Why is an open-source foundation offering digital rights management software?
To help ensure that EPUB files can be shared across reading devices and apps even where some enforcement of usage rights is required – think about the library lending use case and its end of loan date. To help drive adoption of a standard and interoperable DRM through ease of implementation, minimal cost, and minimal vendor dependencies.
Is Readium LCP an open standard?
This will soon be the case: Readium LCP is expected to become an ISO (International Standards Organization) Technical Specification by the end of 2020. Its identifier will be ISO TS 23078. The exact wording is this document will be slightly different from the wording found in the Readium LCP Specification, without any technical modification: there is only one LCP. The editors of the ISO specification are Taehyun Kim from DRM Inside, and Laurent Le Meur from EDRLab.
Is Readium LCP vendor-neutral?
Yes, Readium LCP is vendor-neutral, as the specifications are maintained by the Readium Foundation, which is an non-for-profit organization managed by elected board members.
The interoperability and security of the Readium LCP ecosystem is guaranteed by a Certification Authority; EDRLab has been chosen by Readium as Certification Authority for the years to come. EDRLab is also a non-for-profit organization managed by elected board members.
Who can implement Readium LCP?
Anyone can develop a Readium LCP compliant Reading System, and anyone can setup a Readium LCP compliant distribution solution.
But there is still a constraint to the implementation of Readium LCP: any implementation (either client-side in a Reading System, or server-side in a distribution solution) must be certified by the Certification Authority before it is deployed.
Is Readium LCP open-source?
Readium is offering for free open-source software on Github for easing the implementation of Readium LCP compliant Reading Systems and Readium LCP Servers.
However, trusted companies, organizations or individuals who wish to use Readium LCP to protect their content will need to obtain confidential information and a small pre-compiled library from EDRLab, and configure their software accordingly.
How does licensing work?
In order to guarantee the interoperability of the different servers and reading apps which constitute the “LCP network”, the certification process is labor intensive and must be renewed yearly; managing the ecosystem (certificate authority …) is also expensive.
Therefore, being a Readium LCP implementer (either Reading System developer or License Provider) involves licensing fees. It is important to note that there is no transaction cost in the model, i.e. no DRM cost per license generated. It’s a fix annual cost.
The fee structure has been decided by our board of directors; we are a non-profit association with members from the publishing sector, fees are therefore as low as possible. This fee structure is based on the annual net revenue (alias net sales) or the LCP implementer; or its budget if this is a non-profit organization. We do not expose on this website the fee structure: please contact us to get details. We’ll just ask you to fill a document indicating your net revenue and will be able to give you the exact annual cost you can expect from using Readium LCP.
What are the advantages of Readium LCP for publishers?
Readium LCP helps publishers by encouraging interoperability among e-reading platforms and service providers while maintaining an adequate level of content protection and supporting content access models that depend on access control, such as rental, subscription, and library lending. Readium LCP does not require publishers to send their master files in clear to a DRM vendor. Readium LCP helps publishers license content into a thriving, pro-competitive ecosystem by minimizing dependency on commercial vendors and avoiding “lock-in”.
What are the advantages of Readium LCP for users?
Users can obtain e-books from Readium LCP-based services and use Readium LCP-based apps and devices, secure in the knowledge that their e-books will interoperate across these devices, legally and with little or no effort (a simple passphrase, given to the user by the ebook provider at the time the user has acquired the ebook, along with a hint used as a reminder for this passphrase).
The only situation where a user has to enter a passphrase is when he opens an ebook for the first time on a given device; the reading application will then store securely the passphrase and use it silently the next time the user opens the same ebook on this device. This same passphrase is also tested each time the user opens another ebook from the same provider: as long as the passphrase has not been modified, the user will therefore be able to open every ebook from the same provider without entering the corresponding passphrase.
Users can freely transfer a publication from one device to another. They can expect being able to continue reading it year after year after download, even if their bookseller closes its operation, thanks to the offline capabilities of the solution.
Other advantages include a provision for accessibility to the print-disabled and the confidence that no usage data will leak through the Readium LCP technology to feed commercial appetites.
What are the advantages of Readium LCP for service providers?
