Below we offer a checklist that can help guide your inquiry, as well as an extended explanation of why the answers to these questions matter. Not surprisingly, some of the issues overlap. For example, Digital Rights Management, or "DRM," matters not only because of the limits it places on users, but because of its impact on innovation and competition. Yet by separating out the various issues, we hope to spur a more rigorous consideration of the various digital book offerings.

Our goal is not to tell authors, publishers, vendors, libraries, or anyone else what strategies they must adopt, or tell book purchasers what options they must choose. We hope that a robust marketplace emerges, with various business models and technologies. Instead, this checklist represents the key questions that readers should ask of each new digital book product or service to evaluate whether it adequately protects their interests. That sort of rigorous inquiry will help us decide which digital book future we want — and how to vote with our feet until we get it.

1. Does it protect your privacy? ^ Why it matters: The ability to read privately and anonymously is essential to freedom of expression, thought and inquiry. In the world of physical books, bookstores, libraries, and individuals have long fought against the chilling effect of someone, especially someone from the government, looking over your shoulder as you read. As Pulitzer Prize-winning author Michael Chabon stated when he joined EFF's efforts to insist that Google Books provide adequate protections for reader privacy: If there is no privacy of thought — which includes implicitly the right to read what one wants, without the approval, consent or knowledge of others — then there is no privacy, period. Unfortunately, reader privacy has often been attacked. At the McCarthy hearings in the 1950s, people were questioned on whether they had read Marx and Lenin. They were asked whether their spouses or associates had books by or about Stalin and Lenin on their bookshelves. And these efforts did not end with the McCarthy era. Between 2001 and 2005, libraries were contacted by law enforcement seeking information on patrons at least 200 times. Physical books have many natural protections for reader anonymity. For example, you can: browse through the stacks of your local library or bookstore without anyone tracking what you are looking at, what you pull off of the shelves as you browse or what pages you review;

walk into a store and buy a book with cash, thereby avoiding any record of your purchase;

hide a book under your bed so no one knows you're reading it;

throw a book away after reading it and no one will ever know you had it;

give a book to someone else without anyone knowing it;

read a key part of a book that you own or borrow from the library multiple times, or not at all, with no one knowing. Digital book practices may threaten these traditional protections. Digital book providers have the potential to track, aggregate, analyze, and disclose reader activity to an extent far beyond anything possible with physical books. Both book download services (like the Kindle) and those like Google Book Search (where the user accesses a book stored on a server) can continue tracking during and after the initial transaction, as well as maintain records of every book purchased over the lifetime of the reader. That means digital book providers can collect data on what books you search for, what books you browse, what pages you view, and for how long — and they can keep that data for a very long time. Most of this tracking is something bookstores and libraries could never do short of hiring an agent to follow patrons around the stacks and then into their homes. What to look for: Readers considering whether book products, tools or services adequately protect privacy should ask: Does it limit the tracking of you and your reading? Just as readers may anonymously browse books in a library or bookstore, readers should be able to search, browse, and preview digital books without being forced to identify themselves. To see whether a digital book provider is limiting tracking, ask whether it: Ensures that searching and browsing of books do not require user registration or the affirmative disclosure of any personal information;

Connects any information collected from an individual reader with any other information the digital provider may know about the same individual from other sources without specific, informed, opt-in consent. This is especially important for book providers like Google that have multiple services collecting other information about users;

Purges all logging or other information related to individual uses as soon as practicable, which in most instances should be no less than every 30 days. This purge should ensure that this information cannot be used to connect particular books viewed to particular computers or users; and

Where possible, allows you to use anonymity providers, such as Tor, proxy servers, and anonymous VPN providers, when interacting with the service. Does it protect you against disclosure of your reading habits? Readers should be able to read and purchase books without worrying that the government or a third party may be effectively reading over their shoulder. To ensure that any stored information linking readers to the books they view or purchase is not disclosed to the government or third parties without proper protections, ask whether the provider will: Commit that it will not disclose information about you to government entities or others absent a warrant or court order unless required to do so by law;

