Slashdot Mirror
Fallout From Def Con: Ebook Hacker Arrested by FBI
Richard and many other people sent in news about Dmitry
Sklyarov, a programmer at Russian software company Elcomsoft, who was arrested after giving a talk at Def Con 9 in Las Vegas titled "eBook Security: Theory and Practice." Elcomsoft publishes a program to remove restrictions from encrypted PDF files, which has severely annoyed Adobe Corporation. Adobe was apparently responsible for the arrest, charging that Elcomsoft is violating the Digital Millennium Copyright Act by publishing the software and giving the presentation at Def Con. (The presentation, by the way, is great - he compares the claimed features of ebook protection schemes with their actual features.) Also at Def Con 9: Hacking for Human Rights.
When Adobe acts like this, it makes me glad that I've never paid for any of their programs.
It would be rather ironic if a Russian citizen would end up fighting an American law restricting his free speech.
Some of the "security" algorithms this white-hat whistleblower has exposed are incredibly poor. Here are some samples:
If I was a shareholder in any of these companies I would be demanding an investigation. This isn't just shoddy, it's an outright scam! None of these companies should be getting away with this. The customer is being ripped off, yet these shyster companies have the NERVE to use the law against the whistleblowers.
I'm disgusted.
It seems the Elcomsoft page has been /., if it's in Russia it does not help...= cache:http%3A%2F%2Fwww%2Eelcomsoft%2Ecom%2Fapdfpr% 2Ehtml page, you can download the Advanced PDF Password Recovery here and here
Thanks to google, here's a mirror of the http://www.google.com/search?sourceid=navclient&q
--
"Science will win because it works." - Stephen Hawking
Does the DCMA not only prohibit circumvention without the copyright owner's (presumably the owner of the copyright on the "protected" material) permission? In which case, why not simply demonstrate the technique on an encrypted PDF of material to which he owns the copyright?
You can find your congresscritter at Congress.Org and inserting your zip code into the proper fields. When you do this, be sure to include your name, address and zip code in the letter.
Alternatively, you could send the following (NB, I haven't checked for spelling mistakes):
Dear (Senator/Representative) N.
... activity which would otherwise be protected under the First Amendment and the traditions of academic freedom. It is apparent that the DMCA must be changed or perhaps repealed.
I am writing today to express my displeasure concerning the way the FBI has conducted itself in regards to Dmitry Sklyarov and Elcomsoft.
Mr. Sklyarov gave a talk at a computer security conference on the security weaknesses of Adobe's eBook product, which were apparently easily discovered and exploited. Instead of thanking Mr. Sklyarov for his work, Adobe complained to the FBI and Mr. Sklyarov was detained for violating the Digital Millenium Copyright Act.
I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occuring.
This is not the first time that the Digital Millenium Copyright Act has been abused like this, and it won't be the last. In its short life we have seen many security consultants and even college and university professors threatened with prosecution under DMCA for exposing weaknesses in computer security
I look foreward to your position on this issue.
Sincerely, (name, address including zip)
Finding God in a Dog
IIRC, there is a clause in the DMCA that protects encryption research specifically. As the presentation was an informational survey of eBook protection claims vs. actual abilities, I don't see how that would be something they could arrest him for.
Now the publication of a tool to circumvent the security of PDF documents, that's another story. Does anywone know which he was arrested for?
Yours truly,
Mr. X
...stupid stupid FBI...
Dear: Adobe
Please become an Acrobat and stick your PDF up your own ass using some good Live Motion. Then see how fast you can Type on Call for you Illustrator. Then with it in you ass please go to the local Photoshop and laydown on the Page Maker untill you Indesign. At this point you will need Type Management and have no Postscript to bail yourself out.
Reality has a liberal bias
Instead of being arrested, he should be given a cut of the money the goverment fines adobe and its security partners for. The REAL criminals in cases like this where the money grubbing BS is exposed are often the companies themselves.
And I can count the number of times the DMCA has been used against real criminals on the palm of my hand. Never.
Luckly, slashdot's got a bunch of folks who actually make tech decisions. Let's try and wipe out these security plugins, and make it crystal clear to Adobe that they should be spending more time improving their products rather than going after the guy who blew the whistle on their BS. Call them today, again in a week, again in a month.
Wasn't there a time when crimes needed to be committed within the sovereign territory of the country involved before someone got arrested (Terrorism, murder, et al aside). Since this person didn't crack PDFs within the USA, nor is the software sold here directly by that person (it needs to be imported), what gives the US Govenment the right to arrest him (other then it can).
There was a time when the West condemned the Communists governments for heavy-handed treatment of those who committed "economic crimes against the state", holding up the free market model as an example (including its civil courts as a resolution mechanism).
Who needs to wait for a world government -- its already here -- just open a corporation, make the right size contributions to your favourite party and you too will be "given" the right to be heard.
No. Entrapment is when an officer of the law coerces you into doing something you would not otherwise have done, and then arrests you for it.
last i checked they were a software company, not a government agency.
could we please clarify what government agency actually made the arrest and on what basis?
