Fallout From Def Con: Ebook Hacker Arrested by FBI

Richard and many other people sent in news about Dmitry Sklyarov, a programmer at Russian software company Elcomsoft, who was arrested after giving a talk at Def Con 9 in Las Vegas titled "eBook Security: Theory and Practice." Elcomsoft publishes a program to remove restrictions from encrypted PDF files, which has severely annoyed Adobe Corporation. Adobe was apparently responsible for the arrest, charging that Elcomsoft is violating the Digital Millennium Copyright Act by publishing the software and giving the presentation at Def Con. (The presentation, by the way, is great - he compares the claimed features of ebook protection schemes with their actual features.) Also at Def Con 9: Hacking for Human Rights.

Re:damn dmac

Umm...Bush wasn't even in Federal Office when we were given the DCMA. On October 28,1998, President Clinton signed into law the Digital Millennium Copyright Act of 1998 (DCMA).

Another win for the Democrats apparently.

Re:Tell Adobe

s/persue/pursue/g
s/occuring/occurring/g
s/persuit/pursuit/g
s/imprisioned/imprisoned/g
s/want: The /want: the /g

When Adobe acts like this...

When Adobe acts like this, it makes me glad that I've never paid for any of their programs.

Re:When Adobe acts like this...

[fliplap]

This is the attitude that keeps microsoft on top.

"It's ok if I use the software because i stole it anyway"

It's not your $99 that keeps them on top, you're just one user not paying for a license, they have more to worry about. What you are doing is showing a demand for it, you're contributing to market share. Therefore, more people know how to use the product, so more companies use it...and companies rarely steal the software. Because its worth more to them to pay $99 than to get busted for piracy. So don't think by stealing their software you are somehow making an impact, by having absolutely nothing todo with them is what brings about change.

Re:Doesn't the DMCA specifically protect this?

then this seems like a great case for blowing the DMCA farce wide open.

It would be rather ironic if a Russian citizen would end up fighting an American law restricting his free speech.

Yes, DMCA = Legitimization of a Corp Police State

[Gleef]

Yes, the DMCA criminalizes certain kinds of copyright violations; it also criminalizes some acts, like reverse engineering protection schemes, that were never even grounds for civil action before. This is in addition to any civil lawsuit the offended party may bring against you.

Yes this moves us ever closer to a corporate police state. Some companies, Wackenhut for example, are even positioning themselves to have their own police forces (they already run several prisons).


----

Re:READ THE ARTICLE

[jandrese]

Yes, he was arrested for both the software and the presentation according to the article.

Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.

Re:I hope

[phil+reed]

What felony? The disemination and discussion of true facts?


...phil

Oh piffle

[Eric+Green]

If I had a million dollars, it was stolen in a fraud scheme, and I called the FBI flat broke and in bankruptcy, do you *really* think they would bother calling in any of their agents from where they're standing duty in the world's donut shops to track down the perp?

Hint: Here in Arizona, an outfit called "The Baptist Foundation" scammed *MILLIONS* of dollars from unwitting retirees across the country who thought they were supporting a religious-related investment fund, people who are now broke and living on Social Security. Guess what: Not *ONE* of the criminals responsible is currently serving time.

-E

Amnesty International's report on USA

[Eric+Green]

Here's the URL:

Well, click here anyhow.

Let's see, the USA tortures prisoners, executes probably innocent prisoners and prisoners who are mentally retarded or who were children at the time of the crime, police brutality is rampant especially against racial minorities, children are often thrown into jail cells with brutal hardened criminals, children held in isolation for months at a time, widespread rape of female prisoners by male prison guards, regularly denies foreign prisoners the right to contact their consulate for legal representation, ...

Of course many other countries are much worse. While we do beat our protesters and frame them for murder, there are no widespread "Disappearances" of critics of the government. Indeed, a brief search of the Internet will find you hundreds of thousands of people criticising the government. In many countries, criticisms such as these that we are making here would be sufficient to have you "disappeared".

-E

The time has come to boycott Adobe.

[emil]

I have had entirely enough of this new adversarial stance of theirs.

Let me just delete /opt/Acrobat4... Their UNIX software sucks anyway. The rest of it isn't much better.

Any software company that enforces or relies upon the DMCA should go on our blacklist!

Re:The time has come to boycott Adobe.

[garcia]

if a negative post is put up on /., the company might as well already be blacklisted ;-)

Re:The time has come to boycott Adobe.

[revscat]

How about this. "Adobe should go on our blacklist. User #102921 can go fuck themselves."

Thank you.

Re:The time has come to boycott Adobe.

[barneyfoo]

The first step in boycotting Adobe should be to come up with a l33t humorous mangling of their trademarks.

adobe = adoobey

acrobat = acr0wfat

Illustrator = Illustrangler

Re:Doesn't the DMCA specifically protect this?

[bluGill]

1) Speed limits in the US are about the same as speed limits in Europe, other then the German autobahns. However we measure in miles, not Kilometers, so 55 is about the same as 100, which is a typical speed for back roads. Major roads are faster.

2) There are arugements both ways, but in most of europe the same laws exist, they are just less enforced.

3) Accually this is a local issue. (the feds get overinvoved, but since the 18th ammendment was repealed the feds have no power to force it. (Where Jack Danials in brewed it is illegal drink drink alcohol at any age)

4) State issue. I don't want others on the road with alcohol around though. Though I agree goverment should get out.

Re:More importantly. . .

[Wyatt+Earp]

If he isn't an American citizen, then the Bill of Rights doesn't apply to him.

Re:Here's mine

[Don+Negro]

To whom it may concern;

I am writing to express my disappointment that Adobe would have a person arrested for pointing out flaws in one of it's products. I refer, of course, to the case of Dmitry Sklyarov, who gave a lecture on eBook security at the recent DefCon security convention.

As a customer who cut my chops on Illustrator 1.1, it saddens me to think that Adobe now cares so little about the quality of it's heretofore-excellent products that it seeks to harrass and intimidate those who point out their weaknesses. Some will call it 'hacking' since it involved disabling a security routine, but I see it for what it is - pointing out a flaw in a product. I am thankful to him that he exposed a weakness, thus protecting me from it.

Any company that would have someone arrested for protecting me can no longer enjoy my business.

Sincerely,

Don Negro

Re:damn dmac

[Craig+Maloney]

Unfortunately, unless you were really paying attention, the DMCA passed without much incident or fanfare over here. If there had been more discussion about it, I'm sure it would have never passed into law.

Absolutely Incredible

[nathanh]

Some of the "security" algorithms this white-hat whistleblower has exposed are incredibly poor. Here are some samples:

• The Acrobat Signed Plugin authentication code only checks the header of the binary. So just take a non-malicious signed plugin, modify the binary after the header, and you can send out a "signed" plugin with malicious code as the payload. What a joke!
• One of the products costs $3000 and is derived from a rot13 encoder.
• Another product is claiming "100% burglar-proof" but the "encryption" is nothing more than an XOR against a single magic byte.

If I was a shareholder in any of these companies I would be demanding an investigation. This isn't just shoddy, it's an outright scam! None of these companies should be getting away with this. The customer is being ripped off, yet these shyster companies have the NERVE to use the law against the whistleblowers.

I'm disgusted.

Re:Absolutely Incredible

[bumski]

This reminds me of one of the things about the DMCA that really annoys me: there is no requirement that the copyright protection mechanism be reasonably well-designed, and whether I've violated the law is based not on my intent, but rather on the intent of the mechanism's designer. So if someone is stupid enough to think that Lempel-Ziv compression is a good copyright protection mechanism, and uses it with that intent, I can then unknowingly violate the DMCA by gunzipping a file.

The DMCA is a legal crutch for lazy companies that can't be bothered to design truly secure solutions. Or perhaps more honestly, for companies that know that consumers would balk at the inconvenience of using truly secure DVDs, etc., but still want to pretend that they're protecting something.

No, Tell Adobe -- really!

[Svartalf]

1) Needing a martyr is short shrift to the poor bastard in the crosshairs.

2) He's going to be painted as a "hacker" having been caught at DefCon- they're not going to paint this as a civil rights violation that it is, it's "a criminal being put to justice under the DMCA". It's what transpired with 2600- do you REALLY think this poor SOB is going to get a fair trial under those conditions?

While you're at it, tell everyone you know about this- including Congresspeople. Explain to them what is going on and why it's such a bad thing.

Re:Tell Adobe

[msuzio]

I called the phone number (408 536 6000) and asked for Public Relations. I got someone's voicemail, and left a somewhat long message about how concerned I was.
The person answering on the main line said I was the third person who called, and he actually put me on hold to find out who in Corporate was actually supposed to get these calls. So keep calling!

"mirror" of elmconsoft, and download

[Frederic54]

It seems the Elcomsoft page has been /., if it's in Russia it does not help...
Thanks to google, here's a mirror of the http://www.google.com/search?sourceid=navclient&q= cache:http%3A%2F%2Fwww%2Eelcomsoft%2Ecom%2Fapdfpr% 2Ehtml page, you can download the Advanced PDF Password Recovery here and here
--

Kevin Nathanson, Adobe Product Mgr.

[K-Man]

The warrant names this guy as the source for the complaint (see another post below this heading for links to the court docs).

CNN says the guy is being transferred to Santa Clara County, so Adobe can have its way with him.

Re:If tables were reversed?

[dvdeug]

American tourists have been arrested in Germany for distributing Nazi propoganda over the internet. In the case I'm thinking of, they actually tried to extradite him first, but the US government refused (but didn't notify him.) I don't remember reading about any governmental objections; appearing to support a Nazi is bad political fodder.

Re:use gv instead of Acrobat :-)

[Alan+Shutko]

GV does not work as well as Acrobat to view PDF files. GV does not support hyperlinks or bookmarks, both of which are nearly essential to navigate long documents. It also has a bad type1 renderer.

xpdf supports hyperlinks, but doesn't yet appear to support bookmarks.

Re:How can we help?

[tsikora]

criminal my ass... he hurt Adobe's pride and caught them lying.(advertised features). Nothing has been stolen. They should have gotten off their complacent asses and fixed it.

Re:Hit them where it hurts--stock price

[grahamm]

Investment is always a risk. In whatever area a corporation operates, whether it be manufacturing or a service, there is always a risk that

• People may cease to require its product/service
• A superior technology emerges
• (Patents not withstanding) Someone else may produce a better or cheaper version

So a corporation should always be prepared for any investments to either be unsucessful from the start or for revenue from an investment to decrease or cease.

Copyright Owner's Permission

[grahamm]

Does the DCMA not only prohibit circumvention without the copyright owner's (presumably the owner of the copyright on the "protected" material) permission? In which case, why not simply demonstrate the technique on an encrypted PDF of material to which he owns the copyright?

Re:Copyright Owner's Permission

[jms]

The actual language of DMCA doesn't actually explicitly specify whose authorization is needed, but up to now everyone has inferred that it must be the copyright owner. IMHO, that's one of the problems with the DeCSS case: AFAIK only the MPAA companies happen to make CSS-protected DVDs, so so far, no one other than MPAA has been in a position to authorize descrambling of any CSS-protected DVD.

Actually, this is not true. Only authoring houses and software/hardware manufacturers need to be licensed to use CSS. Individual copyright owners have no license with the DVDCCA, and are not contractually restricted.

I actually sent email to the DVDCCA email address, asking them if, as a copyright holder interested in publishing a DVD, I needed to sign a license with the DVDCCA. The reply (from John Hoy!) said that no, all I needed to do was request CSS encryption when I sent my master to the authoring facility.

So, one could make a VERY strong case that any individual who has published a CSS encrypted DVD has the legal authority to authorize anyone and everyone to decrypt the DVD containing their own copyrighted material by any and all means, including DeCSS.

Re:Copyright Owner's Permission

[Sloppy]

Excellent point, dude!

The actual language of DMCA doesn't actually explicitly specify whose authorization is needed, but up to now everyone has inferred that it must be the copyright owner. IMHO, that's one of the problems with the DeCSS case: AFAIK only the MPAA companies happen to make CSS-protected DVDs, so so far, no one other than MPAA has been in a position to authorize descrambling of any CSS-protected DVD. But with Adobe Acrobat (or any other authoring tool that, unlike CSS, is available to the public), this is not necessarily the case.

OTOH, there's another possibility. In the case of CSS, we know that DVD CCA licenses CSS information with a lot of restrictions; I think you actually have to sign a piece of paper to get them to work with you. It is possible that the Adobe tool that creates these scrambled documents, may have a term in its license, that states that the user of the tool may not give permission to anyone else to descramble the documents created with the tool. If that is indeed the case (I haven't read the license to check this), then maybe this is actually an example of someone being arrested for violating the terms of a contract rather than violating DMCA. Which then brings up the obvious question of whether or not the victim ever actually agreed to be bound by this contract.

I think the truth is that the vagueness of the whole "without authorization" clause of DMCA is going to cause a lot of problems. The common interpretation is that it is the copyright owner, but the true intent of the people who purchased this law, was something else. They wanted authorization to not come from the copyright owner, but from the .. uh .. "owner" (inventor? patent owner/licensee? something else?) of whatever "technological measure" was used to protect the work in question. If anyone ever creates a CSS-protected DVD without getting a CSS license from DVD CCA, then MPAA is going to have the same problem.

Look for this point to be addressed in future patches to DMCA.

---

Re:Copyright Owner's Permission

[Sloppy]

t gets better. You can claim that *your* protection method is regular PDFs and sue Adobe because Acrobat reader is used without *your* authority.

Agreed. If the "without authorization" refers to the copyright owner (and so far, everyone thinks that it does), then anyone who uses DMCA to prevent people from making compatable readers, also has to be damned careful to somehow keep anyone from making compatable writers as well. And DMCA (nor any other law that I've heard of) has nothing to prevent this from happening, unless the scrambling algorithm uses a patent.

And if they allow others to use their "authorized" writer (as is the case with Adobe and CSS-protected DVD manufacturers), it has to be under a special license that contains verbage to work around this DMCA hole. For example, in Adobe's case, they would have to offer the writing software only under a license (which means, in most people's opinion's, that it could not be sold through middlemen (retail stores, mail order stores, etc) in non-UCITA states, but rather, only available directly from Adobe with a contract signed prior to software being made available) where the purchaser of the software would have to agree to something like this:

You agree to never give authorization to anyone (except as noted below) to descramble any documents that you create with this software. The exception is that you grant authorization to everyone to descramble documents created with this software, provided that they do the descrambling using Adobe-created or Adobe-licensed products, such as Acrobat Reader.

I suspect that Adobe's software does not have anything like that in its EULA, and I also suspect that people are able to purchase and use Adobe's software without agreeing to whatever EULA they have, anyway.

(I also suspect that even the CSS license doesn't have this covered adequately, but I don't know for sure, since none of the CSS-protected DVDs that I've bought, came with any statement that explains under what circumstances/equipment I am authorized to watch the movie.)

---

Re:Copyright Owner's Permission

[sigwinch]

For example, in Adobe's case, they would have to offer the writing software only under a license where the purchaser of the software would have to agree to something like this: "You agree to never give authorization to anyone (except as noted below) to descramble any documents that you create with this software. The exception is that you grant authorization to everyone to descramble documents created with this software, provided that they do the descrambling using Adobe-created or Adobe-licensed products, such as Acrobat Reader."

That would just make it a little harder. Take the encoding software to a jurisdiction where the license has no force, encode your document, and from that point forward people can decode the work with your authority (using non-Adobe decoders if they want).

It won't even help Adobe materially if the law is changed. In the U.S. at least, it cannot be changed retroactively and therefore Adobe can still be destroyed by their prior infringements.

Re:Copyright Owner's Permission

[sigwinch]

Bzzzt! Wrong! But thank you for playing. The DMCA does indeed protect the encrypted work, and not the decoding system. If you have the permission of a single copyright holder whose work is encoded with the algorithm, you are legal to distribute the decoder. (Well, sort of. There is also a test for substantial commercial use, but the PDF format meets that criterion.)

It gets better. You can claim that *your* protection method is regular PDFs and sue Adobe because Acrobat reader is used without *your* authority.

People, try actually reading the DMCA some time. When you actually understand what all the clauses mean, you'll laugh long and hard. It is mutually-assured destruction for copyright law. *Anybody* can make a program illegal just by writing a work for it and saying 'I don't give you permission.'

Re:Copyright Owner's Permission

[Overzeetop]

I believe it's the encryption code which is copyrighted/protected, and you must own the rights to the code, not the material encrypted.

Re:Tell Adobe

[MAXOMENOS]

You might want to CC this to your Congresscritter, too. Make sure your elected officials know how DMCA is being abused.

You can find your congresscritter at Congress.Org and inserting your zip code into the proper fields. When you do this, be sure to include your name, address and zip code in the letter.

Alternatively, you could send the following (NB, I haven't checked for spelling mistakes):

Dear (Senator/Representative) N.

I am writing today to express my displeasure concerning the way the FBI has conducted itself in regards to Dmitry Sklyarov and Elcomsoft.

Mr. Sklyarov gave a talk at a computer security conference on the security weaknesses of Adobe's eBook product, which were apparently easily discovered and exploited. Instead of thanking Mr. Sklyarov for his work, Adobe complained to the FBI and Mr. Sklyarov was detained for violating the Digital Millenium Copyright Act.

I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occuring.

This is not the first time that the Digital Millenium Copyright Act has been abused like this, and it won't be the last. In its short life we have seen many security consultants and even college and university professors threatened with prosecution under DMCA for exposing weaknesses in computer security ... activity which would otherwise be protected under the First Amendment and the traditions of academic freedom. It is apparent that the DMCA must be changed or perhaps repealed.

