Sklyarov Tells U.S. Court, 'I'm no hacker'

DaytonCIM writes "Dmitry Sklyarov, the Russian programmer at the centre of the first Digital Millennium Copyright Act (DMCA) prosecution, yesterday delivered his long-awaited testimony in the trial of his former employer, ElcomSoft." There are also stories at The Register and on CNET.

Throw it out?

[KeatonMill]

It seems like this case shouldn't even be happening. Adobe just wants to make an example out of someone. The problem is, they picked the wrong guy. As seen earlier on Slashdot, they haven't found a single eBook decrypted with his software, and if it isn't on (I assume they use) KaZaA, then it really doesn't exist freely. He also appears to have said all the right things in court. There is such a thing as catching a drift, and I think Adobe missed it, and is now trying to drown Sklyarov.

Re:Throw it out?

[zapfie]

Adobe's side of the story.

Re:Throw it out?

Wow, they just fundamentally don't get it:

Q: Elcomsoft claims that it developed the software in order to let users copy the eBooks they purchased onto multiple computers. Doesn't the Acrobat eBook Reader violate the Fair Use Act?
A: Adobe engineered the Acrobat eBook Reader to exchange eBooks like printed books. The Acrobat eBook Reader does allow customers to move the eBooks they purchase between computers through its lending and giving features. If the publishers enable these features, the buyer of an eBook can loan or transfer to another Acrobat eBook Reader on the network. [Emphasis added]

The whole point of fair use and its ilk is that it does not require permission from the copyright holder. If I have to beg for my fair use rights, then they have been stolen from me. Forget free speech, this case is about the basic rights to own and use one's private property.

In one of Lessig's speeches, he lists the absurd restrictions on an eBook of a work in the public domain. Who do these people think they are?!

Re:Throw it out?

[Twirlip+of+the+Mists]

Basically what Adobe is saying.

- We want elcomsoft to not release software that breaks our unbreakable security software.

No. First, Adobe says right there on the page that no technology can be 100% secure. They say that, when used properly, their software protects copyrighted works. That's all they claim.

They say that they encourage users, including "white hats," to give them feedback on their software and the security thereof.

They say that Elcomsoft broke US law by distributing their software. They say that the US Department of Justice took it upon themselves to make the arrest and to prosecute the case.

Whether or not Adobe's software is perfect isn't even remotely relevant to the issue.

Re:Throw it out?

[Twirlip+of+the+Mists]

Forget free speech, this case is about the basic rights to own and use one's private property.

Did you know that copyright holders are not required to do anything at all in order to ensure that users of their works can exercise all-- or even any!-- of the possible fair uses of their works?

Did you know that, under the DMCA, it is not illegal to circumvent copy protection mechanisms for the purpose of making fair use of a work? [17 U.S.C. 1201(a)(1)(B)]

Did you know that this case rests on the DMCA's prohibition of the importation or sale of devices whose sole purpose is to circumvent copy protection? [17 U.S.C. 1201(a)(2)]

Did you know that most people who complain with zeal that the DMCA is a bad law have never actually read it, or indeed any part of Title 17?

Just some legal trivia for y'all to chew on.

Re:Throw it out?

[sasha328]

I wish I had moderating rights at the moment, because this and the parent thread should be read by all those who are breating Adobe without knowing what is it they've done wrong.
The point is not that Elcomsoft and Sklyarov developed anti DMCA software, because they did; The point that should concern people (especially those from outside the US) is that they are being tried in the US, under US law for legal actions they committed in another country. This just shows the hypocrisy of the US government. They want others to follow their rules, but they never stop to consider others' rules.

Re:Throw it out?

[Henry+V+.009]

Did you know that, under the DMCA, it is not illegal to circumvent copy protection mechanisms for the purpose of making fair use of a work? [17 U.S.C. 1201(a)(1)(B)]

Did you know that this case rests on the DMCA's prohibition of the importation or sale of devices whose sole purpose is to circumvent copy protection? [17 U.S.C. 1201(a)(2)]

You really don't see any conflict at all between those two statements do you?

Re:Throw it out?

[lobsterGun]

The DMCA is a bad law because it requires an affirmative defence in order to create tools for excercising fair use rights.

That is to say: If a developer creates a tool to enable a user to excercise his or her fair use rights, a copyright holder can have the state haul him into court and claim that the tool is actually an illegal circumvention device. The court is then forced to 'read the mind' of the developer to attempt to divine his motivations for creating the tool.

