Readium
| Basic information | |
|---|---|
| Founded | 2013-01-29 |
| Legal Structure | Non-profit |
| Industry | Software |
| Also known as | Readium Foundation |
| Official website | https://readium.org/ |
Readium Foundation is a non profit that produces "reading system toolkits" that can be deployed across multiple platforms and digital publishing formats. According to its certificate of incorporation, it was incorporated in Delaware, USA in 2013. It has multiple members including:
- The European Digital Reading Lab (EDRLab)
- Bibliovault (University of Chicago Press)
- Columbia University Library
- eKitabu
- New York Public Library
- New York University Library
- DRM Inside Co., Ltd.
One of its main products is the Readium LCP DRM system.
Consumer-impact summary
While it is commendable that Readium and its partners (like EDRLab) promote open source code and wished to design a DRM system that aimed to avoid vendor lock-in (which could have caused a lack of innovation, diversity, features and would have handed one vendor total control), aimed to be more interoperable, simpler, secure and ensuring that:
The solution is designed to be minimally intrusive for end-users, who don’t need to create a third-party account. User can share their ebooks with their family or close friends
[4] it can be argued that DRM in itself is negatively affecting consumers.
Moreover, the Readium SDK was reportedly developed so that it would support multiple DRM technologies, allowing other DRM vendors to easily integrate their systems with Readium. This in effect lowers the barrier to entry, because companies with existing DRM implementations can migrate to Readium with relative ease, as they can keep using their own DRM systems. It's also worth pointing out that regardless of Readium's intentions, adopters may not (and don't have to) accept all those ideals mentioned in the paragraph above. In turn, that can be reflected in their DRM implementations while still remaining in Readium's broader ecosystem. That matters because adopters are who consumers end up interacting with.
The system's variety, while having upsides (such as being more resistant to vendor lock-in), at the same time enables companies that might otherwise be hesitant, to pick and choose, in a way that might have not been feasible for them before. Or, more generally, they can operate in a way that doesn't have to be consumer-friendly in a way that might turn out to be cheaper, easier and more accessible for them.[5]
In addition to this, Readium has filed DMCA takedown requests to force tools which circumvented Readium LCP to remove code from their repositories. As a result, it is currently not possible for users to archive their own ebooks without Readium LCP DRM in an easy way (or perhaps any way). Though some users claim they were able to do it with methods such as Terence Eden's method, the overwhelming consensus seems to be that many suggested tools do not work. And as it turns out, there are several examples of users complaining or asking for help with the exact issue of being stuck with DRM on something they paid for (Right to own). (Refer to External links for examples.)
A Mastodon user named Terence Eden, who circumvented LCP and made some really good points in a reply to a person who was reportedly from the Readium Foundation:
Because Readium doesn't freely licence its DRM, it has an adverse effect on me and other readers like me.
- My eReader hardware is out of support from the manufacturer - it will never receive an update for LCP support.
- My reading software (KOReader) have publicly stated that they cannot afford the fees you charge and will not be certified by you.
- Kobo hardware cannot read LCP protected books.
- There is no guarantee that LCP compatible software will be released for future platforms.
In short, I want to read my books on my choice of hardware and software; not yours.
I believe that everyone deserves the right to read on their platform of choice without having to seek permission from a 3rd party.
Incidents
This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the Readium category.
DMCA takedown (2022-01-04)
Readium filed a DMCA takedown notice with GitHub in 2022. The notice stated that:
The user "noDRM" has published on GitHub software which specifically allows the decryption of ebooks protected by the LCP Profile 1.0 and allows saving them as non-protected ebooks. This infringement violates our legal business and affects authors and publishers’ IP. This codebase is presented as a plug-in of the well-known Calibre software, an open-source ebook manager.
