Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Shower Squid |
| Reducing Bribery by Legalizing the Giving of Bribes »
April 4, 2011
Interesting post -- and discussion -- on Making Light about ebook fraud. Currently there are two types of fraud. The first is content farming, discussed in these two interesting blog posts. People are creating automatically generated content, web-collected content, or fake content, turning it into a book, and selling it on an ebook site like Amazon.com. Then they use multiple identities to give it good reviews. (If it gets a bad review, the scammer just relists the same content under a new name.) That second blog post contains a screen shot of something called "Autopilot Kindle Cash," which promises to teach people how to post dozens of ebooks to Amazon.com per day.
The second type of fraud is stealing a book and selling it as an ebook. So someone could scan a real book and sell it on an ebook site, even though he doesn't own the copyright. It could be a book that isn't already available as an ebook, or it could be a "low cost" version of a book that is already available. Amazon doesn't seem particularly motivated to deal with this sort of fraud. And it too is suitable for automation.
Broadly speaking, there's nothing new here. All complex ecosystems have parasites, and every open communications system we've ever built gets overrun by scammers and spammers. Far from making editors superfluous, systems that democratize publishing have an even greater need for editors. The solutions are not new, either: reputation-based systems, trusted recommenders, white lists, takedown notices. Google has implemented a bunch of security countermeasures against content farming; ebook sellers should implement them as well. It'll be interesting to see what particular sort of mix works in this case.
Posted on April 4, 2011 at 9:18 AM
• 29 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Should all of the first kind of content sale be considered fraud? Aggregation of information, well done, is hard work, and people have traditionally been willing to pay for not having to search things out themselves, even if they could theoretically get the information for free once they found it. (Hence newsmagazines, regulatory alert services, dover editions, anthologies of pre-20th-century anything...)
Getting a collection of things that are already web-accessible into an ebook and putting it on Amazon is certainly a kludgey way of getting people to pay for the act of aggregation and gatekeeping, but is it really any odder than, say, authorizing a broker to collect money from third parties whose text or pictures are displayed next to the aggregated material in the hope that the extraneous material will capture viewer attention (i.e., ad-supported sites)?
Have we gone so far down the rabbit hole so fast that making aggregated content available to be paid for directly is per se evidence of fraud?
(Yeah, misrepresentation of what the content is and how useful it is, definitely bad. But it just strikes me as funny that a perfectly standard, even dominant business model from the dead-tree world should be considered so sleazy online, especially at a time when people are struggling to find viable ways of monetizing useful content.)
Even befor man could communicate mimicking was normal, it was we belive how communication developed. Also as man developed various methods of communications both immediate and delayed such as pictures, the spoken word, song and the written word mimicking or copying were normal.
It was the advent of the "printing press" that started to change things but it was not untill after the advent of sheet music and the age of the grammaphone that "duplication for profit" became a concern.
Since that time the costs of duplicating a "work" has dropped to the point where it is now effectivly negligable.
Unfortunatly many business models have been set up around the ownership of such works and one asspect was it was always assumed that "mass production" could only happen with specialised equipment.
The simple fact is that as technology has progressed the equipment for playing a "work" has for some time been effectivly the same as for recording a "work".
Unfortunatly rather than accept that this is the case and work towards new business models the old gaurd have done virtualy everything they can to play King Kunute...
As we know Google has tried to corner the market in "orphand works" and in many respects they have got away with it.
What we need to stop the parasites is anew business model that uses some other method of making their activities non profitable. However as we know from experiance legislation is not realy the answer.
Perhaps the solution lies in having "online only" systems but I think not, perhaps in "nano/ micro payments", perhaps "personalisation of content".
What ever it is we know historicaly all existing models have been effectivly broken by technology improvment and I fully expect this to continue...
"The second type of fraud is stealing a book and selling it as an ebook. So someone could scan a real book and sell it on an ebook site, even though he doesn't own the copyright."