Re:Throw it out?

copyright holders are not required to do anything at all in order to ensure that users of their works can exercise all-- or even any!-- of the possible fair uses of their works

Straw man. Adobe isn't merely failing to accomodate fair use. They are actively trying to block people from using their own resources to enable fair use. That is what people are rightfully complaining about.

it is not illegal to circumvent copy protection mechanisms for the purpose of making fair use of a work
...
DMCA's prohibition of the importation or sale of devices whose sole purpose is to circumvent copy protection

Put these two together. You're saying you can have your rights as long as you're an expert computer scientist and cryptographer? Nice. What about the other 99% of US citizens? In a free market, shouldn't people be allowed to hire someone else with the necessary skills or purchase a tool that enables them to do what they want? Also in a free market, shouldn't I be allowed to satisfy that demand if I have the expertise?

Did you know that this case rests on the DMCA's prohibition of the importation or sale of devices whose sole purpose is to circumvent copy protection?

Did you know that copyright holders can bundle extra restrictions into their "copy protection" systems that have absolutely nothing to do with the actual rights granted to copyright holders? eBooks you can't read aloud or print, DVD region coding, software that's tied to a single computer and can't be resold, and many more to come if this case is lost.

Re:Throw it out?

[koreth]

Ahh, good, so if as a consumer I want to read a protected document on my Palm instead of my PC, all I have to do is go back to college, get an advanced math degree, bring myself up to speed on the state of the art in encryption, learn how to program on both platforms, figure out the encoding the document uses, write an app to crack it, and I'm all set.

Right, best be getting to it, then.

Good thing the law protects me from buying the end result from someone else instead of going through the process myself -- without doubt, a law that promotes that sort of self-sufficient, can-do spirit is just the sort of thing that made this country great.

Re:Throw it out?

[Safety+Cap]

I code an e-book decryptor. I decrypt my e-books ~. That isn't illegal.

Unfortunately, that happens to be quite ILLEGAL.
US Code Title 17, Chapter 12, 1201 says (emphasis mine):

(2)

No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that -

(A)

is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
*********************
Check out this article for more.

Re:Throw it out?

[Twirlip+of+the+Mists]

If you read the text of the DMCA, one of the issues is whether the copy protection is "effective." And I'm surprised that Elcomsoft's attorney apparently didn't make some hay out of that.

"Effective" doesn't mean "really good." It just means that the mechanism does, on its face, restrict access to the work. It's not a question of how easy or hard it is to get around it. It's a question of whether it presents an obstacle at all.

This analogy isn't perfect, but I think it'll serve. Imagine that a policeman comes to your house. You have the severed head of your last victim in your freezer, and you decide (for whatever reason) to leave your freezer door open. The policeman walks in, sees the severed head in plain sight, and arrests you on the spot.

On the other hand, what if you had closed the freezer door? If the policeman had opened your freezer, seen the severed head, and then arrested you, your lawyer would immediately start drafting a motion to suppress evidence. If a policeman looks around and sees a severed head in plain sight, that's not a search and requires no warrant. If, on the other hand, he opens your freezer and finds the head, that's a search, and it requires a warrant in order to be legal.

The question of whether your freezer is a good place to hide things or not never comes into it. The point is that you had the severed head behind closed doors. That's all it takes.

This is the same thing. The important fact is that the content of the work is hidden behind an access control mechanism such that you have to circumvent it in order to get to the content. Even if the process of circumvention is trivial-- like opening a freezer door-- it's still circumvention, and (mostly) prohibited.

Re:Throw it out?

[Alsee]

So ROT-13 is most definitely an effective access control mechanism; you can't read it

Which brings us to an excellent point. It is pretty easy to learn to read ROT-13. And once you do learn it, it's virtually impossible to not do so any time you see it.

I have made zero effort to learn ROT-13, yet it took me about 2 seconds to recognize the phrase "All your base are belong to us" when I saw it posted in ROT-13. I even spotted that there was a typo in it, though I couldn't tell offhand what the typo changed it to.

I'm sure if I really worked at it I could become semi-fluent in reading ROT-13 within a day or so.

What are the DMCA implications of this? Of learning to decrypt something in your head? Because it *IS* possible to do DeCSS this way, though it would be quite an impressive feat.

-

doesn't matter

[ArchieBunker]

Under the DMCA just creating the tool is illegal. It doesn't matter if everyone or no one uses it.

