Romance, Historical, Contemporary, Paranormal, Young Adult, Book reviews, industry news, and commentary from a reader's point of view

ITunes and Social DRM

iTunes DRM free is not entirely DRM free. iTunes free downloads have what is called social DRM. Inside the audio file is your email address and account information which means if a song is shared, the person who shared the information is encoded into the file itself. I think this is a great idea and would love for publishers to go this route.

It doesn’t prevent a consumer from portability and ownership of a digital item, but it does carry with it accountability for sharing.

Jane Litte is the founder of Dear Author, a lawyer, and a lover of pencil skirts. She self publishes NA and contemporaries (and publishes with Berkley and Montlake) and spends her downtime reading romances and writing about them. Her TBR pile is much larger than the one shown in the picture and not as pretty. You can reach Jane by email at jane @ dearauthor dot com


  1. XandraG
    Jan 13, 2009 @ 15:18:15

    Isn’t this how Fictionwise’s secure eReader format works? The name and credit card info are attached to the file and you unlock the file by entering the card number. It’s not stored on the device, they say, but encrypted somehow in the file itself? I’m not quite sure how it works, but I do know that it’s easy enough and second-nature enough that it doesn’t feel like it’s putting me out to have to do it. And I can use the same file on both my smartphone and my iTouch.

    This new thing is better than the old DRM for music (unless it remains incompatible with mp3. My main reason for buying music is to be able to play it on devices and music players other than iTunes). It won’t stop the pirates, but it’ll be a lot less intrusive than the current iteration.

  2. Kat
    Jan 13, 2009 @ 15:30:46

    I agree. Remove the anonymity of the person sharing and I reckon it will be enough of a deterrent for most. I wonder how hackable it is, though.

  3. Meljean
    Jan 13, 2009 @ 16:04:10

    I imagine it would be relatively easy for anyone with know-how to strip that info, but the lay-pirate might be deterred. I agree — it’s a step in the right direction.

  4. Jane
    Jan 13, 2009 @ 16:08:53

    @Meljean But it’s easy to strip iTunes DRM today anyway (or most DRM for that matter) but for the occasional file sharer, it might be a sufficient deterrent. Piracy is not ever going to stop, but if you can have some built in accountability with the mobility of use, I think that’s a pretty good trade off.

  5. Jane
    Jan 13, 2009 @ 16:15:29

    @XandraG: It’s really not the same thing. eReader is a proprietary format so you must use eReader to read the book and you have to provide your name and credit card information to anyone with whom you share the book.

    With a DRM free ebook with social drm (such as your name and email address encoded into it), you would a) be able to read the book on any device that you like and b) you would be able to share the book with the friends that you find trustworthy enough, just as you would a paper book.

  6. Angela James
    Jan 13, 2009 @ 16:18:06

    I really like this idea. I wonder how hard it is to do?

  7. Meljean
    Jan 13, 2009 @ 16:59:34

    @Jane: Ah, as more ease of use — definitely. My head is still in piracy mode from the other thread. I’d happily inscribe my SSN on my books if it meant I didn’t have to download freaking Adobe Digital Editions just to buy one.

    Now if only they could get it down to one or two formats…

  8. Kat
    Jan 13, 2009 @ 18:17:53

    @Meljean: I doubt they’d go so far as to put your SSN into the file due to privacy implications. Even having credit card info in a file gives me pause and makes me wonder if Fictionwise or whoever is encoding and transmitting the data is PCI DSS compliant. I’m not comfortable having my personal info floating around like that. What if the files/ebook reader were stolen, for example?

  9. Meljean
    Jan 13, 2009 @ 19:06:25

    @Kat: Oh, no — I was being overly dramatic, as usual. I would also worry about personal information being stored in a file … and even e-mail address/account numbers would make me a little uncomfortable. But, say, a customer # that ISN’T an account number, but that refers to me in a database somewhere (without actually giving someone info that they can use to make purchases?) I’d be okay with that, as long as there was an extra step between my purchasing/personal info and the file (if someone did get their hands on the file. )

  10. DS
    Jan 13, 2009 @ 19:20:38

    I thought I remembered this from last March when Random House started offering Audiobooks in nonDRMed MP3’s.