Notify you prior to complying with any government or third party request for your information (unless forbidden to do so by law or court order), and provide you with sufficient time to seek court review of the request; and

Guarantee that it will not tell any business partners, or affiliates which books you purchased. Does it give you control over the information it collects about you? Readers of paper books can control information collected about them by, for example, buying books with cash. That freedom should not disappear as books go digital. Readers who want to assert some control over their own information should consider whether the provider will: Allow you to delete your books and ensure that this deletion removes any record of the purchase;

Allow you to control what other local or remote computer users can see about your reading, possibly through the use of separate password-protected "bookshelves" or other technical means; and

Establish a method to allow private reading of purchased books and private giving of books, such as allowing you to anonymously transfer or "gift" purchases to someone else (including transfer to other accounts you control), with no record of the fact of the original purchase. Does it tell you what it's doing with the information it collects and can you enforce its commitments to you? A provider committed to ensuring both transparency and enforceability in the protection of reader privacy will do some or all of the following: Provide a robust, easy-to-read notice of privacy provisions and policies;



Ensure that any commitments it makes to protect reader privacy are legally enforceable by readers;



Store all reader information exclusively in countries that have strong privacy protecting laws, especially as against demands for disclosure by law enforcement and private third parties;



Ensure that any watermarks or other marking technologies used do not contain identifying information about users in a format that third parties can read or decipher. Any watermarks with personally identifying information about users should be disclosed to users sufficiently to alert them to the existence of such marks and the type of information they include; and



Annually publish online, in a conspicuous and easily accessible area of its website, the type and number of information requests it receives from government entities or third parties.

2. Transparency: Does it tell you what it's doing? ^ Why it matters: In the physical world, it's relatively simple to know everything you need to about the consequences of searching, buying, selling, and reading. You buy a book — in cash if you like — take it home, read it at your leisure, put it on the shelf, pass it on, or throw it away. Although, if you buy the book with a credit card you don't always know what information booksellers are keeping, or for how long, for the most part it's a simple, transparent process. Not so for digital books. Some electronic books come laden with DRM, as well as any number of other "features" that may or may not be disclosed. For example, in 2009 Kindle users were shocked to learn that their readers included a feature that let Amazon delete their books remotely. We've seen where loading unexpected features onto consumer products can lead. In 2005, music fans learned (as a result of the independent effort of computer researchers) that Sony BMG had included copy-protection software in millions of music CDs that could create serious security and privacy problems on personal computers. The software actually did much more than just preventing copying, including reporting customer listening habits. This all happened to customers without appropriate notice and consent. Readers of digital books have little reason to trust the private companies that sell them their books and devices, and they shouldn't have to. Readers need to know what they are getting, so that they can make good choices about what to buy and how to use their books. What to look for: How clear are the disclosures? Will they be updated, and if so, how? Your vendor should tell you, in advance and in plain, prominent language, what the device or service will be doing and how it will be doing it, especially if it is interacting with your computer or other device or service. What's more, that disclosure should be an ongoing obligation; if practices change, your vendor must make sure you can find out about it (and opt for a different provider, if need be). Does it let you or others investigate to confirm that the product, device or service is actually functioning as promised? Many companies limit users' ability to tinker with the technology they buy, via contractual terms, technological measures, or legal threats against reverse engineering and security audits. Others have cracked down on customers who publish reports about bugs and security flaws. As with any other digital device, a provider should allow customers to test and tinker with their devices and services to ensure that the device is actually working in the way it was promised.

