A talk billed as the "presentation the RIAA does not want you to see" went ahead Wednesday, as encryption researcher Edward Felten addressed security experts as planned at a conference in Washington, D C.
Felten, who earlier this year was threatened with legal action by the Recording Industry Association of America if he gave a speech on cracking digital watermarks, proceeded with his presentation at the USENIX 2001 Security Symposium after entertainment industry officials assured him they wouldn't sue.
Cases such as Felten's may have a chilling effect on other programmers, who fear they too may come under legal fire for presenting their research.
Though he has already given his speech, Felten still is proceeding with a lawsuit he filed shortly after backing away from his earlier presentation. That suit asked permission for the Princeton University professor to present his research and seeks to have controversial parts of the Digital Millennium Copyright Act (DMCA) overturned.
That law, passed in 1998, prohibits people from possessing or trafficking in devices that can be used to circumvent copyright--even if they don't plan illegal action once they've broken the code.
In the past year, entertainment industry and publishing executives have aggressively wielded the DMCA to crack down on people they fear are helping to violate their copyrights. Free-speech experts say the hard line could hamper innovation and thwart research efforts.
Fear of prosecution
The most high-profile DMCA case so far is that of Dmitry Sklyarov, a Russian programmer arrested last month on criminal charges that he created a program that can be used to crack Adobe Systems' e-books. Although Adobe asked that charges be dropped, federal officials are proceeding with the case.
Cases such as Felten's and Sklyarov's are causing some programmers to think twice about publishing their research.
For example, Dutch cryptographer Niels Ferguson recently refused to publish news of an alleged flaw in Intel technology designed to protect digital video, saying he feared prosecution under the DMCA. In a posting on his Web site, Ferguson called Intel's HDCP (High-bandwidth Digital Content Protection) specification "fatally flawed" but said he would not post details because he travels to the United States regularly and does not want to run afoul of US laws.
"I have decided to censor myself and not publish this paper for fear of prosecution and/or liability under the US DMCA law," he wrote.
"I simply cannot afford to be sued or prosecuted in the US," he continued. "I would go bankrupt just paying for my lawyers."
Intel spokesman Daven Oswalt said several people claim to have broken HDCP, but as far as he knows, none of the claims have been real. Oswalt said Intel still backs HDCP, which he said can be altered to be more secure in the event of a breach.
"We've performed an analysis of these claims, and we're very confident that we understand the robustness of the technology," he said.
Oswalt wouldn't comment specifically on whether his company would take legal action against people who break the technology. In many cases, he said, the decision to pursue charges is not Intel's, just as plans to continue the case against Sklyarov are up to federal prosecutors, not Adobe.
"Even if Intel entered into an agreement with a hacker, it could not preclude any other party--the government, the recording industry--from bringing charges," he said. "It's not up to us."
In another example of a potential chill on research brought on by the DMCA, the Association of Computing Machinery (ACM) said it fears recent copyright crackdowns will dampen turnout for its digital rights management conference in the fall.
"Any restriction that the DMCA may impose on the publication of scientific research will keep foreign researchers from attending our conferences in the United States, with the potential loss to ACM of members and of revenue from memberships, conference participation and publications," ACM Director John White wrote in a brief in the Felten case.
White said that if such fears continue, the United States could lose its edge in encryption research.