Fallout From Def Con: Ebook Hacker Arrested by FBI

Richard and many other people sent in news about Dmitry Sklyarov, a programmer at Russian software company Elcomsoft, who was arrested after giving a talk at Def Con 9 in Las Vegas titled "eBook Security: Theory and Practice." Elcomsoft publishes a program to remove restrictions from encrypted PDF files, which has severely annoyed Adobe Corporation. Adobe was apparently responsible for the arrest, charging that Elcomsoft is violating the Digital Millennium Copyright Act by publishing the software and giving the presentation at Def Con. (The presentation, by the way, is great - he compares the claimed features of ebook protection schemes with their actual features.) Also at Def Con 9: Hacking for Human Rights.

When Adobe acts like this...

When Adobe acts like this, it makes me glad that I've never paid for any of their programs.

Re:Doesn't the DMCA specifically protect this?

then this seems like a great case for blowing the DMCA farce wide open.

It would be rather ironic if a Russian citizen would end up fighting an American law restricting his free speech.

Yes, DMCA = Legitimization of a Corp Police State

[Gleef]

Yes, the DMCA criminalizes certain kinds of copyright violations; it also criminalizes some acts, like reverse engineering protection schemes, that were never even grounds for civil action before. This is in addition to any civil lawsuit the offended party may bring against you.

Yes this moves us ever closer to a corporate police state. Some companies, Wackenhut for example, are even positioning themselves to have their own police forces (they already run several prisons).


----

Absolutely Incredible

[nathanh]

Some of the "security" algorithms this white-hat whistleblower has exposed are incredibly poor. Here are some samples:

• The Acrobat Signed Plugin authentication code only checks the header of the binary. So just take a non-malicious signed plugin, modify the binary after the header, and you can send out a "signed" plugin with malicious code as the payload. What a joke!
• One of the products costs $3000 and is derived from a rot13 encoder.
• Another product is claiming "100% burglar-proof" but the "encryption" is nothing more than an XOR against a single magic byte.

If I was a shareholder in any of these companies I would be demanding an investigation. This isn't just shoddy, it's an outright scam! None of these companies should be getting away with this. The customer is being ripped off, yet these shyster companies have the NERVE to use the law against the whistleblowers.

I'm disgusted.

Re:Absolutely Incredible

[bumski]

This reminds me of one of the things about the DMCA that really annoys me: there is no requirement that the copyright protection mechanism be reasonably well-designed, and whether I've violated the law is based not on my intent, but rather on the intent of the mechanism's designer. So if someone is stupid enough to think that Lempel-Ziv compression is a good copyright protection mechanism, and uses it with that intent, I can then unknowingly violate the DMCA by gunzipping a file.

The DMCA is a legal crutch for lazy companies that can't be bothered to design truly secure solutions. Or perhaps more honestly, for companies that know that consumers would balk at the inconvenience of using truly secure DVDs, etc., but still want to pretend that they're protecting something.

Re:Tell Adobe

[msuzio]

I called the phone number (408 536 6000) and asked for Public Relations. I got someone's voicemail, and left a somewhat long message about how concerned I was.
The person answering on the main line said I was the third person who called, and he actually put me on hold to find out who in Corporate was actually supposed to get these calls. So keep calling!

"mirror" of elmconsoft, and download

[Frederic54]

It seems the Elcomsoft page has been /., if it's in Russia it does not help...
Thanks to google, here's a mirror of the http://www.google.com/search?sourceid=navclient&q= cache:http%3A%2F%2Fwww%2Eelcomsoft%2Ecom%2Fapdfpr% 2Ehtml page, you can download the Advanced PDF Password Recovery here and here
--

Re:How can we help?

[tsikora]

criminal my ass... he hurt Adobe's pride and caught them lying.(advertised features). Nothing has been stolen. They should have gotten off their complacent asses and fixed it.

Copyright Owner's Permission

[grahamm]

Does the DCMA not only prohibit circumvention without the copyright owner's (presumably the owner of the copyright on the "protected" material) permission? In which case, why not simply demonstrate the technique on an encrypted PDF of material to which he owns the copyright?

Re:Copyright Owner's Permission

[Sloppy]

t gets better. You can claim that *your* protection method is regular PDFs and sue Adobe because Acrobat reader is used without *your* authority.

Agreed. If the "without authorization" refers to the copyright owner (and so far, everyone thinks that it does), then anyone who uses DMCA to prevent people from making compatable readers, also has to be damned careful to somehow keep anyone from making compatable writers as well. And DMCA (nor any other law that I've heard of) has nothing to prevent this from happening, unless the scrambling algorithm uses a patent.

And if they allow others to use their "authorized" writer (as is the case with Adobe and CSS-protected DVD manufacturers), it has to be under a special license that contains verbage to work around this DMCA hole. For example, in Adobe's case, they would have to offer the writing software only under a license (which means, in most people's opinion's, that it could not be sold through middlemen (retail stores, mail order stores, etc) in non-UCITA states, but rather, only available directly from Adobe with a contract signed prior to software being made available) where the purchaser of the software would have to agree to something like this:

You agree to never give authorization to anyone (except as noted below) to descramble any documents that you create with this software. The exception is that you grant authorization to everyone to descramble documents created with this software, provided that they do the descrambling using Adobe-created or Adobe-licensed products, such as Acrobat Reader.

I suspect that Adobe's software does not have anything like that in its EULA, and I also suspect that people are able to purchase and use Adobe's software without agreeing to whatever EULA they have, anyway.

(I also suspect that even the CSS license doesn't have this covered adequately, but I don't know for sure, since none of the CSS-protected DVDs that I've bought, came with any statement that explains under what circumstances/equipment I am authorized to watch the movie.)

---

Re:Copyright Owner's Permission

[sigwinch]

Bzzzt! Wrong! But thank you for playing. The DMCA does indeed protect the encrypted work, and not the decoding system. If you have the permission of a single copyright holder whose work is encoded with the algorithm, you are legal to distribute the decoder. (Well, sort of. There is also a test for substantial commercial use, but the PDF format meets that criterion.)

It gets better. You can claim that *your* protection method is regular PDFs and sue Adobe because Acrobat reader is used without *your* authority.

People, try actually reading the DMCA some time. When you actually understand what all the clauses mean, you'll laugh long and hard. It is mutually-assured destruction for copyright law. *Anybody* can make a program illegal just by writing a work for it and saying 'I don't give you permission.'

Re:Tell Adobe

[MAXOMENOS]

You might want to CC this to your Congresscritter, too. Make sure your elected officials know how DMCA is being abused.

You can find your congresscritter at Congress.Org and inserting your zip code into the proper fields. When you do this, be sure to include your name, address and zip code in the letter.

Alternatively, you could send the following (NB, I haven't checked for spelling mistakes):

Dear (Senator/Representative) N.

I am writing today to express my displeasure concerning the way the FBI has conducted itself in regards to Dmitry Sklyarov and Elcomsoft.

Mr. Sklyarov gave a talk at a computer security conference on the security weaknesses of Adobe's eBook product, which were apparently easily discovered and exploited. Instead of thanking Mr. Sklyarov for his work, Adobe complained to the FBI and Mr. Sklyarov was detained for violating the Digital Millenium Copyright Act.

I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occuring.

This is not the first time that the Digital Millenium Copyright Act has been abused like this, and it won't be the last. In its short life we have seen many security consultants and even college and university professors threatened with prosecution under DMCA for exposing weaknesses in computer security ... activity which would otherwise be protected under the First Amendment and the traditions of academic freedom. It is apparent that the DMCA must be changed or perhaps repealed.

I look foreward to your position on this issue.

Sincerely, (name, address including zip)

Doesn't the DMCA specifically protect this?

[JohnnyX]

IIRC, there is a clause in the DMCA that protects encryption research specifically. As the presentation was an informational survey of eBook protection claims vs. actual abilities, I don't see how that would be something they could arrest him for.

Now the publication of a tool to circumvent the security of PDF documents, that's another story. Does anywone know which he was arrested for?

Yours truly,
Mr. X

...stupid stupid FBI...

Re:Doesn't the DMCA specifically protect this?

[thudfactor]

What? You haven't picked up on the new legal system in the US? If it annoys a large company, it's illegal.

Dear Adobe:

[CokeBear]

Dear: Adobe

Please become an Acrobat and stick your PDF up your own ass using some good Live Motion. Then see how fast you can Type on Call for you Illustrator. Then with it in you ass please go to the local Photoshop and laydown on the Page Maker untill you Indesign. At this point you will need Type Management and have no Postscript to bail yourself out.

Incredible

[augustz]

This guy showed that a bunch of "super secure" products costing $2500-$3000 were basically junk and could be instantly decrypted. This includes a HARDWARE dongle security solution. Mother of god, imagine you are the company that bought 500 of these and payed $3000 per document to encode them, only to find out that someone can open it FASTER than you on a computer WITHOUT the dongle.

Instead of being arrested, he should be given a cut of the money the goverment fines adobe and its security partners for. The REAL criminals in cases like this where the money grubbing BS is exposed are often the companies themselves.

And I can count the number of times the DMCA has been used against real criminals on the palm of my hand. Never.

Luckly, slashdot's got a bunch of folks who actually make tech decisions. Let's try and wipe out these security plugins, and make it crystal clear to Adobe that they should be spending more time improving their products rather than going after the guy who blew the whistle on their BS. Call them today, again in a week, again in a month.

USA extending its law beyond its borders

[jamesk]

Wasn't there a time when crimes needed to be committed within the sovereign territory of the country involved before someone got arrested (Terrorism, murder, et al aside). Since this person didn't crack PDFs within the USA, nor is the software sold here directly by that person (it needs to be imported), what gives the US Govenment the right to arrest him (other then it can).

There was a time when the West condemned the Communists governments for heavy-handed treatment of those who committed "economic crimes against the state", holding up the free market model as an example (including its civil courts as a resolution mechanism).

Who needs to wait for a world government -- its already here -- just open a corporation, make the right size contributions to your favourite party and you too will be "given" the right to be heard.

Re:USA extending its law beyond its borders

[OmegaDan]

I was wondering this same thing -- could someone explain how foreign nationals fall under american domestic law? Both in the case of john johanson and this guy

Re:Entrapment?

[mindstrm]

No. Entrapment is when an officer of the law coerces you into doing something you would not otherwise have done, and then arrests you for it.

BTW

[ebbv]

it was the FBI and the article says that he was detained, it makes no mention of an actual 'arrest'.. there's a big difference, they can detain you without any real reason, but they can only do it for so long.

jeebus cripes... :P
...dave

Re:BTW

[ichimunki]

Editor's Note [from the article]: (17 July 2001 0100 PDST) Vladimir Katalov has informed Planet eBook that Dmitry Sklyarov, author of the "Advanced eBook Processor", was in fact arrested, and that he is being held in a Las Vegas prison waiting for subsequent judgement in California.

Under normal circumstances the authorities cannot detain citizens without arresting them, since doing so is paramount to an arrest. However, this case involves a non-citizen being barred from boarding a plane at an airport, and his detention was merely a temporary condition prior to his arrest.

Re:BTW

[hammock]

it was the FBI and the article says that he was detained, it makes no mention of an actual 'arrest'.. there's a big difference, they can detain you without any real reason, but they can only do it for so long.

Why don't they hold these hacker conferences in a free country, like Canada? See also: OpenBSD
Canada doesn't have Nazi laws like you do.

Section 2(b) of the Canadian Charter of Rights and Freedoms:
freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication;

Section 8
Everyone has the right to be secure against unreasonable search or seizure.

Section 9
Everyone has the right not to be arbitrarily detained or imprisoned.

Section 10
Everyone has the right on arrest or detention
(a) to be informed promptly of the reasons therefor;
(b) to retain and instruct counsel without delay and to be informed of that right; and
(c) to have the validity of the detention determined by way of habeas corpus and to be released if the detention is not lawful.

Adobe responsible for the arrest?

[ebbv]

last i checked they were a software company, not a government agency.

could we please clarify what government agency actually made the arrest and on what basis?
...dave

Re:Adobe responsible for the arrest?

[antibryce]

could we please clarify what government agency actually made the arrest and on what basis?

My guess is Adobe contacted the FBI, told them what the guy did, and had their lawyers politely explain to the Feds how that violates the DMCA. Now if I were to contact the FBI and demand they arrest the guy who DDoS'd my DSL line a few months ago (I do know who it is, and have ample evidence) they'd laugh at me.

Government for the corporations, by the corporations, and of the corporations.

c.

Re:pure horseshit

[EnderWiggnz]

1) just because stallman is a smelly, long-haired, communist hippie, doesnt mean that HE ISN'T "RIGHT".

2) What are the Bill of Rights and Consitution for? Toilet paper lately. 4th amendment has been gone for years - "war on Drugs" exception. 10th is ignored, 2nd is under attacik... and just TRY to use the 5th... see how far that gets you...

Re:Mirrored copy

[csbruce]

It appears to be in an impenetrable obfuscated format called ".ppt".

Snail Mail...

[Grendel+Drago]

Actually, snail mail will be more likely to be read...

http://www.adobe.com/aboutadobe/contact.html

San Jose Corporate Headquarters
Adobe Systems Incorporated
345 Park Avenue
San Jose, California 95110-2704
USA

-grendel drago

I hope

[wiredog]

That the Securities and Exchange Commission doesn't read slashdot. I think you just committed a felony.

It looks like they knew this would happen

[GoofyBoy]

From http://www.planetebook.com/mainpage.asp?webpageid= 157

"I should say that it will not work," Katalov explained on comp.text.pdf. "We'll just move our site to another ISP, in another country (where there is no Digitial Millenium Copyright Act (DMCA)). And/or make our software available for free, under the GNU license."

Re:READ THE POSTING

[radja]

>He was arrested for writing software that violates the DMCA.

and how valid is the DMCA in russia? it's perfectly legit software, the DMCA is a yank law, not a russian law.

why do americans seem to think that the laws they make also go for other countries?

//rdj

DMCA gives companies right to seize property

[Gorimek]

I don't know about arrests, but under the DMCA, companies can seize property from people they feel have violated their IP. That is the companies themself can perform the raid, not the government.

Pretty creepy!

Here is the press release about the first such case:
http://www.directv.com/press/pressdel/0,1112,414 ,0 0.html

Mirrored copy

[MikeBabcock]

I have a copy mirrored here (in Canada).

cf. FibreSpeed

Re:DMCA = Legitimization of a Corporate Police Sta

[MikeBabcock]

But only where laws like the DMCA exist would publishing a paper on how to circumvent a copyright method be a violation in itself. That's more the point -- without the DMCA, only the actual infringing uses of this information would be illegal, not the published information itself.

For example: knowing how to make a cable TV descrambler was never illegal -- using one to get free cable was.

READ THE ARTICLE

[levendis]

from http://www.planetebook.com/mainpage.asp?webpageid= 165

The reason for the arrest has been cited as being the Advanced eBook Processor and his speech at DefCon 9.

----

Re:The time has come to boycott Adobe.

[barneyfoo]

The first step in boycotting Adobe should be to come up with a l33t humorous mangling of their trademarks.

adobe = adoobey

acrobat = acr0wfat

Illustrator = Illustrangler

kinda ironic

[fantomas]

...that the news article on 'Hacking for human rights ' mentions that

"Hackers in the United States and other countries where abuses are infrequent should not be complacent" ....

Mind you it's worth checking Amnesty International to see their comments on human rights in the USA.

Re:Don't Forget....

[cworley]

Remember that Congress and the Senate are getting too much email... they throw it away. Sending snail mail has a better chance of getting read.

The best way I've found to contact your elected officials is via Microsoft's FIN ("Freedom To Innovate Network"). They'll print out and snail mail the correspondence for you. Since they promise to mail, it would be a fedral offense for them to read this mail, figure it wasn't in MS's best interest, and throw it in /dev/null. The law dictates that they faithfully mail whatever you desire.

You have to agree to sign up for passport :(

You can send mail once per day per official.

Make sure to un-check the box that says they can read it -- you don't want MS to know what you're using them for ;)

http://www.freetoinnovate.com/contact/default.as p? subject=20

Re:Tell Adobe

[Oztun]

Here is the email I just sent:

To Whom it may concern,

As a user of your products I have become very offended today. I feel like your company is trying to insult my intellegence. Your company has choosen to enforce the DMCA by arresting Dmitry Sklyarov.

By arresting Dmitry you are sending a message that you will allow your product to continue using substandard security. You should be applauding Dmitry for showing that your software needs improvement. As a user of eBook I am happy that Dmitry has shown that the security can be broken. Do you actually think your customers want you to hide these problems so only the bad guys can get our data?

Would you want to continue using eBook if you know from now own Adobe will use scare tactics to keep security holes hidden? Put yourselves in your users shoes. I am not going to use eBook from here on out. I will be looking for another product until your views on the matters change. Not only do I feel you should change your decision you must also voice out against the DMCA. From here on out I will never use any products that support the DMCA or any other plan to take away citizens rights.

Thanks for listening,

One more upset customer

Encryption, my ass

[perp]

From Dmitry's presentation re the eBook Pro compiler:

"All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB"

"Compressed data are encrypted by XOR-ing each byte with every byte of the string "encrypted", which is the same as XOR with constant byte"

This is totally mindboggling if true. Are we saying that people can XOR their data stream with a *single byte*, advertise it as "virtually 100% burglar-proof" and then get listened to when they complain about evol haxors cracking their encryption?

use gv instead of Acrobat :-)

[StandardDeviant]

Side note: gv works just as well as Acrobat to view PDF files from netscape as a helper app (and PS too, of course). Just add "gv %s" in as the application to handle the file types for PostScript and PDF(edit->preferences->helperapps or something like that). Personally I like gv's navigational structure better anyway.

(Well, /path/to/gv if it isn't in your path, naturally.)

Very rarely I will run across a document that gv just doesn't like but that Acrobat displays fine. This happens maybe once a month, if I'm looking at a fair amount of pdf's.

I think the software dependencies for gv are ghostscript and whatever dependencies it has but I'm not sure. apt-get or rpmfind.net or your ports tree are your friends in that regard.

--
News for geeks in Austin: www.geekaustin.org

Not to mention consumer protection...

[iconnor]

This has highlighted some false claims made by a company in marketing. Does this mean that next time someone claims their software is secure, it is illegal to prove it is not?
What about consumer protection laws - this is misleading conduct on the behalf of the companies involved.

Ross Anderson on Suppressing Knowledge

[dazed-n-confused]

At his website, Ross Anderson (University of Cambridge computer security guru) displays this rather relevant quote:

The first book written on cryptology in English, by John Wilkins in 1641, remarked that `If all those useful Inventions that are liable to abuse, should therefore be concealed, there is not any Art or Science which might be lawfully profest'.

Rather worrying - where does this criminalisation of knowledge end?

Ross wrote "Security Engineering" (a mighty tome, should be of interest to many Slashdotters, plenty of info about it on his site).

See No Evil, Hear No Evil, Speak no Evil

[jasonbrown]

Be assured your constitutional rights to free speech and freedom of the press have been taken away. It is a sad day when a man can be thrown in jail for intelligent speech and writing. But that is what has happened here. Where will the madness created by the DMCA end?

Civil vs Criminal

[Frank+T.+Lofaro+Jr.]

Are you sure you aren't confusing a CIVIL action with a CRIMINAL action of a low enough severity that imprisonment is not allowed. As far as I remember, the Supreme Court said you can arrest even for crimes for which imprisonment is not allowed - that is a far cry from arresting someone for a civil violation. BTW, speeding is a CRIMINAL offense (as are other traffic violations) in many states. For example, Nevada. Plus a FINE is only assessed for CRIMINAL offenses, for civil offenses it is a civil penalty.

Re:Hit them where it hurts--stock price

[WhiteWolf666]

Duh---that's the idea

Market economics mean that the value of this companies' technology is not the devlopment costs. Rather, it's the ability to be usefully to end users.

Poor encryption is not useful, and therefore, these companies should loose value.

If Ford make a shoddy car, is it ok for people to tell others, even though it might hurt their stock price?

If XYZ, Inc., invented electronic paper that lost all it's data after one month, but had just started shipping it, shouldn't investors know about their scam?

I think so.

Quick Poll

[SnapShot]

Do these actions always backfire?

* Attempted censorship. A thousand people immediately buy the book and/or see the movie.

* DCMA. A thousand people that knew nothing about CSS immediatly download DeCSS and buy a T-Shirt with the code.

* DCMA (again). A thousand people immediatly attempt to download the slashdotted powerpoint show.

Am I missing something regarding the effeciveness of these sorts of laws? (Other than, of course, ruining the lives a few individuals who are made the scapegoats.)

Re:More importantly. . .

[saider]

The Bill of Rights applies to all people that the US government interacts with. The Border Patrol cannot abuse Mexican immagrants any more than LAPD can abuse US citizens. Manuel Noriega was afforded all of the rights in the constitution, even though he was not a citizen. The Bill protects ALL people, not just those born here or who those who passed a test.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Entrapment?

[ichimunki]

NO. They should have arrested him in the middle of the presentation for maximum effect, and yes they can warn him but are under no burden to do so. However, it is unlikely that they were even present at the conference (in this capacity)-- and even if they were, maybe once they saw this complex and new "crime" being committed they felt they should wait for the okay from their own FBI lawyers (rather than the Adobe jackals) before proceeding.

The crime here is not cracking the "protection" but sharing the method used to perform the crack. While it is not a crime to describe in detail how to kill someone (if you do it without being inciteful), how to manufacture drugs, how to build a bomb, how to cheat on your wife, how to molest children, it is a crime to discuss methods of cracking anti-consumer "protections" on copyright restricted materials on digital media. This Russian guy broke that blatantly illegal law on US soil (using information he obtained at home in Russia where he may not have been violating any laws). Ergo, he gets arrested.

To quote Bulldog, "This sucks. This is total BS."

Spelling mistakes removed

[DanEsparza]

Dear Sir/Madam:

I am writing today to express my displeasure concerning the way Adobe has conducted itself in regards to Dmitry Sklyarov and Elcomsoft. It would seem that, rather than thanking Mr. Sklyarov for exposing serious flaws in your products, and then correcting them, you have chosen to pursue a course of litigation and intimidation via the misuse of law enforcement.

I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occurring.

As an Adobe customer, here is what I want: The pursuit of better products, and not more litigation. We have enough of that already. I fear one day that my children may be imprisoned for pointing out flaws in corporate products, or for engaging in legitimate research of code and computer products. Perhaps, if you have children, they will be too. So I urge Adobe to "back off" as it were and refocus the money that would have been spent on lawyers into developing a more secure and better eBook system.

