European computer scientists have been warned to avoid US conferences following the arrest of a Russian expert accused of breaking the Digital Millennium Copyright Act (DMCA). Some have decided to move computer security events outside the US in response.
The Digital Millennium Copyright Act prohibits anyone from promoting “any technology, product, service, device, component or part” that circumvents copy protection systems. This includes the software encryption designed to stop people making copies of music or video files. Scientists say that the Act means that just producing research on a copy protection system could land them in legal trouble.
The controversy flared up on 17 July with the arrest of Dmitry Sklyarov. He presented work at a major US computer conference, revealing weaknesses in Adobe’s eBook format, a system for stopping unauthorised copying of electronic books. The next day, Sklyarov was arrested by the FBI for allegedly violating the DMCA.
Sklyarov works for a company called Elcomsoft that sells a program that gets around eBook security. The company says the tool is only designed to allow those who have already paid for an eBook document to transfer it to another computer system.
Advertisement
“With the arrest of Dmitry Sklyarov, it has become apparent that it is not safe for non-US software engineers to visit the United States,” says Alan Cox, a leading UK-based programmer of the Linux operating system.
Cox has resigned from the committee of the USENIX Advanced Computing Systems Association, which organises many US events, over the incident and pledges to steer clear of US conferences.
He says that the powers given by the DMCA simply go too far: “Until the DMCA mess is resolved I would urge all non US citizens to boycott conferences in the USA and all US conference bodies to hold their conferences elsewhere.”
Voting with feet
Cox is not alone in his concerns. The organisers of one conference that concentrates on testing the security of data protection systems, the International Information Hiding Workshop, have already decided to no longer hold the event in the US.
The event has already fallen foul of the DMCA. In April 2001, a group of US academics say they were threatened with fines or jail under the Act if they presented research at the conference in Pittsburgh highlighting flaws in a system designed to protect digital music. Ironically, this was after the music industry’s Secure Digital Music Initiative challenged experts to attack the system.
The researchers decided not to present their work and as a direct consequence, the organisers say the next conference will be held in Eindhoven, in the Netherlands.
Other computer scientists say that the growing influence of the DMCA within the US is putting pressure on them. “I might publish something that could be seen in this light,” says Richard Clayton, another computer security researcher at Cambridge University. “It’s a matter of great concern.”