Playing It Safe with Patron Confidentiality and Ebooks
By Michael Kelley Apr 25, 2011As Jessica Rogoz, the head of technical services at the Hamden Public Library, CT, recently prepared to launch ebook lending at her library through OverDrive, she had concerns about what the use of Adobe Digital Editions to download the books could mean for patron confidentiality.
"One of our reference librarians actually read the Adobe policy, and she couldn't figure out what information they were keeping when you sign up for the Adobe ID," she told LJ. "There's really no sense of what's covered and what isn't," she said.
As libraries work with numerous outside commercial companies that provide a significant part of a library's digital infrastructure, it's not always an easy task for them to determine whether patron privacy is being protected.
Making an informed decision
To address the problem, Rogoz asked OverDrive to attach a privacy notice to the footer of the library's OverDrive page as a condition of the library launching the service. The notice will read:
Please be aware that by using an Adobe ID to download ebooks to an ereader or mobile device, you are granting Adobe access to your ebook circulation information. Adobe is a third party company with no affiliation to the Hamden Public library, and is not subject to Sec. 11-25 of Connecticut General Statues, which ensures the confidentiality of library records. Please see Abobe's Privacy Policy (http://www.adobe.com/misc/privacy.html) for more information.
If you prefer Adobe not to have access to your ebook reading history, you may read ebooks on your computer using an anonymous login. However, with an anonymous ID, you will not be able to transfer ebooks to a handheld device.
"We want to be sure that our patrons are making an informed decision. We don't want them just to assume they have the same privacy protection with ebooks checkouts that they have with other library transactions," Rogoz told LJ.
Part of the problem, Rogoz said, is that even librarians have difficulty making an informed decision. When asked if she knew that Adobe actually maintains circulation information, she said, "The fact that I don't know is part of what bothers me about this." And answering such a question, as LJ attempted to do, is not a simple exercise.
What Adobe and OverDrive know
Joshua Rome, the business development manager for digital publishing at Adobe, told LJ that he did not know what "ebook circulation information" in the Hamden policy notice refers to.
He explained the Adobe process this way:
The company internally hosts two separate servers: a license signing server and an authentication server. Users must create an Adobe ID (one time per device) to activate their installation of Adobe Digital Editions. This is through the authentication server, and it is the only direct communication that occurs between the user and Adobe's servers. At a minimum, the ID information must contain an email address and the user's name.
The Richland County Public Library, SC, has posted a video on YouTube that illustrates the registration and download process.
When a user downloads an ebook, they usually click a URL. This initiates a workflow whereby a content server at OverDrive communicates with Adobe's license signing server to issue a license. OverDrive packages the license with the ebook and then delivers it to the end user as an encrypted ebook. In other words, Adobe's license signing server simply provides a license key upon request from an ebook aggregator like OverDrive.
"It does not transfer any data about the content," Rome said. "Our servers do not even have any data about what content is fulfilled to what Adobe IDs," he said. "We never receive/track/store this information, as we simply churn out a license key and pass that off to the ACS operator," he said, referring to the Adobe Content Server (ACS) which is used by OverDrive.
The only information Adobe does have is how many devices are associated with a particular Adobe ID account, he said.
Bill Rosenblatt, the founder of GiantSteps Media Technology Strategies and an authority on digital media technologies, said that Adobe simply acts as a "root of trust" for the OverDrive system, which means "churning out the license key."
"Adobe doesn't get any information about the usage of the system," Rosenblatt said. "On the other hand, OverDrive receives and maintains data about e-book borrowing for each library. It does it in the same way that an outsourced accounting...system would store financial or customer information, under a contract that probably contains some provisions about personal data usage and privacy. Given the library community's sensitivity about privacy, I suspect that OverDrive's standard contract contains strong privacy provisions," he said.
OverDrive's contract with the Kansas State Library, for example, says that OverDrive "is not entitled to any patron data or information relating to the identity of patrons...." OverDrive is allowed access to the Kansas system to "validate the total number of downloads."
Dan Stasiewski, a marketing associate at OverDrive, told LJ that the company does not retain any personal information about a patron, except in the case where a patron may enter an email to receive notification for a hold. The company does store library card numbers, although it isn't clear if it maintains a record of downloads associated with a particular card.
"OverDrive is concerned with patron privacy and has taken every step to make sure that personal information is protected," Stasiewski said.