Thank-you for your time, and I look forward to your reply!

DMCA = Legitimization of a Corporate Police State?

[tenzig_112]

Let me get this straight: you can now get arrested for what would otherwise be a civil action?

If I were part of a company screwing over someone else's copyright or exploiting their crappy code, my company would be subject to a law suit. I can't imagine we'd all be hauled off in the paddy wagon. But an individual doing this can be jailed?

I'm not being sarcastic [this once]. I seriously don't get this.

[For my money, you should be subject to arrest for giving your conference such an overly-dramatic title. Hacking for human rights, my arse.]

But the greater evil here is clear to see. In the graphics world Adobe = Microsoft, a single company holding the reigns on all of the industry's mission-critical tools. Time to get a better text tool for GIMP and get it to the people.

Tell Adobe

[rabtech]

Don't just lament how wrong this is. TELL Adobe what you think of them and their actions. But PLEASE, be polite. Messages like "j00 suX0r Adobe!" get thrown in the PLOINK-bin faster than you can blink, and without a second thought. But a well-written message detailing why you are not happy with them, and what they can do about it, would be most helpful. Here are some PR contacts at adobe:

jcristof@adobe.com
dstyerwa@adobe.com
lvacante@adobe.com
ablatchf@adobe.com
skrueger@adobe.com
gbabbit@adobe.com
wsaso@adobe.com

Don't forget to give them a ring on the tele:
(408) 536-6000

And lastly, we have the executive's email addys (I think. I have not verified these addresses, so they may not work. The ones above will for sure though.)

jwarnock@adobe.com
cgeschke@adobe.com
bchizen@adobe.com
snarayen@adobe.com
mdemo@adobe.com
gfreeman@adobe.com
cpouliot@adobe.com
jstephens@adobe.com
ttownsley@adobe.com
mdyrdahl@adobe.com
blamkin@adobe.com

Go out there and tell them! Corporations are run by people, just like us. Sometimes those people do very stupid things and need correction; that is what I plan to do, and everyone who reads this message should do the same.
-- russ

Re:Tell Adobe

[rabtech]

OK, here is a short but sweet form letter:

==

Dear Sir/Madam:

I am writing today to express my displeasure concerning the way Adobe has conducted itself in regards to Dmitry Sklyarov and Elcomsoft. It would seem that, rather than thanking Mr. Sklyarov for exposing serious flaws in your products, and then correcting them, you have chosen to persue a course of litigation and intimidation via the misuse of law enforcement.

I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occuring.

As an Adobe customer, here is what I want: The persuit of better products, and not more litigation. We have enough of that already. I fear one day that my children may be imprisioned for pointing out flaws in corporate products, or for engaging in legitimate research of code and computer products. Perhaps, if you have children, they will be too. So I urge Adobe to "back off" as it were and refocus the money that would have been spent on lawyers into developing a more secure and better eBook system.

Thank-you for your time, and I look forward to yout reply!
-- [INSERT NAME]

==

Happy now? You lazy people :)
-- russ

Re:Tell Adobe

[imipak]

*thump*thump*thump* I'm lame, I am, I'm lame,

Last try

1. gfreeman:

"I will be absent from the office from July 16 through August 3 and will not be accessing email during this period. In my absence, Lew Epstein (lepstein@adobe.com) will be assuming my responsibilities. For matters requiring prompt attention during my absence please contact either Lew or Lisa Sellers (lsellers@adobe.com).

2. blamkin [love the userid! ]:

I will be out of the office on vacation until July 30, and will not be checking email. If you have an urgent issue, please contact my assistant, Laura Giffin at 408-536-4375 (lgiffin@adobe.com)

3. ttownsley: (reason: 550 5.1.1 ttownsley@inner-relay-1.adobe.com... User unknown) (expanded from: ttownsley@adobe.com)
--
"I'm not downloaded, I'm just loaded and down"

Hit them where it hurts--stock price

[acceleriter]

We need to hop on the Fool and other stock boards and articulately discuss the fact (to which Adobe surely will have to attest) that this guy did irreperable damage to Adobe's potential revenue stream by releasing this technology. Be sure to explain that despite his arrest, the code is out there, and like DeCSS, is sure to be copied and mirrored widely. Perhaps the publicity associated with having had one's product cracked lowering one's stock price will deter others from having researchers arrested.

