US v. ElcomSoft & Sklyarov FAQ

Last Updated: 2:35pm PT, Feb. 19, 2002; Version: 5.0

What is the history and current status of this case?

Dmitry Sklyarov, the 27 year old Russian programmer at the center of this case, was released from U. S. custody and allowed to return to his home in Russia on December 13, 2001. The Frequently Asked Questions (and Answers) which follow this text were prepared by the EFF at the time of Dmitry's arrest in July 2001 and have been updated to take account of subsequent developments. For those familiar with the previous version of the FAQs, the following paragraphs summarize the history of this case and developments since August 2001.

Dmitry Sklyarov was arrested in Las Vegas on July 16, 2001, and charged with trafficking in, and offering to the public, a software program that could circumvent technological protections on copyrighted material, under section 1201(b)(1)(A) of the U.S. Copyright Act, which was made law by the 1998 Digital Millennium Copyright Act (the DMCA). He was also charged with aiding and abetting his employer, Russian software development company, Elcom Ltd (a.k.a. ElcomSoft Co. Ltd), to do that. Dmitry was held in jail until August 6, 2001, when he was released on bail of $50,000, on condition that he remained in Northern California.

On August 28, 2001, a grand jury indicted both Dmitry and ElcomSoft with five counts of violating U.S. law. These include four counts alleging circumvention offenses and aiding and abetting circumvention offenses, under the DMCA, and a charge of conspiracy to traffic in a circumvention program. Under the charges, Dmitry faced up to 25 years in prison and a fine of up to $2,250,000, and ElcomSoft, as a corporation, faces a penalty of $2,500,000. (For further details, see the next question.)

On December 13, 2001, Dmitry was released from U.S. custody and allowed to return to his home in Russia, as part of an agreement between Dmitry and the U.S. Attorney on behalf of the U.S. government. Under the agreement, all the criminal charges against Dmitry will eventually be dropped. The agreement requires Dmitry to testify for the U.S. Government in its continuing case against Dmitry's employer, ElcomSoft. It is likely that Dmitry will also testify on behalf of ElcomSoft.

On January 14, 2002, ElcomSoft's legal team, headed by Joseph Burton of San Francisco law firm, Duane Morris LLP, filed two motions: a motion to dismiss the charges against ElcomSoft on the grounds of lack of jurisdiction and a motion to dismiss the conspiracy count. On January 29, 2002, ElcomSoft's lawyers also filed a third motion to dismiss the charges against the company on the grounds that the DMCA sections under which ElcomSoft has been charged violate the Due Process clause of the Fifth Amendment. The hearings for the first two of these motions will be held on March 4, 2002, and the third will be held on April 1, 2002. All hearings will be before Judge Ronald Whyte in the San Jose Division of the US District Court for the Northern District of California. EFF has filed an amicus brief in support of these motions.

Prosecution Questions:

What are Dmitry Sklyarov and ElcomSoft charged with?

Dmitry Sklyarov and ElcomSoft face five criminal charges in the 20010828_sklyarov_ElcomSoft_indictment.pdf">indictment: four counts of circumvention offenses, and aiding and abetting circumvention offenses, under section 1201 of the DMCA, and one charge of conspiracy.

The first count is a charge of conspiracy to traffic in technology primarily designed to circumvent, and marketed for use in circumventing technology that protects a right of a copyright owner (under section 1201(b)(1)(C) of the US Copyright Act, 17 USC, which was made law by the 1998 Digital Millennium Copyright Act (the DMCA), and 18 USC 371). The second and third counts allege trafficking in technology primarily designed to circumvent technology that protects a right of a copyright owner (under 17 USC 1201(b)(1)(A)) and aiding and abetting (under 18 USC 2). The fourth and fifth counts allege trafficking in technology marketed for use in circumventing technology that protects a right of a copyright holder (under 17 USC 1201(b)(1)(C)) and aiding and abetting (under 18 USC 2). Basically, they were charged with distributing software that can read encrypted Adobe ebooks in a manner not intended by the publishers. Under the charges, Dmitry faced up to 25 years in prison and a fine of up to $2,250,000, and ElcomSoft, as a corporation, faces a penalty of $2,500,000.

Section 1201 of 17 USC contains the technological circumvention prohibitions. Section 1201(b)(1)(A) prohibits any person from manufacturing, importing, offering to the public, providing or otherwise trafficking in "any technology, product, service, device, component, or part thereof", that "is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner" under the Copyright Act. Since software or other information can be used to bypass or circumvent such Ôdigital locks', they risk being banned under this provision and their creators or distributors risk criminal prosecution when done for financial gain.

Section 1201(b)(1)(C) contains a similar prohibition to section 1201(b)(1)(A) but is focused on marketing activity, rather than the design or production of tools. Section 1201(b)(1)(C) prohibits any person from manufacturing, importing, offering to the public, providing or otherwise trafficking in "any technology, product, service, device, component, or part thereof", that "is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner" under the Copyright Act.

18 USC 2 provides that any person who aids, abets, counsels, commands, induces or procures the commission of an offense against the United States or "willfully causes an act to be done" by himself or another person which would be an offense against the United States, is punishable as a principal offender.