Re:doesn't matter

[Sleepy]

AH. Next we'll have the Saudi's here at the beaches of the United States, monitoring who's wearing a swimsuit.

Such clothing is illegal in Saudi Arabia.

Who knows, they might jail a few tourists for crimes never commited on their soil... hmm?

Where does it end?

Re:doesn't matter

[DarkZero]

It's great to see you're so well versed with the case. In fact, the affidavit alleges that he was selling the software on US soil.

Not he, they. ElcomSoft is on trial, not Dmitry. Otherwise, you're right.

Re:doesn't matter

[AftanGustur]

Under the DMCA just creating the tool is illegal. It doesn't matter if everyone or no one uses it.

Isn't the DMCA a USA law ??? Sklyarov did all his programming in Russia ..

Is copyright protection realy worth living in a world where a foreign national can sue a individual/company in another country for breaking laws in his country ? Like THIS ?

DMCA logic

[unixisnotmultics]

If you can get arrested for providing someone with the tools to commit a crime, how come this does not apply to anything but the software/electronics area. For example gun manufacturors do not face such action for providing people with items that could be used in a crime. even a shoe could be used to kill somebody :-)

Re:DMCA logic

[czarneki]

This is nothing new, you know.

Back when the Sony-Betamax case was pending Supreme Court review, people asked how it could be that VCR manufacturers could be liable for contributory infringement of copyright simply by providing a tool that some people misused when gun manufacturers were immune from suit by murder victims. There were political cartoons to this effect.

Then the Supreme Court thanfully (it was a close one though, 5-4, I believe, and according to some historians the dissent was originally the majority) gave VCRs a fair use out.

Basically, the Mickey Mouse lobby is invincible. Why should they be deterred by a little logic?

Re:DMCA logic

[IndependentVik]

Oh, but don't you get it? A gun, while lethal, is extremely unlikely to deprive big corporations of great sums of money. A couple of dead people is nothing compared to (potentially) lost profits.

Legitimate use?

"the company's password retrieval programs have been purchased by the FBI, the IRS, U.S. district attorneys and U.S. police departments, as well as by private companies like Microsoft and Motorola."

It should be interesting to hear what the "legitimate uses" sited by these people are.

Control the access, control the ...

[peripatetic_bum]

Why isnt anyone really stating that this is about a blind person's ability to read the book they bought.

While the seller doesnt have to guarantee that his books can be read by the blind, the seller cant keep the blind from reading the book, ie using the software to 'open' the book and let him read it.

I would like to hear a valid argument against this statement?

thanks for reading.

Re:"I'm No Hacker" ?!?

[halftrack]

Oh, oh ... haven't you read the jargon file? No true hacker calls himself a hacker, it's a title given to you by the community. Now you've really made a boo-boo.

"Didn't care that he violated US law"

[ryants]

In one dramatic moment in a relatively anticlimactic afternoon of testimony, Frewing forced Sklyarov to acknowledge that he didn't consider the legality of his program.

"Isn't it true that when you wrote this software you didn't care whether it violated laws in the U.S.?" Frewing asked.

"That's true," Sklyarov said.

And why the fuck should he care? A Russian programmer working in Russia shouldn't have to consult the law books of every nation on Earth to see if his work may or may not violate some law somewhere. If we all had to do that, nobody would ever get anything done, and pretty much anything would be illegal in some country or other.

Re:"Didn't care that he violated US law"

[Snoopy77]

Your comment is in violation of the Criminal Law Act under section 141 part B of Tajikistan. Extradiction proceedings are under way.

copying books

[Fuzquat]

Does Adobe give users the ability to print out copies of their e-books? If so, then they need to prosecute every manufacture of OCR software that exists.

In fact, they need to prosecute every manufacture of OCR software anyway because it could be used to read the characters directly off of a screenshot of an open e-book.

They also need to bring lawsuits against anyone with data entry skills because theoretically someone could read text from a screen and input it into a word processor.

Wait, that means word processors are a circumvention device for e-book protection, but that's ok: everyone uses Microsoft Word anyway and Microsoft has more lawyers then Adobe.

The list goes on, but the point is that data will be copied one way or another when people want to copy the data.

Pick your favorite fix to the copyright system we have today, but it had better deal with two parts of reality:\

Encryption can and will be decrypted.

Content must be cheap or people will copy it.

