20 July 2000, Thanks to SF/MG:
Ashcroft Targets U.S. Cybercrime
20 July 2001, Thanks to ET:
To verify the unlock key for Dimitry Sklyarov's AEBPR application create the following STRING VALUE in the registry:HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced eBook Processor\Registration\Code
and assign it the value of the registration key provided on your site:LEPR-T2K7-NA8Z-3DUE-EVDQS-TMPV-MBAUB
Start the AEPBR application and you will be all set.
Dmitry needs funds for legal defense. If you use AEBPR consider contributing to EFF or to Dmitry through PayPal, firstname.lastname@example.org
19 July 2001:
Russian Hacker Arrested by FBI Goes Missing
posted by declan on Thursday July 19, @06:12PM
from the where-is-dmitry-sklyarov dept.
Dmitry Sklyarov is missing.
The 27-year old Russian programmer and hacker who was arrested after Defcon was last spotted at 3 pm Monday, when he made a brief court appearance in Las Vegas. He's charged with violating the 1998 Digital Millennium Copyright Act.
Now he's adrift inside the federal prison bureaucracy. A managing director of ElcomSoft, Sklyarov's employer, says he has no idea where his colleague is. Says ElcomSoft's Vladimir Katalov: "Of course they really worry about him, because FBI/police didn't allow Dmit to talk to his family."
An informed source in the U.S. Attorney's office in San Francisco said that after Sklyarov's court visit on Monday he was turned over to the U.S. Marshals. The source said Sklyarov is likely out of contact since he's in transit to California. Typically prisoners are moved to a holding facility in Oklahoma until there's a scheduled transport to San Francisco, much as FedEx routes packages through central hubs.
The government source said prosecutors receive almost no warning from the marshals when prisoners will appear -- sometimes they get a phone call, and sometimes the marshals simply take the prisoner to the court with no notice.
19 July 2001:
The Department of Justice has sent out today an embargoed announcement of US Attorney General John Ashcroft's appearance tomorrow in Mountain View, CA, to speak on cybercrime:
-----Department of Justice For Planning Purposes Only - Not For Release AG July 19, 2001 (202) 616-2777 www.usdoj.gov TDD (202) 514-1888 In CA: Lani Miller, (703) 395-4484 Washinton, DC -- Attorney General John Ashcroft will visit Northern California tomorrow, Friday, July 20, to discuss cybercrime issues. When: 11:115AM (Pacific Time), Friday, July 20 What: Attorney General News Conference Regarding Cybercrime Where: VeriSign Worldwide Headquarters 487 East Middlefield Road Mountain View, CA
Dmitry Sklyarov is due to be transferred any time now from Las Vegas to somewhere in the Northern California District.
18 July 2001:
From: "Matthew S. Hamrick" <email@example.com>
Subject: Dimitry Sklyarov Discussion Forum on cryptonomicon.net
Date: Wed, 18 Jul 2001 10:16:13 -0700
I've started a Dimitry Sklyarov controversy discussion forum at:
18 July 2001:
Date: Wed, 18 Jul 2001 14:43:31 +0100
To: Seth David Schoen <firstname.lastname@example.org>, Paul Holman <email@example.com>
From: John Perry Barlow <firstname.lastname@example.org>
Subject: Re: [E-IP] free-sklyarov mailing list
Thank you for this!
I think this will be the galvanizing arrest that brings down the DMCA, but it will take a lot of us working in concert to make that happen. You've provided one of the auto-organizing principles and I'm personally grateful.
At 9:50 PM -0700 7/17/01, Seth David Schoen wrote:
>We have created an e-mail list called "email@example.com" for
>co-ordination of efforts to help Dmitry Sklyarov.
>This list is public, archived, and unprivileged; the subscriber list
18 July 2001: Add New York Times report and EFF press release.
For background information and to download a trial version of the Adobe eBook-cracking program, AEBPR, see the ElcomSoft site: http://www.elcomsoft.com
Cryptome mirror of the AEBPR trial version: http://cryptome.sabotage.org/aebpr/aebpr22.zip (746KB)
For cryptographic scientific research allowed under the DMCA here is a key from Anonymous to boost the trial version -- which decrypts 25% of an eBook -- to its 100% capability (though not verified):LEPR-T2K7-NA8Z-3DUE-EVDQS-TMPV-MBAUB
Bear in mind that Dmitry and ElcomSoft need funds for legal defense and purchasing your key through www.regnow.com is recommended.
