Ebook DRM & Security: What is it and How it Works

Copyright and intellectual property protection has become a hot topic as our lives are lived ever increasingly online. The internet is a godsend for authors to get their work published and read, but it could also be a nightmare. Digital Rights Management (DRM) provides a form of digital content protection, set out by booksellers, in addition to traditional copyright laws to keep your intellectual rights intact.

Why DRM?

Authors have more opportunity to publish their work online, in the form of ebooks, and get read by a wider audience. Personal computers and handheld devices have also given easier access to ebooks.

However, the internet is hard to regulate, and unauthorised access to copyright material is easier. This means less control over your work once it’s online, unless steps are taken to protect how and when ebooks are downloaded and by who. You can use DRM much as a security system protects a house, in that it’s a protective barrier for your artistic property. It works in the same way as digital music and films are protected against file-sharing tools by their own forms of DRM.

A protective barrier

In a nutshell, DRM stops users from copying, printing and sharing ebooks – and protects revenues coming in from each sale. In the capitalist context, to protect sales and revenues, you need DRM to restrict how, when, and by whom the books are used, to make sure people keep buying the ebook!

The DRM can help your work in several other ways, including:

  1. Controlling ebook distribution – Downloading and uploading works, accessing ebooks, lending ebooks out.
  2. Once you’ve bought the ebook, it’s tied to the buyer, with few sharing options.
  3. Controlling how many devices you can download the ebook onto – most publishers allow a maximum of 6 devices.
  4. DRM restricts, either totally or significantly, the copy-paste feature, so you have either little or no opportunity to lift text.

Which DRM to use?

There are currently 5 main formats of ebooks available: EPUB, KF8, MOBI, PDF, and TPZ, with EPUB leading in popularity (here’s an article for an easy understanding of the EPUB format). What format the consumer gets depends on who you are buying the ebook from and the device you use to read it.

The four major ebook DRM schemes providing the majority of ebooks on sale are:

  1. Adobe’s ADEPT DRM – used with EPUBs (ebook file format) and PDFs. It can be accessed through 3rd-party ebook readers and Adobe Digital Editions.

  2. Amazon’s DRM – The original Mobipocket encryption in adapted form and applied to its ebooks. Topaz goes by its own encryption system.

  3. Apple’s FairPlay DRM – As with all Apple technology, items downloaded via its software can only be accessed via Apple devices.

  4. Marlin DRM – Developed by the Marlin Developer Community, a company founded by Intertrust, Panasonic, Sony, Phillips and Samsung – used by online textbook publisher KNO, and can be accessed via either iOS or Android systems.

Whilst Adobe’s ADEPT is the default setting on most devices, Amazon DRM and Apple FairPlay are also common.

Who uses what?

Most websites who also sell ebooks will normally produce their own ereaders too. The way it then works out is that customers who buy ereaders from them are then obligated to buy their ebooks from the same website as well. From the authors’ side, all he/she needs to do is submit the manuscript to the website, where the relevant DRM will be applied programmatically. The author does not need to do anything himself. Here’s a low-down on who uses what type of DRM and how they work.


The retail giant locks all ebooks sold on its website to its Kindle devices or apps using its own DRM. When buying a book from Amazon, you’re essentially buying the “license” to read the book. And to ensure the ebook is read only by the customer, the DRM code matches the Kindle device.

Apple iBooks

Like Amazon, Apple uses its own DRM system (called Fairplay) to items in its bookstore. And like Amazon too, Fairplay is incomptabile with other devices or apps, unless the reader removes the DRM.


The largest distributor of indie ebooks, Smashwords doesn’t actually use DRM at all. Instead, as the website says restriction-free ebooks enjoy bigger sales (as readers prefer the freedom), none of the books it sells are affected by DRM. Smashwords does write on its website that they “strictly discourage illegal pirating of an author’s works”.

Barnes and Noble’s Nook ereader, which supports a form of Adobe Digital Edition (DE) DRM, uses an encryption key based on the customer’s name and credit card number. In 2015, the way in which the encryption key is generated changed – although it is unclear how exactly the encryption takes place. It’s very easy, though, to crack as the key can be found in NookStudy’s log files (yes, it’s right there in plain text!)


To download and read books on the Kobo device, users have to download the Adobe Digital Editions (ADE) app onto their devices beforehand. Once the DRM-protected ebook is downloaded onto the ereader, ADE will verify the license that comes with the ebook and then download the ebook in either EPUB or PDF format.

