See related files:
http://www.eff.org/IP/Video (EFF Archive)
http://cryptome.org/cryptout.htm#DVD-DeCSS
(Cryptome Archive)
http://www.2600.com/dvd/docs (2600 Archive)
http://eon.law.harvard.edu/openlaw/dvd/ (Harvard DVD OpenLaw Project)
1
1
2 THE VIDEOGRAPHER: My name is
3 Robert McDonald, member of the National Legal
4 Video Association for New York Reporting.
5 Today is June 29, 2000 and on the record at
6 approximate 10:30 a.m., in the matter of
7 Universal Studios, et al versus Reimerdes et
8 al. The witness today is Andrew Appel and we
9 are at the offices of Proskauer Rose, 1585
10 Broadway, New York, New York. Will counsel
11 please introduce themselve for the record.
12 MR. HART: I'm Bill Hart from
13 Proskauer Rose for the plaintiffs.
14 MR. HERNSTADT: Edward
15 Hernstadt from Frankfurt, Garbus, Klein & Selz
16 for the defendants.
17 THE VIDEOGRAPHER: Will the
18 court reporter please swear in --
19 MR. HERNSTADT: We also have
20 David Atlas from Frankfurt Garbus and Martin
21 Garbus from Frankfurt also for the defendants.
22 THE VIDEOGRAPHER: Will the
23 court reporter please swear in the witness?
24 A N D R E W W. A P P E L ,
25 after having been duly sworn by a Notary Public
2
1
2 of the State of New York, was examined and
3 testified as follows:
4 THE WITNESS: Yes.
5 THE VIDEOGRAPHER: You may
6 proceed.
7 EXAMINATION
8 BY MR. HART:
9 Q. Good morning. Mr. Appel or
10 Dr. Appel?
11 A. Either one.
12 Q. Thank you.
13 Have you ever been deposed before,
14 sir?
15 A. No.
16 Q. You've been asked to testify here
17 today you because it's our understanding that
18 you are going to be appearing as an expert
19 witness on behalf of the defendants at the
20 trial of this case. Is that your
21 understanding?
22 A. Yes.
23 Q. May I have your home address for
24 the record, please?
25 A. 43 Philip Drive, Princeton, New
3
1
2 Jersey.
3 Q. Are you employed?
4 A. Yes.
5 Q. By whom?
6 A. Princeton University.
7 Q. Okay.
8 And what is your job function or
9 title?
10 A. I'm a professor of computer
11 science.
12 Q. How long have you been at
13 Princeton?
14 A. 14 and a half years.
15 MR. HART: Okay. I'm going to
16 mark Plaintiff's 1.
17 MR. HERNSTADT: Bill, while
18 we're marking this, let me clarify what I told
19 I think Chuck and you, which is that Professor
20 Appel is going to sort of function as mixed
21 expert and fact witness. Some of the things he
22 is testifying about are fact; some of the
23 things he is testifying about are as an expert.
24 MR. HART: Could you mark
25 Mr. Appel's declaration as Exhibit
4
1
2 1, please?
3 (Thereupon, the Declaration of
4 Andrew W. Appel was marked as
5 Exhibit 1 for identification as
6 of today's date)
7 MR. GARBUS: Bill, I assume you
8 know that if for any reason Mr. Appel is
9 unavailable for the purpose of testimony, then
10 it is our plan to introduce this deposition in
11 lieu of his testimony.
12 MR. HART: That's not my
13 understanding, and indeed in my discussion with
14 Mr. Hernstadt last night I asked him whether it
15 was his understanding that the witnesses he was
16 producing for these depositions were being
17 produced precisely because they were appearing
18 as trial witnesses. He said he would give me
19 notice if they weren't and purported to hand me
20 a notice five minutes ago in here by which the
21 defendants are saying they are going to take
22 Andrew Appel. And frankly, I object to it, but
23 frankly I would like to proceed with my
24 deposition right now and not get into arguments
25 over this issue.
5
1
2 MR. HERNSTADT: That's fine.
3 However, I just have to say for the record that
4 I told you last night that we weren't sure that
5 everyone was going to appear at trial, and that
6 anybody who wasn't going to appear at trial, we
7 would give you a notice of deposition and we'd
8 take their deposition, too. And then told you
9 this morning that Professor Appel is away the
10 first week of the trial and it wasn't clear he
11 was going to be able to appear. So pursuant to
12 our conversation last night I've given you
13 notice of deposition.
14 MR. HART: Five minutes ago as
15 this deposition began, correct?
16 MR. HERNSTADT: That's correct.
17 MR. HART: Okay. Thank you.
18 Let's proceed, now.
19 Q. Mr. Appel, I'm going to have the
20 reporter show you what I've just marked as
21 Exhibit 1 and ask you to identify that. If you
22 need to look through all the pages, you may.
23 A. Yes, this is a declaration that I
24 signed in April.
25 Q. Okay.
6
1
2 And your curriculum vitae is
3 attached to this declaration, Exhibit 1, is it
4 not?
5 A. Yes.
6 Q. Is that C.V. accurate and
7 up-to-date in all respects?
8 A. As of the time it was printed.
9 Q. Are there any other things that you
10 can now add to this C.V. that are not reflected
11 in it?
12 A. Let's see. The paper entitled
13 "Technological Access Control Interferes with
14 Noninfringing Scholarship" on a current version
15 of my C.V. would be listed as to appear in
16 communications of the ACM.
17 Q. I'm sorry. The last part was to
18 appear in communications --
19 A. To appear in the journal entitled
20 --
21 Q. Excuse me.
22 A. To appear in communications of the
23 ACM.
24 Q. Okay.
25 And what is the ACM?
7
1
2 A. The ACM is the Association for
3 Computing Machinery. It's the scholarly and
4 industry society for computer science and --
5 Q. I'm sorry.
6 A. And computing.
7 Q. Are you done?
8 A. Yes.
9 Q. I will try, and I certainly don't
10 mean to interrupt you, and if -- let me have a
11 chance to complete the question, too. And
12 that's by no means a criticism. Sometimes the
13 record gets cluttered.
14 So are you taking that the only
15 update to your C.V. as we sit here today is
16 that your article, "Technological Access
17 Control Interferes with Noninfringing
18 Scholarship," is going to be published in the
19 ACM journal?
20 A. Right.
21 Q. Okay.
22 Anything else?
23 A. No.
24 Q. Okay.
25 And am I correct that the article
8
1
2 we just referred to is also attached as an
3 exhibit to your declaration?
4 A. Yes.
5 Q. Have there been any changes in that
6 article from the version we see here as an
7 attachment to your declaration, Exhibit 1?
8 A. The version that's going to be
9 published contains an additional sidebar box of
10 approximately one page that explains the
11 circumstances of the copyright office's request
12 for public comment and sets it in the context
13 of the -- the MCA.
14 Q. Mm-hmm?
15 A. And other than that, there are no
16 changes.
17 Q. Do you have a copy of this later
18 version of the article with you today?
19 A. No. It's available from my
20 website.
21 Q. Thank you.
22 Does your involvement in this case
23 call upon any special skills or knowledge?
24 A. I think it has to do with my
25 knowledge of how scholars publish their works,
9
1
2 sometimes in the form of computer programs, and
3 in how the -- certain certain scholarly uses of
4 published materials may require access to the
5 unencrypted content of those materials.
6 Q. Okay.
7 A. And maybe other things, as well.
8 Q. Okay.
9 Are the other things things that
10 are reflected in your Declaration, Exhibit 1?
11 A. I think that other things are just
12 general technical issues relating to what are
13 computer programs and how they work.
14 Q. Are there any other things that you
15 bring to bear in connection with this case in
16 terms of special skills or knowledge?
17 A. Not that occurs to me at the
18 moment.
19 Q. Okay.
20 You said a moment ago, and I don't
21 want to mischaracterize your testimony, but you
22 just to cut through this --
23 MR. GARBUS: Mr. Gold.
24 MR. HART: Good morning.
25 Q. -- that one of the specialized
10
1
2 areas of knowledge that you have is the
3 publication of works of scholarship involving
4 computer programs. Is that roughly right?
5 A. That's right.
6 Q. Okay.
7 What is the basis for your
8 knowledge and expertise in that area?
9 A. I have published works of
10 scholarship in the form of computer programs.
11 Q. As an author?
12 A. As an author.
13 Q. Okay.
14 Anything else?
15 A. I have used the results of other
16 scholars who have published their works in the
17 form of computer programs.
18 Q. With permission or without
19 permission from the other authors?
20 A. Sometimes with explicit permission.
21 Q. Mm-hmm.
22 A. And sometimes they have published
23 it in a form that implies permission to
24 retrieve it from their internet site and use
25 it.
11
1
2 Q. Is that implied permission
3 suggested by the very presence of such works on
4 the internet?
5 MR. HERNSTADT: You're talking
6 about with respect to these articles?
7 MR. HART: Wait a second. The
8 witness has not indicated he has a problem with
9 the question. If you have an objection, make
10 it.
11 MR. HERNSTADT: No. I have a
12 problem with the question, okay?
