Of Adobe Digital Editions Version 4 Privacy Snafu and Why Lawyers Would Care

It seems Adobe Digital Editions (ADE) version 4.0 could be more than it appears. If you thought it was just an innocuous little digital rights management tool for balancing intellectual property interests with your modest entitlement to enjoy downloaded ebooks from public libraries and vendors in rustic peace and seclusion, you might think again. Last week news started to spread that Adobe Digital Editions version 4.0—released about a month earlier in September— was actually an overactive and prolific snitch, reporting back to Adobe on a daily basis about every ebook title you downloaded, every ereader device you used, every page you skipped to, and even at what time, location and in what order.

Basically, it appears to be not just a DRM tool, but a very curious little spy… or perhaps more accurately a gossipy tattle tale, because spies generally care much more about who receives the information they traffic. Through its utter lack of encryption ADE 4.0 appears to care very little about eavesdroppers. It also appears to be collecting information not just on DRM titles (like those copy-limited public library EPUBs you must wait to digitally borrow), but on DRM-free titles—and you might rightly question Adobe’s legitimate interest.

We at Courthouse Libraries BC, along with many other library organizations, tried to get ahead of the story for the sake of a handful of our clients who may have used ADE in connection with an advanced function available in some titles. Our post went up on Friday, and many, many libraries have done the same.

We shared a list of sources for these concerns that includes Nate Hoffelder’s, commentator at www.the-digital-reader.com, initial post raising the flag:

Other sources include:

We are advising anyone (and I think lawyers and judges would like to know about this), to not upgrade to ADE version 4.0, and if you have to uninstall it and use the older versions of ADE 3.0 or earlier (if they even work at all).

A current post from www.digitalbookworld.com provides good current news on this fiasco, including Adobe’s promise to offer a new release by October 20, 2014 addressing the privacy and encryption problems. Adobe has not addressed the other issues, however, which include how gathering and reporting this much detailed information reconciles with any legitimate purpose.

Great, so why do you care?

I’m not saying many lawyers use EPUBs to store their work product, but some do. If you want a format that is easy to handle on an iPad, EPUB is great. Convert a transcript from an XFD, a trial book, notes about a witness, etc. to an EPUB format so that you can search quickly through a long document, change font setting for easy reading, etc. I can very well imagine that some lawyer has done this already. In fact, Scrivener has a pretty useful looking case study about a lawyer doing this pretty much exactly.

We should all be asking what business Adobe has in knowing about our self-published titles, especially when these could identify our clients. We might take safe measures to encrypt our storage and password protect our devices, and we don’t want Adobe to allow a breach to happen at all, let alone on purpose.

I recommend reading the EFF’s take on this whole problem, and I will paraphrase one of their concerns in an example that should resonate with lawyers : Borrowing a copy of Catcher and the Rye from your public library shouldn’t be a license to scan your trial briefs.

The company insists the information is collected “solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers,” but this has not assuaged EFF or the ALA. It should not appease lawyers who recognize the inherent dissonance between narrowing concepts like “solely” being blown open by terms like “purposes such as” and total vagueness like “facilitate the implementation of different licensing models by publishers.” What if a publisher’s licensing model involves selling competitive intelligence to interests that are in litigation against your client’s?

As I’m about to post, I just checked and saw that Hoffelder has posted again regarding ADE 4.0—with unslaked skepticism too:

“… on the plus side, at least Adobe is now promising to encrypt their spying. They’re not promising to stop it but at least now no one will be able to listen in.

That [means] that we won’t have to worry – not until the next time that Adobe is hacked and user data is leaked to the web. 38 million users were affected the last time this happened,including ebook users.

I feel real safe with Adobe’s plan to use encryption, don’t you?”

Hmmm. Nope.

Comments are closed.