The Association of American Publishers recently decided to test the copyright security claims of the popular electronic book systems and hired a digital security firm to assess the encryption systems of the Rocket eBook, Softbook and other handheld book-reading devices.

The study, conducted by the digital security firm Global Integrity, which has been instrumental in efforts to create a secure standard for the music industry, d s not report any serious security lapses but noted several technical 'areas of concern.'

Assessing the security of NuvoMedia's Rocket eBook, whose digital editions are downloaded to a PC and then loaded into the Rocket eBook reader, GI called its encryption 'very good today' and said it would probably last for about 25 years. The report is vague about Softbook, although it d s not fault the company's encryption. The study simply asserts that Softbook's system, which stores a consumer's books online for use in its handheld readers, is a 'closed, tamper-evident, proprietary hardware device that d s not permit arbitrary data to be exchanged with the outside world.'

In e-mail correspondence with PW, David Ornstein, chief technical officer of NuvoMedia, said he was happy with the GI assessment. 'I think these folks did a good job,' he said. But he also noted that 'some of the statements they make are a bit theoretical.' He pointed to GI's 'concerns' about NuvoMedia's 'documentation'-the software's written specifications-and said that software documentation is always 'in flux... software and documentation usually play leapfrog with each other.'

Jim Sachs, president of Softbook, told PW much the same in an e-mail message, noting that 'policies and procedures evolve more slowly, hence the lag in documentation.' But Sachs emphasized that 'our system is well documented.' He also emphasized that the study shows both firms have 'systems that are secure enough to satisfy publishers.'

Global Integrity also noted that 'general purpose devices,' units like the Palm Pilot or Windows CE-based devices that can also read digital texts, are 'not optimally suited' for securing content. Carol Risher, who monitors technology for AAP, told PW these devices were not originally designed to be digital readers and have 'a different level of hackability' than the other devices. Risher said the AAP has arranged a set fee for any firm that would like to have its devices tested by GI.

A summary of the Global Integrity assessment, which is in the process of being revised and updated, is posted on the AAP Web site ( ).