Verio, the ISP for Cryptome, kicked ElcomSoft off its system for failing to remove the controversial program and may threaten Cryptome for offering AEBPR.
17 July 2001. Thanks to JT.
See Dmitry Sklyarov's Defcon-9 talk: http://www.download.ru/defcon.ppt (140KB)
Cryptome mirror: http://cryptome.sabotage.org/ds-defcon.ppt (140KB)
U.S. Department of Justice
Northern District of California
11th Floor, Federal
450 Golden Gate Avenue, Box 36055
San Francisco, California 94102
FOR IMMEDIATE RELEASE
Fax: (415) 436-7234
July 17, 2001
The United States Attorney's Office for the Northern District of California announced that Dmitry Sklyarov, of Moscow, Russia, made an initial appearance yesterday in Las Vegas, Nevada, on a complaint from the Northern District of California charging a single count of trafficking in a product designed to circumvent copyright protection measures in violation of Title 17, United States Code, Section 1201(b)(1)(A). This is one of the first prosecutions in the United States under this statute, the Digital Millennium Copyright Act ("DMCA").
According to an affidavit filed by an agent of the Federal Bureau of Investigation in connection with the criminal complaint, Mr. Sklyarov is alleged to have been the author of a program, "Advanced eBook Processor," that unlocked the "eBook Reader" produced by Adobe Systems, Inc. Consumers can download eBook Reader onto their personal computers in order to purchase electronic books in the eBook format from on-line booksellers such as Amazon.com or BarnesandNoble.com. The eBook Reader permits consumers to read the encrypted eBook only on the specific computer utilized to engage in the transaction. Because the book is sold in encrypted form and is only accessible through the eBook Reader, the copyright holder's interest in the book is protected.
According to the affidavit, the Advanced eBook Processor permitted users of the program to decrypt an eBook in a manner such that the eBook could be opened in any Portable Document Format ("PDF") viewer such as Adobe Acrobat reader, and the file would have no restrictions on editing, copying and printing the eBook. The affidavit states that the Advanced eBook Processor would allow anyone to read the eBook on any computer without paying the fee to the bookseller. The affidavit alleges that the program itself lists Mr. Sklyarov as the copyright holder of the Advanced eBook Processor, and that the program was distributed by ElcomSoft Company, Ltd. of Moscow, Russia, through its website.
The website for the "Defcon-9" conference in Las Vegas, Nevada states that Mr. Sklyarov was scheduled to speak at the Defcon-9 conference, scheduled for July 13-15. The Defcon-9 conference website describes the conference as "an annual computer underground party for hackers in Las Vegas," and it states that Mr. Sklyarov's speech would include "security aspects of electronic books and documents."
The maximum statutory penalty for each count in violation of Title 17, United States Code, Section 1201(b)(1)(A) is five years imprisonment and a fine of $500,000. However, any sentence following conviction would be dictated by the Federal Sentencing Guidelines, which take into account a number of factors, and would be imposed in the discretion of the Court. A complaint simply contains allegations against an individual and, as with all defendants, Mr. Sklyarov must be presumed innocent unless and until convicted.
Mr. Sklyarov made his initial appearance in federal court in Las Vegas today, July 16, 2001. Mr. Sklyarov was detained without bail and ordered removed to the Northern District of California. No dates have been set for the defendants next appearance.
The prosecution is the result of an investigation by agents of the Federal Bureau of Investigation. Scott Frewing and Joseph Sullivan are the Assistant U.S. Attorneys who are prosecuting the case with the assistance of Lauri Gomez.
A copy of this press release and key court documents filed in the case may also be found on the U.S. Attorney's Office's website at www.usaondca.com.
