Free Dmitry Sklyarov!

"The DMCA says that companies can use technology to take away fair use, but programmers can't use technology to take fair use back. Now the government is spending taxpayer money putting people from other countries in jail to protect multinational corporate profits at the expense of free speech" --Jennifer Granick, Center for Internet and Society, Stanford Law School

Let's say you're having a nightmare. You're living in a dictatorship, a police state. The Leader's younger brother runs a State-owned factory that makes nails and screws. However, the State's engineers have been unable to figure out how to make nuts and bolts that, as fasteners go, are technically superior. To protect his younger sibling from nuts-and-bolts competition, The Leader announces a new Law that makes nuts and bolts illegal. Of course, this is stupidity writ large, because The Nation's economy needs nuts and bolts. But The Leader and his sibling could care less. They're out to enrich themselves, not the people.

A few nights later, you're watching the news. A visitor from a neighboring country--an employee of a foreign firm that makes nuts and bolts, which are perfectly legal in the neighboring country--is arrested and hauled off to jail. His crime? He attended a history convention in your country and gave a talk entitled, "Nuts and Bolts Down Through the Ages". A spokesman for The Leader tells the TV audience, "This criminal aided and abetted the manufacture of nuts and bolts in a foreign country, and he talked about how to make nuts and bolts during his visit here. Plus, we have evidence that his company has actually sold nuts and bolts right here, in Our Nation. All hail The Leader for stamping out this hideous menace." After a quick trial, the unfortunate visitor is sentenced to 20 years in prison.

Terrifying dream, isn't it? But wake up, please. This nightmare just became reality. Dmitry Sklyarov, a Russian computer programmer, attended the DEF CON convention in Las Vegas, Nevada and was arrested in a similar scenario. Sklyarov is an employee of ElcomSoft Co. Ltd., of Moscow, which publishes a program designed to defeat the encryption scheme used in Adobe's eBooks.

Arrested by the FBI as he was preparing to check out of the hotel and return to Moscow, Sklyarov was charged with violations of the US Digital Millennium Copyright Act (DMCA). Essentially, Sklyarov was charged with the following offenses:

<il>(1) he's the author of Advanced eBook Processor (AEBPR), an ElcomSoft-developed program that circumvents the encryption scheme used in Adobe's eBooks;

<il>(2) until June 28, 2001, ElcomSoft sold AEBPR in such a way that the program could be ordered from a web site accessible in the US; and

<il>(3) Sklyarov talked about Adobe eBook encryption at the DEFCON convention (he had given a talk entitled "eBook Security: Theory and Practice").

The potential penalties? Up to five years in a Federal penitentiary and $500,000 in fines. Sklyarov is currently in Federal custody, awaiting transfer to San Francisco.

In this essay, I'll argue that Sklyarov's case proves beyond any doubt that the DMCA should be overturned by a high court action. I'll leave aside the profound injustice of arresting a Russian citizen for writing a program in Russia, that is perfectly legal in Russia, and focus on the DMCA's role in this case.

Here's my point, in a nutshell: the DMCA poses a profound threat to the lawful fair use rights possessed by US citizens. It strikes the balance between intellectual property and user's rights in a way that is far too slanted towards corporate interests, and--worst of all--it poses a profound threat to the very traditions of free and open intellectual exchange that created our high-technology industries in the first place. As a community, we should speak with one voice: Free Dimitry Sklyarov! Down with the DMCA!

The DMCA Openly Contradicts Settled Fair Use Law

The Digital Millennium Copyright Act (DMCA) of 1998, a bill signed into law by President Clinton, is one of the worst consequences of the all-too-cozy relationship between corporate donors and Congress. In essence, wealthy multinational corporations (specifically, the software and entertainment industries) got almost about everything they wanted; opposing the DMCA, and ignored in the law-making process, were scientists, librarians and academics who aren't able to donate millions to re-election campaigns. Of course, the mere fact that a bill was passed simply because it had wealthy backers doesn't make it unconstitutional. What's wrong with the DMCA is that it robs citizens of fundamental rights that are guaranteed elsewhere under US Federal law and the Constitution.

Here's what's wrong with the DMCA, which, I'd like to stress, isn't solely about copyright. Much of the bill is devoted to criminalizing technologies that can be used to circumvent the anti-piracy measures built into commercial software. What's frightening about this bill is that it isn't about criminalizing acts of copyright infringement that involve the use of circumventing technologies; the bill criminalizes the creation, distribution, use or discussion of such technologies, even in the absence of provable copyright infringement. Sklyarov isn't accused of making illegal copies of eBooks; he's accused of "importing, offering to the public, providing, or otherwise trafficking" in software that circumvents copy protection measures.

So what's Dimitry Sklyarov's crime? Advanced eBook Processor is clearly to intended not only circumvent Adobe's eBook copy protection scheme, but to enable the user to make use of a lawfully purchased product on more than one computer. According to Adobe (and as told to the FBI), here's how the eBook copy protection scheme works:

After users upload the program [Adobe eBook Reader] onto their personal computer systems, the users can contact a web-based electronic bookseller, such as Amazon.com or Barnes and Noble.com, and purchase book titles in an electronic format known as an eBook. As a result of a series of seamless transactions taking place between the electronic bookseller, an Adobe Server and the customer's computer, users may only open and view the encrypted eBook on the specific computer that the user utilized to engage the transaction. Because the process is taking place outside the view or control of the user, the user never sees the verification/decryption process take place between the eBook file and the Adobe eBook Reader. Nevertheless, because the book sold in encrypted form and only accessible through the eBook Reader is not duplicatable, the copyright holder's interest in the book is protected (Criminal Complaint, US v Sklyarov, July 7, 2001).

If you run AEBPR on an eBook, the program translates the eBook files into ordinary Portable Document Format (PDF) files that can be copied and distributed without limitation. According to the indictment, "the real damage done by the AEBPR program is that it creates a `naked file' that enables anyone to read the eBook on any computer without paying the fee to the bookseller. Only one legitimate copy of the encrypted eBook needs to be purchased originally and after the protections are stripped through the usage of the Elcomsoft program, there are no restrictions and the eBook can be duplicated freely and made available for usage on any computer" (Criminal Complaint, US v Sklyarov, July 7, 2001).

Adobe's saying, essentially, that all you have to have is one naked file, and you've let the cat out of the bag, permanently. Soon, there will be copies of all the eBooks all over the Internet, and we'll be out of business. Nevermind, of course, that such acts would constitute copyright infringement, and Adobe would have every justification for going after the offenders. Look what the poor RIAA is going through! But that's too expensive. It's much easier to get Congress to pass something like the DMCA.

The trouble is, the DMCA flies in the face of long-standing definitions concerning the fair use of lawfully published, copyrighted works; principally, that the owner of a lawfully published work has the right to make a copy for archival purposes. No less an authority than the US Supreme Court has affirmed this right. What's more, even the DMCA contains an explicit recognition of the superiority of fair use rights when it comes to the fair use of copyrighted materials. The DMCA explicitly states that "[n]othing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use...." This is, admittedly, a very strange assertion, since much of the rest of the Act flies in the face of fair use rights. Its presence must mean that, somewhere in the twisted and woefully corrupt process that created the DMCA, conscience prevailed, and legislators inserted language that was intended to make one point clear: If the DMCA came into conflict with basic rights guaranteed by law, it has to go. Sure, that's going to be tough on businesses trying to sell content over the Internet, but why should a government throw out basic rights, guaranteed by law, to benefit a few corporations? Even a Congressperson can see that's going too far.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix