Frequently Asked Questions about Felten & USENIX v. RIAA Legal Case

These answers are general and are not intended to be complete or completely accurate. They are designed to help the general public gain a basic understanding of the case and the parties.

Q: What is this legal case about?

This case is about defending scientific freedom in the digital age. Corporate interests have used the Digital Millennium Copyright Act (DMCA) to prevent a scientific team including Princeton and Rice University Professors from discussing their findings that the music industry's new "security" technology is not very secure.

Q: Who are the parties in this case?

EFF is filing this case on behalf of the Plaintiffs, USENIX and Princeton University Professor Edward Felten and his research team.

The Defendants are the Recording Industry Association of America (RIAA), the Secure Digital Music Initiative (SDMI), Verance, and US Attorney General John Ashcroft.

Q: What is EFF asking of the courts?

EFF is filing a Declaratory Judgment suit, meaning it is asking a federal court to make a declaration of law. Since we represent the plaintiffs, (the scientists and USENIX), we are asking the court to declare that it is NOT a violation of the Digital Millennium Copyright Act (DMCA) and is protected by the First Amendment for Professor Edward Felten and his team to publish their scientific paper, "Reading Between the Lines: Lessons from the SDMI Challenge", or discuss their findings publicly at a USENIX Security Symposium in August.

EFF has asked the court to restrain the U.S. Attorney General Ashcroft from prosecuting USENIX if it publishes the paper and hosts the scientists' presentation at its August conference in D.C. EFF is also asking the court a declaration of law that the DMCA is an unconstitutional restraint on freedom of expression.

Q: Who is Professor Edward Felten?

Edward Felten has been a professor of Computer Science at Princeton University since 1993. In between teaching classes, his research covers security-related computer programming, helping to analyze and improve various security protocols used on the Internet.

Professor Felten is a prominent computer scientist and has testified in previous computer related litigation, such as the EFF's DeCSS case and for the US Justice Department in its anti-trust case against. Microsoft.

Prof. Felten's Web site:

Q: What is Professor Felten's role in this case?

Professor Felten is one of the plaintiffs in EFF's challenge of the DMCA. The noted scientist is the leader of a research team that participated in the Secure Digital Music Initiative's (SDMI) "Public Challenge" (also know as "Hack SDMI") and successfully defeated the technology. His team authored, "Reading Between the Lines: Lessons from the SDMI Challenge," explaining their research findings that was accepted for publication at the 4th International Information Hiding Workshop Conference in April 2001 (http://www.cert.org/IHW2001/). Just prior to the conference, the Princeton Professor received a letter from Matt Oppenheim from the Recording Industry Association of America (RIAA) and the Secure Digital Music Initiative (SDMI) that threatened a lawsuit against Professor Felten's team and their universities and the workshop organizers if the paper was published.

EFF is asking the court to declare that Felten and the rest of his research team have the right to publish their paper and discuss their findings with others.

Q: Who are the other researchers on Professor Felten's team?

The other researchers are from Princeton and Rice University and one is from private industry in Silicon Valley.

Plaintiffs from Princeton University are scientists Bede Liu, Scott Craver, and Min Wu. From Rice University are researchers Dan Wallach, Ben Swartzlander, and Adam Stubblefield. Another scientist on the team and plaintiff in EFF's challenge, Drew Dean, is employed in the Silicon Valley. Princeton University researcher Patrick McGregor who is not a plaintiff in the case was also a member of Felten's science team.

Q: What is USENIX?

USENIX is the Advanced Computing Systems Association. As a conference that wants to publish the scientists' paper and others like it, USENIX is also a plaintiff in this case. Since 1975 the USENIX Association has brought together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of the computing world. USENIX has run computer security and electronic commerce conferences that explore security claims and failures since at least 1988. The USENIX conferences have become the essential meeting grounds for the presentation and discussion of the most advanced information on the developments of all aspects of computing systems.

USENIX is already publishing existing research papers like Prof. Felten's from past conferences, expects to publish new ones at future conferences, and wants the court to clarify its right to do so despite the apparently restrictive language of the DMCA.

Q: What is the Recording Industry Association of America (RIAA) (DEFENDANT)?