All press inquiries to the U.S. Attorney's Office should be directed to Assistant U.S. Attorney Matthew J. Jacobs at (415) 436-7181.
[9 pages; misspellings in original.]
NORTHERN DISTRICT OF CALIFORNIA
UNITED STATES OF AMERICA
CASE NUMBER 5 01 257
I, the undersigned complainant being duly sworn state the following is true and correct to the best of my knowledge and belief. On or about June 26, 2001 in Santa Clara county, in the Northern District of California defendant(s) did, (Track Statutory Language of Offense)
import, offer to the public, provide, and otherwise traffic in a software product that is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof, and aid and abet such conduct.
in violation of Title 17 United States Code, Section(s) 1201(b)(1)(A) and 18 U.S.C. Sec.2
I further state that I am a(n) Special Agent, F.B.I. and that this complaint is based on the following facts:
see attached affidavit
5 years imprisonment
3 years supervised release
$100 penalty assessment
Bail request: no bail
Continued on the attached sheet and made a part hereof [X] [ ] No
Approved as to form: [Signature] AUSA Joseph E. Sullivan
Name/Signature of Complainant: [Signature] Daniel J. O'Connell
Sworn to before me and subscribed in my presence
Date: July 7, 2001 at San Jose, California
U.S. Magistrate Judge Patricia V. Trumbull
|NORTHERN DISTRICT OF CALIFORNIA
COUNTY OF SANTA CLARA
|SS: AFFIDAVIT FOR COMPLAINT|
Daniel J. O'Connell, being duly sworn, deposes and states:
1. I submit this affidavit in support of a criminal complaint and an arrest warrant for Dmitry Sklyarov, for violation of Title 17, United States Code, Section 1201(b)(1)(A) -- circumvention of copyright protections, and Title 18, United States Code, Section 2 -- aiding and abetting.
2. Title 17, United States Code, Section 1201(b) states in relevant part:
(1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that -
(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof;
. . .
(2) As used in this subsection -
(A) to "circumvent protection afforded by a technological measure" means avoiding, bypassing, removing, deactivating, or otherwise impairing a technological measure.
3. Title 17, United States Code, Section 1204, states in part:
(a) In general. -- Any person who violates section 1201 or 1202 willfully and for purposes of commercial advantage or private financial gain,
(1) shall be fined not more than $500,000 or imprisoned for not more than 5 years or both, for the first offense; and
(2) shall be fined not more than $1,000,000 or imprisoned for not more than 10 years, or both, for any subsequent offense.
Background of Affiant
4. I have been employed as a Special Agent for the Federal Bureau of Investigation for over twenty-five years. I am currently assigned to the High Tech Squad at San Jose, California, which has responsibility for the theft of intellectual property, theft of trade secrets, and violations of U.S. copyright laws. I have participated in such intellectual property related investigations since passage of the Economic Espionage Act of 1996.
Basis of Charges
5. On June 26, 2001, I met with representatives of Adobe Systems, Incorporated (Adobe), located in San Jose, California. Kevin Nathanson, Group Products Manager, eBooks, Adobe, told me the following:
a. Adobe produces computer software, including a software product named Adobe eBook Reader.
b. eBook Reader works as follows: after users upload the program onto their personal computer systems, the users can contact a Internet Web based electronic bookseller such as Amazon.com or Barnes and Noble.com and purchase a book titles in an electronic format known as an eBook. As a result of a series of seamless transactions taking place between the electronic bookseller, an Adobe Server, and the customer's computer, users may only open and view the encrypted eBook on the specific computer that the user utilized to engage in the transaction. Because the process is taking place outside the view or control of the user, the user never sees the verification/decryption process taking place between the eBook file and the Adobe eBook Reader. Nevertheless, because the book sold in encrypted form and only accessible through the eBook Reader and is not duplicatable, the copyright holder's interest in the book is protected.
c. Adobe is being victimized by a Russian company named Elcomsoft. Elcomsoft is distributing a key over the Internet in the form of a software program that illegally unlocks copyright protections on the e-Book files. This unlocking key is available for purchase on the Internet at http://www.elcomsoft.com/aebpr.html. The commercial name given by Elcomsoft to this unlocking key program is Advanced eBook Processor (AEBPR).
