Update: While Adobe has begun encrypting the data via a software patch, privacy fears remain.
LibraryCity has called repeatedly for a library-controlled ecosystem for library e-books. Now comes indignation over how hackable Adobe’s Digital Editions 4 is. The security lapses would never have happened if libraries had controlled this e-book app on which so many thousands of trusting patrons rely. Librarians tend to be far more privacy-minded than high-tech giants.
Adobe was even sloppy enough to transmit non-encrypted information with such intimate details as what pages people read of particular e-books, and the company suffered well-deserved thrashings from The Digital Reader and from the American Library Association. The company challenged certain details of Nate Hoffelder‘s reportage for the Reader and denied it spied even on books not read with ADE. But it admitted letting the software send out e-book data in the clear.
Granted, the ALA can set up new guidelines for library vendors. But the ultimate solution should go beyond that, because of the serious risk of noncompliance. Remember, Adobe is a multibillion-dollar company. Imagine the possible lapses from less established vendors.
Tip of the iceberg?
Libraries could still use outside technical expertise through contractors and directly, but for the maximum security of their patrons, among other reasons, they deserve their own infrastructure. Very possibly, the Adobe outrage is just the tip of the iceberg. What becomes of the market information collected by OverDrive and Amazon–not just now but in the future?
With librarians controlling data collection and observing long-established professional ethics, information could still be gathered on e-book use for purposes such as aggregated market data and syncing of places in readers’ books on multiple devices. And there could even be recommendations of books and movies based on past reading and viewing habits. But at the individual level, all this would be optional. Felt that page sync was a privacy threat? You could turn it off. Same for collection of even aggregated market data.
Maximum patron-protection in action
What could this maximum patron-protection entail (even if nothing is perfect)?
1. A robust infrastructure organization for both public and academic libraries. An endowment-financed purchase of OverDrive could be the start of this infrastructure, jointly owned and operated by a national digital public library system and the academically oriented Digital Public Library of America. The infrastructure mustn’t be only DPLA-controlled; we need participation from a public digital system for sufficient attention to access and digital divide issues. In general, public and academic libraries are different creatures despite some major overlaps and the need for close cooperation and collaboration.
For information on the proposed national digital library endowment that could help finance the infrastructure and the two digital library systems, see articles from the Chronicle of Philanthropy and Library Journal (direct links). The LJ piece has just appeared.
2. The use of top security experts–without any compromising organizational ties–to vet the servers and security precautions that the two library systems used there and elsewhere.
3. Truly library-created applications for iOS, Android and other common operating systems. The Douglas County (Colorado) library system has moved in the right direction even if–as far as I know–it is still relying on Adobe DRM. I’m confident that Douglas would love for that to change.
4. Investigation of such options as well-vetted versions of the Android operating system for phones and tablets. Independent companies could install this firmware with proper supervision. Ideally hardware vendors of all sizes could offer firmware-less phones and other hardware at discount both to individuals and library-oriented upgraders of devices.
Some of the new cheapie Android phones are incredible. But they come with virus and spyware risks. Probably all kinds of Android do. But the techies behind library-vetted firmware could at least work to minimize them.
With library-controlled variants of Android, the user interface could be optimized through installation options for the needs of individuals. Libraries not only could focus on security but also on accessibility-related issues such as the capability of all-bold type for people wanting it, just to give one example of an area where Amazon has been egregiously deficient.
People could install nonlibrary applications, including e-reading apps from Amazon and other e-book vendors, and even use the Google Play Store. But the library-controlled variants could also offer a store with programs closely inspected for privacy breaches. And even with anti-virus scanning, end users would be warned of the perils of not using library-vetted apps. The store could be at least a small revenue-generator.
Needless to say, library-vetted firmware and apps could also be installed on dedicated e-book readers of cooperating vendors.
Yet another possibility would be for libraries to take over the Firefox operating system for mobile hardware or develop their own version of linux for e-book-capable devices. But the Android path is probably a lot more doable, both in terms of costs and the ability of people to keep using popular apps.
The above steps sound drastic, but they are not, given the scope of the privacy threats. Along the way, a library-controlled infrastructure could also be hardened against cyber-attacks from countries not so enamored of American culture.
Some would argue that libraries cannot afford to get into the infrastructure and ecosystem businesses. On the contrary. The costs of not doing so could be considerably higher. If libraries persist in over-relying on outside vendors, this could very possibly lead to their being bypassed and perhaps ultimately put out of business in many cases. Like it or not, as shown by a wonderful video out of Nashville, books remain American libraries’ main calling card, although, if libraries can expand their franchise to include new functions such as vetting of apps, then so much the better. Secure book lockers would be another possibility as a new service.
If nothing else, librarians must not put digitization on hold just because Adobe let down them and patrons. E-books remain the future. Learn to live with them and–in areas such as user privacy–offer additional value.
Update: What if even foreign governments could snoop on the e-book habits of U.S. readers? Russian hackers are already hacking Widows to spy on users, and who knows what’s next?
Editor’s note – this article was re-published with permission from the Library City blog.