http://www.adobe.com/aboutadobe/pressroom/pressreleases/200108/elcomsoftqa.html

The original document is in black and comments are in green.   While I have attempted to summarize issues in a way that should be understandable to everyone, there are some legal details involved.   Be advised that the author is not a lawyer, and nothing here should be taken as legal advice. 

If there are any errors or omissions,  they can be sent to tneu@visi.com.    At this time, this document is considered a draft, so some things in it might change.   Despite it's draft status, you may find it interesting reading. 

For readers that may not be familiar with the debate surrounding this problem, you may want to know that "DMCA" stands for the Digital Millennium Copyright Act. a law passed in 1998 which makes it a crime to provide a way of descrambling information in certain cases. 

I'll also note that ElcomSoft and Adobe are both welcome to clarify their positions on any of these questions, and I will make an effort to make sure any responses sent to me get added to this document. 

This FAQ was written by Tim Neu <tneu@visi.com>, with help from members of the OpenLaw dvd-discuss mailing list. 

The OpenLaw DVD web site can be viewed at http://www.openlaw.org/opendvd. 

Adobe FAQ: ElcomSoft legal background

Legality depends upon what country one is in.

In this case, local laws in force would be those of Russia - which do not have a law against marketing security products.   Adobe is attempting to paint the situation in their favor by calling the companies actions "illegal" when the situation is far more complex than that.   Indeed, in Russia, Adobe's eBook format would be illegal because it does not allow the user to make a backup copy.

In any case, the legality or illegality is for the COURT to decide, and not what Adobe believes or desires.  Furthermore, why are actions being taken against an employee of the company rather than the company itself?   While Dimitri may be the holder of the copyright for the software, the publishers of works have traditionally been accountable for copyright infringement, but NOT the creators of infringing works. 

Even if the jurisdiction is found to be the US, and Dimitry is found to be the true party of interest in this case, that still does not necessarily make his software program illegal. 

The DMCA only outlaws circumvention devices that do not have a significant commercial purpose other than circumvention. 

Since ElcomSoft's e-book reader has been marketed for several uses other than circumvention, it may not be illegal even under the DMCA. 

A software program is a tool - like any other.   A crowbar, for example, can be used in remodeling houses, but also for breaking into them.   Does that mean that crowbars should be banned?   Any inanimate object can be turned to evil uses.   Banning tools because of what they "might" do is very bad public policy - and would eventually end up with everything being banned. 

It should be noted that ElcomSoft's software is capable of many useful legal activities, such as media shifting an ebook from one computer to another, or removing restrictions from texts which are in the public domain. 

Indeed, Adobe distributes many "free" eBooks of works in the public domain, but also charges a small fee for others.   Because these works are in the public domain, Adobe or the eBook publishers themselves have no right to restrict access to them.  This common law has been continually reaffirmed by the courts for centuries. 

Protection of US copyright laws are NOT absolute.   Adobe conveniently ignores this fact, when it suits them. 

For example, under US copyright law, a user of a work, can without permission of the copyright holder: 

1.  Read the book
2.  Copy Excerpts 
3.  Make a complete backup copy
4.  Satirize the book
5.  Dispose of it

There are other rights under the "Fair Use" doctrine in US Copyright law.   The point is, Adobe's security software prevents you from doing these actions, in direct conflict with established copyright law.   This means a program like ElcomSoft's e-book reader, only reclaims rights afforded to the public under copyright law. 

Thus, in many ways, Adobe's software attempts to take with technology what has been denied them by the courts for ages - the ability to completely control every item after it is sold. 

It would be highly unusual if the Supreme Court didn't have something to say about this, since the use of technology in this way by content providers goes directly against centuries of established copyright law.

Stay Tuned! - Several lawsuits are already in process challenging the constitutionality of this radical interpretation of copyright law. 

It is amazing, how far companies will twist an analogy, hoping for a knee-jerk "guilty" connotation. 

