Leading Up to Action, Arrest
On July 16, 2001, Dmitry Sklyarov, a Russian programmer, was arrested by the FBI as the copyright holder of a software program that circumvents the technology that protects against the unauthorized copying of Adobe Systems' eBook format. Sklyarov's arrest was preceded by several events. On June 22, his company, ElcomSoft (http://www.elcomsoft.com), posted a press release announcing the sale of a software program called Advanced eBook Processor (AEBPR), which removes encryption coding from Adobe Acrobat PDF files and Adobe Acrobat eBook Reader software. In part, the press release stated:

Advanced eBook Processor lets users make backup copies of eBooks that are protected with passwords, security plug-ins, various DRM (Digital Rights Management) schemes like EBX and WebBuy, enabling them to be readable with any PDF viewer, without additional plug-ins. In addition, the program makes it easy to decrypt eBooks and load them onto PalmPilots and other small, portable devices. This gives users—especially users who read on airplanes or in hotels—a more convenient option than using larger notebooks with limited battery power to read their eBooks.

PDF protection can prevent users from changing or printing information, adding or changing annotations and form fields, or even selecting and copying text or graphics. With Advanced eBook Processor, these PDF files can be decrypted, opened, and used without any of these restrictions. Once protection has been removed, PDF files created with Adobe's Acrobat program can be opened in any PDF viewer, including Adobe's Acrobat Reader.¹

Although the press release and demo program have been removed from ElcomSoft's Web site, you can view the press release in its entirety at http://www.planetebook.com/mainpage.asp?webpageid=169 and study ElcomSoft's position (and even download the "criminal" program) at the Censored Archive Web site (http://diddl.firehead.org/censor/adobe_ebook/www.elcomsoft.com/aebpr.html).

On June 28, Adobe updated its software to prevent AEBPR from operating. ElcomSoft responded by releasing a new version of AEBPR to once again circumvent Adobe's programs. When Adobe next requested that ElcomSoft stop selling the software, ElcomSoft agreed, but then offered a demonstration copy at no cost (available through RegNow, an online software delivery and payment service; http://www.regnow.com).

During this same period, Adobe representatives met with FBI Special Agent Daniel J. O'Connell. About a week after the meeting, O'Connell filed an affidavit with the Northern District Court of California (http://www.planetebook.com/mainpage.asp?webpageid=168). Sklyarov was attending the annual DEF CON (DEFense CONdition of the country) underground Internet security convention in Las Vegas to discuss AEBPR, when he was arrested by the FBI and held without bail.
 

The Indictment
On August 6, Sklyarov was released on $50,000 bail, but was required to forfeit his passport. The indictment of Sklyarov and ElcomSoft took place on August 28 (http://www.usdoj.gov/usao/can/press/assets/applets/2001_08_28_sklyarov_ind.pdf). The indictment uses some frightening language, including six paragraphs under Count One outlining "The Conspiracy," as well asa paragraph about the commitment of "Overt Acts." In short, Sklyarov was charged with two major counts: 1) "conspiracy to traffic in technology primarily designed to circumvent—and marketed for use in circumventing—technology that protects a right of a copyright owner" and 2) aiding and abetting such conduct.

To the surprise of Adobe officials, there was national public outcry (including protest marches) over Sklyarov's arrest, as well as pressure from the Electronic Frontier Foundation. This prompted the company to request Sklyarov's release. Despite Adobe's willingness to back down, as of this writing the Department of Justice continues to press on with its prosecution. Although it's not illegal in Russia for programmers to develop circumvention software, U.S. prosecutors will most likely argue that because Sklyarov was on American soil, the federal government has authority to establish jurisdiction.
 

The Case
Sklyarov is not being accused of copyright infringement, but rather is being charged for developing and distributing software that could ultimately furnish the means to illegally copy and widely distribute rightsholders' works. The legislation responsible for Sklyarov's arrest is the Digital Millennium Copyright Act (DMCA), signed into law by President Clinton on October 28, 1998 (available in full text at http://www.loc.gov/copyright/legislation/hr2281.pdf).