I look foreward to your position on this issue.

Sincerely, (name, address including zip)

Doesn't the DMCA specifically protect this?

[JohnnyX]

IIRC, there is a clause in the DMCA that protects encryption research specifically. As the presentation was an informational survey of eBook protection claims vs. actual abilities, I don't see how that would be something they could arrest him for.

Now the publication of a tool to circumvent the security of PDF documents, that's another story. Does anywone know which he was arrested for?

Yours truly,
Mr. X

...stupid stupid FBI...

Re:Doesn't the DMCA specifically protect this?

[JabberWokky]

uhm.. well first, 55mph is the same as 88km/h..

I-95 right by me and to the south travels through cities, with on and off ramps, and is 65mph, 104.6kph. North of me, or on the other major road (the Florida Turnpike), the limit is 70mph, 112.6kph. Traffic usually does about 85mph, 136.7kph, and there are plenty of places in the US where 85 is the posted limit.

I only ever see 55 as the limit on highways in construction zones, and it's a temporary limit then.

--
Evan

Re:Doesn't the DMCA specifically protect this?

[gmhowell]

According to the URL's in the news box at the top, the publishing of the work wasn't even done in the US. I agree (But IANAL. I haven't been 15 in several years) that this guy should be clear. But I believe Jon Johannsen may have some relevant stories to tell.

If the guy developed the software in the US, it should be protected. If he gave a talk about it, it is protected. If he published it IN RUSSIA, then it is up to the Russian authorities to determine if he broke the law.

Of course, it should be no surprise. If the UK can demand that the US eliminate the 2nd amendment, and the US can demand Columbia etc. stop sending drugs into the US, what's to say that it's not okay to arrest people for breaking US laws in other countries? The logic almost follows, and in this instance, given the supra-national corporation (and although Adobe ain't much, I'm sure some developing nations would absolutely love that much cash) that is at the heart of this matter, this is likely to become more common.

Bleh. Mod me -1, a ranting, poorly written diatribe.

Re:Doesn't the DMCA specifically protect this?

[LarsG]

Encryption research is legal. However, publishing this research can be considered trafficing. Nice, huh?

(This is BTW the core issue in the Felten case)

From the complaint it sounds like the russian is charged under the DMCA because he wrote the Adobe eBook unprotector, sold by his russian employer.

Re:Doesn't the DMCA specifically protect this?

[flatrock]

The scary thing is that the Slashdot story says "Adobe was apparently responsible for the arrest".

The sensational tidbits presneted by the Slashdot editors along with the story are often not really factual. They seem to be more worded to generate controversy than to express facts. If you want facts, you'd better read the article, or even better several articles, so you can filter out much of the spin for yourself.

Re:Doesn't the DMCA specifically protect this?

[harlows_monkeys]

Surely he can't be arrested for publishing a tool to do this, as he did it outside the States and he's not an American citizen?

Uhm...generally, when you do something that is a crime in country X but you do it in country Y, where it is not a crime, the reason you don't get arrested by X is that you are not in X. X asks Y to extradite you, and if Y doesn't think it is a crime, Y says no.

However, if you actually go to X, you are subject to arrest. When travelling to another country, this is something you should consider.

Re:Doesn't the DMCA specifically protect this?

[slutdot]

There is a clause (section 1201d) in the DMCA that allows for research. However, this company is profitting from their research by selling software that circumvents the security on PDF files. This is not allowed under the DMCA and a criminal penalty exists for wilfully violating section 1201 or 1202 for financial gain. The penalties range from up to $500,000 in fines or 5 years in prison for the first offense and up to $1,000,000 or 10 years in prison for the subsequent offenses. Unfortunately, I can't copy and paste the statues here because they're in PDF format on the Library of Congress website but here is the link.

Re:Doesn't the DMCA specifically protect this?

[blang]

The sale of alcohol in whatever county Lynchburg is situated is illegal, hence the popular rumors.

So how are the JD guys making any money if they can't sell their hooch? Give it away and hope to make it up on volume? Sounds like the business plan of the average fucked company to me.

Re:Doesn't the DMCA specifically protect this?

[thudfactor]

What? You haven't picked up on the new legal system in the US? If it annoys a large company, it's illegal.

Re:DMCA = Legitimization of a Corporate Police Sta

[NMerriam]

you can now get arrested for what would otherwise be a civil action

Copyright violations can also be a criminal violation.

---------------------------------------------

Re:You CAN'T buy Adobe products!

[Tim+C]

Haven't read a software licence recently, have you? :)

In my experience, there's a sentence or paragraph along those lines in most licences these days. One thing I installed a while back (I forget what exactly) even laid claim to the manuals in the licence.

I don't think that sort of thing would stand up in court if it ever went that far, but it's a demonstration of how far some people are trying to push this sort of "you've only bought the right to use it, and you're lucky we gave you that much" thing.

Cheers,

Tim

Re:Yes, DMCA = Legitimization of a Corp Police Sta

[SoftwareJanitor]

Wasn't Wackenhut basically a front organization for the CIA back in the 60's and 70's? Maybe I'm remembering wrong, or they were just 'contractors' or 'consultants' to the CIA or something like that...

Re:You CAN'T buy Adobe products!

[Royster]

I don't think that sort of thing would stand up in court if it ever went that far, but it's a demonstration of how far some people are trying to push this sort of "you've only bought the right to use it, and you're lucky we gave you that much" thing.

At several Federal Court decisions (see Novell v. NTC) has held that the sale of media containing software is the sale of a copy under the UCC to which the First Sale doctrine of Copyright Law applies. Quoting that decision:

In Advent Sys. Ltd. v. Unisys Corp., the Third Circuit determined that software is a "good" within the meaning of the Uniform Commercial Code (U.C.C.).13 925 F.2d 670, 676 (3d Cir. 1991). Other courts have also determined that the U.C.C. should apply to software and that the sale of software constitutes the sale of a good. See, Step-Saver Data Sys., Inc. v. Wyse Technology, 939 F.2d 91, 99-100 (3d Cir. 1991); Downriver Internists v. Harris Corp., 929 F.2d 1147, 1150 (6th Cir. 1991). If it is established that the transaction wherein the end-user obtains possession of the software is a sale, the so called "first sale" doctrine, applies. Under that doctrine, the owner/purchaser of a copyrighted product is authorized to dispose of the product without regard to the desires or policies of the copyright holder.

So, yes, Virginia, you do buy a copy of a copyrighted work when you buy software. Any language to the contrary in the license agreement is unenforcable as a matter of law. (Except perhaps in UCITA states.)

Dear Adobe:

[CokeBear]

Dear: Adobe

Please become an Acrobat and stick your PDF up your own ass using some good Live Motion. Then see how fast you can Type on Call for you Illustrator. Then with it in you ass please go to the local Photoshop and laydown on the Page Maker untill you Indesign. At this point you will need Type Management and have no Postscript to bail yourself out.

Incredible

[augustz]

This guy showed that a bunch of "super secure" products costing $2500-$3000 were basically junk and could be instantly decrypted. This includes a HARDWARE dongle security solution. Mother of god, imagine you are the company that bought 500 of these and payed $3000 per document to encode them, only to find out that someone can open it FASTER than you on a computer WITHOUT the dongle.

Instead of being arrested, he should be given a cut of the money the goverment fines adobe and its security partners for. The REAL criminals in cases like this where the money grubbing BS is exposed are often the companies themselves.

And I can count the number of times the DMCA has been used against real criminals on the palm of my hand. Never.

Luckly, slashdot's got a bunch of folks who actually make tech decisions. Let's try and wipe out these security plugins, and make it crystal clear to Adobe that they should be spending more time improving their products rather than going after the guy who blew the whistle on their BS. Call them today, again in a week, again in a month.

USA extending its law beyond its borders

[jamesk]

Wasn't there a time when crimes needed to be committed within the sovereign territory of the country involved before someone got arrested (Terrorism, murder, et al aside). Since this person didn't crack PDFs within the USA, nor is the software sold here directly by that person (it needs to be imported), what gives the US Govenment the right to arrest him (other then it can).

There was a time when the West condemned the Communists governments for heavy-handed treatment of those who committed "economic crimes against the state", holding up the free market model as an example (including its civil courts as a resolution mechanism).

Who needs to wait for a world government -- its already here -- just open a corporation, make the right size contributions to your favourite party and you too will be "given" the right to be heard.

Re:USA extending its law beyond its borders

[OmegaDan]

I was wondering this same thing -- could someone explain how foreign nationals fall under american domestic law? Both in the case of john johanson and this guy

Re:USA extending its law beyond its borders

[milo_Gwalthny]

Since the code was put on the internet, the crime was committed here, there and everywhere. An interesting analogy is the DeBeers diamond cartel. Since the US government decided they were a monopoly, many years ago, the DeBeers executives have not set foor in the US, for fear of being detained.

I guess this is why Microsoft doesn't just pick up and move 30 miles north.