First of all, intellectual property and real property are completely different - with completely different laws, rules, and regulations.   The analogy of digital burglary tools is false since burglary involves real property.   One wonders if Adobe might not be so happy about blurring these two, if they had to pay property taxes on every PDF file, or had their software subject to capture by an abandonment clause, as real property can be!

Even if these differences were ignored, the analogy is still inaccurate.   In this case, the software program only has the ability to be used on a purchased e-book! 

So, even accepting Adobe's analogy, the burglar tools would be used by you on property YOU ALREADY OWN INSIDE YOUR OWN HOUSE!

Adobe would just like you to read that sentence quickly, accepting it without question.  But once you realize how deceptive it is, the fallacy of Adobe's half truths and arguments that follow them become even more clear. 

On June 29, two days after receiving the cease and decist letter, Elcomsoft stopped selling their software.   Adobe, however, never had any intention of waiting to see what Elcomsoft would do, nor did they intend to wait 5 business days as their letter dictated.

The day Adobe sent the cease and decist letter, June 26, they contacted Elcomsoft's internet provider and requested that  Elcomsoft's web site be shut down.    The ISP complied, shutting down 12 other web sites which were hosted on the same computer. 

The day they sent the cease and decist letter, June 26, the criminal complaint with the FBI was filed. 

Adobe didn't even wait for ElcomSoft to respond.   This behavior alone is highly improper, but it gets worse. 

Rather than follow what is fair business practices in such a dispute, Adobe chose to elevate this dispute from a civil one involving two businesses to a criminal one involving an employee of the other business.  This is a new form of coercion created by Adobe's legal staff (who, apparently, are far more busy then their programming staff!).

A man was arrested for something his company did in a country where there are no laws against what was done!

Is the next step to arrest citizens of the Netherlands entering the USA for marijuana consumption even though it is legal there?   Do European countries arrest citizens who visit firing ranges while visiting the USA upon their return? 
Would adobe have us eliminate the sovereignty of nations for the protection of its eBooks?   Seemingly so.

More troubling, can a single employee be expected to be responsible for all of the actions of a company? 

Precedents like this will require every person to become an expert in every country's laws, in order to safely publish a web page.   Obviously, this is impossible, and the laws of the least free countries would become binding on the entire internet.    Remember, not every country has a First Amendment like the USA.

This is not clear thinking by anyone involved.  Of course, Adobe is far too interested in making an example of Dimitry to stop and consider what the effect of this precedent will be. 

Hopefully, Dimity's judge will see through this. 

Contrary to some reports, Adobe did not alert the U.S. government that an expert was exposing security weaknesses in its products. In fact, Adobe encourages its customers and the software community, including "White Hat" security experts, to provide feedback on the performance of its software in order to make improvements. In this case, ElcomSoft made no attempt to alert Adobe that it had discovered a security weakness in the Acrobat eBook Reader software. 

ElcomSoft is not under any legal obligation to share this information with Adobe.     ElcomSoft did, however, feel an obligation to inform the security community that Adobe's claims of security were greatly deceptive. 

While it may have been courteous to inform Adobe about the problem, doing so would only have been a formality, as Adobe undoubtedly knows how poorly the security in their products were built.  After all, they did make them!

In any case, that ElcomSoft did not inform Adobe directly of this vulnerability has no bearing on their status as security experts.

Also, the use of technology to deny the owner of a copyrighted work their ability to exercise their traditional rights with that work is a very controversial activity that has not been reviewed in the US court system yet.   Even if Adobe's security system were perfect, that doesn't necessarily mean that Adobe has the right to block access to the work in the first place.   An informed court may decide that the US government will not help those who help themselves, and may deny copyright status when technology is used to prevent "Fair Use" activities from happening. 

There is also a deep philosophical problem here, as publishers are using Adobe's products to gain complete control over their works, even after they are sold. 

This directly contradicts established copyright law.    It remains to be see whether or not this "scheme" will survive a courts scrutiny.   An informed court might well decide that copyright law should not help companies who are already helping themselves. 

ADOBE'S GOALS

Adobe has two goals in this case: 

• To ensure that ElcomSoft stops distributing its illegal "digital lock pick" and is held accountable for its past conduct 
• To help protect the copyrighted works of authors, artists, developers, and publishers 

It is interesting to note that Adobe claims their goal is to make "ElcomSoft stop...".  Yet they swear out a criminal complaint against an employee of the company.   From this example it is apparent that Adobe would much rather confuse these issues, since it is easier for them than defending their behavior. 

As to Adobe's first goal - it would seem that this goal was accomplished immediately after they contacted ElcomSoft, and the entire arrest of Dimitri was quite unwarranted, given ElcomSoft's cooperation.  According to a company statement at planetebook.com ElcomSoft did stop selling the software in question on July 3, 2001, the same day that the Adobe request was received, and 13 days before Dimitry was arrested.   Adobe was already working with the FBI before they even contacted ElcomSoft.

As to the second, if Adobe were to preserve every "Fair Use" found in US Copyright law, I would be in complete support of their position.   However, that is not what Adobe (and other publishers) are doing.  Preserving all fair use rights would require making the entire content available to the user - which would negate the very need of their protective technology.

They are using technology to take away rights which the constitution grants to users of a copyrighted work, according to Supreme Court precedent. 

So far, given the newness of the DMCA, no court has given much scrutiny to this situation - but it cannot be ignored forever.  Already groups all over the US are mobilizing to try to inform citizens about this situation, and lobby to get it corrected. 

General questions 

Q: Has Adobe changed its position regarding the joint statement issued with the Electronic Frontier Foundation (EFF) on July 23, 2001? 

A: No. The press release of July 23, 2001, is still the Adobe position. 

Q: What is Adobe's reaction to the news that the U.S. government intends to prosecute Dmitry Sklyarov and/or ElcomSoft on the grand jury's charges? 

A: Although Adobe withdrew its support for the criminal complaint against Dmitry Sklyarov, we respect the grand jury's and federal government's role in prosecuting this case. However, we are in complete agreement with the government's decision to prosecute the company, ElcomSoft and, as a law-abiding corporate citizen, Adobe intends to cooperate fully with the government as required by law. The indictment returned in this case clearly reflects the grand jury's agreement with the U.S. government that a criminal prosecution is warranted in this case. 

A: The company developed a tool that circumvents the copyright protections in Adobe's Acrobat eBook Reader, and then sold it in the United States. 

As an example, Adobe's eBooks, by not allowing a backup copy to be made, run afoul of Russian copyright laws.   This does not mean that Adobe can be arrested for putting their eBooks on the internet - even though they may be accessible from Russia. 

US law does not give these groups complete control over their works, especially after they have been sold. 

Even the DMCA itself only outlaws decryption without the authority of the copyright holder. 

It is generally understood that this authority is granted to the user of a copyrighted work by their purchase! 

Thus, the law shouldn't even apply in this case.  We're anxiously awaiting the opportunity for a judge to take a real good look at this law.

A: Adobe is not aware of any attempts by ElcomSoft to provide feedback on the security of the Acrobat eBook Reader. Contrary to some reports, Adobe did not alert the U.S. government that an expert was exposing security weaknesses. In fact, Adobe encourages its customers and the software community, including "White Hat" security experts, to provide feedback on the performance of its software in order to make improvements. When "White Hat" security experts notify us of possible weaknesses in security, we work with them to fix the problems as soon as possible. In the ElcomSoft case, Adobe's concern was that a "digital lock pick" was being distributed for profit that would enable others to compromise the copyrighted works of authors, artists, developers, and publishers. This is why Adobe alerted the U.S. Attorney's Office. 

The reader is reminded that: 
1.  ElcomSoft is not obligated to report security problems to Adobe. 

