More on TechnologyTell: Gadget News | Apple News
Adobe, Jim Baen and ‘Who you gonna trust?’
July 14, 2006 | 7:12 am
|
By David Rothman
“Who you gonna trust?” Adobe executive Bill McCoy asked–after TeleBloggers raised issues about the company and the security of e-books from a user perspective. Oh, the ironies of an Adobe guy using the T word in any context! The whole idea of Adobe’s Draconian DRM option has been based on lack of trust of the user community, even to the extent of at one point seeing a Russian programmer arrested.
In the other direction, many folks wouldn’t exactly trust Adobe to keep them from, say, falling off a mountain–they’d worry massively about the durability of the rope. I myself just don’t trust today’s encrypted e-books, period, and not simply because of the hacker threat. I buy mostly used books rather than the electronic variety, since I fear that technical problems or a change in hardware will deny me access to my purchases. I don’t pirate e-books. But others do–Draconian DRM trains book- and music-lovers to be bootleggers rather than suckers. What a mess, and Adobe has company, not just in the retail world but also the library one. Mobipocket and/or OverDrive will let you enter only three identificaton numbers for machines to display e-books from the Fairfax County Public Library here in Northern Virginia. Otherwise you must beg the support guys for permission to delete a device to make way for another. Talk about hasssles in a multi-machine world!
Nope, Adobe, Mobipocket and other e-book tech companies are hardly the only ones to blame, far from it. They’ve responded to demands by publishers, although I suspect that Adobe and the rest could have been much more aggressive in educating them about the evil of their ways.
Everyone involved would do well to read Eric Burns‘ obit of Jim Baen–which Chris Meadows was nice enough to share with me. Here’s an excerpt:
…Book publishers (the same ones who in an earlier generation tried to restrict the sales of photocopiers lest they destroy publishing as we know it) have been terrified by the thought that people could pirate books trivially. This has guided their initiatives moving forward: Digital Rights Management. Systems that require the credit card number used to buy the book sometimes years after that credit card had been cancelled. Systems that assumed by definition that the fans of the book were criminals who wanted to do bad things.
Systems which, essentially universally, actual criminals cracked trivially. So it was all worthless, and did nothing except piss off honest people. But it was that or open the doors to anarchy.
Jim Baen said “screw it,” and put up completely unprotected
PDFshtml files, RTFs and other open formats of his books.On his website.
For free.
Honestly. It’s called the Baen Free Library, and it has dozens of books on it, available in multiple formats. And the same books available in html format for reading right on the website. Want to read Larry Niven’s Fallen Angels online? Go for it. Want to get the first four Mercedes Lackey Bardic Voices books (and other Lackey stuff) down onto your PDA? Okay. Want to try Lois McMaster Bujold on for size — see if you like her style? You can. It’s. Literally. Free.
Why did he do this? First off because DRM offended Baen. And second off because he believed, fervently, that someone who reads books for free online will then buy copies of those books or others by that same author.
Guess what. He was right. Sales of the books in the Free Library, plus other books by those authors, increased after they were made freely available. Which maybe people should have figured out before that, since it’s been known for generations that putting copies of books in public libraries (which publishers also resisted) led to increased book sales.
OK, Bill, so what do you think? I kinda liked the obit that you yourself wrote about Baen. It’ll be interesting to see how enthusiastically Adobe as a corporation listens to you, not just in future product offerings but also in dialogue with publishers. Will Adobe OFFICIALLY recommend that no DRM be the default for e-books in most retail situations? May your employer honor the memory of Jim Baen and follow the above suggestion! Thanks. The best way to earn trust is to show some.
(Photo by Juhasz Attila via SXC.)
|
Previous
SUBSCRIBE TO RSS
Comments:
“I myself just don’t trust today’s encrypted e-books, period, and not simply because of the hacker threat.”
I have no problem with encryption per se; I have a problem with encryption I can’t control. I also have no problem with DRM that ties content to a particular person (through keys or passwords), but will never accept DRM that ties content to a specific device which is guaranteed to fail. Compare Microsoft LIT to Palm eReader: you can only have up to 6 devices activated for a particular Microsoft Passport account, but you can move your DRM’d eReader files to any system that has eReader on it without limit.
The surprising thing about Microsoft Reader DRM is that it remains possible to remove it using the current two-year-old version of Convert LIT. I can only assume that someone at Microsoft either a) decided to pretend they’d never heard of the thing and that everything was still OK or b) realised that the existence of a tool that enables owners of legitimately purchased ebooks to use them on other platforms actually increased sales rather than reducing them.