6. Nathanson and Daryl Spano, a technical Investigator, Investigations/Anti-Piracy, Adobe, showed me Elcomsoft literature they observed on the Internet which describes a program to decrypt eBooks in Adobe Acrobat eBook Reader format (PDF files with EBX security handler) as well as Adobe Acrobat PDF files protected using a standard security method, WebBuy Technology, or any other Acrobat security plug-in (like FileOpen, SoftLock etc.). The decrypted file can be opened in any PDF viewer (e.g. Adobe Acrobat Reader) without any restrictions -- i.e. with edit, copy print, annotate functions enabled. All versions of Adobe Acrobat are supported. It can also decrypt e-Book Pro (*.EBJ) files, extracting all html pages and images from them.
7. Nathanson told me that the real damage done by the AEBPR program is that it creates a "naked file" that enables anyone to read the eBook on any computer without paying the feed to the bookseller. Only one legitimate copy of the encrypted eBook needs to be purchased originally and after the protections are stripped through the usage of the Elcomsoft program, there are no restrictions and the eBook can be duplicated freely and made available for usage on any computer.
8. Daryl Spano told me the following:
a. Adobe purchased a copy of the Elcomsoft unlocking software over the Internet, and an Adobe engineer told Spano that the unlocking key worked as Elcomsoft claimed.
b. Adobe purchased the program through Elcomsoft through a U.S. based company that Elcomsoft was using as a means of collection a $99 fee for purchase and usage of the unlocking key. Nathanson and Spano told me that this company was Register Now! (www.regnow.com) Dept # 1170-75, PO Box 1816 Issaquah, Washington 98027, 1-877-353-7297. Register Now! collected the $99 fee that pays for the unlocking key. Thereafter, Elcomsoft, after receiving verification from Register Now!, electronically sent the unlocking key registration code from Elcomsoft to the purchaser (Adobe) in San Jose, California, in the Northern District of California. Spano provided documents to me reflecting the transaction and showing that the unlocking key was purchased by Adobe on June 26, 2001.
c. The Elcomsoft unlocking software was downloaded for free directly from the Elcomsoft site without purchasing the key. However, the software obtained without the unlocking key allowed on to view only approximately ten percent of an eBook in the Adobe format. In order to get the complete book, the person downloading the Elcomsoft software was required to pay Elcomsoft the $99 fee through the RegNow website to obtain the unlocking key.
d. A review of the opening screen on the Elcomsoft software purchased showed that a person named Dmitry Sklyarov is identified as being the copyright holder of the Elcomsoft program. Spano exhibited this opening screen to me and provided me with a copy of the screen. Spano also provided me a copy of the E-mail from Elcomsoft managing director Vladimir Katalov furnishing the unlocking key after the fee had been paid to Elcomsoft through the RegNow website.
e. Adobe learned that Dmitry Sklyarov is slated to speak on July 15, 1001 at a conference entitled Defcon-9 at Las Vegas Nevada. Spano told me that he learned that Sklyarov is scheduled to make a presentation related to the AEBPR software program.
9. Nathanson told me that thus far, Elcomsoft had defeated ADobe's Version 2.1 eBook Reader and has threatened in literature on its website to issue a "crack" for Acrobat eBook Reader Version 2.2 that has just been released.
10. Nathanson and Spano stated that Adobe has attempted to prevent Elcomsoft from providing the unlocking key to the public and has been resisted in this effort by Elcomsoft. Adobe has sent "cease and desist" letters to Elcomsoft, RegNow and the Internet Service Provider for Elcomsoft, Verio Inc.
11. On July 2, 2001, I viewed the Internet home page of RegNow, "www.regnow.com". The following products were listed for purchase through the website:
* Advanced PDF Password Recovery (Pro)
* Recover passwords to Adobe Acrobat PDF files
* ElcomSoft Co. Ltd.
* Advanced PDF Password Recovery
* Decrypt protected ADobe Acrobat PDF files.