2.  The digital lock pick is YOURS and is only being used on things YOU own.  (in this case, one copy of an e-book).

A: Sklyarov was not arrested for anything he said or for presenting a scholarly paper. According to the press release issued by the U.S. Attorney's Office, Dmitry Sklyarov was arrested as the copyright holder of the "Advanced eBook Processor," a product distributed by his employer, ElcomSoft. He was arrested and charged with a "single count of trafficking in a product designed to circumvent copyright protection measures in violation of Title 17, United States Code, Section 1201(b)(1)(A). This is one of the first prosecutions in the United States under this statute, the Digital Millennium Copyright Act (DMCA)." 

The DMCA, through liberal interpretations of the word "device" in law, has been used to suppress information in many forms.   It is doubtful that Adobe's actions would have been different if ElcomSoft had only published instructions for descrambling Adobe ebooks.

A: Sklyarov has been out of jail on bail since August 6, 2001. On August 28, 2001, ElcomSoft and Sklyarov were both indicted by a federal grand jury on five counts each of violating the DMCA. Both parties entered pleas of not guilty, at an arraignment August 30, 2001, and a trial date was set for November 8, 2001. Adobe intends to cooperate fully with the government in this matter as required by law. 

A: The Electronic Frontier Foundation (EFF) is an electronic civil liberties organization. When the EFF came to the defense of Dmitry Sklyarov, Adobe agreed to meet with EFF representatives to address the situation. After a frank discussion of the issues surrounding this case, Adobe and the EFF issued a joint statement on July 23, 2001, (see press release) in which Adobe withdrew its support for the criminal complaint, stating that "the prosecution of this individual is not conducive to the best interests of any of the parties involved or the industry." 

Q: Why did Adobe drop its complaint in this case? 

A: It didn't. The criminal complaint in this case is the U.S. government's, not Adobe's. Adobe's statement in the joint announcement with the EFF (see press release) was that it was "withdrawing its support for the criminal complaint against Dmitry Sklyarov," stating that "the prosecution of this individual is not conducive to the best interests of any of the parties involved or the industry." However, Adobe continues to support the DMCA and the enforcement of copyright protection of digital content. 

Scientists are unable to publish their research due to fears that the DMCA may criminalize their research.

The DMCA is being used to take down individual web sites by companies without the web site owner ever having their day in court.

The DMCA is being used as a weapon to prevent competition and enhance the profits of powerful cartels. 

It's just not worth it.   The authors are protected by copyright law, but the DMCA only protects rich and the powerful companies.

Any company that actively supports it is threatening the freedoms which are the foundation of our country, and thus the stability of society as a whole .     It is very short-sighted to allow special interests, using the DMCA, this much power over individuals.

A: Our customers are strongly concerned about piracy and the protection of digital content. The intellectual property community has rallied strongly around the DMCA and the government's actions. Those speaking out include the Association of American Publishers, the Business Software Alliance, the Interactive Digital Software Association, the Motion Picture Association of America, and the Recording Industry Association of America. The U.S. Constitution has guaranteed copyright protection for more than 200 years. Clearly, the laws that enforce the protection of digital media are based on the same principles as those that protect traditional media - to protect the copyrights of authors, artists, developers, and publishers while balancing the right to fair use. 

Adobe claims the DMCA is based on similar principles as those that protect traditional media.   Yet, no one has yet been arrested for teaching people literacy! 

The DMCA, though it may be based on some of the same concepts of copyright, effectively re-writes all copyright rules in favor of copyright holders.   The delicate balance of the copyright bargain has been tampered with, and the system now bears no resemblance to what the founders intended. 

In practice, the DMCA has already proven its potential for abuse.  It's only natural that the organizations which are profiting most from this abuse would speak out in favor of the DMCA. 

In case there is any doubt remaining about how far the DMCA goes in destroying traditional copyright law, here is a comparison of rights which the user has for a book - both traditional and electronic.
 
 

Traditional "Book"	Digital eBook
Can be bought or sold at any time	Company technology, protected by the DMCA, can deny this right.
Can be read	May or may not be legal to read the book, depending on the companies use of technology.   The DMCA allows companies to deny the right to read using non company provided reading tools.
Can be used for "fair use" activities	Company technology, protected by the DMCA can deny this right
Has no restrictions on the lawful owner, except the restriction against copyright infringement.	Can have many restrictions on any aspect of use.   The DMCA gives any company invented restrictions the full force of law.   No process is in place to prevent abuse of this system, so abuse is common.