18 USC 371 prohibits two or more persons from conspiring to commit a criminal offense against the United States or to defraud the United States. To be convicted of conspiracy, the US government must prove that ElcomSoft or Dmitry did an overt act to further the object of the alleged conspiracy. Paragraphs 3, 6 and 11 of the Grand Jury Indictment of August 28, 2001 set out the Government's factual basis for this charge. The Indictment states that ElcomSoft and others made a partly functional version of the alleged circumventing software, the Advanced eBook Processor program (the AEBPR), available for download from a webserver located in Chicago, Illinois, and provided registration keys to access fully functional versions of the program to people who purchased the program at the website, located in Issaquah, Washington

Are Dmitry Sklyarov and ElcomSoft accused of copyright infringement?

No. Copyright infringement is not an issue in this case and neither Dmitry Sklyarov nor ElcomSoft are accused of infringing any copyrights. ElcomSoft claims that its Advanced eBook Processor software can't be used by anyone except for people who have already lawfully purchased the right to view the eBooks from eBook retailers.

Instead, this case hinges on new, and constitutionally suspect provisions that were added to the Copyright Act by the DMCA. These provisions (see above for details) do not address copyright violation, but rather the distribution of tools and software or information that can be used for copyright infringement as well as for legitimate non-infringing uses, such as fair use.

Is it illegal under the DMCA's anti-circumvention provisions for people in the US to use the software Dmitry Sklyarov allegedly wrote and ElcomSoft allegedly distributed?

The DMCA's anti-circumvention provisions don't prohibit the mere possession or use of a section 1201(b)(1) circumvention technology (copy controls), so it's legal to use AEBPR in a non-infringing way. Paradoxically, although it is legal for people to bypass these controls and exercise fair use rights, the provision of them is illegal under Section 1201.

Is this a civil lawsuit or a criminal prosecution?

This is a criminal prosecution brought under section 1204 of 17 USC by the United States Department of Justice. To convict Dmitry and/ or ElcomSoft and trigger the criminal penalties in the DMCA, the government must prove that they acted willfully and for the purposes of commercial advantage or private financial gain.

If they are convicted, what are the penalties for these charges?

Each of the four counts of circumvention offenses under section 1201 of the DMCA (or aiding and abetting those offenses) carries a fine of up to $500,000 and/ or up to 5 years in prison. The conspiracy charge carries imprisonment for up to 5 years and a fine of up to $250,000 for an individual, and a fine of up to $500,000 for a corporation. For the five charges, Dmitry faces a fine of up to $2,250,000 and imprisonment of up to 25 years. As a corporation, ElcomSoft faces a fine of up to $2,500,000.

Has anyone else been prosecuted under the anti-circumvention provisions of the DMCA?

Dmitry and ElcomSoft are the first software developers to be prosecuted under the criminal provisions of the DMCA. A criminal case was previously initiated in Florida over satellite black boxes, but that case never went to trial.

However, there have been several previous civil lawsuits under the DMCA. EFF has been involved in the largest of these: the 2600/Corley case (a.k.a. "the New York DVD/DeCSS case"), and the case brought by Professor Ed. Felten's research team and Usenix after the RIAA, SDMI and a company called Verance threatened the team with action under the DMCA for presenting a paper about the weaknesses in the technological protections being developed for digital music.

Who is prosecuting Dmitry and ElcomSoft?

The U.S. Attorney and the Department of Justice are prosecuting Dmitry and ElcomSoft on behalf of the United States government. As part of an agreement made by Dmitry on December 13, 2001 (see above), the U.S. Attorney has allowed Dmitry to return home to Russia, and agrees to eventually drop the criminal charges against Dmitry.

What is Adobe's role in this case?

Adobe Systems Inc. is a San Jose-based software developer that produces an eBook Reader - a software program that is designed to protect the content of an electronic book and allows readers to view the eBook's content on the reader's PC. Dmitry was arrested after Adobe officers brought ElcomSoft's software program to the attention of the FBI on June 26, 2001 (see original complaint and paragraph 5 of the affidavit filed in support of the complaint by FBI Special Agent O'Connell). Adobe was concerned that the software allegedly developed by Dmitry (as an employee of ElcomSoft Co. Ltd.) allowed people to copy and view eBooks in Adobe's eBook format in other formats and on multiple computers.

After EFF met with Adobe representatives on 20 July, Adobe joined with the EFF in recommending the release of Dmitry from federal custody, and withdrew its support for the criminal complaint against him. [Joint Press Release].

Can the Government continue the prosecution if Adobe has withdrawn its support for the complaint?

Yes. The original criminal Complaint was filed by the US Government and only it has the ability to halt its prosecution.

Where will the case be brought?

The US District Court for the Northern District of California in San Jose, California.

When will the trial or other court actions take place?

No trial date has been set by the court yet. ElcomSoft's lawyers have filed three Motions to dismiss the charges against the company.[Insert three urls] The hearing for these motions will be on 4 March 2002 and 1 April 2002 before Judge Whyte. EFF will include upcoming court dates, as they are set, in our press releases and our EFFector newsletter.

Has Dmitry gotten out of jail on bail pending trial?

Dmitry was released from jail, on bail, on August 6, 2001. His bail conditions required him to stay in Northern California. In December 2001 Dmitry Sklyarov was released from U.S. custody and allowed to return home to Moscow.

Questions about Dmitry Sklyarov and ElcomSoft:

Who is ElcomSoft?

ElcomSoft Co. Ltd. is a Russian software company that develops various security-related products, including password products used by US government agencies to recover Word and Quicken files. One of their products is the Advanced eBook Processor (AEBPR). Dmitry Sklyarov is a programmer employed by ElcomSoft.

Who is Dmitry Sklyarov?

Dmitry is a 27-year-old programmer, a PhD student researching cryptanalysis (electronic security) at a Moscow University, a respected cryptographer and an employee of ElcomSoft Co. Ltd. He is married and is the father of 2 small children.

Why was Dmitry arrested?

It's not clear. As part of his work for ElcomSoft Co Ltd. in Russia, Dmitry allegedly developed the algorithms on which the AEBPR program is based and allegedly wrote some of the AEBPR program. The Indictment of August 28, 2001 alleges that the AEBPR software was available for purchase until July 20, 2001 at, a site based in Issaquah, Washington and that a partly functional version of the program was available at a webserver in Chicago, Illinois.

The prohibition in section 1201(b)(1)(A) of the DMCA is against "any person" from manufacturing, importing, providing, offering to the public or otherwise trafficking in a circumvention technology. On the assumptions (which of course are by no means proved) that AEBPR would be found to be a circumvention device banned under section 1201(b)(1) and that it would be found that that program was distributed within the US, it could be argued that Dmitry assisted his employer in manufacturing such a tool in Russia. However, the DMCA anti-circumvention provisions would not likely be triggered by manufacture in Russia, and it is EFF's understanding that manufacturing such a tool is not illegal in Russia. EFF also understands that Dmitry was not involved in distributing the program in any way. People have speculated that legal action was taken against Dmitry because he was on US soil for the Def Con conference, and his physical presence would make it easier for the government to establish jurisdiction under US law.

According to the Affidavit filed by the FBI Special Agent in support of the original criminal Complaint, the FBI appear to have arrested Dmitry on the basis that they believed that he (and not ElcomSoft) was the person who owned the copyright rights in the AEBPR program. The FBI's Affidavit (para 20) and the Department of Justice's Press Release on 17 July both refer to Dmitry's ownership of the copyright. The current version of AEBPR (2.2) appears to list ElcomSoft Co. Ltd. as the copyright holder on its opening window.

Why was Dmitry in the US?

He was invited to give a presentation at the DEF CON conference in Las Vegas about the electronic security research work he has performed as part of his PhD research. His presentation concerned the weaknesses in Adobe's eBook technology software. Dmitry was arrested at his hotel in Las Vegas, on 16 July, as he was leaving to return to Russia.

What is DEF CON?

DEF CON is a major annual technical conference which attracts about 4000 people. It has been held for 9 years. It is widely attended by professional and amateur security experts, cryptographers, computer programmers and self-styled hackers, who work for governments, universities, and private companies. They share research findings, discuss developments in computer and network security, educate newcomers to the field with tutorials and panel discussions, and demonstrate the latest offensive and defensive computer security technologies. The conference is named for the DEFense CONdition of the country, a military measure of how close the US is to launching nuclear weapons, which was popularized in the 1983 movie War Games. See

Was Dmitry arrested because of the speech he gave at DEF CON?

No. He was arrested for allegedly trafficking in software which could circumvent the technological protection on eBooks in Adobe's eBook format. However, he was at DEF CON to discuss the weaknesses in the security of Adobe's eBook software and AEBPR. And, had he not come to DEF CON, he would have remained outside US jurisdiction and probably would have been less likely to have been arrested.

Where is Dmitry now?

In Russia. Dmitry was released from U.S. custody and allowed to return to his home in Russia on December 13, 2001. Before then, he was arrested in Las Vegas and held in a local jail briefly, then held in the Oklahoma City Federal Prisoner Transfer Center until August 3, 2001, when he was transferred to the San Jose (CA) Federal building. In total he was incarcerated from July 16 to August 6, 2001, when he was released on $50,000 bail (though required to remain within the federal court district of Northern California, until Dec. 13, 2001).

Who are Dmitry's and ElcomSoft's legal representatives?

Dmitry Sklyarov is represented by attorney John Keker of San Francisco law firm Keker & Van Nest. ElcomSoft is represented by Joseph Burton, a partner in the San Francisco office of law firm Duane Morris LLP. Although EFF does not currently represent Dmitry Sklyarov or ElcomSoft, the organization is assisting with their defense and filed an amicus curiae brief about the constitutional problems with the anti-circumvention provisions of the DMCA. Seven additional public interest and consumer protection groups signed-on to EFF's amicus brief of February 4, 2002.

Can the US even have jurisdiction over Dmitry and/or ElcomSoft for developing software in Russia that is perfectly legal to distribute in Russia?

('Jurisdiction' is the legal power of a Court to decide a case and give judgment against a person or entity. If the US Federal District Court has criminal jurisdiction over Dmitry and ElcomSoft in this case, it can hear the case and decide whether either of them violated any US law.)

Whether a US Court can have jurisdiction over a person or a company is a complex issue. Courts consider the nature of the act prohibited by the statute and where it physically occurred (subject-matter jurisdiction, in "legalese") and whether the alleged violator has sufficient connection with the US for a US court to legitimately exercise physical power over the person or entity (personal jurisdiction). The general presumption is that acts of copyright infringement and related alleged crimes which occur completely outside of the US cannot be litigated under US copyright law unless Congress intended the particular law to apply outside of US territory. It's not clear that Congress intended the anti-circumvention provisions of the DMCA to apply to acts done outside of the US.

