Microsoft e-book security in doubt

A programmer in the United States says he has written a program that cracks the encryption that stops people sharing e-books created with Microsoft Reader.

CNET News staff
3 min read
LONDON--The encryption protection that stops the copying of e-books stored in Microsoft Reader formats has been broken by an anonymous programmer, according to MIT's Technology Review.

Microsoft Reader is the software that enables people to read e-books. It is free and has been downloaded by more than a million people since its launch one year ago. The software supports five levels of security, although only three are implemented in the product. Level one, which is basically an open, unencrypted file that anyone can read and modify, and level four, which uses simple password protection, are not implemented.

The levels that are implemented all restrict the rights of the person buying an e-book. Level two allows copying and re-distribution; level three "brands" the buyer's name into the e-book so that, while it can still be copied, widespread redistribution is discouraged. The strongest level, level five, enforces strict controls over an e-book: An e-book reading device must be "activated" before a level five-protected e-book can be read on it, and only two devices can be activated at a time for any one e-book.

The decryption program described by Technology Review defeats this level five protection and converts e-books to unprotected files that can be viewed on any Web browser. The programmer says he developed the program for personal use. But if the claim is true, it demonstrates that there are weaknesses in Microsoft's e-book format.

A Microsoft representative was quick to point out that the claims have not been proven and so far are "only a rumor." Penguin, which recently formed an electronic publishing arm that will use a mixture of Adobe Acrobat and Microsoft Reader software to distribute its e-books, said the revelation would not affect its plans to launch its first e-books next month.

"We will be monitoring the progress of the technology to ensure our authors' copyrights are protected," said Jeremy Ettinghausen, e-book editor for Penguin. "But we still plan to go ahead" with the launch.

Ettinghausen noted that Penguin's print books are regularly pirated and that many are already available in electronic format from people who scan print versions. "Anybody can do it with a scanner and OCR software," he said, adding that he feels the best way to stop piracy is to sell books at such good value that people don't feel the need to turn to pirating.

The U.S.-based programmer is keeping his anonymity and has not released the application he wrote to break the encryption because of fears of being arrested under the Digital Millennium Copyright Act (DMCA).

Last month the FBI arrested a Russian programmer, Dmitri Sklyarov, for allegedly breaking the DMCA, even though he was not on U.S. soil at the time the alleged crime was committed. The FBI arrested Sklyarov at the insistence of Adobe after his Russian employer, Elcom, posted a program on the Web that broke the encryption protecting Adobe's eBook technology. Elcom removed the program upon Adobe's request, but Sklyarov was arrested when he later visited the United States to deliver a speech on the weaknesses in e-book encryption methods at the DefCon hacker conference in Las Vegas.

Staff writer Matt Loney reported from London.