be. It’s a complex chain of events, but Adobe gets to touch a book’s digital footprint every time it is downloaded.
As e-book growth continued over the last few years, and as e-book standards such as EPUB modernized into HTML5 support through EPUB3, Adobe realized that it needed to update its DRM software. Since it wasn’t part of its core software services, it did what most large software companies would do: it outsourced ACS to its own Indian division.
Adobe India supports and runs several well known applications, such as the Macromedia suite, and it is full of skilled and adroit engineers. When the ACS ball was tossed to them, they went around and asked publishers and ACS resellers what kinds of improvements they wanted to see. Of course, that’s like asking a bank if more fees on customer services is a good idea, and sure enough, publishers said, “Please make the DRM harder, so we can break all the pesky DRM hacks that have spread around the Internet.” And the Adobe India engineers did just that, as well as adding improved support for EPUB3.
The big difference between ACS4, the current version, and ACS5, the new version, is a method by which Adobe can dynamically revoke and update system-wide signing keys if it thinks its DRM has been compromised — as I understand it; of course, the DRM system is proprietary.[N.B.: I had originally thought this operated at a user-level, but have been informed it is a system-level update mechanism.]
Well, that’s all well and good, as far as it goes. But somewhere there was a breakdown in communication, and Adobe stumbled into a Really Bad Decision: it would require the hardened DRM embedded in ACS5 for all new transactions [pdf] starting in July 2014, and stop signing ACS4 transactions. This is something akin to dropping a nuclear bomb on existing reading apps, which would have been forced to develop emergency upgrades for their software, and then push this software out to all their users. But, e-Ink devices with embedded software would likely not have been able to receive those updates, and most importantly, a reader could not purchase or loan any new books. Overnight, this would have impacted a huge portion of the ebook industry.
When it became obvious to Adobe resellers what was planned, a series of very hasty conversations took place, and Adobe India, being both smart and sane, rapidly walked back from the cliff. Adobe released a PR indicating that ACS4 systems would be supported indefinitely. The hidden crisis of February was over, and most readers never found out anything might have gone horribly amiss with their e-books or readers.
Purveyors of DRM systems such as Adobe often have a “guns don’t kill people, people kill people” refutation of complaints about DRM systems. But Adobe almost accidentally chucked a spear into the side of the EPUB e-book ecosystem, which would have disenfranchised almost everyone with an older e-Ink device, as well as many independent e-book stores, particularly in Europe, where they are stronger and Amazon weaker, compared to North America. It would, simultaneously, have greatly benefitted Amazon, which is not reliant on Adobe DRM systems. And, moronically, Amazon’s DRM is in many ways weaker than Adobe’s. It makes you pine for a good consumer regulatory agency for digital content.
FTC, can you hear me?
If you are starting to feel a bit insecure about the ebook world that publishers have helped to create on your behalf, then you should brace yourself for the impact of Sony’s decision to exit its e-book store in North America in March 2014, and is handing over its customer data and e-book libraries to the Japanese company, Kobo, which is owned by the Rakuten conglomerate. Sony, infamous for its rootkit DRM horror show from 2005, has worked hard to make this transition for consumers “seamless,” and is even allowing them to opt-out of the migration of their library to Kobo. Of course, it would be good to know if Sony was then going to delete that data from its own servers after it closes its ebook store, or keep it around for a while. One ringy dingy, FTC?
Sony has stated that customers should be able to download all of their books from Kobo. That’s possible, although Sony started licensing its book catalog from publishers long before Kobo, and Sony’s licenses might not be consistent with the licenses that Kobo obtained. Therefore, a book you purchased at Sony might not be available in the Kobo store. Further, Sony originally used a proprietary e-book format, BBeB, before transitioning to EPUB. Publishers and distributors would have routinely given BBeB e-books their own ISBNs, distinct from the ISBNs they gave to EPUB versions for another store.
So ensuring that This Book in Sony is the same as That Book in Kobo is as easy as knowing that there is a database where you can easily look up one ISBN and see all the equivalent ISBNs for its different formats. Yep. You guessed it, that system doesn’t exist. Some large library systems, such as OCLC and OpenLibrary, try to do this matching, but there’s no database of record.
Of course, none of this would be a problem if the Sony books hadn’t been protected in the first place by DRM, because then you could just simply drag-and-drop your ebooks from one reading system to another. Unfortunately, publisher-mandated e-book DRM systems are ubiquitous, and they are often implemented through problematic means. As a consequence, what two of the pillars of the e-book industry, Adobe and Sony, have inadvertently managed to demonstrate over the last week is that the ebook marketplace, and the ebooks that are in our libraries, are made tissue-paper fragile by DRM, and the reason that DRM exists is that publishers want it to be there.
What ebook consumers need is an interoperable system across many distributors, libraries, and retailers, rather than a collection of silos. In a narrow sense, DRM is a non-sequitur: a DRM system doesn’t inherently prevent interoperability (guns don’t kill people). The Readium Foundation has been trying to design a simple, lightweight content protection (LCP) mechanism that would present a far friendlier image to consumers.
Yet, inevitably, publishers are trying to add more knobs and levers even to this. The result of this tinkering is that the one dominant e-book system, Amazon’s, looks like a safe harbor to consumers compared to smaller, independent ebook retailers and vendors. That’s not the market incentive we need to create.