As a United States citizen, the right that I am the most proud of is our almost unrestricted right to publish. The United States is strong in every way because of our free press. The free press is at the root of innovation in the United States. The free press is the reason that the United States leads the world in technology and ideas.
A free press serves as a brake on government and corporate corruption. Although many would like to hide their actions in the dark, the courts have upheld the right to publish information that embarrasses the powerful. Without a free and open press the people of the United States would not have known that the government and military lied to them during the Viet Nam War. We would never have known about the secret "contra" war in Nicaragua, where people working with Ollie North ran arms in and drugs out.
I am writing this Web page about six weeks after the United States suffered the worst terrorist attack in our history. In this dark time the citizens of the United States should reflect on our history and our values. The people who founded our country and wrote our Constitution risked their lives for the freedoms that are guaranteed there. But they also knew that a Constitution was only paper. The only guarantee of freedom is in the people themselves. A people who are cowardly and craven will allow their freedoms to be stripped from them by the powerful.
Our freedoms have been viciously attacked by the Digital Millennium Copyright Act (DMCA). Congress passed this odious law that attacks our First Amendment rights while the lobbyists for the recording, movie and software industry shoveled money into their pockets. The people who voted for this law cared little for our precious freedoms and less for the oath they took to uphold the Constitution.
The DMCA is a direct attack on the right of United States citizens to publish. The DMCA makes it illegal to distribute software, in either object or source form that can defeat copyright protections. A Russian citizen, Dmitri Sklyarov was arrested while attending a computer science conference in the United States. Sklyarov's crime, under the DMCA, was to develop software that defeated the copy protection included in Adobe e-books. Unfortunately software source code, published on the Internet, does not have the clear First Amendment protections that that speech does. However, even speech has been attacked as Professor Edward Felton found out when he tried to publish his paper on the Secure Digital Music Initiative's music watermark.
Historically the United States has given its citizens wide latitude in publishing. Even material which is objectionable to many people may be published. This includes violent pornography, drug and bomb making instructions and fascist screeds. The right to publish has been limited only when there is a compelling reason and the courts have, so far, narrowly defined "compelling. For example, the design of nuclear weapons cannot be published. Nor can the names of covert agents working for US Intelligence. In general classified information cannot be published, but in the case of The Pentagon Papers, publication of classified information was allowed. The US Government has a long history of classifying material to cover-up embarrassing information. The courts have sometimes recognized that embarrassment is not the same as national security and allowed the publication of classified material.
Compelling reasons to limit free speech and publication should not include protecting the profits of large multi-national media corporations. Yet this is exactly what the DMCA does: it limits publication to protect corporate profit. Not only can software that attacks copyright protections not be published, but the DMCA also threatens the right to publish articles that describe the computer science principles behind this software.
The media industry and those who provide protection schemes are attempting to use trade secret law to suppress free speech.
Free speech is never absolute. For example, if I sign an agreement with a company that pays me for my services, frequently I agree not to disclose the trade secrets that I learn about as part of my work. This limits my free speech, but I have agreed to this limitation in advance.
The software industry and Microsoft in particular frequently include a license agreement as part of their software installation. These agreements are long and written in impossible to read legalese. Most users ignore them. Similar agreements are included in software packaging. The theory is that by breaking the seal the user agrees to the conditions in the license.
An increasingly popular condition in these impenetrable licenses is an agreement not to "reverse engineer" the software, protection schemes or anything else the provider does not want you to know. Users who do so violate what the vendor claims is a trade secret agreement. This is the legal argument taken by the Motion Picture Association of America (MPAA) in the suit against anyone associated with the DeCSS software that allows DVD copying.
This is an obscene approach for the MPAA and media vendors to take. These licenses are difficult to understand, even for a well educated college graduate. The licenses are intentionally made to be difficult to understand so users will agree to them without reading the agreement. Requiring a complex license to use a media player or to view a movie on a DVD is simply ridiculous. Claiming a trade secret agreement when no trade secrets are disclosed, as they are between an employee and an employer, is even more outrageous. These agreements have never been challenged in court so it is unclear whether they are enforcible.
Even if one were to accept the outrageous concept that the use of a mass media technology creates a trade secret agreement between the vendor and the user, the liability should at most extend to the person who disclosed the information. The MPAA has attempted to extend the publishing prohibition and liability to anyone who republishes the material (for example, the hacker publication 2600 republishing the DeCSS source code). The publishers of 2600 have not necessarily come into contact with the vendor's products (nor have I ever used Microsoft's media player that supports DRM). So there can be no trade secret agreement between the vendor and any secondary publisher.