Re:Tell Adobe

[BilldaCat]

honestly, I'm too lazy/inarticulate to come up with a well formed letter. If someone wants to post a form letter though, I bet you'll get a lot more e-mails sent from people like myself.

Re:yes

[BilldaCat]

I may be incredibly lazy, but I'm still a consumer and potential customer.

Re:off topic

[mindstrm]

A cop sitting with his lights off is not in any way 'entraping' you in to speeding. Speeding is illegal regardless of whether you think a cop will see you or not.

A cop challenging you to a race in an unmarked car.. that *might* be grounds for entrapment. Then again, they may argue you would have done it anyway.

Entrapment is when, like, some undercover agent tries to get you to come rob a bank with him, you agree, the he arrests you for bank robbery.

Re:Entrapment?

[mindstrm]

No. Entrapment is when an officer of the law coerces you into doing something you would not otherwise have done, and then arrests you for it.

Re:Tell Adobe

[MindStalker]

I don't normally respond to such obvious flame attempts, but I have to ask one question. Assuming you were being honest about your feelings in the previous post.
1. Why do you believe that Adobe's rights have been violated?
2. What do you believe the average consumers rights concerning use of a companies IP is?
3a. Where is the line between you as a consumers rights, and Adobe and a companies rights?
3b. Which are more important?

Re:Tell Adobe

[MindStalker]

Ok, that was 4 questions sorry, got carried away and forgot to preview :) Please answer all questions.

Re:Tell Adobe

[MindStalker]

Ita really sad that an intelligent guy like you has an automatic score of -1. I guess thats purposfull though hu? Anyways.

2. What do you believe the average consumers rights concerning use of a companies IP is?

What is granted as the legally binding terms of sale/license. That one was easy.

Yes, but don't you believe that there is a certain inalienable right to the freedom of speach to be able to talk about any problems you find in a product. Now I do believe that you can give up such a right through NDAs and whatnot, but firstly I don't believe that NDAs can be on shrinkwrap license agreements, and especially in more recent cases where there was no NDA but the law of the land. In effect the government is mandating that we have an automatic NDA about any encypted product we may buy.

48 hours

[delmoi]

The police can hold you for up to 48 hours without charging you with anything. Of course, if no one ever broke any laws, the whole thing point would be moot...

yes

[delmoi]

Because incredibly lazy people are the ones corporations really care about. I'm sure if I were bombarded with thousands of identical messages, I would change my ways...

Re:DMCA = Legitimization of a Corporate Police Sta

[gmhowell]

It's not the only time. Double jeopardy (sp) protection doesn't really exist. There is this BS, cockamamie thing wherein you can get hit twice: once civilly, and once criminally.

Now, I don't have too much of a problem with that when there are two different aggrieved parties. Or when something clearly causes both a civil tort and breaks a rational, criminal law (this latter to differentiate from the DMCA).

What is new and dangerous is precisely what you have pointed out: corporate enforcement. In this instance, the Adobe Corp. was the only company to potentially suffer a loss. Criminal law is supposed to protect society. The DMCA does not achieve this effect. It protects (in this instance) one specific member of society. The case will likely be tried very similarly as one that Adobe would bring themselves, with only two differences: a change in evidentiary standard (which is so wildly open to speculation on the part of judges and juries as to be inconsequential, and therefore a totally moot difference) and the possibility of jail-time. Ooh. There's the biggie.

Copy a CD, go to jail (after all, you've kept Britney from getting another boob job).

Now, it's time for everyone who said "maybe we were too hard on Adobe for the Killustrator thing" to change your mind again. Adobe sucks. They always have. They always will.

Re:More importantly. . .

[alkali]

American courts have held that the Bill Of Rights states rights of all "persons," whether they are citizens or aliens. See, e.g., Kaoru Yamataya v. Fisher, 189 U.S. 86 (1903) (construing U.S. Const. Am. V ("nor shall any person ... be deprived of life, liberty, or property, without due process of law"); holding that aliens may not be deported arbitrarily without "due process of law").

Is Russia US-jurisdiction?

[GauteL]

Why can the USA can arrest a russian citizen for breaking an american law IN RUSSIA?
If it is argued that the crime was commited on the Internet, and thus _everywhere_, what do I have to do to make sure my work is legit? Block access to my servers for ALL countries where the action is illegal?
Does this mean that I after publishing something on the Internet I may get arrested the next time I go to [insert name of country here] because the published material was illegal in that country?

What would the US think if an american reporter published information regarded as blasphemy in Iran, got arrested there while visiting the country?

Re:Adobe responsible for the arrest?

[LarsG]

Adobe contacted FBI, which performed the arrest.

The complaint can be found here and the US DOJ press release about the case is here

Re:BTW

[lomion]

Actually you can be deained upto 72 hours wihtout being charged, its in the US Constitution.

BTW

[ebbv]

it was the FBI and the article says that he was detained, it makes no mention of an actual 'arrest'.. there's a big difference, they can detain you without any real reason, but they can only do it for so long.

jeebus cripes... :P
...dave

Re:BTW

[coolgeek]

the dude is not a u.s. citizen. basically the FBI can do WTF they want to him. and the RCMP could too because he's like not a canadian citizen either, ay.

Re:BTW

[coolgeek]

Most of the basic constitutional rights still remain the same no matter whether you are a citizen or not.

Tell that to the Irish Immigrant wife of my Lawyer Boy Best Friend. Not only do they have her return airfare paid up front, the INS recently not only denied her re-entry after a trip to Tijuana, detained her against her will, not even allowing her to return to Mexico.

Your statement No mention of citizens or citizenship at all. is not true, either. You may want to read what some still consider to be an important legal document, The Constitution of The United States of America, which preamble states We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America. Since the Bill of Rights is a series of amendments to The Constitution, and citizenship is implied by the preamble, it is quite clear that the Bill of Rights applies only to Citizens.

Re:BTW

[evilned]

Most of the basic constitutional rights still remain the same no matter whether you are a citizen or not. The Bill of Rights makes this very clear in the fact that it refers to people in almost all cases not involving voting. Read the Bill of Rights . No mention of citizens or citizenship at all. So get your facts straight before you post. The guy still has rights.

Re:BTW

[evilned]

Truely great troll, full of enough half truths just to be good. Read my post, it refers to the Bill of Rights, not the Constitution. If it meant citizens, then it wouldn't say people, the delination is pretty clear all the way through. A great example of this is the Miranda case, I believe he was an illegal immigrant, but there was a big stink about his rights in a court of law. As for INS, I'm not fond of them either, but every time we leave the country, we make sure, either by calling the INS or checking their web page, what documents we need for her to get back in (she is a singaporean national). We show our documents, we go through, no problem. If you dont have them, its like driving a car with out your license on you, your asking for trouble.

Re:BTW

[ichimunki]

Editor's Note [from the article]: (17 July 2001 0100 PDST) Vladimir Katalov has informed Planet eBook that Dmitry Sklyarov, author of the "Advanced eBook Processor", was in fact arrested, and that he is being held in a Las Vegas prison waiting for subsequent judgement in California.

Under normal circumstances the authorities cannot detain citizens without arresting them, since doing so is paramount to an arrest. However, this case involves a non-citizen being barred from boarding a plane at an airport, and his detention was merely a temporary condition prior to his arrest.

Re:BTW

[hammock]

it was the FBI and the article says that he was detained, it makes no mention of an actual 'arrest'.. there's a big difference, they can detain you without any real reason, but they can only do it for so long.

Why don't they hold these hacker conferences in a free country, like Canada? See also: OpenBSD
Canada doesn't have Nazi laws like you do.

Section 2(b) of the Canadian Charter of Rights and Freedoms:
freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication;

Section 8
Everyone has the right to be secure against unreasonable search or seizure.

Section 9
Everyone has the right not to be arbitrarily detained or imprisoned.

Section 10
Everyone has the right on arrest or detention
(a) to be informed promptly of the reasons therefor;
(b) to retain and instruct counsel without delay and to be informed of that right; and
(c) to have the validity of the detention determined by way of habeas corpus and to be released if the detention is not lawful.

Re:BTW

[kilgore_47]

Under normal circumstances the authorities cannot detain citizens without arresting them, since doing so is paramount to an arrest.

I wish! You can be held for "questioning" for a reasonably long time on no charges at all. In fact, they don't even have to tell you why. At least thats what happened to me, and from checking around a little I got standard treatment.

___

Adobe responsible for the arrest?

[ebbv]

last i checked they were a software company, not a government agency.

could we please clarify what government agency actually made the arrest and on what basis?
...dave

Re:Adobe responsible for the arrest?

[rogerwong]

From the US States Attorney's Office of Northern District of California, you can read both their press release and the complaint (including the signature of the FBI agent seeking the arrest warrant).

Press release:
http://www.usaondca.com/press/html/2001_07_17_skly arov.html

Complaint
http://www.usaondca.com/press/assets/applets/2001_ 07_17_sklyarov.pdf

Re:Adobe responsible for the arrest?