3. What happens to your additions to the book like annotations, highlights, and commentary? ^ Why it matters: Readers are accustomed to annotating physical books in any number of ways. They make notes in the margin, "dog-ear" the pages, lard them up with sticky notes, cut out favorite images, and frame them, etc. When they are done, the original book may be significantly altered and possibly more valuable. At the same time, those notes — which can provide an important window into a reader's thoughts — need not be shared with others if the reader prefers to keep them private. Unfortunately, annotations to books kept "in the cloud" may disappear. An e-book provider might decide it no longer wants to retain the information. Upgrades to the service may interfere with your ability to access old notes. And e-book providers may limit your ability to share your notes with others. On the flip side, as long as a provider keeps information about you, that information could be subject to disclosure. That means you may not be able to control whether your notes are made available to law enforcement, your boss, or the general public. What to look for: Can you keep your additions? Are annotations and additions kept "in the cloud" or locally where you can always have access to them?

Can you make a local backup of annotations in usable form (note that for some e-books readers like the Kindle that have unique pagination and similar differences from physical or other e-books, this would likely require a local backup of the book plus annotations)?

What happens if the provider's servers go down?

What happens if the provider decides that it is simply too expensive to support the additional material?

What happens if the vendor decides not to provide the book any longer? Can you control who has access to your additions? Can you share your notes with others?

Can your provider use your notes for other purposes (such as behavioral advertising)?

Are annotations and additions shared with third parties by the provider either through marketing agreements or other partner arrangements?

If your notes are stored remotely with the service provider, will the provider require a warrant or court order before turning those notes over to third parties?

4. Do you own the book? ^ Why it matters: Purchasers of physical books always have the book and can lend or sell the book whenever and however they would like. They don't risk losing their book if they fail to pay an ongoing fee, violate the terms of a license agreement, or if the vendor simply decides not to continue the service. Their reading and use of the book is not — and without undue difficulty cannot be — monitored in the name of ensuring they stay within the terms of a license or for any other reason. Ownership of books provides many protections like these. It protects readers from censorship, fosters secondary markets (i.e., used bookstores) that help protect us from price gouging, and helps less popular authors find new fans. It also ensures that your books stay yours: once you've purchased a book no one from the bookstore can come to your house later and demand the book back or hit a remote kill switch and do the same. Perhaps most importantly, thanks to copyright's first sale doctrine, once you have lawfully obtained your copy, you are entitled to resell the book or give it away. This is what makes libraries, used bookstores, and giving books as gifts legal, all of which help authors as well as readers. Readers are more willing to shell out more for a new book if they know they fully control its use and can re-sell that book later. Further, the used book market helps support a continuing vibrant book culture by making books available to readers who cannot otherwise afford them. Finally, borrowing books from friends or receiving books as gifts are a crucial means by which readers discover unfamiliar authors — which leads them to buy those authors' next books. Many readers expect that the same rules will apply to their e-book purchases. However, electronic books have often been treated as "licensed" content, subject to legal and technical restrictions (primarily, DRM) that block readers' ability to resell, lend, or gift an e-book. More ominously, last year Kindle readers realized that their provider (Amazon) could actually reach down into their devices and pull books from their virtual shelves. We expect to see many different models for accessing books to develop. But given the crucial benefits that ownership provides to readers and to the larger interests in privacy and freedom of expression, readers should not accept a world where all we can ever do is "rent" a book, subject to the whims of a digital "landlord." What to look for: Can you lend or resell? One of the basic rights of ownership is the ability to lend, give away, or re-sell your property. Does your provider allow you to do that with books you buy? If so, how easy is it? DRM or other technological incompatibilities may inhibit your ability to transfer your book, so investigate these issues before you buy. Is it locked down or do you have the freedom to move it to other readers, services or uses? Another basic right of ownership is control — over both the products you buy and the devices you use. Find out if you can read your book on your laptop if that's more convenient. And, ask whether upgrades or other normal hardware adjustments might mean loss of your books. Can the vendor take it away or edit it after you've purchased it? Does the device allow a provider or anyone else to delete, delete access to, or alter the books on your device? If so, you bought it, but you don't really own it. A remote "delete" or "edit" switch for purchased books should not be built into e-book readers or other devices.

