Press release and complaint sworn out by Adobe against speaker.
Jay D. Dyson
jdyson at treachery.net
Wed Jul 18 12:20:39 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
You know, the more I read on this, the more I'm inclined to boycott
Adobe's PDF products. The gimps can't provide us with meaningful
protection, so they make an example out of a coder? To hell with them.
- -Jay
- -----BEGIN FORWARDED MESSAGE-----
U.S. Department of Justice
United States Attorney
Northern District of California
11th Floor, Federal Building
450 Golden Gate Avenue, Box 36055
San Francisco, California 94102
FOR IMMEDIATE RELEASE
Tel: (415) 436-7200
Fax: (415) 436-7234
July 17, 2001
The United States Attorney's Office for the Northern District of
California announced that Dmitry Sklyarov, of Moscow, Russia, made an
initial appearance yesterday in Las Vegas, Nevada, on a complaint
from the Northern District of California charging a single count of
trafficking in a product designed to circumvent copyright protection
measures in violation of Title 17, United States Code, Section
1201(b)(1)(A). This is one of the first prosecutions in the United
States under this statute, the Digital Millennium Copyright Act
("DMCA").
According to an affidavit filed by an agent of the Federal Bureau of
Investigation in connection with the criminal complaint, Mr. Sklyarov
is alleged to have been the author of a program, "Advanced eBook
Processor," that unlocked the "eBook Reader" produced by Adobe
Systems, Inc. Consumers can download eBook Reader onto their
personal computers in order to purchase electronic books in the eBook
format from on-line booksellers such as Amazon.com or
BarnesandNoble.com. The eBook Reader permits consumers to read the
encrypted eBook only on the specific computer utilized to engage in
the transaction. Because the book is sold in encrypted form and is
only accessible through the eBook Reader, the copyright holder's
interest in the book is protected.
According to the affidavit, the Advanced eBook Processor permitted
users of the program to decrypt an eBook in a manner such that the
eBook could be opened in any Portable Document Format ("PDF") viewer
such as Adobe Acrobat reader, and the file would have no restrictions
on editing, copying and printing the eBook. The affidavit states
that the Advanced eBook Processor would allow anyone to read the
eBook on any computer without paying the fee to the bookseller. The
affidavit alleges that the program itself lists Mr. Sklyarov as the
copyright holder of the Advanced eBook Processor, and that the
program was distributed by ElcomSoft Company, Ltd. of Moscow, Russia,
through its website.
The website for the "Defcon-9" conference in Las Vegas, Nevada states
that Mr. Sklyarov was scheduled to speak at the Defcon-9 conference,
scheduled for July 13-15. The Defcon-9 conference website describes
the conference as "an annual computer underground party for hackers
in Las Vegas," and it states that Mr. Sklyarov's speech would include
"security aspects of electronic books and documents."
The maximum statutory penalty for each count in violation of Title
17, United States Code, Section 1201(b)(1)(A) is five years
imprisonment and a fine of $500,000. However, any sentence following
conviction would be dictated by the Federal Sentencing Guidelines,
which take into account a number of factors, and would be imposed in
the discretion of the Court. A complaint simply contains allegations
against an individual and, as with all defendants, Mr. Sklyarov must
be presumed innocent unless and until convicted.
Mr. Sklyarov made his initial appearance in federal court in Las
Vegas today, July 16, 2001. Mr. Sklyarov was detained without bail
and ordered removed to the Northern District of California. No dates
have been set for the defendants next appearance.
The prosecution is the result of an investigation by agents of the
Federal Bureau of Investigation. Scott Frewing and Joseph Sullivan
are the Assistant U.S. Attorneys who are prosecuting the case with
the assistance of Lauri Gomez.
A copy of this press release and key court documents filed in the
case may also be found on the U.S. Attorney's Office's website at
www.usaondca.com.
All press inquiries to the U.S. Attorney's Office should be directed
to Assistant U.S. Attorney Matthew J. Jacobs at (415) 436-7181.
- ------------------------------------------------------------------------
SEALED BY ORDER
OF THE COURT
United States District Court
NORTHERN DISTRICT OF CALIFORNIA
UNITED STATES OF AMERICA
V.
Dmitry Sklyarov CRIMINAL COMPLAINT
CASE NUMBER 5 01 257
I, the undersigned complainant being duly sworn state the following
is true and correct to the best of my knowledge and belief. On or
about June 26, 2001 in Santa Clara county, in the Northern District
of California defendant(s) did, (Track Statutory Language of Offense)
import, offer to the public, provide, and otherwise traffic in a
software product that is primarily designed or produced for the
purpose of circumventing protection afforded by a technological
measure that effectively protects a right of a copyright owner under
this title in a work or a portion thereof, and aid and abet such
conduct.
in violation of Title 17 United States Code, Section(s) 1201(b)(1)(A)
and 18 U.S.C. Sec.2
I further state that I am a(n) Special Agent, F.B.I. and that this
complaint is based on the following facts:
see attached affidavit
Penalties:
5 years imprisonment
$500,000 fine
3 years supervised release
$100 penalty assessment
Bail request: no bail
Continued on the attached sheet and made a part hereof [X] [ ] No
Approved as to form: [Signature] AUSA Joseph E. Sullivan
Name/Signature of Complainant: [Signature] Daniel J. O'Connell
Sworn to before me and subscribed in my presence
Date: July 7, 2001 at San Jose, California
U.S. Magistrate Judge Patricia V. Trumbull
- ------------------------------------------------------------------------
NORTHERN DISTRICT OF CALIFORNIA
COUNTY OF SANTA CLARA )
)
) SS: AFFIDAVIT FOR COMPLAINT
Daniel J. O'Connell, being duly sworn, deposes and states:
Introduction
1. I submit this affidavit in support of a criminal complaint and an
arrest warrant for Dmitry Sklyarov, for violation of Title 17, United
States Code, Section 1201(b)(1)(A) -- circumvention of copyright
protections, and Title 18, United States Code, Section 2 -- aiding
and abetting.
2. Title 17, United States Code, Section 1201(b) states in relevant part:
(1) No person shall manufacture, import, offer to the public,
provide, or otherwise traffic in any technology, product, service,
device, component, or part thereof, that -
(A) is primarily designed or produced for the purpose of
circumventing protection afforded by a technological measure that
effectively protects a right of a copyright owner under this title in
a work or a portion thereof;
. . .
(2) As used in this subsection -
(A) to "circumvent protection afforded by a technological measure"
means avoiding, bypassing, removing, deactivating, or otherwise
impairing a technological measure.
3. Title 17, United States Code, Section 1204, states in part:
(a) In general. -- Any person who violates section 1201 or 1202
willfully and for purposes of commercial advantage or private
financial gain,
(1) shall be fined not more than $500,000 or imprisoned for not more
than 5 years or both, for the first offense; and
(2) shall be fined not more than $1,000,000 or imprisoned for not
more than 10 years, or both, for any subsequent offense.
Background of Affiant
4. I have been employed as a Special Agent for the Federal Bureau of
Investigation for over twenty-five years. I am currently assigned to
the High Tech Squad at San Jose, California, which has responsibility
for the theft of intellectual property, theft of trade secrets, and
violations of U.S. copyright laws. I have participated in such
intellectual property related investigations since passage of the
Economic Espionage Act of 1996.
Basis of Charges
5. On june 26, 2001, I met with representatives of Adobe Systems,
Incorporated (Adobe), located in San Jose, California. Kevin
Nathanson, Group Products Manager, eBooks, Adobe, told me the
following:
a. Adobe produces computer software, including a software product
named Adobe eBook Reader.
b. eBook Reader works as follows: after users upload the program onto
their personal computer systems, the users can contact a Internet Web
based electronic bookseller such as Amazon.com or Barnes and
Noble.com and purchase a book titles in an electronic format known as
an eBook. As a result of a series of seamless transactions taking
place between the electronic bookseller, an Adobe Server, and the
customer's computer, users may only open and view the encrypted eBook
on the specific computer that the user utilized to engage in the
transaction. Because the process is taking place outside the view or
control of the user, the user never sees the verification/decryption
process taking place between the eBook file and the Adobe eBook
Reader. Nevertheless, because the book sold in encrypted form and
only accessible through the eBook Reader and is not duplicatable, the
copyright holder's interest in the book is protected.
c. Adobe is being victimized by a Russian company named Elcomsoft.
Elcomsoft is distributing a key over the Internet in the form of a
software program that illegally unlocks copyright protections on the
e-Book files. This unlocking key is available for purchase on the
Internet at http://www.elcomsoft.com/aebpr.html. The commercial name
given by Elcomsoft to this unlocking key program is Advanced eBook
Processor (AEBPR).
6. Nathanson and Daryl Spano, a technical Investigator,
Investigations/Anti-Piracy, Adobe, showed me Elcomsoft literature
they observed on the Internet which describes a program to decrypt
eBooks in Adobe Acrobat eBook Reader format (PDF files with EBX
security handler) as well as Adobe Acrobat PDF files protected using
a standard security method, WebBuy Technology, or any other Acrobat
security plug-in (like FileOpen, SoftLock etc.). The decrypted file
can be opened in any PDF viewer (e.g. Adobe Acrobat Reader) without
any restrictions -- i.e. with edit, copy print, annotate functions
enabled. All versions of Adobe Acrobat are supported. It can also
decrypt e-Book Pro (*.EBJ) files, extracting all html pages and
images from them.
7. Nathanson told me that the real damage done by the AEBPR program
is that it creates a "naked file" that enables anyone to read the
eBook on any computer without paying the feed to the bookseller. Only
one legitimate copy of the encrypted eBook needs to be purchased
originally and after the protections are stripped through the usage
of the Elcomsoft program, there are no restrictions and the eBook can
be duplicated freely and made available for usage on any computer.
8. Daryl Spano told me the following:
a. Adobe purchased a copy of the Elcomsoft unlocking software over
the Internet, and an Adobe engineer told Spano that the unlocking key
worked as Elcomsoft claimed.
b. Adobe purchased the program through Elcomsoft through a U.S. based
company that Elcomsoft was using as a means of collection a $99 fee
for purchase and usage of the unlocking key. Nathanson and Spano told
me that this company was Register Now! (www.regnow.com) Dept #
1170-75, PO Box 1816 Issaquah, Washington 98027, 1-877-353-7297.
Register Now! collected the $99 fee that pays for the unlocking key.
Thereafter, Elcomsoft, after receiving verification from Register
Now!, electronically sent the unlocking key registration code from
Elcomsoft to the purchaser (Adobe) in San Jose, California, in the
Northern District of California. Spano provided documents to me
reflecting the transaction and showing that the unlocking key was
purchased by Adobe on June 26, 2001.
c. The Elcomsoft unlocking software was downloaded for free directly
from the Elcomsoft site without purchasing the key. However, the
software obtained without the unlocking key allowed on to view only
approximately ten percent of an eBook in the Adobe format. In order
to get the complete book, the person downloading the Elcomsoft
software was required to pay Elcomsoft the $99 fee through the RegNow
website to obtain the unlocking key.
d. A review of the opening screen on the Elcomsoft software purchased
showed that a person named Dmitry Sklyarov is identified as being the
copyright holder of the Elcomsoft program. Spano exhibited this
opening screen to me and provided me with a copy of the screen. Spano
also provided me a copy of the E-mail from Elcomsoft managing
director Vladimir Katalov furnishing the unlocking key after the fee
had been paid to Elcomsoft through the RegNow website.
e. Adobe learned that Dmitry Sklyarov is slated to speak on July 15,
1001 at a conference entitled Defcon-9 at Las Vegas Nevada. Spano
told me that he learned that Sklyarov is scheduled to make a
presentation related to the AEBPR software program.
9. Nathanson told me that thus far, Elcomsoft had defeated ADobe's
Version 2.1 eBook Reader and has threatened in literature on its
website to issue a "crack" for Acrobat eBook Reader Version 2.2 that
has just been released.
10. Nathanson and Spano stated that Adobe has attempted to prevent
Elcomsoft from providing the unlocking key to the public and has been
resisted in this effort by Elcomsoft. Adobe has sent "cease and
desist" letters to Elcomsoft, RegNow and the Internet Service
Provider for Elcomsoft, Verio Inc.
Independent Investigation
11. On July 2, 2001, I viewed the Internet home page of RegNow,
"www.regnow.com". The following products were listed for purchase
through the website:
* Advanced PDF Password Recovery (Pro)
* Recover passwords to Adobe Acrobat PDF files
* ElcomSoft Co. Ltd.
* Advanced PDF Password Recovery
* Decrypt protected ADobe Acrobat PDF files.
* ElcomSoft Co. Ltd.
* Advanced eBook Processor (Discount)
* Decrypt protected Adobe Acrobat PDF files and eBooks
* ElcomSoft Co. Ltd.
When I used a computer mouse to select the above listed programs for
purchase through RegNow website, I was directed to the home page of
Elcomsoft.com
12. On July 2 and 3, 2001, I observed the following information on
the ELCOMSOFT website in which Elcomsoft describes its business
activity:
"ElcomSoft Co. Ltd. is a privately owned software development company
headquartered in Moscow, Russia. Established in 1990, Elco
specializes in producing Windows productivity and utility
applications for businesses and individuals...." "ElcomSoft Co. Ltd.
is a member of the Russian Cryptology Association (RCA) and a
lifetime member of the Association of Shareware Professionals (ASP).
ElcomSoft is also a Microsoft Independent Software Vendor (ISV)
partner..."
13. I observed that the Elcomsoft website "home page" showed the
following information among a listing of new products and their
release dates:
"June 26, 2001 New versions of Advanced eBook Processor and Advanced
NT Security Explorer now available" and "June 20, 1001 New product
has been released: Advanced eBook Processor. Decrypt eBooks for Adobe
Acrobat Reader and PDF's protected with all security plug-ins,
including WebBuy!"
14. I observed that Elcomsoft described its product and made certain
comments about its legality as follows:
Advanced eBook Processor ....
06/20/2001 We have released our new program and called it AEBPR
(Advanced eBook Processor). The only thing the program does is:
converting documents from Acrobat eBook format (compiled for Adobe
Acrobat eBook Reader) to the plain Acrobat format (PDF). Again,
that's all: from one Adobe format to another. But PDF is much wider
used, because there are (free) PDF viewers for a lot of hardware
platforms (from workstations to PDAs) and operating systems (Windows,
Mac, Linux etc), while Acrobat eBook Reader is available for Windows
and Mac only.
This program works only with eBooks you legally own, i.e. purchased
from one of online stores like Amazon or Barnes & Noble. So we were
absolutely sure that the owner of eBook has all rights to read the
book he purchased where he wants and how he wants.
The demo version of AEBPR allowed to convert only first 10% of the
book content. To protect unauthorized distribution of eBooks on the
piracy market, we have set the "border" price for this program - $99,
which is much more than an average eBook cost (most eBooks are being
sold from $10 to $30, and there are a lot free ones).
You can download a demo version of AEBPR here, here or here (please
not that current release of our program does not support the latest
version of Adobe eBook Reader, 2.2; that is the result of unpredicted
Adobe reaction to our release of this program - see below.
06/25/2001 We have received a notification from Adobe Anti-Piracy
Enforcement Team team in which they claimed that our program is
illegal and we need to remove it immediately from our site. They said
they give us 5 days otherwise they will "pursue us aggressively"....
06/26/2001 We have received an email from our ISP, Verio Inc. They
wrote that Adobe has contacted them to shut down our Web site (again,
immediately). As Adobe wrote to Verio, the reason was: the site
"offers downloads to their copyrighted software published by Adobe
Systems." Obviously - this is not true, we never distributed any
software copyrighted by Adobe Systems. But as you can see, Adobe is
not even going to collect the correct information (what laws,
copyrights and terms-of-use have been violated), but just started
their aggressive actions before 5-day period (they set themselves)
has expired. Really, they did not want to give us a time to consult
with our attorneys! Verio gave us 6 hours to remove this page (the
one you are reading now). So we moved the site to another ISP...
06/27/2001 (2:19:30 PM) Verio has contacted us again, this time not
asking for something, but just with a notification: "Host blocked:
www.elcomsoft.com/aebpr.html - 198.63.210.56 port 80 (www)" You can
see, that since they were not able to close our web site completely,
they simply disabled access to it on their routers. Moreover, they
have blocked the whole IP address of our server, so not only this
site, but also lots of other (not only ours) web sites became
completely out of reach! But we already had a few mirrors ready, and
after this unfriendly action from Verio, we have updated appropriate
DNS records. In 6 hours, our web site was accessible again!
06/28/2001 (10:57 AM) Adobe has sent a complaint to RegNow , our
billing service (5 days are still not expired!). This time they
called it "unauthorized distribution of software"...
RegNow asked us for advice what they should do in this situation. We
didn't want them to be involved in our problems, and so asked to stop
sales of AEBPR....
07/03/2001 Now it's time for the brutal truth on Adobe eBook
protection. We claim that ANY eBook protection, based on Acrobat PDF
format (as Adobe eBook Reader is), is ABSOLUTELY insecure just due to
the nature of this format and encryption system developed by Adobe.
The general rule is: if one can open particular PDF file or eBook on
his computer (does not matter with what kind of
permissions/restrictions), he can remove that protection (by
converting that file into "plain", unprotected PDF. Not very much
experience needed. In brief: ANY security plugin (actually, eBooks
are protected with security plug-in as well: EBX) does nothing but
returns a decryption key to Adobe Acrobat Reader or Adobe Acrobat
eBook Reader. Plug-in can make various hardware verifications, use
parallel port dongles, connect to the publisher's web site and use
asymmetric encryption, etc, but all ends up with a decryption key,
because the Reader needs it to open the files. And when the key is
there, we can use it to decrypt the document removing all permissions.
