EFF Complaint

Felten v. RIAA (June 6, 2001)


Grayson Barber (GB 0034)
Grayson Barber, L.L.C.
68 Locust Lane
Princeton, NJ 08540
phone (609) 921-0391
fax (609) 921-7405

Frank L. Corrado (FLC 9895)
Rossi, Barry, Corrado & Grassi, P.C.
2700 Pacific Avenue
Wildwood, NJ 08260
phone (609) 729-1333
fax (609) 522-4927

(Additional Counsel listed on signature page)
Attorneys for Plaintiffs

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY

Civil Action

COMPLAINT FOR DECLARATORY JUDGMENT AND INJUNCTIVE RELIEF

EDWARD W. FELTEN; BEDE LIU; SCOTT A. CRAVER; MIN WU; DAN S. WALLACH; BEN SWARTZLANDER; ADAM STUBBLEFIELD; RICHARD DREWS DEAN; and USENIX ASSOCIATION, a Delaware non-profit non-stock corporation,

Plaintiffs,

vs.

RECORDING INDUSTRY ASSOCIATION OF AMERICA, INC.; SECURE DIGITAL MUSIC INITIATIVE FOUNDATION; VERANCE CORPORATION; JOHN ASHCROFT, in his official capacity as ATTORNEY GENERAL OF THE UNITED STATES; DOES 1 through 4, inclusive,

Defendants.


INTRODUCTION

"So here's the invitation: Attack the proposed technologies. Crack them."

An Open Letter to the Digital Community, available on the Internet at:
http://www.sdmi.org/pr/OL_Sept_6_2000.htm.

1. The private Defendants, relying on a relatively new and unclear statute, have chilled Plaintiffs from engaging in core scientific speech. The private Defendants dared, and specifically invited, the entire Internet world to attempt to crack certain technologies which they were proposing to use to protect digital music from copyright infringement. The individual Plaintiffs, researchers from Princeton University, Rice University and elsewhere took up the challenge as part of their normal scientific research and defeated most of the technologies. They then did exactly what scientific researchers normally do: they wrote a paper discussing their work; they submitted it to a peer-reviewed scientific conference which accepted it for publication; they planned to present the paper at the conference. But then, in a brazen attempt to squelch Plaintiffs' research, the private Defendants threatened to sue, claiming (among other things) violations of the Digital Millennium Copyright Act (DMCA) - even though they had specifically authorized Plaintiffs to attack their technologies.

2. Unfortunately, the private Defendants successfully accomplished their short- sighted objective. The conference at which the paper was to be presented was thrown into chaos, and the researchers felt compelled to withdraw their paper for fear of having to defend baseless litigation. Their speech was chilled, to their detriment and to the detriment of the scientific community.

3. The individual Plaintiffs (all but one of the original researchers) still desire to present the results of their research, but fear that they will be sued. Plaintiff USENIX Association has accepted their research for its Security Symposium in mid-August, but fears that, because it benefits financially from holding conferences, it may be subject to criminal as well as civil liability under the relevant provision of the DMCA. Plaintiffs are forced to seek a Declaration from this Court that publication of the paper is lawful, since they have no other reasonable way to assure themselves, in the face of the serious threats made by the private Defendants, that they will not be sued or prosecuted for publishing mainstream and valuable scientific research.

The Declaratory Judgment Act was designed to relieve potential defendants from the Damoclean threat of impending litigation which a harassing adversary might brandish, while initiating suit at his leisure -- or never. The Act permits parties so situated to forestall the accrual of potential damages by suing for a declaratory judgment, once the adverse positions have crystallized and the conflict of interests is real and immediate.

Japan Gas Lighter Ass'n v. Ronson Corp., 257 F.Supp. 219, 237 (D.N.J. 1966).

THE PARTIES

4. Plaintiff Edward W. Felten is an Associate Professor of Computer Science at Princeton University, Princeton, New Jersey.

5. Plaintiff Bede Liu is a Professor of Electrical Engineering at Princeton University, and resides in Princeton, New Jersey.

6. Plaintiff Scott A. Craver is a graduate student in the Department of Electrical Engineering at Princeton University, and resides in Princeton, New Jersey.

7. Plaintiff Min Wu recently completed her Ph.D. studies in the Department of Electrical Engineering at Princeton University, and resides in Princeton, New Jersey.

8. Plaintiff Dan S. Wallach is an Assistant Professor in the systems group of the Rice University Department of Computer Science, and resides in Houston, Texas.

9. Plaintiff Ben Swartzlander recently completed his Masters program in the Department of Computer Science at Rice University in Houston, Texas, and currently resides in Columbus, Ohio.

10. Plaintiff Adam Stubblefield is an undergraduate student majoring in mathematics at Rice University, and resides in Houston, Texas.

11. Plaintiff Richard Drews Dean, Ph.D. is a computer scientist who resides in Cupertino, California.

12. Plaintiff USENIX Association (USENIX) is a Delaware non-profit non-stock corporation, with its executive office in Berkeley, California. Since 1975, USENIX has brought together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of the computing world. Its conferences have become the essential meeting grounds for the presentation and discussion of the most advanced information on the developments of all aspects of computing systems. USENIX routinely publishes conference proceedings, including presented papers. Proceedings at least a year old are published for free public access on the USENIX web site. Proceedings less than a year old are accessible online by USENIX members, see http://www.usenix.org/publications/library/proceedings/index.html. Proceedings are also published on paper and sold to conference attendees and the general public.