Cryptographic techniques do not depend on secrecy. In fact, companies like RSA Security publish their algorithms (for example their RC5 algorithm) so that people outside of RSA can attempt attacks. The fact that the media industry is depending on secrecy to protect their "intellectual property" is a statement of how poor their engineering is.
Recently The Register reported that an anonymous author using the name "Beale Screamer" had cracked the Microsoft Digital Rights Management (DRM) protection scheme for music and other media. The author of this software did not want to follow Dmitry Sklyarov to jail and has remained anonymous. The existence of the DMCA means that no web site in the United States can publish the software that breaks Microsoft's DRM protection without fear of being prosecuted. However, The Register is in England where the DMCA does not apply. At the time of this writing, The Register article has a link to the software that will allow you to down-load it. Software that implements mathematical algorithms tends to be small compared to, say, compilers (this simply reflects that fact that the effort goes into developing the mathematics, rather than the software). Another way to look at this is that with the DMCA in place, it does not take that much source code to get you into lots of trouble. As of the October 18, 2001 release of the software:
|source lines||file name|
I don't have any interest in using this software. I removed it after I ran the the UNIX utility wc on the source files to generate the data for the table above.
One thing that is worth noting is that this is a relatively small piece of software. It should be possible to entirely describe its functionality in English, such that the English can be directly translated by a programmer into C code. Although the courts don't extend First Amendment protection to software source, the First Amendment should cover the English expression of the software source. A program that translated C to a restricted set of english and the restricted set of english back to C could also be envisioned. If the First Amendment did not cover the English result of such a translation, then in theory the First Amendment would not cover mathematics publications either. For example, pure Lisp embodies lambda calculus and could be viewed as an executable form of mathematics. This is true of a language like C as well, although we lose some mathematical properties.
The anonymous author of this software seems to be a professional computer scientist. A great deal of work went into a very sophisticated attack on Microsoft's DRM. Along with the software are well written articles on copyright issues and Microsoft's DRM scheme. These articles are mirrored here, as I down-loaded them from The Register. I have only added HTML formatting. The technical description of the Microsoft DRM is obviously not the work of a "teen hacker", but of a mature computer scientist. The technical discussion includes some important issues about how Microsoft could use this technology to support their monopoly power.
As a United States citizen and resident I cannot publish the software source that went along with these writings without fear of civil and criminal liability. Although the courts have not yet recognized software source as a form of speech, the written word (and these Web pages) are still supposed to be protected by the First Amendment.
I'd like to point out that the anonymous author's words are his, not mine, although I agree with what "Beale Screamer" writes. Don't send me e-mail asking for the source code. I don't have this source code and would not distribute it. Although the DMCA is a horrible and offensive law, like "Beale Screamer", I have no desire to run afoul of it.
In closing it is probably worth noting that an increasing number of computer scientists are taking time from their other work to provide the technical means for people to recover the fair use rights that the DMCA has stolen from them. The power of the DMCA to inspire such bitter feelings in a highly educated and talented group is simply another indication of the fact that it is bad law.
A Modest Proposal: Gnutella and the Tragedy of the Commons on bearcave.com
Attempts to control the flow of copyrighted information, either through legal means, like the DMCA, or through technological means, via "containers" like the MSDRM, are motivated in part by file sharing networks. These networks and related issues are discussed on the web page A Modest Proposal.
Noir by K.W. Jeter, a review on bearcave.com
This is a link to a review of K.W. Jeter's science fiction book Noir. In one of the sub-themes in this book, Jeter follows the RIAA/DMCA argument into the realm of the absurd, where those who violate copyright are consigned to a horrible living death. What is wierd is that for Jeter this does not seem to be satire. Jeter seems to be extremely bitter about copyright infringement.
The article in The Register on the Microsoft DRM attack. The link on the Register's site to the "Beale Screamer" software has been removed. I did not see any comment on why The Register removed this link. See the next list item.
Get the source code at cryptome.org
The guys at 2600 got into hot water for publishing a link to the DeCSS software. Being a mild mannered Bear (here at bearcave.com) I don't want to follow down this path. However, I'm also a naive Bear and, even though that Islamic (ah, I mean Christian) fundamentalist fanatic John Ashcroft is currently the US Attorney General (and Shrub is his boss), I'd like to think that the the First Amendment still holds. So it should be protected speech to mention that the .zip file containing the "Beale Screamer" software can be found on cryptome.org.
