Adobe’s laxness with e-book data shows the need for a library-controlled ecosystem for library e-books

Get ePub or Kindle file of this

Update: While Adobe has begun encrypting the data via a software patch, privacy fears remain.

LibraryCity has called repeatedly for a library-controlled ecosystem for library e-books. Now comes indignation over how hackable Adobe’s Digital Editions 4 is. The security lapses would never have happened if libraries had controlled this e-book app on which so many thousands of trusting patrons rely. Librarians tend to be far more privacy-minded than high-tech giants.

Adobe was even sloppy enough to transmit non-encrypted information with such intimate details as what pages people read of particular e-books, and the company suffered well-deserved thrashings from The Digital Reader and from the American Library Association. The company challenged certain details of Nate Hoffelder’s reportage for the Reader and denied it spied even on books not read with ADE. But it admitted letting the software send out e-book data in the clear.

Granted, the ALA can set up new guidelines for library vendors. But the ultimate solution should go beyond that, because of the serious risk of noncompliance. Remember, Adobe is a multibillion-dollar company. Imagine the possible lapses from less established vendors.

Tip of the iceberg?

Libraries could still use outside technical expertise through contractors and directly, but for the maximum security of their patrons, among other reasons, they deserve their own infrastructure. Very possibly, the Adobe outrage is just the tip of the iceberg. What becomes of the market information collected by OverDrive and Amazon—not just now but in the future?

With librarians controlling data collection and observing long-established professional ethics, information could still be gathered on e-book use for purposes such as aggregated market data and syncing of places in readers’ books on multiple devices. And there could even be recommendations of books and movies based on past reading and viewing habits. But at the individual level, all this would be optional. Felt that page sync was a privacy threat? You could turn it off. Same for collection of even aggregated market data.

Maximum patron-protection in action

LJendowmentPNGWhat could this maximum patron-protection entail (even if nothing is perfect)?

1. A robust infrastructure organization for both public and academic libraries. An endowment-financed purchase of OverDrive could be the start of this infrastructure, jointly owned and operated by a national digital public library system and the academically oriented Digital Public Library of America. The infrastructure mustn’t be only DPLA-controlled; we need participation from a public digital system for sufficient attention to access and digital divide issues. In general, public and academic libraries are different creatures despite some major overlaps and the need for close cooperation and collaboration.

For information on the proposed national digital library endowment that could help finance the infrastructure and the two digital library systems, see articles from the Chronicle of Philanthropy and Library Journal (direct links). The LJ piece has just appeared.

2. The use of top security experts—without any compromising organizational ties—to vet the servers and security precautions that the two library systems used there and elsewhere.

3. Truly library-created applications for iOS, Android and other common operating systems. The Douglas County (Colorado) library system has moved in the right direction even if—as far as I know—it is still relying on Adobe DRM. I’m confident that Douglas would love for that to change.

4. Investigation of such options as well-vetted versions of the Android operating system for phones and tablets. Independent companies could install this firmware with proper supervision. Ideally hardware vendors of all sizes could offer firmware-less phones and other hardware at discount both to individuals and library-oriented upgraders of devices.

Some of the new cheapie Android phones are incredible. But they come with virus and spyware risks. Probably all kinds of Android do. But the techies behind library-vetted firmware could at least work to minimize them.

With library-controlled variants of Android, the user interface could be optimized through installation options for the needs of individuals. Libraries not only could focus on security but also on accessibility-related issues such as the capability of all-bold type for people wanting it, just to give one example of an area where Amazon has been egregiously deficient.

People could install nonlibrary applications, including e-reading apps from Amazon and other e-book vendors, and even use the Google Play Store. But the library-controlled variants could also offer a store with programs closely inspected for privacy breaches. And even with anti-virus scanning, end users would be warned of the perils of not using library-vetted apps. The store could be at least a small revenue-generator.

Needless to say, library-vetted firmware and apps could also be installed on dedicated e-book readers of cooperating vendors.

Yet another possibility would be for libraries to take over the Firefox operating system for mobile hardware or develop their own version of linux for e-book-capable devices. But the Android path is probably a lot more doable, both in terms of costs and the ability of people to keep using popular apps.

The above steps sound drastic, but they are not, given the scope of the privacy threats. Along the way, a library-controlled infrastructure could also be hardened against cyber-attacks from countries not so enamored of American culture.

Some would argue that libraries cannot afford to get into the infrastructure and ecosystem businesses. On the contrary. The costs of not doing so could be considerably higher. If libraries persist in over-relying on outside vendors, this could very possibly lead to their being bypassed and perhaps ultimately put out of business in many cases. Like it or not, as shown by a wonderful video out of Nashville, books remain American libraries’ main calling card, although, if libraries can expand their franchise to include new functions such as vetting of apps, then so much the better. Secure book lockers would be another possibility as a new service.

If nothing else, librarians must not put digitization on hold just because Adobe let down them and patrons. E-books remain the future. Learn to live with them and—in areas such as user privacy—offer additional value.

Update: What if even foreign governments could snoop on the e-book habits of U.S. readers? Russian hackers are already hacking Widows to spy on users, and who knows what’s next?

Similar Posts:

   Send article as PDF   
2 comments to “Adobe’s laxness with e-book data shows the need for a library-controlled ecosystem for library e-books”
2 comments to “Adobe’s laxness with e-book data shows the need for a library-controlled ecosystem for library e-books”
  1. Sadly, I don’t share your optimism about the ability of libraries to manage the security of their own applications. Libraries have good intentions when it comes to user privacy, but they lack the knowledge (especially at the leadership level) to deal with the complex realities of running their own infrastructure. I’ve seen enough patron privacy breaches at MPOW to make me recognize how hard this stuff is, and how ill-equipped we are in terms of skills and understanding.

    That’s not to say I disagree with many of the things you’re proposing – a library-governed ebook ecosystem would be a huge improvement over the current OverDrive monopoly, for lots of reasons.

    • Thanks for your comments, Jen. Actually we agree in many if not most ways. I certainly want librarians to be able to go outside to hire outstandingly knowledgeable experts to take care of details, whether applications-related or otherwise. The difference is that the outsiders would be much more accountable to the librarians, and to society at large, than they are now. A librarian-controlled ecosystem would help immensely. It would be easier for your own library system to enforce privacy policies since this would be a top-down priority reflected in the development of the infrastructure and the use of resources at all levels, including the human variety.

      OverDrive is doing many good things with some very talented people, but when push comes to shove, the interests of the shareholders will prevail over others. Additionally, beyond the monopoly issue, should America’s library system become increasingly privatized? Here’s to an OverDrive buyout when the resources are there!

      David

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.