[antibryce]

could we please clarify what government agency actually made the arrest and on what basis?

My guess is Adobe contacted the FBI, told them what the guy did, and had their lawyers politely explain to the Feds how that violates the DMCA. Now if I were to contact the FBI and demand they arrest the guy who DDoS'd my DSL line a few months ago (I do know who it is, and have ample evidence) they'd laugh at me.

Government for the corporations, by the corporations, and of the corporations.

c.

Re:Adobe responsible for the arrest?

[egarff]

If you want to see just how much power a company has, take a look at this link. BTW, this is a friend of mine.

Re:Another mirror

[Platinum+Dragon]

Last time I threw up a quick mirror in response to a Slashdot story I ended up as a "J.Doe" on the DVDCCA case in California.

DAMN YOU! I wanted to be a J. Doe, and they never even bothered with me!

Maybe I can get Adobe on my ass now... here's my mirror page, and direct links to the presentation and program if you don't feel like reading my plebe-directed rant.

*paints a bullseye on self*

Re:You CAN'T buy Adobe products!

[gorilla]

But PDF is a file format. You can use PDF without using any Adobe products. This makes the software license totally irrelevent.

Re:kinda ironic

[gorilla]

You've linked to teh Amnesty USA website. Amnesty groups never discuss their host country by policy. This is aimed at preventing reprisals. If the USA group is complianing about French abuses, the USA government has little incentive to react, and the French government little ability.

Re:pure horseshit

[EnderWiggnz]

1) just because stallman is a smelly, long-haired, communist hippie, doesnt mean that HE ISN'T "RIGHT".

2) What are the Bill of Rights and Consitution for? Toilet paper lately. 4th amendment has been gone for years - "war on Drugs" exception. 10th is ignored, 2nd is under attacik... and just TRY to use the 5th... see how far that gets you...

Re:Mirrored copy

[csbruce]

It appears to be in an impenetrable obfuscated format called ".ppt".

Re:Entrapment?

[MadAhab]

Right. This arrest was to keep anyone from knowing if they get what they paid for by using Adobe's format.

In a related Fuck You!, I would rather have my kid looking at beastiality all day than pay money for a web filtering product when I, the customer, am not entitled to know what it filters. The fact that the DCMA has been used to protect corporations against customers in this way is viciously anti-individual, and proves that the DCMA is virulently un-American.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

basic civics, people...

[Grendel+Drago]

The Bill Of Rights doesn't apply to anyone... unless they're acting as an agent of the government.

"Congress shall make no law etc etc..." -- congress can't abridge Dmitri's rights any more than they can yours.

The Bill Of Rights doesn't apply to the people; it applies to the government. Didn't anyone here take Civics?

Ideally, anyway.

-grendel drago

Wackenhuts...

[Grendel+Drago]

I'm not quite sure what to think about this.

http://www.wackenhutstore.com/sweatshirt.html

On the one hand, it's sending money to an **egregiously** evil corp. On the other hand, it's a shirt that says `Wackenhut' on it.

-grendel drago

Re:Wackenhuts...

[ocbwilg]

They're almost a private army. They're contracted for security at various military/secret stuff installations.

Yep. You know those guys in the white jeeps who will bust a cap in your ass if you get too close to Area 51/Groom Lake/Dreamland? That's Wackenhut.

Say "NO!" to tax money for religious groups.

Re:You CAN'T buy Adobe products!

[Grendel+Drago]

xpdf. GhostView.

Snail Mail...

[Grendel+Drago]

Actually, snail mail will be more likely to be read...

http://www.adobe.com/aboutadobe/contact.html

San Jose Corporate Headquarters
Adobe Systems Incorporated
345 Park Avenue
San Jose, California 95110-2704
USA

-grendel drago

Re:Tell Adobe

[prizog]

In the spirit of Open Source, here's another version of this letter:

Dear Sir/Madam:

It was unacceptable of you to arrest Dmitry Sklyarov and attack Elcomsoft. Copy prevention software:
1. Is doomed to fail:
http://www.counterpane.com/crypto-gram-0005.html #T rustedClientSoftware
2. Hurts consumers:
http://www.toad.com/gnu/whatswrong.html

I'll be telling everyone I know to avoid your products until you free Skylarov and issue a full apology.

Re:Tell Adobe

[prizog]

I, um, did. "Is doomed to fail" is a summary of Schneier's article. Likewise "hurts consumers", although I suggest changing it to "hurts ordinary citizens".

Illegality

[wiredog]

Hit them where it hurts--stock price

Posting information is legal. Posting it with the stated intent to damage a companies stock price can be considered illegal manipulation. It can certainly get the SEC to take a look at your portfolio. And God help you if you've been selling short. I doubt he is, but what if a friend or relative of his is?

Re:Illegality

[StevenMaurer]

Printing derogatory information about a company is not illegal manipulation so long as the information is both publicly available and true in the full sense of the term (lying by omission might still get you in trouble). You can even sell "short" and do this. It's hazy legal grounds whether you have to disclose your interests when making such recommendations.

The idea is perfectly acceptable.

I hope

[wiredog]

That the Securities and Exchange Commission doesn't read slashdot. I think you just committed a felony.

It looks like they knew this would happen

[GoofyBoy]

From http://www.planetebook.com/mainpage.asp?webpageid= 157

"I should say that it will not work," Katalov explained on comp.text.pdf. "We'll just move our site to another ISP, in another country (where there is no Digitial Millenium Copyright Act (DMCA)). And/or make our software available for free, under the GNU license."

Re:Hit them where it hurts--stock price

[interiot]

If your tactic were successful, it would seem to be more evidence for why DMCA is needed... that a lone hacker (albeit in an educational and consumer protection minded way) would be able to damage a large corporation and nullify the investments they made in new technology.
--

Re:READ THE POSTING

[radja]

>He was arrested for writing software that violates the DMCA.

and how valid is the DMCA in russia? it's perfectly legit software, the DMCA is a yank law, not a russian law.

why do americans seem to think that the laws they make also go for other countries?

//rdj

DMCA gives companies right to seize property

[Gorimek]

I don't know about arrests, but under the DMCA, companies can seize property from people they feel have violated their IP. That is the companies themself can perform the raid, not the government.

Pretty creepy!

Here is the press release about the first such case:
http://www.directv.com/press/pressdel/0,1112,414 ,0 0.html

Re:DMCA = Legitimization of a Corporate Police Sta

[aonifer]

[For my money, you should be subject to arrest for giving your conference such an overly-dramatic title. Hacking for human rights, my arse.]

Given what happened, I'd say it was a pretty apt title.

Re:READ THE POSTING

[Kintanon]

Yeah, but if you crack the encryption on every piece of software known to man while you are living in Washington DC, then fly to China after alerting every government agent that you, a notorious hacker type, are on the way you won't get so much as a single officer meeting you at the airport. Because it's not illegal in China for you to do what you did, you've broken no chinese laws.
Hell, you could probably call them up and tell them that you just finished killing a bunch of americans and when you arrived they still wouldn't care because it's not illegal for you to kill people in America according to Chinese law.
The US shouldn't be messing with this guy.

Kintanon

Re:You CAN'T buy Adobe products!

[MikeBabcock]

At some level, the GPL doesn't even give you ownership of software. Ownership is maintained by the copyright holder -- you are granted the right to use (and, subject to argument, modify or reverse engineer) that software. The GPL (or another license) may grant you additional rights -- but they don't make you the _owner_ of the software.

Re:You CAN'T buy Adobe products!

[MikeBabcock]

"So you do own the copy, but not the information." which basically ends up coming down to being allowed to do anything with the copy that you wish except what would be constituted as 'publishing' ...

Mirrored copy

[MikeBabcock]

I have a copy mirrored here (in Canada).

cf. FibreSpeed

Re:Mirrored copy

[SuiteSisterMary]

Probably somebody using frontpage to try to open your site and deface things.

Re:DMCA = Legitimization of a Corporate Police Sta

[MikeBabcock]

But only where laws like the DMCA exist would publishing a paper on how to circumvent a copyright method be a violation in itself. That's more the point -- without the DMCA, only the actual infringing uses of this information would be illegal, not the published information itself.

For example: knowing how to make a cable TV descrambler was never illegal -- using one to get free cable was.

READ THE ARTICLE

[levendis]

from http://www.planetebook.com/mainpage.asp?webpageid= 165

The reason for the arrest has been cited as being the Advanced eBook Processor and his speech at DefCon 9.

----

Re:More importantly. . .