Hacker cracks Microsoft anti-piracy software By John Borland Staff Writer, CNET News.com October 19, 2001
Programmer Exposes Microsoft Flaws, By Amy Harmon, New York Time on-line, October 23, 2001.
The New York Times on-line edition requires a registration, but there is no fee.
This is the New York Times article on the Microsoft DRM attack. Microsoft states that they are considering a civil suit. I wonder who they think they are going to sue? Microsoft seems to be getting dumber and dumber when it comes to customer and government relations. Perhaps they really will try to sue "Beale Screamer".
If Microsoft continues the current obnoxious behavior (e.g., Passport, required operating system registration) there may be a backlash in the computer science and engineer community. I have been pretty much Microsoft neutral in the past. I develop software on Windows NT as well as UNIX. But as Microsoft becomes more intrusive, attempting to capture every lose penny and collect "vig" on all transactions that take place via the Microsoft operating system, I have come to dislike them more and more.
Microsoft's music pitch a little off-key by Joe Wilcox, Cnet.com
This articles discusses Microsoft's attempt to make the Microsoft Digital Media player (which contains the Microsoft DRM, discussed here) the standard, supplanting the MP3 format.
Doom for .NET? InterTrust opens up on the MS lawsuit By John Lettice, The Register, October 22, 2001
InterTrust is currently suing Microsoft over the Microsoft DRM scheme in the version 8 Media Player. They are apparently suing Microsoft over .NET as well. I read a comment from a Microsoft flack stating that InterTrust did not even understand what .NET was. This is obviously true, since no one else knows either.
Several years ago I interviewed with InterTrust (way before they went public). From what InterTrust described at the time and from "Beale Screamers" description, it does sound like Microsoft may indeed have infringed InterTrusts patents.
At one time I worked for a company named Quickturn. Years before another company, Mentor Graphics, sold Quickturn a set of core patents. Mentor later decided that they wanted to enter Quickturns business. They designed and manufactured a product that infrindged on the patents that they sold Quickturn. After years of litigation Mentor was unable to lie, cheat or steal their way around these patents (and trust me, Microsoft looks like a bunch of Alter Boys compared to Mentor). So Mentor launched a hostile takeover of Quickturn. Of course Mentor claimed that this had nothing to do with escaping patent liability. Mentor almost succeeded in their hostile take over (Quickturn was bought by Cadence Design Systems).
At the time I wrote this InterTrust has a previous day's close of $1.26, down from almost $100 in March of 2000. Their current market capitalization is about $120 million. Like Mentor, Microsoft might simply try to buy InterTrust. If Microsoft offered, say, $250 million for the company, it's hard to imagine that the stockholders would turn the offer down.
The Windows Media Player globally unique identifier, January 16, 2002
This Web page discusses a globally unique identifier that is created for each user when they install the Windows Media Player (WMP). As this web site notes, this allows both hackers and "content" providers to track usage. This apparently effects Microsoft Internet Explorer version 6 and Windows XP. Microsoft does not seem to regard this kind of breach of privacy as a problem (after all, they have .NET).
Whatever happened to fair use?, Dawn C. Chmielewski, Mercury News, Oct. 31, 2001
This is an excellent article on the media industries attempts to stop their customers from copying material. This article also makes the point that the media industry is at war with their customers.
Chris Gorog, chief executive of Roxio, the leading maker of CD authoring software for PCs and Macs, predicts consumers will rebel against the recording industry's attempts to curb CD burning. It's a phenomenon bigger than recorded music itself -- with an estimated 5 billion blank discs to be shipped this year, compared to 3 billion music CDs sold.
"Clearly, what the consumer wants to do -- and has done now for many decades -- is buy recorded music and have the ability to make copies," said Gorog. "It's been very clear that making compilation tapes, sharing tapes with friends, turning on your friends to new bits of music actually has propelled the growth of the industry. To view the simple act of recording as the enemy is really missing the boat."
For example, the recording industry wants to make CDs unplayable on computers without digital rights management so that CD tracks cannot be "ripped" to a CD-ROM burner. It also means that I can't listen to music on my Windows NT 4.0 system while I write software unless I install a player that supports the recording company's DRM. I don't like installing new software on my system, especially when the sole purpose of this software is to take away the reasonable use of the CD that I've purchased. Also, it appears that these players may only work on Windows XP. Given Microsoft's disgusting behavior I'm not planning on upgrading in the near future. In the end, I'll return the CD. As far as I'm concerned, its defective, since it will not play on my hardware.
