January 23, 2012

Kindle users and library patrons made equal in privacy, but only in California


It’s almost impossible to resist peeking at a friend’s bookshelf when we’re invited into their home.  But this sentiment becomes a little scarier when it isn’t a welcome guest snooping on us and noting that dog-eared copy of Harry Potter, but a mega-corporation who might sell such information to the highest-bidder.

MobyLives has always endeavored to keep track of the fast-moving privacy issues affecting ebook readers.  In this 2010 report, for example, Moby was concerned about the amount of information Amazon’s Kindle recorded about its customers. Beyond the reader’s name, email, address and credit card details, the Kindle records book searches and notes reader annotations, as well as the exact books and pages read. In a worrying twist — hidden in the fine print — Amazon reserves the right to share that information with law enforcement agencies, civil litigants and with Amazon’s own product suppliers.

This is alarming — what you read can reveal a lot about you. While librarians and bookstore owners fight ongoing battles against disclosing information about their customers, most companies that develop electronic reading devices are missing in action when it comes to bringing privacy protections into the digital realm.

In a welcome development, Joe Brockmeier reports on readwriteweb.com that on January 1st 2012, SB 602, the Reader Privacy Act became law in California. According to Brockmeier, SB 602 will bring privacy protection standards into the 21st century, giving ebook readers the same protections afforded library patrons.  Most importantly, preventing involuntary disclosure of electronic reading records without due process.  You can check out the ACLU and Electronic Frontiers Foundation (EFF) supported bill here.

The ACLU of Southern California has taken the long view on the issue, stating in their pro-SB 602 press release that “The books we read reveal private, often sensitive information about our political and religious beliefs, our health concerns, and our personal lives. And throughout history, government and third parties have tried to collect evidence of these reading habits to trample unpopular ideas and beliefs and watch activists.”

Responding to the new law, EFF Legal Director Cindy Cohn wrote on the EFF Deeplinks Blog that

“The Reader Privacy Act ensures that government and third parties cannot access private reading records without proper justification. It establishes clear rules for businesses and standards for government and third party access to reader records. Most importantly, because of SB 602, Californians can feel comfortable using new digital book services or their corner bookstore without worrying that their personal information will be unprotected.”

Hopefully this signals that readers and lawmakers are starting to launch an offensive against the invasive data collecting practices of some electronic reading companies. However, as Brockmeier notes, given that SB 602 only protects Californian readers and cannot supersede the much-feared Patriot Act, it doesn’t go far enough.  Activist groups such as the Digital Due Process Coalition (which ironically counts Amazon as one of its members) promise to tackle digital privacy issues across the country in 2012.  Perhaps it won’t be too long until SB 602 is replicated in other states.

To use privacy expert Thomas Nosewicz’s analogy in his Stanford Technology Law Review article, “Mind Gangsters“, if companies such as Amazon are going to create devices that act as if “another human follows [the reader] around the bookstore and asks for her name, notes the name of the publication, the article read, and how long she spends reading it”, they are going to have to commit to protecting that information a little better.


Ariel Bogle is a publicist at Melville House.