eBook DRM

You can’t really consider eBook conversion without making a decision about whether or not you want to apply Digital Rights Management (‘DRM’) to your eBook. When people talk about DRM they are really talking about eBook security – copyright protection and encryption.

 There are three major security ecosystems in the eBook world: Amazon’s (for the Kindle), Apple’s (called FairPlay), and Adobe’s. Most other major ebook distributors and retailers use Adobe DRM. An ebook with one kind of DRM cannot be opened with software that uses another (e.g. a PDF with Adobe DRM cannot be opened on a Kindle device or app.)

Strict DRM

When an individual buys an eBook from an online bookstore (think Amazon; Apple’s iBookstore; Barnes & Noble – Nook; Kobo; Google Play etc.) the eBook will be encrypted with DRM (Digital Right Management).

DRM helps protect the copyright and preserve the integrity of the eBook.  DRM prevents some users and deters others from inadvertently or deliberately breaching that copyright (For example by sharing that eBook with another person, reproducing it or offering it for sale to another person without the rights holder’s permission).

Typically publishers and retailers insist on applying strict DRM to their eBooks. There are a number of DRM solution providers in the market, but outside of the proprietary solutions used by Apple and Amazon the market leader is probably Adobe.

Social DRM

Some publishers are now embracing an alternative form of DRM.  Social DRM or the application of a digital watermark is less severe than the strict DRM solutions provided by the likes of Adobe.

Crucially by using a digital watermark publishers are able to sell ebooks direct to Kindle users (i.e. by-passing Amazon) – something they cannot do if they decide to sell eBooks encrypted with strict DRM.  The benefits of selling direct are two-fold – higher unit values and of course consumer engagement (In other the words the publisher makes more on each unit sale and also owns the customer relationship because when they sell direct they are also the retailer.)

It’s worth noting that the digital watermark is purely a deterrent not a preventative measure.

If I opt to sell eBooks with a digital watermark to my readers I trust them to respect my copyright and choose not to breach it, rather than prevent them from doing so.  The digital watermark will not prevent users from illegally sharing my eBook, but it does deter them from doing so because a watermarked eBook includes an invisible, encrypted code and a visible watermark in the prelims/ex-libris pages of the book that identifies the purchaser.  If I discover that one of my customers has decided to share my ebook on a torrent website I can trace the eBook back to him or her and take appropriate action.

Digital watermarking on eBooks made the headlines when JK Rowling announced that she wanted to sell eBook versions of the Harry Potter series direct to readers rather than through third party retailers. To do this she created an eCommerce enabled website at www.pottermore.com. Then, to ensure her customers could read the Harry Potter eBooks on whatever device they owned (e.g. Kindle, iPad, Nook, Sony Reader, etc.), she opted to digitally watermark them, rather than encrypt them with strict DRM.

Broadly, if I want to make my eBook available to Kindle users direct from my own eBookstore then the only DRM option I have is social DRM (digital watermarking). If I am not bothered about Kindle users – but I still want to protect my eBook – then my best option is strict DRM.

DRM Free

In an ideal world there would be no need for DRM. Indeed a growing number of publishers (large and small) and other industry participants already feel that it is an unnecessary protectionist measure that unfairly constrains the reader’s relationship with their eBook. If you are not unduly worried by piracy then opting to make your eBooks available without DRM encrryption is by far the easiest and potentially least expensive means of ensuring universal accessibility across devices.

Frequently Asked Questions about Security

Q: Can people who download an ebook, print and reproduce their own copies for personal use?

A:   eBooks with strict DRM cannot be printed or copied unless the retailer/rightsholder decides to allow it (Note: Strict DRM encryption is not full proof)

eBooks with social DRM can be printed and therefore copied, but the watermark will be visible.

eBooks without any sort of DRM can of course be printed and copied.

When a customer purchases a DRM protected eBook they are typically able to download it a maximum of three times (this for example will allow the customer to place the eBook onto their desktop, smartphone and tablet).  If they want to download it more than three times, they will have to purchase it again.

Q: What is to prevent people from forwarding copies of the purchased ebook on to others via email or disk?