The Greatful Dead were famous for allowing recording at their concerts, as long as it took place in an area set aside for this purpose. I remember seeing forests of microphones in the recording area. "Bootleg" recording never hurt "The Dead's" record/CD sales. At some point, musicians, the people who provide the content that the recording industry is trying to restrict, will discover that distributing their product through an industry that is at war with its customer base is a bad idea. Musicians will either start recording companies without these restrictive practices or distribute music through more progressive channels. No industry in a capitalist system cannot survive if they alienate their customer base and do not give their customers what they want.
Movie industry dealt DVD-cracking blow By John Borland, November 1, 2001, News.com
This ruling deals with the publication of DeCSS source code. DeCSS is a program that can break copy protection on DVDs. The recording indutry attempted to block publication of the source code (via so called "prior restraint"). The appeals court held that such prior restraint could only be applied in the most restricted cases. Some quotes from the article:
The California appeals court's ruling Thursday goes the farthest to date in explicitly defining software code as speech. Under that legal reasoning, programmers could still be prosecuted for posting illegal software but could not be prevented from doing so in the first place.
The movie industry's "statutory right to protect its economically valuable trade secret is not an interest that is 'more fundamental' than the First Amendment right to freedom of speech," the judges wrote. Nor is it "on equal footing with the national security interests and other vital governmental interests that have previously been found insufficient to justify a prior restraint."
Unfortunately this ruling does not go far enough. The media industry and the DMCA still threatens scientific discourse. The media industry has claimed that the publication of DeCSS source code is the same as the publication of trade secrets, which the author of the code was privy to as part of the license to view the movie. I'm sure that Microsoft would like to take a similar tack: by using their media player you agree to protect their trade secrets. Finally there is the argument that any attempt to subvert copy protection is a violation of the DMCA.
Copyright Law Foes Lose Big, Declan McCullagh, Wired News, Nov 29, 2001
This article discusses two appeals court losses, one in the case of Prof. Felton suing the government to overturn the prior restraint imposed by the DMCA and the other in the case of 2600 regarding publication of the DeCSS source code. Sadly I believe that I may be related to Lewis Kaplan, the Federal judge who decided the 2600 case.
Online limits of the First Amendment, Robert Lemos, news.com, November 30, 2001
This article is an analysis of the 2600 DeCSS ruling and of the Felton ruling. It is interesting to note the that 9th Circuit Court of Appeals has issued a ruling that is directly counter to to the ruling of the 2nd Court of Appeals. Where there are conflicting rulings in the Appeals courts the Supreme Court is supposed to issue a definitive ruling. I find the idea that speech should be limited to protect the profits of a multinational corporation deeply offensive and I hope the the Supreme court will come up with a better ruling than they did in Gore vs. Bush.
2600's DMCA Challenge Blocked By Declan McCullagh, Wired News, May 17, 2002
The full second court of appeals declined to Review Judge Lewis A. Kaplan's decision. the only option is a Supreme Court review, and this seems unlikely, since the Supreme Court refuses most review requests.
Upholding the DMCA and refusing to recognize that fact that software is a medium for free expression, just as a mathematics journal article is, is misguided and ill informed. I'm embarassed to have the same last name as Lewis A. Kaplan (even worse, we may be distantly related).
The Free Dmitry Sklyarov! web page is every slow, since it is probably having a hard time handling the traffic that it receives. Although we are in the midst of the dark days of the Bush II administration, which a Christian Fundamentalist fanatic as Attorney General, I continue to hope that the US government will drop this stupid case. When this happens, I assume that the above link will disappear.
Dmitry Sklyarov was arrested at the instigation of Adobe. Adobe, realizing that they were facing a huge public relations problem in the technial community decided to drop their complaint. The Boycott Abobe site "declared victory and went home". However, Sklyarov still has a criminal inditement hanging over his head. At least while this is the case I think that you should think carefully about whether you want to purchase software from a company that would use a despicable law like DMCA to arrest a computer scientist visiting the United States.
Russian Hacker Charges Dropped, Wired News reprint of an Associated Press nes release.
1:38 p.m. Dec. 13, 2001 PSTDmitry Sklyarov, 27, had been charged in the first criminal prosecution under the 1998 Digital Millennium Copyright Act.
SAN JOSE, California -- Charges will be dropped against a Russian computer programmer accused of violating copyrights on software made by Adobe Systems in exchange for his testimony in the trial of his company, a spokeswoman for the programmer said Thursday.
