Earlier this week, reports surfaced that Adobe’s Digital Editions e-book reader was logging and reporting user activity back to Adobe. Presumably this functionality was set up to enforce the Digital Rights Management function of e-books. However, the news is unsettling because public libraries use this technology to lend digital editions to individuals. The level of detail being sent back to Adobe — apparently including every time the file was opened, and navigation within the file — goes far beyond what readers would expect any service provider to collect about their reading habits.
Providers, of course, may need to collect identifying information from customers, but should anonymize or at least pseudonymize that data, and delete it when it’s no longer needed. In the reading context, while some functions (like adding comments to cloud-stored files) may require a service provider to retain detailed information about how a person uses a particular e-book, we think that companies should be careful to only collect information that’s essential to providing benefits to users.
We think that companies should be careful to only collect information that’s essential to providing benefits to users.
Protecting the privacy of readers has been a core value in the United States for decades. Librarians have consistently advocated for strong protections surrounding reader records, realizing that the ability to access books and other materials anonymously, without fear of reprisal or public shaming, is essential to democratic values. Bookstores have resisted turning over customer records to law enforcement, recognizing that such purchases can be highly personal. During Kenneth Starr’s investigation into President Bill Clinton, the prominent D.C. independent bookstore Kramerbooks was served with a subpoena to turn over Monica Lewinsky’s purchase records — a subpoena the bookstore resisted, citing privacy and First Amendment rights.
In the digital age, new third parties are introduced into this relationship between reader and library or bookstore. A person who checks out an e-book may not realize that it’s Adobe, and not her local library, who is facilitating the book rental and potentially collecting information about her engagement with it. To protect reader privacy and the right to anonymous access to information in the digital age, it is essential that service providers and device makers demonstrate the same respect for user rights that brick-and-mortar establishments have long championed. Some states, including New Jersey and California have already passed reader privacy acts, recognizing the importance of protecting individual privacy, regardless whether someone is reading a paperback or on a tablet
It’s essential that service providers and developers prioritize privacy and anonymity when designing their products. While some books and periodicals may need to signal back to the provider for functionality purposes (for example, to track annotations to a file across devices), providers should be especially careful to ensure that they only collect data necessary to the product. Moreover, given the sensitivity of reader data, any data transmitted back to the provider should be encrypted and securely stored to prevent unauthorized access by third parties or the government. Protecing that data as securely as possible is the best way to uphold our tradition of protecting reader privacy.
Our experiences with books can be deeply intimate, to the point of being a one-on-one relationship that crowds out the rest of the world. When we curl up with a printed book, we feel confident that no one else is watching what we’re reading or judging us on what we highlight. It’s important that that confidence doesn’t end once we purchase an e-book or borrow one from the library — and that providers don’t violate that trust.