* ElcomSoft Co. Ltd.
* Advanced eBook Processor (Discount)
* Decrypt protected Adobe Acrobat PDF files and eBooks
* ElcomSoft Co. Ltd.
When I used a computer mouse to select the above listed programs for purchase through RegNow website, I was directed to the home page of Elcomsoft.com
12. On July 2 and 3, 2001, I observed the following information on the ELCOMSOFT website in which Elcomsoft describes its business activity:
"ElcomSoft Co. Ltd. is a privately owned software development company headquartered in Moscow, Russia. Established in 1990, Elco specializes in producing Windows productivity and utility applications for businesses and individuals...." "ElcomSoft Co. Ltd. is a member of the Russian Cryptology Association (RCA) and a lifetime member of the Association of Shareware Professionals (ASP). ElcomSoft is also a Microsoft Independent Software Vendor (ISV) partner..."
13. I observed that the Elcomsoft website "home page" showed the following information among a listing of new products and their release dates:
"June 26, 2001 New versions of Advanced eBook Processor and Advanced NT Security Explorer now available" and "June 20, 1001 New product has been released: Advanced eBook Processor. Decrypt eBooks for Adobe Acrobat Reader and PDF's protected with all security plug-ins, including WebBuy!"
14. I observed that Elcomsoft described its product and made certain comments about its legality as follows:
Advanced eBook Processor ....
06/20/2001 We have released our new program and called it AEBPR (Advanced eBook Processor). The only thing the program does is: converting documents from Acrobat eBook format (compiled for Adobe Acrobat eBook Reader) to the plain Acrobat format (PDF). Again, that's all: from one Adobe format to another. But PDF is much wider used, because there are (free) PDF viewers for a lot of hardware platforms (from workstations to PDAs) and operating systems (Windows, Mac, Linux etc), while Acrobat eBook Reader is available for Windows and Mac only.
This program works only with eBooks you legally own, i.e. purchased from one of online stores like Amazon or Barnes & Noble. So we were absolutely sure that the owner of eBook has all rights to read the book he purchased where he wants and how he wants.
The demo version of AEBPR allowed to convert only first 10% of the book content. To protect unauthorized distribution of eBooks on the piracy market, we have set the "border" price for this program - $99, which is much more than an average eBook cost (most eBooks are being sold from $10 to $30, and there are a lot free ones).
You can download a demo version of AEBPR here, here or here (please not that current release of our program does not support the latest version of Adobe eBook Reader, 2.2; that is the result of unpredicted Adobe reaction to our release of this program - see below.
06/25/2001 We have received a notification from Adobe Anti-Piracy Enforcement Team team in which they claimed that our program is illegal and we need to remove it immediately from our site. They said they give us 5 days otherwise they will "pursue us aggressively"....
06/26/2001 We have received an email from our ISP, Verio Inc. They wrote that Adobe has contacted them to shut down our Web site (again, immediately). As Adobe wrote to Verio, the reason was: the site "offers downloads to their copyrighted software published by Adobe Systems." Obviously - this is not true, we never distributed any software copyrighted by Adobe Systems. But as you can see, Adobe is not even going to collect the correct information (what laws, copyrights and terms-of-use have been violated), but just started their aggressive actions before 5-day period (they set themselves) has expired. Really, they did not want to give us a time to consult with our attorneys! Verio gave us 6 hours to remove this page (the one you are reading now). So we moved the site to another ISP...
06/27/2001 (2:19:30 PM) Verio has contacted us again, this time not asking for something, but just with a notification: "Host blocked: www.elcomsoft.com/aebpr.html - 22.214.171.124 port 80 (www)" You can see, that since they were not able to close our web site completely, they simply disabled access to it on their routers. Moreover, they have blocked the whole IP address of our server, so not only this site, but also lots of other (not only ours) web sites became completely out of reach! But we already had a few mirrors ready, and after this unfriendly action from Verio, we have updated appropriate DNS records. In 6 hours, our web site was accessible again!
06/28/2001 (10:57 AM) Adobe has sent a complaint to RegNow , our billing service (5 days are still not expired!). This time they called it "unauthorized distribution of software"...