The RIAA is a trade group that represents the U.S. recording industry. Its members create, manufacture, and/or distribute approximately 90%of all sound recordings produced and sold in the United States.

EFF has sued RIAA on behalf of Felten and the others because RIAA has threatened the scientists with litigation if they publish their research. Because the scientists are afraid to discuss their results publicly without court protection, EFF has asked the court to declare the research may be published at the August USENIX conference.
RIAA/SDMI Threat Letter:

Q: What is the Secure Digital Music Initiative (SDMI) (DEFENDANT)?

In 1999 the Recording Industry Association of America (RIAA) corralled technology companies to form the Secure Digital Music Initiative (SDMI) and the group set out to establish a system through which the public's use of digital audio files could be strictly governed.

SDMI quickly gained its reputation as a place where RIAA members could manipulate technology manufacturers. Reports of strong-arm tactics leaked out and public interest organizations like EFF were denied membership. With the public interest blocked from participation, leaving only copyright industry members to influence technologists, a system was soon developed that would give RIAA members control over the flow of audio files, disregarding individual's fair use and privacy rights, and the public domain.


Verance developed some of the technology that was studied and broken by Felten's team. Verance executives have made statements threatening Felten with a lawsuit if he publishes his results. Verance Chairman of the Board David Leibowitz served as Executive General Counsel to RIAA for decades before leaving in 1999 to start Verance when RIAA announced creation of SDMI.

Q: How do SDMI devices control digital audio?

SDMI compliant files utilize techniques such as digital watermarking to dictate "usage rules" to SDMI compliant devices. For instance, dictating SDMI devices enforce the rules placed on a song by the record company about the number of copies that may be made of a file. Usage rules usually prevent the public from exercising most types of fair use and do not expire when a work is due to pass into the Public Domain.

Q: Couldn't Fair Use be included in the SDMI specifications?

By definition, fair use is legal but unauthorized uses. Fair use is a doctrine of equity under he law, meaning that it does not have "bright line rules." In fact, the possible scenarios that are protected by fair use are the subject of much disagreement among copyright experts. Decisions about whether particular uses are "fair uses" are made by judges on a case by case basis. Given the subjective and changeable nature of fair use, it is unreasonable to expect to find mathematical algorithms that could define its scope.

Q: What is digital watermarking?

Digital audio watermarks are frequency patterns imbedded within a recording that carry instructions such as SDMI's "usage rules".

Security professionals, such as Professor Felten's research team, have found the audio watermarks utilized by SDMI to be relatively easy to defeat. EFF is fighting for the scientists' right to make and support this claim with their paper, "Reading Between the Lines: Lessons from the SDMI Challenge".

Q: What was SDMI's "Public Challenge"?

On September 6, 2000, SDMI initiated a contest inviting people to analyze and decipher a selection of security technologies intended for controlling the kinds of copies that could be made of various sound recordings.

Professor Felten and his team accomplished this, only to be met with legal threats from the RIAA/SDMI who insisted that Felten not publish the results of their research. They sent him a letter and engaged in a series of emails and telephone calls in which they insisted that Felten not publish the results of his findings and warned he would violate the DMCA if he published his research.

Q: Didn't EFF call for a boycott of the "Public Challenge"?

Yes. EFF called for a boycott of the challenge warning that participants could be making themselves vulnerable to litigation under the Digital Millennium Copyright Act (DMCA) while helping to strengthen a system designed to eliminate the public's fair use rights and choice of digital audio technologies.

Q: How does EFF feel about people like Professor Felten who did not participate in the boycott?

EFF has a great respect and appreciation for the many members of our security community regardless of their participation in the boycott. The boycott succeeded in bringing more attention to the threats against our freedom of speech and choice in the digital age.

It was inevitable that many professionals would choose to accept the challenge for the integrity of science. We are saddened and angered that these people are now being threatened and censored. We have stepped in to assist them.

Q: What is the Digital Millennium Copyright Act (DMCA)?

The DMCA was an attempt by Congress to update U.S. copyright law to a changing set of technological circumstances in 1998. Unfortunately, many of the provisions set forth in the DMCA are considered by a growing number of people to be "overbroad" and "too restrictive," inhibiting fair use and other rights of the general public.

