Free Dmitry Sklyarov!

by Bryan Pfaffenberger

Let's say you're having a nightmare. You're living in a dictatorship, a police state. The Leader's younger brother runs a State-owned factory that makes nails and screws. However, the State's engineers have been unable to figure out how to make nuts and bolts that, as fasteners go, are technically superior. To protect his younger sibling from nuts-and-bolts competition, The Leader announces a new Law that makes nuts and bolts illegal. Of course, this is stupidity writ large, because The Nation's economy needs nuts and bolts. But The Leader and his sibling could care less. They're out to enrich themselves, not the people.

A few nights later, you're watching the news. A visitor from a neighboring country--an employee of a foreign firm that makes nuts and bolts, which are perfectly legal in the neighboring country--is arrested and hauled off to jail. His crime? He attended a history convention in your country and gave a talk entitled, "Nuts and Bolts Down Through the Ages". A spokesman for The Leader tells the TV audience, "This criminal aided and abetted the manufacture of nuts and bolts in a foreign country, and he talked about how to make nuts and bolts during his visit here. Plus, we have evidence that his company has actually sold nuts and bolts right here, in Our Nation. All hail The Leader for stamping out this hideous menace." After a quick trial, the unfortunate visitor is sentenced to 20 years in prison.

Terrifying dream, isn't it? But wake up, please. This nightmare just became reality. Dmitry Sklyarov, a Russian computer programmer, attended the DEF CON convention in Las Vegas, Nevada and was arrested in a similar scenario. Sklyarov is an employee of ElcomSoft Co. Ltd., of Moscow, which publishes a program designed to defeat the encryption scheme used in Adobe's eBooks.

Arrested by the FBI as he was preparing to check out of the hotel and return to Moscow, Sklyarov was charged with violations of the US Digital Millennium Copyright Act (DMCA). Essentially, Sklyarov was charged with the following offenses:

<il>(1) he's the author of Advanced eBook Processor (AEBPR), an ElcomSoft-developed program that circumvents the encryption scheme used in Adobe's eBooks;

<il>(2) until June 28, 2001, ElcomSoft sold AEBPR in such a way that the program could be ordered from a web site accessible in the US; and

<il>(3) Sklyarov talked about Adobe eBook encryption at the DEFCON convention (he had given a talk entitled "eBook Security: Theory and Practice").

The potential penalties? Up to five years in a Federal penitentiary and $500,000 in fines. Sklyarov is currently in Federal custody, awaiting transfer to San Francisco.

In this essay, I'll argue that Sklyarov's case proves beyond any doubt that the DMCA should be overturned by a high court action. I'll leave aside the profound injustice of arresting a Russian citizen for writing a program in Russia, that is perfectly legal in Russia, and focus on the DMCA's role in this case.

Here's my point, in a nutshell: the DMCA poses a profound threat to the lawful fair use rights possessed by US citizens. It strikes the balance between intellectual property and user's rights in a way that is far too slanted towards corporate interests, and--worst of all--it poses a profound threat to the very traditions of free and open intellectual exchange that created our high-technology industries in the first place. As a community, we should speak with one voice: Free Dimitry Sklyarov! Down with the DMCA!

The DMCA Openly Contradicts Settled Fair Use Law

The Digital Millennium Copyright Act (DMCA) of 1998, a bill signed into law by President Clinton, is one of the worst consequences of the all-too-cozy relationship between corporate donors and Congress. In essence, wealthy multinational corporations (specifically, the software and entertainment industries) got almost about everything they wanted; opposing the DMCA, and ignored in the law-making process, were scientists, librarians and academics who aren't able to donate millions to re-election campaigns. Of course, the mere fact that a bill was passed simply because it had wealthy backers doesn't make it unconstitutional. What's wrong with the DMCA is that it robs citizens of fundamental rights that are guaranteed elsewhere under US Federal law and the Constitution.

Here's what's wrong with the DMCA, which, I'd like to stress, isn't solely about copyright. Much of the bill is devoted to criminalizing technologies that can be used to circumvent the anti-piracy measures built into commercial software. What's frightening about this bill is that it isn't about criminalizing acts of copyright infringement that involve the use of circumventing technologies; the bill criminalizes the creation, distribution, use or discussion of such technologies, even in the absence of provable copyright infringement. Sklyarov isn't accused of making illegal copies of eBooks; he's accused of "importing, offering to the public, providing, or otherwise trafficking" in software that circumvents copy protection measures.

So what's Dimitry Sklyarov's crime? Advanced eBook Processor is clearly to intended not only circumvent Adobe's eBook copy protection scheme, but to enable the user to make use of a lawfully purchased product on more than one computer. According to Adobe (and as told to the FBI), here's how the eBook copy protection scheme works:

After users upload the program [Adobe eBook Reader] onto their personal computer systems, the users can contact a web-based electronic bookseller, such as Amazon.com or Barnes and Noble.com, and purchase book titles in an electronic format known as an eBook. As a result of a series of seamless transactions taking place between the electronic bookseller, an Adobe Server and the customer's computer, users may only open and view the encrypted eBook on the specific computer that the user utilized to engage the transaction. Because the process is taking place outside the view or control of the user, the user never sees the verification/decryption process take place between the eBook file and the Adobe eBook Reader. Nevertheless, because the book sold in encrypted form and only accessible through the eBook Reader is not duplicatable, the copyright holder's interest in the book is protected (Criminal Complaint, US v Sklyarov, July 7, 2001).