RegNow asked us for advice what they should do in this situation. We didn't want them to be involved in our problems, and so asked to stop sales of AEBPR....
07/03/2001 Now it's time for the brutal truth on Adobe eBook protection. We claim that ANY eBook protection, based on Acrobat PDF format (as Adobe eBook Reader is), is ABSOLUTELY insecure just due to the nature of this format and encryption system developed by Adobe. The general rule is: if one can open particular PDF file or eBook on his computer (does not matter with what kind of permissions/restrictions), he can remove that protection (by converting that file into "plain", unprotected PDF. Not very much experience needed. In brief: ANY security plugin (actually, eBooks are protected with security plug-in as well: EBX) does nothing but returns a decryption key to Adobe Acrobat Reader or Adobe Acrobat eBook Reader. Plug-in can make various hardware verifications, use parallel port dongles, connect to the publisher's web site and use asymmetric encryption, etc, but all ends up with a decryption key, because the Reader needs it to open the files. And when the key is there, we can use it to decrypt the document removing all permissions.
Below is the list (not complete) of Acrobat-based protections supported by Advanced eBook Processor:
* "standard" PDF encryption,
* BPTE_Rot13 (used by New Paradigm Resources Group, Inc.),
* FileOpen (by FileOpen Systems),
* SoftLock (by SoftLock Services, Inc.),
* InterTrust DocBox,
* Internet Standards Australia
* Adobe's Web Buy
* Adobe's eBook Reader (GlassBook Reader)
We claim that by aggressively pushing of standards, unapproved by professional cryptologists, to the fast growing electronic books market and with pursuing of independent researchers who tries to highlight the problems, Adobe Systems violates the rights of books authors and publishers, which may result the unauthorised distribution of their books in the Internet.
15. On July 2, 2001, I reviewed the website for the "Defcon-9" convention scheduled for July 13-15, 2001, in Las Vegas Nevada. I observed that an individual identified as Dmitry Sklyarov and an individual identified as Andy Malyshev are listed as speakers who are to discuss the Acrobat e-Book Reader.
16. The website of Defcon-9 conference described it as follows:
an annual computer underground party for hackers held in Las Vegas, Nevada. It has been held every summer for the past eight years. Over those years it has grown in size, and attracted people from all over the planet. People attend to meet others into hacking, hang out with old friends, listen to new speeches or just hack on the network. That's what it is all about in a nutshell. Meeting other people and learning something new. Last year over 4,200 people showed up. That makes us (Currently) the largest hacking convention on the planet.
17. The Defcon-9 website described Dmitry Sklyarov's speech topic as follows:
eBooks security theory and practice
Security aspects of electronic books and documents, and a demonstration of how weak they are: "standard" PDF encryption, Rot13 (used by New Paradigm Resources Group, Inc.), FileOpen (by FileOpen Systems), SoftLock (by SoftLock Services, Inc.), Adobe's Web Buy, Adobe's eBook Reader (GlassBook Reader) InterTrust DocBox plug-in.
Documents publishing in electronic form have a lot of advantages against traditional on-paper publishing. You could easily find list of such advantages on web server of any company, which provides eBook solutions. But nobody perfects, and there is one big problem that related with eBooks. Information in electronic form could be duplicated and transmitted, and there is no reliable way to take control over that processes. There are several solutions from different companies that were developed to prevent unauthorized distribution of the electronic documents.
18. The Defcon 9 website also included the following statement from "Dmitry Sklyarov:"
My name is Dmitry Sklyarov. I'm employee of the Elcomsoft Company. As we have demonstrated in our speech on Black Hat Win2K Security (february 2001), encryption in Microsoft Office documents is very weak and password protection may be removed without any problems in most cases. In this speech I'll try to cover password protection aspects of electronic books and documents. The most attention will be paid to documents in PDF format...
