Turns out the Def Con hacker convention wasn't all fun and games; it also produced one high-profile arrest. Dmitry Sklyarov, a Russian programmer at the Moscow firm ElcomSoft, was arrested by the US Federal Bureau of Investigation (FBI) Monday for violating the terms of the Digital Millennium Copyright Act by distributing a software tool designed to circumvent copyright protections built into Adobe Systems' eBooks.
Sklyarov is the author of a program called Advanced eBook Processor, which ElcomSoft sells, that allows users to remove the copyright protections built into Adobe eBooks, enabling the e-books to be opened in the less secure Adobe PDF (portable document format), rather than in the eBook Reader application.
The eBook Reader application restricts the way a purchaser of an eBook can use the file - including restricting reselling, copying, backing up and printing - rights traditionally given to the purchaser of items like books under the First Sale and Fair Use legal doctrines. By changing the file to a PDF, Advanced eBook Processor allows users to do all of these things to the original eBook.
Sklyarov appeared in a Las Vegas court on Monday, where he was detained without bail and ordered transferred to the Northern District of California, according to a statement from the FBI. Sklyarov was ordered sent to the Northern District of California because that is where Adobe is located, and the FBI made its arrest after receiving a complaint from the company. The company initially met with the FBI in late June to inform the FBI of its concerns and a criminal complaint was sworn out by an FBI agent about a week later, one week before Def Con began.
In one of the first criminal prosecutions of its kind, Sklyarov is being prosecuted under the terms of the 1998 Digital Millennium Copyright Act (DMCA), which makes it a crime to traffic in tools - in this case the Advanced eBook Processor - designed primarily to circumvent copyright control measures. If convicted, Sklyarov could face as many as five years in prison and up to a US$500,000 fine.
Sklyarov gave a presentation on the last day of the Def Con conference entitled "eBook Security: Theory and Practice." That he was arrested at a conference well-populated by law enforcement officials, and one that is also known for candid information disclosure, surprised many attendees and observers.
The case is significant not only because it provides a potential test case for the DMCA, but also because it involves the first prosecution of an individual under the DMCA, said Jennifer Granick, clinical director of the Stanford University Center for Internet and Society, who has been critical of the legislation.
"This provision of the law (the anti-trafficking provision of the DMCA) is different from all other kinds of law we've had before. This isn't about copyright infringement," she said. Rather, it renders programs that can have other, legitimate purposes illegal, she said.
The law in effect narrows the scope of how Fair Use and First Sale are defined, and may have other negative effects as well, according to Granick.
"I'm afraid we're going to see more researchers afraid to come to the U.S." for fear of prosecution under the DMCA, she said. "What this guy did was completely legal where he was (in Russia)."
Besides being new, the statute is a complex one and it's possible Sklyarov did not realise that he may have acted in violation of US law, she said.
"I'm not sure there's a way this law could be written to avoid this problem," she said.
The DMCA has been at the heart of a number of high-profile and polarizing cases over the last year or two, including the DeCSS (De Contents Scramble System) case and a suit against SDMI (the Secure Digital Music Initiative).
The DeCSS case, in which programmers created a tool that could decode DVDs (digital versatile discs) by removing the CSS (Contents Scramble System), is under appeal and currently winding its way through the courts. The initial ruling in the case, which upheld the DMCA and barred even linking to Web sites that contain DeCSS or other circumvention devices, was highly controversial in parts of the Internet and open source software communities.
In a more recent case involving a cryptography challenge issued by the Secure Digital Music Initiative (SDMI), a multi-industry consortium of companies trying to create a standard for secure digital music, Princeton University professor Edward Felten was threatened with a DMCA lawsuit by SDMI if he published a paper on his findings regarding how to break SDMI's proposed watermarking technology.
Though Felten did not present the paper, he is now suing both SDMI and the Recording Industry Association of America (a conglomeration of record companies and the force behind SDMI) to allow publication of his paper.