[flatrock]

I doubt they arested him for making the presentation. The company he works for makes software that breaks the copy protection on Adobe's ebook software. I'm assuming they arrested him because he worked on that software, which they may have found out during his presentation. Adobe has been after his company for a little while now. Read the articles for the details. I'm no fan of the DMCA, but it wasn't very smart of him to come to this country if the software he wrote is in violation of it. I guess he'll be spending some time in jail while the courts decide if what he did was illegal.

this is a good thing

[Hollins]

What the DMCA needs are concrete examples like this that academic research will be stifled and critics silenced by this crappy law. DeCSS, the SDMI watermark controversy and this presentation at DefCon show that criminals aren't being punished, research and development folks are. The three most prominent enforcements of DMCA haven't yielded a single pirated copy of anyone's IP. This will be a powerful point to make before a congressional subcommittee.

If the industry had been smart, they would have waited until they found 1000 pirated copies of a movie or piece of software. Then they could have self-righteously claimed justification for the DMCA. Now, they're just shooting themselves in the foot.

Re:Scary

[Nonesuch]

The seminar is not why he was detained- the software he had previously written to implement the theory in his seminar was the justification.

Dmitry is not being detained for explaining. He is being detained for releasing a polished product for which the sole purpose is to unprotect protected documents.

While that may be nearly as scary, the persecution of Dmitry should not have been such a big suprise.

kinda ironic

[fantomas]

...that the news article on 'Hacking for human rights ' mentions that

"Hackers in the United States and other countries where abuses are infrequent should not be complacent" ....

Mind you it's worth checking Amnesty International to see their comments on human rights in the USA.

Re:Don't Forget....

[cworley]

Remember that Congress and the Senate are getting too much email... they throw it away. Sending snail mail has a better chance of getting read.

The best way I've found to contact your elected officials is via Microsoft's FIN ("Freedom To Innovate Network"). They'll print out and snail mail the correspondence for you. Since they promise to mail, it would be a fedral offense for them to read this mail, figure it wasn't in MS's best interest, and throw it in /dev/null. The law dictates that they faithfully mail whatever you desire.

You have to agree to sign up for passport :(

You can send mail once per day per official.

Make sure to un-check the box that says they can read it -- you don't want MS to know what you're using them for ;)

http://www.freetoinnovate.com/contact/default.as p? subject=20

Re:Tell Adobe

[Oztun]

I went through all your old post searching for misspelled words and I must say that you practice what you preach. However many things I saw were putting down other people and calling them morons. I feel better knowing I only come across as someone to busy at work to use a spell checker. I'd really feel bad if I came across as a complete jerk.

Attn. Lord Nitpick, I spelled checked this one so you can sleep better tonight.

Re:Tell Adobe

[Oztun]

Now I'll wait for you to attack my grammer next.

Re:Tell Adobe

[Oztun]

Here is the email I just sent:

To Whom it may concern,

As a user of your products I have become very offended today. I feel like your company is trying to insult my intellegence. Your company has choosen to enforce the DMCA by arresting Dmitry Sklyarov.

By arresting Dmitry you are sending a message that you will allow your product to continue using substandard security. You should be applauding Dmitry for showing that your software needs improvement. As a user of eBook I am happy that Dmitry has shown that the security can be broken. Do you actually think your customers want you to hide these problems so only the bad guys can get our data?

Would you want to continue using eBook if you know from now own Adobe will use scare tactics to keep security holes hidden? Put yourselves in your users shoes. I am not going to use eBook from here on out. I will be looking for another product until your views on the matters change. Not only do I feel you should change your decision you must also voice out against the DMCA. From here on out I will never use any products that support the DMCA or any other plan to take away citizens rights.

Thanks for listening,

One more upset customer

Re:These things should be approached differently..

[tjwhaynes]

OK, so it was very noble of this person to point out the faults in the protection scheme so that others would know that their documents were not so safe after all...

However, if "these are people after all" in Adobe, then why would it be such a bad idea to present this to them first rather than just shoving the information out to the general public.

If a company claims certain features in it's advertising and packaging, then a public examination of those claims are completely valid. Consumer groups have been doing this for ages for everything from baby toys to trucks, bringing the company to task for incorrect and misleading information or just plain bad products. I see no difference in this case. Indeed, if you are selling software which claims to be 'secure' you had better get your claims right. Hiding behind the DMCA should not excuse the company from the trading standards laws or allow the company to wriggle out of the 'merchantable quality' requirements.

This is rather different from products such as web servers having security holes in them - there are reasonable grounds in these cases to inform the vendor of the problem first and only go public if nothing happens.

Cheers,

Toby Haynes

Encryption, my ass

[perp]

From Dmitry's presentation re the eBook Pro compiler:

"All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB"

"Compressed data are encrypted by XOR-ing each byte with every byte of the string "encrypted", which is the same as XOR with constant byte"

This is totally mindboggling if true. Are we saying that people can XOR their data stream with a *single byte*, advertise it as "virtually 100% burglar-proof" and then get listened to when they complain about evol haxors cracking their encryption?

Re:Encryption, my ass

[EschewObfuscation]

But now that you've pointed out that my front door is flimsy, I can have you thrown in jail. You can sit there and stew next to those criminal crowbar manufacturers...

(email addr is at acm, not mca)
We are Number One. All others are Number Two, or lower.

use gv instead of Acrobat :-)

[StandardDeviant]

Side note: gv works just as well as Acrobat to view PDF files from netscape as a helper app (and PS too, of course). Just add "gv %s" in as the application to handle the file types for PostScript and PDF(edit->preferences->helperapps or something like that). Personally I like gv's navigational structure better anyway.

(Well, /path/to/gv if it isn't in your path, naturally.)

Very rarely I will run across a document that gv just doesn't like but that Acrobat displays fine. This happens maybe once a month, if I'm looking at a fair amount of pdf's.

I think the software dependencies for gv are ghostscript and whatever dependencies it has but I'm not sure. apt-get or rpmfind.net or your ports tree are your friends in that regard.

--
News for geeks in Austin: www.geekaustin.org

Not to mention consumer protection...

[iconnor]

This has highlighted some false claims made by a company in marketing. Does this mean that next time someone claims their software is secure, it is illegal to prove it is not?
What about consumer protection laws - this is misleading conduct on the behalf of the companies involved.

Re:How can we help?

[bendude]

How about if I remove you from your family and loved ones and lock you up in a prison in, say, Siberia. You will be assured the right to trial, etc. It will take a while, though.

Will you be so ready to make concessions then?

Ross Anderson on Suppressing Knowledge

[dazed-n-confused]

At his website, Ross Anderson (University of Cambridge computer security guru) displays this rather relevant quote:

The first book written on cryptology in English, by John Wilkins in 1641, remarked that `If all those useful Inventions that are liable to abuse, should therefore be concealed, there is not any Art or Science which might be lawfully profest'.

Rather worrying - where does this criminalisation of knowledge end?

Ross wrote "Security Engineering" (a mighty tome, should be of interest to many Slashdotters, plenty of info about it on his site).

Re:More importantly. . .

[gowen]

If he isn't an American citizen, then the Bill of Rights doesn't apply to him.

Well then the DMCA shouldn't either. (Although, of course, foreign nationals tried under US law are eligible for the full protection offered by the US Constitution w.r.t. to due process and defendants rights).

See No Evil, Hear No Evil, Speak no Evil

[jasonbrown]

Be assured your constitutional rights to free speech and freedom of the press have been taken away. It is a sad day when a man can be thrown in jail for intelligent speech and writing. But that is what has happened here. Where will the madness created by the DMCA end?

Civil vs Criminal

[Frank+T.+Lofaro+Jr.]

Are you sure you aren't confusing a CIVIL action with a CRIMINAL action of a low enough severity that imprisonment is not allowed. As far as I remember, the Supreme Court said you can arrest even for crimes for which imprisonment is not allowed - that is a far cry from arresting someone for a civil violation. BTW, speeding is a CRIMINAL offense (as are other traffic violations) in many states. For example, Nevada. Plus a FINE is only assessed for CRIMINAL offenses, for civil offenses it is a civil penalty.

Re:Hit them where it hurts--stock price

[WhiteWolf666]

Duh---that's the idea

Market economics mean that the value of this companies' technology is not the devlopment costs. Rather, it's the ability to be usefully to end users.

Poor encryption is not useful, and therefore, these companies should loose value.

If Ford make a shoddy car, is it ok for people to tell others, even though it might hurt their stock price?

If XYZ, Inc., invented electronic paper that lost all it's data after one month, but had just started shipping it, shouldn't investors know about their scam?

I think so.

Quick Poll

[SnapShot]

Do these actions always backfire?

* Attempted censorship. A thousand people immediately buy the book and/or see the movie.

* DCMA. A thousand people that knew nothing about CSS immediatly download DeCSS and buy a T-Shirt with the code.

* DCMA (again). A thousand people immediatly attempt to download the slashdotted powerpoint show.

Am I missing something regarding the effeciveness of these sorts of laws? (Other than, of course, ruining the lives a few individuals who are made the scapegoats.)

Ok, I'm as criminal...

[rnbc]

Once upon a time I really needed to print a .pdf that was not supposed to be printed, so I got Ghostscript, the relevant encription modules, and changed the postscript source (yes, the modules are made in postscript) to let me print the damn thing...