13 MR. HART: Fine. Object to it.
14 MR. HERNSTADT: Okay, Bill. I
15 will. Objection to the form of the question.
16 MR. HART: Thank you.
17 MR. HERNSTADT: Are you -- what
18 does the word "that" refer to? Are you
19 referring to anything on the internet or are
20 you referring to specific articles on the
21 internet?
22 MR. HART: Do you want the
23 question read back, sir?
24 THE WITNESS: Yes, please.
25 MR. HART: Okay. Ms. Reporter,
12
1
2 if you would.
3 (Record read)
4 Q. You can answer the question.
5 A. Usually I would say it's the
6 presence of that material on the internet on a
7 website where someone is clearly distributing
8 papers and such things as computer programs. I
9 wouldn't say that any appearance on -- anywhere
10 on the internet would constitute permission.
11 It has to do with the type of site it's being
12 distributed from.
13 Q. The context in which it's presented
14 on the internet?
15 A. Right.
16 Q. And what indicia in your mind would
17 indicate the situation where you have implied
18 permission in your words as distinguished from
19 a situation where you don't in your mind?
20 MR. HERNSTADT: I'm going to
21 object to the extent that this is calling for a
22 legal conclusion.
23 MR. HART: Not --
24 MR. HERNSTADT: I understand.
25 I'm just making the record that he's not a
13
1
2 legal -- he's not a lawyer and I'm instructing
3 him not to answer in any way that would suggest
4 that you have an understanding of the law, but
5 that you're answering as a layperson.
6 MR. HART: I'll stipulate that
7 every question I ask him is going to be based
8 on his knowledge and his views and does not
9 call for a legal conclusion.
10 MR. HERNSTADT: Very good.
11 THE WITNESS: I would say that
12 in practice almost all of the places where I
13 download computer programs are from the
14 websites of scholars both in academia and at
15 industrial research labs. Where it's clear
16 that the programs in question are the results
17 of scholarships, that have been published for
18 the purpose of people using them.
19 Q. Got you. Thank you.
20 I'd like you to turn to your
21 declaration, Exhibit 1, for a moment. And I'd
22 like you to focus on Paragraph 3. Okay?
23 A. All right.
24 Q. All right. And if you want to take
25 a moment to read that, please do so.
14
1
2 A. All right.
3 Q. Okay.
4 You say, and I'm referring to the
5 sentence that begins "this on a basic level."
6 Do you see that?
7 A. Yes.
8 Q. Okay.
9 Is what you're saying here that if
10 there is something of interest, it should be
11 put onto the internet so others can have at it?
12 Is that essentially what the statement means?
13 MR. HERNSTADT: Objection. It
14 misstates what's -- what's written here.
15 MR. HART: I'm not asking him
16 to restate what's written. I'm asking him for
17 what -- his understanding of what he wrote and
18 what he meant.
19 MR. HERNSTADT: If you can
20 answer the question, go ahead.
21 THE WITNESS: I think what it
22 means is that ideas can best be evaluated by
23 exposing them to public view and public
24 comment.
25 Q. Okay.
15
1
2 And does that include ideas
3 contained in other people's works or material?
4 A. Yes.
5 Q. Okay.
6 Does your view of scholarship in
7 this context mean that you are free to take
8 other people's works without permission and put
9 them on the internet in order to further the
10 purposes described in Paragraph 3 of your
11 declaration?
12 MR. HERNSTADT: Could you read
13 back the question, please?
14 (Record read)
15 MR. HERNSTADT: Objection.
16 That question significantly misstates the
17 testimony. The witness -- the question
18 before That was talking about --
19 MR. HART: Stop. No speeches.
20 MR. HERNSTADT: The question
21 before that was talking about --
22 MR. HART: No. Stop. Please
23 stop. I don't want you testifying and coaching
24 the witness.
25 MR. HERNSTADT: -- ideas. You
16
1
2 are misleading with that question. you
3 misstate the testimony.
4 MR. HART: I'm going to ask the
5 witness to walk out if you are going to
6 speechify. It's improper. Objection.
7 MR. HERNSTADT: You can do that
8 if you want. It's not an improper objection.
9 MR. HART: Okay. Then make the
10 objection and --
11 MR. HERNSTADT: Fine. Then
12 what I'm going to ask the reporter to do is
13 could you read back the prior question and
14 answer and then read back the last question?
15 MR. HART: I'm going to ask the
16 witness to step out of the room until
17 Mr. Hernstadt's done filling the record with
18 his testimony. Mr. Appel, I'd ask you to
19 excuse yourself, and I do not want to be
20 impolite to you and ask you to do that.
21 MR. HERNSTADT: Mr. Hart, I
22 have just asked the witness --
23 MR. HART: While the witness is
24 here I don't want you saying anything.
25 MR. HERNSTADT: Bill, you can't
17
1
2 do that.
3 MR. HART: Yes, I can.
4 MR. HERNSTADT: No, you can't
5 do that. I've asked the reporter to read back
6 the prior question and answer and then your
7 question. I've made my objection and now we're
8 pro -- and now we're ready to proceed. I made
9 that clear before you made this dramatic little
10 act here. We are ready to go on if you are
11 ready to grow -- to go on. I made my
12 objection, I explained my objection. You know,
13 I suggest you read the transcript and see
14 Mr. Cooper's speaking objections all through.
15 Now, could you read back the
16 prior question and answer and then the
17 follow-up question?
18 (Record read)
19 MR. HERNSTADT: Subject to my
20 objection you can answer the question. Bill,
21 you've got to take it easy.
22 THE WITNESS: There is a
23 difference between taking other people's works
24 and discussing the ideas that may be inherent
25 to those works.
18
1
2 Q. So you're saying that you could
3 discuss the ideas without actually taking the
4 works and posting them to the internet, right?
5 MR. HERNSTADT: Objection to
6 the form of the question. You can answer that
7 if you can.
8 THE WITNESS: Discussion of the
9 ideas in a work can be possible without posting
10 the work itself.
11 MR. HART: Thank you. I'd like
12 to mark the subpoena, please, with
13 the document request as Exhibit 2.
14 (Thereupon, a Subpoena and
15 Document Request was marked as
16 Appel Exhibit 2 for identification
17 as of today's date)
18 Q. Mr. Appel, I'm going to just show
19 you what the reporter just marked as Exhibit 2
20 and ask you to take a look at that. And the
21 question is, have you seen that document
22 before? And you can take a moment to peruse it
23 before you give me an answer your answer.
24 A. Yes.
25 Q. Okay.
19
1
2 Did you collect any documents in
3 response to that subpoena and document request
4 that we've marked Exhibit 2?
5 A. Yes.
6 Q. When did you do so?
7 A. Yesterday.
8 Q. Did you have any assistance in
9 doing so?
10 A. No.
11 Q. You did it yourself?
12 A. Yes.
13 Q. Okay.
14 And how were you guided in looking
15 for the documents?
16 MR. HERNSTADT: Objection to
17 the form.
18 MR. HART: Fair enough. It was
19 a bad question. I apologize.
20 Q. How do you know what documents to
21 look for?
22 A. The only documents I have with
23 respect to this case are the declarations and
24 attachments that I already filed and an E-mail
25 file of E-mail to and from other people.
20
1
2 Q. What other people?
3 A. I have some E-mail messages that
4 are before the time the attorneys for the
5 defendants first contacted me.
6 Q. Okay.
7 And what time was that just to put
8 it into a context?
9 A. That was in mid-April.
10 Q. All right.
11 A. And -- and I have E-mail after that
12 time, and I have been advised that the E-mail
13 from after that time --
14 Q. Mm-hmm. --
15 A. -- because of who it is with is
16 subject to privilege.
17 Q. Who is it with?
18 MR. HERNSTADT: Let me be
19 clear. It's E-mail with me and I just --
20 MR. HART: I don't want you to
21 be clear. I asked the witness a question. If
22 you object, object.
23 Q. Who is it with?
24 A. It's E-mail with the attorneys for
25 the defense.
21
1
2 Q. Okay.
3 Are there any other E-mails that
4 you have after you were contacted by the
5 defendants in mid-April with persons other than
6 the attorneys for the defense?
7 A. Yes.
8 Q. And have you produced those to us,
9 sir?
10 A. No.
11 Q. Why not?
12 A. They are generally with other
13 people who might testify, and -- and I was
14 advised that I didn't have to produce those.
15 Q. I'm sorry. You were advised by
16 whom?
17 A. By the -- by Mr. Hernstadt.
18 Q. And who are these other people that
19 you said might testify?
20 A. Edward Felten, David Touretzky,
21 Peter Ramadge.
22 Q. Peter Remwich?
23 A. Ramadge.
24 Q. Could you spell that for the
25 record?
22
1
2 A. R-a-m-a-d-g-e.
3 Q. And where is Peter?
4 A. He's a professor of electrical
5 engineering at Princeton University.
6 Q. Okay.
7 Anybody else?
8 A. There may be -- I don't recall.
9 That -- that -- nothing significant.
10 Q. How do you know that?
11 A. I guess I scanned through the
12 E-mail file.
13 Q. How big is that E-mail file?
14 A. My guess is that it has about 100
15 messages.