...dave
Think different? I'd be happy if most people would just think...
It appears to be in an impenetrable obfuscated format called ".ppt".
From http://www.planetebook.com/mainpage.asp?webpageid= 157
"I should say that it will not work," Katalov explained on comp.text.pdf. "We'll just move our site to another ISP, in another country (where there is no Digitial Millenium Copyright Act (DMCA)). And/or make our software available for free, under the GNU license."
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
I have a copy mirrored here (in Canada).
cf. FibreSpeed
- Michael T. Babcock (Yes, I blog)
But only where laws like the DMCA exist would publishing a paper on how to circumvent a copyright method be a violation in itself. That's more the point -- without the DMCA, only the actual infringing uses of this information would be illegal, not the published information itself.
For example: knowing how to make a cable TV descrambler was never illegal -- using one to get free cable was.
- Michael T. Babcock (Yes, I blog)
from http://www.planetebook.com/mainpage.asp?webpageid= 165
The reason for the arrest has been cited as being the Advanced eBook Processor and his speech at DefCon 9.
----
---- I made the Kessel Run in under 11 parsecs.
The first step in boycotting Adobe should be to come up with a l33t humorous mangling of their trademarks.
adobe = adoobey
acrobat = acr0wfat
Illustrator = Illustrangler
...that the news article on 'Hacking for human rights ' mentions that
"Hackers in the United States and other countries where abuses are infrequent should not be complacent" ....
Mind you it's worth checking Amnesty International to see their comments on human rights in the USA.
To Whom it may concern,
As a user of your products I have become very offended today. I feel like your company is trying to insult my intellegence. Your company has choosen to enforce the DMCA by arresting Dmitry Sklyarov.
By arresting Dmitry you are sending a message that you will allow your product to continue using substandard security. You should be applauding Dmitry for showing that your software needs improvement. As a user of eBook I am happy that Dmitry has shown that the security can be broken. Do you actually think your customers want you to hide these problems so only the bad guys can get our data?
Would you want to continue using eBook if you know from now own Adobe will use scare tactics to keep security holes hidden? Put yourselves in your users shoes. I am not going to use eBook from here on out. I will be looking for another product until your views on the matters change. Not only do I feel you should change your decision you must also voice out against the DMCA. From here on out I will never use any products that support the DMCA or any other plan to take away citizens rights.
Thanks for listening,
One more upset customer
Side note: gv works just as well as Acrobat to view PDF files from netscape as a helper app (and PS too, of course). Just add "gv %s" in as the application to handle the file types for PostScript and PDF(edit->preferences->helperapps or something like that). Personally I like gv's navigational structure better anyway.
(Well, /path/to/gv if it isn't in your path, naturally.)
Very rarely I will run across a document that gv just doesn't like but that Acrobat displays fine. This happens maybe once a month, if I'm looking at a fair amount of pdf's.
I think the software dependencies for gv are ghostscript and whatever dependencies it has but I'm not sure. apt-get or rpmfind.net or your ports tree are your friends in that regard.
--
News for geeks in Austin: www.geekaustin.org
News for Geeks in Austin, TX
This has highlighted some false claims made by a company in marketing. Does this mean that next time someone claims their software is secure, it is illegal to prove it is not?
What about consumer protection laws - this is misleading conduct on the behalf of the companies involved.
Be assured your constitutional rights to free speech and freedom of the press have been taken away. It is a sad day when a man can be thrown in jail for intelligent speech and writing. But that is what has happened here. Where will the madness created by the DMCA end?
"Congress shall make no law... abridging the freedom of speech, or of the press"
Are you sure you aren't confusing a CIVIL action with a CRIMINAL action of a low enough severity that imprisonment is not allowed. As far as I remember, the Supreme Court said you can arrest even for crimes for which imprisonment is not allowed - that is a far cry from arresting someone for a civil violation. BTW, speeding is a CRIMINAL offense (as are other traffic violations) in many states. For example, Nevada. Plus a FINE is only assessed for CRIMINAL offenses, for civil offenses it is a civil penalty.
Just because it CAN be done, doesn't mean it should!
The Bill of Rights applies to all people that the US government interacts with. The Border Patrol cannot abuse Mexican immagrants any more than LAPD can abuse US citizens. Manuel Noriega was afforded all of the rights in the constitution, even though he was not a citizen. The Bill protects ALL people, not just those born here or who those who passed a test.
Remember, You are unique...just like everyone else.
Editor's Note [from the article]: (17 July 2001 0100 PDST) Vladimir Katalov has informed Planet eBook that Dmitry Sklyarov, author of the "Advanced eBook Processor", was in fact arrested, and that he is being held in a Las Vegas prison waiting for subsequent judgement in California.
Under normal circumstances the authorities cannot detain citizens without arresting them, since doing so is paramount to an arrest. However, this case involves a non-citizen being barred from boarding a plane at an airport, and his detention was merely a temporary condition prior to his arrest.
