Declaration of Neils Ferguson
in Felten v. RIAA (Aug. 13, 2001)
Grayson Barber (GB 0034)
Frank L. Corrado (FLC 9895)
(Additional Counsel listed on signature page)
IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY
I, NIELS FERGUSON, hereby declare:
1. I am a resident of Amsterdam and citizen of the Netherlands
2. I am a cryptographer and Director in a family company MacFergus BV which I have run since 1998 with my father. MacFergus BV is devoted to providing cryptography consulting services
3. I used to work for the Centre for Mathematics and Computer Science where I invented cryptographic protocols for electronic payments. Later I worked for DigiCash where we designed and built some of the most advanced cryptographic payment systems anywhere. For Counterpane I have worked on many projects, including the development of Twofish.
4. I have published many articles and given talks on various cryptographic methods and other discoveries. I have (co)authored more than a dozen scientific papers published at conferences, several patents, and a book. I'm currently writing a book on cryptography.
5. I studied Mathematics at Eindhoven University of Technology in the Netherlands and left before obtaining a degree.
6. I have analyzed HDCP (an Intel encryption and authentication system for protecting copyrighted video signals on high definition televisions) and found serious security flaws that lead to a very practical attack. An experienced IT person could recover the master key and publish it, after which HDCP provides no protection whatsoever.
7. I have written a paper that discusses the HDCP system vulnerabilities which I wish to publish at a scientific conference. My research shows how the master key of the system can be recovered if we have access to 50 HDCP display devices and a few desktop computers. Knowledge of the master key allows recovery of all session keys, decryption of any video signal encrypted with HDCP, impersonation of arbitrary devices as well as the creation of new devices that will interoperate with existing HDCP devices.
8. As a scientist, I have been chilled from the recording industry's threats to Professor Felten's research and the arrest of Russian cryptographer Dmitry Sklyarov who revealed flaws in Adobe's security system. I had been planning to submit my HDCP paper to the Workshop on Security and Privacy in Digital Rights Management 2001 in Philadelphia on November 5th. However, since the passage of the DMCA in the United States, I feel I must censor myself in order to avoid prosecution under the DMCA. On August 8th, I sent the following email to the SPDRM Program Chair explaining why I would not be submitting the HDCP paper as expected:
9. Despite the fact that I performed all the work in Amsterdam, I could face arrest if I visit the US after my research had found its way into the jurisdiction. My research is silenced since I cannot talk about my scientific results to my colleagues and peers, as is now the case since the DMCA became law in the US. Scientific freedom is not only threatened under this law, it is demonstrably curtailed.
I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct and was executed at _________________on this the ___ day of ________, 2001.
______________________________ NIELS FERGUSON
Attorneys for Plaintiffs
Please send any questions or comments to firstname.lastname@example.org.