|Some of us who regularly write about intellectual property issues jokingly
refer to publishers as the "copyright police," and contemplate being thrown
into "copyright jail" for "violating" fair-use laws. Despite this imagined
scenario, I never really expected that a civilian would be arrested
and criminally prosecuted by the U.S. government.
Leading Up to Action, Arrest
On July 16, 2001, Dmitry Sklyarov, a Russian programmer, was arrested
by the FBI as the copyright holder of a software program that circumvents
the technology that protects against the unauthorized copying of Adobe
Systems' eBook format. Sklyarov's arrest was preceded by several events.
On June 22, his company, ElcomSoft (http://www.elcomsoft.com),
posted a press release announcing the sale of a software program called
Advanced eBook Processor (AEBPR), which removes encryption coding from
Adobe Acrobat PDF files and Adobe Acrobat eBook Reader software. In part,
the press release stated:
Advanced eBook Processor lets users make backup copies of eBooks that
are protected with passwords, security plug-ins, various DRM (Digital Rights
Management) schemes like EBX and WebBuy, enabling them to be readable with
any PDF viewer, without additional plug-ins. In addition, the program makes
it easy to decrypt eBooks and load them onto PalmPilots and other small,
portable devices. This gives users—especially users who read on airplanes
or in hotels—a more convenient option than using larger notebooks with
limited battery power to read their eBooks.
PDF protection can prevent users from changing or printing information,
adding or changing annotations and form fields, or even selecting and copying
text or graphics. With Advanced eBook Processor, these PDF files can be
decrypted, opened, and used without any of these restrictions. Once protection
has been removed, PDF files created with Adobe's Acrobat program can be
opened in any PDF viewer, including Adobe's Acrobat Reader.1
Although the press release and demo program have been removed from ElcomSoft's
Web site, you can view the press release in its entirety at http://www.planetebook.com/mainpage.asp?webpageid=169
and study ElcomSoft's position (and even download the "criminal" program)
at the Censored Archive Web site (http://diddl.firehead.org/censor/adobe_ebook/www.elcomsoft.com/aebpr.html).
On June 28, Adobe updated its software to prevent AEBPR from operating.
ElcomSoft responded by releasing a new version of AEBPR to once again circumvent
Adobe's programs. When Adobe next requested that ElcomSoft stop selling
the software, ElcomSoft agreed, but then offered a demonstration copy at
no cost (available through RegNow, an online software delivery and payment
During this same period, Adobe representatives met with FBI Special
Agent Daniel J. O'Connell. About a week after the meeting, O'Connell filed
an affidavit with the Northern District Court of California (http://www.planetebook.com/mainpage.asp?webpageid=168).
Sklyarov was attending the annual DEF CON (DEFense CONdition of the country)
underground Internet security convention in Las Vegas to discuss AEBPR,
when he was arrested by the FBI and held without bail.
On August 6, Sklyarov was released on $50,000 bail, but was required
to forfeit his passport. The indictment of Sklyarov and ElcomSoft took
place on August 28 (http://www.usdoj.gov/usao/can/press/assets/applets/2001_08_28_sklyarov_ind.pdf).
The indictment uses some frightening language, including six paragraphs
under Count One outlining "The Conspiracy," as well asa paragraph about
the commitment of "Overt Acts." In short, Sklyarov was charged with two
major counts: 1) "conspiracy to traffic in technology primarily designed
to circumvent—and marketed for use in circumventing—technology that protects
a right of a copyright owner" and 2) aiding and abetting such conduct.
To the surprise of Adobe officials, there was national public outcry
(including protest marches) over Sklyarov's arrest, as well as pressure
from the Electronic Frontier Foundation. This prompted the company to request
Sklyarov's release. Despite Adobe's willingness to back down, as of this
writing the Department of Justice continues to press on with its prosecution.
Although it's not illegal in Russia for programmers to develop circumvention
software, U.S. prosecutors will most likely argue that because Sklyarov
was on American soil, the federal government has authority to establish
Sklyarov is not being accused of copyright infringement, but rather
is being charged for developing and distributing software that could ultimately
furnish the means to illegally copy and widely distribute rightsholders'
works. The legislation responsible for Sklyarov's arrest is the Digital
Millennium Copyright Act (DMCA), signed into law by President Clinton on
October 28, 1998 (available in full text at http://www.loc.gov/copyright/legislation/hr2281.pdf).
