[sklyarov-chicago] [declan@well.com: FC: "Free Dmitry" rally in DC, San Jose TODAY; B. Schneier on DMCA]

mjinks@sysvi.com mjinks@sysvi.com
Mon, 23 Jul 2001 21:33:44 -0500


----- Forwarded message from Declan McCullagh <declan@well.com> -----

Envelope-to: mjinks@sysvi.com
To: politech@politechbot.com
From: Declan McCullagh <declan@well.com>
Subject: FC: "Free Dmitry" rally in DC, San Jose TODAY; B. Schneier on DMCA
Cc: schneier@counterpane.com
Reply-To: declan@well.com
X-URL: Politech is at http://www.politechbot.com/
X-Author: Declan McCullagh is at http://www.mccullagh.org/
X-News-Site: Cluebot is at http://www.cluebot.com/


*********

>
>"FREE DMITRY" PROTEST
>JULY 23 -- WASHINGTON, DC
>
>WHEN: Monday, July 23, 2001, 12 noon
>WHERE: FBI headquarters, south side
>        between 9-10th and Pennsylvania Avenue NW
>WHO: You, and anyone who cares about the right to code freely
>WHY: The FBI arrested a Russian cryptologist, Dmitry Sklyarov, on charges
>      of violating the Digital Millennium Copyright Act last week
>
>CONTACT: David Merrill of the Linux Documentation Project
>          and volunteer organizer (david@lupercalia.net, 202.361.0681 cell)
>
>BACKGROUND AND OTHER PROTESTS:
>http://www.boycottadobe.com/
>http://www.freedmitry.org/
>
>MAILING LISTS:
>http://www.lupercalia.net/pipermail/free-dmitry-dc/2001-July/thread.html
>http://zork.net/mailman/listinfo/free-sklyarov

*********

[Below is from Bruce Schneier <schneier@counterpane.com> --Declan]

Russian Hacker Arrested


On Monday in Las Vegas, the FBI arrested a Russian computer security 
researcher, because he presented a paper on the strengths and weaknesses of 
software used to protect electronic books.  Because of the Digital 
Millennium Copyright Act (DMCA), which makes publishing critical research 
on this technology more serious than publishing nuclear weapon design 
information, Dmitry Sklyarov (age 27) landed in jail.  Just how did the 
United States of America end up with a law protecting the entertainment 
industry at the expense of freedom of speech?

I've already written about the DMCA, and the futility of employing 
technical solutions to prevent digital copying.  The specific DMCA 
provision at work here is the one which explicitly forbids the invention 
and distribution of "circumvention devices" and "reverse engineering of 
document protection."  Basically, it is illegal to break--or show how to 
break--technology used to protect digital copyright.  If you do, you go to 
jail (see above).

Technically, the law only protects "effective" copy-protection 
technology.  This is a wonderful piece of circular logic: surely if is has 
been broken, then it wasn't effective.  The complaint against Sklyarov 
sidestepped this problem: "Nevertheless, because the book sold in encrypted 
form and only accessible through the eBook Reader and is not duplicatable, 
the copyright holder's interest in the book is protected."  But if that 
were true, then there would no grounds for the case.

There are also provisions in the DMCA to allow for security research, 
provisions that I and others fought hard to have included.  But these 
provisions are being ignored, as we've seen in the DeCSS case against 2600 
Magazine, the RIAA case against Ed Felton, and this arrest.

What the DMCA has done is create a new controlled technology.  In the 
United States there are several technologies that normal citizens are 
prohibited from owning: lock picks, fighter aircraft, pharmaceuticals, 
explosives.  (Ignore guns, since the 2nd Amendment makes it impossible to 
generalize from their example.)  In each of these cases, only people with 
the proper credentials can legally buy and sell these technologies.  The 
DMCA goes one step further, though.  Not only are circumvention tools 
controlled, but information about them are.  2600 Magazine merely 
described, and linked to implementations of, DeCSS.  Ed Felton  wanted to 
present a paper on the deficiencies of the RIAA's various watermark schemes.

I attended Dmitry Sklyarov's talk at DefCon.  What he did was legitimate 
security research.  He determined the security of several popular E-Book 
reader products and then notified the respective firms of his 
findings.  His company Elcomsoft published, in Russia, software that 
circumvented these ineffectual security systems.  His DefCon talk was a 
clear and evenhanded presentation of the facts.  He said, in effect: "This 
security is weak, and here's why."  (One particular company he mentioned 
stored the password in plaintext inside the executable.  So, anyone with 
Notepad and a few minutes of scrolling could have the book modified for 
easy distribution.)

The FBI nabbed him at the request of Adobe Systems, Inc. for breaking the 
security on Acrobat's E-Reader API, and held him without bail.

