Publish software and go to jail. That’s the lesson learned by Russian cryptography expert Dmitry Sklyarov earlier this week in Las Vegas. As reported by Planet eBook, who broke the story, Sklyarov had just made a presentation at the Def Con conference when he was arrested by the FBI for violating the US Digital Millennium Copyright Act (DMCA). Never mind that what the cryptography expert did — publish software that breaks the encryption used by Adobe in its eBook file format and discuss his research — is legal everywhere else in the world. In fact, Dmitry’s activities used to be legal in the United States until 1998 when the DCMA was signed into law by Bill Clinton.
If he’s convicted, Sklyarov faces up to five years in prison and a US$500,000 fine. Sklyarov remains in jail, held without bail.
Sklyarov’s software — Advanced eBook Processor — removes the Adobe eBook encryption, converting the document to the Adobe .pdf format. While potentially useful for violating copyright, Sklyarov’s company — Moscow-based ElcomSoft — stresses that the program merely allows users to exercise their fair-use rights. Or at least what used to be fair-use rights prior to the DMCA. Such application of fair-use rights — specifically, the ability to backup software and electronic documents — is required by Russian law.
What is especially disturbing in this case, is that the arrest was reportedly made at the request of Adobe. So now, not only do we have a bad law, we have the government forcefully enforcing its criminal provisions at the behest and direction of corporate interests.
Also disturbing is the fact that Adobe contacted ElcomSoft’s Internet Service Provider (ISP), Verio, in late June and demanded that ElcomSoft’s web site be shut down. Verio complied, allegedly giving ElcomSoft 6 hours to remove the page that so offended Adobe’s sensibilities. ElcomSoft has since moved their web site to another provider.
Not only is this wrong on the grounds of fair-use and free speech; the program as distributed by ElcomSoft after pressure from Adobe is capable of decrypting only 25 percent of the content in an Adobe eBook. The demonstration software was apparently designed solely to prove that Adobe’s encryption was too weak to be commercially viable. The full version of the software was initially sold for US$99 — significantly higher than the cost of an eBook — and could be used only on eBooks to which the user holds license. This version was withdrawn from the market in late June, in response to pressure from Adobe. Subsequently, as of 4 July (US Independence Day, how ironic) the fully working version of the software was made available only to journalists and cryptographers.
So, how did Adobe manage to have an employee of a Russian software company arrested? After all, Russian citizens are not subject to the DMCS in their home country and there’s no evidence that Sklyarov was distributing his software at Def Con. As it turns out, ElcomSoft’s order processing was handled by RegNow, an American company. The New York Times quoted one of the US attorneys assigned to the case as saying that “the question of jurisdiction was not particularly in contest in this case.”
Still, why did Adobe go after a single programmer rather than the Russian company? Or the American company that handled the billing? Probably for the same reason that your dog licks its balls: Because it can.
The DMCA was nothing more than extortion paid to the entertainment and software industries by the US government at the expense of the US citizenry. It extended total and complete control over copyrighted material to copyright owners, far beyond the intention of any prior intellectual property law. One of the provisions of copyright law that had always been granted in the public interest was fair-use — the right to legally make personal copies for various uses including backup, criticism, research, etc. The DMCA eliminated the fair-use provision outright.
One of the least-publicized aspects of the DMCA is its criminal provisions. Few copyright experts believed that the criminal provisions would be enforced. After all, matters of copyright infringement have traditionally been matters of civil, not criminal, law. Prior to the Sklyarov case, only civil infringement actions have been brought (such as the action brought against 2600 Magazine to force removal of a DVD-decrypting program from its web site).
The DMCA has also been used to suppress research. Princeton University computer science professor Edward Felten’s research into the Secure Digital Music Initiative (SDMI) was suppressed by the threat of a civil suit by the Recording Industry Association of America (RIAA).
The DMCA is clearly a wrong-headed law and the fallout has just begun.