Q: How are the DMCA's anti-circumvention provisions important to this case?

The DMCA outlaws bypassing "digital straight jackets" put in place by the Copyright holder. It also outlaws telling others how to bypass those straight jackets. The computer code that describes how to circumvent the technology also teaches how the technology works. The RIAA, SDMI and Verance do not want Professor Felten's paper published because it describes how the technology works and they have all made thinly veiled threats in the past against Professor Felten, his research team and the conferences that publish his work that they are 'providing a circumvention device in violation of the DMCA'.

Q: How does the DMCA affect fair-use?

The DMCA makes the circumvention of copy protection schemes illegal, even if the person avoiding the protection has paid for the work in question or has a fair use right to access it. This new policy sets up a major roadblock in the area of fair use; suddenly researchers in the academic world and home users alike have new legal barriers to their use of copyrighted materials.

Under the DMCA it would be unlawful for a student to get around the Content Scrambling System (CSS) employed by most DVDs to take a clip from a DVD movie to use for a school project; a journalist would be committing a crime by defeating a digital watermark to excerpt music clips for critique; Individuals are also in violation of the DMCA for defeating copy-prevention measures in order to make backups, to time-shift and space-shift. The DMCA limits these and other kinds of activities considered legal fair use under U.S. copyright law.

Q: How does the DMCA affect Professor Felten's academic freedom?

The recording studios claim that the research paper written by the Princeton Professor and his colleagues is a "circumvention device" in violation of the DMCA since the paper describes how the technology works.

Q: Isn't Professor Felten's team bound by the Terms of the Hack SDMI Click-through agreement?

The scientists did not violate any of the terms outlined in the click-thru agreement. To read this agreement for yourself, check here:

It should be noted, however, that the use of these licenses (and their cousins, the "shrink-wrap software licenses") pose a related threat to fair use. By attempting to substitute copyright law with contract law, these "agreements" offer no chance for terms to be negotiated, and the concept of fair use is often obliterated. The continued use of these licenses may end up having a profound affect on the way the public is allowed to use copyrighted materials.

Q: What's the relationship between the Felten case and the EFF's DVD/DeCSS case?

In both cases EFF challenge the DMCA's anti-circumvention provisions and its erosion offree expression. In Universal City Studios v. Reimerdes, the Web publisher 2600 Magazine published computer code DeCSS, which describes how to decrypt DVDs. In that case, EFF has appealed an injunction banning the magazine from publishing the information. In Professor Felten's case, the recording industry claims that the scientists' paper, which describes how Verance's security system works, is also forbidden under the DMCA's anti-trafficking provisions.

Q: Did the RIAA threaten Professor Felten?

Read for yourself at:

Q: How Does the Copyright Office Rulemaking Figure into This?

The DMCA charged the Copyright Office with studying the effects of the DMCA and issuing a ruling exempting classes of work from the DMCA's general ban on circumvention because of their adverse impact on fair use and the exercise of other rights.

The Office asked for public comment on a number of occasions, including a study dealing particularly with the encryption research exemption to the DMCA's general ban. Many cryptographers and computer scientists warned the copyright Office with the problems in the exceptions drastic narrowness. EFF submitted comments on this problem as well.

On a separate occasion, the Copyright Office asked for more general input on the impact of fair use brought on the DMCA's outlawing of circumvention. EFF submitted several comments and testified before the Office on the DMCA's harmful impact on fair use.

When it came time to issue the final report to Congress and make recommendations for new exemptions, the Copyright Office did not even mention the problems raised by the narrowness of encryption exemption and gave short shrift to the fair use and other claims raised. Two narrow exemptions were granted that ignored most everyone's problems (malfunctioning equipment and censorware lists). The Rulemaking was only to exempt acts of circumvention, not tools, so could have arguable done little anyway since you always need the tools to engage in the act.

Q: Why are DMCA's Exemptions not helpful to scientists?

Exemption 12(g) is an exception to the general ban on circumvention to allow for "legitimate" encryption research. But it fails to allow all the research that the First Amendment protects. The statute wants "authorization" before a researcher can test someone's technology. It won't allow public Web publication of results, but only their circulation to a limited audience.

