Adobe patches ereader vulnerability but privacy concerns remain

A follow up article from Inside Higher Ed about Adode Reader’s recent ‘data breach’. Adobe have updated Adobe Digital Editions to version 4.0.1 which now encrypts the information its ebook and PDF reader collects about users.

In the article, Carl Straumsheim argues that the recent patch to address that privacy issue has spawned a new problem for librarians and readers who ‘no longer know how they are being monitored’.

Andromeda Yeltonn foreshadowed this problem in an earlier article, noting that ‘With ebooks, … the technology we have to put in place to enforce [digital rights management] and contractual requirements requires a fair amount of surveillance of infrastructure.”

Nate Holffender believes Adobe should not be applauded for satisfying the ‘bare minimum’ requirements set by privacy laws and basic standards of conduct. It also remains unclear how Amazon is using the encrypted data to track individual library users reading habits.

Advertisements

Adobe Reader under fire for data breach

Adobe Digital Editions (ADE) is a reading app used by many libraries and readers around the world to access and read ebooks.

Adobe has come under recent scrutiny for tracking users in the app and uploading their data to servers. The plain text transmission of data was first reported Oct. 7 presumably stretches back as far as the release of ADE 4.0 in early September.

The American Libraries Association President Courtney Young stated in a press release

People expect and deserve that their reading activities remain private, and libraries closely guard the confidentiality of library users’ records… The unencrypted online transmission of library reader data is not only egregious, it sidesteps state laws around the country that protect the privacy of library reading records. Further, this affects more than library users; it is a gross privacy violation for ALL users of Adobe Digital Editions 4.”

This was followed by a statement from the Canadian Library Association.

The Digital Reader has critisiced Adobe’s responses as being in adequate. Adobe claims that sending a user’s reading logs in this form meets the standards of Adobe’s privacy policy. The dispute highlights some of the difficulties in setting standards for DRM and readers privacy.