Whether jurisdiction exists in this case then depends on how a Court construes the nature of the acts prohibited by section 1201(b)(1)(A) and section 1201(b)(1)(C) and where the Court considers that these acts physically occurred. The wording of sections 1201(b)(1)(A) and (C) doesn't shed much light on this. It prohibits any "person" to "manufacture, import, offer to the public, provide or otherwise traffic" a circumvention "technology, product, service, device, component or part thereof". The basis of the charges against Dmitry and ElcomSoft appear to be "trafficking" in the AEBPR software and/or "providing" it to the public (in relation to section 1201(b)(1)(A)) and "marketing" the software (in relation to section 1201(b)(1)(C)). For jurisdiction to exist in this case, the court would probably consider whether an act of importing, offering to the public, providing or otherwise trafficking in, or marketing of, the AEBPR software took place and if so, whether it could be said to have occurred in US territory.

Dmitry is a Russian resident, and the company that employs him, ElcomSoft Co. Ltd., is a Russian company. However, the Indictment of 28 August 2001 alleges that ElcomSoft made available a partly functional version of the AEPBR software on a webserver located in Chicago, Illinois (paragraph 3 of the indictment) and also alleges that ElcomSoft contracted with a US-based online service, RegNow, based in Issaquah, Washington to sell a fully functional version of the AEPBR software. Purchasers' payment information was verified by RegNow, and after confirmation, ElcomSoft allegedly sent an electronic key to the purchaser (paragraph 3 of the Indictment). From the information contained in the Affidavit in support of the original Complaint, it appears that the software had stopped being sold on the US website by 3 July, after Adobe sent a cease and desist letter to ElcomSoft and RegNow in late June 2001 (paragraphs 10 and 11 of the Affidavit and information from ElcomSoft's website). If the alleged violation in this case was trafficking, then for subject-matter jurisdiction to exist, the court would have to find that making the software available for purchase from RegNow in the US or making the partly functional version of the software available on a server in Chicago, Illinois, was sufficient for "trafficking" and that Dmitry and/or ElcomSoft were involved in doing that.

To establish personal jurisdiction, the Court would have to find that there is a sufficient connection between the US and the person charged with the crime. Courts look at whether there is sufficient "minimum contact" between the person and the place where the alleged harm took place. As Dmitry entered the US, the court would probably find that his physical presence was sufficient. Jurisdiction over ElcomSoft and its website is more complex. For cases involving jurisdiction over websites with interactive interfaces, courts have looked at the level of interactivity of the website and whether there is a commercial exchange of information between the site and a user to decide this issue. In this case, this would probably involve looking to see whether there were contracts for purchase of the AEPRBR software, and if so, whether those previous contracts were, legally, made with ElcomSoft or with the US sales website, RegNow.

If the US court finds that both subject-matter jurisdiction and personal jurisdiction exists, the fact that the AEBPR was perfectly legal in Russia probably won't stop the court from hearing the case. (Although it is arguable that it might go towards a defense - for instance, because it goes to the intent of Dmitry and ElcomSoft, and for the criminal provisions of the DMCA to apply, the court must find that Dmitry and ElcomSoft were acting willfully and for the purpose of commercial advantage or private financial gain.)

Please Note: Since these FAQs were written, on Feb. 19, 2002, ElcomSoft's legal team has filed three Motions to Dismiss the charges against ElcomSoft on the grounds of lack of jurisdiction. These motions will be heard on March 4 and April 1, 2002. To read them, see the case archive:

Questions about eBooks and the Advanced eBook Processor software:

What does AEBPR do?

ElcomSoft's Advanced eBook Processor (AEBPR) allegedly removes the technological protection from eBooks that are in Adobe's eBook format and converts them into Adobe's Portable Document Format, so that people can use eBooks in more expanded ways than currently available under the Adobe eBook format. It also allows the eBooks to be read or processed by third-party software, not just Adobe's eBook Reader software. In effect, the AEBPR program removes the various restrictions (against copying, printing, text-to-speech processing, etc.) that publishers can enable or disable under Adobe's digital rights management system. The program is designed to work only with eBooks that have been lawfully purchased from sales outlets.

Adobe's eBook format is actually a security system. By itself, it does not actually provide encryption of electronic books. Instead, third-party plug-ins, such as WebBuy, "sit" inside Adobe's infrastructure to provide the encryption and decryption. Adobe's system contains the various use restrictions which publishers can enable or disable (such as copying, loaning, printing or text-to-speech conversion). Dmitry's research allegedly identified a weakness in the Adobe infrastructure and its relationship to the third-party plug-in software. The AEBPR program allegedly intercepts the decrypted version of the electronic book after it has passed through the third-party plug-in, and puts it into a PDF (instead of the eBook Reader). The intercepted decrypted file is free of the use restrictions which are added by the Adobe eBook Reader, and can then be read by any third-party PDF reader, such as Ghostscript or xpdf, or Adobe's Acrobat reader.

Why do people need it?

