Drop that E-Book or I'll Shoot!, 2002-12-09
With the first ever criminal DMCA trial halfway over, it's already raising novel legal, jurisdictional and ethical challenges.
“
The DMCA does not require that the technological measure protect a copyrighted work from an infringing or illegal use -- only that it protect it from something.
”
ElcomSoft is a Russian company that has specialized in "password recovery" software. At issue in the case is a software program called the Advanced eBook Processor (AEBPR), a program that exploited insecurities in Adobe's E-book reader to allow a user to essentially convert encrypted and copy-protected E-book text to "naked" or unencrypted plain text. As described by the company, AEBPR "lets users make backup copies of eBooks that are protected with passwords, security plug-ins, various DRM (Digital Rights Management) schemes like EBX and WebBuy, enabling them to be readable with any PDF viewer, without additional plug-ins. In addition, the program makes it easy to decrypt eBooks and load them onto Palm Pilots and other small, portable devices. This gives users -- especially users who read on airplanes or in hotels -- a more convenient option than using larger notebooks with limited battery power to read their eBooks. . . ."
The company sold the AEBPR for a few weeks at a price of $99, until it received a complaint from Adobe and, according to pleadings ElcomSoft filed in federal court, promptly withdrew the software from the market.
ElcomSoft's rapid retreat apparently wasn't enough for Adobe, and company engineers complained to the FBI, which began investigating for violations of the U.S. Digital Millennium Copyright Act (DMCA). When ElcomSoft engineer and employee Dmitry Sklyarov traveled to Las Vegas in July of last year to present a paper on E-book security, he was promptly arrested, and later reached a plea agreement with the government in which charges were dropped in exchange for his testimony against the company.
Virtual Sklyarov
The first big surprise in the trial last week was that Sklyarov did not actually testify. Although he was apparently available, and under the control of the government pursuant to the plea agreement, prosecutors chose instead to present edited videotaped testimony of Sklyarov to the jury. In this way, Sklyarov's direct testimony could be carefully controlled by the government, preventing any effective cross-examination during the government's case in chief.
This is just another example of how the government can manipulate the system to acheive the results it wants.
By resting its case immediately after the videotaped deposition, the government was able to leave the jury with only its side of Sklyarov's testimony to mull the weekend. The defense can, and most likely will call Sklyarov as a witness during their case this week, but under the rules governing evidence in federal court, Sklyarov will not be subject to "leading" or "cross examination" questions, because, technically, he will be a defense and not a government witness, despite the plea agreement's requirement that he cooperate with the government.
The U.S. Government -- Everywhere you Want to Be
It's also curious that the United States government asserts criminal jurisdiction over a Russian company for offenses that do not appear to be violations of Russian law, as a result of software that was posted on their webpage... in Russia. This is not wholly unusual; under well established principles of international criminal law a country can apply its domestic laws to activities that occur outside its borders if the criminal act is intended to, and in fact does have consequences inside its borders. Nevertheless, it's a risky thing to do. U.S. companies routinely provide advertising, marketing, technical information, software, products or services on their webpages -- ready for easy download anywhere in the world. The daunting reciprocal implications of this policy is that U.S. companies must, by virtue of their presence on the Web, comply with the laws of every nation, state, borough, canton, county, city and hamlet where the webpage can be seen.
Imagine a U.S. company facing criminal prosecution for violating Chinese laws prohibiting the criticism of the Chinese leader. Would the United States cooperate in such a Chinese investigation, and permit its corporate nationals to be prosecuted abroad?
This is more than a theoretical problem for the government, since they are prosecuting a foreign corporation, not an individual. When a corporation is convicted of a crime, the sentence typically takes the form of sanctions against the company, such as criminal fines, or the Justice Department dictating control of the company's officers and/or directors. But those sanction may not be available against a Russian company. There is no evidence that ElcomSoft has significant assets within the United States, and there is no reason to believe that the Russian Ministry of Justice is prepared to move against ElcomSoft and seize assets in Russia based upon an conviction for a violation of U.S. law.
The most effective remedy would be an injunction preventing ElcomSoft from making this cracking software available in the United States. But, sadly, without the assistance of the Russian government, or ElcomSoft's voluntary compliance, such an injunction would be unenforceable.
A Crime Without an Infringement
More significant than the tactics is the entire theory of the government's case against ElcomSoft. The Russian company is being prosecuted under the DMCA, which prohibits the manufacturing, importing, offering to the public, providing or otherwise trafficking in "any technology, product, service, device, component, or part thereof" that "is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner" under the Copyright Act.
Because ElcomSoft's Advanced eBook Processor program allows a user to take an e-book downloaded from a commercial site like Amazon, and "convert" it to an ordinary .pdf file (with no copy protection), there's no doubt that it "circumvents" a technological measure that protects the rights of a copyright holder. This is true despite the fact that, the testimony in the trial indicated that Adobe had hired not one, but two companies to conduct surveillance and search for unauthorized e-books on the Internet, but was unable to point to a single instance of copyright infringement resulting from what ElcomSoft did.
But that doesn't help. The DMCA does not require that the technological measure protect a copyrighted work from an infringing or illegal use -- only that it protect it from something.
That means that even if the purpose of Adobe's e-book copy protection was to keep journalists from quoting from copyrighted works in literary reviews, circumvention of that technology, or the distribution of software that would permit circumvention, is still a felony.
If I wanted to read a lawfully purchased e-book on my laptop instead of the desktop I downloaded it to, or on a Palm Pilot instead of an e-book reader, or if I wanted to cut a small portion of the lawfully purchased e-book and paste it in materials I was preparing for my class (all legal and non-infringing uses), the law would still preclude the use of the ElcomSoft software for that purpose.
As the case proceeds to the defense, the first ever criminal DMCA prosecution raises novel legal, jurisdictional and ethical challenges. The result is far from certain, although the government has the powerful language of the DMCA on its side. It remains to be seen if the judge or the jury will accept this expansion of copyright law, and the slow continuous winnowing of basic consumer rights.
