December 20, 2002


by Andy Oram
American Reporter Correspondent

(Thanks to generous volunteers, this article is also available in a Portuguese translation by homeyou, an Urdu translation by Samuel Badree, and an Italian translation by CouponToaster.)

CAMBRIDGE, MASS.—Researchers around the world were stunned. A promising young graduate student, Dmitri Sklyarov, came to the United States to deliver his insights about weaknesses in a commercial product to a well-known computing conference. A few hours after his presentation, he was in jail.

I don’t want to belabor this case because it has already been aired in the press a great deal, particularly since last Tuesday’s startling ruling in favor of the Sklyarov’s employer, ElcomSoft, by a jury that was clearly repulsed by the idea of punishing people who make software with legitimate uses.

But Sklyarov and ElcomSoft start off this article because his arrest marked a milestone in modern life—a fulfillment of the old prediction that computer hackers used to utter as a joke: "Write a program, go to jail." It’s still scandalous that Sklyarov spent time in jail for his non-crime.

Sklyarov suffered all this for working on a software product that was perfectly legal in his own country, Russia, but was called a violation of the Digital Millennium Copyright Act in the United States. This software allowed people using the popular Adobe eBook software—so long as they had a legitimate license to the software—to make copies of documents. The Russian software had many legitimate applications under the "fair use" doctrine, but could also be used to make unauthorized copies—and that brought down the vindictive hand of the U.S. Justice Department, which insisted on bringing the case to trial even after Adobe dropped their charges.

Nor was Sklyarov alone. A fifteen-year-old Norwegian, Jon Johansen, was briefly arrested on flimsy charges related to his supposed role in creating DeCSS software, a program that retrieves movies from their encrypted format on DVD. Johansen’s case was in court last week, but I have not heard any news of the outcome. Many others have been sued for similar causes, although they have not faced criminal proceedings.

Civil libertarians and analysts in the computer field have long expected legal tensions about computer and Internet use to come to a head, but they expected it to happen over something overtly political: transmission of censored content, or software that could compromise computer security, or something related to cryptography. (Computer cryptography expert Phil Zimmermann was under investigation by the FBI for a while, but he was never indicted.)

Why copyright? Why did this obscure branch of "intellectual property," this private concern of entertainment and software firms, become the most pressing public policy area of the computer field?

These incidents make us suspect that the multiple tentacles of the "intellectual property" leviathan bear barbed hooks on each end—and that some of the critical issues in modern democracy and discourse may be snagged by them.

Consider an exposé of some powerful institution such as the Church of Scientology. Try to cite their religious training materials—and they’ll get you for copyright infringement.

Reveal hidden flaws in a product’s design? You’ve illegally circulated trade secrets. Put up a web site to criticize a company? Trademark violation.

The past few years have seen uses of all these stratagems to suppress debate and dissent, as well as other cases stretching intellectual property laws to protect the powerful. Indeed, any meaningful self-expression can be construed as trespassing on some right of an intellectual property owner.

And that is the new censorship. The ruling class doesn’t care what scummy secrets you want to write about your sex life. But the moment you touch on anything concerning their power, they’ll find a way to put a stop to it.

The first imperative of the new censorship is place limits on information; to let out just enough to serve the interests of its disseminators and no further. This is the premise of the computer field called Digital Rights Management (DRM).

But the hardest thing in computing (hard enough to be considered formally insoluble) is to display something for the limited edification or entertainment of one person without allowing him to do more. If you want to digitally give a person a movie for just a day, or keep him from transferring it to a different playback device, or keep his friends from watching it after he does—you have one hell of a tough technical challenge.

This pursuit has led large copyright holders, their hired hands in technology industries, and their minions in government on a wild goose chase. Here is the logical chain that DRM twists tighter and tighter:

By this point, it should be obvious to any reasonable reader that the search for perfect copyright control will flounder. But powerful forces are still at it! A fine saga of their quest can be found in an article titled "Hollywood’s Legislative Agenda" by technology commentator Cory Doctorow. (You can find a number of other fascinating articles on related topics in the same online journal.)

Is the goal of perfect control so sinister? Aren’t the copyright owners fighting for their very existence against the scourge of rampant commercial piracy, particularly in underdeveloped nations?

No, the goal of DRM is precisely to hamper the individual user. One can no longer doubt that after a Disney representative says, "There is no right to fair use." (Quoted in Wired News.) And when the industry underlines the statement by using DRM to remove that right, along with the right of first sale and other hitherto unregulated uses. This means:

For the social implications of this new regime, see my article "Never again to validate one’s experience.".

Unlicensed copying on a commercial scale has been taking place since the spread of the printing press, and can be tracked down through conventional means. The people that the big copyright holders have in their sights now are you and me.

But in this I am an optimist. First, the goal of perfect control cannot be achieved. People are used to their rights and will continue to find ways to do the everyday, reasonable things they’ve done. Large-scale outfits will break DRM systems and will provide alternative sources.

There’s something funny about encryption and access control systems. Beneficent ones tend to work and malicious ones tend to fail.

You see, these systems are so complex, so subtle, so fragilly based on multiple levels of mathematics understood by only a handful of people, that they must be developed through open review processes. All successful encryption systems—the ones we use to encrypt files, to order goods over the Web, to let remote staff tunnel into corporate offices—have been developed that way.

Open development does not guarantee correctness, of course. Some real clunkers have emerged from open processes; a recent well-known example is the system used to protect wireless LANs. But without exception, all closed systems are clunkers.

The cracking effort at the basis of DeCSS, which allows every DVD in the world to be cracked, was almost trivial to figure out. The developers of the CSS, which was supposed to protect the DVDs, didn’t even try hard. Their design was amateurish and sloppy. The job of cracking CSS was even easier because one of the movie companies left its secret key on a DVD in plain text—the kind of bone-headed user error that is often the bane of access control systems.

Why don’t DRM developers use open review to create their systems? One reason is that the process takes a long time; another is probably the urge to seek a competitive advantage through trade secrets. But the main reason, in my opinion, is that the security community wouldn’t cooperate. The people who best understand security and access control have an inborn aversion to the use of those systems to impede people’s rights.

So perfect control will fail. That’s the first grounds for optimism.

The second is that people will get bored of controlled content and will turn to open systems that are intrinsically more exciting and engrossing; see my article "Stop the Copying, Start a Media Revolution."

The third is that the public fights back. The ElcomSoft case shows that the public can understand the issues and stand up for its rights when given a voice. Among the first cracks were a modest bill introduced by Representatives Rick Boucher and John Doolittle last October to force companies to label CDs encumbered with DRM controls.

Civil liberties have always come up against the standard practices of entrenched forces as well as against the current law. The attempt of these forces to paint the battle as one of simple revenue streams and author’s rights must be rejected. The fight is a moral one, and the moral imperative lies with those who wish to examine, discuss, and criticize freely.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Editor, O’Reilly Media
Author’s home page
Other articles in chronological order
Index to other articles