Advisory - Adobe Digital Editions Privacy Concerns

Update - October 24, 2014

Adobe has issued a software update (Digital Editions 4.0.1) in response to the privacy concerns raised by the community. We strongly recommend that users who wish to download e-books review Adobe's privacy statement and update their software to the latest version.

Links:
Adobe Digital Editions 4.0.1: http://www.adobe.com/solutions/ebook/digital-editions/download.html

Adobe Digital Editions Privacy Statement:
http://www.adobe.com/privacy/ade.html

"Adobe releases Digital Editions 4 software update to address data privacy concerns."
Talking New Media. 23 Oct 2014.
http://www.talkingnewmedia.com/2014/10/23/adobe-releases-digital-editions-4-software-update-to-address-data-privacy-concerns/

Background

Several privacy issues have recently come to light involving Adobe Digital Editions, a commonly used software for handling the Digital Rights Management (DRM) of downloaded e-book files. More specifically, it has been noted that Digital Editions version 4 logs data about the books being used by the application. This information is sent back to Adobe in unencrypted plain text, which is not in keeping with security and privacy best practice.

E-books offered by the University of Alberta Libraries are readable through a web browser in addition to often being available for download. Users who are concerned for their privacy are advised to access the online version, or where interested in downloading an ebook for offline reading, to uninstall or otherwise avoid using Adobe Digital Editions version 4 until such time as Adobe has addressed the issue. It has been reported that previous versions of Adobe Digital Editions do not present the same risk; version 2 and 3 are still available for download on the Adobe site.

University of Alberta Libraries takes very seriously our users' rights to privacy. We are working with our e-book providers and other stakeholders to understand the issues and advocate for an appropriate and timely course of action from Adobe. We are in communication with University of Alberta's privacy and network security officers regarding this issue and will continue to monitor the situation closely.

For more information on the Adobe vulnerability, see:

https://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/

For further information, please contact:

Geoff Harder
Associate University Librarian