The AEBPR program allows lawful purchasers of eBooks to exercise fair use rights in relation to these eBooks, which would otherwise not be possible with the current Adobe eBook format. For instance, the program allows people who have bought an eBook to do the following things with an eBook that has been distributed with use restrictions, none of which would be possible without ElcomSoft's software:

      • read it on your laptop or computer other than the one on which the eBook was first downloaded;
      • read it on your PDA;
      • continue to access a work that you've purchased when the "original" version downloaded is not accessible, for instance because of a hard disk failure or an upgrade of the operating system of the computer on which the eBook was first downloaded (since, in the absence of such a tool, it would not be possible to access the eBook that you've bought in these situations unless you obtain permission from Adobe's tech support personnel);
      • continue to access a work in the future, if the particular technological device for which the eBook was purchased becomes outdated;
      • print out an eBook so you can read it on paper;
      • read an eBook on an alternative operating system such as Linux (Adobe's format works only on Macs and MS-Windows PCs);
      • loan it to a friend;
      • copy snippets of a work to include in a school project, a critique, academic research, or a parody;
      • have your computer read your eBook out loud (i.e., with text-to-speech software), which is particularly important for visually-impaired people.

In its recent statement, the Electronic Publishers Coalition recognized that if the market for eBooks is to grow, readers' rights need to be the paramount concern of the industry and greater leeway needs to be provided to readers to make uses of eBooks such as the ability to access a purchased work when a reader upgrades his or her computer's operating system.

What is an eBook?

There are a range of "electronic books". In essence, they all allow you to download the text of a book onto a computer via the Internet. At one end, there are electronic books which are text stored electronically and protected by digital rights management (DRM) systems, such as the technological protection used in Adobe's eBook Reader. The DRM allows the electronic publisher to give or refuse a set of permissions in relation to the document (such as copying and printing).

At the other end of the spectrum, there are electronic books which are simply electronically stored text files, published in ordinary standard document formats, such as Adobe's Portable Document Format (PDF), HTML and plain text (such as Project Gutenberg).

Are there other eBook readers than Adobe's?

Yes, both Palm and Microsoft also produce eBook readers. Adobe's eBook format is not compatible with these formats.

Is Adobe's eBook Reader more restrictive than the other eBook readers?

In theory, the Adobe eBook Reader is less restrictive than the Microsoft eBook Reader because the Adobe eBook Reader allows publishers to enable or disable permissions to allow readers to loan, copy and print eBooks and to allow the eBook reader to read the text out loud. As the statement previously released by Adobe states : "Lending, printing, copying, giving and text-to-speech are permissions enabled by the publisher" or disabled by the publisher. Of course if these "permissions" aren't given, then eBooks are as restrictive as other eBook readers.

If Adobe's eBook Reader allows publishers to set permissions to allow users to loan and print eBooks that they own, what's the issue?

Adobe's eBook Reader doesn't allow users to make fair use of electronic books. Fair use is a long-established limitation on the rights given to copyright holders under copyright law. By definition, fair use is an ability to use a part (or in certain situations, all) of a copyrighted work for a recognized legitimate purpose, without having to seek the prior permission of the copyright holder. This is particularly true in cases of parody or criticism of a work (both of which have been recognized as fair use), where the owner of the copyright may not wish to give permission to the user to use the copyright work. The public policy rationale behind allowing such fair uses is that society as a whole benefits from the exchange of information and ideas when users are able to use works in this way.

Adobe's eBook Reader allows users to make some fair-use-type uses of eBooks, but only with the permission of the publisher or Adobe, depending on the use. For instance, users can copy, loan or print Adobe format eBooks if the publishers set these permissions accordingly (that is, give their permission). Users can also access an "original" eBook that they have purchased if it becomes inaccessible because the user has upgraded his or her computer's operating system or had a hard disk failure, by calling Adobe's technical support department (according to Adobe's previous press release). However, each of these features (copying, loaning, translation for the blind, and using a portion of a work) are recognized legal rights under copyright law and would be exercisable without any prior permissions if the work being viewed was in a paper format, rather than a digital format with digital rights management technological restrictions.

Why is Adobe's eBook Reader a problem for visually impaired people?

Visually impaired people rely on the ability of their text readers to read the content of their electronic material out loud. Adobe's eBook Reader has a text-to-speech feature which can be enabled or disabled by the publisher. There are also third-party text-to-speech programs -- almost every blind computer user has one of some description. Many of these work with (i.e. vocalize the text of) regular PDF documents nowadays. It is not clear that users' existing third-party electronic texts/books will work with Adobe's eBook Reader, and the Adobe eBooks appear to be designed not to work with the third-party text-to-speech readers (in the sense that they are designed not to be "viewed" in any way by any third-party software).

What is the DMCA and what's its impact?

What is the DMCA?

The Digital Millennium Copyright Act was enacted in 1998. It is sometimes claimed that it was enacted to implement the US's treaty obligations under the World Intellectual Property Organization (WIPO) Copyright Treaty and the Performances and Phonograms Treaty, but during the hearings on the law, Administration officials testified that the anti-circumvention provisions of section 1201 were not required by the treaties. The treaties only required signatory countries to "provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights." Scholars have noted that US copyright law contained adequate legal protections and remedies to meet the US treaty requirements even without enacting the DMCA. (See EFF Board Member Professor Pamela Samuelson's paper on this issue.)

