Thursday, February 14, 2013

Can Libraries Lend eBooks Without DRM?

Last week I sat through a talk titled "What is a Book?". The speaker was making the point that digital books don't have to be any particular length, so books could be really short or even really really long. The talk then went down a rabbit's hole of ebook technology. That evening, in the hotel bar, the assembled wisdom came to a different conclusion. "The book is a social construct" we declared, and we promised to write blog posts to that effect. Software can try to make the book into something new and more wonderful, but the social construct is more powerful than the technology. Sure, you can copy a digital book endlessly, but people will still think of it as something you buy in a bookstore. You can use "Digital Rights Management" (DRM) software to stop people from making copies, but people will find ways to share it with friends, because that's the social construct built around books.

Libraries have built another powerful social construct around lending books. You would think that libraries would be able to think of a way to do this for ebooks without resorting to DRM software. But noooo! Here's the problem: ebooks aren't print books, and the most popular model for library lending of ebooks is what I call "Pretend It's Print". Only one person can use the ebook at a time. So when one person is "borrowing" the the book, everyone else has to wait their turn. The reason that libraries accept this model is that it would be prohibitively expensive to license a popular book for the use of all of their patrons at once. The downside is that the fictional scarcity of the ebook has to be enforced somehow. Most publishers don't trust that libraries have the technical expertise to securely encrypt files, manage keys, and track licenses to enforce the print-ness of an ebook. So libraries end up lending ebooks only via "platform vendors" such as Overdrive, 3M, EBSCO, ebrary, EBL and others.

There must be a better way.

When the Harry Potter books came out in digital form, it did come out in a better way. If you buy a Harry Potter eBook from Pottermore, it comes as an unencrypted ePub. But your name and purchase info gets embedded in the file as a way to discourage you from posting it on file sharing sites. ("fingerprinting" and "watermarking") As long as you use the ebook the way you would use a book, no software gets in your way. This is commonly known as "social DRM". Unfortunately, to my mind, the "social DRM" label has besmirched a good idea with the stink of a bad one. Cory Doctorow has called social DRM "delusional".  O'Reilly's Joe Wikert compares social DRM to being "a little bit pregnant"  which might seem "a little bit" hypocritical, as O'Reilly's venture with Pearson, Safari Books Online, requires DRM for O'Reilly ebook subscriptions sold to libraries.  uses social DRM for PDF downloads. (updated 2/18/13 based on comments) A more practical view was expressed by Feedbook's Hadrien Gardeur, who suggests that we think of social DRM as "personalization".

English: Librarians against DRM
Librarians against DRM (Wikipedia)
Librarians are nothing if not practical but the strong DRM that's been imposed on them by the incumbent ebook platforms is in conflict with many of the core beliefs of librarianship. (The platform vendors, are in turn required to use strong DRM by the publishers who offer their books for library licensing.) DRM degrades accessibility, fair use, and privacy. Is there a way to use the strength of the library lending social construct to enable an ebook lending system that works without DRM?

The difficult part of this is not so much preventing illegal distribution, but getting users to accept limited lending periods for digital objects. After all, libraries need late fines to enforce limited loan periods even for printed books. With personalization of ebook files and cooperation with reading environments, this could be easily achieved. A "loan certificate" could be inserted into the ebook file, and the reading environment could remind and assist the user to "return" the book. Reading environments could also offer the user a chance to purchase a permanent license for the ebook.

Of course, a knowledgable user could easily circumvent loan expiration, or choose a reading environment that ignores loan certificates but that's beside the point. As long as most of the users respect the social construct of the library, they'll respect their obligations to their library, and the world will be better for it. Many of the expenses and inefficiencies of the current system would disappear. I think it's worth a try.

Overdrive has tried. In June of 2011, they announced a DRM-free lending program, with DRM-free publishers such as O'Reilly and Carina Press. The Overdrive program deals with the "return" issue by not dealing with it at all. It's not possible to return a DRM-free title early, so no one else can "borrow" a DRM-free title for the standard loan period. The effect is to replace the one-reader-at-a-time restriction with a lending-rate restriction. Overdrive seems to have de-emphasized this program. In December of 2011 they notified customers that "DRM has been applied to select DRM-free eBooks" and the announcement of the program has disappeared from their blog.  There's also no indication in the borrowing UI that a title is DRM-free; epubs are just labeled "Adobe EPUB ebook", presumably to prevent users from discovering how easy these files are to use or misuse.

A lot of mainstream publishers would never let libraries lend "unprotected" ebooks. There are exceptions. Springer's ebook collection is available to libraries without DRM. This makes sense because none of the included books are likely to be heavily used- the audience for an academic book is usually quite small. On the other hand, there are DRM-free publishers such as Baen and Tor that currently do not allow library lending at all; they seem to be good candidate for a no-DRM library solution.

I've started talking to people about how these ideas might be implemented- if you have ideas of your own, please let me know.

1. An IDPF working paper has promoted "lightweight content protection" as another way to address the needs of libraries.  The idea in this proposal is to apply just enough DRM to trigger the anti-circumvention provisions of the DMCA and similar provisions in other countries.
2. Bookshare has used fingerprinting and watermarking as key components of their "Seven Point Digital Rights Management Plan", with good success.
3. Liza Daly has a list of DRM-free publishers.  Now that she's at Safari, maybe something will happen there. you should read her comments. (update 2/18)
4. is another way to remove the need for DRM in libraries.
Enhanced by Zemanta


  1. Hi Eric,

    Safari Books Online doesn't have DRM in its library product or otherwise. What led you to think that?

    1. Liza, I'd love to have you set me straight.

      My understanding is that at least some institutions have limitations on the number of simultaneous users for Safari Books Online.

      One library website describes the the safari ebooks online as having these limitations:
      - Safari ebooks and videos can only be viewed in your browser; they can't be saved or downloaded.
      - Limited printing and copy/paste are allowed in ebooks.

      DRM expert Bill Rosenblatt comments on his blog: "Indeed, the tech publisher O’Reilly & Associates is known for its anti-DRM stance but uses DRM in e-lending (and uses a form of watermarking in its downloadable PDFs)."

    2. We do limit the number of concurrent users, as we sell to libraries based on concurrent seats. I think that's outside of what people typically mean when they refer to "DRM."

      We do not typically offer file downloads at all, except in some limited cases (and in those cases, the files are watermarked but otherwise DRM-free).

      We don't restrict printing or cut-and-paste.

    3. Thanks for the clarifications, Liza. I think it's interesting that the user limitations available in Cloud based services are very different from file-encryption-based DRM but at the same time they accomplish many of the same goals. For example, printing may not be restricted, but it may be limited by server controls. From the Safari help site: "To protect the content on our site, Safari Books Online employs spidering detection software to prevent use of automated content retrieval mechanisms."

  2. Liza wrote: "We do limit the number of concurrent users, as we sell to libraries based on concurrent seats. I think that's outside of what people typically mean when they refer to "DRM"."

    I know it's only a single data-point, but I may as well say that it certainly falls within what I think of as DRM, and my guess would be that is true for many people. Probably most.

    1. Mike, Although most libraries detest per seat usage limits, because it rewards evil session management, they don't consider it to be "DRM", because it doesn't require user log-in or tracking.