13. Upon information and belief, Defendant Recording Industry Association of America, Inc. (RIAA) is a New York not-for-profit corporation with a place of business in Washington D.C. 20036. It represents entities which manufacture and distribute sound recordings, including the five major labels and many of their subsidiary labels.

14. Upon information and belief, Defendant Secure Digital Music Initiative Foundation (SDMI) is a multi-industry consortium, business form unknown, established to create specifications for the secure delivery of digital music. In September and October 2000, SDMI ran the SDMI Public Challenge, which is at the root of this action. SDMI's mailing address is SDMI Secretariat, c/o SAIC (Science Applications International Corporation, a Delaware corporation), 10260 Campus Point Drive, San Diego, California, 92121.

15. Upon information and belief, Defendant Verance Corporation (Verance) is a Delaware corporation which maintains its principal place of business in San Diego, California. According to the Verance web site, http://www.verance.com/, it "offers innovative audio watermarking solutions to protect, manage, and monitor your audio and audio visual content ...." At least one of Verance's technologies was among the ones successfully cracked by the individual Plaintiffs. Upon information and belief, that technology was Technology A in the SDMI Public Challenge. The Defendants referred to in paragraphs 13 through 15 will sometimes be referred to collectively as the "private Defendants."

16. Defendant Attorney General John Ashcroft heads the United States Department of Justice, which is the agency of the United States government responsible for enforcement of federal criminal laws, including 17 U.S.C. 1204, the criminal provision of the DMCA, as well as defending constitutional challenges to federal statutes. Attorney General Ashcroft is sued only in his official capacity.

17. Defendant Doe 1, whose identity is unknown to Plaintiffs, was the proponent of Technology B in the SDMI Public Challenge, as more fully described in paragraph 34, infra. Some of the relief which Plaintiffs seek cannot be fully afforded in the absence of this defendant, and thus this defendant, when identified, should be joined if feasible in accordance with F.R.C.P. 19(a).

18. Defendant Doe 2, whose identity is unknown to Plaintiffs, was the proponent of Technology C in the SDMI Public Challenge, as more fully described in paragraph 34, infra. Some of the relief which Plaintiffs seek cannot be fully afforded in the absence of this defendant, and thus this defendant, when identified, should be joined if feasible in accordance with F.R.C.P. 19(a).

19. Defendant Doe 3, whose identity is unknown to Plaintiffs, was the proponent of Technology D in the SDMI Public Challenge, as more fully described in paragraph 34, infra. Some of the relief which Plaintiffs seek cannot be fully afforded in the absence of this defendant, and thus this defendant, when identified, should be joined if feasible in accordance with F.R.C.P. 19(a).

20. Defendant Doe 4, whose identity is unknown to Plaintiffs, was the proponent of Technology F in the SDMI Public Challenge, as more fully described in paragraph 34, infra. Some of the relief which Plaintiffs seek cannot be fully afforded in the absence of this defendant, and thus this defendant, when identified, should be joined if feasible in accordance with F.R.C.P. 19(a).

JURISDICTION AND VENUE

21. This Court has jurisdiction over this action pursuant to 28 U.S.C. 1331 and 1338(a) because this action arises under the First Amendment to the United States Constitution and under the Digital Millennium Copyright Act, 17 U.S.C. 1201 et seq. This Court also has supplemental jurisdiction of the state law claims pursuant to 28 U.S.C. 1367.

22. Venue is proper in this Court pursuant to 28 U.S.C. 1391(b) and 1391(e) in that a substantial part of the events giving rise to the claim occurred in this District, and pursuant to 1391(e) in that half of the individual Plaintiffs reside in this District and the Attorney General is a Defendant.

THE FACTS

23. SDMI is "a forum that brings together more than 180 companies and organizations representing information technology, consumer electronics, security technology, the worldwide recording industry, and Internet service providers. SDMI's charter is to develop open technology specifications that protect the playing, storing, and distributing of digital music such that a new market for digital music may emerge." http://www.sdmi.org/

24. On September 6, 2000, SDMI issued an "Open Letter to the Digital Community," available on the Internet at http://www.sdmi.org/pr/OL_Sept_6_2000.htm. A true and complete copy of the Open Letter, printed from said web page, is attached here to as Exhibit 1 and incorporated herein by this reference. The Open Letter provided in part:

Here's an invitation to show off your skills, make some money, and help shape the future of the online digital music economy.

The Secure Digital Music Initiative is a multi-industry initiative working to develop a secure framework for the digital distribution of music. SDMI protected content will be embedded with an inaudible, robust watermark or use other technology that is designed to prevent the unauthorized copying, sharing, and use of digital music.

We are now in the process of testing the technologies that will allow these protections. The proposed technologies must pass several stringent tests: they must be inaudible, robust, and run efficiently on various platforms, including PCs. They should also be tested by you.

So here's the invitation: Attack the proposed technologies. Crack them.

By successfully breaking the SDMI protected content, you will play a role in determining what technology SDMI will adopt.

25. The details of what became known as the SDMI Public Challenge, including the technologies offered as part of the challenge, were made available by SDMI on or about September 18, 2000 at the web site http://www.hacksdmi.org (which no longer exists).

