Amazon launched Kindle Cloud Reader a few weeks ago. This version of the Kindle e-reader app runs within web browsers and therefore on a wider variety of platforms than its hardware Kindle devices and pre-existing e-reader apps for platforms such as Apple iOS and Android.
The main intent of Kindle Cloud Reader is to get around app stores, so that Amazon can make e-books available on iPads, iPhones, and Android devices without having to pay Apple or Google — both competitors in the e-book space — a percentage of its revenues. Yet Kindle Cloud Reader is different from the others in a way that could turn out to be just as important as its interoperability: it doesn’t encrypt e-book files.
Various people have discovered that Kindle Cloud Reader is a straight HTML5 app and that the server sends it unencrypted content a chapter at a time. It would be fairly easy to build a program that captures the HTML and stores it locally. This would be roughly equivalent to “stream capture” for audio and video, except that the result would be a perfect browser-renderable copy of the e-book.
This means that Kindle Cloud Reader does not operate in the same way as other web-based e-readers, such as Google Editions or Amazon’s older Amazon Pages technology. These display page images that would have to be fed sequentially to an OCR engine in order to capture the text – a higher “speed bump” than Kindle Cloud Reader uses.
E-book DRM technologies have generally been hacked, but this move by Amazon lowers the e-book copying “speed bump” significantly — not as low as DRM-free music downloads, but getting there.
Furthermore, Kindle Cloud Reader lacks certain functionality that other e-readers have, such as copy-to-clipboard. Google Editions allows copy-to-clipboard with limits. Ironically, the lack of copy-to-clipboard in Kindle Cloud Reader has inspired hackers to figure out how to add this functionality and thereby stumble upon the fact that the content is not encrypted.
Three questions arise out of this development. First, why is Amazon doing this? Second, do the publishers that license material to Amazon know about it? Third, would a program that captures e-book content in Kindle Cloud Reader be illegal under anticircumvention law (DMCA 1201 in the United States)?
The first question is most likely answerable. This development indicates that Amazon is confident enough about its leadership position in the e-book market that it does not feel as much need to lock customers into its platform, as it has done (more strongly) with its DRM.
It also shows that Amazon intends to make its e-book money more on e-books themselves than on reader devices. This is in line with analysts’ projections that the tablet market will grow faster than e-reader devices and therefore that e-readers will come under increasing price pressure. Amazon’s intention to launch a tablet device of its own by the end of this year corroborates this.
The third question is an interesting one. The anticircumvention law was designed to place liability for hacks to “technical protection measures” (TPMs) on hackers themselves rather than on the suppliers of the TPMs. This has led to the question of how strong a TPM has to be in order to qualify for protection under this law.
The 7th Circuit appeals court addressed this question in Universal v. Reimerdes (2000) regarding the hacked CSS encryption scheme for DVDs: the defendants in the case suggested that CSS shouldn’t qualify for legal protection because it was so easily hacked. The court did not want to establish a test for TPM effectiveness, so it declined to address that issue.
More recently, a company called SunnComm that made CD copy protection technology threatened to sue a researcher for discovering that its technology was trivially easy to circumvent: just press the Shift key on a PC when inserting a protected CD into the PC’s drive and the copy protection mechanism could be bypassed. SunnComm withdrew the lawsuit. One reason for this could have been fear of the repercussions of an adverse court decision — which would most likely have resulted in just such a test for TPM effectiveness.
If a publisher sues someone under the anticircumvention law for making a program available that extracts e-book content from Kindle Cloud Reader, then we’ll see what the answer to the third question above is (if the suit goes to trial). Or, if a publisher sues Amazon for breach of licensing agreement over the lack of encryption, we’ll know the answer to question number two.
Of course, there is also a fourth question: is this the beginning of the end of DRM for e-books? I suspect the answer is yes, although this should happen more slowly (or not at all) for certain segments of the publishing market, such as higher education and expensive professional/technical content. In general, I don’t believe it will happen as quickly as it did for music.
The digital music industry is moving from a model based on file ownership to one based on cloud storage. Storage of content on servers instead of on users’ devices goes hand-in-hand with elimination of file encryption. This transition is just beginning and will take years to complete. Even so, cloud-based e-reading seems like more of a stretch than cloud-based music: although the “celestial jukebox” model has been available for several years, its uptake has been slow. People are only just now starting to envision a world without physical music ownership. It will take them considerably longer to envision a world without physical books.