16 Q. And this is all post mid-April?
17 A. The E-mails from before mid-April I
18 brought with me.
19 Q. Have you turned those over to me?
20 A. No, I will do so now.
21 MR. HERNSTADT: No, we did.
22 THE WITNESS: Oh, we did?
23 MR. HERNSTADT: Those are those
24 right in front of you with AT your left hand.
25 MR. HART: Let's mark this as
23
1
2 Plaintiff's 3.
3 (Thereupon, a Group of E-mails
4 was marked as Exhibit 3 for
5 identification as of today's date)
6 Q. Mr. Appel, the reporter has just
7 handed you what we've marked as Plaintiff
8 Exhibit 3. Is that the entirety of the E-mail
9 traffic that you referred to a moment ago as
10 having turned over to me?
11 A. Yes.
12 Q. And is this all E-mail that's all
13 post mid-April of 2000 relating to this case?
14 A. This is E-mail of March 2000.
15 Q. This is -- this is before you were
16 --
17 A. Right.
18 Q. -- in contact with defense
19 attorneys?
20 A. That's right.
21 Q. Okay.
22 Are you represented here today by
23 counsel?
24 A. I'm represented by these attorneys
25 (indicating).
24
1
2 Q. I see.
3 MR. HERNSTADT: For the
4 purposes of this deposition.
5 Q. I see. And when did you engage
6 these attorneys?
7 MR. HERNSTADT: We've --
8 MR. HART: Wait. Please.
9 MR. HERNSTADT: Objection to
10 the form of the question.
11 MR. HART: Thank you.
12 MR. HERNSTADT: It assumes
13 questions not in evidence.
14 Q. Fair enough. You can answer.
15 A. We discussed this morning that they
16 would be representing me for -- for the
17 purposes of this deposition.
18 Q. Oh, okay. So all those other
19 E-mails that you had since mid-April concerning
20 this case, they weren't involving
21 communications with your lawyer, were they?
22 MR. HERNSTADT: Objection to
23 the form of the question. You can answer if
24 you can.
25 THE WITNESS: Mr. Garbus told
25
1
2 me that --
3 MR. HERNSTADT: Objection.
4 Don't say what Mr. Garbus told you.
5 THE WITNESS: Okay.
6 Q. It's a pretty straightforward
7 question, Mr. Appel. I'm not trying to trick
8 you here. I just --
9 MR. HERNSTADT: No, I'm
10 directing him not to tell you what Mr. Garbus
11 told you.
12 MR. HART: I didn't ask him for
13 that. Do you want to read back the qustion?
14 MR. HERNSTADT: You can answer
15 the question with that.
16 MR. HART: Let's read the
17 question back. I think that will help the
18 witness.
19 (Record read)
20 THE WITNESS: That's right.
21 Q. Okay.
22 Now, the E-mails before this
23 mid-April time when you were first in
24 communication with defendant's lawyers, have
25 you produced the entirety of those to us
26
1
2 relative to this case --
3 A. Yes.
4 Q. -- or to DeCSS or CS'S.
5 A. Yes.
6 Q. And that's what's in Exhibit 3?
7 A. Yes.
8 Q. When did you first hear of DeCSS?
9 A. It may have been in a phone
10 conversation with David Touretzky.
11 Q. Mm-hmm.
12 A. -- shortly prior to the first
13 E-mail that I've give you which is dated March
14 13 or it may ave been earlier. I can't recall.
15 Q. The E-mail that you referred to
16 from Mr. Touretzky or Dr. Touretzky is
17 reflected to the first page of Exhibit 3?
18 A. I got a phone call from David
19 Touretzky.
20 Q. Okay.
21 A. And this first E-mail is from me to
22 Edward Felten discussing the phone call.
23 Q. I see.
24 Now, prior to the phone call from
25 Dr. Touretzky, had you ever been in
27
1
2 communication with him before?
3 A. I met him in 1981 and I have not
4 had much communication with him since 1985
5 until March of this year.
6 Q. Okay.
7 And the communications that you had
8 with him from '81 to 85, what did they concern
9 generally?
10 A. I was a graduate student at
11 Carnegie-Mellon University where he teaches.
12 Q. Got you.
13 What was the gist of the phone call
14 from Dr. Touretzky?
15 A. He was interested to know whether I
16 would like to contribute to his website, the
17 gallery of CSS descramblers, and would I like
18 to mirror it.
19 Q. Mirror Dr. Touretzky's gallery?
20 A. That's right.
21 Q. Had you, prior to that call, seen
22 Dr. Touretzky's website?
23 A. No.
24 Q. What else was said that in phone
25 call with Dr. Touretzky?
28
1
2 A. I think that's all.
3 Q. Okay.
4 Did he say anything about what was
5 on his website in the phone call?
6 A. I think he described its contents.
7 Q. Can you give me a rough
8 approximation of that description as he gave it
9 to you?
10 MR. HERNSTADT: Objection to
11 the form. You can answer it if you can.
12 THE WITNESS: He said that the
13 website was meant to illustrate that it's very
14 difficult to draw a line between on one hand
15 commuter program source code, and on the other
16 hand other description of an algorithm that is
17 not computer program source code.
18 Q. And by other "other description,"
19 what did you understand that to mean?
20 A. Such things as English language
21 sentences or mathematical notation or other
22 formal or informal ways of describing computer
23 algorithms.
24 Q. Got you.
25 And what -- was there anything else
29
1
2 discussed in the phone call with Dr. Touretzky?
3 A. I don't think so.
4 Q. Okay.
5 What did you do after that phone
6 call relative to this case or that
7 conversation?
8 MR. HERNSTADT: Objection to
9 the form of the question.
10 THE WITNESS: I discussed with
11 Ed Felten whether we should mirror the website,
12 and I made a scientific investigation of what I
13 might contribute to it.
14 Q. Okay.
15 And what did that investigation
16 involve?
17 A. I had a particular scientific idea
18 that would illustrate the difficulty of
19 distinguishing between English language
20 description of a computer algorithm and
21 computer source code, and I investigated the
22 feasibility of concretely demonstrating that
23 idea by means of another computer program.
24 Q. Okay.
25 What other computer program?
30
1
2 A. It would be a computer program that
3 would translate between the English language
4 description of an algorithm and the source code
5 description.
6 Q. Rather than have you repeat it, I'm
7 just going to have here read it back. It may
8 be a function of my deafness and not your --
9 not your answer. If you would you.
10 (Record read)
11 Q. For lack of a better word, and
12 excuse my ignorance, would this be a program
13 that would function like a compiler-decompiler
14 to convert the English language version of a
15 program into some other form of computer
16 program?
17 MR. HERNSTADT: Objection to
18 the form of the question. If -- if you can
19 answer it, go ahead.
20 THE WITNESS: It would
21 generally translate the source code description
22 into an English language description and back.
23 Q. I see.
24 Did you ever actually create that
25 program?
31
1
2 A. I found such a program that someone
3 had created a few years previously.
4 Q. Uh-huh.
5 A. And I investigated whether it would
6 be applicable to something like DeCSS.
7 Q. Was it?
8 A. Not in the form that I found it.
9 Q. Why not?
10 A. It appears to be tuned a little too
11 closely to a different situation.
12 Q. All right. Get technical with me
13 now.
14 A. Okay.
15 Q. What do you mean, "tuned to a
16 different situation?"
17 A. The author of that program --
18 Q. Let's but a name on that program,
19 please.
20 A. I believe it's called --
21 Q. I guess the record will reflect
22 that you're referring to Exhibit 3.
23 A. I believe it's called c2txt2c.
24 Q. Okay. All right.
25 A. It was original is designed by its
32
1
2 author to translate a computer program called
3 Blowfish --
4 Q. Right.
5 A. -- to English prose and back again.
6 Q. Okay. Got you.
7 And that program c2 whatever that
8 you just referred to did not work in doing that
9 with DeCSS when you tried it?
10 A. That's right.
11 Q. Okay.
12 Do you know why?
13 A. Basically because that program was
14 a prototype demonstration of that idea.
15 Q. I see.
16 A. That was not implemented in full
17 generality.
18 Q. Got you.
19 So did you wind up contributing
20 anything to Dr. Touretzky's gallery?
21 A. No.
22 Q. Okay.
23 Did you have further communications
24 with Dr. Touretzky after that first phone call
25 about the subject of contributing something to
33
1
2 his gallery?
3 A. Yes. Those are reflected in the
4 E-mail that I've given you.
5 Q. Were they E-mail communications or
6 phone calls that are reflected by E-mail
7 communication?
8 A. I believe they were all E-mail
9 communications.
10 Q. Got you.
11 And would the E-mails that are in
12 Exhibit 3 reflected the entirety of your
13 communications with Dr. Touretzky concerning
14 this case?
15 MR. HERNSTADT: Objection to
16 form. As -- it assumes facts -- excuse me. It
17 misstates the testimony before. There is a
18 phone call prior to that.