A:  With strict DRM applied it is not possible to simply forward copies of the purchased eBook by email or on a disk. The encryption process is designed to prevent and deter exactly this type of casual activity.

Q: What prevents people from adapting the files we send to them and publishing them as their own content?

A:  Ultimately (as for print copies) if a customer is intent on infringing copyright he or she will find a way of doing it. DRM is not failsafe, but it is robust and when combined with applicable Terms of Use and international copyright laws it provides a weighty incentive to respect the content providers rights.

If an individual or organisation decides that it would like to intentionally replicate or adapt copyright protected and encrypted files, then share and/or resell them without authorisation from the respective rights holders …they are committing an illegal act.  As a first step they would need to crack the encryption, something which although possible is not easy without the requisite time and skill sets. The user will then need to make the decision to flout the Terms of Use associated with their purchase and commit a criminal offence.

Q: Can you please describe in detail how the security process stops people forwarding ebooks?

A:   Let’s say a user buys an ebook online at your website, he then downloads it and reads it on his computer. Here is what happens in the background, and where DRM fits in:

  • Your ebook website.com sends all its eBook files to a trusted third party distributor (eg Firsty Group) that uses an Adobe Content Server to encrypt eBook files when a user makes an eBook purchase. Firsty uses Adobe Content Servers to deliver DRM’ed eBooks, and pays Adobe a license fee every year for the software plus $0.22 every time someone buys an ebook.
  • The user pays your ebook website.com with his credit card, after which he clicks a link on your website that says ‘Download ebook’.
  • He clicks the link, and actually downloads a small .acsm (Adobe Content Server Message) file. He thinks he’s downloaded the ebook, but he hasn’t yet. (Some retailers are worse than others at explaining this to customers.) It’ll be something like ‘your_ebook_title.acsm’.
  • If he has suitable Adobe-RMSDK-based software on his computer already (e.g. Adobe Digital Editions/ADE), that software can open the .acsm file. If he hasn’t installed such software, then he will have the opportunity to do so and indeed will be prompted to do so before proceeding further.  Assuming the user has ADE installed then it will open the .acsm file.

  • The .acsm file carries instructions and a hyperlink that tell ADE to get the user’s new ebook straight from Firsty’s ACS.
  • The user’s ADE and Firsty’s ACS have a little conversation, in which ADE gives ACS the user’s Adobe ID (e.g. a_user@ebookreader.com), and the ACS packages an ebook file specifically for that ID.

  • At the same time, Firsty’s ACS has a conversation with Adobe’s own signing server. The signing server checks that everyone is who they say they are, and gives the go-ahead for the ACS to deliver the user’s ebook.
  • If any of this fails, the download fails and the user will have to open the .acsm file again. (ADE usually remembers that there was an unfinished download and will prompt the user to retry.)
  • ADE will display a message on the user’s screen saying ‘Downloading document/eBook’ and will show a progress bar.
  • The ebook now being downloaded by ADE has been encrypted by the ACS and can only be opened on a device/computer authorised with the user’s Adobe ID.
  • Once the ebook has finished downloading, it will open in ADE, and the user can start reading.
  • When the ebook’s publisher placed the ebook with Firsty, Adobe DRM settings were configured which affect what the user can do with his ebook. In this case, let’s say, no copying or printing is permissioned. While reading the ebook, the users print button is greyed out.

Note:    All of this takes place within a matter of seconds. With a quick Internet connection it might take a couple of seconds, with a slower connection it may take up to a minute or more depending upon the size of the file.

Q: Can customers print the ebooks they have bought or sections of them?

A:  Adobe Content Server 4 (the latest version of ACS) allows you to control many different security settings (e.g. at what resolution an ebook can be printed, whether the ebook will expire, etc.). With Firsty, publishers can configure the setting to suit their requirements. The two key settings are:

  • Do we allow users to print from an ebook? How much do we allow them to print, and how often?
  • Do we allow users to Copy from an ebook? How much do we allow a user to copy and how often?

No matter what the publisher chooses, if the ebook is encrypted using ACS4 the eBook cannot be opened on a device/computer that has not been authorised with the user’s Adobe ID.