[free-sklyarov] RE: Arrest of Dimitri Sklyarov

[Jim Youll]

Ms. Gwiazdowski:

As a researcher who has invested considerable effort in the study and design of privacy and security applications, I wish to offer one answer to the challenge you pose in your reply to Mr. Lawrence when you write, "In response to those who attempt to justify circumventing... encryption... AAP urges them to carefully consider how their arguments would apply... in connection with... technological measures used to protect privacy."

In the design of any privacy mechanism, we fail miserably if we are too selfsure to acknowledge that (1) certain absolute protections simply cannot be delivered - therefore we must act responsibly when setting expectations and (2) in those cases where very good technological protections are actually possible, we must take care to avoid naive implementation errors that would allow a determined party to circumvent those protections.

If you are not familiar with current practice in cryptography, I refer you to the work of Bruce Schneier, one of the world's foremost cryptographers and most credible authors on the subject, whose writings are freely available at http://www.counterpane.com/labs.html. There you will discover some long-standing facts that will no doubt shock and alarm you, including publicly accessible records of the common (and time tested) practice by which aggressive peer review and "cracking" (and public revelation of those "cracks") are the norm for establishing the trustworthiness of encryption systems. Good cryptography is an art form. Its prominent practitioners are mathematicians, theoreticians and thinkers of the highest caliber. Yet their work consists to no small extent of the design and testing of "cracks" of existing cryptographic systems.  Why? Because no matter how many laws are passed, or how badly you may _wish_ that bad guys will leave your systems alone, a determined intruder will find a way in if there is one. And a system that is protected only by law and not by true security is not protected at all. As well, I believe Schneier has suggested that a good way to learn how to create a good encryption system is to break a bad one.

To directly address your "challenge" regarding privacy, the revelation of the content of a personal-data privacy system may be assumed to be, prima facie, a significantly more damaging act than the revelation of a commercial electronic book. Nonetheless, the general revelation of much private personal data is not criminally actionable, yet you imply that society will be somehow damaged in the event that a stray copy of "Judaism and Vegetarianism: New Revised Edition" should somehow work its way loose from the grasp of these overdesigned and undersecured machines.

I further remind you that the doctrine of "Fair Use," while not explicitly defined as a consumer "right" in extant law, is nonetheless a long-standing principle that has proven rather significant in the growth of the arts and academic advancement. As well, "fair use" is in fact a right under the law of other nations. I find it shocking to think that any but the most arrogant, greedy publisher would explicitly endorse a technology that:
	(1) makes it impossible to move a purchased copy of a book from one personal reading device (a desktop computer) to another (a laptop computer)
	(2) makes it impossible for blind or otherwise differently-abled people to "access" the book using any device and method that is most suited to their personal circumstances - a device of their own choosing that should be able to read popular unencrypted file formats
	(3) so absolutely subverts fair use that even the extraction of a small block of content for purposes of quotation (as I have copied your quote below) is made impossible
	(4) interferes with the ordinary, socially-beneficial activity of libraries to such a degree that within the DMCA, librarians are expressly permitted to attempt to "crack" access-control schemes to recover a work for the sole purpose of determining whether they wish to purchase a copy for their collection or not
 

The AAP seems to suggest that a substantial portion of the e-book-reading public consists of thieves and cheats. The simple fact is that the piracy that should matter to you, is that piracy which is carried out by professionals having unlimited resources and mass distribution channels, not by parents who download books and then wish to move them to their children's computers, nor by those who need to access the books by "unconventional" means such as braille output devices and specialized screen readers, nor by researchers attempting to exercise their "fair use" rights. How long do you suppose it will be, Dmitry or no, before the professional e-book pirates begin re-keying the text of books, pasting in screen shots and stamping out their goods? Months? How long before they hire a in-house staff of "hackers" to tear these weak methods to shreds and proceed with mass production, unimpeded by either American law or your personal indignation? If the encryption is weak, it will be broken.

I suppose you may wish to argue that a substantial portion of the e-book-reading public is not in fact composed of thieves and cheats, in which case I must complain that if a small number of e-book holders are in fact passing around unauthorized copies, then the actual damages incurred, if any, must represent an insignificant proportion of all sales. If that is the case, then the extreme measures of customer-hostile copy protection on every single e-book (and the over-the-top extreme of criminal prosecution for contributory acts) cannot be justified as an economic necessity.


I'll leave you with a brief (fair use-sized) excerpt from "How I Became a Printer in Philadelphia", by Benjamin Franklin, with thanks to http://www.ukans.edu/carrie/docs/texts/franklin_how.html

<quote>
From a child I was fond of reading, and all the little money that came into my hands was ever laid out in books. Pleased with the Pilgrim's Progress, my first collection was of John Bunyan's works in separate little volumes. I afterward sold them to enable me to buy R. Burton's Historical Collections; they were small chapmen's books, and cheap, 40 or 50 in all... This bookish inclination at length determined my father to make me a printer...
</quote>

Benjamin Franklin, one of this country's most important publishers and thinkers, became who he was due in no small part to the ready availability of inexpensive books that he could resell in order to acquire more books... this option would not have been available to him under the current "lockdown" regime of the e-book systems you apparently endorse.

The behavior of the AAP smacks of a cash grab. It is insulting to the long history of writing and publishing in America by people who cared about the readers more than they cared about extracting every available bit of their readers' money.


Sincerely,

Jim Youll





>Subject: RE: Arrest of Dimitri Sklyarov
>Date: Tue, 24 Jul 2001 14:32:54 -0400
>From: Amy Gwiazdowski <amyg at publishers.org>
>To: "'Andrew Lawrence'" <ausage at smoke-and-mirrors.net>
>
>
>Dear Mr. Lawrence:
>
>AAP stands by its press release of July 22 supporting the anticircumvention
>provisions of the Digital Millennium Copyright Act (DMCA) and commending the
>Department of Justice for acting on its responsibility to enforce the DMCA
>in the matter of Dmitry Sklyarov.
>
>In response to those who attempt to justify circumventing, or trafficking in
>devices that circumvent, encryption and other technological measures that
>protect copyright in the digital environment, AAP urges them to carefully
>consider how their arguments would apply to precisely the same activities in
>connection with encryption and other technological measures used to protect
>privacy in that same environment.
>
>Amy Gwiazdowski
>AAP
-- 

http://www.media.mit.edu/~jim
research assistant . software agents group . e-markets sig
mit media lab . cambridge, ma

Free Dmitry Sklyarov ... Boycott Adobe Systems ... http://freesklyarov.org/