Security and hosting

What security standards do you have in place? 

The system has undergone rigorous security checks and our security team are happy with everything that is in place. In terms of data, Amazon hosting is used and includes automated data backup procedures and no book or member data has ever been lost if a system issue has occurred.  We've a 24 hour support contact and a SLA in place. Files are "fingerprinted" on download to assist in tracking them back to the downloader, should they end up somewhere they shouldn't.

How are our files protected?

The files are stored with Benetech in the US and we have visible fingerprinting in the boilerplate of the book and invisible fingerprinting embedded in the underlying code. 

Encryption: RNIB Bookshare encrypts a requested book for a given user, and the files are delivered through secure/encrypted channels.

Fingerprint: All copyrighted material downloaded is fingerprinted as part of the encryption process so that the identity of the authorised user is contained within the decrypted material in a difficult to find fashion. This way, if a user illegally redistributes material downloaded from RNIB Bookshare, it is possible to confirm both that the materials came from RNIB Bookshare and which user was responsible.

Security Database: All transactions, encryption codes and fingerprints are stored in a database enabling RNIB Bookshare to track any abuse to the source. Users are informed of the existence of this database as part of RNIB Bookshare's privacy program, and are informed of the limitations of the use of this data (it will only be used to respond to abuse problems, and not for marketing or other purposes).

What counter-piracy measures do you take and what happens in the event of a piracy issue?

Bookshare operate this service on a much larger scale than RNIB Bookshare and have only had two incidents of misuse. They offer their service to both educators and individuals. The two cases were with individuals and were not out of malice but of misunderstanding on how they could use the files. 

There is a monthly download limit on each organisation account so if this should be used very quickly we can investigate how the account is being used. It could be they are supporting a large number of students, so will use downloads much faster. Or if they are a small group we'd look at the activity see what is being downloaded, have conversation with them and take appropriate action such as requesting they delete files in their possession and confirm in writing that this has been done, deactivating their account, notifying the publisher.