Big Idea: Ebook Technology & Reader Privacy Are Compatible
Book Business asked industry thought leaders to discuss the big ideas that are changing the book industry. We are excited about the future of publishing, and we hope these essays invigorate you with new and illuminating perspectives on that future. View the complete essay collection here.
The media has recently shined a light on privacy and security issues related to the use of Adobe Digital Editions (ADE) by many libraries' ebook platforms. We are all familiar with the recent news of spying and potential constitutional violations by the NSA. But perhaps the last thing we expect when we read a library ebook is that someone is watching our reading behavior and perhaps using that information.
Certainly we can intuit this happening in the retail world, where Amazon gives us recommendations based on what we've bought. Does this step over the line? But there is a difference between purchasing behavior and reading behavior, and what we read we like to think is our business. In the world of libraries, the general feeling is that what people read in libraries is private. It is supposed to be a place that is safe to explore any and all topics. Perhaps no one feels more strongly about this than librarians.
Recent revelations confirm that ADE, and by extension, many library ebook products, such as Overdrive, 3M Cloud Library, Axis 360, EBSCO, ebrary and MyiLibrary, are neither private nor secure. Information about ebook reading has been associated with individual patrons, and that information has not even been encrypted. (This may be in violation of California's 2011 Reader Privacy Act.)
There was a range of responses from library technology vendors. Some vendors tried to argue that personal data collection was necessary to improve user experience; that servers need specific user data in order to sync ebooks across devices, allowing readers to switch devices without losing their place. I have several problems with this justification: First, I'm not aware of many platforms doing page sync and, more importantly, personal information is not required to do any of these functions. Others have shifted the blame onto the libraries and publishers, arguing that they need the personal data to track usage for future purchases. Perhaps usage data is needed, but they need aggregate data, not individual data. So, also not true.
It is entirely possible to gather usage data without sacrificing patron privacy. Our team at BiblioLabs made a conscious decision not to require any personal data and any patron can be completely anonymous. While certain personalization features may require a username, that name does not need to be associated with an individual. We also always force encryption of all communications end-to-end. Lastly, any personal data that might be voluntarily provided (patrons often want to provide an email address for functions such as support or password resets) have an additional layer of encryption when stored "at rest" in our databases.
Privacy and security is extremely important to libraries and library patrons. Moreover, the objective of systems that meet the needs of all parties-users, publishers, and librarians-does not need to be incompatible with the technological goal. Such mutually shared objectives will improve trust and only strengthen the overall book industry.
Andrew Roskill is the CEO of BiblioLabs.