19 MR. HART: Understood.
20 Q. Taking that into account.
21 A. I don't recall if there were any
22 other phone calls between me and Mr. Touretzky.
23 Q. Okay. Okay.
24 Did you ever have occasion to look
25 at Dr. Touretzky's site?
34
1
2 A. Yes.
3 Q. Okay.
4 Do you recall whether it contained
5 DeCSS in binary form or as an executable
6 utility?
7 A. I don't recall.
8 MR. HERNSTADT: I'm sorry.
9 Could you read back the question?
10 (Record read)
11 Q. Do you have any understanding of
12 when Dr. Touretzky created that site containing
13 the gallery as we're referring to it?
14 A. No.
15 Q. Okay.
16 A. It must have been before he called
17 me.
18 Q. I understand.
19 But you don't know whether it was
20 before or after this lawsuit commenced, do you?
21 MR. HERNSTADT: Objection.
22 Asked and answered.
23 THE WITNESS: Don't know when.
24 Q. Have you ever used DeCSS?
25 A. No.
35
1
2 Q. Now, you said a minute ago that you
3 were investigating the possibility of running
4 this c2 -- excuse me -- program that you
5 mentioned on DeCSS to see if it would work with
6 DeCSS. And how did you do you that if you
7 didn't have DeCSS?
8 MR. HERNSTADT: Objection to
9 form. Go ahead and answer if you can.
10 THE WITNESS: I didn't say I
11 didn't have DeCSS.
12 Q. I'm sorry.
13 A. I said I didn't use it.
14 Q. So is it -- fair enough. I
15 understand.
16 When did you first have DeCSS?
17 A. I didn't say I did have DeCSS.
18 Q. Okay. I think you may be smarter
19 than me and I apologize for that. I don't want
20 to, you know, make this drag out. Let me try
21 and phrase a question that you can provide a
22 reasonably intelligent answer to.
23 MR. GARBUS: Bill, how long do
24 you expect to go today?
25 MR. HART: We are moving along
36
1
2 so, you know, as long as we can move along I --
3 MR. GOLD: Was it really
4 necessary to interrupt the testimony to ask him
5 that question?
6 MR. HERNSTADT: Please, Bill, I
7 won't interrupt you. Go ahead.
8 Q. Okay.
9 Have you ever had DeCSS in your
10 possession or control?
11 A. I don't remember. I have certainly
12 looked at it on the website.
13 Q. I see.
14 A. And I don't remember whether I
15 downloaded to it my own machine.
16 Q. Okay.
17 And when you say you looked at it
18 on a website, what website was it that you
19 looked at?
20 MR. HERNSTADT: Objection to
21 form. You can answer.
22 THE WITNESS: I don't remember.
23 I noticed it was was available on several
24 websites, and I looked at it on one of those
25 websites. I don't recall specifically which
37
1
2 one.
3 Q. Do you remember what time period
4 this occurred in? Was this after the call from
5 Dr. Touretzky?
6 A. Yes.
7 Q. Okay. May I? We only have this
8 copy. I have to have copies made. I apologize
9 for that. Thank you.
10 MR. HERNSTADT: You're welcome.
11 Q. So I'm just trying to read the
12 header here.
13 MR. HERNSTADT: Bill, I'm
14 sorry. Do you want to take two minutes and
15 read through them because I wouldn't mind going
16 --
17 MR. HART: No, no, because I'm
18 going to ask the witness to help me unless you
19 need to go the bathroom.
20 MR. HART: Off the record.
21 Marty can continue to move things along because
22 he so desires to move them along.
23 MR. GARBUS: Just let him go to
24 the bathroom.
25 MR. HART: I guess we are.
38
1
2 THE VIDEOGRAPHER: The time now
3 is 11:10 a.m. We are going off the record.
4 (Informal discussion held off
5 the record)
6 THE VIDEOGRAPHER: The time now
7 is 11:16 a.m. We are back on the record.
8 Q. Okay. Mr. Appel. We were talking
9 about your first familiarity with DeCSS, and I
10 believe you had said that you had seen it on a
11 website but you couldn't remember which site;
12 is that correct?
13 A. That's correct.
14 MR. HERNSTADT: Objection. I
15 think that misstates the testimony, but to
16 ahead.
17 MR. HART: I'm sure it does,
18 and it wasn't my intention to do so and I
19 apologize profusely.
20 MR. HERNSTADT: I'm just making
21 the record.
22 Q. But to move this along, could you
23 look at the headers on this Exhibit 3 pack of
24 E-mail and place for me in time when you first
25 that had that conversation with Dave Touretzky?
39
1
2 A. The first E-mail is dated March 13
3 and I believe that it was the same day that --
4 that David called me.
5 Q. And was David at -- Touretzky at
6 that time in the process of assembling his
7 gallery, to your knowledge?
8 A. Yes, but I believe he had already
9 assembled the bulk of it.
10 Q. When did you look at his website
11 for the first time?
12 A. I believe also on March 13.
13 Q. Got you.
14 But you don't remember if it
15 contained any executable DeCSS on it?
16 A. That's right.
17 MR. HERNSTADT: Object to the
18 form.
19 Q. Do you recall how you found the
20 website that you used to look at DeCSS for the
21 first time?
22 A. Yes.
23 Q. How?
24 A. I believe I went to a search engine
25 and I typed in DeCSS, and I examined the
40
1
2 listings until I found one containing the
3 source code.
4 Q. When you say you examined the
5 listings, does that mean that you actually
6 clicked on some of the entries brought up by
7 the search engine to view what was there?
8 A. Yes.
9 Q. Okay. And --
10 MR. HART: I'd like you to read
11 two answers back, please.
12 (Record read)
13 Q. Is it your testimony that there
14 were listings brought up by the search engine
15 that you examined that did not contain DeCSS
16 source code?
17 MR. HERNSTADT: Objection to
18 the form of the question.
19 THE WITNESS: Yes.
20 Q. Okay.
21 Did those listings contain DeCSS in
22 object or binary executable form?
23 MR. HERNSTADT: Objection to
24 the form of the question. Compound. But go
25 ahead and answer if you can.
41
1
2 THE WITNESS: I don't recall.
3 Q. Do you remember how many listings
4 you went through as a result of that search
5 engine search until you found one that had
6 source code?
7 A. My guess is approximately 10.
8 Q. 10. Okay.
9 Do you recall if any of the
10 listings on the search engine that you looked
11 at before you got to the one containing source
12 code had DeCSS in object or binary or
13 executable form?
14 MR. HERNSTADT: Objection to
15 the form. You can answer.
16 THE WITNESS: I don't recall.
17 Q. Did you download DeCSS at that time
18 after you found it through the search engine
19 search?
20 A. As I've already said, I know I
21 viewed it on the screen and I don't recall
22 whether I downloaded it.
23 Q. And the version that you viewed as
24 you've said is -- was source code, correct?
25 A. Yes.
42
1
2 Q. Okay.
3 What language was that written in?
4 A. In C.
5 Q. And is C intelligible to you just
6 looking at it?
7 A. Yes.
8 Q. Is there any value in your
9 professional opinion to looking at object or
10 binary or source code?
11 A. Yes.
12 Q. Okay.
13 Can you read object code?
14 A. With difficulty.
15 Q. Okay.
16 Do you consider yourself specially
17 skilled in that regard?
18 MR. HERNSTADT: Object to the
19 form of the question. It's vague. If you can
20 answer that.
21 THE WITNESS: I guess I -- I
22 guess I don't know what you mean.
23 Q. Okay. I'm just looking for the
24 truth here. Is -- just to get our terminology
25 straight, is there any difference from your
43
1
2 standpoint between object code and a binary
3 executable?
4 A. No.
5 Q. Okay.
6 Is object code normally
7 intelligible to human beings?
8 A. With difficulty, yes.
9 Q. Okay.
10 And what difficulty is that, sir?
11 A. It's a notation for writing
12 computer programs that is more suited to
13 execution by machine than it is suited for
14 reading by humans.
15 Q. And from your professional
16 standpoint, is it much easier to read source
17 code than object code?
18 A. Yes.
19 Q. Okay.
20 And in terms of viewing or
21 analyzing computer code generally, is it much
22 easier to do so in source code form rather in
23 than in object code form?
24 MR. HERNSTADT: Object to the
25 form of the question.
44
1
2 THE WITNESS: For most
3 purposes.
4 Q. And what purposes would object code
5 have value in?
6 MR. HERNSTADT: Object to the
7 form of the question. You can answer it if you
8 can.
9 THE WITNESS: There are several
10 purposes. One is when one doesn't completely
11 trust correctness of the translation from
12 source code to object code.
13 Q. Mm-hmm.
14 A. One is when one wants to analyze in
15 detail the efficiency of the program.
16 Q. Mm-hmm.
17 A. It's easier sometimes to do that
18 with object code than with source code.
19 Q. Mm-hmm.
20 A. And one is for the purpose of
21 teaching about computer architecture, that is,
22 in the introduction to computer science class
23 at Princeton University we teach students how
24 you to read and write both source code and
25 object code.