Ebooks, hell. Derek & Dolores Benner (aka Near Space Press) not only have two books of my copyrighted material out as Amazon ebooks, they used CreateSpace to put them out in print.
What I've learned from this experience is that "intellectual property rights" only belong to those with lawyers. I -- for obvious reasons -- can't afford a lawyer, and since my books admittedly aren't NYT bestsellers drawing huge bucks, I can't even get a lawyer to take the case on a contingency basis. The Benners just ignore me. Amazon ignores DMCA takedown notices that aren't on law firm letterhead.
The other thing I learned about IP is that -- since I can't get paid for it -- I no longer generate IP for other people's enjoyment. That's several more short stories and three novels that will never leave my computer now. Read that, scumbags.
I can't do much about people who want my books in hard copy, but two of my novels (including the pirated one) are available for free download on my website, along with a more complete (and correctly formatted, as opposed to the bootleg NSP collection) anthology of short fiction.
One of the more humorous bits of piracy I spotted was a "polar shift" website that encourages people to prepare for and survive a supposed shift of poles (they're pretty confused whether that's magnetic, rotational, or both types of poles. I tried to explain that aside from the ethical issues, my article on building sundials is going to be of marginal utility to most of their readers if Earth tips over. For several reasons. [grin]
"The second type of fraud is stealing a book and selling it as an ebook."
The scary part is that you don't even need to steal the book to get started on your criminal endeavors. You could buy it from a bookstore, or borrow it from a library or friend!
You may wish to contact their web hosts via firstname.lastname@example.org as well.
Additionally, it might be worth contacting the EFF: https://www.eff.org/pages/legal-assistance E-books, copyright, ownership and judicial application thereof is one of their current areas of interest.
@Danny Moules at April 4, 2011 10:41 AM
"You may wish to contact their web hosts via email@example.com as well."
The material is (was) not posted on the NSP website, which has apparently been shut down as no longer needed since the sales are well established via Amazon, B&N, and many more venues.
"Additionally, it might be worth contacting the EFF: https://www.eff.org/pages/legal-assistance E-books, copyright, ownership and judicial application thereof is one of their current areas of interest."
Apparently they have little to no interest in helping individual authors with a limited readership who won't garner them lots of publicity. Heck, I even went out on a limb and contacted Righthaven with the idea of boosting their reputation by going after real-for-profit pirates instead of bloggers making fair use. No go.
At this point... I won't say I don't _care_, but I am resigned to the situation and have given up. Given up fighting, given up writing (after more than 30 years).
Pretty much given up on the whole "libertarianism" thing, too, since learning that IP only belongs to those who can get lawyers to hit people over the head with government.
The second type of Fraud isn't necessarily fraud. The majority of the worlds readable literature (apologies to Dan Brown and Tom Clancy) doesn't have any copyright owner. I can publish any of the books written before 19xx and charge as much as I like for them.
"Amazon ignores DMCA takedown notices that aren't on law firm letterhead."
It can't be any harder to make a convincing looking letterhead than to pirate an eBook. Surely the thought has crossed your mind :-)
@Carl: You might want to stop advertising the pirated books [see /familylinks.html and /tree.html].
Some measures that reduce the profitability of this business model come to mind.
One of the things that bothered me about Amazon DTP was the fact that anyone could create an arbitrary amount of books, and each new "book" would initially garner the same credence in product search. To add a hidden cost to inserting spam into Amazon results, items should not appear in search until at least n products are purchased, where n may be dependent on account reputation (previous sales qty., sales amount, refunds and age), cost of product, type of product.
The simplest implementation is: every ebook needs to be bought at least once before it will appear in search.