Sklyarov and his employer, ElcomSoft Co. Ltd. of Moscow, were charged with releasing a program that let readers disable restrictions on Adobe's electronic-book software. The program is legal in Russia.
Sklyarov was arrested after speaking at a hacking convention in Las Vegas on July 16. He lives with his wife and two children in an apartment in San Mateo and has been working on his doctorate in computer science.
This is only slightly less offensive the the original prosecution of Sklyarov. Sklyarov will be forced to testify against his employeer in return for being allowed to go free. Yet his employer should never have been charged either. I hope that the EFF will take up this defence as well.
ElcomSoft verdict: Not guilty By Lisa M. Bowman, CNET News.com, December 17, 2002
This sorry chapter in applying the odious DMCA came to a close with a not guilty verdict for ElcomSoft. This verdict was hailed as a "huge win" on slashdot.org. This is an overstatement. This case does not allow computer science researchers to publish code that attacks copy protection. The Electronic Frountiers Foundation and Lawrence Lessig went to bat for both Sklyarov and ElcomSoft. Any individual who had to defend such a case without such help would pay a very high price. The threat of losing one's house or life savings to defend a criminal case would induce many people to plead guilty to avoid trial. Only the repeal or significant modification of this terrible law will be a "huge win". The DMCA continues to threaten free expression.
Princeton Scientists Sue Over Squelched Research Electronic Frontier Foundation Challenges Record Companies
Edward Felton's Web Page and the paper Reading Between the Lines: Lessons from the SDMI Challenge (in PDF format).
Prof. Edward Felton is currently an Associate Professor of Computer Science at Princeton University.
What constitutes "fair use", by Marc Canter, news.com, November 20, 2001
Marc Canter's editorial posted on news.com is a good example of the confusion that exists regarding "fair use". Despite what Mr. Canter seems to believe, there is not "right" to fair use, as there is a right to free speech or to arm bears. The fair use doctrine has been inferred by the courts. The rulings seem to be idiosyncratic. Authors and reviewers are allowed to quote small sections of a written work under fair use. But J.D. Salinger successfully asserted copyright to block any quotation from his letters (the author of a letter holds copyright). The Sony Betamax ruling, which has been widely quoted, did not actually give consumers the "right" to copy movies and television programs. The Betamax ruling simply stated that there were important non-infringing uses for video tape recorders and as a result the media industry could not block the sale of these devices. In part fair use doctrine has arisen from issues of practicality. It would be impractical to block the Xerographic reproduction of small sections of copyrighted works. On the other hand, professors do not have the right to copy these works and hand them out to 300 students.
Mr. Canter does make the point that I've made above. Regardless of legal issues, it is stupid and impractical for an industry to attempt to thwart the desires of their customers.
Microsoft Program Tracks User Info by D. Ian Hopper AP Technology Writer, Wednesday, February 20, 2002 8:19 p.m. EST
Microsoft gets yet another black mark for customer privacy invasion. This article discusses how the Microsoft Media player tracks customer usage.
The Customer Is Always Wrong by Steven Levy, Newsweek
On slashdot.org, where I saw the pointer to this article, they summarized Levy's point as:
He [Levy] points out that only the media giants could be so stupid as to think treating their customers like criminals will increase sales.
All this is in response to Senator Fritz Hollings's proposed Security Standards and Certification Act (SSCA). This would go one better than the software schemes for "digital rights" protection, forcing hardware manufacturers to embed features for copyright protection in their products.
Hollywodd vs. the Internet: Why entertainment companies want to hack your computer, by Mike Godwin, Reason Online, May 2002
An article about the attempt of the media companies to totally control intellectual property.
Replacement Attack on Arbitrary Watermarking Systems by Karko Kirovski and Fabien A.P. Peticolas, 2002 ACM Workshop on Digital Rights Management, November 18, 2002
Is the abstract the authors write:
A typical replacement attack relies upon the observation that multimedia content is often highly repetitive. Thus, the attack procedure replaces each signal block with another, perceptually similar block computed as a combination of other similar blocks found either within the same media clip or within a library of media clips. Assuming the blocks used to compute the replacement are marked with distinct secrets, we show that if the computed replacement block is at some minimal distance from the original marked block, large portion of the embedded watermark is irreversibly removed.
This attack on digital watermarking seems to rely on self-similarity in the data. The Holder exponent is a measure for self-similarity. Would Holder exponent measures simplify this attack? Is this yet another place where the multi-resolution features of wavelets could be used?
Ian Kaplan, October 2001
Revised: November 2002