45
1
2 Q. I see.
3 Have you ever had occasion to use
4 DeCSS object code in teaching at Princeton?
5 MR. HERNSTADT: Objection to
6 the form of the question. It assumes facts not
7 in evidence. But if you can answer it, go
8 ahead.
9 THE WITNESS: I have not used
10 DeCSS object code in teaching at Princeton.
11 Q. Have you used DeCSS source code in
12 teaching at Princeton?
13 MR. HERNSTADT: Objection to
14 the form of the question. He's never used
15 DeCSS. He said that.
16 MR. HART: Just --
17 MR. HERNSTADT: You can answer
18 the question if you can.
19 THE WITNESS: No no.
20 Q. Now, when you said a minute ago
21 that there were certain values to having DeCSS
22 in -- in object code form, is that because
23 DeCSS and object code form will run on a
24 computer?
25 MR. HERNSTADT: I'm sorry.
46
1
2 Could you read that question back, please?
3 (Record read)
4 MR. HERNSTADT: Objection to
5 the form of the question. You can answer that
6 if you know.
7 THE WITNESS: I don't think I
8 did say specifically that it was useful to have
9 DeCSS in object code form, but one reason it
10 can be helpful to have programs, including
11 DeCSS, in object code form is to analyze the
12 speed at which they will run on various kinds
13 of computers.
14 Q. Okay.
15 A. And another is for the purposes of
16 running it to observe its behavior.
17 Q. Okay.
18 And both of those answers entail
19 actually running the program?
20 A. The first of those answers may or
21 may not entail actually running a program.
22 Q. And that related to what aspect of
23 --
24 A. To estimating the speed at which
25 the program would run.
47
1
2 Q. Okay.
3 And how do you discern that?
4 MR. HERNSTADT: Objection to
5 the form. Go ahead. If you can.
6 THE WITNESS: Okay. There is a
7 part of the field of computer science which is
8 -- involves estimating the efficiency of
9 programs even without running them, because one
10 may want to know how fast it will be to run on
11 a -- a particularly long running program or on
12 a large input where there is not actually time
13 to run it.
14 Q. And how does one discern that?
15 A. One would examine the sequence of
16 instructions that will be executed, one could
17 calculate, let's say, for each frame of the
18 video the sequence of instructions in the
19 program would need to be executed, and
20 calculate how long would it take to do.
21 Q. And is that based in any part upon
22 the size of the program in object code form?
23 MR. HERNSTADT: Object to the
24 form. Go ahead.
25 THE WITNESS: In part. Usually
48
1
2 the size of the program as a whole is not the
3 most relevant thing.
4 Q. And what is?
5 A. An analysis of which instructions
6 in the inner loop of the program will be
7 executed in the common case.
8 Q. But in your examination of DeCSS as
9 you described it earlier in your testimony you
10 did not look at object code, correct?
11 A. That's right.
12 Q. Now, I'd just like to get a sense
13 on this record of how common it is for people
14 to be able to read object code. And can you
15 give me a sense of that in your professional
16 opinion?
17 MR. HERNSTADT: Objection to
18 the form of the question. If you can answer
19 it, go ahead.
20 THE WITNESS: I would guess
21 that most people who have taken approximately
22 three or four undergraduate courses in computer
23 science would be able to read object code,
24 although with difficulty.
25 Q. Okay.
49
1
2 And you still have difficulty
3 reading object code; is that correct?
4 MR. HERNSTADT: Objection to
5 the form. It that's quite vague. If you can
6 answer that, go ahead.
7 THE WITNESS: Source code is
8 easier to read than object code.
9 Q. Got it.
10 A. In general.
11 Q. And just so the record's clear in
12 this place, how long have you been in the
13 computer area as a specialist combining both
14 our undergraduate, graduate, postgraduate and
15 teaching and other work?
16 A. Since about 1976.
17 Q. Okay.
18 Do you have a computer in your
19 office?
20 A. Yes.
21 Q. Do you have a computer at home?
22 A. Yes.
23 Q. Do you have internet connection in
24 your office?
25 A. Yes.
50
1
2 Q. Do you have internet connection in
3 your home?
4 A. Yes.
5 Q. Can you tell me in basic terms what
6 kind of connection you have in your office and
7 your home respectively?
8 MR. HERNSTADT: Objection to
9 the form. Go ahead.
10 THE WITNESS: My office
11 computer is connected to the internal network
12 of the department of computer science at
13 Princeton, which is connected to the internet
14 by some sort of high speed connection, and I'm
15 not exactly sure which kind.
16 Q. Okay.
17 A. And my computer at home is
18 connected by a DSL line directly to the
19 internal network of the department of computer
20 science.
21 Q. Can you put the approximate speed
22 of those network connections into some kind of
23 context for us, like gigabytes bites or
24 megabytes per second?
25 MR. HERNSTADT: Objection to
51
1
2 the form.
3 THE WITNESS: I believe that
4 the effective bandwidth from my home to my
5 office is about two megabytes per second.
6 Q. Okay.
7 A. And I don't know what the bandwidth
8 is from my office to the internet.
9 Q. Do you think it's higher or lower
10 than your your home.
11 A. It's higher.
12 Q. Do you own a DVD player?
13 A. No.
14 Q. Ever hear of Napster?
15 A. Yes.
16 Q. Can you tell me what your
17 understanding is of Napster?
18 A. Napster is --
19 MR. HERNSTADT: I'm going to
20 object. This is -- well, go ahead. This is
21 certainly beyond --
22 MR. HART: You're right. Go
23 ahead.
24 MR. HERNSTADT: This is beyond
25 the scope of what his expertise is.
52
1
2 MR. HART: Of course it is.
3 MR. HERNSTADT: Go ahead.
4 MR. HART: I'm sure it is
5 irrelevant, too. But let's go ahead.
6 MR. HERNSTADT: It is
7 irrelevant.
8 MR. HART: I was being
9 facetious for the record.
10 MR. HERNSTADT: I wasn't for
11 the record. Go ahead.
12 THE WITNESS: Napster is a
13 directory service and enables its users to
14 share MP3 files across the internet.
15 Q. Do you believe it's technically
16 feasible to engage in conduct like Napster with
17 video files?
18 MR. HERNSTADT: Objection to
19 the form of the question. Are you asking for
20 his opinion as an expert or are you asking him
21 for his reaction as a -- as someone who's had
22 familiarity in the field?
23 MR. HART: Take it any way you
24 want to give it.
25 MR. HERNSTADT: Well, it lacks
53
1
2 foundation. Go ahead.
3 THE WITNESS: It's my
4 understanding that the video files are too
5 large to conveniently exchange on the internet.
6 Q. Okay.
7 And what do you base that
8 understanding on?
9 A. I guess reading some of the
10 documents connected with this case and my own
11 understanding of the commonly available
12 internet connection bandwidths and the size of
13 video files.
14 Q. Got you.
15 A. Although I wouldn't say I have
16 special expertise in those areas.
17 Q. Got you. I got you.
18 Do you have any expertise in
19 connection with digital video?
20 A. Aside from a familiarity with some
21 of the terminology, I would say no.
22 Q. Do you have any expertise or
23 special knowledge in connection with video
24 compression schemes?
25 A. I have taken a college course in
54
1
2 which video compression was covered, and I have
3 read articles on the subject and I am familiar
4 with data compression in other contexts.
5 Q. When did you take the college
6 course?
7 A. About 1980.
8 Q. Okay.
9 Are you aware if anything's changed
10 much since then in the video compression area?
11 MR. HERNSTADT: Objection to
12 the form of the question.
13 THE WITNESS: I'm sure it has.
14 Q. Okay.
15 A. My expertise is not specifically in
16 video compression. I have read articles from
17 time-to-time that touch on it.
18 Q. Okay. Got you. Okay.
19 Now, just to be clear, and I -- you
20 know -- you've never used DeCSS to encrypt a
21 DeCSS encoded movie, right?
22 MR. HERNSTADT: Objection.
23 Asked and answered.
24 THE WITNESS: That's right.
25 Q. Do you know how many university
55
1
2 students in the United States alone have access
3 to the kind of bandwidth that you were
4 describing is available to you at your school?
5 MR. HERNSTADT: Objection to
6 the form of the question. If -- if you can
7 possibly answer it, go ahead.
8 THE WITNESS: I don't know.
9 Q. Has Napster been a problem at
10 Princeton, to your knowledge?
11 MR. HERNSTADT: Objection to
12 the form of the question. It's vague.
13 THE WITNESS: Not to my
14 knowledge.
15 Q. Are you aware whether Napster has
16 been banned at any colleges or universities
17 within the United States?
18 A. I believe I have read that some
19 universities have asked their students not to
20 use Napster.
21 Q. Okay.
22 Do you know why?
23 A. I believe that one of the reasons
24 is that they were using up too much of the
25 bandwidth of that college's internet
56
1
2 connection.
3 Q. Using up too much bandwidth of the
4 university's connection in doing what?
5 A. In shipping MP3 files back and
6 forth from the university to the rest of the
7 internet.