Below is the list (not complete) of Acrobat-based protections
supported by Advanced eBook Processor:
* "standard" PDF encryption,
* BPTE_Rot13 (used by New Paradigm Resources Group, Inc.),
* FileOpen (by FileOpen Systems),
* SoftLock (by SoftLock Services, Inc.),
* InterTrust DocBox,
* Internet Standards Australia
* Adobe's Web Buy
* Adobe's eBook Reader (GlassBook Reader)
We claim that by aggressively pushing of standards, unapproved by
professional cryptologists, to the fast growing electronic books
market and with pursuing of independent researchers who tries to
highlight the problems, Adobe Systems violates the rights of books
authors and publishers, which may result the unauthorised
distribution of their books in the Internet.
15. On July 2, 2001, I reviewed the website for the "Defcon-9"
convention scheduled for July 13-15, 2001, in Las Vegas Nevada. I
observed that an individual identified as Dmitry Sklyarov and an
individual identified as Andy Malyshev are listed as speakers who are
to discuss the Acrobat e-Book Reader.
16. The website of Defcon-9 conference described it as follows:
an annual computer underground party for hackers held in Las Vegas,
Nevada. It has been held every summer for the past eight years. Over
those years it has grown in size, and attracted people from all over
the planet. People attend to meet others into hacking, hang out with
old friends, listen to new speeches or just hack on the network.
That's what it is all about in a nutshell. Meeting other people and
learning something new. Last year over 4,200 people showed up. That
makes us (Currently) the largest hacking convention on the planet.
17. The Defcon-9 website described Dmitry Sklyarov's speech topic as follows:
Dmitry Sklyarov
Andy Malyshev
eBooks security - theory and practice
Security aspects of electronic books and documents, and a
demonstration of how weak they are: "standard" PDF encryption, Rot13
(used by New Paradigm Resources Group, Inc.), FileOpen (by FileOpen
Systems), SoftLock (by SoftLock Services, Inc.), Adobe's Web Buy,
Adobe's eBook Reader (GlassBook Reader) InterTrust DocBox plug-in.
Documents publishing in electronic form have a lot of advantages
against traditional on-paper publishing. You could easily find list
of such advantages on web server of any company, which provides eBook
solutions. But nobody perfects, and there is one big problem that
related with eBooks. Information in electronic form could be
duplicated and transmitted, and there is no reliable way to take
control over that processes. There are several solutions from
different companies that were developed to prevent unauthorized
distribution of the electronic documents.
18. The Defcon 9 website also included the following statement from
"Dmitry Sklyarov:"
My name is Dmitry Sklyarov. I'm employee of the Elcomsoft Company. As
we have demonstrated in our speech on Black Hat Win2K Security
(february 2001), encryption in Microsoft Office documents is very
weak and password protection may be removed without any problems in
most cases. In this speech I'll try to cover password protection
aspects of electronic books and documents. The most attention will be
paid to documents in PDF format...
19. On July 5, 2001, I spoke via telephone with Tom Diaz, Senior
Engineering Manager for the eBook Development Group of Adobe. In
response to my question, Diaz affirmed that he believes the Elcomsoft
Software program, coupled with the Elcomsoft unlocking key,
circumvents protection afforded by a technological measure developed
by Adobe for its Acrobat eBook Reader either by avoiding, bypassing,
removing, deactiviating, or otherwise impairing the technological
measure.
Conclusion
20. Based on the foregoing, I believe Dmitry Sklyarov, employee of
Elcomsoft and the individual listed on the Elcomsoft software
products as the copyright holder of the program sold and produced by
Elcomsoft, known as the Advanced eBook Processor, has willfully and
for financial gain imported, offered to the public, provided, and
otherwise trafficked in a technology, product, service, and device
that is primarily designed or produced for the purpose of
circumvention a technological measure that effectively controls
access to a work protected under Title 17, namely books distributed
in a form readable by the Adobe eBook Reader, in violation of Title
17, United States Code, Section 1201(b)(1)(A) and Title 18, United
States Code, Section 2.
[Signature]
Daniel J. O'Connell
Special Agent
Federal Bureau of Investigation
Sworn and subscribed before me
this 10 day of July, 2001
Patricia V. Trumbull
United States Magistrate Judge
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iQCVAwUBO1WpS9CClfiU/BIVAQEZ+QP+NxiUdZQgmGfmn8ThnG94C8Cd+rhB/KQz
zPsoIDNwPS63bf9rx+iruWyS7VwYTOwfc+TIGxxE3gSN4wKOgZml3W0CF2iQFbeP
LDXUg3Lrz3WLtyFar1jyjJ3dvd+IzaEusDtAEWNXmuqFCmPEHnIuZcSWSKyGJiop
96+iqRVfgkg=
=di/G
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list