As well as that the explicit circumvention of Readium LCP was in a file called "lcpdedrm.py." And that:
The user noDRM is actively promoting the activity of cracking both library loans and one-off purchases
followed to a link to a GitHub Issue to substantiate the claim.[7]
As a result, the relevant files as well as relevant Git history was removed from the repository.[8]
Response to a published circumvention method (2025)

In March 2025, a Mastodon user called Terence Eden (@[email protected]) made a post about circumventing Readium LCP, and later described his method in a blog post. Shortly after, he reportedly received a LinkedIn message from somebody at the Readium Foundation. There is also a comment on Eden's Mastodon post by a user named "llemeur" ([email protected]), stating "@Edent see PM on LinkedIn." While the username is similar to the initials of "Laurent Le Meur"- a Readium board member[1] as well as Director and CTO of EDRLab[9], it is unclear who the commenter actually was.
The person "congratulated" Eden and mentioned that:
We managed to convince publishers (even big US publishers) to adopt a solution that is flexible for readers and appreciated by public libraries and booksellers.
Our gains are re-injected in open-source software and open standards (work on EPUB and Web Publications).
If the DRM does not succeed, harder DRMs (for users) will be tested.
I let you think about that aspect
In a response, Eden stated that the his method was basic, used the app's built-in debugging functionality and that he had not reverse engineered their app or decrypted their secret keys. He stated that he would publish his research and the correspondence, but that he wouldn't publish any of their intellectual property. Their reply included what Eden, in his blog, described as a "crude attempt at emotional manipulation."
We were planning to now focus on new accessibility features on our open-source Thorium Reader, better access to annotations for blind users and an advanced reading mode for dyslexic people. Too bad; disturbances around LCP will force us to focus on a new round of security measures, ensuring the technology stays useful for ebook lending (stop reading after some time) and as a protection against oversharing.
You can, for sure, publish information relative to your discoveries to the extent UK laws allow. After study, we'll do our best to make the technology more robust. If your discourse represents a circumvention of this technical protection measure, we'll command a take-down as a standard procedure.
The correspondence came to a close after Eden's reply:
As you have raised the possibility of legal action, I think it is best that we terminate this conversation.
(Refer to External links for the entire correspondence.)
Company background
The Readium project was started by the IDPF in 2012 because the EPUB 3.0 specification had been released late in 2011, but no implementation yet existed (or, at least, had been publicly released). So IDPF provided some funding and encouragement and two firms, Evident Point and Bluefire, took the lead in developing a JavaScript implementation of a significant part of the EPUB 3 spec.
The JavaScript implementation lacked features and was written as a Google Chrome extension. It also didn't provide native implementations for devices and "it couldn’t support DRM securely." After additional development, they released the open source Readium SDK Core.
The SDK was designed from the beginning to support DRM ( Digital Rights Management ), a mandatory feature for digital library lending, and also required by many publisher for anti-piracy matters. It was moreover designed to be DRM-agnostic, able to support multiple DRM implementations. However, while that capability existed in the SDK, there was also an increasing perception over time that the existing DRM implementations (Adobe, Kobo, Sony) were too heavyweight and proprietary and there existed a need for a new open-source DRM specification and implementation. The result was the Readium LCP (Licensed Content Protection) specification and implementation, which is rolling out in 2017.
Readium LCP
Preliminary
Readium LCP is Readium's DRM system. Readium Foundation is responsible for maintenance of the Readium LCP specification, while:
management of the Readium LCP ecosystem is handled by EDRLab, acting as Certification Authority.
[12](EDRLab is also a member of the Readium Foundation)[1]
The design of Readium Licensed Content Protection (LCP) was influenced by a 2012 paper called "EPUB Lightweight Content Protection: Use Cases & Requirements" by Bill Rosenblatt (link in the External Links section). It is also an international standard, referenced as: ISO/IEC 23078-2:2024.
Basics
One of the most important concepts in Readium LCP is the LCP license file. It is generated by a Readium LCP License Server and contains:
- A set of rights; standard rights are:
- A start and end access date and time, especially useful for library lending;
- The number of pages the user is allowed to print;
- The number of characters the user is allowed to copy/paste;
- The passphrase hint; this information is important; more details below, in section “Interaction with the Reading System”;
- The content key, encrypted; the reading system will use the user passphrase in order to get this data in clear;
- The provider certificate and a digital signature; this information will be used by the reading system for checking that the license has not been modified by anyone other than the provider;
Optional:
- Some limited personal data; LCP can act as a “social DRM”; such information is encrypted for privacy protection, and the License Server does not store this information.
