DMCA Cases
The DMCA is relatively new as far as laws go, and therefore it hasn’t really
been used extensively so far. There have been several high-profile cases in
which the DMCA was invoked. Let’s take a brief look at two of those cases.
Felten vs. RIAA:In September, 2000, the SDMI (Secure Digital Music Initia-
tive) announced the Hack SDMI challenge. The Hack SDMI challenge
was a call for security researchers to test the level of security offered by
SDMI, a digital rights management system designed to protect audio
recordings (based on watermarks). Princeton university professor
Edward Felten and his research team found weaknesses in the system
and wrote a paper describing their findings [Craver]. The original Hack
SDMI challenge offered a $10,000 reward in return for giving up owner-
ship of the information gathered. Felten’s team chose to forego this
reward and retain ownership of the information in order to allow them
to publish their findings. At this point, they received legal threats from
SDMI and the RIAA (the Recording Industry Association of America)
claiming liability under the DMCA. The team decided to withdraw their
paper from the original conference to which it was submitted, but were
eventually able to publish it at the USENIX Security Symposium. The
sad thing about this whole story is that it is a classic case where the
DMCA could actually reduce the level of security provided by the
devices it was created to protect. Instead of allowing security researchers
to publish their findings and force the developers of the security device
to improve their product, the DMCA can be used for stifling the very
process of open security research that has been historically proven to
create the most robust security systems.
US vs. Sklyarov:In July, 2001, Dmitry Sklyarov, a Russian programmer,
was arrested by the FBI for what was claimed to be a violation of the
DMCA. Sklyarov had reverse engineered the Adobe eBook file format
while working for ElcomSoft, a software company from Moscow. The
information gathered using reverse engineering was used in the creation
of a program called Advanced eBook Processor that could decrypt such
eBook files (these are essentially encrypted .pdf files that are used for
distributing copyrighted materials such as books) so that they become
readable by any PDF reader. This decryption meant that any original
restriction on viewing, printing, or copying eBook files was bypassed,
and that the files became unprotected. Adobe filed a complaint stating
that the creation and distribution of the Advanced eBook Processor is a
violation of the DMCA, and both Sklyarov and ElcomSoft were sued by
the government. Eventually both Sklyarov and ElcomSoft were acquit-
ted because the jury became convinced that the developers were origi-
nally unaware of the illegal nature of their actions.22 Chapter 1