 |
 |
AnchorDesk |

|
 |
 |
 |
 |

Are 'white hat' hackers unfairly under siege? |

Robert Vamosi
Senior Editor, Reviews
Wednesday, August 8, 2001
|
|
As
I write this, Dmitry Sklyarov is free on bail. Theoretically, the
Russian programmer's July 16 arrest at Def Con in Las Vegas should have
been a slam-dunk by the Justice Department. After all, Sklyarov was
speaking at the convention, promoting a tool that could break the
copyright protection in Adobe's eBook software and allow pirated
manuscripts to become available on the Internet. But there's much more
to it. That's why I agree with Adobe and the Electronic Freedom Foundation: Sklyarov should be allowed to go home to Russia.
Sklyarov created software that can defeat the copy protection code in
Adobe's eBook software, and therefore was accused of violating Sec. 1201 of the Digital Millennium Copyright Act (DMCA). A copy of the full DMCA is available here (ironically, in Adobe Acrobat format).
I WAS AT this year's Def Con, but did not attend Sklyarov's
presentation, entitled "eBooks Security--Theory and Practice." Reading
from my official Def Con 9 program notes (grammatical errors reproduced
as printed), "there is one big problem that related with eBooks.
Information in electronic form could be duplicated and transmitted, and
there is no reliable way to take control over that process. There are
several solutions from different companies that were developed to
prevent unauthorized distribution of the electronic documents." The
note also says that Sklyarov was to talk about flaws in standard PDF;
Rot13 used by Paradigm Resources Group; FileOpen by FileOpen Systems;
SoftLock by SoftLock Services; Adobe's Web Buy; Adobe's eBook Reader
(GlassBook Reader), and InterTrust DocBox plug-in.
If you want to learn what "forbidden" information Sklyarov shared at DefCon 9, Bruce Perens provides an overview here. In short, much of what Sklyarov presented was already known within the security community.
Sklyarov works for ElcomSoft, a Moscow-based software company that I know for its password recovery software. I suppose a product that demonstrates the weak encryption found in Microsoft Office could be used by someone with malicious intent--but no one from ElcomSoft has been arrested for that
software. And I suppose a product that demonstrates the weak encryption
found in the Adobe's eBook software could also be used for illicit
means. Elcomsoft has since removed its eBook software program from its
Web site.
SO WHY WAS SKLYAROV DETAINED? Was it for writing the software exploit? Or for talking about his exploit? If it's the latter, then we're in big trouble. Consider:
What if Microsoft decides to use the DMCA to go after Georgi Guninski
and other hackers (in the classic sense of the word) who report
vulnerabilities and on occasion also write exploits to demonstrate
those flaws? Aren't we squelching the whistle-blower hackers (the white
hats) who are keeping the software industry in check? Or should we just
trust the software giants when they tell us their software security is
foolproof and let the worm writers prove otherwise?
Who is the DMCA really protecting? If a
single author had filed the DMCA complaint against Sklyarov, I'd
understand that. I'd support that. But, as far as I know, no eBook
content has shown up on Internet newsgroups because of the ElcomSoft
software. So, who has been harmed by Sklyarov's work?
I won't join those who argue that the
DMCA is fundamentally flawed; I do, however, agree that its application
in the Sklyarov case is unnecessary. If it turns out that we're holding
Sklyarov for political reasons alone, now that Fulbright scholar John
E. Tobin Jr. has been released from a Russian prison, then let's let
Sklyarov go home as well.
Do you think Sklyarov should be allowed to return to Russia? Was his arrest unnecessary? TalkBack to me.
Add Your Opinion
|
 |
 |