- Optionally, the URL of the protected content associated with this license, used if the license is delivered as a stand-alone file (.lcpl).
(The following summarizes what is referred to as the “Interaction with the Reading System” section in the quote above, as well as a few other sections.)
A license file can either be distributed as a standalone file or embedded into an EPUB file.
A protected EPUB file is simply the association of protected content with a license.
Users can buy ebooks from the reading system and receive license a license file. The reading system then automatically downloads the appropriate EPUB file and embeds the license into it. With this arrangement:
the EPUB file with its included license can be opened by the reading system, archived, exported to another reading system etc. and the user has only one file to care about.
In an alternative arrangement, the distributor can embed license files into EPUB files, before sending them to the reading system.
Encryption and decryption
Its encryption is based on AES. Keys that unlock files are referred to as passphrases. It can either be generated or chosen by the user. Users have one passphrase for each bookstore or library. LCP licenses also include password hints in case a user forgets their password.
The software transforms the passphrase into a user key (h = hash(pp) then uk = userkey(h), with “userkey” a simple string transfom). The user key can decrypt the content key provided in the user license. The content key can decrypt the content. The Readium LCP library software is mostly open-source, only uk = userkey(h) isn’t (in the open-source version it is void). Only trusted licence providers and trusted app developers know what this string transform is. Therefore one cannot take the open-source software and simply add a “save as clear epub” feature applied on ebooks provided by certified servers.
Products
- Readium LCP
- Readium Mobile
- Readium Desktop
- Readium Web
- Readium Web Publication Manifest
See also
References
- ↑ 1.0 1.1 1.2 "Membership Overview". readium.org. Archived from the original on 23 Jun 2026.
- ↑ "READIUM FOUNDATION CERTIFICATE OF INCORPORATION" (PDF). readium.org. Archived (PDF) from the original on 1 Aug 2024. Retrieved 23 Jun 2026.
- ↑ "Readium Project Goals". readium.org. Archived from the original on 11 Mar 2026. Retrieved 23 Jun 2026.
- ↑ "Readium LCP". edrlab.org. Archived from the original on 17 Jun 2026. Retrieved 23 Jun 2026.
- ↑ "Overview of the DRM ecosystem". edrlab.org. Archived from the original on 23 Jun 2026.
- ↑ 6.0 6.1 Terence Eden (16 Mar 2025). "Extracting content from an LCP "protected" ePub". shkspr.mobi. Archived from the original on 24 Jun 2026.
- ↑ [private] (2022-01-04). "2022-01-04-readium". Archived from the original on 4 Jun 2026. Retrieved 23 Jun 2026.
- ↑ captn3m0 (17 Mar 2025). "Extracting content from an LCP "protected" ePub". news.ycombinator.com. Archived from the original on 16 Jun 2026. Retrieved 24 Jun 2026.
{{cite web}}: CS1 maint: numeric names: authors list (link) - ↑ "About". edrlab.org. Archived from the original on 2 May 2026. Retrieved 26 Jun 2026.
- ↑ Terence Eden (Mar 2025). "114155981621627317". mastodon.social. Archived from the original on 24 Jun 2026.
- ↑ "A Bit of History". readium.org. Archived from the original on 23 Jun 2026.
- ↑ "Readium Projects". readium.org. Archived from the original on 27 May 2026. Retrieved 23 Jun 2026.
- ↑ "LCP principles". edrlab.org. Archived from the original on 23 Jun 2026.
External links
Readium
- Readium LCP Introduction Video (archived)
- Readium LCP v1.0 Specification (archived)
- Readium's DMCA Request (archived)
- Conceptual Basis for Readium LCP (archived)
- Readium LCP and Open Source DRM (archived)
- Readium Architecture (archived)
Eden's posts
- Eden's Blog Post (archived) (See Ethics for correspondence.)
- Another Blog Post on LCP by Eden (archived)
- Eden's Mastodon Posts (archived)