To do the research, a scientist may need to attempt to circumvent a technical protection mechanism, and may need to build or obtain tools for doing so. For "Acts of Circumvention", 12(g) applies, but protects only a narrow definition of what is "acceptable encryption research". For "Tools of Circumvention of Access Controls", the same is true. For "Tools of Circumvention of Copy Controls": 12(g) does NOT Apply. DMCA outlaws this technology. Encryption research requires that researchers be able to test both access controls and copy controls, and then tell others what they did, how they did it, and what it means (publish their results).

See EFF's 8/9/99 comments on problems with narrowness of 12(g) exemption:

Q: Who are the lawyers on EFF's legal team representing Professor Felten and the researchers and USENIX?

From EFF, Felten's attorneys are Lee Tien, Cindy Cohn, and Robin Gross. The legal team's outside lead counsel is Gino Scarselli, who recently argued for the 6th Circuit Court of Appeals unanimous decision that computer code is creative expression worthy of First Amendment protection. Also members of the legal team are James Tyre, a technology savvy lawyer from Southern California who co-founded the Censorware Project and wrote an amicus brief in Universal v. Reimerdes, and Joe Liu, a Professor of Law at Boston College. Local counsel in New Jersey are First Amendment specialists Frank Corrado of the firm Rossi, Barry, Corrado, Grassi and Radell and Grayson Barber who also chairs the ACLU-NJ privacy committee.

Electronic Frontier Foundation
Lee Tien, Cindy Cohn, & Robin Gross
P: (415) 436-9333
E: tien@eff.org, cindy@eff.org, robin@eff.org
W: http://www.eff.org/

Gino J. Scarselli, Esq. of Richmond Heights, Ohio
P: (216) 291-8601
E: gscarsel@multiverse.com

James S. Tyre, Esq. of Culver City, California
P: 310-839-4114
E: jstyre@jstyre.com
W: http://censorware.net/

Joe Liu, Professor of Law at Boston College
E: josephpliu@yahoo.com

Grayson Barber, Esq. from Princeton, New Jersey
P: (609) 921-0391
E: GraysonEsq@aol.com

Frank Corrado of Rossi, Barry, Corrado, Grassi and Radell, PC in Wildwood, New Jersey
P: (609) 729-1333
E: FCorrado@capelegal.com
W: http://www.capelegal.com/


September 6, 2000 SDMI Announces Hack Challenge

September 18, 2000 SDMI HackChallenge is Issued Public

Nov 2000: Felten & researchers test Verance watermark & wrote paper, "Reading Between the Lines: Lessons from the SDMI Challenge."

December 2000: Paper submitted to Information Hiding Workshop (IHW) for consideration at April conference.

February 2001: Felten notified that IHW accepted paper for publication at conference.

Late March 2001: Revised paper submitted to IHW conference

March 31, 2001: Felten sends SDMI paper to Verance CEO

April 6, 2001: Threat letter from Verance to Felten

April 9, 2001: Threat letter from SDMI/RIAA (Matt Oppenheim) to Felten & Universities & IHW conference sponsors

April 16, 2001: Verance recommends Felten censor own paper

April 19, 2001: IHW Complains to Felten of fear of litigation if paper published

April 25, 2001: Felten's paper is pulled from IHW conference (1 day before presentation)

April 25-29, 2001: Fourth International Information Hiding Workshop (IHW) Pittsburgh, PA

April 26, 2001: Paper to be presented by Felten at IHW Conference (PULLED)

May 2001: Paper accepted for publication and presentation at USENIX in Aug.

June 6, 2001: EFF asks court to declare Felten's paper can be published at USENIX Conference in August.

August 13-17, 2001: Paper to be presented by Felten at USENIX Conference


*** LYNX USERS CLICK HERE FOR QUICK NAVIGATION MAP FOR THIS PAGE *** ____________________________________________________________________ Main content of this page Special feature (if any) Sidebar (if any) Whole-Site Navigation Bar Search/Browse Subscribe to mailing list (Back to top of page) ____________________________________________________________________

Please send any questions or comments to webmaster@eff.org.