ELECTRONIC FRONTIER FOUNDATION
                                                         
                                                        

Jail Time in the Digital Age

By LAWRENCE LESSIG

STANFORD, Calif.

Dmitri Sklyarov is a Russian programmer who, until recently, lived and worked in Moscow. He wrote a program that was legal in Russia, and in most of the world, a program his employer, ElcomSoft, then sold on the Internet. Adobe Corporation bought a copy and complained to the Federal Bureau of Investigation that the program violated American law and that, by the way, Mr. Sklyarov was about to give a lecture in Las Vegas describing the weaknesses in Adobe's electronic book software. Two weeks ago, the F.B.I. arrested Mr. Sklyarov. He still sits in a Las Vegas jail.

Something is going terribly wrong with copyright law in America. Mr. Sklyarov himself did not violate any law, and his employer did not violate anyone's copyright. What his program did was to enable the user of an Adobe eBook Reader to disable restrictions that the publisher of a particular electronic book formatted for Adobe's reader might have imposed. Adobe's eBook Reader, for example, has a read-aloud function. With it, the computer will read out loud an appropriately formatted eBook text. A publisher can disable that function for a particular eBook. Mr. Sklyarov's program would enable the purchaser of such a disabled eBook to overcome the restriction. A blind person, for example, could use ElcomSoft's program to listen to a book.

The problem from Adobe's perspective, however, is that the same software could enable a pirate to copy an electronic book otherwise readable only with Adobe's reader technology — then sell that copy to others without the publisher's permission. That would be a copyright violation, and it is that possibility that led Congress to enact the statute that has now landed Mr. Sklyarov in jail — the Digital Millennium Copyright Act.

The D.M.C.A. outlaws technologies designed to circumvent other technologies that protect copyrighted material. It is law protecting software code protecting copyright. The trouble, however, is that technologies that protect copyrighted material are never as subtle as the law of copyright. Copyright law permits fair use of copyrighted material; technologies that protect copyrighted material need not. Copyright law protects for a limited time; technologies have no such limit.

Thus when the D.M.C.A. protects technology that in turn protects copyrighted material, it often protects much more broadly than copyright law does. It makes criminal what copyright law would forgive.

Using software code to enforce law is controversial enough. Making it a crime to crack that technology, whether or not the use of that ability would be a copyright violation, is to delegate lawmaking to code writers. Yet that is precisely what the D.M.C.A. does. The relevant protection for copyrighted material becomes as the technology says, not as copyright law requires.

America is essentially alone in this strategy of techno-lawmaking. Most nations in the world — including, importantly for Mr. Sklyarov, Russia — regulate copyright violations through copyright law, not through laws aimed at code writers. But what the Sklyarov case means is that this controversial experiment in the United States now essentially regulates the world. If you produce and distribute code that cracks technological protection systems, and that code can be accessed in the United States, then it's just a matter of time before our F.B.I. comes knocking at your door.

This is bad law and bad policy. It not only interferes with the legitimate use of copyrighted material, it undermines security more generally. Research into security and encryption depends upon the right to crack and report. Only if weaknesses can be discovered and described openly will they be fixed.

Increasingly, in the United States, this freedom has been lost. In April, for example, Edward Felten, a Princeton professor and encryption researcher, received a letter from recording industry lawyers warning him that a paper he was about to present at a conference — it described the weaknesses of an encryption system — could subject him to enforcement actions under the D.M.C.A.. Mr. Felten understood the threat and decided not to present his paper. Largely as a result of this experience, he is now the lead plaintiff in a lawsuit challenging the Digital Millennium Copyright Act on First Amendment grounds.

Authors have an important and legitimate interest in protecting their copyrights. The law should help authors where it can. But the law should not push its power beyond the protection of copyright, and the law should especially not criminalize activities that are central to research in encryption and security.

Adobe understands this. After extensive meetings with the nonprofit Electronic Frontier Foundation — and widespread protests on the Internet, at Adobe's San Jose, Calif., headquarters, in Moscow and elsewhere — Adobe announced it did not think the prosecution of Mr. Sklyarov was conducive to the best interests of the parties involved or of the industry.

Yet Mr. Sklyarov still languishes in jail, puzzled, no doubt, about how a free society can jail someone for writing code that was legal where written, just because he comes to the United States and gives a report on encryption weaknesses. Lawrence Lessig, a law professor at Stanford University, is author of the forthcoming ``The Future of Ideas'' and a member of the Electronic Frontier Foundation board.

[This editorial was first published in the New York Times, including the online edition at:
  http://www.nytimes.com/2001/07/30/opinion/30LESS.html
NYT site membership required to access that version.



Please send any questions or comments to webmaster@eff.org.