The DMCA inserted new anti-circumvention provisions into the Copyright statute. These make it an offense to engage in an act of circumvention of a technical protection (section 1201(a)(1)), to develop and provide tools to others which would allow them to access a technologically protected work (section 1201(a)(2)) and to manufacture, import , provide or traffic in tools that would enable another to circumvent protection to copy a protected work (section 1201(b)(1)(A)). The DMCA's anti-circumvention provisions have both civil and criminal penalties carrying a maximum of 5 years' imprisonment and/ or a fine of up to $500,000 for a first offense. The EFF believes that the DMCA's anti-circumvention provisions are overbroad and unconstitutional, as well as being bad policy. The EFF has made numerous submissions to Congress on these issues and is currently involved in two civil lawsuits under section 1201.

Have there been any Civil cases involving the DMCA's anti-circumvention provisions?

There have been several previous civil lawsuits under the DMCA. EFF has been involved in the largest of these: Universal v. Corley, et al. and the closely related Universal v. Hughes cases (the NY and CT DVD/DeCSS cases);, and Felten v. RIAA, an action brought by Professor Edward. Felten and his research team and Usenix. The other two civil suits are: RealNetworks v. Streambox and Sony v. Gamemasters.

In the DeCSS/DVD cases, the alleged circumvention tool was DeCSS, which allowed Linux OS users to play DVDs without needing to wait for the industry to provide "authorized" device drivers for DVD-ROM drives under Linux. 2600 Magazine and its editor Eric Corley were sued even though 2600 simply reprinted the program (and later just linked to it) as part of its news coverage of the debate around DeCSS. Likewise, a variety of other defendants were sued simply for providing access to DeCSS, despite its perfectly legitimate uses.

In the action brought by Professor Felten, his research team and Usenix for a declaratory judgment against the DMCA, at issue was the publication and presentation of research work done by Professor Felten and his colleagues concerning their successful breaking of "digital watermark" copy prevention on music files. As part of the Hack SDMI Challenge in which the recording industry challenged the public to test the security of the draft SDMI copy prevention systems, Felten's team defeated a number of SDMI protection schemes. To claim the offered prize required agreeing to not reveal the technical details. The Felten team declined the prize and decided to publish, but were subsequently sent DMCA-grounded legal threat letters by SDMI member companies, thus establishing the First Amendment "chilling effect" of the DMCA. The case also involved the Usenix technical conference organization, which was concerned that, like Dmitry, it could be subject to criminal liability for hosting the security conference where the Felten paper would be presented, since it earns income from its conferences. Although the RIAA and its member companies withdrew their concerns prior to the conference on August 15, 2001, and permitted Professor Felten and his team to give their paper, there is no guarantee that a similar threat to publication of scientific research will not occur again.

In RealNetworks, Inc. v. Streambox, Inc., 2000 WL 127311, LEXIS 1889 (W.D. Wash. January 18, 2000), RealNetworks sought a preliminary injunction to stop Streambox from distributing and marketing products (the Streambox VCR, the Ripper and the Ferret) which allowed consumers to make unauthorized modifications of RealNetworks' copyrighted software programs to access encoded RealAudio and RealVideo files, which it alleged violated the DMCA's anti-circumvention provisions. The Streambox VCR allowed users to access and download (i.e. copy) encoded RealMedia format files that were streamed to the user. The Ripper is a file conversion program that allows users to convert RealAudio files to other formats, such as .wav, .rma and .mp3, and conversion of files between each of these formats.

This case involved a preliminary injunction hearing, not a trial on the merits, so the Court was concerned with deciding whether RealNetworks would be likely to succeed if the issue went to trial and whether it would suffer irreparable harm. The court found that the Streambox VCR was likely to be a violation of both the "access" and "copy" control anti-circumvention provisions of the DMCA (section 1201(a)(2) and 1201(b)), which prohibit developers from distributing products that circumvent technological measures that prevent consumers from obtaining unauthorized access to or making copies of copyrighted works. However, the Court denied RealNetwork's motion for a preliminary injunction in relation to Streambox's Ripper file conversion application, on the grounds that the product had legitimate and commercially significant uses, so RealNetworks was not likely to succeed in its claim that the Ripper violated section 1201(b)(1)(A) or (B) of the DMCA (see paragraph 29).

In Sony v. Gamemasters, et al., 87 F. Supp. 2d 976 (N.D. Cal 1999), Sony sought and was granted a preliminary injunction against Gamemaster to stop it selling "Game Enhancers", which it alleged violated section 1201(a)(2)(A) of the DMCA, the "access control" prohibition. The Game Enhancers allowed import game cartridges (i.e. those from a geographical zone other than the US) to be played on Sony's PlayStation. This case also involved a preliminary injunction hearing, not a trial on the merits, so the Court was concerned with deciding whether Sony would be likely to succeed if the issue went to trial and the possibility of irreparable harm. The Court found that the Game Enhancer appeared to be a device which had the primary function of circumventing "the technological measure (or a protection afforded by a technological measure)" used by Sony "that effectively controls access to a system protected by a registered copyright", and thus violated section 1201(a)(2)(a) (see paragraphs 39-40).