The DMCA embodies two primary categories of "protection against circumvention of technological measures used by copyright owners to protect their works." The first category includes measures to "prevent unauthorized access to a copyrighted work." The second category includes measures to "prevent unauthorized copying of a copyrighted work." Violators of these provisions in the act are subject to criminal prosecution, especially if they "willfully" break copyright laws for "commercial advantage or private financial gain."

Although a few civil cases have been adjudicated or settled out of court, the Sklyarov case is different because of the criminal charges being brought against a Russian citizen. In a civil case, the prosecuting individual or company sues for monetary damages and/or the right to force the defendant to cease a specific action. Being charged as a criminal under the DMCA, Sklyarov faces up to 5 years imprisonment and up to a $500,000 fine. (Subsequent offenses under the DMCA incur as much as a $1 million fine or 10 years imprisonment. Nonprofit libraries, archives, and educational institutions are "entirely exempted from criminal liability.")

The federal government must prove that Sklyarov, as the registered copyright holder of the AEBPR program, developed the software for commercial advantage or private financial gain. Note that although copyrights and patents are often registered in the originators' names, under work-for-hire regulations the developers' employers generally own and profit from the copyrighted works.

To argue the case, Sklyarov's attorney has several probable lines of defense. First, Sklyarov is studying electronic security issues as part of his Ph.D. research studies. The defense may very well ask whether or not it's against the law for anyone to engage in "legitimate" encryption research. In a similar circumstance, Edward Felton, a professor affiliated with Princeton University, withdrew a paper analyzing digital music encoding when the Recording Industry Association of America threatened a lawsuit. The importance of cryptology as a recognized discipline has been demonstrated several times in U.S. history, most notably during World War II. Brad Templeton, chairman of the Electronic Frontier Foundation, points out that "Cryptanalists [sic] like Alan Turing are now widely regarded as among the greatest contributors to the defeat of Nazi Germany...."²

A second line of defense is that Sklyarov was merely trying to demonstrate the weakness of Adobe's encrypted programs and the ease in which he was able to devise circumvention software that compromises Adobe's products and the copyrights of publishers. Incidentally, Sklyarov is not the only programmer to study e-book encryption programs. In late August, an anonymous programmer reported that he was able to decrypt the Microsoft Reader eBook program, but understandably he has not released his software. The problem with this defense, however, is that ElcomSoft was selling the circumvention program, rather than publicizing research about the security problems of encrypted e-books.

A third possible line of defense—a strong one, in my opinion—is that ElcomSoft and Sklyarov developed the software to encourage first-sale and fair-use provisions outlined in the U.S. Copyright Act. Examples of such rights include making a backup archival copy in case the original e-book is damaged, loaning an e-book to a friend or colleague, allowing the visually handicapped to load e-books into speech synthesizers, and permitting readers to store e-books in other programs so they can be accessed with any software or after program upgrades.
 

Fair-Use, First-Sale Rights
Since his employer, not Sklyarov, was directly selling the program, it's inconceivable that Sklyarov deliberately created it for personal profit motives. From most accounts, his primary reason for attending the DEF CON convention seems to be the presentation of legitimate research on how easily encrypted e-book programs can be broken. Some industry experts have even suggested that Adobe Systems should be grateful to Sklyarov for finding the software vulnerabilities. DEF CON has held nine annual conferences, attended by respected security experts, cryptographers, and computer programmers employed by universities, corporations, and the government. Despite the prestige of many of the attendees, there are those who claim that meetings of the organization encourage a "dangerous" society of hackers.

I've frequently criticized the continuing threat from publishers that will ultimately end fair-use and first-sale doctrine rights. Witness the July 19 statement from the Association of American Publishers (AAP) "hailing" the actions of the Justice Department regarding the Sklyarov case. In part, Pat Schroeder, president and CEO of AAP, said:

It's only common sense to expect that, if the public wants desirable books to be available online and through other digital media like the Adobe Reader, the authors and publishers who have the legal rights to commercially exploit such works in the global digital marketplace must have reasonable assurances that the market value of their works can be protected from the extraordinary risks of illegal reproduction and distribution that are made possible by the capabilities of digital media. Congress understood this when it enacted the DMCA to help promote the online availability of copyrighted works.

