Home News Tech Update White Papers Downloads Reviews & Prices

Reviews аа|аа Clearance Center аа|аа Software аа|аа Most Popular аа|аа AnchorDesk аа|аа Top Rated аа|аа Prices аа

Click Here.

Robert Vamosi
Are 'white hat' hackers unfairly under siege?

Senior Editor, Reviews
Wednesday, August 8, 2001
As I write this, Dmitry Sklyarov is free on bail. Theoretically, the Russian programmer's July 16 arrest at Def Con in Las Vegas should have been a slam-dunk by the Justice Department. After all, Sklyarov was speaking at the convention, promoting a tool that could break the copyright protection in Adobe's eBook software and allow pirated manuscripts to become available on the Internet. But there's much more to it. That's why I agree with Adobe and the Electronic Freedom Foundation: Sklyarov should be allowed to go home to Russia.

Sklyarov created software that can defeat the copy protection code in Adobe's eBook software, and therefore was accused of violating Sec. 1201 of the Digital Millennium Copyright Act (DMCA). A copy of the full DMCA is available here (ironically, in Adobe Acrobat format).

I WAS AT this year's Def Con, but did not attend Sklyarov's presentation, entitled "eBooks Security--Theory and Practice." Reading from my official Def Con 9 program notes (grammatical errors reproduced as printed), "there is one big problem that related with eBooks. Information in electronic form could be duplicated and transmitted, and there is no reliable way to take control over that process. There are several solutions from different companies that were developed to prevent unauthorized distribution of the electronic documents." The note also says that Sklyarov was to talk about flaws in standard PDF; Rot13 used by Paradigm Resources Group; FileOpen by FileOpen Systems; SoftLock by SoftLock Services; Adobe's Web Buy; Adobe's eBook Reader (GlassBook Reader), and InterTrust DocBox plug-in.

If you want to learn what "forbidden" information Sklyarov shared at DefCon 9, Bruce Perens provides an overview here. In short, much of what Sklyarov presented was already known within the security community.

Sklyarov works for ElcomSoft, a Moscow-based software company that I know for its password recovery software. I suppose a product that demonstrates the weak encryption found in Microsoft Office could be used by someone with malicious intent--but no one from ElcomSoft has been arrested for that software. And I suppose a product that demonstrates the weak encryption found in the Adobe's eBook software could also be used for illicit means. Elcomsoft has since removed its eBook software program from its Web site.

SO WHY WAS SKLYAROV DETAINED? Was it for writing the software exploit? Or for talking about his exploit? If it's the latter, then we're in big trouble. Consider:

What if Microsoft decides to use the DMCA to go after Georgi Guninski and other hackers (in the classic sense of the word) who report vulnerabilities and on occasion also write exploits to demonstrate those flaws? Aren't we squelching the whistle-blower hackers (the white hats) who are keeping the software industry in check? Or should we just trust the software giants when they tell us their software security is foolproof and let the worm writers prove otherwise?

Who is the DMCA really protecting? If a single author had filed the DMCA complaint against Sklyarov, I'd understand that. I'd support that. But, as far as I know, no eBook content has shown up on Internet newsgroups because of the ElcomSoft software. So, who has been harmed by Sklyarov's work?

I won't join those who argue that the DMCA is fundamentally flawed; I do, however, agree that its application in the Sklyarov case is unnecessary. If it turns out that we're holding Sklyarov for political reasons alone, now that Fulbright scholar John E. Tobin Jr. has been released from a Russian prison, then let's let Sklyarov go home as well.

Do you think Sklyarov should be allowed to return to Russia? Was his arrest unnecessary? TalkBack to me.

Previous Storyа а

Add Your Opinion

аTalkBack: Post your comment here

No discussion exists, click here to start it
аQuick links to Specs & Prices from these companies
Home News Tech Update White Papers Downloads Reviews & Prices