Adobe Systems said Thursday it is now encrypting data it collects about certain ebooks after facing criticism earlier this month for not protecting the data.
Those logs were not sent using SSL/TLS (Secure Sockets Layer/Transport Layer Security), according to the blog. SSL/TLS encrypts data sent between a client and server, designated by “https” in a browser’s URL bar.
The Electronic Frontier Foundation contended that sending the data over plain text “undermines decades of efforts by libraries and bookstores to protect the privacy of their patrons and customers” even if Adobe’s practice was a mistake.
Without encryption, the plain-text data could be intercepted and read using network analysis tools such as Wireshark if the data was sent to Adobe while a person was using, for example, a public Wi-Fi network.
Adobe maintains the data is necessary to abide by the DRM (digital rights management) restriction on content, which are imposed by publishers and distributors to protect works from piracy.
The data sent to Adobe includes the title and description of a book, the author, language it’s written, the date of purchase or download, the distributor ID, the publisher’s list price and ISBN (International Standard Book Number).
In some cases, Adobe may record how long a person reads a book, which is used for “metered” pricing models based on the actual time the content is read.
The company also collects other technical metrics, such as the IP address of the device downloading a book, a unique ID assigned to the specific applications being used at the time and a unique ID for the device.
Adobe said it doesn’t collected any personally identifiable information, but may share “anonymous aggregated information with eBook providers to enable billing under the applicable pricing model.” It said it doesn’t collect information about content without DRM restrictions.