Google Play Books

Based on Adobe’s open platform DRM system, Google’s bookstore allows DRM protected books to be opened and read in EPUB and PDF formats. These can then be read on ereaders, including Nook and the Sony Reader, and apps supporting Adobe Content Server 4 DRM. These books can’t be read on Kindles or Apple Books, however, as they don’t support Adobe’s DRM.


Our very own Kotobee platform uses a different approach to the standard DRM. Using cloud technology, an ebook is encrypted with an encryption key, stored on a server, and unique for each user. Once the ebook is opened, the user will be asked for an email/password combination, or for a code. Authenticating correctly would retrieve the encryption key from the server, and decrypt the ebook content. What we see great about this approach is that it is not specific to a certain device model. Rather, this same DRM scheme can protect an ebook running on different devices and in different formats: web, mobile, or desktop. It cannot however be applied directly to standard ebook formats like EPUB or PDF. The ebook needs first to be turned into a cloud ebook app.

The pros and cons

It’s hotly debated how effective DRM is – but there are several benefits for authors, publishers and booksellers. DRM means your work is protected against illegal copying or editing – and if this happens your right to take action is protected.

It also allows publishers to control what happens to the work after it’s been published and released to the audience. Additionally, you can end up with what’s called a “limited lending facility”, allowing you to lend ebooks to a friend or relative – within reason.

On the other side of the argument, different devices may support the same EPUB format, but ebook sellers will use different DRM schemes when selling books. This difference may seem insignificant, but it does mean you won’t be able to transfer your purchased ebooks to different devices. It means that, for sellers at least, the consumer gets only so many chances at using the ebook on devices, before they have to buy another version.

For example, if you have an ereader supporting Amazon’s MOBI format, you still may not be able to download or open ebooks bought directly from the Amazon website. Instead, you have to buy an Amazon-specific device (such as a Kindle) or download an app to do this. It means that you may also have to download (and pay for) the same book again if you use a different device to read the same ebook.

Animal Farm Book Cover

Amazon itself also highlighted one of the many criticisms of DRM in 2009, when it was cricitised for playing “censor”. It had deleted George Orwell‘s books “1984” and “Animal Farm” remotely off devices, giving those who had purchased the books a refund in return. This move earned the website the title of “big brother”, in the vein of Orwell himself, with commentators also criticising Amazon’s use of censorship at a distance. Although the website later argued it didn’t have the rights to sell those copies of Orwell’s texts, it highlighted the argument for DRM to be totally scrapped.

A further criticism of DRM is that if you switch to a different book store, you will no longer be able to access the book – which will also happen if the bookstore itself folds.

DRM for authors

It would help authors to consider several points before taking the plunge into epublishing. These include:

  • DRM schemes help you control your work’s distribution.

  • You also know there’s a lower chance of piracy.

  • As the main ebook sellers use DRM, your work is more accessible, but remains protected.

On the other hand, not all is good:

  • If you’re just starting out, particularly as a self-publisher, you may need to go through smaller sellers. They might not have DRM schemes, and your work will have fewer readers.

  • Many DRM codes that are stored on the device or ebook have been ‘cracked’, making this protection virtually worthless anyway. Hence, the third option of storing the code on the server itself making it virtually impossible to crack.


One recent alternative to DRM put forward is digital watermarking, which makes it easier to read and distribute ebooks. Because ebooks which fall under this alternative are not affected by DRM schemes, they are easier to copy and distribute.

The most famous example of this “social DRM” can be found with JK Rowling’s Pottermore ebooks. Although it made them easier to pirate and upload elsewhere on the internet, the digital watermarkings still showed the original owners of the pirated versions.

With all these pros and cons in mind, there is plenty for authors and publishers to consider before placing ebooks online. Although the books, themselves, remain protected and virtually piracy-free, it does mean greater restrictions for consumers and how these ebooks can be used. It may mean that DRM schemes and the way they work in terms of distribution and readability, rather than their ability to protect work, need to be revised to better suit our digital age.

You might also like:

How to edit EPUB books manually

EPUB Navigation Peculiarities

How to create an interactive ebook: A step-by-step guide

The Beginner’s Guide to Ebook Formats

One Comments

  • Louis Horvath

    April 3, 2019

    My understanding of DRM is the corporations who hold the DRM locks (like Adobe) actually accumulate information from those who read the books. Notably the device model and type, the IP and the page where the client is reading. I value my readers too much to expose them to this type of “soft spying”.


Leave a Reply