Free Dmitry Sklyarov!

"The DMCA says that companies can use technology to take away fair use, but programmers can't use technology to take fair use back. Now the government is spending taxpayer money putting people from other countries in jail to protect multinational corporate profits at the expense of free speech" --Jennifer Granick, Center for Internet and Society, Stanford Law School
The DMCA Poses a Profound Threat the US Technological Leadership

If you're still not convinced that the DMCA is a bad law, recall The Leader and Junior Brother's nail factory. He couldn't figure out how to make nuts and bolts, so The Leader simply made it illegal to "import, offer to the public, provide, or otherwise traffic" in nuts and bolts. Of course, without nuts and bolts, things fall apart. It doesn't take a genius to figure out that The Leader is making a self-serving law, and, what's more, it's bad for the public at large. The first problem is simply that there aren't any nuts and bolts available. But it's illegal to talk about nuts and bolts, too. As a result, the knowledge of how to use nuts and bolts gradually disappears from The Nation--and its lunch is eaten by foreign competition.

The DMCA is in the same league: It facilitates corporate attacks on the free and open exchange of information that's needed to ensure continued US prominence in the technological arena. The Sklyarov case is a perfect example. Sklyarov didn't come to DEFCON to talk about how to crack Adobe's eBook protection; he came to talk about the fact that Adobe's copy protection measures aren't up to the challenges of protecting data in the Internet environment. It's an unbelievably weak scheme, argued Sklyarov in his presentation. As recounted in the Federal indictment, a public document released by a US District Court, here's what ElcomSoft has to say about the scheme:

Now it's time for the brutal truth on Adobe eBook protection. We claim that ANY eBook protection, based on Acrobat PDF format (as Adobe eBook Reader is), is ABSOLUTELY insecure just due to the nature of this format and encryption system developed by Adobe. The general rule is: if one can open a particular PDF file or eBook on his computer (does not matter with what kind of permissions/restrictions), he can remove that protection by converting that file into a plain, unprotected PDF. Not very much experience is needed. In brief: ANY security plugin (actually, eBooks are protected with a security plugin as well, EBX) does nothing but return a decryption key to the Adobe Acrobat Reader or Adobe Acrobat eBook Reader. The plugin can make various hardware verifications, use parallel port dongles, connect to the publisher's web site and use asymmetric encryption, etc., but it all ends up with a decryption key, because the Reader needs it to open the files. And when the key is there, we can use it to decrypt the document removing all permissions (US v Sklyarov, Criminal Complaint, July 7, 2001).

If ElcomSoft is correct, Adobe starts looking like the Wizard of Oz: a charlatan, using pumped-up trickery and the power of the US Federal government to disguise the deficiencies of its technology. Sklyarov's message is simply this: Adobe's eBook protection scheme will work only if we're all so stupid and ignorant that we can't help being taken in, and so cowed by Draconian laws that we're afraid to peek under the curtain. Instead of throwing him in jail, we should give him a Congressional medal.

Please join the fight to free Dimitry Sklyarov:

<il> * Join and support the Electronic Frontier Foundation (EFF), which is coordinating the very expensive legal campaign in Sklyarov's defense. Go right now and sign up.

<il> * Join the free-sklyarov mailing list.

Bryan Pfaffenberger is Associate Professor of Technology, Culture and Communication at the University of Virginia, in Charlottesville, VA. You can visit his web page, and you can browse previous Currents articles under the Currents heading here. Bryan cautions that his schedule rarely permits him to reply to all the e-mail he receives concerning his Linux Journal articles, but they're appreciated nonetheless.