8 Q. Have you in your reading or through
9 any other means of -- to your knowledge, any
10 understanding as to whether the use of Napster
11 as you've just described it has had an impact
12 on record companies or recording artists?
13 MR. HERNSTADT: Objection to
14 the form of the question. I object to this
15 entire line of questioning. This is not an
16 area that Professor Appel has stated that he is
17 familiar -- that he's an expert in. And I
18 think his answers prior to this have explained
19 that his familiarity is fairly limited. That
20 said, you can go ahead.
21 THE WITNESS: I believe I may
22 have read articles about the impact of Napster
23 on the recording industry, but I don't remember
24 any specific details.
25 Q. Okay.
57
1
2 By "impact," are we talking about
3 economic impact, lost sales, like that?
4 A. I guess, you know, any kinds of
5 impact.
6 Q. Any kinds of impact is -- is your
7 answer?
8 A. I have read articles about the
9 impact of Napster on the recording industry and
10 I don't recall what the details tails of those
11 articles were.
12 MR. GOLD: May I ask the
13 reporter to mark that last objection of
14 Mr. Hernstadt's?
15 MR. HERNSTADT: I think you
16 have to identify yourself for the record.
17 MR. GOLD: My name is Leon for
18 the record.
19 MR. HERNSTADT: Leon Gold.
20 MR. GOLD: Yes. But my website
21 name is Merbl and I come from Mars and I sell
22 Mounds.
23 MR. HART: Come on, Leo,
24 please.
25 MR. HERNSTADT: Make sure this
58
1
2 is all on the record.
3 MR. GOLD: It is.
4 MR. HART: And everyone's
5 smiling.
6 MR. GOLD: Everyone needed a
7 bit of humor.
8 What I'd like to do is make a
9 -- a index of certain of the objections of
10 Mr. Hernstadt, and we'll tell you which. And
11 the last one is one I'd like to mark and make
12 an index. Our contention is going to be that
13 he's coaching the witness and telling him what
14 to say.
15 MR. HERNSTADT: That's fine.
16 I'd like to reiterate my objectionl Are you
17 going to continue with this line of
18 questioning? We've told you what Professor
19 Appel is going to be our witness for, okay?
20 And I object to this entire line of
21 questioning. This is clearly irrelevant.
22 MR. GOLD: You said that ones
23 before.
24 MR. HERNSTADT: Are you going
25 do continue it for much longer?
59
1
2 MR. HART: If we began get away
3 from lawyers yakking and take to the witness, I
4 guess we can move off the subject quicker and
5 that's my goal.
6 MR. HERNSTADT: You let him
7 talk to you like this, Leo?
8 MR. GOLD: I thought that --
9 MR. HART: With all due
10 respect, counsel.
11 MR. GOLD: Everything he said
12 was true. And the answer is yes.
13 Q. Is that impact positive or negative
14 insofar as you understood it based on your
15 reading and knowledge?
16 A. I don't recall. I probably read
17 articles with both points of view.
18 Q. Do you have a personal point of
19 view in terms of the click impact of that the
20 economic impact of that behavior?
21 MR. HERNSTADT: Objection to
22 that question.
23 THE WITNESS: I'm not an
24 economist and --
25 Q. Okay.
60
1
2 A. -- I don't have any particularly
3 relevant speculations about the economics of
4 the recording industry.
5 Q. Okay.
6 Just to be clear, is the technology
7 already in place today to enable so-called file
8 sharing of feature-length movies, to your
9 knowledge?
10 MR. HERNSTADT: Object to the
11 form of the question. Lacks foundation.
12 Answer it if you can.
13 THE WITNESS: I believe there
14 are several file sharing protocols now
15 available. And it's plausible that some of
16 them can accept files of arbitrary size. And I
17 don't know whether they would have adequate
18 performance to practically share multi-gigabyte
19 files.
20 Q. Got you.
21 When you say you believe there are
22 file sharing protocols, I believe you used the
23 word, can you put a name to those?
24 A. Such things as Newtela (sic) and
25 Freenet.
61
1
2 Q. Freenet. Any others?
3 A. Not whose names I recall.
4 Q. How did you learn about those?
5 A. By reading in the newspapers.
6 Q. Do you recall which newspapers?
7 A. Most likely the New York Times.
8 Q. Did you ever visit the 2600
9 website?
10 A. Yes.
11 Q. When was the first time?
12 A. Must have been at some point after
13 I was first contacted by the defense.
14 Q. Okay.
15 And we've said earlier that was
16 sometime in mid-April?
17 A. That's right.
18 Q. Who contacted you?
19 A. Mr. Hernstadt.
20 Q. Uh-huh.
21 And what did he say to you?
22 A. He asked if I would be willing to
23 file a declaration --
24 Q. Right.
25 A. -- in this case.
62
1
2 Q. And what did you say?
3 A. I said I would be willing.
4 Q. How did you know about the case?
5 A. I knew about the case in general
6 terms I guess after my phone call with
7 Mr. Touretzky.
8 Q. Okay.
9 Had you hearsd of 2600 before your
10 phone call with Dr. Touretzky?
11 A. I don't recall.
12 Q. In the conversation that you had
13 with Mr. Hernstadt, and this again for placque
14 of a better date is mid-April of this year,
15 correct?
16 A. That's right.
17 Q. Okay.
18 Did he say anything more than would
19 you be willing to file a declaration in the
20 case?
21 MR. HERNSTADT: Object to the
22 form of the question. Go ahead.
23 THE WITNESS: Can you repeat
24 the question?
25 Q. Yes.
63
1
2 In the first phone call with
3 Mr. Hernstadt, did Mr. Hernstadt say anything
4 more beyond would you be willing to file a
5 declaration in this case, sir?
6 MR. HERNSTADT: Objection to
7 the form of the question.
8 THE WITNESS: I believe the
9 first communication I had from Mr. Hernstadt
10 was by E-mail.
11 Q. Do you have that E-mail?
12 MR. HERNSTADT: Asked and
13 answered.
14 THE WITNESS: I have -- I have
15 that E-mail.
16 Q. Did you produce it to us?
17 A. No.
18 Q. Why not?
19 A. I was visioned by Mr. Hernstadt
20 that I need not produce it.
21 Q. And Mr. Hernstadt advised you have
22 that when, yesterday?
23 A. I believe on Saturday.
24 Q. Okay.
25 So your first communication with
64
1
2 Mr. Hernstadt was via E-mail, correct?
3 A. That's right.
4 Q. And do you recall the gist of that
5 E-mail?
6 A. He asked me if I would be willing
7 to file a declaration in this case. That would
8 -- and I think that was the entire gist of it.
9 Q. Really?
10 And did you respond to
11 Mr. Hernstadt?
12 A. Yes.
13 Q. How?
14 A. I believe I called him on the
15 phone.
16 Q. Okay.
17 What did you say to him?
18 A. I think I said yes, and I believe
19 that in that first phone call that we did not
20 discuss anything much more beyond that I would
21 file a declaration.
22 Q. And at that point what you knew
23 about the case was limited to what you had
24 learned from Dr. Touretzky; is that correct?
25 MR. HERNSTADT: Objection to
65
1
2 the question -- form of the question.
3 Misstates it.
4 THE WITNESS: From what I
5 learned from David Touretzky and then my
6 subsequent investigation of what was on the
7 web.
8 Q. Okay.
9 And when did that subsequent
10 investigation cleanse?
11 A. It would have been in mid March
12 after I heard from Dr. Touretzky.
13 Q. And what did that investigation
14 consist of?
15 A. Finding websites containing DeCSS,
16 I believe at that time reading Frank
17 Stephenson's article describing crypt analysis
18 of CSS, reading some of the court documents
19 such as the injunction against linking.
20 Q. And where did you read that?
21 A. I don't recall.
22 Q. Anything else?
23 A. Not that I specifically recall.
24 Q. And this was -- and this again was
25 in mid-March after your initial communications
66
1
2 with Dr. Touretzky, right?
3 A. Yes.
4 Q. Okay.
5 Did Mr. Hernstadt give you any idea
6 in your initial communications with him about
7 the timing of this case and when it was going
8 to trial and like that?
9 A. The only timing issues that he
10 discussed with me were about by when the
11 declaration had to be filed.
12 Q. And what did he tell you in that
13 regard?
14 A. I think the time frame was on the
15 order of a few days, something under a week,
16 but I don't recall exactly.
17 Q. And can you place a date on when
18 this conversation with Mr. Hernstadt occurred?
19 A. I don't have any documents with me
20 that would place a date on it, but would guess
21 that it's April 21st.
22 Q. That's a pretyy -- that sounds like
23 a very precise guess. Why did you pick April
24 21st, sir?
25 A. Because earlier this week I
67
1
2 reviewed by E-mail file and that date stands
3 out.
4 Q. So these E-mails that we don't have
5 were also reviewed by you in preparation for
6 this deposition?
7 MR. HERNSTADT: Objection to
8 the form of the question. Misstates the
9 witness's testimony.
10 Q. Is that right? That right?
11 MR. HERNSTADT: Is that a
12 question?
