Declaration of Neils Ferguson

in Felten v. RIAA (Aug. 13, 2001)

Grayson Barber (GB 0034)
Grayson Barber, L.L.C.
68 Locust Lane
Princeton, NJ 08540
(609) 921-0391

Frank L. Corrado (FLC 9895)
Rossi, Barry, Corrado & Grassi, P.C.
2700 Pacific Avenue
Wildwood, NJ 08260
(609) 729-1333

(Additional Counsel listed on signature page)
Attorneys for Plaintiffs

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY

EDWARD W. FELTEN; BEDE LIU; SCOTT A. CRAVER; MIN WU; DAN S. WALLACH; BEN SWARTZLANDER; ADAM STUBBLEFIELD; RICHARD DREWS DEAN; and USENIX ASSOCIATION, a Delaware non-profit non-stock corporation, Plaintiffs,	) ) ) ) ) ) ) ) )	Hon. Garrett E. Brown, Jr. Case No. CV-01-2669 (GEB) Civil Action
vs.	) ) )	DECLARATION OF NIELS FERGUSON
RECORDING INDUSTRY ASSOCIATION OF AMERICA, INC.; SECURE DIGITAL MUSIC INITIATIVE FOUNDATION; VERANCE CORPORATION; JOHN ASHCROFT, in his official capacity as ATTORNEY GENERAL OF THE UNITED STATES; DOES 1 through 4, inclusive, Defendants.	) ) ) ) ) ) ) ) ) )

I, NIELS FERGUSON, hereby declare:

1. I am a resident of Amsterdam and citizen of the Netherlands

2. I am a cryptographer and Director in a family company MacFergus BV which I have run since 1998 with my father. MacFergus BV is devoted to providing cryptography consulting services

3. I used to work for the Centre for Mathematics and Computer Science where I invented cryptographic protocols for electronic payments. Later I worked for DigiCash where we designed and built some of the most advanced cryptographic payment systems anywhere. For Counterpane I have worked on many projects, including the development of Twofish.

4. I have published many articles and given talks on various cryptographic methods and other discoveries. I have (co)authored more than a dozen scientific papers published at conferences, several patents, and a book. I'm currently writing a book on cryptography.

5. I studied Mathematics at Eindhoven University of Technology in the Netherlands and left before obtaining a degree.

6. I have analyzed HDCP (an Intel encryption and authentication system for protecting copyrighted video signals on high definition televisions) and found serious security flaws that lead to a very practical attack. An experienced IT person could recover the master key and publish it, after which HDCP provides no protection whatsoever.

7. I have written a paper that discusses the HDCP system vulnerabilities which I wish to publish at a scientific conference. My research shows how the master key of the system can be recovered if we have access to 50 HDCP display devices and a few desktop computers. Knowledge of the master key allows recovery of all session keys, decryption of any video signal encrypted with HDCP, impersonation of arbitrary devices as well as the creation of new devices that will interoperate with existing HDCP devices.

8. As a scientist, I have been chilled from the recording industry's threats to Professor Felten's research and the arrest of Russian cryptographer Dmitry Sklyarov who revealed flaws in Adobe's security system. I had been planning to submit my HDCP paper to the Workshop on Security and Privacy in Digital Rights Management 2001 in Philadelphia on November 5th. However, since the passage of the DMCA in the United States, I feel I must censor myself in order to avoid prosecution under the DMCA. On August 8th, I sent the following email to the SPDRM Program Chair explaining why I would not be submitting the HDCP paper as expected:

Dear Tomas Sander,

I regret to inform you that I will not be submitting my HDCP paper to the Workshop on Security and Privacy in Digital Rights Management 2001. The DMCA-risks to my personal liberty and financial security are simply too great. I am very angry at this restriction of my freedom of speech. I feel violated, helpless, and out of control. They have taken away a basic human right, and there is nothing I can do about it.

I have been informed by a US lawyer specialising in this area that even publishing my paper here in the Netherlands will open the door to DMCA prosecution and liability. Not publishing this paper will damage my professional reputation, but if I do publish it I would never be able to visit the US again. This would do me even more harm, both professionally and personally.

Thank you for your support and your attempts to resolve this. Feel free to circulate this email amongst the program committee members and the conference organisers.

Best Wishes,
Niels

9. Despite the fact that I performed all the work in Amsterdam, I could face arrest if I visit the US after my research had found its way into the jurisdiction. My research is silenced since I cannot talk about my scientific results to my colleagues and peers, as is now the case since the DMCA became law in the US. Scientific freedom is not only threatened under this law, it is demonstrably curtailed.

I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct and was executed at _________________on this the ___ day of ________, 2001.

______________________________ NIELS FERGUSON

Grayson Barber (GB 0034)
Grayson Barber L.L.C.
68 Locust Lane
Princeton, NJ 08540
phone (609) 921-0391
fax (609) 921-7405

Frank L. Corrado (FLC 9895)
Rossi, Barry, Corrado & Grassi, PC
2700 Pacific Avenue,
Wildwood, NJ 08260
phone (609) 729-1333
fax (609) 522-4927

Gino J. Scarselli
664 Allison Drive
Richmond Hts., OH 44143
(216) 291-8601 (phone and fax)

James S. Tyre
10736 Jefferson Blvd., # 512
Culver City, CA 90230-4969
phone (310) 839-4114
fax (310) 839-4602

Cindy A. Cohn
Lee Tien
Robin Gross
Electronic Frontier Foundation
454 Shotwell St.
San Francisco, CA 94110
phone (415) 436-9333
fax (415) 436-9993

Joseph P. Liu
Boston College Law School
885 Centre Street
Newton, MA 02459
phone (617) 552-8550

Attorneys for Plaintiffs

Please send any questions or comments to webmaster@eff.org.