5. Is it censorship-resistant? ^ Why it matters: Censorship resistance is one of the key benefits of buying books (as opposed to merely renting them, for example). When you own a book, that means you have the power to access it, preserve it, share it, and, if need be, hide it. Those same abilities must be preserved for digital books, lest digital book services become automated censors beyond George Orwell and Ray Bradbury's wildest dreams. Indeed, as Farhad Manjoo has noted, if a provider can delete an entire book, it can doubtless delete portions of a book as well. What is worse, such deletions may not always be the provider's own choice: If Apple or Amazon can decide to delete stuff you've bought, then surely a court — or, to channel Orwell, perhaps even a totalitarian regime — could force them to do the same. Like a lot of others, I've predicted the Kindle is the future of publishing. Now we know what the future of book banning looks like, too. What to look for: How easy is it to remove or edit books once access or possession has been given to readers? Every new technology for sharing information has been met with efforts by public and private entities to control and limit the information made available. Censorship-resistant devices and services can make that effort harder by eliminating features that allow information to be deleted. Is there a single entity that stores all the books, as in Google Books or the Kindle, such that political or legal pressure on that place might result in a loss of the work for all readers? By the same token, censorship-resistant devices and services will make sure information is dispersed, so there is no easy, central point of vulnerability. Are the books stored in a location where censorship is historically a problem, such as China or Saudi Arabia, or in a place that is relatively free of censorship? A provider that cares about protecting access to knowledge will make sure its servers are located in a country with speech-friendly laws. Are the copyright or other laws applicable to the books balanced, giving readers the protection of doctrines like fair use or copyright exceptions and limitations? Censorship can come in many forms — sometimes governments intervene to shut down speech, and sometimes copyright and trademark owners misuse their rights to do so (e.g., business tycoon Howard Hughes bought up newspaper and magazine copyrights in order to suppress access to interviews he gave). To limit such "private" censorship, try to get books from providers located in countries that recognize speech-protecting doctrines like fair use.

6. Is It Burdened With Digital Rights Management? ^ Why it matters: Early entrants in the digital books marketplace are already locking down their books with DRM, i.e., technologies that limit what you can do with the content you buy, usually in the name of reducing copyright infringement. Readers, authors, and publishers should take a hard look at the experience of DRM on digital music and reconsider the wisdom of this approach for digital books. For readers, the lessons of DRM in digital music tell us that content restricted with DRM is less useful than content without DRM, and can even be dangerous. As discussed above, DRM schemes applied to music have opened up security vulnerabilities on computers and spied on listening habits. And, until its recent demise, DRM reduced consumer choice in music and music players. Apple's DRM scheme, for example, meant that purchases from Apple's iTunes Store would only play on Apple's own iPods. For authors and publishers, the lessons are equally plain. First, DRM will be no more effective at preventing unauthorized copying of books than it was for music. In an era of inexpensive cameras and optical character recognition (OCR) technologies, scanning books will just get cheaper and easier over time. Anything that can be read by humans can be photographed, OCR'ed, and uploaded — DRM will not change that. Second, DRM inevitably alienates at least some potential customers. Third, DRM will put the power in the hands of the technology companies that control the DRM standards, rather than authors and publishers, by locking customers and businesses into a proprietary platform. Author Cory Doctorow sums up the problem: Imagine if, in addition to having control over what inventory they carry, [the big box stores] also carried your books in such a way that they could only be shelved on Walmart shelves, they could only be read in Walmart lamps, running Walmart light bulbs. Imagine the lock-in to your customers and the lack of control over your destiny that you have signed up with if this is the path you pursue. Well this is in fact what you get when you sell DRM'd ebooks or DRM'd music — in order to play back that DRM format, in order carry, manipulate or convert that DRM format, you have to license the DRM. The company that controls licensing for the DRM controls your business to the extent that your business is reliant on this. Some have argued that DRM is necessary for lending or leasing schemes. In fact, there is already "digital loan" software in wide use by public libraries that does not bother to impose any DRM on e-books, opting instead to automatically delete the books after the load period has expired. While users could defeat this by digging up and copying the underlying file, most users don't bother, just like most Netflix subscribers don't bother to copy the DVDs they rent, despite the ready availability of free software that can accomplish that goal. Booksellers and publishers are still experimenting with digital book business models, and we support that experimentation. But authors and publishers should heed the lessons that the music industry learned the hard way — DRM is bad for business. What to look for: Is there DRM? If so, how does it limit your use of the book? Can you still lend, gift or resell the book? What features are enabled and which have been disabled? DRM can come in many forms, some more pernicious than others. It's likely that vendors will experiment with different forms, which at least gives you an opportunity to vote with your wallets — just as music fans have. Are you locked into a single reader technology or group of reader technologies, or can you choose any device you wish to read and otherwise use your book? As noted, readers (not to mention authors and publishers) should be especially wary of DRM that locks them into a particular proprietary technology. Why would you want to give one company the ability to determine whether you'll be able to access a book you love? Has the DRM been studied by independent researchers to confirm that it causes no security or other problems? Remember the rootkit. Does it report on your activities or otherwise violate your privacy? As discussed above, some forms of DRM give the vendor (or sometimes even a third party) a window into the customer's device. Your reading habits are nobody's business but your own, and selling you a book shouldn't become an excuse to monitor your activities.

