Social Way street signMobipocket’s Web site is still down as I write this. Some old customers just might stop buying Mobi-format books in the future.

E-book software companies, publishers, distributors and e-stores, then, should consider social DRM as an alternative to traditional, Mobi-style DRM. Social DRM works by embedding names and/or other identifying information into files you buy, so P2Ping isn’t as tempting. It’s hardly perfect. But it isn’t the e-book toxin that Mobi-style DRM is. With social DRM, e-books can be much easier to buy and own than with the traditional variety.

Best protection is none, but…

The best protection is none in this era when pirates can so easily scan paper books. Fictionwise is smartly offering thousands of DRMfree books, in cases when publishers will allow. Mobi DRM, although actually gentler than many competitors, is still a hassle. Last I knew, Mobi wouldn’t even let you use a book on more than four devices at once—a barrier I’m constantly up against.

But many large publishers still hate the idea of using nothing. So social DRM could be a compromise. For software companies, stores and retailers alike, social DRM could be a way to get the jump on the competition.

Hello, Mobi? Social DRM would be one way of bouncing back from your debacle. Your owner, Amazon, is already experimenting with DRMfree music, which a far, far more radical step than social DRM.

Social DRM as a way to take e-books more seriously

At least with social DRM, buyers would never lose access, even temporarily, to already-bought books—no small concern when hard drives and the like may go south.

We could take e-books more seriously as a medium if we could truly buy them, especially for future use on new machines with different operating systems. Or present use on the cellphones, PDAs and other gizmos now proliferating in many households.

The result? We’d buy more e-books, probably lots more, especially with a standard format in use, such as the IDPF’s epub. No longer would our use of e-books be so closely tied to the competence or survival of the company behind a specific format and protection system. E-reader companies could compete in such areas as ergonomics and features.

The challenges—and your suggestions

So how would social DRM work? A publisher or other company would embed identifying information, as noted—names and perhaps encrypted credit card numbers and other items. The process would be probably be less complex than existing DRM systems.

But social DRM comes with its own challenges, and I’ll welcome a discussion of problems as well as solutions. Here’s a start, nothing more.

—What kind of information should a social DRM system embed in a book-buyer’s file, besides someone’s name? How much of a privacy risk are encrypted credit card numbers, a system used by eReader/Palm? So far I haven’t heard of any card-number leaks involving Palm, but there’s always a first. Anyone else know of any cracks? How secure could such system be made? In plain English, what technical precautions could be used? Is there a risk of crackers sneaking into the machines of legitimate buyers and spreading their libraries all over the Net?

–How expensive would it be to run a social DRM system on a mass scale? More or less costly than the current crop of traditional encryption-based systems? Could expenses be reduced by avoiding the use of encrypted credit card numbers and relying on verified names and physical addresses instead—perhaps in cooperation with services like PayPal and credit card companies?

—How reliable would social DRM systems be, technically, compared to traditional DRM systems? Would there be less of a chance of Mobi-style failures?

–What should e-book publishers do to augment the technology with the proper social environment to discouraging mass piracy? Tellingly, many p-books are already available in illegal e-versions, but most publishers are not yet losing major income. Will this change as e-book technology improves with better displays and other innovations? What can be done to control the piracy problem? The best protection, as I and others see it, is a mix of fair prices for legal editions, convenience of use, and efforts by publishers and authors to maintain a friendly presence on the Net, so they are less attractive as theft-fodder. Interactive books and updated editions could help in some cases, making single files less useful in themselves. So could larger charitable contributions by best-selling writers such as J.K. Rowling.

–How could social DRM be applied to libraries? Working with publishers, could they change their business models to allow patron to keep books for strictly personal use—and pay more to publishers? Or rely on patron-identifiable files that would be vanish when the checkout expired?

Further details on Palm’s use of social DRM or at least a variant

Now–back to Palm (eReader is the current name) to examine how its protection currently works.