A legitimate author will be promoting their book on blogs, social media, and in person. Additionally, they can promote the book on Amazon's forums. When promoting the book, they can distribute the direct URL with the ASIN (Amazon product ID, amzn.com/dp/$ASIN ), which will be active immediately, and have their fans purchase the book from there. Once enough purchase(s) have been made, it will be visible in search. A minimum initial purchase of, say, at least 10 units AND $50 per title would present a serious barrier to spammers with 100 "books", but legitimate authors should easily be able to sell 10 copies. Once a publisher account has met certain minimums (e.g. 100 sales, $1000 and 18 months), it could be sent for a manual copyright review, which whitelists all their current and future titles if they pass a human check.
For authors that want immediate search visibility, perhaps a refundable deposit could be paid. Or, history as an Amazon customer could be taken into consideration to allow the first few books through. Google AdWords requires publishers (website owners) to confirm their mailing address with a pin mailer before paying out - Amazon gets this for free: if a customer has ever purchased physical goods from Amazon, they will have a delivery records and know how much has been spent on successfully delivered items over account lifetime (a very simple surrogate for a trust metric). It's unlikely that a spam publisher who needs a new Amazon account will waste $50 on sending crap to other people's houses in order to create a new publisher identity, which will auto-accept only their first three ebooks.
Most importantly, make it easier for customers to report problems with a book. There are quality issues with even many legitimate e-books including formatting problems, omitted words and OCR artifacts. Since Amazon knows when a book was purchased (and possibly how much of it has been read), they could allow a short period (e.g. 1 hour, or 10 minutes) where all ebook refunds are automatically approved. Readers that refund books and report "Content problems" on the refund page reduce the reputation of the book, and if refunds exceed x% of purchased on a per-item or per-account basis, the book(s) are hidden from search until it is checked by a human editor.
Automatic ebook creation may lead to temes (Technical Memes) as suggested by Suzann Blackmore. I'm very curious to see that coming...
@vwm at April 4, 2011 11:52 AM
Thanks for catching that. The links were left over from a time when Benner had briefly convinced me they would make this right. I purged the obvious stuff but missed some, which you found. Got those and some more I just noticed. I'll clearly need to go through and check every page on my site; gonna take a while.
Probably the fact that I even put those links up before getting a signed contract (which I never did get) doesn't help my case. Call me naive.
You actually looked at the genealogy stuff? Even most of our family doesn't do that (probably why I forgot the links were there). [grin]
"For authors that want immediate search visibility, perhaps a refundable deposit could be paid."
I think that's a good idea, only it should be publishers rather than authors. (They may be one and the same sometimes, but definitely this should be defined as a function of publishers, similar to how they pay for space at physical bookstores.)
having moved from a primary market (us) to a secondary market (tiny central european country) i find almost all e-books forbidden to me. most sellers tell me the works are 'geographically restricted' and politely not to bother them with my currency. theoretically i can vpn back to the primary market and lie to pay for my content. thankfully the fraudsters offer a more direct solution. unfortunately the gatekeepers of our IP rules have never met Pogo or 'the enemy.'
@Carl Bussjaeger: "... Pretty much given up on the whole "libertarianism" thing, too..."
We don't live in a libertarian society, so we don't have a government that cares much about people breaking contracts or stealing property (physical or intellectual). Instead, our government focuses on imprisoning recreational drug users, lobbing bombs into Libya, and slapping FCC-monitored "net neutrality" rules on ISPs.
Vigilante justice may be your only option. Track down their snail-mail addresses and sign them up for dozens of junk mail offers, etc.
If it works for Scientology, it should work for us little guys.
If I may ask a naive question: how is it that they can find buyers for your books in digital and paper form, but you can't?
Are a lot of people downloading your books from your site? Are you getting fan mail from readers? From readers of the unauthorized editions? If I really like one of your books and would be willing to pay a premium for a signed copy, where can I go? Likewise if I want to go to a "meet the author" event, or listen to a radio interview, or read a magazine column? In light of these questions, would it be worth something to you to develop a loyal, albeit small, fanbase? And in light of that question, have you considered allowing visitor comments and discussion on your website?
You can make money from "IP", maybe, but you have to stop thinking of it as "IP", and remember that this isn't the twentieth century.