If you run AEBPR on an eBook, the program translates the eBook files into ordinary Portable Document Format (PDF) files that can be copied and distributed without limitation. According to the indictment, "the real damage done by the AEBPR program is that it creates a `naked file' that enables anyone to read the eBook on any computer without paying the fee to the bookseller. Only one legitimate copy of the encrypted eBook needs to be purchased originally and after the protections are stripped through the usage of the Elcomsoft program, there are no restrictions and the eBook can be duplicated freely and made available for usage on any computer" (Criminal Complaint, US v Sklyarov, July 7, 2001).

Adobe's saying, essentially, that all you have to have is one naked file, and you've let the cat out of the bag, permanently. Soon, there will be copies of all the eBooks all over the Internet, and we'll be out of business. Nevermind, of course, that such acts would constitute copyright infringement, and Adobe would have every justification for going after the offenders. Look what the poor RIAA is going through! But that's too expensive. It's much easier to get Congress to pass something like the DMCA.

The trouble is, the DMCA flies in the face of long-standing definitions concerning the fair use of lawfully published, copyrighted works; principally, that the owner of a lawfully published work has the right to make a copy for archival purposes. No less an authority than the US Supreme Court has affirmed this right. What's more, even the DMCA contains an explicit recognition of the superiority of fair use rights when it comes to the fair use of copyrighted materials. The DMCA explicitly states that "[n]othing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use...." This is, admittedly, a very strange assertion, since much of the rest of the Act flies in the face of fair use rights. Its presence must mean that, somewhere in the twisted and woefully corrupt process that created the DMCA, conscience prevailed, and legislators inserted language that was intended to make one point clear: If the DMCA came into conflict with basic rights guaranteed by law, it has to go. Sure, that's going to be tough on businesses trying to sell content over the Internet, but why should a government throw out basic rights, guaranteed by law, to benefit a few corporations? Even a Congressperson can see that's going too far.

The DMCA Poses a Profound Threat the US Technological Leadership

If you're still not convinced that the DMCA is a bad law, recall The Leader and Junior Brother's nail factory. He couldn't figure out how to make nuts and bolts, so The Leader simply made it illegal to "import, offer to the public, provide, or otherwise traffic" in nuts and bolts. Of course, without nuts and bolts, things fall apart. It doesn't take a genius to figure out that The Leader is making a self-serving law, and, what's more, it's bad for the public at large. The first problem is simply that there aren't any nuts and bolts available. But it's illegal to talk about nuts and bolts, too. As a result, the knowledge of how to use nuts and bolts gradually disappears from The Nation--and its lunch is eaten by foreign competition.

The DMCA is in the same league: It facilitates corporate attacks on the free and open exchange of information that's needed to ensure continued US prominence in the technological arena. The Sklyarov case is a perfect example. Sklyarov didn't come to DEFCON to talk about how to crack Adobe's eBook protection; he came to talk about the fact that Adobe's copy protection measures aren't up to the challenges of protecting data in the Internet environment. It's an unbelievably weak scheme, argued Sklyarov in his presentation. As recounted in the Federal indictment, a public document released by a US District Court, here's what ElcomSoft has to say about the scheme:

Now it's time for the brutal truth on Adobe eBook protection. We claim that ANY eBook protection, based on Acrobat PDF format (as Adobe eBook Reader is), is ABSOLUTELY insecure just due to the nature of this format and encryption system developed by Adobe. The general rule is: if one can open a particular PDF file or eBook on his computer (does not matter with what kind of permissions/restrictions), he can remove that protection by converting that file into a plain, unprotected PDF. Not very much experience is needed. In brief: ANY security plugin (actually, eBooks are protected with a security plugin as well, EBX) does nothing but return a decryption key to the Adobe Acrobat Reader or Adobe Acrobat eBook Reader. The plugin can make various hardware verifications, use parallel port dongles, connect to the publisher's web site and use asymmetric encryption, etc., but it all ends up with a decryption key, because the Reader needs it to open the files. And when the key is there, we can use it to decrypt the document removing all permissions (US v Sklyarov, Criminal Complaint, July 7, 2001).

If ElcomSoft is correct, Adobe starts looking like the Wizard of Oz: a charlatan, using pumped-up trickery and the power of the US Federal government to disguise the deficiencies of its technology. Sklyarov's message is simply this: Adobe's eBook protection scheme will work only if we're all so stupid and ignorant that we can't help being taken in, and so cowed by Draconian laws that we're afraid to peek under the curtain. Instead of throwing him in jail, we should give him a Congressional medal.

Please join the fight to free Dimitry Sklyarov:

<il> * Join and support the Electronic Frontier Foundation (EFF), which is coordinating the very expensive legal campaign in Sklyarov's defense. Go right now and sign up.

<il> * Join the free-sklyarov mailing list.

Bryan Pfaffenberger is Associate Professor of Technology, Culture and Communication at the University of Virginia, in Charlottesville, VA. You can visit his web page, and you can browse previous Currents articles under the Currents heading here. Bryan cautions that his schedule rarely permits him to reply to all the e-mail he receives concerning his Linux Journal articles, but they're appreciated nonetheless.

Load Disqus comments