Lars Gaarden larsg at eurorights.org
Fri Aug 17 09:16:06 PDT 2001

Dear Gene,

In your article, you claim that we are overlooking a fundamental
point with regard to the DMCA.

Unfortunately, it seems like you are missing a few points also.

Breaking security is an important part of security research.

I would ask you to take note of the following amicus brief
submitted by noted security and crypto expert Bruce Schneier
in the Felten vs RIAA case. In the declaration, Schneier explains
why the act of trying to break security measures and protocols and
the freedom to publish the results is an integral and important
part of security research.

A quote from the brief:
"9. Unlike many academic disciplines, security is inherently
adversarial. Researchers who invent security systems are always
competing with those who break security systems. Due to the nature
of how security works, it is impossible to categorically state that
a security system is secure. It may be secure against all known
attacks, but there is no guarantee that a successful attack will not
be invented tomorrow. Despite not being able to prove security, it
is quite possible to definitively show insecurity, by explaining how
to break a system, or by publicly demonstrating one's ability to do
so. Since the presence of a negative result (break-in) shows that a
security system is insecure, security can only be demonstrated by
the lack of such results."

The entire declaration is available at:

Creating a tool is not the same as stealing.

"Since when is it okay to steal something just because it wasn't
very hard to do?"

Noone is claiming that stealing is right.

However, neither Felten nor Sklyarov are accused of stealing. They
are accused of making tools, or describing flaws that enable
someone to write tools, that might be used for copyright

The big inconsistency in article 1201 of the DMCA is that it
makes dual-use tools illegal instead of making the act of
copyright infringement illegal. Even tools like lockpicks,
which are clearly designed for breaking locks and are
often used for illegal acts, are not illegal up front.
In most jurisdictions, a court has to find that the person
in possession of a lockpick intended to use it for illegal
purposes in order to convict him. Instead of applying the
same standard to 'circumvention tools', the DMCA makes
using or distributing these tools illegal - with no questions
asked about intent. In other words, 1201 turns the legal
system on its head by saying that people are guilty of
copyright infringement until proven innocent.

Publishers are not free to rewrite copyright law.

You say:
"And let's throw out the baloney about how "noble" hackers are simply
trying to give legitimate customers the fair use rights they deserve.
If customers decide that a company's copy protection schemes are
too restrictive, they'll reject the product, and the seller will go
back to the drawing board."

People don't "deserve" fair use rights. Fair use is an integral part
of copyright law. These rights have been upheld by numerous court
rulings, and are in addition codified in the current copyright law.
Publishers are not free to keep the parts of copyright law they
like and disregard the rest.

Your model will erase the fair use rights granted by law or
upheld by legal precedent, and replace them with the largest amount
of restrictions on fair use that the majority of your customers will

Digital protection measures are not flexible.

"The flexibility of electronic copyright protection products should
result in more equitable pricing that reflects a customer's specific

I am a software developer by trade, with my main focus on networks
and security. Because of that, I have been watching the development
of security and access control technologies with much interest.

You claim that copy protection measures are flexible enough to
cater for all required forms of fair use. This implies to me that you
have only a rudimentary understanding of the challenges and limitations
related to these technologies and their interaction with copyright

To give an example:
The legality of quoting parts of a copyrighted work is determined
by many factors, including the size of the quote and the manner in
which the quote is used. Legal scholars and courts have disagreed
many times about the exact lines. Why do you think that a piece of
software is able to determine the legality of this act, when the
people that have an intimate knowledge of the law can't give an
exact answer?

Equating opposition to the DMCA with disrespect for copyright law.

"Our entire industry is built on the idea that intellectual property
has value. Some of that value is in the manufacturing process, some in
design, some in editing and some in distribution. If there is no
respect for those value steps, we might as well pack up and go home."

Sir, most of the people opposing the DMCA - including many US
law professors - are critical to the law because it is too
broad. It adds a new layer of protection, a layer that is much
larger than the rights granted by copyright law itself.

We are not opposed to copyright law. We understand that authors
and publishers must have a decent chance of making money from
their work. We are not opposed to your right to make money,
we are merely distressed by the damaging effect this law will
have on other parts of society - including the first amendment,
freedom of the press, scientific research, privacy and fair use.

If our professional paths should cross, it is not unlikely that I
will provide you with technical assistance in chasing down digital
copyright infringers.

"Never doubt that a small group of thoughtful, committed citizens can
change the world.  Indeed, it's the only thing that ever has."
- Margaret Mead.

More information about the Free-sklyarov mailing list