Programmer hacks Microsoft e-book code

The encryption protection that stops the copying of e-books stored in Microsoft Reader formats has been broken by an anonymous programmer, according to MIT's Technology Review.

Microsoft Reader is the software that enables people to read e-books. It is free, and has been downloaded by over a million people since its launch one year ago. The software supports five levels of security, although only three are implemented in the product. Level one, which is basically an open, unencrypted file that anyone can read and modify, and level four, which uses simple password protection, are not implemented.

The levels that are implemented all restrict the rights of the person buying an e-book. Level two allows copying and re-distribution; level three "brands" the buyer's name into the e-book so that, while it can still be copied, widespread redistribution is discouraged. The strongest level, level five, enforces strict controls over an e-book: a device has to be 'activated' before a level five-protected e-book can be read on it, and only two devices can be activated at a time for any one e-book.

The decryption program described by Technology Review defeats this level five protection and converts e-books to unprotected files that can be viewed on any Web browser. The programmer says he developed the program for personal use, but if the claim is true it demonstrates that there are weaknesses in Microsoft's e-book format.

A Microsoft spokesman was quick to point out that the claims have not been proven and so far are "only a rumour". Penguin, which recently formed an electronic publishing arm that will use a mixture of Adobe Acrobat and Microsoft Reader software to distribute its e-books, said the revelation would not affect its plans to launch its first e-books next month.

"We will be monitoring the progress of the technology to ensure our authors' copyright is protected," said Jeremy Ettinghausen, e-book editor for Penguin."But we still plan to go ahead [with the launch]."

Ettinghausen noted that Pengiun's print books are regularly pirated, and that many are already available in electronic format from people who scan print versions. " Anybody can do it with a scanner and OCR software," he said, adding that he feels the best way to stop piracy is to sell books at such good value that people don't feel the need to turn to pirating.

The US-based programmer is keeping his anonymity and has not released the application he wrote to break the encryption because of fears of being arrested under the Digital Millennium Copyright Act. Earlier this month the FBI arrested a Russian programmer, Dmitri Sklyarov, for allegedly breaking DMCA even though he was not on US soil at the time the alleged crime was committed. The FBI arrested Sklyarov at the insistence of Adobe, after his Russian employer ElcomSoft posted a program on the Web that broke the encryption protecting Adobe's eBook technology. Elcomsoft removed the program upon Adobe's request, but Sklyarov was arrested when he later visited the US to deliver a speech on the weaknesses in e-book encryption methods at the DefCon hacker conference in Las Vegas.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.