Easy, fast, nice...

It was my first and only experience in postscript programming.

This is not new stuff, and I don't really see any problem with it.

Re:More importantly. . .

[saider]

The Bill of Rights applies to all people that the US government interacts with. The Border Patrol cannot abuse Mexican immagrants any more than LAPD can abuse US citizens. Manuel Noriega was afforded all of the rights in the constitution, even though he was not a citizen. The Bill protects ALL people, not just those born here or who those who passed a test.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Tell Adobe

[Erasmus+Darwin]

Two small corrections (which I normally wouldn't bother you with, but given that this is going to be sent out to people at Adobe):

(third paragraph) "persuit" should be spelled "pursuit"
(last sentence) "yout" should be "your"

Re:Entrapment?

[ichimunki]

NO. They should have arrested him in the middle of the presentation for maximum effect, and yes they can warn him but are under no burden to do so. However, it is unlikely that they were even present at the conference (in this capacity)-- and even if they were, maybe once they saw this complex and new "crime" being committed they felt they should wait for the okay from their own FBI lawyers (rather than the Adobe jackals) before proceeding.

The crime here is not cracking the "protection" but sharing the method used to perform the crack. While it is not a crime to describe in detail how to kill someone (if you do it without being inciteful), how to manufacture drugs, how to build a bomb, how to cheat on your wife, how to molest children, it is a crime to discuss methods of cracking anti-consumer "protections" on copyright restricted materials on digital media. This Russian guy broke that blatantly illegal law on US soil (using information he obtained at home in Russia where he may not have been violating any laws). Ergo, he gets arrested.

To quote Bulldog, "This sucks. This is total BS."

Some of them are absent

[Saib0t]

By the way, please moderate this guy up some more, mass action is a way to get attention.

blamkin and gfreeman are absent,
ttownsley doesn't exist seemingly



From: blamkin (via the www vacation program)
Subject: Out of the office on vacation until July 30

I will be out of the office on vacation until July 30, and will not be checking email. If you have an urgent issue, please contact my assistant, Laura Giffin at 408-536-4375 (lgiffin@adobe.com)

If you are sending me an email that requires my immediate attention when I return, please mark it Urgent and resend it. I will get back to you as soon as I can the week of July 30.

-Bryan

From: gfreeman (via the www vacation program)
Subject: absence from the office & no email access
I will be absent from the office from July 16 through August 3 and will not be accessing email during this period. In my absence, Lew Epstein (lepstein@adobe.com) will be assuming my responsibilities. For matters requiring prompt attention during my absence please contact either Lew or Lisa Sellers (lsellers@adobe.com).

Thank you
Graham

----- The following addresses had permanent fatal errors -----

(reason: 550 5.1.1 ... User unknown)
(expanded from: )

----- Transcript of session follows -----
... while talking to inner-relay-1.adobe.com.:
>>> RCPT To:
... User unknown
550 5.1.1 ... User unknown

Re:Entrapment?

[micromoog]

No, it's not entrapment. Entrapment involves a law enforcement agent enticing someone to commit a crime they otherwise would not have committed, had the agent not been involved.

Spelling mistakes removed

[DanEsparza]

Dear Sir/Madam:

I am writing today to express my displeasure concerning the way Adobe has conducted itself in regards to Dmitry Sklyarov and Elcomsoft. It would seem that, rather than thanking Mr. Sklyarov for exposing serious flaws in your products, and then correcting them, you have chosen to pursue a course of litigation and intimidation via the misuse of law enforcement.

I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occurring.

As an Adobe customer, here is what I want: The pursuit of better products, and not more litigation. We have enough of that already. I fear one day that my children may be imprisoned for pointing out flaws in corporate products, or for engaging in legitimate research of code and computer products. Perhaps, if you have children, they will be too. So I urge Adobe to "back off" as it were and refocus the money that would have been spent on lawyers into developing a more secure and better eBook system.

Thank-you for your time, and I look forward to your reply!

Re:Hit them where it hurts--stock price

[tswinzig]

While I don't advocate and don't intend to cause harm to anyone's person or Adobe's physical plant, I would shed no tears if Adobe's HQ burned to the ground, preferably with the decision-maker responsible for this inside.

I believe this is what they call a "paradox."

DMCA = Legitimization of a Corporate Police State?

[tenzig_112]

Let me get this straight: you can now get arrested for what would otherwise be a civil action?

If I were part of a company screwing over someone else's copyright or exploiting their crappy code, my company would be subject to a law suit. I can't imagine we'd all be hauled off in the paddy wagon. But an individual doing this can be jailed?

I'm not being sarcastic [this once]. I seriously don't get this.

[For my money, you should be subject to arrest for giving your conference such an overly-dramatic title. Hacking for human rights, my arse.]

But the greater evil here is clear to see. In the graphics world Adobe = Microsoft, a single company holding the reigns on all of the industry's mission-critical tools. Time to get a better text tool for GIMP and get it to the people.

Don't forget "Hacking for human rights"

[clarkie.mg]

Billions of people can't tell what they think in their countries, are killed, imprisoned without judgement, screwed in their basic human rights for just expressing their opinions. China killed more than 1700 only this year. Now with the information technology, their voice can be heard.

It's time to be peacefully subversive.

Tell Adobe

[rabtech]

Don't just lament how wrong this is. TELL Adobe what you think of them and their actions. But PLEASE, be polite. Messages like "j00 suX0r Adobe!" get thrown in the PLOINK-bin faster than you can blink, and without a second thought. But a well-written message detailing why you are not happy with them, and what they can do about it, would be most helpful. Here are some PR contacts at adobe:

jcristof@adobe.com
dstyerwa@adobe.com
lvacante@adobe.com
ablatchf@adobe.com
skrueger@adobe.com
gbabbit@adobe.com
wsaso@adobe.com

Don't forget to give them a ring on the tele:
(408) 536-6000

And lastly, we have the executive's email addys (I think. I have not verified these addresses, so they may not work. The ones above will for sure though.)

jwarnock@adobe.com
cgeschke@adobe.com
bchizen@adobe.com
snarayen@adobe.com
mdemo@adobe.com
gfreeman@adobe.com
cpouliot@adobe.com
jstephens@adobe.com
ttownsley@adobe.com
mdyrdahl@adobe.com
blamkin@adobe.com

Go out there and tell them! Corporations are run by people, just like us. Sometimes those people do very stupid things and need correction; that is what I plan to do, and everyone who reads this message should do the same.
-- russ

Re:Tell Adobe

[rabtech]

OK, here is a short but sweet form letter:

==

Dear Sir/Madam:

I am writing today to express my displeasure concerning the way Adobe has conducted itself in regards to Dmitry Sklyarov and Elcomsoft. It would seem that, rather than thanking Mr. Sklyarov for exposing serious flaws in your products, and then correcting them, you have chosen to persue a course of litigation and intimidation via the misuse of law enforcement.

I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occuring.

As an Adobe customer, here is what I want: The persuit of better products, and not more litigation. We have enough of that already. I fear one day that my children may be imprisioned for pointing out flaws in corporate products, or for engaging in legitimate research of code and computer products. Perhaps, if you have children, they will be too. So I urge Adobe to "back off" as it were and refocus the money that would have been spent on lawyers into developing a more secure and better eBook system.

Thank-you for your time, and I look forward to yout reply!
-- [INSERT NAME]

==

Happy now? You lazy people :)
-- russ

Re:Tell Adobe

[imipak]

Transcript of session follows
... while talking to inner-relay-1.adobe.com.:
>>> RCPT To:
NOTIFY=FAILURE,DELAY
... User unknown
550 5.1.1 ... User unknown
--
"I'm not downloaded, I'm just loaded and down"

Re:Tell Adobe

[imipak]

DUH, -1 "didn't preview". Sorry ... >thwack ----- The following addresses had permanent fatal errors -----

(reason: 550 5.1.1
... User unknown)
(expanded from: )
--
"I'm not downloaded, I'm just loaded and down"

Re:Tell Adobe

[imipak]

*thump*thump*thump* I'm lame, I am, I'm lame,

Last try

1. gfreeman:

"I will be absent from the office from July 16 through August 3 and will not be accessing email during this period. In my absence, Lew Epstein (lepstein@adobe.com) will be assuming my responsibilities. For matters requiring prompt attention during my absence please contact either Lew or Lisa Sellers (lsellers@adobe.com).

2. blamkin [love the userid! ]:

I will be out of the office on vacation until July 30, and will not be checking email. If you have an urgent issue, please contact my assistant, Laura Giffin at 408-536-4375 (lgiffin@adobe.com)

3. ttownsley: (reason: 550 5.1.1 ttownsley@inner-relay-1.adobe.com... User unknown) (expanded from: ttownsley@adobe.com)
--
"I'm not downloaded, I'm just loaded and down"

Hit them where it hurts--stock price

[acceleriter]

We need to hop on the Fool and other stock boards and articulately discuss the fact (to which Adobe surely will have to attest) that this guy did irreperable damage to Adobe's potential revenue stream by releasing this technology. Be sure to explain that despite his arrest, the code is out there, and like DeCSS, is sure to be copied and mirrored widely. Perhaps the publicity associated with having had one's product cracked lowering one's stock price will deter others from having researchers arrested.