The music industry turned upside down with ripper programs and the internet. The publishing industry is shifting because of the net and e-publishing, but will blatant theft of e-books be rampant? Not likely. For non-fiction writers most will want the attention because of ancillary revenues. Further books are consumed over hours whereas music is a few minutes. Ripping & sharing was youth oriented and they aren’t the book readers. The biggest threat will be to novelists.
Author of The Protectors (A Thriller)
First of all, in terms of what’s a bigger speed bump for copying, it’s far easier to just decrypt a Kindle DRM ebook than find a way to capture a TCP stream. A simple Google Search and 5-10 minutes will render you all the tools you need to remove DRM from Digital Editions, Nook, or Kindle. The encryption used by these DRM systems is indeed secure, but since the consumer has to ultimately view the content, keys for the encrypted content must necessarily be transmitted with the content itself, making defeating the DRM a simple matter of finding where the key is stored on a hard drive. Hardly a speed bump for even a mediocre programmer. Since the DMCA is only an American law, the code need only be published on an international website, if that’s even a concern.
Secondly, digital music is not migrating exclusively to the cloud in any real ways — the cloud is just another consumption option. The digital locker services from Google and Amazon simply store your music for you, but you always have the option of downloading it. In both medias, it is expected that purchased content be downloadable and usable off-line. If I’m going on a vacation to Mexico, streaming my book on the beach is a non-option, for example; and as a consumer, I have a reasonable expectation of restriction-free content for an outright purchase.
It seems to me the publishing industry needs to get its head out of the sand. Steve Jobs’ biography came out and sooner it could be found in stores, it was available on torrent sites all over the Internet. Worse yet for the industry, pirated versions of the content are restriction-free, creating a disincentive for even an honest millionaire to pay for content that’s less useful than its pirated counterpart. This isn’t idle speculation: a recent study in the PC game business, one highly ravaged by DRM, found that DRM was a cause of, not a barrier to, piracy. With DRM, you cause piracy, engender distrust from your customers, and clearly communicate that you do not respect your own paying customers enough to trust them with what the pirates already have: the real thing.
You understand neither how modern DRMs are designed nor how laws like DMCA apply to them.
I’m going to hit just the highlights of the many inaccuracies in your comment.
The statement “…keys for the encrypted content must necessarily be transmitted with the content itself, making defeating the DRM a simple matter of finding where the key is stored on a hard drive. Hardly a speed bump for even a mediocre programmer” is just plain wrong. Recent software-based DRMs obfuscate keys so that hacks generally take highly skilled programmers real effort to accomplish. The point is, and has never been, how easy it is to discover keys in software. The point is how easy it is to create tools that nontechnical people can use to de-DRM files. Such tools are illegal both to distribute and to use. The vast majority of users are not programmers, mediocre or otherwise.
The fact that the DMCA only applies to the U.S. is irrelevant. The law says that anyone who uses a circumvention tool – regardless of where they got it — is liable. It has been possible for many years, for example, to find DVD rippers on foreign sites. It has been and still is illegal to use them in the United States. One of the main points of my article is that “hacking” the mechanism used in Kindle Cloud Reader is, in contrast, perfectly legal.
Finally, I would like to know what “recent study in the PC game business … found that DRM was a cause of, not a barrier to, piracy” and on what you base your claim that gaming is “highly ravaged by DRM.” Yes, there have been a couple of gaming DRMs (like Sony’s SecuROM) that have offered terrible user experiences, but generalizing that to the entire gaming industry is also just plain wrong.
Bill, I’ve personally found the “obfuscated” keys in Adobe’s DRM. Email me if you want — I’ll tell you exactly where they are on your hard drive. When Adobe modified its obfuscation strategy early this year, all it took was a simple debugger to watch the files and registry records it accesses when decrypting an ePub file. It took me about an hour.
Are average users capable of this? No, but I’m also definitely not an expert at reverse-engineering software. More importantly, there are almost seven billion people in the world. About 5 percent of those people are US citizens, assuming US citizens would avoid taking these steps for fear of prosecution under the DMCA. Only one person to break a DRM scheme open for everyone. Think about it.