In Universal City Studios, et al. [members of the Motion Picture Association of America (MPAA)] v. Huges,filed in the US District Court in Connecticut on 14 January 2000, the MPAA sought monetary damages and an injunction against Hughes to stop him posting DeCSS code on his Connecticut website,, which the MPAA alleged violated section 1201(a)(2) of the DMCA's anti-circumvention provisions.

There is also another DeCSS case, filed by the DVD Copy Control Association (DVD-CCA, whose membership largely overlaps with that of MPAA) under California trade secret law in a CA state court. This case is DVD-CCA v. McLaughlin, Pavlovich, et al., and seeks damages from several hundred defendants, but does not at present raise any DMCA issues directly. EFF represents defendant Andrew Bunner directly.

For the current status of the DMCA cases in which EFF is involved, please see EFF's website:

Why are people concerned about the DMCA and Digital Rights Management systems?

One of the many concerns with Digital Rights Management and technological protections of copyright such as Adobe's eBook Reader is that works in which copyright no longer exists will and which otherwise would have moved into the public domain, will not be accessible for public use. Copyright law was never intended to give authors and content creators an unlimited set of monopoly rights. Current copyright law gives creators exclusive economic rights (subject to fair use and noninfringing use) for a period of 70 years plus the life of the author. However, when public domain works are wrapped in encryption with use limitations, even if a work is no longer protected by copyright and is part of the public domain, public users will not be able to access the content of those works. This is a particular concern because public domain works are increasingly being wrapped in technological protection. Section 1201 of the DMCA outlaws all access and copy tools, so the public is not able to gain access to or copy public domain works that have been wrapped in digital protection.

For other articles outlining concerns with Digital Rights Management, see:

John Gilmore's "What's Wrong With Copy Protection?":
and Richard Stallman's "The Right to Read":

What is Fair Use?

What is fair use?

Fair use is a long-established limitation on copyright law. Copyright law was never intended to give copyright holders complete control of their works during the limited statutory period of protection. While copyright law grants authors the exclusive right to reproduce their works, the law recognizes an exception to this called fair use. The public's right to make fair use of copyrighted works is an integral part of US copyright law. Fair use rights allow people to make copies of copyrighted works, even when the author or publisher would rather you not. Fair use allows you to make a copy of a work for personal use, or for education, commentary, criticism, parody or other socially beneficial uses.

How does fair use act as a limit on Copyright and protect the First Amendment's guarantee of freedom of speech?

There can be a tension between Copyright law and the right of free expression under the First Amendment. Freedom of expression generally allows individuals to speak without fear of or actual restraint by government with only small limitations. Copyright law is designed to enlarge the public store of knowledge and information.Congress chose to encourage the creation of information and creative works by providing a limited period monopoly to content creators. Copyright is thereby designed to serve as a limited carve-out from free speech; it prevents people from "speaking" works owned by others during the limited monopoly period without their permission, with an exception for fair use. Copyright grants this monopoly to authors for only a limited period of time, after which works must fall into the public domain and can be freely used by everyone.

Courts have used fair use as the means of balancing these competing rights. Fair use lets you "speak" copyrighted works of others, in whole, or in part, in certain circumstances such as parody, criticism, commentary, educational uses, and other situations. The US Supreme Court has held that fair use is the necessary breathing space or safety valve within Copyright law that is required by the First Amendment, to avoid an irreconcilable conflict between Copyright law and the First Amendment's guarantee of free speech.

How do you know if its fair use?

There is no "bright-line" or clear-cut test. Section 107 of the Copyright statute lists four factors to balance together on a case-by-case basis to determine if a particular use would be considered fair. The law's language does not preclude consideration of other factors however. The nature of fair use is that it should be decided by a judge on a case-by-case basis, looking at all of the underlying facts. The factors to be considered include:

  1. The purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes -- Courts are more likely to find fair use where the use is for noncommercial purposes.
  2. The nature of the copyrighted work -- A particular use is more likely to be fair where the copied work is factual rather than creative.
  3. The amount and substantiality of the portion used in relation to the copyrighted work as a whole -- A court will balance this factor toward a finding of fair use where the amount taken is small or insignificant in proportion to the overall work.
  4. The effect of the use upon the potential market for or value of the copyrighted work -- If the court finds the newly created work is not a substitute product for the copyrighted work, it will be more likely to weigh this factor in favor of fair use.

How does ElcomSoft's Advanced eBook Processor software allow users to make fair use of eBooks they have purchased?

ElcomSoft's Advanced eBook Processor software allows users who have bought an eBook from or Barnes and Noble or some other sales outlet to exercise the following fair use rights:

  • transport eBooks - it allows users to "space shift" the Book to the user's laptop or a PDA or a computer other than the one on which the eBook was first downloaded;
  • make a back-up copy - users can make a back-up copy, as a protection against hard disk failure or in order to prepare for an operating system upgrade;
  • excerpt - users can cut and paste snippets of eBooks for use in academic research, educational and teaching purposes, critiques, commentary and parody;
  • print- users can print the eBook or a section of it, in order to read it;
  • alternative OS -it allows users of alternative operating systems, such as Linux, and viewing devices (such as PDAs) to view eBooks (Adobe's eBook Reader only operates on PCs and Macs).

Does copyright law permit publishers to enforce whatever use restrictions they care to dream up?