According to an old Palm press release, “All eBooks from Palm are encrypted to prevent the unauthorized distribution of books. Using a credit card to make the purchase, a copy of the book is created in real time and is unique to an individual. When the book is opened for the first time on the person’s handheld computer, he/she is required to enter his/her name and credit card number in order to unlock his/her personal copy of the book. This unlock operation only happens the first time the book is opened.”

Of course, some might say this is no longer social DRM, given the need for an unlock.

How the Pragmatic Bookshelf uses social DRM

So what about a less complicated approach? Adobe’s Bill McCoy has zeroed in one that Pragmatic Programmer uses. Adobe is hardly about to ditch traditional DRM, but Bill has been open minded about widespread adoption of social DRM:

“For eBooks, I really like the ‘social DRM’ approach of The Pragmatic Programmers, who ‘stamp’ PDF eBooks with a ‘For the Exclusive Use of …’ and the name of the purchaser. Given that they are making more than 30% of their total sales on eBooks, far more than any other traditional publisher, it’s hard to argue that this approach is infeasible.”

Pragmatic’s system in action

See Pragmatic’s FAQ. Excerpt:

“There is no copy protection or functionality restrictions in the PDF files. You may view or print them for personal use as you see fit.

“You may not give your PDF version to other people. The PDF file you order is personalized with your name and other identifying information.

“You can buy multiple licenses of a PDF file for your team or organization, in which case the PDF will be stamped with the number of allowed licenses. We’ll only send you one, so as to conserve everyone’s bandwidth.”

Sounds promising

Sounds promising to me. Time for other publishers to learn from Pragmatic’s success and jump in with experiments of their own? The real risk would be in not experimenting and leaving themselves exposed to damage from fiascoes more serious than Mobipocket’s current failure. Worse, what if new technology render current protection obsolete? A far-safer approach would be to foster, and rely on, healthy social norms. Tech changes. Human nature, good and bad, doesn’t. While I prefer no protection, I hope that big publishers will consider social DRM as a compromise.


  1. Apple sells DRM free music with the downloader’s name and address encrypted inside the file. There was quite a stink about it. I think it was even mentioned on here before.

    With social-DRM you’d be able to (even if not supposed to) “lend” a copy to a friend, much as you can with a pbook. I think that’s probably a good thing because I’m still reading books written by authors I found out about at school by reading a friend’s copy of a book. The friends are long gone but the word of mouth remains.

    Incidentally, I just found this site recently – is it widely known?

    Ambitious if they pull it off beyond the launch month of September.

  2. Social DRM adds extra information to the ebook therefore it can always be removed while leaving the original information content intact .
    The removal process can be tricky… but once somebody figures it out he can write a piece of software that makes it easy for others.

    “convenience of use” as you say can be the greates factor, especially if prices would drop to a point where it’s just not worth your time to bother with searching for a “free” download.

    One thing that could work technically – though I’m not sure it would help – is a digital proof of purchase.
    This would be a digital certificate – much like the ones used by banks for their secure websites – with a content certifying something like
    “Reader Joe Average puchased Edition 1 of the book: My First Novel By X.Y”
    Think about buying a physical book. You can pickit up in the bookstore but if you try to walk out the door the security guy may stop you and ask for the receipt (proof of purchase).
    The question remains: In the case of ebooks where is this “door with the security guy” ?

    It could be built into reading software or devices – which probably would not work on the long run.

    People could be audited – at least in theory or by low enforcement.
    So if a person downloads a lot of pirated ebooks and the RIAA of publishers finds out police can confiscate the hard drive and check for these certificates. If they’re missing… the guys in trouble.

    I think the solution is a non-disturbing combination of these technical tricks and more importantly a working incentive scheme.

    The challenge of digital content is not to prevent the content from being spread or given to someone, it is to get that person to make a purchase after he received the content.

  3. @ Tamas – kind of like shareware? You tried it out and now use it so now pay for it. The problem is once you try a book there’s not much point in hanging onto it if the threat of an audit (I have visions of a Minority Report style future with people bursting through my front door because I’ve downloaded some Conan from Project Gutenberg Australia…) is significant. Download, read and delete would get around this because at worst you’d have only one or two ebooks on the go at any one time.

