chriswebb on TwitterChris Webb on FacebookSubscribe to the RSS FeedLinkedIn

Social DRM: How Much is Too Much Information?

I have been thinking about the concept of Social DRM for e-books a bit more lately. It’s a model I believe can work, but I wonder how much is too much information to embed. I think a watermark containing something like “This e-book prepared especially for John Doe (jdoe@jdoe.com)” is perfectly acceptable.

But, does that really put enough teeth into it? I mean if you are not verifying email addresses, John Doe could easily put in something bogus and untrackable. What if you put something really identifiable into the watermark - like the credit card number used to purchase the book?

If you are not sharing it then no harm no foul, right? But does that cross a line in terms of trust?

What do you think? How much information is too much for a social DRM watermark?

(Photo Credit Leo Reynolds)

  • pietvo

    I come a bit late in this discussion, but I don't agree with this sentence:
    `If you are not sharing it then no harm no foul, right? But does that cross a line in terms of trust?' or as Brian said: `It shouldn't create privacy issues, as the product is intended for private use anyway.'
    Your ereader could be stolen or you could just forget it in the train or a restaurant or whatever, and the information would be available for anyone who would find the device. I agree with Brian: `I think the main point against it would be that it is forcing the customer to store that sensitive information on their computer in an insecure format. '

    You could encrypt it with a secret key from the supplier. but I am still hesitant about this. On the other hand I am all for Social DRM instead of the inhibiting forms we have now, which I consider evil for the honest customer.

  • david s valade

    I worked with a company whose social DRM approach was gaining traction among academic publishers. Their approach utilizes the purchaser's credit card number as the password for opening the ebook and placed the purchaser's email address in the footer of every page. This enabled the publisher to provide sensitive information in a protected manner consistent with industry standard practices, while discouraging blatant copyright violations through casual mass-redistribution.

    The idea was that this helped to protect the interests of both the publisher and the customer.

  • David H. Rothman

    Hi, Chris. Many thanks for writing about the Social DRM idea. I'll do a link to the item from the TeleRead.org blog tonight or tomorrow.

    Those are great questions, well worth asking, but keep in mind that, yes, the credit card information could be scrambled as a series of numbers meaningful only to the publisher, etc.

    At the same time, less sensitive information such as names and e-mail addresses could be in the open. What's more, I love the order number idea or customer ID number (retrievable via e-mail or other means such as passwords). There is even the possibility of scrambling order numbers (maybe even breaking them up and placing the components in different parts of the book, varying from copy to copy). Talk about multilayer protection! Same for library card numbers, if publishers and librarians can work out the "permanent checkout" concept I've also been writing about.

    As for the term Social DRM, which comes from Adobe's Bill McCoy, who picked up the basic concept from The Pragmantic Programmer, maybe it can change in time, but right now the idea is to win over publishers. I think users will follow, given the extreme and rather deserved hostility to the usual DRM. I'm less interested in terminology than in weaning the publishing industry off its dependence on e-shackles. Could be a great sales booster and delight many a reader, especially me. Right now I rarely buy DRMed e-books, because I want to be able to own books for real.

    Big thanks,
    David

    P.S. eReader scrambles cc cards, although, alas, this happens within a proprietary system. Even its system is far from perfect (http://www.mobileread.com/foru.... But so be it. The only way to prevent piracy entirely is not to sell books---including the paper kind, which can be scanned!

    http://www.teleread.org/blog

  • Thanks for the comments - good stuff.

    I've adopted the term Social DRM as a result of some writing Ive seen over on the David Rothman site as well as a few others. I'm not sure I am sold on it either.

    However, I completely agree with the non-restrictive nature of what we are talking about here. I'm not talking about locking it down in any way, just watermarking.

  • Paul Watson

    A customer reference number or order number is quite enough for the publisher to identify the customer (in the publisher's invoice records).

    I would advise against a credit card number because, in a genuine case of theft (where a third party steals the ebook files) the customer's credit card details would be stolen along with the ebook.

    I would also avoid the term "Social DRM" like the plague. DRM is about restriction by software, and anything connected with "DRM" is understandably despised by many people.

    This is digital watermarking - it's nothing to do with using software to restrict usage. It's a good idea and I wouldn't want to doom it to rejection & failure by wrongly marketing it as "DRM", albeit with a buzzword prefix like "Social" (when there's nothing "social" about it - it's just a digital watermark).

  • Brian

    An ID number could make it easy to track the transaction, but the thing I find most interesting about the credit card approach is that it prevents someone from WANTING to share it, even with friends. It shouldn't create privacy issues, as the product is intended for private use anyway. I think the main point against it would be that it is forcing the customer to store that sensitive information on their computer in an insecure format.

  • Robert Bjarnason

    You can use a unique random number as the watermark for each copy then tie the information to the customers credit card in your database. If a pirated copy pops up, the watermark can be retrieved and the pirate identified by the publisher of the content only.

    Robert Bjarnason

blog comments powered by Disqus