26. The home page, or top page, of the hacksdmi.org web site was located at http://www.hacksdmi.org/default.asp. Entitled "Secure Digital Music Initiative Public Challenge," it stated, in part:

The Challenge

Several proposals are currently being considered for the Phase Two screening technology. Some are digital watermarking technologies; others use a different technology to provide the screening functionality. The challenge is to defeat the screening technology. For example, where the proposed technology is a watermark, the challenge is to remove or alter the watermark while not significantly degrading the quality of a digital music sample. Marked samples and files may be downloaded from this site. If you believe you have successfully defeated the security technology you may upload the attacked sample or file to this web site. We will evaluate your submission. Under certain conditions, challengers may be able to receive compensation for describing and providing to SDMI their successful attack.

27. At the bottom of the home page was a button labeled "Continue". If a viewer clicked on that button, then the viewer would be taken to the next page on the hacksdmi.org web site, which was located at the URL http://www.hacksdmi.org/hacksClickThrough.asp and entitled "Click-Through Agreement for the SDMI Public Challenge" (hereinafter the "Click- Through Agreement"). A true and complete copy of the Click-Through Agreement is attached hereto as Exhibit 2 and incorporated herein by reference.

28. The Click-Through Agreement purported to be a binding legal agreement between SDMI on the one hand, and those who chose to participate in the Public Challenge, on the other. Additionally, it gave an overview of how the Public Challenge was to work. The first paragraph stated that the Public Challenge was "open to everyone ..." with limited exceptions not applicable to any of the Plaintiffs.

29. Digital music file formats such as the MP3 format compress files so that they take up less space on storage media like a computer hard disk and can be transmitted more quickly on the Internet without overly degrading sound quality. The second paragraph of the Click-Through Agreement provided that four different digital watermark technologies were included in the Public Challenge. It said that each was designed to detect compression in a digital music file, though it was not clear to the individual Plaintiffs that the watermarks actually were designed for that purpose. Additionally, two other technologies were included in the Public Challenge, each designed to prevent separation of individual tracks on a CD from the rest of the CD, thus attempting to prevent, for example, a hit single from a CD from being played apart from the original CD.

30. The third and fourth paragraphs of the Click-Through Agreement generally explained how to test the four watermark technologies and the two other technologies. In the case of each watermark, for example, the participant would download from the hacksdmi.org web site a "triplet," or three music samples. The first two would be the same music sample, one with the watermark, one without, while the third would be an unrelated watermarked sample. Using whatever information one could glean from the triplet, as well as other legitimate sources of information, the object was to "determine if the watermark can be removed from the entire sample without significantly reducing the sound quality of the digital music ...."

31. The fifth paragraph described how a challenger would know if his or her attack on one or more of the technologies was successful. Briefly, the challenger would upload the attacked file(s) to the "oracle" at the hacksdmi.org site, which would automatically test the submission and notify the challenger if the attack was successful. If so, then the oracle might ask for additional information concerning how the attack was accomplished, and might give the challenger additional music samples in order to determine if the attack was reproducible.

32. Those who successfully attacked one or more of the Public Challenge technologies were eligible for compensation of up to $10,000 per successful attack, provided they agreed to additional terms. The individual Plaintiffs' attacks on five of the technologies were successful, but they elected not to seek compensation for their success. Since the provisions of the Click-Through Agreement meaningfully varied depending on whether the successful challenger did or did not seek compensation, we set forth those provisions in full:

Compensation of $10,000 will be divided among the persons who submit a successful unique attack on any individual technology during the duration of the SDMI Public Challenge. In exchange for such compensation, all information you submit, and any intellectual property in such information (including source code and other executables) will become the property of the SDMI Foundation and/or the proponent of that technology. In order to receive compensation, you will be required to enter into a separate agreement, by which you will assign your rights in such intellectual property. The agreement will provide that (1) you will not be permitted to disclose any information about the details of the attack to any other party, (2) you represent and warrant that the idea for the attack is yours alone and that the attack was not devised by someone else, and (3) you authorize us to disclose that you submitted a successful challenge. If you are a minor, it will be necessary for you and your parent or guardian to sign this document, and any compensation will be paid to your parent or guardian.

You may, of course, elect not to receive compensation, in which event you will not be required to sign a separate document or assign any of your intellectual property rights, although you are still encouraged to submit details of your attack. (Emphasis added.)

The SDMI Foundation will also analyze the information you have submitted in detail to determine the reproducibility of your attack. To be clear, you will be eligible for compensation for reasonably reproducible attacks only if you have not disclosed the trade secrets in your submission to anyone other than the SDMI Foundation, have assigned all your intellectual property rights in your attack to the SDMI Foundation, and have kept your submission, and all information relating to your submission, confidential. All decisions relating to the success of your challenge, the timing of your submission and all other matters pertaining to the SDMI Public Challenge shall be within the discretion of the SDMI Foundation or its designee and shall be final and binding in all respects.

Stated simply, successful challengers who received compensation were required to assign all of their intellectual property rights and to agree to confidentiality and other terms. Successful challengers such as Plaintiffs who eschewed compensation were not required to assign any of their rights or make any further agreements with SDMI; and in fact, Plaintiffs did not assign any of their rights or make any further agreements with SDMI.

33. Finally, the Click-Through Agreement provided:

What else do I need to know? By releasing encoded digital music samples for attack and other digital files, the SDMI Foundation and the technology proponents are only providing permission, under U.S. or other applicable law, to attack those particular samples and files during the duration of this SDMI Public Challenge. No permission is granted to attack or make any other use of content protected by SDMI outside of this SDMI Public Challenge. In addition, neither the SDMI Foundation, copyright owners nor the proponent of the technology being attacked, waive any rights that it or they may have under any applicable law including, without limitation, the U.S. Digital Millennium Copyright Act, for any acts not expressly authorized by this Agreement. Moreover, no permission is granted to attack content encoded with any technology proponent outside of this SDMI Public Challenge. You are prohibited from reproducing, modifying, distributing, performing or making any other use of the samples other than as specifically authorized by this Agreement. A list of persons who have submitted successful attacks and received compensation therefor will be provided if you mail a self- addressed, stamped envelope to the SDMI Secretariat, c/o SAIC at 10260 Campus Point Drive, San Diego, California 92121 USA. We are not responsible for lost, incomplete or misdirected submissions. This offer is void where prohibited.

By clicking on the "I Agree" button below you agree to be bound by the terms of this Agreement.

34. Clicking on the "I Agree" button took viewers to the next page on the hacksdmi.org web site, http://www.hacksdmi.org/hackDownload.asp, entitled "Download and Upload the Files." From that page, challengers could, and the individual Plaintiffs did, download each of the four audio watermark technologies which were included in the Public Challenge (technologies A, B, C and F) and the two additional technologies (technologies D and E). From that same page, challengers could, and the individual Plaintiffs did, upload their attacks to the hacksdmi.org oracle.

35. According to the information returned from the oracle, Plaintiffs' attacks on each of the four watermark technologies were successful. Plaintiffs also believe that they successfully attacked one of the two other technologies, technology D. However, the oracle for technology D was defective, and thus did not indicate whether Plaintiffs' attack on that technology succeeded. Plaintiffs did not attack technology E, the other non-watermark technology, because they determined that SDMI did not give them enough information to mount a credible attack.

36. At no time did Plaintiffs attack content protected by SDMI outside of the Public Challenge, or attack content encoded with any technology proponent outside of the Public Challenge.

37. Having successfully attacked five of the six Public Challenge technologies, the individual Plaintiffs, who had not assigned any of their rights to SDMI and had not entered into any other agreements with SDMI, chose to write a paper describing their research and their attacks, to submit the paper to a peer-reviewed scientific conference, and if accepted, to publish the paper in the proceedings of the conference. Plaintiffs selected the Fourth International Information Hiding Workshop (IHW), to be held in Pittsburgh on April 25-27, 2001, and proceeded to write their paper, entitled "Reading Between the Lines: Lessons from the SDMI Challenge" (hereinafter simply the "SDMI Paper"). The SDMI Paper was submitted to IHW in late November or December, 2000.

38. After the SDMI Paper went through the peer review process, the Plaintiffs were notified in February 2001 that it had been accepted for presentation at IHW, on April 26. As is customary, the reviews were anonymous, but as is also customary, the authors were provided with the anonymous reviews, which they could, and did, use to improve the SDMI Paper. The revised paper was submitted to IHW in late March 2001 for inclusion in the IHW proceedings.

39. On November 1, 2000, Professor Felten received an e-mail from Joseph M. Winograd, the Executive Vice President and Chief Technology Officer of Defendant Verance. He stated that Verance was the proponent of one of the watermark technologies in the Public Challenge (which Plaintiffs believe is technology A), and that he wished to speak by phone with Professor Felten about the subject. Professor Felten was out of the country at a computer security conference at the time, but after he returned to New Jersey, he and Dr. Winograd spoke cordially about the subject on November 9, 2000. On a few occasions between then and mid- December, Dr. Winograd made inquiries about the paper, but because it still was in the early draft stage, Professor Felten did not feel comfortable giving a draft to Dr. Winograd at that time.

40. On March 30, 2001, apparently having learned that the SDMI Paper had been accepted by IHW, Dr. Winograd e-mailed Professor Felten requesting a pre-publication copy of the SDMI Paper. (As with all e-mails from Dr. Winograd to Professor Felten, the e-mail was addressed to Professor Felten's Princeton University e-mail address in New Jersey.) Though under no obligation to provide Dr. Winograd with such a copy, on March 31 Professor Felten e- mailed an electronic copy of the SDMI Paper to Dr. Winograd. In the e-mail, Professor Felten specifically stated "Please do not circulate this outside of Verance."

41. On April 6, 2001, Dr, Winograd sent an e-mail back to Professor Felten. He stated that he had not circulated the SDMI Paper outside of Verance, but that he took "...the precautionary step of alerting the SDMI Foundation, our commercial partner the 4C Entity, and our recording company licensees about the pending conference and provided each with a brief general description of your paper's contents." Among other things, Dr. Winograd wrote:

Speaking only for myself and for Verance, I am most concerned that your paper provides unnecessarily detailed information, in particular relating to detailed numerical measurements (such as frequencies, numeric parameters, etc.) that you and your colleagues obtained through analysis of the samples provided by SDMI and/or employed in your proposed attacks. It is not clear to me that the inclusion of these specific numeric details either advances your stated goals of furthering the academic body of knowledge regarding security technologies or any other cause, other than facilitating the use of your results by others seeking to circumvent the legitimate use of these technologies for copyright protection purposes. I urge you to reconsider your decision to include this information in your publication.

I believe that there could be ways in which our individual objectives can be met without potentially compromising the academic value of your work or the security of any of the technologies that were included in the SDMI Challenge. I would welcome the opportunity to discuss these further with you while there is still time to do so.

42. Only three days later, and without Professor Felten having received anything specific from Dr. Winograd about how his concerns might be addressed, Professor Felten received a letter at Princeton dated April 9, 2001 from Matthew Oppenheim, Esq. The pre- printed letterhead is that of Defendant RIAA, and identifies Oppenheim as the Senior Vice President, Business and Legal Affairs, of RIAA. The letter's signature block additionally identifies Oppenheim as the Secretary of Defendant SDMI. The letter shows copies to Dr. Ira S. Moskowitz of the Naval Research Laboratory, who was the Program Chair of IHW; Cpt. Douglas H. Rau, USN, Commanding Officer, National Research Laboratory; Mr. Howard Ende, General Counsel of Princeton; and Mr. David Dobkin, Computer Science Department Head of Princeton. A true and complete copy of the letter is attached hereto as Exhibit 3 and incorporated herein by reference.

43. Acting as the agent for Verance and possibly others, Oppenheim wrote, among other things:

As you are aware, at least one of the technologies that was the subject of the Public Challenge, the Verance Watermark, is already in commercial use and the disclosure of any information that might assist others to remove this watermark would seriously jeopardize the technology and the content it protects.1 Other technologies that were part of the Challenge are either likewise in commercial use or could be utilized in this capacity in the near future. Therefore, any disclosure of information that would allow the defeat of those technologies would violate both the spirit and the terms of the Click-Through Agreement (the "Agreement"). In addition, any disclosure of information gained from participating in the Public Challenge would be outside the scope of activities permitted by the Agreement and could subject you and your research team to actions under the Digital Millennium Copyright Act ("DMCA"). [Footnote omitted.]

... Unfortunately, the disclosure that you are contemplating could result in significantly broader consequences and could directly lead to the illegal distribution of copyrighted material. Such disclosure is not authorized in the Agreement, would constitute a violation of the Agreement and would subject your research team to enforcement actions under the DMCA and possibly other federal laws.

As you are aware, the Agreement covering the Public Challenge narrowly authorizes participants to attack the limited number of music samples and files that were provided by SDMI. The specific purpose of providing these encoded files and for setting up the Challenge was to assist SDMI in determining which of the proposed technologies are best suited to protect content in Phase II products. The limited waiver of rights (including possible DMCA claims) that was contained in the Agreement specifically prohibits participants from attacking content protected by SDMI technologies outside the Public Challenge. If your research is released to the public this is exactly what could occur. In short, you would be facilitating and encouraging the attack of copyrighted content outside the limited boundaries of the Public Challenge and thus places you and your researchers in direct violation of the Agreement.

In addition, because public disclosure of your research would be outside the limited authorization of the Agreement, you could be subject to enforcement actions under federal law, including the DMCA. The Agreement specifically reserves any rights that proponents of the technology being attacked may have "under any applicable law, including, without limitation, the U.S. Digital Millennium Copyright Act, for any acts not expressly authorized by their Agreement." The Agreement simply does not "expressly authorize" participants to disclose information and research developed through participating in the Public Challenge and thus such disclosure could be the subject of a DMCA action.

44. Chaos quickly ensued. Though Professor Felten was the only author of the SDMI Paper to whom Oppenheim sent the letter directly, it affected all of the authors, and copies quickly were circulated among them. Plaintiffs had no idea of what to make of Oppenheim's threats, their research being standard scientific fare. In the meantime, the IHW organizers were equally confused, and did not know how to proceed.

45. Shortly thereafter, talks began between various combinations of Professor Felten, attorneys for Princeton, Rice, Xerox and Dr. Dean on the one hand, and Oppenheim, Dr. Winograd, David Liebowitz (Chairman of the Board of Verance, and former Executive Vice President and General Counsel of Defendant RIAA) and a team of outside attorneys for Verance, on the other. Oppenheim's role in those talks was limited. Verance was left to determine, from the private Defendants' side, whether an acceptable solution could be reached.

46. On April 16, Dr. Winograd e-mailed Professor Felten, stating that he believed that, "with some minor modifications," the SDMI Paper could meet Verance's desires while still maintaining academic integrity. But only a day later, on April 17, Dr, Winograd e-mailed to Professor Felten a document entitled "Recommendations on 'Reading Between the Lines: Lessons from the SDMI Challenge.'" Dr. Winograd's "recommendations" consisted of 25 separate requests for changes in the SDMI Paper (some of which were compound), and included removal of several text sections and entire diagrams. Indeed, though only one Verance watermark (technology A) was included among the five technologies which Plaintiffs successfully hacked, more than half of Dr. Winograd's recommendations were addressed to the attacks on watermarks of presumed competitors of Verance, technologies B, C and F, as well as to the other non-watermark technology, technology D. At no time did Dr. Winograd or any other representative of the private Defendants indicate that any technology other than watermark technology A was a technology propounded by Verance.

47. Though talks continued, both on a group basis and one-on-one between Professor Felten and Dr. Winograd, right up until the day before the SDMI Paper was to have been presented at IHW, at no time did Dr. Winograd or any other representative of the private Defendants indicate that Dr. Winograd's recommendations, including those involving technologies in which Verance had no direct interest, were offered on anything other than a take it or leave it basis. Had Plaintiffs accepted Dr. Winograd's recommendations, the resultant paper would have been rejected by any respectable scientific conference.

48. During the same time period, it was clear that IHW was not of one mind regarding how to proceed. On April 19, Dr. Ira Moskowitz, the Program Chair of IHW, sent an e-mail saying that the SDMI Paper could not be presented at IHW without a written agreement by all concerned parties. That e-mail, which imposed a deadline of April 23, was sent not only to each of the individual Plaintiffs, but also to Oppenheim and Bruce Block of RIAA, but not to anyone from Verance. Also on or about April 19, Dr. Moskowitz phoned Professor Felten, expressing concerns that he and IHW would get embroiled in litigation. However, on April 24, only two days before the SDMI Paper was to be presented, and the day after the deadline which Dr. Moskowitz had set, Ross Anderson, a member of the IHW Program Committee, sent an e-mail saying that the Committee had met that morning, and that the presentation of the paper could proceed.

49. However, there was never any indication from Oppenheim, SDMI, RIAA, Verance or any of their representatives that Oppenheim's threat of suit was anything other than one to be taken with great seriousness. The pressure on all of the authors to withdraw the SDMI Paper from IHW increased, and the pressure was particularly intense on Professor Felten, the only one of the authors who was in regular, direct communication with the private Defendants or their representatives. Finally, the authors decided that the threat of litigation against them, the IHW organizers and their employers was all too credible. With great reluctance the decision was made to withdraw the SDMI Paper from IHW, for no reason other than the fear of having to defend a lawsuit. The private Defendants set out to chill the researchers' scientific speech, and they succeeded.

50. The authors still desire to publish their research, and in that regard, the SDMI Paper has been accepted for publication at the 10th USENIX Security Symposium, to be held in Washington, D.C. on August 13-17, 2001. However, Plaintiffs, including USENIX, cannot be certain that the cycle will not repeat itself, that the private Defendants will not once again threaten to sue, or simply go forward with an action, or that the Doe Defendants will not make their presence felt. Further, as an entity which stands to gain commercially from the publication of the SDMI Paper, USENIX is concerned about potential criminal liability under 17 U.S.C. ' 1204 if the SDMI Paper should be found to violate the DMCA. Thus, Plaintiffs are forced to bring this Declaratory Judgment action as their only reasonable method of publishing the SDMI Paper without fear of civil or criminal liability.

51. Concurrently herewith, Plaintiffs file under seal, marked as Exhibit 4, the SDMI Paper as they wish to present it at the USENIX Security Symposium.

52. Two additional papers have been written about the work of the individual Plaintiffs during the SDMI Public Challenge. The first, written primarily by Plaintiff Min Wu, is entitled "Analysis of Attacks on SDMI Audio Watermarks" and was submitted to and accepted for publication at the IEEE Signal Processing Society 26th International Conference on Acoustics, Speech and Signal Processing, which was held in Salt Lake City on May 7-11, 2001 (the "ICASSP Paper"). The ICASSP Paper was both shorter and less technical than the SDMI Paper, and it was submitted and accepted before the researchers received the Oppenheim letter. However, after the decision to pull the SDMI Paper from the IHW, Dr. Wu and her advisor, Plaintiff Bede Liu, became concerned that the ICASSP Paper might also draw fire from the private Defendants. Professor Liu attempted to have it removed from the conference proceedings, but it was too late. As set forth below, Dr. Wu and her co-authors now seek a judicial Declaration that the ICASSP Paper does not violate the law or any rights which Defendants may assert. A true and complete copy of the ICASSP Paper is filed under seal as Exhibit 5.

53. Additionally, in her Doctoral Dissertation, entitled "Multimedia Data Hiding," Dr. Wu included Chapter 10, entitled "Attacks on Unknown Data Hiding Algorithms," which further discussed the work done during the Public Challenge. Until the events leading to the withdrawal of the SDMI Paper from the IHW, Dr. Wu had no reason to believe that Chapter 10 would be found objectionable by anyone, but in the light of those events, Dr. Wu now has a credible fear of being sued if she should publish that chapter. In accordance with standard practice, she has made her dissertation available on the Internet, at http://www.ee.princeton.edu/~minwu/research/phd_thesis.html. However, because she has felt the chill of her scientific speech, she has removed Chapter 10, an act which varies markedly from standard research publication practice. As with the ICASSP Paper, she now seeks a judicial Declaration that Chapter 10 does not violate the law or any rights which Defendants may assert. A true and complete copy of Chapter 10 is filed under seal as Exhibit 6.

54. Plaintiffs emphasize that it is not their desire to file any of Exhibits D, E or F under seal. However, the confusion and uncertainty caused by the threat of legal liability upon publication precisely the chilling effect on public speech which Defendants have caused is such that Plaintiffs must act cautiously.

FIRST CAUSE OF ACTION
(No DMCA Violation)

55. The Plaintiffs reallege and incorporate paragraphs 1 through 54 as if set forth here in full.

56. The DMCA prohibits a number of activities that interfere with "technological measures" designed to control access and limit the copying of works protected by the Copyright Act, including the dissemination and distribution of technologies that can be used to circumvent technological measures.

57. The DMCA makes it unlawful to "offer to the public . . any technology . . . that . . . is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a [copyrighted] work. . .." 17 U.S.C. 1201(a)(2). The DMCA also makes it unlawful to disseminate technology that can be used to circumvent "a technological measure that effectively protects a right of a copyright owner . . .in a [copyrighted] work or a portion thereof." 17 U.S.C. 1201(b).

58. The DMCA also prohibits (1) the intentional removal or alteration of "copyright management information" without the authority of the copyright owner or the law and (2) the distribution of copyright management information that has been removed or altered without the authority of the copyright owner or the law, if the person removing, altering or distributing the information has "reasonable grounds to know, that it will induce, enable, facilitate, or conceal an infringement of any right under [the Copyright Act]." See 17 U.S.C. 1202(b). "Copyright management information" is defined as information that can identify a copy of a work and which is conveyed along with the copy (including such information as the title and the terms and conditions for use of the work). See 17 U.S.C. 1202(c).

59. The individual Plaintiffs did not violate the DMCA by submitting the SDMI Paper to the IHW or the USENIX Security Symposium, and no Plaintiff will violate the DMCA by presenting or publishing the SDMI Paper at the USENIX Security Symposium or elsewhere.

60. Plaintiffs Wu, Craver, Liu and Felten did not violate the DMCA by submitting the ICASSP Paper to ICASSP, did not violate the DMCA by presenting the ICASSP Paper and having it published in the conference proceedings and will not violate the DMCA by publishing the ICASSP Paper elsewhere.

61. Plaintiff Min Wu did not violate the DMCA by writing and defending Chapter 10 of her dissertation and will not violate the DMCA by publishing Chapter 10 on her website or elsewhere.

SECOND CAUSE OF ACTION
(First Amendment)

62. The Plaintiffs reallege and incorporate paragraphs 1 through 54 as if set forth here in full.

63. Any person who violates sections 1201 or 1202 of the DMCA is subject to civil liability under 17 U.S.C. 1203. Persons who, for financial or commercial interests, willfully violate sections 1201 or 1202 of the DMCA are subject to criminal liability under 17 U.S.C. 1204.

64. Since USENIX receives revenues from organizing conferences and publishing papers presented at its conferences, it is subject to criminal liability under 17 U.S.C. 1204 for violations of the DMCA.

65. All of the Plaintiffs fear having to defend against future threats of liability under the DMCA. Most, if not all, of the individual Plaintiffs will continue to work in areas of research that involve digital music and other technologies protected by the DMCA. But they desire to continue their research and publish in these area without fear of liability.

66. The primary institutional activity of USENIX is to hold scientific and technical conferences and publish conference proceedings. USENIX has a history of receiving and publishing papers that examine, describe, evaluate and defeat cryptographic and watermarking and other technologies. It expects to receive such papers in the future. Many technologies addressed by these papers can be used as access or copy control measures in copyright management information systems. Some papers, such as the SDMI Paper, may even examine the technologies in a context of technological controls over copyrighted works. Accepting and publishing these papers would therefore subject USENIX, its referees, and the authors of the papers to civil and criminal liability under the DMCA. USENIX desires to publish and present all papers accepted by its referees, including those that raise the specter of liability under the DMCA.

67. Because of the fear of civil and criminal liability, the DMCA has chilled, and will continue to chill, the Plaintiffs and others from engaging in activities protected by the First Amendment.

68. In chilling publication, the DMCA wreaks havoc in the marketplace of ideas, not only the right to speak, but the right to receive information -- the right to learn. The main mission of USENIX is to organize forums where scientists and researchers learn from each other. By intimidating the individual plaintiffs into withdrawing their paper from the IHW, however, the private Defendants prevented people from learning. If the source of Defendants' power to threaten, the DMCA, is not dispelled, Plaintiffs will not be the only victims. Without full and open access to research in areas potentially covered by the DMCA, scientists and programmers working in those areas cannot exchange ideas and fully develop their own research. As a consequence, the DMCA will harm science.

69. By imposing civil and criminal liability for publishing speech (including computer code) about technologies of access and copy control measures and copyright management information systems, the challenged DMCA provisions impermissibly restrict freedom of speech and of the press, academic freedom and other rights secured by the First Amendment to the United States Constitution.

70. Application of DMCA to speech protected by the First Amendment, including its application to the SDMI Paper and other work by the Plaintiffs related to the SDMI Public Challenge, violates the First Amendment rights of the Plaintiffs and of their readers, of other scientists, programmers and publishers, and of others similarly situated.

71. Unless the Department of Justice is restrained from enforcing the challenged provisions against Plaintiff USENIX and the private and Doe Defendants are enjoined from seeking to impose civil liability on all of the Plaintiffs, the speech of the Plaintiffs and others will continue to be restrained and will continue to cause Plaintiffs and others irreparable harm.

THIRD CAUSE OF ACTION
(No Violation of Click-Through Agreement - Private Defendants Only)

72. The Plaintiffs reallege and incorporate paragraphs 1 through 54 as if set forth here in full.

73. The individual Plaintiffs did not violate the Click-Through Agreement by submitting the SDMI Paper to the IHW or the USENIX Security Symposium, and no Plaintiff will violate the Click-Through Agreement by presenting or publishing the SDMI Paper at the USENIX Security Symposium or elsewhere.

74. Plaintiffs Wu, Craver, Liu and Felten did not violate the Click-Through Agreement by writing the ICASSP Paper or by submitting it to ICASSP and presenting it and having it published in the ICASSP proceedings, and will not violate the Click-Through Agreement by publishing it elsewhere.

75. Dr. Wu did not violate the Click-Through Agreement by writing and defending Chapter 10 of her dissertation, and will not violate the Click-Through Agreement by publishing it on her website or elsewhere.

76. In the alternative, to the extent the Click-Through Agreement would preclude the Plaintiffs from engaging in any of the actions identified in paragraphs 73 through 75 above, the Click-Through Agreement is invalid and/or unenforceable with respect to the Plaintiffs.

* * * *

77. Plaintiffs have no adequate remedy at law to resolve all of the disputes raised in this Complaint.

PRAYER FOR RELIEF
WHEREFORE, Plaintiffs request the following relief:

Declaratory Relief (First Cause of Action)

A. A declaration that the individual Plaintiffs are not liable under the DMCA to the private or Doe Defendants for (1) submitting the SDMI Paper to IHW or the USENIX Security Symposium, or for presenting or publishing the SDMI Paper at the USENIX Security Symposium or elsewhere; (2) submitting the ICASSP Paper to the ICASSP conference and presenting or publishing it in the ICASSP proceedings or elsewhere; and (3) publishing Chapter 10 of Dr. Wu's dissertation in electronic form or otherwise.

B. A declaration that Plaintiff USENIX is not liable under the DMCA to the private or Doe Defendants and is not subject to criminal liability for publishing the SDMI Paper at the USENIX Security Symposium, or elsewhere.

C. A declaration that the Plaintiffs are not liable under the DMCA for the presentation or publication of any research resulting from, or related to, the SDMI Public Challenge.

Declaratory Relief (Second Cause of Action)

D. A declaration that the application of the DMCA to the publication of the SDMI Paper, the ICASSP Paper, Chapter 10 of Dr. Wu's dissertation and/or any scientific, technical or academic research related to the SDMI Public Challenge violates the First Amendment to the United States Constitution.

E. A declaration that the application of the DMCA to the publication of scientific, academic or technical speech, including the publication of computer programs, violates the First Amendment to the United States Constitution.

Declaratory Relief (Third Cause of Action)

F. A declaration that the individual Plaintiffs did not and will not violate the Click- Through Agreement by (1) submitting the SDMI Paper to IHW or the USENIX Security Symposium, or for presenting or publishing the SDMI Paper at the USENIX Security Symposium or elsewhere; and (2) submitting the ICASSP Paper to the ICASSP conference and presenting or publishing it in the ICASSP proceedings or elsewhere; and (3) by Dr. Wu writing, defending and publishing Chapter 10 of her dissertation in electronic form or otherwise.

Injunctive Relief

G. A preliminary and permanent injunction enjoining the private Defendants, the Doe Defendants and their respective agents, employees, attorneys, successors in office, assistants and all persons acting in concert with them from initiating an action against the Plaintiffs for submitting the SDMI Paper to IHW or the USENIX Security Symposium, or for presenting or publishing the SDMI Paper at the USENIX Security Symposium or elsewhere;

H. A preliminary and permanent injunction enjoining the Department of Justice and its agents, employees, attorneys, successors in office, assistants and all persons and agencies acting in concert with them from enforcing the DMCA against Plaintiff USENIX for violating the DMCA by allowing the individual Plaintiffs to present the SDMI Paper at the USENIX Security Symposium and by publishing the SDMI Paper in electronic form or otherwise;

I. A permanent injunction enjoining the private Defendants, the Doe Defendants and their respective agents, employees, attorneys, successors in office, assistants and all persons acting in concert with them from initiating an action against the individual Plaintiffs for submitting the ICASSP Paper to ICASSP or for presenting or publishing the ICASSP Paper or Chapter 10 of Dr. Wu's dissertation.

J. A permanent injunction enjoining the private Defendants, the Doe Defendants and their respective agents, employees, attorneys, successors in office, assistants and all persons acting in concert with them from initiating an action against the Plaintiffs and others for violating the DMCA by presenting or publishing scientific and technical information (including computer code) related to access and copy control measures and copyright management information systems, including, but not limited to, information gained through the SDMI Public Challenge, in electronic form or otherwise;

K. A permanent injunction enjoining the Department of Justice and its agents, employees, attorneys, successors in office, assistants and all persons and agencies acting in concert with them from enforcing the DMCA against Plaintiff USENIX and others for violating the DMCA by presenting or publishing scientific and technical information (including computer code) related to access and copy control measures and copyright management information systems, including, but not limited to, information gained through the SDMI Public Challenge, in electronic form or otherwise.

Other Relief

L. For costs and disbursements incurred in this action, including reasonable attorneys' fees, and such other and further relief as the Court deems proper.

DATED: JUNE 6, 2001


Grayson Barber (GB 0034)
(FLC 9895)
Grayson Barber, L.L.C.
Grassi, PC
68 Locust Lane
Princeton, NJ 08540
phone (609) 921-0391
fax (609) 921-7405

Gino J. Scarselli
664 Allison Drive Blvd., #512
Richmond Hts., OH 44143
phone & fax (216) 291-8601

Cindy A. Cohn
Lee Tien
Robin D. Gross
Electronic Frontier Foundation
454 Shotwell St.
San Francisco, CA 94110
phone (415) 436-9333
fax (415) 436-9993

Frank L. Corrado (FLC 9895)
Rossi, Barry, Corrado & Grassi, PC
Wildwood, NJ 08260
phone (609) 522-4927
fax (609) 522-4927

James S. Tyre
10736 Jefferson Blvd., #512
Culver City, CA 90230-4969
phone (310) 839-4114
fax (310) 839-4602

Joseph P. Liu
Boston College Law School
885 Centre Street
Newton, MA
phone (617) 552-8550

Attorneys for Plaintiffs