    And that’s not even touching on my feelings about having my hard drive audited – I’ve been overdoing my posting on here today because we had a customer quality audit this morning and I decided to kickback this afternoon because it went so well – which is effectively treating everyone like a criminal until they prove they aren’t.

  4. @Bill
    “treating everyone like a criminal until they prove they aren’t”

    I don’t think so. I think it’s quite the opposite.
    First, these audits would be quite unlikely to happen.
    Think about it… you cannot “enforce” this for all the people who are readers.
    Second, if for some reason there is an issue where you have to come clear it would be very easy for you to prove that your purchases are legit.

    These certificates could be bundled into the ebook file – for example if it used the IDPF container format. It would be just another file in the zip.

    I think you are right about the “read and delete”… that’s a challenge 🙂

  5. Re social DRM: I’m delighted to see Bill and Tamas considering the technical details, and I hope they will continue, joined by others. My own theory, however, is that the social details may count even more. I think that publishers will have to reconcile themselves to a large amount of leakage and the need not to play Gestapo. At the same time, I think net earnings will be higher since traditional DRM, both in costs and lost sales, is such a heavy tax on e-bookdom. The key is to make books more of a community medium in a way that draws writers closer to readers, so people won’t feel they’d just be ripping off faceless corporations. A community approach is good marketing anyway. And good for literature and general enlightenment! Thanks. David

  6. @Bill: “at worst you’d have only one or two ebooks on the go at any one time.”
    Unrelated to the main topic, but the point has been made in other discussions: people read differently. Some may read one book at a time, others many more. For example, I’m actively reading seven books on my eBookwise, of the twenty-odd currently loaded.

  7. Hi David, All,

    I like some of the ideas here for social DRM but, of course, I would like to go all the way and introduce the Rights Office system for regulating content in a socially acceptable way without the need for any technical control of the contnet. I will just try and compare some of the common features:

    1) Rights Office (RO) uses unique identifiers to identify the content but unlike social DRM these identifiers are opaque and so don’t contain any personal information.

    2) Under RO, like social DRM, you truly own the content – forever.

    3) Reading the content would not depend on a particular piece of technology (eBook).

    4) Any number of copies can be made to provide access for the owner.

    5) “The process would be probably be less complex than existing DRM systems.” – especially for the consumer under the RO scheme and probably this is also true for social DRM.

    6) Still can’t figure out operational costs for either system.

    7) “What should e-book publishers do to augment the technology with the proper social environment to discouraging mass piracy?” I have listed a number of dynamic features (business practices) that could be used to enhance the social environment for the RO here [] and I think many of these could be used for social DRM.

    8) RO provides “digital proof of purchase.” as mentioned by Tamas Simon.

    9) “My own theory, however, is that the social details may count even more.” This is the RO view as well.

  8. Nicholas: Thanks for your thoughts—it’s great when people propose different biz models, because some wonderful things can come out of the mix.

    On the page mentioned, you write: “If a consumer persuades a friend to buy a copy the original consumer could obtain a small referral refund. On a larger scale, imagine a reviewer who attracted a large consumer following. If she attracts a wide audience for a new work she could potentially earn more than just a refund on the original purchase price.”

    In evaluating or designing the referral model, it’s helpful to consider various possible complications. For example, as someone who reviews e-book-related products, including some books on occasion, I don’t want major money for sales generated. I may well add an Amazon link to the TeleBlog at some point, since I mention so many P versions of books and could use the money, but I have mixed feelings because of the potential conflict of interest, even if it’s small. I definitely would not like large rewards for book mentions. Totally inappropriate. The Amazon links, of course, bring in some cash even with negative mentions. Still…

    I hope that’s helpful, Nicholas.


  9. David, you said:

    “but I have mixed feelings because of the potential conflict of interest, even if it’s small. I definitely would not like large rewards for book mentions.”

    A very good point and of course any reviewer would have to consider how they play this. I imagine even today well known reviewers have to be careful of their impartiality and not accept gifts from publishers etc.

    Having said that there is a subtle change in prospective under the Rights Office system which might or might not be reproducable under social DRM: Because of the freedom of identified copies in the RO system a reviewer who BOUGHT rights to her own copy and then went on to review it could then pass on a copy to anyone who read the review. The recipients are free to read the book as well as the review and decide weather the book is worth buying.

    Of course you ask, why would anyone buy the book if they already have it in their hands to read? I believe their are a number of reasons:

    – If the consumer throws down the book after the first chapter because they think it is rubbish they probably won’t buy it and they will be justified in this action and not obliged or expected to pay.

    – If you enjoy reading the book many people would be happy to reward the author in the hope of more good books to come if nothing else. This will be more so the case if they also know they don’t have to buy books they don’t like. and more so the case if the price is reasonable. (As Tamas said: ‘especially if prices would drop to a point where it’s just not worth your time to bother with searching for a “free” download.’)

    – Another small positive incentive here in the chain of contributions [1] is that the consumer would know they are also rewarding the reviewer for her good work as well.

    – Buying the book will put it on the consumers ‘virtual book shelf’ guaranteeing permanent instant access in the future when they want to dip into it. There is a moral point here as well; they can demonstrate their support for the artist.

    – Buying the book will give them the right to share it (lend) with their friends.

    Best, Nicholas


  10. Tamas, Thanks for reading the article. If you have any comments / feedback I am always interested.

    I have had a paper, based on what you are reading, accepted for the Virtual Goods conference in Koblenz, Germany, in October. I’m hoping that will generate some discussion with people in the field.

    I have been at this for a long time (in my spare time) now, for eight / ten years maybe. I thought I had an idea and I thought if I told people about it someone would pick up on it. Despite a few good supporters and a few articles published I guess it doesn’t work like this. Or it is not a good idea and no one is prepared to come out and say so and back it up with reasons (just saying, ‘It won’t work’ doesn’t stop me thinking ‘why not’).

    In hindsight, I should have spent my time developing the system and not talking about it. That is what I am doing now but it is probably going to take another 10 years. Suggestion on how to proceed are also welcome.

    This is probably relevant for social DRM. It needs a champion (David? 🙂 who is going to push it into reality ASAP and see how it works.

  11. Nicholas, I am not saying it won’t work… but I’mskeptical.

    “Trading rights” works in the enterprise software world where software is dual-licensed GPL and commercial. A company would not risk not having the rights… therefore commercial licenses will be purchased even though the tangible part, the software, the source code is already in their possession.

    However, I don’t see how it will work with music or ebook downloads where
    – the consumers are individuals who don’t have to be “afraid” of law enforcement (something the RIAA is trying to change 🙂 )
    – the consumers have no further plans other than to access the content

    The ideas that I found rather interesting are:

    Some kind of multi-level or associate marketing where people would be endorsed to spread the content and they would make money on sales.
    Don’t Pay Button

  12. I think Amazon’s idea of allowing people to “search inside this book” is a good one, and it’s what a lot of authors do already on their personal websites, post excerpts so that people can decide for themselves if they want to read it before forking over the cash. Since this is already in play, I don’t think adding it to a system to control theft would work.

    If we’re talking about the costs of books, if print books went to the POD model and stopped print runs of 5k or more, half or more of which end up pulped (or covered in detergent in a bookstore’s dumpster), then production cost for print would go down, and that would trickle down to the consumer. It might not right away, but someone would realize they could sell more books if theirs costs less, and then it would be a gas war.