As for its legality. Here’s a link to Wired, an American tech magazine, describing the process: http://www.wired.com/gadgetlab/2011/01/how-to-strip-drm-from-kindle-e-books-and-others/ I’m hardly the only scofflaw out there, and I’m posting this with my public real name and a link to my website. I’m not arguing that breaking DRM is legal in the United States, I’m simply pointing out that in the tech community, the law is generally met with disdain and then ignored. Perhaps you disagree, but that’s my experience: no one thinks twice about removing DRM from content they rightfully own.
I’m not a lawyer, but I’m not sure why that watching a TCP stream to circumvent DRM is legal, while watching your own computer’s memory would be illegal. Perhaps you’re right, but ultimately that’s of legal importance, not technical. Anyone who wants to remove DRM from an ebook file is just one Google search away, and that’s not going to change any time soon. Your speculation that scraping a TCP stream might be legal is semantic.
As for the gaming industry’s DRM problem: http://arstechnica.com/tech-policy/news/2011/10/a-game-we-all-win-dumping-drm-can-increase-sales-while-reducing-piracy.ars — also note that music piracy dropped substantially after Amazon and iTunes dropped DRM.
First of all, take my word for it, as someone who isn’t a lawyer but who has guest-lectured at law schools about this, that capturing the chapter-by-chapter “stream” of content in Kindle Cloud Reader is not a violation of DMCA, whereas breaking encryption is. I am personally not a fan of DMCA, but that’s the reality of it.
The fact that technical people have little regard for these laws is both something I am also familiar with and beside the point. Your attitude (and by extension the attitude of technical people) toward laws like this — which I don’t dispute, having also been a software engineer who has contributed code to open source projects — is also irrelevant in the grand scheme of things.
Competent programmers constitute a tiny percentage of people worldwide. Most other people, if they want to disregard the law, have to take some steps in order to do so. That’s why I have never bought the EFF “once you hack a single copy, it’s all over” canard. No DRM is hackproof; it all has to do with how easy it is for the masses to circumvent. The fact that it’s against the law to circumvent encryption is one factor that some people may find to be a deterrent. It’s all part of the equation. No one in the publishing (or music, or gaming, or film) industry believes in 100% hackproof DRM; instead they have a number of different techniques to fight copyright infringement – some legal, some technical, some educational.
Regarding that study you cited: I read it myself recently. In fact, I have been meaning to write an article about it. There have been many studies like this; see https://copyrightandtechnology.com/2010/04/14/gao-report-throws-doubts-on-piracy-studies/. I’ve read most of them. All of them are flawed. This one is a classic case of academics having a certain outcome in mind and manipulating their model to obtain that outcome. They pick numbers to input into a formula such that the results they wanted in the first place come out. In this sense they are no less biased than the lobbyist-commissioned studies that come out of Washington. The GAO report mentioned above agrees that none of these studies have any validity and goes further to suspect that it may be impossible to determine such things as the value of DRM to a content owner with any degree of confidence. I wouldn’t go quite that far — I would bet that a multidisciplinary team of researchers (economics, technology, law, behavioral science, etc.), funded by a truly unbiased source, could come up with some defensible results, but it hasn’t happened yet.
Thanks for your thoughts, Bill. If capturing a TCP stream is indeed legal, I can see how that would have some intriguing implications — for example, instead of simply publishing a hack on the Internet, someone could go into business selling software to capture that stream.
I think the tech community’s attitude toward DRM is probably not appreciated sufficiently by content copyright holders. The ease of circumvention and the attitude people have toward it are genuinely important. Just look at the reception UltraViolet is getting. A truly non-biased study of DRM would be interesting. All we have is anecdotal evidence and some post hoc ergo propter hoc reasoning.
My general feeling is still that regardless of the law or what the RIAA or MPAA say, I’m not going to stop removing DRM from content, no matter how easy the DRM is to live with. It’s a matter of principle.
[…] Amazon Kindle Cloud Reader Lowers the Speed Bump for E-Books .Aug 31, 2011 Amazon Kindle Cloud Reader Lowers the Speed Bump for E-Books August 31, 2011. Posted by Bill […]
[…] look for it to do similar things. Amazon is already experimenting with DRM-free distribution: Amazon’s Cloud Reader doesn’t use DRM, yet it also doesn’t offer copy-to-clipboard or print. Amazon will jettison DRM in most book […]
[…] protection/prevention in Kindle Cloud Reader?According to a number of articles and discussions (see http://copyrightandtechnology.co… and http://news.ycombinator.com/item… for example), e-books delivered to the browser-based Kindle […]