    Random House tested the justification for this fear when it introduced the D.R.M.-less concept with eMusic last fall. It encoded those audio books with a digital watermark and monitored online file sharing networks, only to find that pirated copies of its audio books had been made from physical CDs or D.R.M.-encoded digital downloads whose anticopying protections were overridden.

    NYT article is here

  11. Jane
    Jan 13, 2009 @ 19:44:18

    @DS It’s interesting that even with that positive experiment, Audible hasn’t been able to give up the DRM. I really like the idea of the imprint/watermark – anything that is used to enforce accountability but doesn’t impair my ability to a) read the book on any device I want forever and amen and b) share it with a few trusted friends (i.e., if they shared it and it had your information on it, I think that would end the sharing with any friends then and there).

    DRM will always be overcome, but this type of thing can encourage better behavior amongst consumers without making them be a criminal everytime they want to make a backup.

  12. Kat
    Jan 13, 2009 @ 20:18:24

    @DS: I can’t remember which blog post I read this in (might have been Charles Stross’s blog?) but it mentions that the hardcore pirate distribution subculture considers the hacking part of redistributing content to be prestigious. So buying something for $5 and then sharing it is generally not seen as a cool thing to do.

    @Meljean: I’ve been thinking about that as well. Some kind of federated identity management system shared by publishers would be ideal. I wonder if e-commerce is headed this way naturally. When incidents of online fraud and identity theft increase, I wonder if we’ll get to a point where the infrastructure will evolve into digital certificate-type forms of authentication where I have to go and prove my identity in real life before I can get a digital credential that allows me to purchase stuff online.

    Erm, did I just stray off topic?

    Anyway, if book customers are allocated a unique ID to be used as a key to download/read books already purchased, and you have a policy that says if said ID is discovered to be engaging in piracy the account will be closed, customers will be risking their ENTIRE online bookshelves when they share ebooks. And THAT I think is a good disincentive. In effect, make it a lot riskier for *clean* copies to be pirated so that you retain a market for legitimate copies of the works.

  13. Kat
    Jan 13, 2009 @ 22:42:12

    Well, I’m glad this got publicised. It just makes me glad I never signed up for iTunes, at least not to buy anything.

    Never mind piracy — what if your device gets lost or stolen? There are all your files with lots of juicy private stuff encoded right in them. All a thief would find out from a “clean” file, on the other hand, is what CDs you have in your collection, or what “clean” MP3s you’ve bought. Come to think of it, this makes the risk of stealing a device more attractive — depending on what’s in the file, you may also be able to use their account to buy songs until the account gets shut down. Or you could always try blackmailing them at their e-mail address — “I ‘found’ your iPhone, are you putting up reward money?”

    Sorry, but this is still a selfish idea on the part of the media sellers. They’re willing to put the customer’s personal information at risk just in case they can use it for liability in the future. They’re still presuming legitimate customers are criminals. No thanks — I’ll buy CDs and rip them myself for portability.

    The certificate ideas on the comment postings above are much, much better — and you’re not even getting paid to come up with them :-D.

  14. Jules Jones
    Jan 14, 2009 @ 02:07:24

    Kat@12: you’re probably thinking of this post of Charlie’s, and the comment thread that follows.

  15. Kat
    Jan 14, 2009 @ 03:03:02

    Ah, that’s it, Jules. Thanks!

  16. Mind Booster Noori
    Jan 14, 2009 @ 08:29:02

    Social DRM is a really bad idea.

  17. Is Social DRM the Great Digital Compromise? | Dear Author: Romance Novel Reviews, Industry News, and Commentary
    Feb 08, 2009 @ 04:00:28

    […] so that it can be traced back to the original consumer. Itunes does this with its DRM free music. Within each file is the email address and account information for the purchaser of the […]

%d bloggers like this: