Privacy and Ebook Access through Adobe Digital Editions

Update

Adobe has released a software update for Adobe Digital Editions 4 that addresses the privacy concerns raised in our original post, below. Adobe now encrypts all data that is transmitted from Adobe Digital Editions to Adobe servers. Patrons who use Adobe Digital Editions are recommended to upgrade to the newest version immediately.

For more information on how Adobe collects and transfers data, please consult their privacy statement.

For more information on the update:

Original Post

It has recently come to our attention that a software vulnerability exists within Adobe Digital Editions, the software that is used by the Ryerson Library to access many of the library’s ebooks. Adobe Digital Editions has been logging data on the books used with this application and other ebooks that have already been downloaded on the devices of library users. This information is being uploaded in plain text to Adobe servers, and is being sent without any encryption, meaning that book logging data is potentially open to interception by anyone with a moderate level of technical skill. Note that this vulnerability seems to be limited to Digital Editions 4, the most recent version of the software. As far as can be detected, Digital Editions 2 and 3 are unaffected. Ryerson is investigating and we will keep you updated on how this may affect you.

The Ryerson Library provides access to thousands of ebooks. All can be read online; however, due to DRM (digital rights management) restrictions, if a user chooses to download a book to a device for offline reading, they must use Adobe Digital Editions. This is a condition of purchase that has been unavoidable for all libraries providing ebook content.

If you are concerned about your right to privacy, we recommend that you uninstall Adobe Digital Editions 4 from all of your devices immediately. You can still read ebook content online, install Adobe Digital Editions 3, or you can follow up with your liaison librarian about options for print alternatives.

The Library values our users’ right to privacy, and we have expressed concern and alarm to our ebook vendor, and asked them to advocate on our behalf. We are investigating whether Adobe’s actions are a violation of provincial privacy laws and will be contacting Adobe directly to demand that they address this vulnerability immediately. The Library has passed this information on to the Heather Driscoll, Ryerson’s Information & Privacy Officer, who will make the determination whether a privacy violation has occurred and act accordingly. We will keep you updated as more information becomes available.

Leave a Comment

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" data-ga-event=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>