In 1979, "The Progressive" magazine tried to publish an article containing 
technical information on H-Bomb design.  The government claimed publication 
of the would result in "grave, direct, immediate and irreparable harm to 
the national security of the United States."  After six months of legal 
maneuvering, they published it.  In 1971, the government tried to prevent 
"The New York Times" from publishing "The Pentagon Papers."  The Supreme 
Court promptly voted 6-3 to reject the government's censorship attempt, 
with chief Justice Warren Burger declaring that "prior restraints on speech 
and publication are the most serious and least tolerable infringement on 
First Amendment rights."

Welcome to 21st Century America, where the profits of the major record 
labels, movie houses, and publishing companies are more important than 
First Amendment rights.

In many ways, we're seeing the legacy of the NSA's long war against 
cryptography and cryptographic information.  Until the late 1990s, the NSA 
the threat of national security to prevent the dissemination of encryption 
technologies.  When they could, they blocked the publication and 
dissemination of information.  When that failed, they concentrated on 
products, using both legal and illegal methods to block encryption 
software.  Many people believe the NSA's primary rubric, export controls, 
would not stand up to a constitutional challenge, but it was never 
tested.  The NSA eventually gave up.

During those debates I was often asked about the NSA's strategy.  Wasn't it 
doomed?  Yes, it would eventually fail.  But from the NSA's point of view, 
every day they could delay the failure was a day of victory.  Maybe the 
Export Control regulations (they were never laws) were 
unconstitutional.  Maybe preventing publication of this and that was prior 
restraint.  Maybe pressuring companies to install back doors into their 
software was illegal.  But if it worked for a while, it was a win.  The NSA 
was fighting a holding action, and they knew it.

The entertainment industry is behaving in the same way.  The DMCA is 
unconstitutional, but they don't care.  Until it's ruled unconstitutional, 
they've won.  The charges against Sklyarov won't stick, but the chilling 
effect it will have on other researchers will.  The entertainment is 
fighting a holding action, and fear, uncertainty, and doubt are their 
weapons.  We need to win this, and we need to win it quickly.  Please 
support those who are fighting these cases in the courts: the EFF and 
others.  Every day we don't win is a loss.


Adobe's Technology and Elcomsoft's Products:
<http://www.planetebook.com/mainpage.asp?webpageid=165>
<http://www.elcomsoft.com/aebpr.html>

Government documents:
<http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010717_eff_sklyarov_pr.html>
<http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010707_complaint.html>

EFF support:
<http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010718_eff_sklyarov_statement.html>

News articles:
<http://www.nytimes.com/2001/07/18/technology/18CRYP.html>
<http://dailynews.yahoo.com/h/nm/20010717/wr/tech_hacker_arrest_dc_1.html>
<http://www.wired.com/news/politics/0,1283,45298,00.html>

Thoughtful analyses:
<http://www.osopinion.com/perl/story/12143.html>
<http://www.securitygeeks.shmoo.com/article.php?story=20010719141720141>

Other DMCA cases:
<http://www.eff.org/IP/DMCA/>


Protecting Copyright in the Digital World


Every time I write about the impossibility of effectively protecting 
digital files on a general-purpose computer, I get responses from people 
decrying the death of copyright.  "How will authors and artists get paid 
for their work," they ask me.  Truth be told, I don't know.  I feel sort of 
like the physicist who just explained relativity to a group of would-be 
interstellar travelers, only to be asked: "How do you expect us to get to 
the stars, then?"  I'm sorry, but I don't know that, either.

I am a scientist, and I explain the realities of the science.  I apologize 
if you don't like the truth, but the truth doesn't change because people 
wish it would be something else.  I don't know how authors and artists will 
make money in a world of easy copyability.  I'm an author myself, 
personally concerned about protecting my own copyright, but I don't 
know.  I can tell you what will and won't work, technically.  You an argue 
whether my technical analysis is correct, but it just doesn't make sense to 
bring social arguments into the technical discussion.

If I had to guess, I believe companies will find a way to make money 
despite the prevalence of digital copying.  When radio was invented, people 
didn't bemoan the fact that radio signals could be listened to, for free, 
by any receiver tuned to the proper frequency.  They figured out how to 
make money some other way.  There are lots of financial models that don't 
require "selling the each" to make money: advertising, patronage, 
pay-for-performance, pay-for-timeliness, pay-for-interaction, public 
funding.  I started Crypto-Gram when I was a consultant; I gave the 
newsletter away and charged for my time.  The newsletter was free 
advertising.  The Grateful Dead gave away concert recordings but charged 
for live performances.  Stephen King kept writing chapters of his book as 
long as a sufficient percentage of his readers paid him to.

I don't know what model will become the prevalent one in the digital 
world.  But I do know that technical methods to prevent digital copying are 
doomed to fail.  (This is not to say that social methods, or legal methods, 
won't work.)  Those companies that have business models that accept this 
reality are more likely than those who have business models that reject 
it.  Whine all you like, but reality is reality.

My original analysis:
<http://www.counterpane.com/crypto-gram-0105.html#3>

*********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------


----- End forwarded message -----