FC: "Free Dmitry" rally in DC, San Jose TODAY; B. Schneier on DMCA

From: Declan McCullagh (declanat_private)
Date: Mon Jul 23 2001 - 07:51:06 PDT

  • Next message: Declan McCullagh: "FC: Adobe bows to pressure, recommends release of Russian hacker"

    *********
    
    >
    >"FREE DMITRY" PROTEST
    >JULY 23 -- WASHINGTON, DC
    >
    >WHEN: Monday, July 23, 2001, 12 noon
    >WHERE: FBI headquarters, south side
    >        between 9-10th and Pennsylvania Avenue NW
    >WHO: You, and anyone who cares about the right to code freely
    >WHY: The FBI arrested a Russian cryptologist, Dmitry Sklyarov, on charges
    >      of violating the Digital Millennium Copyright Act last week
    >
    >CONTACT: David Merrill of the Linux Documentation Project
    >          and volunteer organizer (davidat_private, 202.361.0681 cell)
    >
    >BACKGROUND AND OTHER PROTESTS:
    >http://www.boycottadobe.com/
    >http://www.freedmitry.org/
    >
    >MAILING LISTS:
    >http://www.lupercalia.net/pipermail/free-dmitry-dc/2001-July/thread.html
    >http://zork.net/mailman/listinfo/free-sklyarov
    
    *********
    
    [Below is from Bruce Schneier <schneierat_private> --Declan]
    
    Russian Hacker Arrested
    
    
    On Monday in Las Vegas, the FBI arrested a Russian computer security 
    researcher, because he presented a paper on the strengths and weaknesses of 
    software used to protect electronic books.  Because of the Digital 
    Millennium Copyright Act (DMCA), which makes publishing critical research 
    on this technology more serious than publishing nuclear weapon design 
    information, Dmitry Sklyarov (age 27) landed in jail.  Just how did the 
    United States of America end up with a law protecting the entertainment 
    industry at the expense of freedom of speech?
    
    I've already written about the DMCA, and the futility of employing 
    technical solutions to prevent digital copying.  The specific DMCA 
    provision at work here is the one which explicitly forbids the invention 
    and distribution of "circumvention devices" and "reverse engineering of 
    document protection."  Basically, it is illegal to break--or show how to 
    break--technology used to protect digital copyright.  If you do, you go to 
    jail (see above).
    
    Technically, the law only protects "effective" copy-protection 
    technology.  This is a wonderful piece of circular logic: surely if is has 
    been broken, then it wasn't effective.  The complaint against Sklyarov 
    sidestepped this problem: "Nevertheless, because the book sold in encrypted 
    form and only accessible through the eBook Reader and is not duplicatable, 
    the copyright holder's interest in the book is protected."  But if that 
    were true, then there would no grounds for the case.
    
    There are also provisions in the DMCA to allow for security research, 
    provisions that I and others fought hard to have included.  But these 
    provisions are being ignored, as we've seen in the DeCSS case against 2600 
    Magazine, the RIAA case against Ed Felton, and this arrest.
    
    What the DMCA has done is create a new controlled technology.  In the 
    United States there are several technologies that normal citizens are 
    prohibited from owning: lock picks, fighter aircraft, pharmaceuticals, 
    explosives.  (Ignore guns, since the 2nd Amendment makes it impossible to 
    generalize from their example.)  In each of these cases, only people with 
    the proper credentials can legally buy and sell these technologies.  The 
    DMCA goes one step further, though.  Not only are circumvention tools 
    controlled, but information about them are.  2600 Magazine merely 
    described, and linked to implementations of, DeCSS.  Ed Felton  wanted to 
    present a paper on the deficiencies of the RIAA's various watermark schemes.
    
    I attended Dmitry Sklyarov's talk at DefCon.  What he did was legitimate 
    security research.  He determined the security of several popular E-Book 
    reader products and then notified the respective firms of his 
    findings.  His company Elcomsoft published, in Russia, software that 
    circumvented these ineffectual security systems.  His DefCon talk was a 
    clear and evenhanded presentation of the facts.  He said, in effect: "This 
    security is weak, and here's why."  (One particular company he mentioned 
    stored the password in plaintext inside the executable.  So, anyone with 
    Notepad and a few minutes of scrolling could have the book modified for 
    easy distribution.)
    
    The FBI nabbed him at the request of Adobe Systems, Inc. for breaking the 
    security on Acrobat's E-Reader API, and held him without bail.
    
    In 1979, "The Progressive" magazine tried to publish an article containing 
    technical information on H-Bomb design.  The government claimed publication 
    of the would result in "grave, direct, immediate and irreparable harm to 
    the national security of the United States."  After six months of legal 
    maneuvering, they published it.  In 1971, the government tried to prevent 
    "The New York Times" from publishing "The Pentagon Papers."  The Supreme 
    Court promptly voted 6-3 to reject the government's censorship attempt, 
    with chief Justice Warren Burger declaring that "prior restraints on speech 
    and publication are the most serious and least tolerable infringement on 
    First Amendment rights."
    