Distribution of the means to strip ebooks of their access and copyright protections is not a public service, any more than it would be a public service to distribute the keys that unlock a bookstore or public library.... It merely facilitates theft, and makes it less likely that ebooks will soon become a popular reading format.³

What Schroeder fails to understand is that when we buy print books, we legally own them—we can write in them, lend them, donate them, sell them, reread them, and desecrate them. Libraries buy books (often single copies) for a borrowing public; they have the right to give away, sell, or destroy the publications. If electronic book theft takes place, as Schroeder fears, I suspect the real reason for this "criminal" behavior is that consumers want continuing or lifelong ownership of e-book titles for which they have paid.

My concerns are not limited to the encryption of e-books. In early 1998, when Paula Eiblum and I reported on the then-new Digital Object Identifier (DOI) tagging system, which was created to protect digital material from unauthorized copying, we worried about the loss of fair-use rights applied to printed materials:

We ... contemplate a time when DOI is applied to the print medium. What if every paper book, journal, and newspaper applies an encryption tag? Imagine a time when a page hits the glass of a photocopy machine and instructions appear directing the user to deposit coins. Either the royalty fees are paid or the page is not reproduced. In our view, the enormous problem of compliance would be solved, not to mention the gratitude authors would feel if they were to receive a percentage of each royalty payment! But does this scenario represent the end of fair use as it was conceived in the U.S. Constitution and written in the revised Copyright Act of 1978?⁴

If the publishers provided a model that allowed readers of e-books to outright own electronic publications, consumers would embrace the technology without feeling like criminals, and the publishing industry could become more profitable.
 
 

Stephanie C. Ardito is the principal of Ardito Information & Research, Inc., a full-service information firm based in Wilmington, Delaware. Her e-mail address is sardito@ardito.com.

1. "Advanced Acrobat eBooks Are NOT Really Secure," ElcomSoft press release, June 22, 2001 (http://www.planetebook.com/mainpage.asp?webpageid=169).

2. Templeton, Brad. "An eBook Publisher on Why the U.S. Attorney Should Free Dmitry Sklyarov" (http://www.templetons.com/brad/free.html).

3.American Association of Publishers. "Publishers Hail Government Action Against Russian Ebook Hackers," press release, July 19, 2001 (http://12.108.175.91/ebookweb/stories/storyReader$89).

4.Ardito, S. C. and Eiblum, P. "Inevitability: Death, Taxes, and Copyright," ONLINE, January/February 1998, pages 81­85.
 

Ardito, S.C. "Electronic Books: To 'E' Or Not to 'E': That Is the Question," Searcher, April 2000, volume 8, number 4, pages 28­39.

Electronic Freedom Foundation. "EFF Intellectual Property: Digital Millennium Copyright Act (DMCA): U.S. v. Sklyarov Archive" (http://www.eff.org/IP/DMCA/US_v_Sklyarov).

"Free Dmitry Sklyarov!" (http://freesklyarov.org).

Harmon, Amy. "New Visibility for 1998 Copyright Protection Law, with Online Enthusiasts Confused and Frustrated," The New York Times, August 13, 2001, page C4.

Lessig, Lawrence. "Jail Time in the Digital Age," The New York Times, July 30, 2001, section A, column 2, page 17.Perens, Bruce. "Dmitry Sklyarov: Enemy or Friend?" ZDNet News, August 2, 2001 (http://www.zdnet.com/zdnn/stories/comment/0,5859,2800985,00.html).

Planet eBook. "Index of ElcomSoft, Dmitry Sklyarov, Adobe, US Government and DMCA-Related Articles from Around the Web" (http://www.planetebook.com/mainpage.asp?webpageid=170).

Roush, Wade. "Publishers Split on Sklyarov Case," eBookWeb, July 22, 2001 (http://12.108.175.91/ebookweb/stories/storyReader$89).

Sperberg, Roger. "Is AEBPR a Legal Program?" eBookWeb, July 24, 2001 (http://12.108.175.91/ebookweb/discuss/msgReader$114).