Clash of cryptography and copyright

A FEW weeks ago, Prof. Anupam Chander of the University of California, Davis, School of Law, a specialist in Cyberlaw, posed a quiz at the legal commentary website findlaw.com. He asked:

Which of these actions makes you a criminal?

- Manufacturing and selling a pistol used in a homicide

- Selling a device that allows people to copy and e-book

Prof Chander provided the answer, bizarre as it may sound: it was the last option. On July 16, a 26-year old Russian programmer, Dmitri Sklyarov, was packing up to go home after presenting a paper, on loopholes in electronic book security, at the ``Def Con 20001'' computer conference in Las Vegas, US. As he was checking out of his hotel, FBI agents arrested him.The FBI had acted on a complaint by the company that Sklyarov and his employer-company in Russia, ElcomSoft were selling ( for $ 99) a programme that decrypts Adobe's Acrobat e-reader a software for electronic books and permits users to copy the books. The law that was being invoked was the Digital Millennium Copyright Act (DMCA) that the U.S. enacted in 1998.

Sklyarov, ,had to spend three weeks in prison before he was released on bail, but ordered to remain in the US. On August 30, formal charges were filed by the prosecutors and both the programmer and his company face separate fines of up to $ 2.25 million and jail up to 25 years. They have pleaded not guilty.

Sklyarov's arrest - the first in the U.S. under the controversial DMCA laws - has become a test case for the global community of computer professionals who see country after country (including India) enact legislation to control new cyber technologies which are as yet emerging and whose scope is not fully understood. Prof Chander points out that the Russians are being prosecuted NOT for an act of piracy but for selling a device that could potentially be used by piratesHe likens this to prosecuting Sony because a VCR made by it was used by a video pirate to make bootleg copies of films; or to prosecuting Xerox because someone used a copier made by it to duplicate a copyrighted book. It is also pertinent that the Russian company's work is perfectly legal in its home country.

The present case - indeed that very fact that such provisions could find their way into the DMCA - are being held up as proof of the clout of powerful copyright lobbies: computer software giants; the recorded music industry and big Hollywood studios who want to protect their products even as they would ike to enjoy the profits of new distribution media like DVDs.

In their anxiety to protect their own rights, some companies end up abridging the customers'.Many of the new DVDs on the market are encrypted with half baked technology - and sometimes even legally bought copies will not work on all models of players.

But distribution of software to break the encryption and enable customers to view the movies they have paid for, is a criminal offence in the US and a few other countries. When Microsoft released the latest version of its office suite: MS Office XP a few months ago, it built in encryption which would lock the application if it was reinstalled more than a couple of times. What happens to a customer in a country like India, where we tend to use software for years- and have to upgrade our PCs a few times? Programmers who have specialised in subjects like cryptography - the science of encoding information - have always cherished the right to test the efficacy of the protective barriers that public service providers claim to have installed. This has given rise to a whole new genre called ``ethical hacking''. Now it seems such altruistic activity may be perceived to be criminal.

A well known guru of computer security, Prof Edward Felten of Princeton University, faces prosecution because he dared to release research results that showed flaws in the Secure Digital Music Initiative (SDMA), a solution created by the Music industry to counteract the rampaging success of formats like MP3 and Web- based music swapping services like Napster. A Dutch encryption expert Neils Fergusson, claims he found out that Intel's encryption scheme called high-bandwidth digital content protection (HDCP) has flaws. Now he refuses to share his findings. ``I travel to the US regularly.I cannot afford to be sued.. I would go bankrupt paying for my lawyers'', he says.A new website has come up called www.anti-dmca.org to serve as a rallying point for professionals who fear that such heavy handed measures will only set back computer security in the long run. Indeed, governments may have a vested interest in restricting the extent of publicly available security - except of course for their own operations.The US bans the export of encryption software that uses keys longer than 40 bits, at a time when the industry standard is 128-bit encryption ( ie the code word that needs to be cracked is 128 bits long). While a 40 bit code can be broken by a small network of Pentium-based PCs in about 20 minutes, it would take a billion such machines working for a trillion years to break a 128-bit code.

Against this environment, over 100 mathematicians and computer programmers met for four days in Kochi, Kerala last week, to participate in a national workshop on ``Coding Theory and Cryptography''.

In his keynote address, Dr V Rajaraman, IBM Professor of IT at the Jawaharlal Nehru Centre for Advanced Scientific Research, Bangalore, felt Indian legislation like the Information Technology Act also suffered from some draconian provisions which would ultimately discourage researchers from coming up with innovative decryption programmes or algorithms. Terrorist agencies the world over, including on our Northern borders, used coded and pulsed time-compressed transmissions in bursts of a few milliseconds to contact their undercover agents.

Dr Rajaraman was joined by experts like Prof C Pandurangan (IIT Madras), Prof Priti Shankar (IISc, Bangalore), Prof Rajat Tandon ( University of Hyderabad) and Prof. R Balakrishnan( Bharathidasan University), to discuss the state of art in e- commerce security, coding theory, digital signature technology and new cryptological algorithms.

It remains to ensure that our best and brightest brains are encouraged as they address issues of cyber security. The Convergence Bill now before Parliament might be a good place to begin.

- Anand Parthasarathy

Send this article to Friends by E-Mail

Section  : Science & Tech
Previous : Nobel centennial and diabetes
Next     : Genes associated with long life