On the contrary, copyright law makes a delicate balance between competing legitimate interests to strike a "bargain" that divides up the rights between authors and the public. The authors are granted specific rights (reproduction, distribution, adaptation, public display/performance). In exchange, the public is guaranteed that all protected works will pass into a public domain free of restrictions, after the copyright monopoly period is over. The public's side of the copyright bargain also includes fair use rights and first sale rule privileges to ensure the further dissemination of knowledge as well as the rights to make noninfringing use of works. Copyright law is specifically designed to grant limited control to authors. However, the effect of the DMCA's anti-circumvention provisions is to override this principle by granting complete control to authors who use technological protection for their works, in the process eroding the public's right to freedom of expression.

This is because publishers can wrap encryption and other technologies around their digital works and can use the prohibition on circumvention to enforce whatever use restrictions they specify. Restrictions that disable the ability to print, loan, convert or space-shift electronic files are practically enforced by the technical protections, while the DMCA's anti-circumvention provisions enforce them as rule of law. This is true even when those who wish to make those uses would be completely justified in doing so under existing copyright law if the work were not in digital format.

The DMCA's anti-circumvention provisions also set no restrictions on the quality or complexity of the security that needs to be used to qualify as a technological device protected under these provisions. As a result, circumventing any level of protection can trigger the criminal penalties of the DMCA, even if, hypothetically, all a user does is get around a simple transposition code, like Rot13, which merely transposes a letter by 13 places in the alphabet. Also, as there is no independent vetting of whether a work protected with such technological protection is actually subject to copyright protection, the act of providing a tool for circumventing a technological device which is "wrapped" around a public domain work is still a violation of the anti-circumvention provisions of the DMCA.

Not all publishers feel that that unlimited use restrictions in digital rights management is appropriate or beneficial to the eBook industry. For instance, the Electronic Publishers Coalition has issued a statement which recognizes the need for more leeway for eBook readers than is currently available under Adobe's eBook Reader.

What is EFF's role?

How is this case related to the DMCA court battles over DeCSS computer code and the SDMI Hack Challenge?

All four cases (ElcomSoft/Sklyarov, Felten, Corley, and Hughes) involve alleged violations of the anti-circumvention provisions of section 1201 of the DMCA which prohibit the development and distribution of circumvention tools. However, the DeCSS (Corley & Hughes) and Felten cases are civil lawsuits, while Dmitry and ElcomSoft have been charged under the criminal provisions of the DMCA.

The Sklyarov/ElcomSoft case involves the development and distribution of an allegedly illegal circumvention tool, in this case, the AEBPR program. ElcomSoft claims that this program has many legitimate uses, but it may be possible that it could also be used to make infringeing copies of eBooks published in Adobe's format (much as a Xerox machine or VCR can be used for infringement of other forms of intellectual property, despite their legitimate uses).

Dmitry and ElcomSoft are charged with violating DMCA Sections 1201(b)(1)(A) and 1201(b)(1)(C), so for either to be convicted, the government will have to prove that the allegedly illegal circumvention tool, the AEBPR program, was "primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner" (in relation to the charge under section 1201(b)(1)(A)) or was "marketed" by ElcomSoft "with knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner" (in relation to the charge under section 1201(b)(1)(C)). As part of the December 13, 2001 agreement, the charges against Dmitry should eventually be dropped. However, the US Government is continuing to prosecute ElcomSoft, and if convicted, ElcomSoft faces a fine of up to $2,500,000.

What is EFF's role in this case?

Currently the EFF's role includes education, and strategic support for the legal teams representing Dmitry and ElcomSoft. EFF initiated a meeting with Adobe to discuss the implications of the case and negotiated with Adobe to withdraw its support for the criminal complaint against Dmitry. EFF also met with representatives of the US Department of Justice for the Northern District of California on 27 July and made a good faith attempt at negotiations aimed at dropping all charges against Dmitry Sklyarov and securing his immediate release from jail.

EFF has an ongoing role in developing effective campaign strategies to deal with issues involving the DMCA, in managing public and press relations in this complex area, and in coordinating and helping to organize rallies. EFF does not currently represent Dmitry or ElcomSoft, but is actively working towards having the charges against both ElcomSoft and Sklyarov dropped.

How you can help:

Join EFF!
Donate money to Dmitry's Legal Defense fund (see below).
Join the Free-Sklyarov mailing list.
Check out some of the other Sklyarov support websites:,
Read about the issues on our media coverage page.
Read EFFector for news about what EFF is doing.
Read EFF Board Chairman Brad Templeton's essay on Why Dmitry should be freed.
Spread the word!

A Word on Donations and Funding:

Make a donation to EFF or to Dmitry's defense fund. Please note that while EFF is working to free Dmitry through a range of activities and any donation you make to the EFF will be used to help us do this work, we are not Dmitry's legal representative. If you would like to make a contribution to his legal defense, please give a contribution to ElcomSoft's PayPal account.

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Censorship powers, data retention, and vague hacking crimes: Pakistan's terrible cybercrime bill has it all:

Nov 25 @ 5:11pm

While Bangladesh blocks social messaging apps, locals are turning to Tor and Twitter:

Nov 25 @ 3:50pm

You've heard recent news about Securus, the prison phone service. It's also the proud owner of a very stupid patent.

Nov 25 @ 3:09pm
JavaScript license information