I would encourage you to boycott the member companies of all of these organizations. 

A: Security is an ongoing effort. We are committed to strengthening the security of our products by using sophisticated, industry-standard levels of software encryption and working with the software community, including "White Hat" security experts, to incorporate features to advance the quality of our products. 

If in the future the Supreme Court decides that the DMCA is unconstitutional, but by that time Adobe's security is improved so as to be unbreakable, then the courts have to consider whether copyright status should even be provided to companies which are not abiding by their side of the copyright bargain (allowing fair use, etc). 

At least while the security is weak, people can still make fair uses of eBooks using programs like ElcomSoft's.

Q: ElcomSoft claims that eBooks in Adobe PDF are insecure and that the encryption is weak, including ROT-13, which is notorious for its lack of security. Are those claims true? 

A: Adobe has never sold ROT-13 as a security product. Adobe incorporates sophisticated, industry-standard levels of software encryption to make our products difficult to compromise. However, no software is 100 percent secure from a determined, illegal attack. When used legally and in its intended fashion, the Acrobat eBook Reader secures eBooks purchased by locking the eBook to the hardware for which it was purchased. The ElcomSoft software circumvents that security, compromising the protection of copyrighted works. 

Adobe may be the best judge of whether or not any ROT-13 technology was used in their products - at least until someone can demonstrate otherwise.

However, although no software is 100% secure, there is a difference between a legitimate security system failing and gross negligence in designing the security system. 

If Adobe did use ROT-13 for any of it's encryption, that would definitely fall into the second category. 

A: Adobe designed the Acrobat eBook Reader for Windows to allow users to exchange eBooks like printed books. The Acrobat eBook Reader does allow customers to move the eBooks they purchase between computers through its lending and giving features. If the publishers enable these features, the buyer of an 
eBook can loan or transfer to another Acrobat eBook Reader on the network. To the best of Adobe's knowledge, the Acrobat eBook Reader is the only product that allows for the lending and giving of eBooks. In addition, the Acrobat eBook Reader allows for eBook printing and copying. Finally, the Acrobat eBook Reader includes a text-to-speech feature (or the "Read Aloud" feature) that runs on Microsoft® Windows® 2000 and the Macintosh. 

One does not expect the marketing staff at Adobe to have a grounding in Constitutional law, but the idea that Adobe can dictate post sale which types of  computers can access their eBooks is a bizarre legal notion.

Adobe would also do well to address why works that are in the public domain require lending, printing, speaking, or reading restrictions, since they are by definition owned by the public. 

Allowing publishers to determine which "Fair Use" rights are available is in direct conflict with the entire notion of "Fair Use".    The publisher does not have the right to prevent "Fair Use" activities from happening! 

Not now, not ever! 

Whether the publisher's actions are permissible or not, that does not save Adobe from the scrutiny of their actions. 

Given Adobe's stance and action, it is apparent that publishers, given a financial incentive in reselling public domain books, deliberately imposed restrictions on these works which are incompatible with copyright law. 

These restrictions are then enforced by Adobe.   Any way you look at it, the removal of restrictions is necessary to enable fair use of the work.      Any way you look at it, the publishers have no right to do this in the first place. 

Adobe might well consider their actions in deciding why the market continues to be an "emerging one". 

Could it be that people do not want a restricted product? 

Would you buy a book that had it's cover locked shut? (especially if you had to ask the publisher for the key to open it each time you read?)   No! 

These companies are under the fallacy that customers will take a toll booth when there is a freeway right next to it.     Even if the toll booth were "free", who would want the inconvenience of stopping? 

Adobe's problem is, since "Fair Use" sometimes allows the copying of an entire work, any "new ways" to allow fair use to occur would negate the need to scramble the work in the first place. 