Retailers, libraries, and other types of e-book service providers will benefit from costs that are much lower than those of existing commercial DRM systems, ease of deployment, and participation in what is expected to become a large ecosystem of interoperable technology components and services, while meeting publishers’ content protection requirements. Service providers will deploy their own License server and will therefore get real-time feedback on core data, like the number of delivered licenses or the number of active devices for a given license. Readium LCP’s open source model will also help ensure that Readium LCP evolves to meet future needs.
Is the Readium SDK required for implementing Readium LCP in my reading system?
Not at all. One can develop a Readium LCP compliant Reading System (application or e-reader) directly from the specification, using classic cryptographic libraries.
The Readium LCP open-source codebase provided on the Readium Github is currently optimized for use within the Readium architecture, but the core C++ code can be ported to any other environment, especially e-readers, for free.
Is Readium software designed to work with Readium LCP only?
Not at all. The Readium development kits are designed to work with multiple DRMs. This ensures that Readium-based apps and devices can be built if they have requirements for DRM features that go beyond what Readium LCP offers.
How does Readium LCP differ from other DRMs for Readium?
Readium LCP is intended to cover basic use cases (sale, rental) with an adequate level of security as well as a provision for accessibility to the print-disabled, with open source code for both client and server and an absolute minimum of vendor dependency.
Readium LCP is particularly well tailored for the library lending use case, with notions like early return and extended loan, the latter being uncovered by most DRMs. The high level of privacy offered by Readium LCP is another crucial aspect for public libraries.
Also, Readium LCP is intended to operate on a cost recovery basis and therefore may be less expensive than commercial DRMs. Other DRMs for Readium may be offered through commercial entities, support content access models that Readium LCP does not support, have enhanced security features that are required for certain applications, and/or support additional related services.
How do I test my reading system for compliance with the specification?
Compliance testing tools are under development at EDRLab; they are included in the open-source code provided by the Readium LCP Server project.
As a service provider, what do I have to install?
Please follow the steps detailed here.
What are Robustness Rules and how do I test my app or device against them?
What is the sustainability of Readium LCP?
EDRLab has a role of Certification Authority for the Readium LCP ecosystem. All confidential information will be archived by a key escrow agent. Should EDRLab activities end one day, the certification process will be easily taken over by another organization.
Is Readium LCP protected by anti-circumvention laws?
Many countries, including the United States, European Union Member States, Australia, New Zealand, Japan, Singapore, India, China, and Brazil have various forms of laws against circumvention (cracking) of DRM systems and distribution of circumvention tools. Such laws are intended to provide “legal backstops” for DRMs that can be cracked. Different countries’ laws contain different definitions of the systems to which such laws apply, and such laws have been clarified to greater or lesser degrees in each country through litigations. Neither Readium Foundation nor EDRLab represents or guarantees that an implementation based on Readium LCP enjoys protection under such laws; please consult qualified legal counsel.
Is Readium LCP at risk against patent infringement?
Various organizations exist that own portfolios of patents that they may claim are related to digital rights management. Some of these organizations maintain patent licensing programs that require royalty payments; some have engaged in litigation against service providers, application developers, and others for alleged infringement of those patents. Readium Foundation has not consulted with any such entity to determine whether or not any aspect of Readium LCP “reads on” their patents. Neither Readium Foundation nor EDRLab take a position on whether any system, device, application, or service that incorporates any aspect of Readium LCP “reads on” any particular patents, nor does Readium Foundation or EDRLab endorse any patent holder’s patent claims or patent licensing program; please consult qualified legal counsel.
No technology is immune against patent claims; Readium LCP is based on standard cryptographic technologies (AES-256, SHA-256 …) and processes; we are therefore confident that Readium LCP is a simple and reliable solution that does not put implementers at risk.
Is Readium LCP able to protect PDF files?
An extension of the Readium LCP specification provides a way to protect PDF files.
PDF support has been added to the Readium LCP open-source server. It has also been added to the Readium Mobile iOS codebase and will be added to the Readium Mobile Android codebase by Q2 2020.
Note that because Adobe products (Adobe Digital Editions especially) would not recognize LCP protected content, the publication format resulting from an LCP encryption is specific to the Readium Architecture, i.e. a zip file containing a Readium WebPub Manifest and the PDF document as a resource.