David,
You’re changing the subject here. Trust in a vendor’s software to be secure has absolutely nothing to do with how much that vendors’ DRM solution trusts users to behave honestly with purchased content.
On the latter topic, I don’t particularly like Adobe’s legacy eBook DRM either – it clearly didn’t give users the flexibility they expect. We will improve this significant with our next-generation DRM system. It will still allow publishers to limit use of content to a limited number of systems (so a textbook isn’t sold once per dorm) but provide users more flexibility to move their rights based on their identity, rather than a restrictive permanent machine locking (which doesn’t make a lot of sense in a world where people change systems frequently and may even live off their thumb drives).
I don’t like Microsoft Reader’s legacy DRM, nor Apple FairPlay, nor Windows Media DRM either. So this is not just an Adobe issue but really a much broader issue with first-generation DRM architectures, and that vendors in general tried to effect what in hindsight were unreasonable expectations on the part of content publishers around security and control. Any DRM has to trade off user convenience vs. the level of security provided to rights holders. Luckily, content publishers are now realizing that digital distribution is a given and an opportunity for incremental revenue, not just a threat, and that user convenience critical to adoption. So they are increasingly subscribing to “keep honest people honest” level of security. Which is a good thing since even the most draconian DRM systems never have actually achieved any more than this.
Unfortunately Windows Vista DRM seems like a throwback – maybe Hollywood hasn’t quite gotten the message and Microsoft & Intel have no choice but to pander to them, but it seems like we are poised to take a step backwards, at least for those that choose platform-specific DRM architectures for their content. At the end of the day I doubt it will really be more secure, despite requiring us to actually buy new computers and displays (it’s hard to get much more draconian than this).
Hi,
Regarding MsReader, you gotta notice that where DRM serves a useful role like in library ebooks there are NO lit books that I know of. Where DRM is put in place for the publishers’ bosses, there are quite a lot of lit books. So like in many things in this country (US) (from speed limits to immigration) I would bet on above option b) as long as we do not draw attention to it.
Liviu
An aside: Dan’s opinions are always worth are paying attention to, but especially here. Until the U.K. passed a DMCA-style law, he may well have been the world’s leading distributor of Convert Lit. – David
The question about trust is a good question: that’s where all security ends up, once competence doesn’t go further: if you can’t evaluate their claims, or buy the services of someone who can, do you trust them not to fudge the matter? What is really at stake here?
Confusing the issue by throwing in DRM doesn’t help: this is not just a matter of losing rights. It’s about losing the use of a reader device entirely, and quite possibly other assets stored on that device/computer, or in its immediate neighbourhood, and possibly even to have it turn hostile on you.
In the past two years, implementation errors in image file formats (as implemented in various software libraries) have proved to be very fertile ground for hackers: create an image file that doesn’t follow the format specification, and so trigger a problem in the reading software that doesn’t expect an image file to be -25 pixels wide, say, and with a bit of skill you can get some code to execute when it shouldn’t. Place it on a web site, or send it in spam, and just wait for someone to look at it. The client computer becomes a spam bot, or perhaps, your personal electronic certificates are sent to an identity thief. Just the other day, Microsoft reported more of these problems, this time in AOL ART images, as well as in PowerPoint. And this is more than two years after the basic problem began to be exploited. Can we trust anyone to have cleaned up their act in this regard? I don’t trust anyone, myself.
This will happen with e-books as well, if they take off. At present, usage levels are probably too low to make it profitable, but once e-books gain momentum — and the Sony Reader just may be a thing that helps — there will be a lot of experimentation in file format hacking.
So … what labs are there to test eBook readers for robustness? That specifying a XML attribute containing half a gigabyte of data doesn’t fail in some mysterious way? Or that a quotation -5 or ‘Q’ lines long doesn’t cause the software to go dizzy? Are the ZIP libraries used for the IDPF containers robust enough to survive hostile content? Who checks them?
If there are no such testing competence, what software houses do we trust to go those extra miles to test the software from the black-hat viewpoint? And what is that trust based on? Security tends to be one of the first things that are droppped once development and delivery schedules have begun slipping.
Trusting that noone will try this type of hacking of eBook file formats is probably vain.
An awesome post, thanks. I hope others will pitch in with their own perspectives. I’m hardly a security expert but know enough to agree with you that we should be worrying about the problem NOW in an e-book context. DRM-related complicatons are hardly the only security problem. You’re welcome to disagree, but this is one argument for e-book standards, given all the challenges involved here. So thanks. David