Shostack + Friends Blog Archive


Kindle Brouhaha Isn't About DRM

In case you haven’t heard about it, there is a brouhaha about Amazon un-selling copies of two Orwell books, 1984 and Animal Farm. There has been much hand-wringing, particularly since it’s deliciously amusing that that it’s Orwell.

The root cause of the issue is that the version of the Orwell novels available on the Kindle weren’t authorized editions. When contacted by the owners of Orwell’s copyrights, they deleted the books and refunded customers’ money.

All things considered, Amazon did something approximating a right thing in this matter. They didn’t have the right to sell the novels, and so they pulled the novels from the store and customers, and gave the customers a refund. About the only thing they could have done righter was to give something to the people who thought they had the books. The best thing to give them would have been authorized copies of the books, but store credit would be nice, too.

You can find a New York Times article on it, as well as a CNET article [link to no longer works], as well as a Tech Dirt article that brings up the very good point that deleting the books was very likely against the Kindle terms of service, which is why Amazon likely should offer those people something.

Among all the handwringing, there are a number of stupid people — or perhaps people who should just know better — who somehow mutter dark things about how this serves people right for getting a device that has DRM in it. (As if they’ve never owned a DVD.)

Some of these people who should know better might think that I’m somehow in favor of DRM, so let me say that I am not. I am against DRM. I am also against nuclear war, swine flu, totalitarian governments, and bad service in restaurants. I’m also against one or two other things. None of them had anything to do with this little contretemps.

The issue is caused not by DRM, but by cloud computing. The problem is that Amazon has a cloud service in which Kindle customers can keep their e-books on Amazon’s shelf, and shuffle them around to any Kindle-enable device they have (like a Kindle proper, or an iPhone running the Kindle app). Customers can even delete a book from their Kindle and get it back from the cloud at a later date.

The event is that Amazon removed the book from the cloud, not that it had DRM in it. If you are concerned by this, you should be concerned by the cloud service. The cloud service enabled Amazon to respond to a legal challenge by removing customers’ data from the cloud. They didn’t need DRM to do it. In contrast, if iTunes store or the Sony e-book store had improperly sold a book, they wouldn’t be able to revoke it because they don’t have a cloud service as part of the store. (eMusic, incidentally, regularly adds and removes music from their store with the waxing and waning of desire to sell it.)

This is why we need to look at it for what it is, a failure in a business model and in the cloud service. Interestingly, the newly-formed Cloud Security Alliance predicts similar issues in which outside parties cause a cloud provider to shaft its customers. Not bad.

Their prescience is a bit limited because the proposed solution to this problem is to encrypt the cloud data with some fancy key management. That wouldn’t work here for the same reason that DRM isn’t an issue. If I know you have a resource, it doesn’t matter if magic fairies protect it, if I can delete it. It’s still good advice, it just wouldn’t have worked here.

What’s needed is some sort of legal protection for the customers, not technical protection. There are many potential warts here. If the owners of Orwell’s copyrights do not desire any ebooks of his works, it’s hard for Amazon to go buy legal copies for their customers (which would have been the most right thing to do). And it’s hard to argue that the seller shouldn’t do everything in their power to undo a sale they shouldn’t have made.

The correct way to deal with this is through some sort of contract arrangement to protect the customer. (The Cloud Security Alliance is prescient on this, as well.) That contract should be the Terms Of Service between the cloud provider and its customers. As TechDirt pointed out, this was likely a breach of Amazon’s TOS. They’re not supposed to delete books. They said they wouldn’t. Because of this, they owe something to their customers who were on the losing end of this breach of contract beyond the refund. I think ten bucks store credit is fine, myself.

They really need to do something, however, because without doing something, then someday someone will violate their TOS with Amazon and defend it with this breach of the TOS.

However, if you want to cluck your tongue, it should not be about buying goods with DRM, it should be about goods stored in the cloud. Everyone who offers cloud services ought to be clarifying now what they will do to protect their customers against lawsuits from outside parties. It can be crypto or contracts, it doesn’t matter, it just needs to work. This may be the first major cloud-based customer service failure, but it won’t be the last.

5 comments on "Kindle Brouhaha Isn't About DRM"

  • The Dave says:

    This is absolutely not just a “cloud” computing issue.
    The removed books weren’t just deleted from the cloud, they were deleted from end user’s devices, which is clearly a DRM issue.
    DRM isn’t about encryption, it’s about digital rights *management*, which in this case is just a case of Amazon abusing it’s power over end user’s purchased hardware and product — This is analogous to your hardware store keeping copies of keys after you buy locks there, then walking in and removing that fridge you just bought.

  • fishbane says:

    As Dave notes, removing the data from a device you own and removing it from the “cloud” (I personally hate that term) are very different things. I realize you want to concentrate on that aspect, but don’t lose track of the fact that the other is there, and to many of us more important. Certainly, it is trendy to consider things like the kindle simply an endpoint in the whispy froth of our data sea, or whatever, but the disconnect between physical ownership of a device to render licensed data that one pays for is the problem here, and it rightly makes many people upset that things like the First Sale doctrine goes away in our brave new world, and this doesn’t even get to details like the kid who lost his working notes when his copy of the book was deleted (obviously a technical side effect, but a very real problem – whatever one thinks of Amazon repossessing the books, they destroyed a user’s data in the process).
    Similarly, I believe you would agree that a “cloud” backup service failing, thus you losing access to backed up files, is different than that service removing a file from your machine.

  • Nicko says:

    One can argue that the Kindle device (or the Kindle iPhone app) is simply a browser for your Kindle bookshelf that happens to have a large cache to make it work better when off line. If you check out what Jeff Bezos has been saying all along about the Kindle it is clear that he views it this way; their business model is in the books not the device. Having said that, customers relate much more to the tangible device than to the intangible content and feel that purchasing a ‘book’ for their Kindle should be more akin to buying a physical book.
    There has been much emotive language in the reports on this incident with people saying that “Amazon reached in and took my book”. The reality is that the browser device went on line to performe a synchronisation operation and the book was no longer on the shelf, so the cache was updated to reflect this. While the effect is the same, the mechanics demonstrate that Mordaxus is right; this is no different to running GMail or other Google Apps in their off-line mode and the next time you go online you find that Google has deleted your email or documents.
    I think that the problem being discussed here includes not just the blurring of the distinction between devices and networks but between content and the embodiment of that content. The Kindle is your device but it is also a part of Amazon’s network. You purchase a device and then you purchase licenses to copy books from Amazon’s servers onto a number of devices. It’s hard for both users and legislators to get their heads around this model. I personally would like to see legislation to update the doctrine of First Sale, not just to clarify the resale rights on software that gets copied from read-only discs into memory but also to cover intangible downloads. Of course the problems with doing that are probably the topic of a whole other thread!

  • Adam says:

    It’s clear that to many Kindle licensees that the Kindle is more than ‘simply a browser for your Kindle bookshelf that happens to have a large cache to make it work better when off line.’ I’ve purchased (licensed?) books for mine from the lovely Baen books. They sell at [link no longer works]. I’ve imported Gutenberg books myself, and gotten many from who convert them from txt to azw for you.
    As to Gmail, I think that the fact that money changes hands creates a clear difference. I think Amazon exacerbates this with buttons labeled things like “buy it now with one click” (See here for example.) If I buy something, the seller can’t regret it and reverse it without negotiation and a meeting of the minds. You’re right, we need to update the doctrines of sale to reflect digital goods and evils.

  • Chris R says:

    I wonder what else they can do with your Kindle. Maybe I am just being paranoid, but the thought of Amazon gaining access to my personal property and controlling it is very unsettling.

Comments are closed.