[sklyarov-chicago] [declan@well.com: FC: "Free Dmitry" rally in DC, San Jose TODAY; B. Schneier on DMCA]
mjinks@sysvi.com
mjinks@sysvi.com
Mon, 23 Jul 2001 21:33:44 -0500
----- Forwarded message from Declan McCullagh <declan@well.com> -----
Envelope-to: mjinks@sysvi.com
To: politech@politechbot.com
From: Declan McCullagh <declan@well.com>
Subject: FC: "Free Dmitry" rally in DC, San Jose TODAY; B. Schneier on DMCA
Cc: schneier@counterpane.com
Reply-To: declan@well.com
X-URL: Politech is at http://www.politechbot.com/
X-Author: Declan McCullagh is at http://www.mccullagh.org/
X-News-Site: Cluebot is at http://www.cluebot.com/
*********
>
>"FREE DMITRY" PROTEST
>JULY 23 -- WASHINGTON, DC
>
>WHEN: Monday, July 23, 2001, 12 noon
>WHERE: FBI headquarters, south side
> between 9-10th and Pennsylvania Avenue NW
>WHO: You, and anyone who cares about the right to code freely
>WHY: The FBI arrested a Russian cryptologist, Dmitry Sklyarov, on charges
> of violating the Digital Millennium Copyright Act last week
>
>CONTACT: David Merrill of the Linux Documentation Project
> and volunteer organizer (david@lupercalia.net, 202.361.0681 cell)
>
>BACKGROUND AND OTHER PROTESTS:
>http://www.boycottadobe.com/
>http://www.freedmitry.org/
>
>MAILING LISTS:
>http://www.lupercalia.net/pipermail/free-dmitry-dc/2001-July/thread.html
>http://zork.net/mailman/listinfo/free-sklyarov
*********
[Below is from Bruce Schneier <schneier@counterpane.com> --Declan]
Russian Hacker Arrested
On Monday in Las Vegas, the FBI arrested a Russian computer security
researcher, because he presented a paper on the strengths and weaknesses of
software used to protect electronic books. Because of the Digital
Millennium Copyright Act (DMCA), which makes publishing critical research
on this technology more serious than publishing nuclear weapon design
information, Dmitry Sklyarov (age 27) landed in jail. Just how did the
United States of America end up with a law protecting the entertainment
industry at the expense of freedom of speech?
I've already written about the DMCA, and the futility of employing
technical solutions to prevent digital copying. The specific DMCA
provision at work here is the one which explicitly forbids the invention
and distribution of "circumvention devices" and "reverse engineering of
document protection." Basically, it is illegal to break--or show how to
break--technology used to protect digital copyright. If you do, you go to
jail (see above).
Technically, the law only protects "effective" copy-protection
technology. This is a wonderful piece of circular logic: surely if is has
been broken, then it wasn't effective. The complaint against Sklyarov
sidestepped this problem: "Nevertheless, because the book sold in encrypted
form and only accessible through the eBook Reader and is not duplicatable,
the copyright holder's interest in the book is protected." But if that
were true, then there would no grounds for the case.
There are also provisions in the DMCA to allow for security research,
provisions that I and others fought hard to have included. But these
provisions are being ignored, as we've seen in the DeCSS case against 2600
Magazine, the RIAA case against Ed Felton, and this arrest.
What the DMCA has done is create a new controlled technology. In the
United States there are several technologies that normal citizens are
prohibited from owning: lock picks, fighter aircraft, pharmaceuticals,
explosives. (Ignore guns, since the 2nd Amendment makes it impossible to
generalize from their example.) In each of these cases, only people with
the proper credentials can legally buy and sell these technologies. The
DMCA goes one step further, though. Not only are circumvention tools
controlled, but information about them are. 2600 Magazine merely
described, and linked to implementations of, DeCSS. Ed Felton wanted to
present a paper on the deficiencies of the RIAA's various watermark schemes.
I attended Dmitry Sklyarov's talk at DefCon. What he did was legitimate
security research. He determined the security of several popular E-Book
reader products and then notified the respective firms of his
findings. His company Elcomsoft published, in Russia, software that
circumvented these ineffectual security systems. His DefCon talk was a
clear and evenhanded presentation of the facts. He said, in effect: "This
security is weak, and here's why." (One particular company he mentioned
stored the password in plaintext inside the executable. So, anyone with
Notepad and a few minutes of scrolling could have the book modified for
easy distribution.)
The FBI nabbed him at the request of Adobe Systems, Inc. for breaking the
security on Acrobat's E-Reader API, and held him without bail.
In 1979, "The Progressive" magazine tried to publish an article containing
technical information on H-Bomb design. The government claimed publication
of the would result in "grave, direct, immediate and irreparable harm to
the national security of the United States." After six months of legal
maneuvering, they published it. In 1971, the government tried to prevent
"The New York Times" from publishing "The Pentagon Papers." The Supreme
Court promptly voted 6-3 to reject the government's censorship attempt,
with chief Justice Warren Burger declaring that "prior restraints on speech
and publication are the most serious and least tolerable infringement on
First Amendment rights."
Welcome to 21st Century America, where the profits of the major record
labels, movie houses, and publishing companies are more important than
First Amendment rights.
In many ways, we're seeing the legacy of the NSA's long war against
cryptography and cryptographic information. Until the late 1990s, the NSA
the threat of national security to prevent the dissemination of encryption
technologies. When they could, they blocked the publication and
dissemination of information. When that failed, they concentrated on
products, using both legal and illegal methods to block encryption
software. Many people believe the NSA's primary rubric, export controls,
would not stand up to a constitutional challenge, but it was never
tested. The NSA eventually gave up.
During those debates I was often asked about the NSA's strategy. Wasn't it
doomed? Yes, it would eventually fail. But from the NSA's point of view,
every day they could delay the failure was a day of victory. Maybe the
Export Control regulations (they were never laws) were
unconstitutional. Maybe preventing publication of this and that was prior
restraint. Maybe pressuring companies to install back doors into their
software was illegal. But if it worked for a while, it was a win. The NSA
was fighting a holding action, and they knew it.
The entertainment industry is behaving in the same way. The DMCA is
unconstitutional, but they don't care. Until it's ruled unconstitutional,
they've won. The charges against Sklyarov won't stick, but the chilling
effect it will have on other researchers will. The entertainment is
fighting a holding action, and fear, uncertainty, and doubt are their
weapons. We need to win this, and we need to win it quickly. Please
support those who are fighting these cases in the courts: the EFF and
others. Every day we don't win is a loss.
Adobe's Technology and Elcomsoft's Products:
<http://www.planetebook.com/mainpage.asp?webpageid=165>
<http://www.elcomsoft.com/aebpr.html>
Government documents:
<http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010717_eff_sklyarov_pr.html>
<http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010707_complaint.html>
EFF support:
<http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010718_eff_sklyarov_statement.html>
News articles:
<http://www.nytimes.com/2001/07/18/technology/18CRYP.html>
<http://dailynews.yahoo.com/h/nm/20010717/wr/tech_hacker_arrest_dc_1.html>
<http://www.wired.com/news/politics/0,1283,45298,00.html>
Thoughtful analyses:
<http://www.osopinion.com/perl/story/12143.html>
<http://www.securitygeeks.shmoo.com/article.php?story=20010719141720141>
Other DMCA cases:
<http://www.eff.org/IP/DMCA/>
Protecting Copyright in the Digital World
Every time I write about the impossibility of effectively protecting
digital files on a general-purpose computer, I get responses from people
decrying the death of copyright. "How will authors and artists get paid
for their work," they ask me. Truth be told, I don't know. I feel sort of
like the physicist who just explained relativity to a group of would-be
interstellar travelers, only to be asked: "How do you expect us to get to
the stars, then?" I'm sorry, but I don't know that, either.
I am a scientist, and I explain the realities of the science. I apologize
if you don't like the truth, but the truth doesn't change because people
wish it would be something else. I don't know how authors and artists will
make money in a world of easy copyability. I'm an author myself,
personally concerned about protecting my own copyright, but I don't
know. I can tell you what will and won't work, technically. You an argue
whether my technical analysis is correct, but it just doesn't make sense to
bring social arguments into the technical discussion.
If I had to guess, I believe companies will find a way to make money
despite the prevalence of digital copying. When radio was invented, people
didn't bemoan the fact that radio signals could be listened to, for free,
by any receiver tuned to the proper frequency. They figured out how to
make money some other way. There are lots of financial models that don't
require "selling the each" to make money: advertising, patronage,
pay-for-performance, pay-for-timeliness, pay-for-interaction, public
funding. I started Crypto-Gram when I was a consultant; I gave the
newsletter away and charged for my time. The newsletter was free
advertising. The Grateful Dead gave away concert recordings but charged
for live performances. Stephen King kept writing chapters of his book as
long as a sufficient percentage of his readers paid him to.
I don't know what model will become the prevalent one in the digital
world. But I do know that technical methods to prevent digital copying are
doomed to fail. (This is not to say that social methods, or legal methods,
won't work.) Those companies that have business models that accept this
reality are more likely than those who have business models that reject
it. Whine all you like, but reality is reality.
My original analysis:
<http://www.counterpane.com/crypto-gram-0105.html#3>
*********
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
----- End forwarded message -----