A: Today, the Acrobat eBook Reader is available only for Windows and Macintosh desktop and laptop computers. Adobe is working with standards organizations and device manufacturers on a Digital Rights Management (DRM) scheme that allows for the transfer of copyrighted materials from desktops and laptops to handheld devices.

I also hope Adobe will enforce "Fair Use" concepts without the publisher's permission, if necessary.   This may prevent publishers from abusing access control provisions, and may actually help Adobe's e-book sales.

If their new DRM scheme is anything like every other DRM scheme created since the DMCA was enacted, the end result will only be a choice of shackles for the public to wear.

Q: When did Adobe become aware of the ElcomSoft violation? 

A: In June. We learned that ElcomSoft had developed a "digital lock pick" specifically designed to decrypt our customers' copyrighted eBooks and that it was being marketed and sold online in the U.S. 

The reader is reminded that the digital lock pick is YOURS and is only being used on things YOU own.  (in this case, one copy of an e-book).

Also note, not all books protected by Adobes system are copyrighted!  Those which are not are (by definition) owned by the public, and can be used freely.   The publishers, though, enforce the same restrictions on these works as they do copyrighted works. 

It's interesting that the publishers have such little respect for the system that they say they like so much. 

A: Yes. Adobe alerted the U.S. government of ElcomSoft's possible illegal distribution of its "Advanced eBook Processor." Based on the information gathered in the investigation (see affidavit), the U.S. government chose to take legal action. 

A: Adobe did not order the arrest. That was the decision of the U.S. government based on the information gathered in its investigation. 

The authorities involved, due to the newness of the DMCA, had no precedent to advise them when the DMCA is in effect (and upon whom).  They had little choice but to act on the complaint and let the courts figure it out. 

Adobe appears to be in the situation of a pit bull owner.  Having pointed the dog at somebody standing on their sidewalk, kicked the dog, and yelled "go get-em", they now claim they are not responsible for the damages and that "the dog was out of control". 

Without Adobe's criminal complaint, the US government would not have acted. 

Adobe chooses the word "order" in that sentence carefully.   It is certainly true that Adobe caused the arrest, though it may not be true that they "ordered" it. 

A: The U.S. government decided to pursue a criminal complaint based on its judgment that ElcomSoft's activities violated U.S. law. Despite Adobe's efforts to get ElcomSoft to cease and desist the for-profit sale of these tools, ElcomSoft did not, so Adobe forwarded the information to the U.S. government. 

Even though the letter to ElcomSoft told them that they had 5 business days to stop the sale of their products, Adobe immediately filed the criminal complaint, and asked Elcomsoft's internet provider to shut down their web site. 

All of this was done on June 26, without even waiting for any response from Elcomsoft.    This is highly unethical behavior.   Adobe's actions were reckless, showing a level of respect far below that which even rival companies reserve for one another. 

Adobe is trying to make it sound like they acted as responsible citizens.   The truth is, their actions were completely out of line with normal business ethics,  and indeed lacked even the decency that human beings normally grant to one another. 

They should be absolutely ashamed of themselves. 

A: Although the Internet is universal and crosses national boundaries, cyberspace is not a law-free zone. The defendants in this criminal case are not being prosecuted for any programming they did in Russia. 

Once again, Adobe tries to glance over the fact that Sklyarov is only an employee of the company. 

Also, the jurisdiction issue is far from conclusive. 

1.   English Language Web site - That narrows it down to a few hundred billion.

2.  US Domain name -   Adobe has most likely not even bothered to do research on ElcomSoft's domain name.   In any case, Adobe's statement about ElcomSoft's domain name is incorrect. 

The elcomsoft.com domain is registered and maintained via GANDI (www.gandi.net), in France.

Address:
38 rue Notre-Dame de Nazareth
F-75003 PARIS
FRANCE

3.   Of all major ISP carriers, how many are NOT US based?   MCI, Sprint, AT&T..    (clue: none)

4.   Of all major credit card providers, how many are NOT US based?    Visa, MasterCard, Discover. (clue: none)