Re:copying books

[roystgnr]

Regardless of the flaws of the DMCA, this type of software will ALWAYS be illegal (even if the DMCA is repealed and replaced with soemthing else), beacuse it's PRIMARY USE is to circumvent copyright protection measures. This is clearly wrong to anyone with a conscience*.

Do you demonize everyone who disagrees with you, or just everyone who disagrees with you on this issue?

You've just said that the solution for blind people is not to buy EBooks. You have no right to accuse anyone else of lacking a conscience.

You've just given Adobe the sole authority for "transferring certain material from reader to reader". Since every ebook in existence should eventually be public domain, and the length of current copyright terms vastly exceeds the halflife of electronic gadgets, this is unacceptable.

Even in the meantime, I can think of a dozen legitimate reasons for wanting unchained access to material I have purchased (and so there are probably a hundred more I haven't thought of). Getting that access may break the DMCA but does not break copyright law, and it is not immoral of me to want it.

Elcomsoft published code whose primary use is to to break encryption. Subverting copy prevention is a secondary use.

Hacker ... just what is that?

[Hektor_Troy]

My answer would have been

Please define "hacker".

Some dictionaries define it as follows:

hacker
n. Informal.

1. One who is proficient at using or programming a computer; a computer buff.
   
2. One who uses programming skills to gain illegal access to a computer network or file.
   
3. One who enthusiastically pursues a game or sport: a weekend tennis hacker.
   

So which one is it? Saying "yes" would be a lie either way.

Hell, he might just have lied, when he said "no"; I would certainly label him as a hacker, using definition 1, and he might also be a golf hacker for all we know.

From the CNET article

[Ayanami+Rei]

ElcomSoft Managing Director Vladmir Katalov took the stand after Sklyarov. He testified that ElcomSoft, which also makes password-retrieval software, has many major customers for its products, including Adobe and the U.S. Department of Justice.

Now this is an interesting twist. I didn't know anything about ElcomSoft itself. This is like blaming the guys who make the tools used to extract keys from locked cars. Everyone curses the wind wishing they're around when you get locked out.

Who here has not scrambled for a NT Admin password recovery disk, or a ZIP password cracker, or swapped NVRAM chips between Suns?

They don't hide behind pretenses... they expose the poor security and help you when you are hindered by said annoyances! I believe there is insufficient evidence to make Sklyarov appear malicious, and he had little to gain personally. He exposed the information that would only be profitable within the confines of the company and his product to the public. Moreover, he warned potential publishers that the protected PDFs weren't safe. Therefore, the only person that loses out is the lazy programmers at Adobe. And he claims to be ignorant of the legal ramifications. AND WHY SHOULD HE, HE'S A FRIGGIN RUSSIAN CITIZEN (Spare me the IN SOVIET RUSSIA... replies).

I hope to GOD that the DMCA doesn't get used to uphold lazy habits.

IN THE UNITED STATES OF AMERICA

[User+956]

The DMCA controls YOU!

Violate US Law

[nuggz]

He didn't violate US law on US soil.

He violated a US law on Russian soil.

That is the key point people SHOULD be upset about.

You can't argue that you shouldn't have to follow a countries laws while you are in that country. The origional issue was that a Russian citizen in Russia, working for a Russian company, shouldn't have to worry about US law.

Re:Violate US Law

[morgajel]

fact: quite a few politicians have affairs.
fact: in some countries, adultury is punished by castration...

wonder what the case would be if another country did that to a visiting US diplomat?

do as we say, not as we do.

IN CAPITALIST AMERICA

[Chuck+Chunder]

The laws violate YOU!

Before drifting in the gun debate...

[MacAndrew]

There are examples of controlled dual-use "tools" such as explosives and locksmithing devices. (There's a federal statute specifically for the latter, though it is a bit vague and I doubt often enforced; non-Hollywood burglars usually use less finesse :).

Obviously you can get arrested as a conspirator, accessory, or accomplice to a crime. But liability goes further, it depends on your knowledge and exercise of due care.

You can get in trouble for supplying a gun to someone knowing they intend to use it for a crime; you can be liable for joyriders crashing your car after you left the keys in the ignition; there is even liability for serving one drink too many to someone before they go driving ("dram shop laws"). Said liability may be civil or criminal depending on the jurisdiction and the circumstances.

Before anyone says these sorts of liability are unfair in some abstract sense of causality, I'll add that the rules were developed in an effort to reduce the overall misery by allocating responsibility efficiently and reducing opportunities for mischief. So it has less to do with condemning anyone than with dry economics. Of course the details are open to debate.