19. On July 5, 2001, I spoke via telephone with Tom Diaz, Senior Engineering Manager for the eBook Development Group of Adobe. In response to my question, Diaz affirmed that he believes the Elcomsoft Software program, coupled with the Elcomsoft unlocking key, circumvents protection afforded by a technological measure developed by Adobe for its Acrobat eBook Reader either by avoiding, bypassing, removing, deactiviating, or otherwise impairing the technological measure.
20. Based on the foregoing, I believe Dmitry Sklyarov, employee of Elcomsoft and the individual listed on the Elcomsoft software products as the copyright holder of the program sold and produced by Elcomsoft, known as the Advanced eBook Processor, has willfully and for financial gain imported, offered to the public, provided, and otherwise trafficked in a technology, product, service, and device that is primarily designed or produced for the purpose of circumvention a technological measure that effectively controls access to a work protected under Title 17, namely books distributed in a form readable by the Adobe eBook Reader, in violation of Title 17, United States Code, Section 1201(b)(1)(A) and Title 18, United States Code, Section 2.
Daniel J. O'Connell
Federal Bureau of Investigation
Sworn and subscribed before me
this 10 day of July, 2001
Patricia V. Trumbull
United States Magistrate Judge
HTML by Cryptome.
The New York Times, July 18, 2001
[Photo of Dmitry Sklyarov]
In one of the first cases of criminal prosecution under a 1998 federal digital copyright law, a 27-year-old Russian cryptographer was arrested at a Las Vegas hotel on Monday morning, a day after giving a presentation to a large convention of computer hackers on decrypting the software used to protect electronic books.
Dmitri Sklyarov, who was being held in Las Vegas without bail, is being charged with one count of trafficking in software to circumvent copyrightable materials and one count of aiding and abetting such trafficking. Mr. Sklyarov is expected to be transferred to San Jose, Calif., where he would face charges of violating the Digital Millennium Copyright Act, a 1998 law that limits the unauthorized copying of digitized material.
Mr. Sklyarov is one author of a software package released in June that breaks through electronic book encryption developed by Adobe Systems Inc. He faces up to five years in jail and a $500,000 fine.
This is the first criminal case under the act involving electronic books, a small but competitive industry in which the players include Adobe, Microsoft, Palm and Gemstar. Other high-profile cases involving the act, including one that involves decryption software for DVD's, have mostly been civil suits.
Mr. Sklyarov, a tall, lanky graduate student with a lopsided smile, is currently completing his Ph.D. at Moscow State Technical University. His dissertation, which examines the security of electronic book software, was the basis of his presentation, entitled "E-Book Security: Theory and Practice." He is the father of two young children.
Mr. Sklyarov is an employee of ElcomSoft, a small, Moscow-based company that has recently drawn the ire of Adobe for distributing a software package that circumvents Adobe eBook Reader software by converting encrypted books to unprotected files, which can then be distributed freely.
BarnesandNoble.com briefly halted distribution of Adobe-format electronic books last month, listing them as "out of stock," from June 26 to June 27 while Adobe updated its encryption software. ElcomSoft said Adobe's changes were superficial and released a new demonstration version of the decryption program shortly after Adobe's update.
Over the last several weeks, Adobe has aggressively pursued ElcomSoft, forcing it to switch Web-host services several times by sending cease-and-desist notices to Web service companies. Adobe also met with the F.B.I. on June 26 to discuss the impact of ElcomSoft on its business.
As a result of pressure from Adobe, ElcomSoft stopped selling its Advanced eBook Processor software, which initially cost $100. Instead, the company created a demonstration version that decrypts only a portion of an electronic book, and made that available free on its Web site.
Although Mr. Skylarov is a Russian citizen and ElcomSoft is based in Moscow, the sales of the product took place partly in the United States, since a United States-based company called Register Now handled the financial processing. Scott Frewing, one of the assistant United States attorneys who is handling the case, said that despite the borderless nature of the Internet "the question of jurisdiction was not particularly in contest in this case."
In his technical presentation on Sunday to an audience of several hundred people at the conference, called Def Con, Mr. Sklyarov argued that the security behind Adobe's widely used Acrobat Portable Document Format, known as PDF, is inherently flawed. "E-book distribution based on PDF technology is insecure," he said.