7. Does it promote access to knowledge? ^ Why it matters: Digital books have the potential to transform access to knowledge, in the U.S. and abroad. With physical books, access to books can be impeded by three barriers: archiving (physical books are expensive to preserve); indexing/search (even where catalogues are available online, searching for relevant books on a given topic can be difficult, and many books are not yet indexed); and obtaining books (once you find a book you think you want, you may need to buy it, borrow it or, if you have access to a library with the right relationships, attempt to order it via interlibrary loan). These barriers have traditionally hampered access to paper books; in areas without resources or first-class libraries, access to books can be well-nigh impossible. Digital books offer hope of reducing these traditional barriers to access. But digital books will only live up to that promise if readers demand it. What to look for: Can authors and publishers easily dedicate their books to the public domain or Creative Commons or other flexible licensing schemes? Rights-holders should be able to dedicate their books to the public domain and/or have the option to license the books via a Creative Commons ("CC") license or similar flexible licensing model. For example, after pressure from academic authors and others, Google and the Authors Guild announced that authors and publishers of books included in Google Books would be able to dedicate their books to the public domain or have the option to use a CC-license. For many rights-holders, promoting access and re-use of a work via a free CC license may be more valuable than charging readers. But in order for authors and rights-holders to make this choice, technology companies have to design their systems to accommodate and support public domain and CC license options. Can you trust your "digital librarian" to enable access to as many works as possible? Traditional libraries frown on limiting access to books unnecessarily. The proposed Google Book Search service reserves to Google the right to exclude any book "for editorial reasons." If, as is possible, Google becomes the only viable source for digital orphan works, this means that Google will have extraordinary influence over public access to those works. Is it available to people without money, as public libraries are? Digital book providers should ensure that readers in resource-poor areas have options for engaging with new digital resources. For example, Google has, as part of its proposed Google Book Search settlement with authors and publishers, proposed offering a free public access terminal for the Google Books collection to every public library in America. Is it cost-effective for people of limited means? The vast majority of global readers will never be able to afford the $300 Kindle 2. The best way to bring down costs is to foster vibrant, free-market competition in these technologies. This is one reason we should fear DRM for books; to the extent it impedes reverse engineering and interoperability (either by code or by contract), it is also likely to impede innovation and competition. (See below for a more detailed discussion of this.) Is it available to people with disabilities? Booksellers, publishers, and authors must work together to enable accessibility features so that people with print disabilities can enjoy the vastly expanded world of books on the same terms as the rest of us. Already, several leading e-book purveyors have taken steps to foster accessibility for digital books. Other vendors, such as Amazon, have limited their accessibility features, bowing to pressure from misguided copyright owners.