Making Social DRM work for e-books—with maximum privacy protection
April 30, 2008 | 7:26 am
E-books sales could get a big boost if the industry ditched Digital Rights Management, a literary and sales toxin.
Wickedly, DRM links future access to a book to the whims and survival of the DRM provider.
But what to replace DRM with?
The best scenario for e-book-lovers, as I see it, would be nothing. But many publishers won’t go for that, and what about the tricky issue of library books made available via permanent checkout quotas?
The Social DRM compromise
So, as a compromise, I’ve been talking up the concept of Social DRM—putting customer-specific information in books to discourage the posting of them on P2P networks.
The idea, named by Adobe’s Bill McCoy and based on the experiences of The Pragmatic Programmers, has already intrigued some smart publishers. People “might be a little less eager” to share a book with “5,000 of their closest friends” if “it had their name, address and ‘for a good time call….’ plastered all over it,” joked Deena Fisher of Drollerie Press in Cleveland.
What to include beyond “For a good time call…”?
Humor aside, how far can publishers go in inserting information that would make people less likely to spread copyrighted books around without fair compensation to writers and publishers?
And what about the related issue of perhaps using some kind of digital water marking or something roughly equivalent to make unauthorized copies traceable?
Chris Webb, an open-minded Wiley editor, who dislikes DRM-style lockdowns but wants to carefully weigh alternatives, has broached the privacy question in a thoughtful post headlined Social DRM: How much is too much information?
Privacy-respectful possibilities: The nuts and bolts
In response to the above and other concerns, here is one plans to consider for Social DRM and related marking:
1. Use “Customized for…” with the user’s name and e-mail address. This simple appeal to customers’ sense of fair play is the best anti-piracy deterrent of all. If nothing else, it will help maintain the division between copyrighted books and those truly in the public domain.
2. Encrypt order or customer number, library-account or credit card information or mixes of them; and don’t require “unlocking” the way eReader does. Less secure for publishers? Yes. But any sales lost as a result of this will be made up for in ease of use, and greater appeal to customers. With the order or customer number approach used instead of the direct credit card one, the chance of identify theft based on decryption of the actual files would be zero. Yes, users would still need to trust the security of the e-commerce servers directly or indirectly involved. But that is a problem for card-related transactions of any kind. Furthermore, in the future, to reduce the problems from persistent databases, I can envision the use of anonymous digital cash, with full concealment of identities. But this is a topic for another post.
3. Don’t alter the author’s text to create the customer-specific mark via patterns—no, Garson, most writers wouldn’t go along with that, especially those of fiction—but instead reproduce the encrypted numbers simply as plain text or as patterns hidden within cover images. What’s more, in books where this wouldn’t be a distraction, components of the numbers could appear in different parts of the books, varying from customer to customer. Tinkering with the numbers would make the books more likely to be picked up by customized searches.
4. E-mail retrieval or a password-based system could be used by customers who lost books and wanted to download replacement copies from stores. Yes, that would create some vendor-dependence. But people could avoid the problem by making backups—without any unlocking needed in the future, even for use on new devices.
Meanwhile I would point out that the eReader system is already using encrypted credit card numbers to discourage the sharing of material. Have we heard of mass compromises of the card numbers or other information in eReader books? Or zillions and zillions of works in this format ending up on P2P networks?
Please—more focus on convenience
Alas, one big disadvantage of eReader, among others, is that it’s a proprietary approach—beyond which you need to have your credit card number handy to unlock redownloaded books (at least for new devices and maybe for others–someone can update me). That adds security, but also inconvenience. I’d like to see a little more emphasis on simplicity for the user even though eReader’s system is far, far preferable to, say, Mobipocket’s.
On top of, just remember that no system, eReader’s included, or even Draconian approaches like Mobipocket’s or Microsoft’s, is entirely “safe.”
Microsoft Reader: An easy crack despite the Draconian approach
Ironically, Microsoft Reader is today less secure than eReader—because of the existence of popular crackware, which honest people wouldn’t feel compelled to use if the software were more convenience and used a standard format like ePub, without DRM incompatibilities stymieing them. Isn’t Microsoft saying something when it has not even bothered to plug up Reader’s holes recently? Why? Because a fix doesn’t make sense to it financially? So much for this traditional protection, at least in practical terms. The only way for flawless pirate-proofing to happen is to avoid publishing books, even the paper variety, which can be scanned or even typed in the old-fashioned way.
No, the Social DRM approach won’t be perfect, either, but it would be endlessly more convenient for users than traditional DRM. This system would help them truly own their books forever, take the e-medium more seriously as literature, and happily send more money in the direction of content providers.
A challenge from a Real McCoy at Adobe
How about it, publishers and tech companies? In my opinion, Bill McCoy laid out the possibilities well in the conclusion of his pro-SDRM post made on Feb. 6, 2007 and inspired by Steve Jobs’ negative feelings toward DRM.
Bill, who, yes, is a son of the McCoy clan, noted that Adobe would offer DRM for publishers wanting it. But he laudably added that he “would like nothing more than to have DRM technology just fade away. After all the main challenge we have in digital publishing is to get it adopted by mainstream consumers. And the main challenge 98% of book authors and publishers have is to get people to be aware of their books, not to prevent piracy. So my challenge to print publishers and authors: why not support ‘social DRM,’ rather than heavyweight DRM? If that’s a direction you are willing to go, Adobe will back you up, 1000%.”
I’d love to read similar sentiments from Mi executives at Microsoft and Mobi, too, and even the Kindle side of Amazon, which just happens to sell nonDRMed music. Remember what the e-books industry’s goal should be here—not to further any DRM ideology, but rather to help readers enjoy their purchases in ways that make money for writers and publishers. Companies such as Amazon love to toss around terms such as “good customer experience.” Social DRM, applied in a way respectful of privacy, is one way for this to happen.