I do not have a signature
NO. They should have arrested him in the middle of the presentation for maximum effect, and yes they can warn him but are under no burden to do so. However, it is unlikely that they were even present at the conference (in this capacity)-- and even if they were, maybe once they saw this complex and new "crime" being committed they felt they should wait for the okay from their own FBI lawyers (rather than the Adobe jackals) before proceeding.
The crime here is not cracking the "protection" but sharing the method used to perform the crack. While it is not a crime to describe in detail how to kill someone (if you do it without being inciteful), how to manufacture drugs, how to build a bomb, how to cheat on your wife, how to molest children, it is a crime to discuss methods of cracking anti-consumer "protections" on copyright restricted materials on digital media. This Russian guy broke that blatantly illegal law on US soil (using information he obtained at home in Russia where he may not have been violating any laws). Ergo, he gets arrested.
To quote Bulldog, "This sucks. This is total BS."
I do not have a signature
I am writing today to express my displeasure concerning the way Adobe has conducted itself in regards to Dmitry Sklyarov and Elcomsoft. It would seem that, rather than thanking Mr. Sklyarov for exposing serious flaws in your products, and then correcting them, you have chosen to pursue a course of litigation and intimidation via the misuse of law enforcement.
I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occurring.
As an Adobe customer, here is what I want: The pursuit of better products, and not more litigation. We have enough of that already. I fear one day that my children may be imprisoned for pointing out flaws in corporate products, or for engaging in legitimate research of code and computer products. Perhaps, if you have children, they will be too. So I urge Adobe to "back off" as it were and refocus the money that would have been spent on lawyers into developing a more secure and better eBook system.
Thank-you for your time, and I look forward to your reply!
If I were part of a company screwing over someone else's copyright or exploiting their crappy code, my company would be subject to a law suit. I can't imagine we'd all be hauled off in the paddy wagon. But an individual doing this can be jailed?
I'm not being sarcastic [this once]. I seriously don't get this.
[For my money, you should be subject to arrest for giving your conference such an overly-dramatic title. Hacking for human rights, my arse.]
But the greater evil here is clear to see. In the graphics world Adobe = Microsoft, a single company holding the reigns on all of the industry's mission-critical tools. Time to get a better text tool for GIMP and get it to the people.
Don't just lament how wrong this is. TELL Adobe what you think of them and their actions. But PLEASE, be polite. Messages like "j00 suX0r Adobe!" get thrown in the PLOINK-bin faster than you can blink, and without a second thought. But a well-written message detailing why you are not happy with them, and what they can do about it, would be most helpful. Here are some PR contacts at adobe:
jcristof@adobe.com
dstyerwa@adobe.com
lvacante@adobe.com
ablatchf@adobe.com
skrueger@adobe.com
gbabbit@adobe.com
wsaso@adobe.com
Don't forget to give them a ring on the tele:
(408) 536-6000
And lastly, we have the executive's email addys (I think. I have not verified these addresses, so they may not work. The ones above will for sure though.)
jwarnock@adobe.com
cgeschke@adobe.com
bchizen@adobe.com
snarayen@adobe.com
mdemo@adobe.com
gfreeman@adobe.com
cpouliot@adobe.com
jstephens@adobe.com
ttownsley@adobe.com
mdyrdahl@adobe.com
blamkin@adobe.com
Go out there and tell them! Corporations are run by people, just like us. Sometimes those people do very stupid things and need correction; that is what I plan to do, and everyone who reads this message should do the same.
-- russ
Natural != (nontoxic || beneficial)
While I don't advocate and don't intend to cause harm to anyone's person or Adobe's physical plant, I would shed no tears if Adobe's HQ burned to the ground, preferably with the decision-maker responsible for this inside.
CEE5210S The signal SIGHUP was received.
Move that case into this post-DMCA case we live in today, and you would likely see the publisher of the magazine thrown in jail for creating an anti-circumvention device, and the PR people saying that this is a great victory for everyone because those evil hacker people were thrown in jail. Of course they'd also neglect to say that this information would probably become much more wide-spread than it otherwise would have been, and that a lot of innocent people would be adversely affected because the manufacturer would have little motivation to fix a glaring security flaw.
The result? The flaws are not fixed and there is the possibility of even more damage. People still know the flaws, but the problem is not fixed.
D - M - C - A
If god had intended you to be naked, you would have been born that way.
As Richard Stallman said before:
He was talking about DMCA and the new Free Software laws in other countries.
So, if there's nothing like DMCA in your country, fight for your rights, don't let them cut back your rights!
Don't worry, I'm too busy [to|every]day
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
I don't think that would go over well. Can anyone explain a difference to me? Or would the U.S. accept this arrest without problem?
I've done my duty and emailed Adobe politely about this abuse of a bad law. Perhaps at the next DefCon, presentations on how to circumvent this Adobe flaw will be distributed to the public as encrypted PDF's, so that DCMA supporters will not have access to content they find objectionable.