Bruce Schneier, a cryptographer who has written a popular textbook on the subject, agreed. "Trying to secure this is like trying to make water not wet," he said. "Bits are copyable by definition."
Nevertheless, companies are determined to protect their products and are looking to the copyright act for help. "No software on the market is 100 percent secure to determined hackers," said Susan Altman Prescott, vice president for cross-media publishing at Adobe. "We're confident that we are taking all of the right steps on an ongoing basis to incorporate the most sophisticated technologies available."
ElcomSoft is a 20-person company best known for its password recovery software for programs like Microsoft Word and Quicken, produced by Intuit. According to Aleksandr Katalov, president of ElcomSoft, the company's clients include many United States government agencies, including the F.B.I. and the Central Intelligence Agency.
The pursuit of criminal charges against an individual employee rather than the company drew surprised reactions. "I thought maybe I would be arrested because I am the owner and the president of the company, but not Dmitri," said Mr. Katalov, who also attended the conference. "But I think this is the easiest way to send a message that it is a single Russian hacker at work, but really it is the entire encryption that is flawed."
Date: Tue, 17 Jul 2001 18:32:42 -0700
From: Will Doherty <firstname.lastname@example.org>
Subject: EFF: FBI Arrests Programmer in Las Vegas
Electronic Frontier Foundation Media Release
For Immediate Release: July 17, 2001
Robin Gross, EFF Staff Attorney, +1 415 436-9333 x112, email@example.com
Jennifer Granick, Clinical Director at Stanford Law School Center for Internet and Society, +1 650 724-0014, firstname.lastname@example.org
Created Tool that Increases Purchaser's Control of eBooks
San Francisco - The FBI arrested Russian citizen Dmitry Sklyarov in Las Vegas, Nevada, yesterday on charges of distributing a product designed to circumvent copyright protection measures. Sklyarov, who was in Las Vegas to deliver a lecture on electronic book security, allegedly authored a program which permits editing, copying, and printing of electronic books by unlocking a proprietary Adobe electronic book format.
Charged in one of the first United States criminal prosecutions under the Digital Millenium Copyright Act (DMCA), Sklyarov is currently in custody in Las Vegas pending transfer to the United States District Court in San Francisco.
The case involves Advanced eBook Processor software developed by Sklyarov's Russian employer Elcomsoft. According to the company's website, the software permits eBook owners to translate from Adobe's secure eBook format into the more common Portable Document Format (PDF). The company maintains that the software only works on legitimately purchased eBooks.
Adobe's eBook format restricts the manner in which a legitimate eBook buyer may read, print, back up, and store electronic books. The Advanced eBook Processor appears to remove these usage restrictions, permitting an eBook consumer to enjoy the ability to move the electronic book between computers, make backup copies, and print. Many of these personal, non-commercial activities may constitute fair use under U.S. copyright law. Of course, the Advanced eBook Processor software may also make it easier to infringe copyrights, since eBooks, once translated into open formats like PDF, may be distributed in illegitimate ways.
Robin Gross, attorney with the Electronic Frontier Foundation (EFF), explained, "The U.S. government for the first time is prosecuting a programmer for building a tool that may be used for many purposes, including those that legitimate purchasers need in order to exercise their fair use rights."
Jennifer Granick, Clinical Director at the Stanford Law School Center for Internet and Society, commented that "the DMCA says that companies can use technology to take away fair use, but programmers can't use technology to take fair use back. Now the government is spending taxpayer money putting people from other countries in jail to protect multinational corporate profits at the expense of free speech."
Alexander Katalov, President and Owner of Elcomsoft, expressed anger and disappoint over Sklyarov's arrest: "Dimitry is only one of the programmers who worked on this program, so I don't understand why it is his sole responsibility. In Russia, we have no law like the DMCA. In fact, distributing Adobe's eBook software is illegal in Russia, since Russian law requires that the software permit the purchaser to make at least one legal copy."
For a copy of the federal complaint against Sklyarov see:
For the Department of Justice press release on the case see:
For information on other DMCA-related cases see:
The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to websites in the world: