Sunday, May 20, 2012

Epub Lightweight Content Protection : Can anyone tell me why it would be a good idea ?

Coming back from a tiring, but great family quality time 3 days stay in London, I just found out about EPUB Lightweight Content Protection, a proposal made to IDPF (holders of the EPUB specifications) by GiantSteps Media Techlology Strategies.

I'll let you read the proposal, before trying an explain a few of my objections to such a "DRM" scheme.

Basically, LCP (Lightweight Content Protection) is a "protection scheme" that sits on an intermediate level between watermarks and full scale DRMs. It has the retailer decide on a password, for each file, (or letting the user choose a password, but that's at HIS discretion), and using this password as seed of the key to encrypt the file.

I must admit that it has a few good sides : server-less and device agnostic/independent, it does stand a little bit better the test of time, no longer depending on software/hardware vendors for continuing access to content. It should also cost less on infrastructure and runtime service for distribution, disminishing the retailer's cost of DRM solutions.

However, from my point of view, here does the list stop. Let's start with drawbacks.

First, it's DRMs. The scheme is specifically designed to "take advantage of anticircumvention law, which is enacted in many countries including signatories to the Anti-Counterfeiting Trade Agreement (ACTA)." So, it penalizes customers who would want to bypass it to use their rights and license according to their needs.

Secondly, Password management :
When buying from multiple retailers, the reader will have to remember multiple passwords, even more so if  a retailer does not use the same password for distinct files.  Additionally,  it is proposed to ease the user's reading by having the devices "store" the key so that the user doesn't have to memorize the password. In that case, if he forgets the key (more likely since may not even have to type it once), he won't be able to transfer it to even one other device ! The file will be effectively locked to that single device !

Third : Paying : "The resulting EPUB LCP specifications, implementation, and related information would likely be published under licensing regimes. That is, content distributors and reading system suppliers would need to execute separate agreements with IDPF to obtain permission to use EPUB LCP and access to the specifications and reference implementation(s). Use of the technology would be expected to be charged on a cost recovery basis."

That one I find SO great !! I may be having a quite tortured mind, but here, the reading part of my cortex translates it to : "See, there is that Pesky Adobe DRM, which costs all a lot of money, without sharing anything with you ! But if you replaced them with US, you'd get part of the money..."

What of Open Source implementations ? Nope.

Fourth : Effect : None : even if widespread, "one step cracks", which are THE proposal's targets will keep on, maybe hiding under some other applications, or more likely integrating in them...

So NOPE, that's not one I'll put my approval stamp on.

If you have objections, either to what I wrote, or other points in the proposal, this post's comments seem a good place to put them ;)


  1. Tiens, j'me permet de faire le trackback manuellement sur l'opinion, plus nuancée, d' @edasfr :

  2. Ety la réaction d'Hadrien Gardeur sur le sujet :