The DMCA embodies two primary categories of "protection against circumvention
of technological measures used by copyright owners to protect their works."
The first category includes measures to "prevent unauthorized access to
a copyrighted work." The second category includes measures to "prevent
unauthorized copying of a copyrighted work." Violators of these provisions
in the act are subject to criminal prosecution, especially if they "willfully"
break copyright laws for "commercial advantage or private financial gain."
Although a few civil cases have been adjudicated or settled out of court,
the Sklyarov case is different because of the criminal charges being brought
against a Russian citizen. In a civil case, the prosecuting individual
or company sues for monetary damages and/or the right to force the defendant
to cease a specific action. Being charged as a criminal under the DMCA,
Sklyarov faces up to 5 years imprisonment and up to a $500,000 fine. (Subsequent
offenses under the DMCA incur as much as a $1 million fine or 10 years
imprisonment. Nonprofit libraries, archives, and educational institutions
are "entirely exempted from criminal liability.")
The federal government must prove that Sklyarov, as the registered copyright
holder of the AEBPR program, developed the software for commercial advantage
or private financial gain. Note that although copyrights and patents are
often registered in the originators' names, under work-for-hire regulations
the developers' employers generally own and profit from the copyrighted
To argue the case, Sklyarov's attorney has several probable lines of
defense. First, Sklyarov is studying electronic security issues as part
of his Ph.D. research studies. The defense may very well ask whether or
not it's against the law for anyone to engage in "legitimate" encryption
research. In a similar circumstance, Edward Felton, a professor affiliated
with Princeton University, withdrew a paper analyzing digital music encoding
when the Recording Industry Association of America threatened a lawsuit.
The importance of cryptology as a recognized discipline has been demonstrated
several times in U.S. history, most notably during World War II. Brad Templeton,
chairman of the Electronic Frontier Foundation, points out that "Cryptanalists
[sic] like Alan Turing are now widely regarded as among the greatest contributors
to the defeat of Nazi Germany...."2
A second line of defense is that Sklyarov was merely trying to demonstrate
the weakness of Adobe's encrypted programs and the ease in which he was
able to devise circumvention software that compromises Adobe's products
and the copyrights of publishers. Incidentally, Sklyarov is not the only
programmer to study e-book encryption programs. In late August, an anonymous
programmer reported that he was able to decrypt the Microsoft Reader eBook
program, but understandably he has not released his software. The problem
with this defense, however, is that ElcomSoft was selling the circumvention
program, rather than publicizing research about the security problems of
A third possible line of defense—a strong one, in my opinion—is that
ElcomSoft and Sklyarov developed the software to encourage first-sale and
fair-use provisions outlined in the U.S. Copyright Act. Examples of such
rights include making a backup archival copy in case the original e-book
is damaged, loaning an e-book to a friend or colleague, allowing the visually
handicapped to load e-books into speech synthesizers, and permitting readers
to store e-books in other programs so they can be accessed with any software
or after program upgrades.
Fair-Use, First-Sale Rights
Since his employer, not Sklyarov, was directly selling the program,
it's inconceivable that Sklyarov deliberately created it for personal profit
motives. From most accounts, his primary reason for attending the DEF CON
convention seems to be the presentation of legitimate research on how easily
encrypted e-book programs can be broken. Some industry experts have even
suggested that Adobe Systems should be grateful to Sklyarov for finding
the software vulnerabilities. DEF CON has held nine annual conferences,
attended by respected security experts, cryptographers, and computer programmers
employed by universities, corporations, and the government. Despite the
prestige of many of the attendees, there are those who claim that meetings
of the organization encourage a "dangerous" society of hackers.
I've frequently criticized the continuing threat from publishers that
will ultimately end fair-use and first-sale doctrine rights. Witness the
July 19 statement from the Association of American Publishers (AAP) "hailing"
the actions of the Justice Department regarding the Sklyarov case. In part,
Pat Schroeder, president and CEO of AAP, said:
It's only common sense to expect that, if the public wants desirable
books to be available online and through other digital media like the Adobe
Reader, the authors and publishers who have the legal rights to commercially
exploit such works in the global digital marketplace must have reasonable
assurances that the market value of their works can be protected from the
extraordinary risks of illegal reproduction and distribution that are made
possible by the capabilities of digital media. Congress understood this
when it enacted the DMCA to help promote the online availability of copyrighted
Distribution of the means to strip ebooks of their access and copyright
protections is not a public service, any more than it would be a public
service to distribute the keys that unlock a bookstore or public library....
