Library Group Takes Aim at Adobe Over Privacy Issues

The American Library Association has been outspoken in criticizing the latest version of Adobe's electronic reader software, which tracks the reading habits of its users—a major no-no in the library world.

The American Library Association (ALA) wants to make sure that patrons’ reading choices stay private. That position remains firm—even if the books in question are electronic.

Recently, ALA spoke up when privacy concerns were raised about a popular e-book reader used by thousands of libraries worldwide. Its strong objections led Adobe to promise to strengthen its privacy standards, but the group is pushing for more:

This is not merely a question of a technical slip-up in one version of an Adobe product.

The problem: Last week, e-book blogger Nat Hoffelder reported that Adobe’s Digital Editions app contained functionality that allowed the company to track usage statistics and then upload that information “in the clear.” That means the data isn’t encrypted, making it possible for anyone with technical knowledge to tap into it. “I am not joking; Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,” Hoffelder wrote on his blog, The Digital Reader. Hoffelder later discovered and reported that the issue appears only in the latest version of the  app, released in September.

Adobe explains: As criticism spread, Adobe responded by saying that it acquires user information for purposes of digital rights management and that the data collection was not an effort to spy on users. “All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers,” the company said in a statement. “Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader.” In later comments to ALA regarding the data-encryption issue, Adobe said users should “expect an update to be available no later than the week of October 20.” In any case, the company said the approach was in line with its official privacy policy.

Library groups respond: Soon after the news broke, the Library and Information Technology Association (LITA), a division of ALA, noted that the software’s ability to transmit user data raises serious ethical questions. “Issues like this highlight the need to revisit stated positions and evaluate where the balance point is between [accommodating] user functionality and protecting against collection of personally identifiable data, or metadata,” wrote LITA’s Aaron Dobbs in a blog post. A later statement from ALA President Courtney Young asserted that Adobe’s strategy “sidesteps state laws around the country that protect the privacy of library reading records.”

Taking a more soul-searching approach, LITA board member Andromeda Yelton wrote that libraries haven’t always lived up to their stated values in the digital age.

“This is not merely a question of a technical slip-up in one version of an Adobe product,” she wrote. “This is about the fact that we do not have the technical skills to verify whether our products are in line with the values we espouse, the policies we hold, or even the contracts we sign, and we do not delegate this verification to others who do. Our failure to verify affects all the software we run.”

She added: “We have chosen access over privacy, and privacy is not an option left for us to choose.”

Adobe's Digital Editions app, at the center of a privacy controversy.

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!