13 MR. HART: Yeah.
14 THE WITNESS: I believe I
15 scanned the headers of them.
16 Q. How many communications have you
17 had with Mr. Hernstadt or anyone at Frankfurt
18 Garbus law office since your first contact with
19 them in mid-April of this year?
20 A. By E-mail and otherwise?
21 Q. Sure.
22 A. Quite a few. I don't remember -- I
23 don't know the number.
24 Q. 20, 50, 100?
25 MR. HERNSTADT: Objection to
68
1
2 the form of the question.
3 Q. Just give me -- I'm trying to get a
4 range here. Obviously I don't expect --
5 A. 50.
6 Q. 50? 5-0?
7 A. 5-0.
8 Q. And how many of these
9 communications -- let me ask you this: How --
10 are you in contact exclusively with
11 Mr. Hernstadt or were there other lawyers at
12 the Frankfurt Garbus law firm that you have
13 communicated with?
14 A. I've also communicated with
15 Mr. Martin Garbus.
16 Q. Can you tell me how many of those
17 communications were in E-mail form as opposed
18 to telephone conversation?
19 A. Maybe on the order of 30 E-mails.
20 Q. Okay.
21 A. And --
22 Q. 20 telephone calls roughly?
23 A. And approximately 20 phone calls.
24 Q. Got you.
25 Did you have any E-mail
69
1
2 communications with Mr. Garbus?
3 A. Yes.
4 MR. GARBUS: Bill, I want to
5 ask you -- I type awfully. If you get my
6 E-mails you would barely be able to read them.
7 MR. HART: Thanks.
8 Q. Can you give me a rough
9 approximation of how many of these
10 communications occurred prior to your filing of
11 a declaration in this case?
12 A. Maybe five.
13 Q. Mm-hmm.
14 And what were the subjects of the
15 other 45 communications you had with Frankfurt
16 Garbus subsequent to your filing of a
17 declaration in this case?
18 MR. HERNSTADT: Objection to
19 the form of the question.
20 THE WITNESS: They were about
21 many aspects of the case. I guess they were to
22 identify what areas I might best testify about.
23 Q. This is after you filed your
24 declaration?
25 A. That's right.
70
1
2 Q. Best testify at the trial of the
3 case?
4 A. Right.
5 Q. And, again, when were you first
6 told that you might or would testify at the
7 trial of this case?
8 MR. HERNSTADT: Objection to
9 the form of the question.
10 Q. Approximately.
11 MR. HERNSTADT: Assumes facts
12 not in evidence.
13 THE WITNESS: I would guess
14 that it was perhaps a week or two after the
15 filing of the declaration.
16 Q. Okay.
17 And by the filing of the
18 declaration, just to be clear we are looking at
19 -- excuse me -- at Exhibit 1, I believe? And
20 if you just take a look at the date of that
21 last page.
22 A. April 27.
23 Q. Okay.
24 And what were you told about when
25 the case would go to trial at that point?
71
1
2 A. I was told that it would go to
3 trial July 17.
4 Q. Now, apart from communications with
5 defense counsel about the case and your
6 perusing the internet concerning it, is there
7 any other way you learned about the substance
8 of this case or what the issues were, like
9 that?
10 MR. HERNSTADT: Objection to
11 the form of the question.
12 THE WITNESS: I believe I've
13 also read about the case in the newspaper.
14 Q. Mm-hmm. Okay.
15 Now, in perusing the net, did you
16 have occasion to find DeCSS in the form of an
17 executable utility?
18 MR. HERNSTADT: Objection.
19 Asked and answered.
20 THE WITNESS: When I was
21 perusing the net I was particularly looking for
22 source code.
23 Q. And that was for the reasons you
24 described earlier in your testimony today?
25 A. No. I believe it was because I
72
1
2 would be more easily able to recognize what it
3 was by looking at it in source code form. So
4 it was just an easier thing --
5 Q. Got you.
6 A. -- to look at.
7 Q. Do you know if Frank Stephenson
8 posts DeCSS as an executable utility?
9 A. I don't know.
10 Q. Now, the paper that's attached as
11 an exhibit to your declaration, why don't we
12 take a quick look at that for a moment, dated
13 February 17, 2000, yes?
14 A. Yes.
15 Q. Was this submitted to the copyright
16 office in connection with its rule-making
17 inquiry?
18 A. Yes.
19 Q. When?
20 A. On February 17.
21 Q. Was it written for that purpose?
22 A. Yes.
23 Q. And were you aware at the time you
24 wrote this piece about this case?
25 A. No.
73
1
2 Q. Now, this was co-authored by
3 Dr. Felten?
4 A. Yes.
5 Q. And Dr. Felten is a colleague of
6 yours at Princeton?
7 A. Yes.
8 Q. Are you in you daily contact?
9 A. More or less.
10 Q. Okay.
11 Are your offices located close to
12 each other?
13 A. Yes.
14 Q. Do you work together on projects?
15 A. Yes.
16 Q. Okay.
17 Do you co-teach or co-conduct
18 seminars or engage in other activities at the
19 university in connection with your academic
20 activities?
21 MR. HERNSTADT: Objection to
22 the form of the question.
23 THE WITNESS: From time-to-time
24 there are teaching and research guidance
25 activities that we do jointly.
74
1
2 Q. Got you.
3 Is this the first piece you've ever
4 authored with Dr. Felten?
5 A. No.
6 Q. Have you ever discussed this case
7 with Dr. Felten?
8 A. Yes.
9 Q. When was your first occasion to do
10 that?
11 A. I know I discussed it with him in
12 the days following harsh 13th, I believe that
13 we had a -- we may have had some discussion of
14 it earlier than that that we discussed that
15 there were some court cases involving DVDs.
16 Q. So it's possible that you may have
17 learned of this case not first through
18 Dr. Touretzky but indeed through Dr. Felten; is
19 that possible?
20 MR. HERNSTADT: Objection to
21 the form of the question.
22 MR. HART: I understand you.
23 THE WITNESS: Maybe from
24 Dr. Felten or maybe in some other way.
25 Q. Okay.
75
1
2 A. But my awareness of this case let's
3 say prior to March 13 as in vague and in
4 general determines.
5 Q. So you refer, for example in your
6 article to searching the text of Shakespearean
7 plays. I'm looking at Page 2 of your article
8 as it appears as an attachment to your
9 declaration.
10 MR. HERNSTADT: Point out where
11 you are looking.
12 MR. HART: It's the lower right
13 column.
14 THE WITNESS: Okay. Yes.
15 Q. All right?
16 Is it your understanding is that
17 the works of Shakespeare are protected by
18 copyright or do you have any understanding in
19 that regard?
20 A. I believe they are not.
21 Q. Okay.
22 What relevance do you believe this
23 article has to this case?
24 MR. HERNSTADT: Objection to
25 the form of the question. Go ahead.
76
1
2 THE WITNESS: This article
3 describes many kinds of scholarly analyses of
4 both text as well as audio and video and other
5 media, and scholars who wish -- who may wish to
6 apply these kinds of analyses may wish to apply
7 it both to uncopyrighted and copyrighted
8 material. And to do that they will need access
9 unencrypted digital encrypted form of the
10 material.
11 Q. Got you.
12 So in your view, is there value in
13 posting say an entire copyrighted work to the
14 internet in order to share it for academic
15 purposes with others?
16 MR. HERNSTADT: Object to the
17 question. Lacks foundation.
18 THE WITNESS: The examples that
19 we give -- the anecdotal examples that we give
20 in the article are scholars who have purchased
21 copies of copyrighted material might wish to
22 apply these analyses, and that that would be
23 the appropriate way for scholars to access
24 copyrighted material.
25 Q. Okay.
77
1
2 So if you purchased a copy of
3 someone's work, is it your view that you it
4 would then be appropriate if you saw the need
5 for it to post that work to the internet in
6 order to engage in academic or scholarly work
7 discussion it?
8 MR. HERNSTADT: Object to the
9 form of the question. Misstates what's in this
10 article.
11 MR. HART: I'm not -- I'm
12 asking for his view.
13 THE WITNESS: No.
14 Q. Inappropriate?
15 A. It's inappropriate.
16 Q. Why?
17 A. Because the legitimate uses of
18 copyrighted material do not generally include
19 republishing it.
20 Q. And that's true whether you own a
21 copy of it or not, right?
22 MR. HERNSTADT: Just to
23 reiterate, I'm instructing him not to make
24 legal answers. Okay.
25 MR. HART: Absolutely.
78
1
2 THE WITNESS: That's right.
3 Q. Okay.
4 MR. GOLD: Can you mark that
5 objection? Thank you.
6 MR. HERNSTADT: Dan, are you
7 suggesting that I'm coaching the witness?
8 Because I take great offense at that.
9 MR. HART: We want to move
10 along. Let's not have arguments, please.
11 MR. GOLD: Then you will have
12 to take offense.
13 MR. HERNSTADT: I have to what?
14 MR. GOLD: You take -- what did
15 you say?