Every book must have an ISBN. You have to buy such an ISBN and register it (depending on the country where you live; let's stick to the USA for the sake of argument).
http://www.isbn.org/ is responsible for ISBNs in the USA. Registration is done at another site https://www.myidentifiers.com/
You can lookup ISBNs at http://www.booksinprint.com/
But you need an account at http://www.bowkerlink.com even if you only want to search for an ISBN!
Of course, it is much easier to just search for "ISBN 1453634312" on Google (the ISBN is for Carl Bussjaeger's book "Net Assets"). But why is that so?
Why is it not possible to look up the ISBN on the official site for ISBNs?
The author of a book must register an ISBN and provide all information about his work. He is the one and only trusted source of that information. The ISBN also contains the publisher of the book.
So, the author selects the publisher for his works. The seller is able to and must verify if the publisher in the ISBN matches the actual publisher. If the author wants to get any money from a publisher he must register that publisher in his ISBN. And only he, as the author, should be able to do this as long as he lives.
But this chain of trust is broken.
As a volunteer for Project Gutenberg, I've produced about 500 ebooks in text and html formats. They can all be downloaded for free from various locations, also in formats for various ebook readers.
I've noticed that each of them can also be purchased for various amounts from Amazon (or Amazon "partners"). Those are mostly badly done rip-offs of the Project Gutenberg texts, some with my name still in them... Not much that can be done about that.
I also noticed that those texts where used to get pass Bayesian spam filters, and to fill up the search indexes with malicious websites.
your ideas are simular to that which is being increasingly comming in the niche music genres, where artists release free music to support the fanbase's desire to go to a show (insteed of using a show to convicing people to by the product).
"The second type of fraud is stealing a book and selling it as an ebook."
You mean like my publisher did to me? I'd written a book on digital signal processing for MF, then sold to CMP (re org of same outfit) then sold to Elsevier.
Now on sale as an E book. No royalties to me whatever, ever - not even a phone call. No mention of ebook or other digital rights in the contract, except I lost mine in that contract. MF and CMP lied utterly about sales. How do I know? Book had code in it that contained my real email address, and I got more unique emails from that then they claimed sales -- by a factor of over 10.
Frank Zappa was right about self publishing and "hollywood accounting".
Water over the dam, however. What concerns me most now is that a lot of very good older books, with "orphaned copyrights" as far as I can tell, can't be had anymore -- we are losing our culture over draconian copyright laws. While I'm thinking about technical tomes here, just try and legally get a copy of the Berlin Philharmonic playing something in 1953 -- can't buy one legally, illegal to copy one for yourself.
Further, scientific papers are legally supposed to be free if the research was taxpayer funded. But the journal firms have loopholed that one, by demanding the author sign off on all rights. By law, that's illegal, but...and if you can find the author, if they are living, they'll usually fire off a copy to you for lets say, a lot less than the average $35 a page the journals insist on, online.
Since as a researcher, I'm looking for low hanging fruit passed over in the '50's and '60s, most of the authors are dead. Sub to RevSciIns costs $60,000 a year (not a typo) for access to back papers. That's with the discounts. Yes, you get a bundle of other things you don't want, just like cable TV.
One is awfully tempted to use college kids to download these papers and put them into an ebook for the good of humanity. Wonder if you could do it anonymously enough to get away with it (forgetting any money, I'm talking service to the human race here, it's its own reward)?
Yeah, this is a hot-button for me.
"Vigilante justice may be your only option. Track down their snail-mail addresses and sign them up for dozens of junk mail offers, etc."
I would like to propose a more contemporary approach posing as the Benners and/or Near Space Press on jihadi forums, supporting martyrdom operations on US soil and offering your services to publish mujahedin works as ebooks. With the recent Quran burning by Terry Jones, this will draw some serious attention by islamist fanatics that will also be picked up by all kinds of TLA's. This is guaranteed to create major TSA harassment at airports and maybe even land them on a no-fly list. People have been put on it for less. When uncomfortable with this type of psyops, consult one Aaron Barr. He was last seen working as an assistant-manager at a McDonald's restaurant near Fair Oaks Boulevard in Sacramento.
