To secure a PDF or not. That is the question.

locked document

I was speaking recently with a publishing colleague who sends his paid newsletter content to his subscribers as a PDF attached to an email. He has a big problem with some subscribers forwarding this subscriber-only content to non-subscribers.

I’ve heard experienced publishers react to this sort of story very differently. Some will say, “Yay! Free publicity,” while others will say, “that’s lost revenue, you have to stop it.”

Both positions have their merits, but the important thing from my perspective is that it’s up to the copyright owner to make that decision, and in this case, he doesn’t want the leakage.

The hard question is how to stop it. In this article I review some of the options and give my advice.

  1. Use digital rights management.

There are digital rights management (DRM) services that can be used to secure a PDF. You can get into this at various levels of complexity.

At it’s most basic, you simply add a password to the PDF when you create it. That is, a single password for all users. Your copyright violators can pass along the password just as easily as they can pass along the PDF, so that doesn’t help much.

More advanced DRM solutions allow you to create customer-specific access, and regulate and monitor how frequently people open the document.

My opinion has always been that the increased hassle you’re putting on your paying customers with such technology is not worth it. It will never work as seamlessly as promised, and you’ll get lots of complaints. It’s very likely that most of your subscribers are honest and honor your copyright, so you’ll be adding a burden on the honest majority to stop the dishonest minority.

My advice: It’s better to keep your paying customers happy than to risk annoying them to stop copyright violations.

  1. Upload the PDF to the ESP’s server.

Many email service providers (ESPs) advise against attaching PDFs to emails. They say it decreases deliverability and increases their bandwidth fees. They often recommend uploading the PDF into the ESP’s system, so when the recipient gets the email and clicks through, they’re viewing the PDF on the ESP’s server. This provides an opportunity to regulate access to the PDF.

The downside of this method is that many users like to have the actual PDF attached to the email. It allows them to read it even when they’re offline (is anybody offline anymore, ever?), and it makes it easier for them to keep the issues where they want them. It also makes it easier to find the issues in your inbox: look for emails with attachments.

My advice: If you’re just starting to deliver content with a PDF, try this method first and see how it works. If you’ve been sending the PDF as an attachment for a while, it’s probably best to keep doing it. People don’t like to lose a feature, and that’s probably how they’ll perceive such a change.

  1. Keep the PDF on your server

Your email notification can simply tell your subscribers that the latest PDF is available on your website, where they have to login to gain access.

An advantage of having the file on your website is that it should be easier to get usage statistics from your analytics package, or even from your server logs. This will help you with measuring abuse.

Unfortunately, customers can still download the PDF from your website and send it to other people. You can use DRM to control this, but as I said above, it’s probably not worth the hassle for your customers and your customer service representatives.

My advice: Whether or not you send the PDF by email, you should also make it available on your website, behind your paywall. You should also work with your IT people to get usage statistics.

A brief note on security: The bottom line is that it’s very difficult to prevent copyright abuse with technical solutions because people can almost always find a way around them, and the tighter you make your rules, the more likely you are to anger your honest customers.

If you send a PDF, people can forward it. Even if you use DRM, people can print it, scan the printed copy and forward the scan. Or take a screen shot!

That brings us to the next set of options, which are non-technical solutions to the problem.

  1. Make an explicit statement about copyright in the body of the email.

You can cut down on some abuse by simply reminding people that sharing your content is not okay.

“You are permitted to save a copy of the attached PDF for your personal use. You are not permitted to forward it or share it with others. If you need to be able to share this content with your colleagues, please contact us about cost-saving site licenses.”

This doesn’t stop people from forwarding or sharing, but it might reduce the problem. It may be hard for some publishers to grasp this, but some people honestly don’t know they’re not supposed to forward copyrighted material. Or at least it’s not top of mind.

My advice: No matter what else you do, you should do this. Asking people to be honest is a lot better than assuming they’re dishonest and making them jump through hoops to get the content they have paid for.

  1. Activate the snitches.

Put a statement in your PDF asking recipients of forwarded emails to report the malefactors.

My advice: I don’t like this idea. I don’t know if it will work — except for the rare case of the disgruntled employee who wants to get his boss in trouble — and it simply rubs me the wrong way. I’m mentioning it only because it is an option to consider.

  1. Explicitly allow limited sharing.

I mentioned above that there’s two ways to respond when customers forward your copyrighted, paid material. You can view it as audience development (hurrah!) or lost revenue (grrr).

A possible middle ground is to be upfront with your subscribers and allow limited sharing.

“We make our living by creating excellent, professional content to help you get your job done, and we greatly appreciate that you partner with us by paying a modest fee to subscribe to our newsletter. As you know, we can’t stay in business if our paid content is distributed freely, so we ask you to please respect our relationship and abide by our terms and conditions.

“Please note that our terms and conditions allow limited sharing: you may share up to two issues with a friend or colleague in a calendar year. You may not post an issue to any social media sites.”

My advice: In a way, this reminds me of the dilemma of the parent setting rules for a kid going to a party. Is it better to say “no drinking,” or to say, “it’s okay if you have one beer, but no more”?

Will explicitly allowing limited sharing encourage the word of mouth that you want, without turning your paid content into a freebie? I don’t know. And that brings us to the big question – how do you measure the extent of the abuse?

Monitoring abuse

DRM gives you the most powerful tracking tools, but it comes at the cost of increased complexity for your customers and your customer support staff.

Serving a PDF on your ESP’s or on your own server will give you some ability to track usage, but remember that people can always download files and send them to friends. You can’t monitor that – unless you attach DRM to the PDF itself. And even if you do that, people can print and scan your content.

Another thing you should do is regularly search the internet for your content. Someone has probably posted your newsletter to a bulletin board, and in some cases people have the gall to charge for access to that pirated material. In those cases you may have some chance at redress be contacting the site and threatening legal action.

The ugly truth is that it’s difficult to know whether and to what extent your content is getting out to people who haven’t paid for it. My overall advice is that the best policy is to remind people of the rules and ask them to follow them.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *