Declaration of Alan Cox

in Felten v. RIAA (Aug. 13, 2001)

Grayson Barber (GB 0034)
Grayson Barber, L.L.C.
68 Locust Lane
Princeton, NJ 08540
(609) 921-0391

Frank L. Corrado (FLC 9895)
Rossi, Barry, Corrado & Grassi, P.C.
2700 Pacific Avenue
Wildwood, NJ 08260
(609) 729-1333

(Additional Counsel listed on signature page)
Attorneys for Plaintiffs


ASSOCIATION, a Delaware non-profit
non-stock corporation,



   Hon. Garrett E. Brown, Jr.
   Case No. CV-01-2669 (GEB)
   Civil Action




his official capacity as ATTORNEY
DOES 1 through 4, inclusive,



I, ALAN COX, hereby declare:

      1.   I am a kernel engineer for Red Hat UK Ltd., a wholly-owned subsidiary of Red Hat, Inc., headquartered in Durham, North Carolina. The kernel is the core software of any computer; among other things, it enforces security policies and access controls where appropriate. I live in and am a citizen of the United Kingdom. This declaration is made on my own behalf and does not represent the position of my employer or any other party. The facts stated in this declaration are known to me of my own personal knowledge or, if stated on information or belief, I believe them to be true.

 2.   I am also heavily involved in the main development of the Linuxtm operating system. The Linux Operating System is a global project building the core software for running computers. Most people regard me as second in command to Linus Torvalds, the creator of the project. See, e.g., <http://www.softpanorama.org/People/Cox/index.shtml>.

 3.   The project operates under an "Open Source" license. The license used grants all parties equal rights to use, distribute and modify the Linux system. In particular, all users receive the source code (often described in non-computing terms as "the blueprints") of the system.

 4.   I was the original Linux project contact with CERT (the Computer Emergency Response Team, http://www.cert.org/) and am still heavily involved in vendor-sec, the e-mail list that handles security issues with the Linux operating system.

 5.   I am a frequent invited speaker at conferences about the Linux system and its workings. I have provided keynote speeches to conferences such as the Ottawa Linux Showcase (probably the biggest technically oriented Linux event).

 6.   Until July 20, 2001, I was on the program committee of the Usenix ALS Linux conference , a Linux event with a reasonably technical orientation that will be held in Oakland, California, this year.

 7.   On July 20, I resigned from the Usenix ALS committee. I issued the following statement, of my own free will, after the Russian programmer Dmitry Sklyarov was arrested by the FBI on charges of violating the DMCA, and it became clear how much the DMCA was a threat to speakers on many important subjects:

    I hereby tender my resignation to the Usenix ALS committee.

    With the arrest of Dimitry Sklyarov it has become apparent that it is not safe for non US software engineers to visit the United States. While he was undoubtedly chosen for political reasons as a Russian is a good example for the US public the risk extends arbitarily further.

    Usenix by its choice of a US location is encouraging other programmers, many from eastern european states hated by the US government to take the same risks. That is something I cannot morally be part of. Who will be the next conference speaker slammed into a US jail for years for committing no crime? Are usenix prepared to take the chance it will be their speakers ?

    Until the DMCA mess is resolved I would urge all non US citizens to boycott conferences in the USA and all US conference bodies to hold their conferences elsehere.

    I appreciate that this problem is not of Usenix making, but it must be addressed

    Alan Cox

I still stand by this statement.

 8.   I made this public announcement because I felt that many software engineers, particularly those working in security-related projects, or on disabled-access activities legal in their own countries, risked arrest merely for speaking about things they had discovered.

 9.   When the first cases of DMCA censorship occurred, I was less worried. Attempts by large corporations to silence the truth by legal abuse are common and normally get resolved to the benefit of the people. However, the Sklyarov case really made me concerned, because it was now the case that people telling unpopular truths could be seized by the FBI and slammed into jail under the DMCA.

 10.   Free speech -- including the ability to discuss circumvention methods -- is a vital part of computer security. When a weakness in a security system is discovered, it needs to be discussed, it needs to be evaluated and it needs to be tested by many minds.

 11.   Without this kind of continual testing the vendors will be able to ship flawed and broken technology without those depending on the technology ever knowing about the flaws. In fact, this aspect of the DMCA only serves to further the business of the incompetent. It exposes copyright owners to serious risk by preventing the truth from being told about products that they rely on.

 12.   Experience in computer security has shown me that the bad guys share their knowledge and act without regards to laws. One of the few weapons the good guys used to have is an organised network of information sharing and conferences.

 13.   In my work on Linux security, I have to warn people about security problems I am aware of - indeed, for paid commercial work in the UK, failing to do so would almost certainly be negligent. Yet under the DMCA, I have to choose betweem keeping quiet when a flaw is known or discovered in an encryption system or other rights management tool, which could put my clients at risk -- or being unable to visit the United States without fear of arrest. Without that ability to tell the truth the fight against crime is weakened and the possibility that the national security infrastructure of nations is flawed and weak increases.

 14.   Some parties often seek to mislead on the situation with 'Open Source' and copyright. Let me therefore set some points straight:

  • I believe in the basis of copyright coupled with fair use

  • The licenses used in the Linux project are built on copyright law. They may seem unconvential because the rights we grant are a little different compared to Microsoft's view of the world. We depend on copyright and when neccessary we aggressively enforce our copyrights

  • The license we use (the GNU public license) is sometimes called the Copyleft. This is not because it is anti-copyright law, but because it turns on its head the view of what copyright owners do with their rights.

I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct and was executed at Swansea, Wales on this the ___ day of ________, 2001.

_______________________ Alan Cox      

Grayson Barber (GB 0034)
Grayson Barber L.L.C.
68 Locust Lane
Princeton, NJ 08540
phone (609) 921-0391
fax (609) 921-7405
Frank L. Corrado (FLC 9895)
Rossi, Barry, Corrado & Grassi, PC
2700 Pacific Avenue,
Wildwood, NJ 08260
phone (609) 729-1333
fax (609) 522-4927
Gino J. Scarselli
664 Allison Drive
Richmond Hts., OH 44143
(216) 291-8601 (phone and fax)
James S. Tyre
10736 Jefferson Blvd., # 512
Culver City, CA 90230-4969
phone (310) 839-4114
fax (310) 839-4602
Cindy A. Cohn
Lee Tien
Robin Gross
Electronic Frontier Foundation
454 Shotwell St.
San Francisco, CA 94110
phone (415) 436-9333
fax (415) 436-9993
Joseph P. Liu
Boston College Law School
885 Centre Street
Newton, MA 02459
phone (617) 552-8550

Attorneys for Plaintiffs

Please send any questions or comments to webmaster@eff.org.