    Welcome to 21st Century America, where the profits of the major record 
    labels, movie houses, and publishing companies are more important than 
    First Amendment rights.
    
    In many ways, we're seeing the legacy of the NSA's long war against 
    cryptography and cryptographic information.  Until the late 1990s, the NSA 
    the threat of national security to prevent the dissemination of encryption 
    technologies.  When they could, they blocked the publication and 
    dissemination of information.  When that failed, they concentrated on 
    products, using both legal and illegal methods to block encryption 
    software.  Many people believe the NSA's primary rubric, export controls, 
    would not stand up to a constitutional challenge, but it was never 
    tested.  The NSA eventually gave up.
    
    During those debates I was often asked about the NSA's strategy.  Wasn't it 
    doomed?  Yes, it would eventually fail.  But from the NSA's point of view, 
    every day they could delay the failure was a day of victory.  Maybe the 
    Export Control regulations (they were never laws) were 
    unconstitutional.  Maybe preventing publication of this and that was prior 
    restraint.  Maybe pressuring companies to install back doors into their 
    software was illegal.  But if it worked for a while, it was a win.  The NSA 
    was fighting a holding action, and they knew it.
    
    The entertainment industry is behaving in the same way.  The DMCA is 
    unconstitutional, but they don't care.  Until it's ruled unconstitutional, 
    they've won.  The charges against Sklyarov won't stick, but the chilling 
    effect it will have on other researchers will.  The entertainment is 
    fighting a holding action, and fear, uncertainty, and doubt are their 
    weapons.  We need to win this, and we need to win it quickly.  Please 
    support those who are fighting these cases in the courts: the EFF and 
    others.  Every day we don't win is a loss.
    
    
    Adobe's Technology and Elcomsoft's Products:
    <http://www.planetebook.com/mainpage.asp?webpageid=165>
    <http://www.elcomsoft.com/aebpr.html>
    
    Government documents:
    <http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010717_eff_sklyarov_pr.html>
    <http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010707_complaint.html>
    
    EFF support:
    <http://www.eff.org/IP/DMCA/US_v_Sklyarov/20010718_eff_sklyarov_statement.html>
    
    News articles:
    <http://www.nytimes.com/2001/07/18/technology/18CRYP.html>
    <http://dailynews.yahoo.com/h/nm/20010717/wr/tech_hacker_arrest_dc_1.html>
    <http://www.wired.com/news/politics/0,1283,45298,00.html>
    
    Thoughtful analyses:
    <http://www.osopinion.com/perl/story/12143.html>
    <http://www.securitygeeks.shmoo.com/article.php?story=20010719141720141>
    
    Other DMCA cases:
    <http://www.eff.org/IP/DMCA/>
    
    
    Protecting Copyright in the Digital World
    
    
    Every time I write about the impossibility of effectively protecting 
    digital files on a general-purpose computer, I get responses from people 
    decrying the death of copyright.  "How will authors and artists get paid 
    for their work," they ask me.  Truth be told, I don't know.  I feel sort of 
    like the physicist who just explained relativity to a group of would-be 
    interstellar travelers, only to be asked: "How do you expect us to get to 
    the stars, then?"  I'm sorry, but I don't know that, either.
    
    I am a scientist, and I explain the realities of the science.  I apologize 
    if you don't like the truth, but the truth doesn't change because people 
    wish it would be something else.  I don't know how authors and artists will 
    make money in a world of easy copyability.  I'm an author myself, 
    personally concerned about protecting my own copyright, but I don't 
    know.  I can tell you what will and won't work, technically.  You an argue 
    whether my technical analysis is correct, but it just doesn't make sense to 
    bring social arguments into the technical discussion.
    
    If I had to guess, I believe companies will find a way to make money 
    despite the prevalence of digital copying.  When radio was invented, people 
    didn't bemoan the fact that radio signals could be listened to, for free, 
    by any receiver tuned to the proper frequency.  They figured out how to 
    make money some other way.  There are lots of financial models that don't 
    require "selling the each" to make money: advertising, patronage, 
    pay-for-performance, pay-for-timeliness, pay-for-interaction, public 
    funding.  I started Crypto-Gram when I was a consultant; I gave the 
    newsletter away and charged for my time.  The newsletter was free 
    advertising.  The Grateful Dead gave away concert recordings but charged 
    for live performances.  Stephen King kept writing chapters of his book as 
    long as a sufficient percentage of his readers paid him to.
    
    I don't know what model will become the prevalent one in the digital 
    world.  But I do know that technical methods to prevent digital copying are 
    doomed to fail.  (This is not to say that social methods, or legal methods, 
    won't work.)  Those companies that have business models that accept this 
    reality are more likely than those who have business models that reject 
    it.  Whine all you like, but reality is reality.
    
    My original analysis:
    <http://www.counterpane.com/crypto-gram-0105.html#3>
    
    *********
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe, visit http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 07:59:10 PDT