@Carl - perhaps your best recourse is to put your books on Amazon, B&N etc yourself as ebooks - for a lower price.
If you get sales: great! If you get contacted by the companies because you are trying to sell an identical ebook: also great! Now that you have the attention of the correct person, you just need to point them at the actual infringers.
Dear Doug Coulter:
If you sign up as an extension or continuing student of some sort at your local community, junior, or whatever college, you may have access to their library system's for-pay databases and catalogs of scientific papers. That, or they might even have old inkprint copies of the appropriate papers.
There is also a general lack of understanding how copyright works on the internet (counting works after the U.S. ratification of the Berne convention in 1978). For instance, there was a case some time ago about a food magazine that "lifted" recipes from web sites, claiming that "if it was on the internet it was in the public domain"...
Autopilot Kindle Cash doesn't teach people to steal content and post it on Amazon, that is falsified information, and is actually fraud in and of itself for you to make that statement
"That second blog posts contains a screen shot of something called "Autopilot Kindle Cash," which promises to teach people how to post dozens of ebooks to Amazon.com per day."
Which you claim teaches a method of fraud, however, it teaches people to use material that they have the rights to use. Which has nothing to do with Fraud.
I have a copy of the product, so I know what I'm saying. I would suggest you buy the product, and make sure it's teaching "fraud" before calling it that.
Yo, just my opinion :)
"The second type of fraud is stealing a book and selling it as an ebook."
The most common form of this fraud is when a print publisher represents to Amazon that it holds the rights to electronic distribution of the content of a book, and either (a) "authorizes" Amazon to issue a Kindle edition when the print publisher licensed only print rights from the author/copyright holder, or (b) pays the author a 5-15% share of e-book revenues according to the royalty clause applicable to "book sales", rather than the typical 50% share of the "subsidiary rights license" revenues the author is entitled to under the author-print publisher contract (even though Kindle end-user license terms make clear that the transaction is *not* a "sale" of a book, but a limited license).
Most Kindle editions of books from major publishers are bootleg editions like this, for which the print publisher has misrepresented their rights holdings to Amazon and the author is being paid only a fraction of the revenue to which they are contractually entitled.
In many cases, these publisher-"authorized" e-books compete with (and undercut authors' sales and revenues form) e-book editions self-published or licensed by authors, such as PDF's of books out of print in hardcopy being sold by the author through their own Web site.
As you say, "Amazon doesn't seem particularly motivated to deal with this sort of fraud." Amazon has no incentive to care how revenues are divided between authors and print publishers, and few authors can afford to sue either Amazon or their print publisher.
The key issue is that Amazon makes no attempt to verify that a print publisher that claims to hold electronic rights actually holds those rights. Amazon doesn't require the publisher to produce any evidence of having licensed those rights, and doesn't check with the author/copyright holder. Such verification wouldn't be easy, but Amazon doesn't even try.
I have listened to several "guru products" that advise various ways to outsource the production of short garbage ebooks (numerous per day or week or however many are humanly possible is what is advised). Then, and this is key, the plan seems to be to 1) gather a lot of people into the "program" to do this, 2) everybody is instructed to use the free download days to promote their ebooks on Amazon, 3) they all are subtly prompted to download and comment on each others garbage books thus increasing the rank so that when it goes off of the free promotion it has some (false) sales leg for a little while until the process can be rinsed and repeated, and 4) here's the kicker - everybody involved in this scam gets paid - by Amazon - every time one of those free downloads happen. So it doesn't matter if their ebooks are garbage or what's in them - they all make money by downloading each others garbage - and Amazon facilitates this! Add to that any in-book hotlinks that send the unwary to scammer (legitimate or not) sales or malware sites....
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.