    Talking about e-books, if I format our author’s stories myself, I can do it in Microsoft Reader, Mobipocket, HTML and plain text without any cost but time. However, it costs $30.00 for the software (and a sharper learning curve) to format for Palm and eReader. You’re not even allowed to do it yourself for Sony–it costs $300.00 there, iirc. if it’s being uploaded to a second or third party website in any of the formats I mentioned, many times you have to pay so that they will format it, even if you believe you would do a better job than they would. It’s not a big fee, but it adds up, plus they get a very good portion of the profits. If you upload it to mobipocket, for instance, you’re required to add the DRM, even if you don’t want it, and they take the same chunk.

    I think micro-refunds would benefit few. They sound like rebates. No one really wants to pay full price and then get some money back later. Whatever the reality, no one feels like they’ve made a bargain.

    I also think that people would do about the same or less content sharing if they were paid to do so. How many reader blogs are also Amazon affiliates? It taints them. Their impartiality is suspect. No one knows if they really love the book or if they just want to get the kickback. That’s why journals like Consumer Reports (and if it’s not that one it’s one like it) refuse paid advertising.

    In addition, considering the idea of community, I ran across a reader blog the other day where a commenter said they didn’t want to feel like they were in a community with the author; that it always felt like an artificial way to build sales. I think that commenter is in the minority, and I think it has to do with whether or not the way the community is built feels genuine.

  13. Tamas,

    I really like Brad Templeton’s ‘don’t pay button’ idea as well which is why I include it as a business model. His idea has also been around for a long time without going anywhere and I thought Rights Office would provide infrastructure to make it work.

    I agree software is in a different league to books and music which is probably why GPL type licenses appear to be flourishing along side commercial uses.

    The way I propose to implement ‘rights trade’ in the Rights Office system introduces subtle changes that could make consumers look beyond access. For example:

    – Each consumer gets an individual license to a specific piece of content not a general license that is available to everyone such as GPL or Creative Commons. This increases the consumers sense of ownership; They own the book, can get it off their shelf at any time. The author / publisher can model ‘further plans’ by providing, say, a discount on a sequel to consumers who own the first. Consumers can demonstrate to the RIAA when they come knocking that they own their copy of the music.

    Sure, there will always be many who will never buy (or can’t afford to buy) if they can help it (there are now) but if we shift the balance toward ‘positive’ ownership it might make all the difference.

    Sorry if these comments are drifting slightly off-topic but I hope they provide thought for the broad ‘social DRM’ picture.

  14. I know this is way late for this particular blog entry, but if I buy a book, what rights management does the author have besides the copyright laws? If I buy anything that is not in a digital format, the author/publisher/etc have done nothing to prevent its redistribution. Crimony: I can even donate a book, tape, CD, or DVD to a library, thereby removing hundreds to thousands of potential purchasers from the pool of their profits. So, how does being on digital media drastically differ from this model? Why should the consumer be punished for selecting a format that is orders of magnitude cheaper for them to produce and distribute? Why is DRM an issue at all? I just don’t get it…

  15. Regarding credit card leaks: it’s simply impossible.

    According to Palm’s press release no credit card number is stored in neither the device, nor the ebook. This means eReader software compares NOT the credit card numbers but its checksums. A cc number checksum like MD5 (see Wikipedia) is not reversable, therefore there is no risk of leakage.

    EReader’s solution isn’t perfect, it’s not even “social DRM.” It’s just less restrictive than Mobipocket, ADE, Kindle and others. It still requires the use of special software and doesn’t allow format shifting.

    Still, embedding a cc number in a form of a checksum inside an e-book is a good idea. In case of some publisher’s e-book got pirated then such a publisher could compare the checksum inside the e-book with the cc number checksums stored in the publisher’s database. Definitely workable…

    But not perfect. Just by changing the format one could wipe off the embedded hidden information. Therefore publishers should add user’s name and address plus possibly last few digits of a credit card to the first page of an e-book or to each page’s header or footer (in case of PDF for example.)

    Sure it’ll be possible to remove it but a potential pirate would definitely have doubts about having removed each and every trace of private info (including the cc.)

The TeleRead community values your civil and thoughtful comments. We use a cache, so expect a delay. Problems? E-mail