It’s easy to load a small library of electronic books into your laptop or handheld organizer and take it on the bus or to the beach. But try to make backup copies of those e-books or loan one to a friend, and you’ll run smack into the digital equivalent of an electrified fence. The problem is that once a literary work has been liberated from the printed page, it’s potentially vulnerable to unlimited digital piracy-a danger that makes most e-book publishers insist on strict software controls to prevent anyone but the purchaser from opening an e-book file.Competing “digital rights management” systems offered by companies such as Adobe Systems, Microsoft, Reciprocal and ContentGuard allow publishers to outfit e-books and other forms of electronic content with customized usage rules. The companies naturally strive to make these systems as hacker-proof as possible. But this summer Technology Review learned of a home-brewed decryption program that defeats the most advanced antipiracy features built into Microsoft Reader, a leading e-book program downloaded by over a million people since its debut in August 2000.
The decryption program lets purchasers of “owner-exclusive” Reader titles-Microsoft’s most protected e-book-convert the titles to unencrypted files viewable on any Web browser. The program’s creator, a U.S. cryptography expert who asked not to be identified, says he wanted to circumvent the “two-persona” limit, a rule built into Reader at the behest of publishers that allows purchasers to read each e-book on no more than two devices. (In October Microsoft announced it would increase that limit to four devices, as part of a software upgrade planned before the cracking episode.)
Though the decryption program works on any Windows PC, the programmer hasn’t released it, saying he developed it for his personal use. But the program’s existence, together with decryption efforts directed against e-book formats from other companies, such as Adobe, illustrates the vulnerabilities in digital rights management schemes. It also promises to fuel the ongoing debate over the 1998 Digital Millennium Copyright Act, under which it is legal in certain circumstances to use-but, paradoxically, not to make or distribute-software that circumvents technological copyright protections.
Microsoft controls access to copyright-protected e-books through Reader, a free program that can be installed on any Windows laptop or PC. When you purchase a Reader e-book from a retailer such as Amazon.com, special server software equips your title with one of three levels of copy protection, as specified by the publisher. E-books with owner-exclusive protection, the level used for premium titles such as current bestsellers, are encrypted during download using a unique mathematical key contained in your copy of the Reader software. You obtain this key by “activating” your copy of Reader, which requires you to register for a Microsoft Passport account and supply Microsoft with an e-mail address and other identifying information. Until October, only two copies of Reader could be activated under the same Passport account-now four copies can be activated-and access to owner-exclusive e-books is limited to the devices on which those copies of the software are installed.
Such rules irritate many e-book readers, who feel that once they’ve purchased a book, they should be able to read it wherever they want. “I like to read e-books at my desk, when I’m traveling, lying on the sofa and when I’m eating lunch. I use different computers for these things, so I need more than two activations,” said Roger Sperberg, publishing consultant and columnist for the industry site eBookWeb.org, in August. Some also complain that Microsoft’s limitation makes it difficult to recover e-books after a hardware upgrade, which can invalidate the activation key. The anonymous programmer says he wrote his decryption software partly to sidestep such practical problems, and partly so he could extract the text of his e-books for display on additional devices such as the REB1100, a reading device manufactured by RCA.