While I don't advocate and don't intend to cause harm to anyone's person or Adobe's physical plant, I would shed no tears if Adobe's HQ burned to the ground, preferably with the decision-maker responsible for this inside.

Re:Hit them where it hurts--stock price

[cavemanf16]

Then again, if a large company can be cut down to size by a better performing smaller one with more intelligent or harder working people, isn't that fair? I'm not saying I'd like to see people and companies lose money for their hard work, but if someone is doing it better, then maybe it's time to find a new line of work...

2 issues

[einhverfr]

I see two distinct issues relating to the DMCA-- each of which is important to consider independently. First is that our society generally agrees that authors have a right to some compensation for the use of their works. I think that this is arguable but in recent history, here in America, this right has been distorted so that it is no longer driven by the artist or writer's benefits but rather by the benefits of the publishing houses. This is a major problem and the DMCA is only the latest in this trend (life + 70 years is not a term for copyright that protects an author-- it protects the corporation that publishes his work).

Also, the presentation makes clear that many of the formats use weak encryption, perhaps with the intent of hiding behind the DMCA and adding legal clout to their licensing term (xor encrypting with a byte derived from the string "encrypted" comes to mind).

This is despicable and harms society in ways which are beyond most people's comprehension. Security depends on peer review and criticism because there are always more people outside your organization that would like to get in than you have staff to keep track of these things. Peer review of encryption schemes is necessary to maintain computer security in all aspects of our society. Hiding behind the DMCA at best causes a false sense of security for publishers and at worst harms all computer security by dampening peer review or all encryption schemes.

The presentation was great. (Hint-- Fight the DMCA-- widely distribute it!).

Sig: Tell all your friends NOT to download the Advanced Ebook Processor:

Re:Another mirror

[imipak]

Good luck getting sued! I'm just updating my CV, I was seriously wondering about putting a "geek cred" section at the bottom... "activism: sued by the DVDCCA; mirroring deCSS; member of the EFF; Slashdot: two karma-capped users, one with a 4 digit ID; two stories posted on the front page; ... yadda yadda"

Anywhere sad enough to hire me despite that stuff would be a cool place to work, I reckon ;)
--
"I'm not downloaded, I'm just loaded and down"

Another mirror

[imipak]

here.

Last time I threw up a quick mirror in response to a Slashdot story I ended up as a "J.Doe" on the DVDCCA case in California. Not sure how they think Californian law works in the UK, but there you go...

When will these people learn that you can't pout the toothpaste back in the tube? *sigh*
--
"I'm not downloaded, I'm just loaded and down"

Re:As Stallman said

[tbone1]

As Richard Stallman said before:

• US government does not exist for the people. It exists for the big corporations.

Uh, no. I realize that many here consider RMS divine, if not dreamy, but he is flat-out wrong. There has never been a government anywhere at any time that did not have as its top priority itself. In all governments, be they communist, democratic, republican, socialist, monarchist, whatever, you will find that it is a government of the government bureaucrat, by the government bureaucrat, for the government bureaucrat.

I was (un)fortunate enough to work for a NASA contractor in DC during the government shutdown a few years ago. We discovered some amazing things. First, we didn't need the civil servants to do our job. Second, without them, we got a lot more work done because they weren't in the way. Third, it was a lot quieter. Fourth, the network was quicker. Fifth, if they are considered 'non-essential', why were they hired in the first place?

Every government action I've ever seen comes down to one of the following:

• They have to enforce a silly law that was passed by Congresscritters who believe the government should poke its nose everywhere.
• The bureaucracy attempts to expand its wealth and power at the expense fo the wealth, power, and freedom of the taxpayer
• The bureaucracy fights to preserve their wealth and power against a mob of angry taxpayers
• The bureaucracy blames others (often the evil forces of capitalism if there is no Republican handy) for the problems it creates and perpetuates

And finally, I have no sympathy for those who demand the government do get more power then whine when the government uses that power to do something they don't like. You'd think empirical evidence would tell them otherwise.

I do agree that we should fight the government, good and hard, for our freedoms. But to expect any government to do what's right when the civil servants can't be fired and when government agencies face no competition is to have both your feet planted firmly in the air.

Parallel case?

[Chakat]

Back in 1985, a magazine called Phrack, which at one time was the voice for the underground community (crackers, phreakers, etc.) published an article regarding cracking Master locks. Now, of course, Master bitched and moaned over the publication of the info, but in the end, could do nothing legally, and subsequently were forced to redesign their locks as to be more secure. Yeah, it was a short-term loss for Master as they had to redesign their locks and perform some spin control, but the long-term gain for everyone was much greater, as the information was known in some circles, that was simply the first time that the information was disseminated so widely.

Move that case into this post-DMCA case we live in today, and you would likely see the publisher of the magazine thrown in jail for creating an anti-circumvention device, and the PR people saying that this is a great victory for everyone because those evil hacker people were thrown in jail. Of course they'd also neglect to say that this information would probably become much more wide-spread than it otherwise would have been, and that a lot of innocent people would be adversely affected because the manufacturer would have little motivation to fix a glaring security flaw.

The result? The flaws are not fixed and there is the possibility of even more damage. People still know the flaws, but the problem is not fixed.

D - M - C - A

As Stallman said

[famazza]

As Richard Stallman said before:

• US government does not exist for the people. It exists for the big corporations.

He was talking about DMCA and the new Free Software laws in other countries.

• Don't let your government do what US government did for US. Fight for your rights

So, if there's nothing like DMCA in your country, fight for your rights, don't let them cut back your rights!


Don't worry, I'm too busy [to|every]day

Re:As Stallman said

[sunwukong]

FYI, and as a followup to the general "why doesn't X move to the Great White North", Canada's IP policy is slowly taking shape. It seems that there's going to be a contrast to the US model. How long the difference will/can last has yet to be seen.

The Globe and Mail article.

The government agency itself.

confused?

[bark76]

Was he arrested for the speech he gave in Las Vegas, or for breaking the DMCA laws while he was in Russia? The article doesn't say why he was arrested, but that's how everyone is making it sound (and last I check DMCA laws didn't apply to russian citizens who are in Russia). Anyone found more info on this yet?

Re:More importantly. . .

[Hostile17]

If he isn't an American citizen, then the Bill of Rights doesn't apply to him.

The Constitution and the Bill of Rights applies to everyone who resides in the United States. Even if he does not live here, he is visiting, while he is here he is entitled to the same treatment as anyone else, his citizenship has no bearing on this at all. He is innocent until proven guilty and has the right not to incriminate himself. He is entitled to a Lawyer and a fair and speedy trial. Now if only we could get those rights enforced. Otherwise the INS would deal with illegal aliens with machine guns.

Where were the hackers?

[Lothar+0]

Was Sklyarov arrested immediately after his presentation? If so, didn't any DefCon attendees see what was going on and try to confront the arresting officers regarding what the hell was going on? If the attendees of DefCon are supposedly hard-core when it comes to liberty, then they should have formed a human fence around the cops' vehicle and not let it out, even *if* it meant their own arrest. Civil disobedience can only go so far when you only do it from a keyboard.

Someone here went to DefCon and saw this. What exactly went on, play by play?

If tables were reversed?

[Arakonfap]

What would the U.S. do if Germany arrested an american citizen on vacation for previously selling Nazi related materials over the internet?

I don't think that would go over well. Can anyone explain a difference to me? Or would the U.S. accept this arrest without problem?

Re:If tables were reversed?

[NotoriousQ]

Don't worry! Russians are pretty ideologically minded, and they will stand up for their best.(Russia actually cares about intellectuals, esp. those that fall in the hands of foreign govts.)

The last time I checked, they also still have circa 20,000 nukes, most preaimed without advanced navigation (more than missile defense would handle, even if it were complete).

Expect a call from Putin to US soon. Probably tomorrow morning.

Remember, when you are downloading MP3's, you are downloading communism!!!

The three powers of state

[buglord]

Judicative
Legislative
Corporative

Re:How can we help?

[Unknown+Bovine+Group]

It's my legal right to bypass any and all restrictions on an eBook I've bought myself. It's his legal right to tell other people how to bypass any and all of these restrictions.

Right on! Just like it's MY legal right to grow or purchase whatever mind-altering drugs I wan.... Oh wait. No it's not.

Mod parent up!

[hivolt]

I've done my duty and emailed Adobe politely about this abuse of a bad law. Perhaps at the next DefCon, presentations on how to circumvent this Adobe flaw will be distributed to the public as encrypted PDF's, so that DCMA supporters will not have access to content they find objectionable.