While I don't advocate and don't intend to cause harm to anyone's person or Adobe's physical plant, I would shed no tears if Adobe's HQ burned to the ground, preferably with the decision-maker responsible for this inside.

Another mirror

[imipak]

here.

Last time I threw up a quick mirror in response to a Slashdot story I ended up as a "J.Doe" on the DVDCCA case in California. Not sure how they think Californian law works in the UK, but there you go...

When will these people learn that you can't pout the toothpaste back in the tube? *sigh*
--
"I'm not downloaded, I'm just loaded and down"

Parallel case?

[Chakat]

Back in 1985, a magazine called Phrack, which at one time was the voice for the underground community (crackers, phreakers, etc.) published an article regarding cracking Master locks. Now, of course, Master bitched and moaned over the publication of the info, but in the end, could do nothing legally, and subsequently were forced to redesign their locks as to be more secure. Yeah, it was a short-term loss for Master as they had to redesign their locks and perform some spin control, but the long-term gain for everyone was much greater, as the information was known in some circles, that was simply the first time that the information was disseminated so widely.

Move that case into this post-DMCA case we live in today, and you would likely see the publisher of the magazine thrown in jail for creating an anti-circumvention device, and the PR people saying that this is a great victory for everyone because those evil hacker people were thrown in jail. Of course they'd also neglect to say that this information would probably become much more wide-spread than it otherwise would have been, and that a lot of innocent people would be adversely affected because the manufacturer would have little motivation to fix a glaring security flaw.

The result? The flaws are not fixed and there is the possibility of even more damage. People still know the flaws, but the problem is not fixed.

D - M - C - A

As Stallman said

[famazza]

As Richard Stallman said before:

• US government does not exist for the people. It exists for the big corporations.

He was talking about DMCA and the new Free Software laws in other countries.

• Don't let your government do what US government did for US. Fight for your rights

So, if there's nothing like DMCA in your country, fight for your rights, don't let them cut back your rights!


Don't worry, I'm too busy [to|every]day

Re:As Stallman said

[sunwukong]

FYI, and as a followup to the general "why doesn't X move to the Great White North", Canada's IP policy is slowly taking shape. It seems that there's going to be a contrast to the US model. How long the difference will/can last has yet to be seen.

The Globe and Mail article.

The government agency itself.

confused?

[bark76]

Was he arrested for the speech he gave in Las Vegas, or for breaking the DMCA laws while he was in Russia? The article doesn't say why he was arrested, but that's how everyone is making it sound (and last I check DMCA laws didn't apply to russian citizens who are in Russia). Anyone found more info on this yet?

If tables were reversed?

[Arakonfap]

What would the U.S. do if Germany arrested an american citizen on vacation for previously selling Nazi related materials over the internet?

I don't think that would go over well. Can anyone explain a difference to me? Or would the U.S. accept this arrest without problem?

Re:How can we help?

[Unknown+Bovine+Group]

It's my legal right to bypass any and all restrictions on an eBook I've bought myself. It's his legal right to tell other people how to bypass any and all of these restrictions.

Right on! Just like it's MY legal right to grow or purchase whatever mind-altering drugs I wan.... Oh wait. No it's not.

Mod parent up!

[hivolt]

I've done my duty and emailed Adobe politely about this abuse of a bad law. Perhaps at the next DefCon, presentations on how to circumvent this Adobe flaw will be distributed to the public as encrypted PDF's, so that DCMA supporters will not have access to content they find objectionable.