Amazon launched Kindle Cloud Reader a few weeks ago. This version of the Kindle e-reader app runs within web browsers and therefore on a wider variety of platforms than its hardware Kindle devices and pre-existing e-reader apps for platforms such as Apple iOS and Android.
The main intent of Kindle Cloud Reader is to get around app stores, so that Amazon can make e-books available on iPads, iPhones, and Android devices without having to pay Apple or Google — both competitors in the e-book space — a percentage of its revenues. Yet Kindle Cloud Reader is different from the others in a way that could turn out to be just as important as its interoperability: it doesn’t encrypt e-book files.
Various people have discovered that Kindle Cloud Reader is a straight HTML5 app and that the server sends it unencrypted content a chapter at a time. It would be fairly easy to build a program that captures the HTML and stores it locally. This would be roughly equivalent to “stream capture” for audio and video, except that the result would be a perfect browser-renderable copy of the e-book.
This means that Kindle Cloud Reader does not operate in the same way as other web-based e-readers, such as Google Editions or Amazon’s older Amazon Pages technology. These display page images that would have to be fed sequentially to an OCR engine in order to capture the text – a higher “speed bump” than Kindle Cloud Reader uses.
E-book DRM technologies have generally been hacked, but this move by Amazon lowers the e-book copying “speed bump” significantly — not as low as DRM-free music downloads, but getting there.
Furthermore, Kindle Cloud Reader lacks certain functionality that other e-readers have, such as copy-to-clipboard. Google Editions allows copy-to-clipboard with limits. Ironically, the lack of copy-to-clipboard in Kindle Cloud Reader has inspired hackers to figure out how to add this functionality and thereby stumble upon the fact that the content is not encrypted.
Three questions arise out of this development. First, why is Amazon doing this? Second, do the publishers that license material to Amazon know about it? Third, would a program that captures e-book content in Kindle Cloud Reader be illegal under anticircumvention law (DMCA 1201 in the United States)?
The first question is most likely answerable. This development indicates that Amazon is confident enough about its leadership position in the e-book market that it does not feel as much need to lock customers into its platform, as it has done (more strongly) with its DRM.
It also shows that Amazon intends to make its e-book money more on e-books themselves than on reader devices. This is in line with analysts’ projections that the tablet market will grow faster than e-reader devices and therefore that e-readers will come under increasing price pressure. Amazon’s intention to launch a tablet device of its own by the end of this year corroborates this.
The third question is an interesting one. The anticircumvention law was designed to place liability for hacks to “technical protection measures” (TPMs) on hackers themselves rather than on the suppliers of the TPMs. This has led to the question of how strong a TPM has to be in order to qualify for protection under this law.
The 7th Circuit appeals court addressed this question in Universal v. Reimerdes (2000) regarding the hacked CSS encryption scheme for DVDs: the defendants in the case suggested that CSS shouldn’t qualify for legal protection because it was so easily hacked. The court did not want to establish a test for TPM effectiveness, so it declined to address that issue.
More recently, a company called SunnComm that made CD copy protection technology threatened to sue a researcher for discovering that its technology was trivially easy to circumvent: just press the Shift key on a PC when inserting a protected CD into the PC’s drive and the copy protection mechanism could be bypassed. SunnComm withdrew the lawsuit. One reason for this could have been fear of the repercussions of an adverse court decision — which would most likely have resulted in just such a test for TPM effectiveness.
If a publisher sues someone under the anticircumvention law for making a program available that extracts e-book content from Kindle Cloud Reader, then we’ll see what the answer to the third question above is (if the suit goes to trial). Or, if a publisher sues Amazon for breach of licensing agreement over the lack of encryption, we’ll know the answer to question number two.
Of course, there is also a fourth question: is this the beginning of the end of DRM for e-books? I suspect the answer is yes, although this should happen more slowly (or not at all) for certain segments of the publishing market, such as higher education and expensive professional/technical content. In general, I don’t believe it will happen as quickly as it did for music.
The digital music industry is moving from a model based on file ownership to one based on cloud storage. Storage of content on servers instead of on users’ devices goes hand-in-hand with elimination of file encryption. This transition is just beginning and will take years to complete. Even so, cloud-based e-reading seems like more of a stretch than cloud-based music: although the “celestial jukebox” model has been available for several years, its uptake has been slow. People are only just now starting to envision a world without physical music ownership. It will take them considerably longer to envision a world without physical books.