As for shoes, well, they've been trying to get stiletto heels over 3" banned outright for years. (I'm kidding -- but I wonder if you can still take them on an airplane?)

I *hope* this is what you were asking about!

Pecking order

[r_j_prahad]

I just killed an Adobe Pagemaker sale today. No fanfare, no big deal, I just wrote "denied" on the purchase request and sent it back. I told him to find something else, and as long as it's not from Adobe I'll sign off on it.

That one's for you, Jon. And so's the next one. And the one after that. And as many as it takes until Adobe fully appreciates the delicacy of vendor-customer relationships, and acknowledges who's really in charge.

Re:Pecking order

[base3]

Please. Adobe knew exactly what they were doing, and exactly what the result of their "backing off" after the PR got hot would be. No sympathy.

They got what they wanted, and decided to sit back and let the feds be the bad guys.

I personally make a point of showing everyone I encounter who's interested in making PDFs the beauty of Ghostscript and Ghostview. Every sale I can cost Adobe makes me feel that much warmer inside.

I look forward to the day when the DMCA wielding jackbooted thugs cease to be relevant, and their stock becomes worthless.

It's a good thing the ancient Greeks and Egyptians

[sdo1]

... didn't have the DMCA. Otherwise a lot of our shared history may have been lost forever. What are our decendants 100 or 500 or 1000 years from now going to know about us?

Our creative output is going to be slowly locked away in copyright protected files never to be seen again... except to the person who originally bought the rights to view it. But they (we) will be long since dead... and the content, which will be as helpful to them in understanding their history as hiroglyphics are to us, will be lost.

Bottom line... the DMCA, and everything it stands for, sucks. It is the epitomy of government "of the people, for the people, and by the people" gone terribly wrong.

-S

What is going on here?

[Mattwolf7]

Go to http://www.adobe.com/aboutadobe/pressroom/pressrel eases/200107/dmca.html (Sorry not sure how to link here)

Go all the way down to the bottom of the page and click on the U.S. Attorney's office link....

Is it porn for you too? Did they get hacked?

To foreign programmers: don't step foot in the US

[Maul]

"I cared about not violating the law of the country I am operating in," Sklyarov said.

Sklyarov should not have had a responsibility to know or obey the laws of the United States, as a Russian doing work in Russia. What his employer does with the product he makes is none of his concern.

Putting the fact that I don't agree with the DMCA (I believe it is Unconstitutional) aside, the company sold the product in the USA, and should be the one held responsible.

Holding Sklyarov accountable is just plain wrong. US citizens wonder why foreigners hate our guts. One of the reasons is that our government feels that its laws should forced upon everyone worldwide.

If you are a foreign programmer who deals with security issues, I'd be cautious about stepping foot in the US, at least while Bush and his administration hold power. As you can see, our government is out of control right now, and it'll take a lot of US citizens to wake up to that fact before things can really change.

so Adobe stuffed up twice!

[martin-boundary]

Your objection doesn't apply at all. Dmitry didn't go to the US to sell his company's software, he went there to give a talk. So not only did Adobe attack a Russian student for completely legal work he did in his home country, but they also purposefully accused the wrong person. If they had been serious, they would have gone after the *servers* in whatever US colo they happened to reside.

CHECK OUT THE LINK ADOBE POSTED!

[ssstraub]

I don't know what's more unbelievable. That Adobe posted this link or that no one on /. has caught it yet!

-Go to Adobe's press release.
-Scroll down to the last question.
-Click on the US Attorney's office link.

Something tells me that Sophy's going to be getting a lot of revenge real soon... LMAO!

Re:To foreign programmers: don't step foot in the

[bockman]

Holding the copyright and selling the product are different things. Unless Sklykarov was actually selling the program personally and on the US soil (i.e. when he was at the conference ), he should be not accountable, if not according to the law at least according to common sense.

Even if he did it, it should depend on the terms on which he was granted entrance in the US. We European can shortcut the visa procedure by signing a visa waiver, that allows US administration and justice to handle us as they see fit. For instance, if a citizen of the Netherlands is found in possess of marjuana, it can be arrested in the US even though this is legal in the Netherlands.

If Sklyarov signed something like that and then violated the american law (even not knowing it), bad luck to him. But if he came in the US with a real visa, I believe that the only legal act for the US authorities was expulsion. Anything else, in a country less powerful than US, would have raised one hell of an international case.