Adobe and Your E-Book Data. Each week, Educating Modern Learners will pick one interesting current event – whether it’s news about education, technology, politics, business, science, or culture – and help put it in context for school leaders, explaining why the news matters and how it might affect teaching and learning (in the short or in the long run). This week (the week of October 6), Audrey Watters examines reports that Adobe Digital Editions may transmit data about users’ reading habits, including for files not associated with that software, in unencrypted plain text back to Adobe.
On Monday, e-book blogger Nate Hoffelder published a story with a very alarming headline: “Adobe is Spying on Users, Collecting Data on Their eBook Libraries.”
According to Hoffelder, the most recent edition of Adobe’s ePUB and PDF reader, Digital Editions 4, “seemed to be sending an awful lot of data to Adobe’s servers.” Upon closer examination, Hoffelder found that “Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.” Device ID. User ID. Device IP address. Duration for which the book was read, and the percentage of the book that was read. The data appears to be sent whether or not the e-book is protected by Adobe DRM or not.
The technology blog Ars Technica confirmed the finding, adding that
Digital Editions (DE) has been used by many public libraries as a recommended application for patrons wanting to borrow electronic books (particularly with the Overdrive e-book lending system), because it can enforce digital rights management rules on how long a book may be read for. But DE also reports back data on e-books that have been purchased or self-published. Those logs are transmitted over an unencrypted HTTP connection back to a server at Adobe—a server with the Domain Name Service hostname “adelogs.adobe.com”—as an unencrypted file (the data format of which appears to be JSON).
That the data is unencrypted means that anyone who can monitor Internet traffic — the NSA, Internet Service Providers, those on a shared WiFi network — could view the information.
Ars Technica notes that this transmission would seem to violate a recently passed law in New Jersey that aims to protect readers’ electronic data. Indeed most states in the US have privacy laws on the books that protect library patrons’ data and restrict access to information about which books they’ve checked out and read. Whether Adobe’s data collection violates any specific law or not, the move by Adobe certainly violates librarians’ professional belief in and commitment to reader privacy.
Adobe has responded to the charges, insisting that “User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.” Gluejar founder and former OCLC executive Eric Hellman has some responses to that, noting that while people still are not completely certain what is happening to reader data, “One thing that’s clear is that Adobe Digital Editions version 4 is not well designed.” But as Hellman argues, neither technical failings nor Terms of Service verbiage are an adequate excuse here.
But Libraries find themselves in a difficult place. Patrons want e-books. The publishing industry has been reluctant to make e-book available for libraries, and when they have, they’ve insisted on DRM and other licensing restrictions. Librarians have balked in the past at software that encourages patrons to buy the books when their check-out period is over, so the privacy concerns raised by the Adobe software just the latest in a long string of challenges that librarians face over the move to digital reading materials.
As librarian Jason Griffey writes, “There are technical solutions that satisfy our ethical concerns. We need to insist that our vendors care enough about our ethics that the technical answers become a market differentiator. We need to insist that this is important and then we need to make them listen.” (No doubt, schools should do the same.)
Image credits: Loughborough University Library
