Dimitri Sklyarov is an unlikely poster boy for American freedom. The Russian programmer was arrested after he spoke at the "Def-Con" hacker convention in Las Vegas about a program, offered for sale by his employer Elcomsoft, which cracks the encryption in Adobe's e-book software.
Interest in Sklyarov is high because his case raises many of the most controversial issues in relation to how the law will apply to new technologies. Sklyarov was in Russia when he cracked the Adobe program, and the question of whether or not his actions were illegal under Russian law is properly an issue for Russia's courts.
But his case also raises issues of free speech and copyright. Sklyarov's supporters argue that programmers should be able to discuss the qualities, methodologies and defects of programs such as Adobe's e-book. Those who support his prosecution argue that he has violated the provisions of the US Digital Millennium Copyright Act (DMCA) by discussing how to crack e-book, and must now face the consequences. Protest meetings have been held, a website has been set up (www.freesklyarov.org) and the Electronic Freedom Foundation has become involved.
Following this furore, Adobe has recanted and asked that charges against Sklyarov be dropped, but the FBI appears determined to prosecute, although Sklyarov is now out on bail.
This case is just the latest in a long line of decisions and controversies about how information should be disseminated to researchers and the public. Digital technology allows an infinite number of perfect copies to be made of any program, music album or film that is stored in a digital format, such as a DVD or a CD-ROM. The companies that produce films and music works are trying to use encryption and other computer programs to protect their works. These programs are known as copyright protection systems.
Copyright law permits criticism of copyright works. For example, if you watch a film such as Pearl Harbour, section 51 of the Irish Copyright Act 2000 will allow you to imitate the film in a satirical version, as this is criticism and thus fair use.
The law of copyright protects both films and computer programs. Those who support Sklyarov argue that if they encounter defects in a particular computer program then they should be permitted to inform their friends and colleagues in precisely the same way.
The problem for these programmers is that the law has changed. The DMCA appears to limit how information enabling programmers to by-pass copyright protection systems may be disseminated. This may limit peer review of such copyright protection systems; in particular, there is concern that the suppliers of copyright protection systems may try to prevent the publication of negative results about their products.
This issue focuses on the case of Prof Edward Felten of Princeton University, who participated in a competition run by the Secure Digital Music Initiative (SDMI) to discover whether certain copyright protection systems were secure. Prof Felten thought that they were not and sought to publish the results at a conference. SDMI sent him a letter warning him that if he did so, he risked breaking the law. Prof Felten has asked the courts to intervene, although the SDMI has said it has no objection to his paper and is asking that the courts dismiss the case.
The most significant case relates to the copyright protection system used to protect films on DVD. Jon Johansen, a 15- year-old Norwegian, wrote a program called DeCSS which by-passed the encryption used. This caused considerable concern in the film industry, which feared that films taken from DVDs would be pirated across the Internet Napster-style. When a magazine called 2600: The Hacker Quarterly published an article containing a link to the program, it was successfully sued and the case is now on appeal in New York.
The matter is complicated further by the issue regarding whether or not the publication of a computer program can be protected as free speech, which has been held in a previous case. The judgment of the court is expected in the next few months, but whatever its decision, an appeal to the US Supreme Court may well follow. A similar case is also proceeding in the Californian courts.
Europe has introduced a Directive on the Harmonisation of Copyright, which requires member states (such as Ireland) legally to protect copyright protection systems. Ireland has introduced similar provisions in its own Copyright Act 2000.
The problem is that copyright law is not absolute. The Copyright Act 2000 contains dozens of exceptions to "fair use". Copyright protection systems ignore these subtleties and prevent reproduction in all situations, although the EU's Directive does try to mitigate against this.
An odd feature of these new laws is that they may protect copyright protection systems more strictly than they protect copyright works themselves. If you copy a CD once, that is a violation of copyright and you could be sued for damages by the record company, which would be the cost of one CD or around £15. However, if in order to carry out that reproduction you remove what the Irish Copyright Act 2000 terms "rights management information", then, if convicted, you could be sentenced to a 5-year term of imprisonment and a fine of up to £100,000. The difference is that by removing the rights management information, you may permit others to create thousands or millions of copies.
Unfortunately, the EU and Ireland lack the fevered debate in the US about whether or not it is appropriate to punish those who remove copyright protection systems more harshly than those who infringe copyright itself. This is an issue which will be decided in the US courts and it may determine the future development of the Internet and the Information society.
If US courts decide that the publication of computer programs should be protected as free speech, it could be an important boost to the open source movement, which has given rise to programs such as Linux. If they do not, it may permit the owners of proprietary software to control not only the reproduction of the goods they sell, but also what is known about them.
Denis Kelleher is a practising Barrister and co-author of Information Technology Law in Ireland