We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Breaking Microsoft's e-Book Code

An anonymous programmer has found a way to decrypt Microsoft Reader e-books, spurring digital-rights debate.

It’s easy to load a small library of electronic books into your laptop or handheld organizer and take it on the bus or to the beach. But try to make backup copies of those e-books or loan one to a friend, and you’ll run smack into the digital equivalent of an electrified fence. The problem is that once a literary work has been liberated from the printed page, it’s potentially vulnerable to unlimited digital piracy-a danger that makes most e-book publishers insist on strict software controls to prevent anyone but the purchaser from opening an e-book file.

Competing “digital rights management” systems offered by companies such as Adobe Systems, Microsoft, Reciprocal and ContentGuard allow publishers to outfit e-books and other forms of electronic content with customized usage rules. The companies naturally strive to make these systems as hacker-proof as possible. But this summer Technology Review learned of a home-brewed decryption program that defeats the most advanced antipiracy features built into Microsoft Reader, a leading e-book program downloaded by over a million people since its debut in August 2000.

The decryption program lets purchasers of “owner-exclusive” Reader titles-Microsoft’s most protected e-book-convert the titles to unencrypted files viewable on any Web browser. The program’s creator, a U.S. cryptography expert who asked not to be identified, says he wanted to circumvent the “two-persona” limit, a rule built into Reader at the behest of publishers that allows purchasers to read each e-book on no more than two devices. (In October Microsoft announced it would increase that limit to four devices, as part of a software upgrade planned before the cracking episode.)

This story is part of our November 2001 Issue
See the rest of the issue

Though the decryption program works on any Windows PC, the programmer hasn’t released it, saying he developed it for his personal use. But the program’s existence, together with decryption efforts directed against e-book formats from other companies, such as Adobe, illustrates the vulnerabilities in digital rights management schemes. It also promises to fuel the ongoing debate over the 1998 Digital Millennium Copyright Act, under which it is legal in certain circumstances to use-but, paradoxically, not to make or distribute-software that circumvents technological copyright protections.

Microsoft controls access to copyright-protected e-books through Reader, a free program that can be installed on any Windows laptop or PC. When you purchase a Reader e-book from a retailer such as Amazon.com, special server software equips your title with one of three levels of copy protection, as specified by the publisher. E-books with owner-exclusive protection, the level used for premium titles such as current bestsellers, are encrypted during download using a unique mathematical key contained in your copy of the Reader software. You obtain this key by “activating” your copy of Reader, which requires you to register for a Microsoft Passport account and supply Microsoft with an e-mail address and other identifying information. Until October, only two copies of Reader could be activated under the same Passport account-now four copies can be activated-and access to owner-exclusive e-books is limited to the devices on which those copies of the software are installed.

Such rules irritate many e-book readers, who feel that once they’ve purchased a book, they should be able to read it wherever they want. “I like to read e-books at my desk, when I’m traveling, lying on the sofa and when I’m eating lunch. I use different computers for these things, so I need more than two activations,” said Roger Sperberg, publishing consultant and columnist for the industry site eBookWeb.org, in August. Some also complain that Microsoft’s limitation makes it difficult to recover e-books after a hardware upgrade, which can invalidate the activation key. The anonymous programmer says he wrote his decryption software partly to sidestep such practical problems, and partly so he could extract the text of his e-books for display on additional devices such as the REB1100, a reading device manufactured by RCA.

The programmer’s software works by recovering a series of well-hidden encryption keys specific to each activated copy of Reader and to each owner-exclusive e-book. It essentially reverses the process publishers follow when they assemble source files such as text and images into an e-book. The software dumps unprotected copies of these files into a new folder on the user’s computer-as the programmer demonstrated to Technology Review using an owner-exclusive e-book purchased from an online bookstore.

Approached for comment, Jeff Ramos, director of worldwide marketing for Microsoft’s “eMerging Technologies” group, said, “We do not comment on alleged security violations of our software. In general, if necessary in response to such incidents, we take appropriate measures.”

So far, programmers intent on exposing e-book security weaknesses haven’t been deterred, even by the possibility of legal action. Indeed, the publicity surrounding the prosecution of Dmitry Sklyarov, a Russian cryptographer who wrote similar software that strips copy protection from Adobe e-book files, has only added to widespread criticism of digital rights management technologies and the laws designed to bolster them. FBI agents arrested Sklyarov at a July hacker convention in Las Vegas after a tip-off from Adobe that Sklyarov’s employer, ElcomSoft, had been selling the protection-removing software from its Web site. The arrest-the first criminal case brought under the Digital Millennium Copyright Act-spurred a boycott against Adobe products and protests against the company in more than 20 cities around the world. (Adobe quickly withdrew its support for the prosecution, and Sklyarov was released from custody in August. The U.S. Department of Justice continues to pursue the case.)

One issue in the Adobe debate is a conflict in the copyright act. An exemption to the legislation makes it legal to circumvent technological protections when an e-book is malfunctioning, damaged or obsolete. Civil-liberties groups such as the Electronic Frontier Foundation say such exemptions are necessary to protect traditional rights of “fair use” of copyrighted materials. But the act outlaws the manufacture, distribution or sale of software or devices that would allow consumers to exploit the exemption-a provision supported by publishers. “There is no device that can currently distinguish between a fair use and an illegal use of a copyrighted work,” explains Allan Adler, vice president for legal and government affairs at the Association of American Publishers.

But unless publishers give readers the leeway to use e-books the way they use print books, say critics, few will buy into the technology. EBookWeb’s Sperberg applauds Microsoft’s decision to raise the activation limit, and says getting rid of the “crazy catch-22” in the copyright law would be another good step. The fact that Microsoft has joined Adobe as a victim of e-book decryption efforts, he says, should make it clear that “digital rights management doesn’t make things harder for the professional pirate or the black-market publisher; it makes things harder for me, the reader.” Until software firms and publishers figure out how to protect e-books without treating all readers like thieves, the summer of beach-blanket e-books may never materialize. 

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.
Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.