It merely facilitates theft, and makes it less likely that ebooks will
soon become a popular reading format.3
What Schroeder fails to understand is that when we buy print books,
we legally own them—we can write in them, lend them, donate them, sell
them, reread them, and desecrate them. Libraries buy books (often single
copies) for a borrowing public; they have the right to give away, sell,
or destroy the publications. If electronic book theft takes place, as Schroeder
fears, I suspect the real reason for this "criminal" behavior is that consumers
want continuing or lifelong ownership of e-book titles for which they have
My concerns are not limited to the encryption of e-books. In early 1998,
when Paula Eiblum and I reported on the then-new Digital Object Identifier
(DOI) tagging system, which was created to protect digital material from
unauthorized copying, we worried about the loss of fair-use rights applied
to printed materials:
We ... contemplate a time when DOI is applied to the print medium. What
if every paper book, journal, and newspaper applies an encryption tag?
Imagine a time when a page hits the glass of a photocopy machine and instructions
appear directing the user to deposit coins. Either the royalty fees are
paid or the page is not reproduced. In our view, the enormous problem of
compliance would be solved, not to mention the gratitude authors would
feel if they were to receive a percentage of each royalty payment! But
does this scenario represent the end of fair use as it was conceived in
the U.S. Constitution and written in the revised Copyright Act of 1978?4
If the publishers provided a model that allowed readers of e-books to
outright own electronic publications, consumers would embrace the technology
without feeling like criminals, and the publishing industry could become
Stephanie C. Ardito is the principal of Ardito Information &
Research, Inc., a full-service information firm based in Wilmington, Delaware.
Her e-mail address is firstname.lastname@example.org.
1. "Advanced Acrobat eBooks Are NOT Really Secure," ElcomSoft
press release, June 22, 2001 (http://www.planetebook.com/mainpage.asp?webpageid=169).
2. Templeton, Brad. "An eBook Publisher on Why the U.S. Attorney
Should Free Dmitry Sklyarov" (http://www.templetons.com/brad/free.html).
3.American Association of Publishers. "Publishers Hail Government
Action Against Russian Ebook Hackers," press release, July 19, 2001 (http://22.214.171.124/ebookweb/stories/storyReader$89).
4.Ardito, S. C. and Eiblum, P. "Inevitability: Death, Taxes,
and Copyright," ONLINE, January/February 1998, pages 8185.
Additional Resources and Industry Opinions
Ardito, S.C. "Electronic Books: To 'E' Or Not to 'E': That Is the Question,"
Searcher, April 2000, volume 8, number 4, pages 2839.
Electronic Freedom Foundation. "EFF Intellectual Property: Digital Millennium
Copyright Act (DMCA): U.S. v. Sklyarov Archive" (http://www.eff.org/IP/DMCA/US_v_Sklyarov).
"Free Dmitry Sklyarov!" (http://freesklyarov.org).
Harmon, Amy. "New Visibility for 1998 Copyright Protection Law, with
Online Enthusiasts Confused and Frustrated," The New York Times,
August 13, 2001, page C4.
Lessig, Lawrence. "Jail Time in the Digital Age," The New York Times,
July 30, 2001, section A, column 2, page 17.Perens, Bruce. "Dmitry Sklyarov:
Enemy or Friend?" ZDNet News, August 2, 2001 (http://www.zdnet.com/zdnn/stories/comment/0,5859,2800985,00.html).
Planet eBook. "Index of ElcomSoft, Dmitry Sklyarov, Adobe, US Government
and DMCA-Related Articles from Around the Web" (http://www.planetebook.com/mainpage.asp?webpageid=170).
Roush, Wade. "Publishers Split on Sklyarov Case," eBookWeb, July 22,
Sperberg, Roger. "Is AEBPR a Legal Program?" eBookWeb, July 24, 2001