16 MR. HERNSTADT: Great offense.
17 MR. GOLD: Oh, then that's it.
18 I do, too.
19 MR. HERNSTADT: Good.
20 MR. GOLD: To the fact that we
21 believe there is coaching going on. You don't
22 -- you don't think I don't I have a right to
23 mark the transcript where I want?
24 MR. HERNSTADT: No, you can
25 certainly mark it. Where I instruct him not to
79
1
2 make -- to answer in a way to the extent that
3 he has any legal experience to make legal
4 conclusions? Mark away.
5 MR. GOLD: You've stipulated to
6 the fact that we're never doing that. We don't
7 want to. And you --
8 MR. HERNSTADT: I'm making the
9 objection and I'm entitled to do that.
10 MR. GOLD: I don't think so.
11 MR. HERNSTADT: Go ahead.
12 Bill.
13 MR. HART: Thank you,
14 Mr. Hernstadt.
15 MR. HERNSTADT: Certainly.
16 MR. GARBUS: Can you make the
17 room warmer? It's freezing.
18 MR. HART: I'm sorry. Now what
19 do you have, Mr. Garbus? I'm really doing my
20 best here.
21 Q. If a work's made available to a
22 website, one doesn't really have control over
23 what people do with it after they download it;
24 isn't that right?
25 MR. HERNSTADT: Objection to
80
1
2 the form of the question. It's very vague. If
3 you can answer it.
4 THE WITNESS: That's generally
5 but I would not say entirely true.
6 Q. Where is the untruth in that
7 statement?
8 MR. HERNSTADT: Objection to
9 the form of the question. Go ahead.
10 THE WITNESS: If -- if, for
11 example, a work was posted encrypted on a
12 website, then people wishing to read it would
13 have to have a means of decrypting it. So
14 that's one way in which one could have control.
15 Q. How many drafts of your declaration
16 did you go through before you finalized it?
17 MR. HERNSTADT: Objection to
18 the form of the question.
19 THE WITNESS: I would guess
20 three.
21 Q. Were there any topics that were
22 discussed but not included or included but then
23 removed?
24 MR. HERNSTADT: Objection to
25 the form of the question. Go ahead.
81
1
2 THE WITNESS: No.
3 Q. No?
4 A. No.
5 Q. Okay.
6 How long did it take to prepare the
7 declaration?
8 A. I don't recall exactly. I mean, a
9 few hours.
10 Q. A few hours.
11 A. Spread over a day or two. I don't
12 remember exactly.
13 Q. Got you.
14 Was it drafted by Mr. Hernstadt or
15 was it drafted by you?
16 MR. HERNSTADT: Objection to
17 the form of the question. Go ahead.
18 THE WITNESS: I think we
19 drafted it together.
20 Q. Sitting here today, can you tell
21 what was yours and what was Dr. Hernstadt's?
22 I'm sorry. Mr. Hernstadt's.
23 MR. HERNSTADT: I know you look
24 to me to give you sucker in your hour of need,
25 but I'm not a doctor.
82
1
2 MR. HART: I'm not offended by
3 that statement.
4 THE WITNESS: As I look at it
5 now, I believe that all -- all the paragraphs
6 are either written by me or rewritten by me
7 after -- after maybe I received something from
8 Mr. Hernstadt.
9 Q. So in other words, Mr. Hernstadt
10 sent you a draft and you rewrote it?
11 MR. HERNSTADT: Object to the
12 form of the question. It misstates the
13 testimony. Go ahead.
14 THE WITNESS: Most of the draft
15 that Mr. Hernstadt originally sent me was
16 written by me.
17 Q. How?
18 A. Because I had filed a related
19 declaration in a previous case regarding --
20 regarding two cryptography.
21 Q. What case?
22 A. I filed a declaration in the case
23 of Bernstein versus U.S.
24 Q. Right.
25 A. And in the case of Younger versus
83
1
2 Daily.
3 Q. Got you.
4 Is it your testimony that the
5 declarations from Bernstein and Younger served
6 as a basis for declaration Exhibit 1 in this
7 case?
8 A. That's right.
9 Q. Did you produce copies of those
10 declarations to us?
11 A. They are on my website. I didn't
12 bring any copies with me.
13 Q. Got you.
14 Do you have qualifications as a
15 cryptographer?
16 MR. HERNSTADT: Object to the
17 form of the question. It's vague.
18 THE WITNESS: I have a fair
19 understanding of cryptography --
20 Q. Okay.
21 A. -- from taking college courses in
22 which it was covered, from reading the
23 literature on cryptography, from an interest in
24 applications of cryptography to computer
25 security, but I would not say that my own
84
1
2 research is specifically in the area of
3 cryptography.
4 Q. Got you.
5 What's your understanding of the
6 word "hacker"?
7 MR. HERNSTADT: Objection to
8 the question.
9 THE WITNESS: I would say that
10 I first started the word hacker circa 1980.
11 Q. Okay.
12 A. And my understanding of it at that
13 time was somebody who likes to play with
14 computer programs.
15 Q. That sounds pretty -- I'm sorry,
16 you weren't -- I don't want to interrupt you.
17 Please finish if --
18 A. And since that time, the -- the use
19 of the word as it typically appears in the
20 media seems to be more people who try and get
21 unauthorized access to computer systems.
22 Q. Do you believe that hacking is an
23 appropriate activity?
24 MR. HERNSTADT: Objection to
25 the form of the question. That is impossible
85
1
2 to answer.
3 MR. HART: It may be for you,
4 but I'm asking the witness.
5 MR. HERNSTADT: What kind of
6 hacking are you talking about, are you talking
7 about --
8 MR. HART: Thanks for coaching
9 him.
10 MR. HERNSTADT: I'm not
11 coaching him, Bill. I'm asking you what your
12 question means.
13 MR. GOLD: Can we have you
14 marked that change, please?
15 MR. HERNSTADT: Do you
16 understand the question?
17 THE WITNESS: I gave you two
18 means of the word hacking, and it's not clear
19 to me which one you are asking about.
20 Q. You can answer with whatever
21 appropriate qualifications you feel necessary
22 to answer the question.
23 MR. HERNSTADT: It's a compound
24 question. I object to it.
25 THE WITNESS: I think think
86
1
2 that playing with computer programs is
3 certainly acceptable activity.
4 Q. Okay.
5 A. I think that examining the
6 weaknesses in the security of computer systems
7 is acceptable.
8 Q. Okay.
9 A. And I have encouraged my students
10 to do it.
11 Q. You have encourage your students to
12 do it?
13 A. I have.
14 Q. Okay.
15 A. And that activity such as
16 electrically breaking into computer systems and
17 downloading copies of information or destroying
18 information is a crime.
19 Q. Okay.
20 A. So...
21 Q. Thank you.
22 Are there any ethical constraints,
23 to your understanding and world view, on the
24 dissemination of material or devices that
25 enable hacking?
87
1
2 MR. HERNSTADT: Objection to
3 the form of the question. I'm going to
4 instruct the witness to answer with great
5 specificity as to which definition.
6 MR. HART: Of course.
7 THE WITNESS: I think that it's
8 reasonable and ethical to disseminate
9 information concerning the weaknesses of
10 security. I guess --
11 Q. Yeah. Again I'm asking for your
12 view in terms of ethics of it as a computer
13 professional.
14 A. Mm-hmm.
15 Q. Are there any constraints in terms
16 of the dangers or abuses that it poses in the
17 context of that dissemination?
18 MR. HERNSTADT: Object to the
19 form of the question. If you understand that
20 question, you can answer it.
21 THE WITNESS: I guess there are
22 dangers of some kind.
23 Q. And in your view, and I'm just
24 asking for your view, are the dangers
25 overridden by the need to share information?
88
1
2 MR. HERNSTADT: Again,
3 objection to this whole line of questioning.
4 It's very vague. If you understand you can
5 answer it.
6 THE WITNESS: I can give
7 specific examples.
8 Q. Okay.
9 A. For example, in 1995 and '96 when
10 my students and colleagues found ways of
11 circumventing the security systems of web
12 browsers so that one could make a website that
13 would be able to steal or destroy information
14 from the users who are browsing that website,
15 we went public with an analysis of the
16 weaknesses in security, and in doing so we made
17 sure that it was brought to the attention of
18 the providers of the web browsing systems so
19 they could fix the security.
20 Q. Okay. Got you.
21 A. But as well as for public
22 discussion of the specific strengths and
23 weaknesses of these systems.
24 Q. Did you at any time create or
25 author any kind of software that would do
89
1
2 precisely what you just described?
3 A. We did create such software.
4 Q. Did you make it available to the
5 public?
6 A. I don't recall. I don't believe
7 so.
8 Q. Sitting here today, do you believe
9 that it would be appropriate in those
10 circumstances to make such a device available
11 to the public?
12 A. I think it would be appropriate.
13 Q. Why?
14 A. People who wish to improve the
15 security of their systems can use such devices
16 to probe for weaknesses.
17 Q. But I'm talking about making it
18 available to the general public, not to the
19 people that own or control the security system.
20 A. People who wish to do research on
21 improving security systems may not be the one
22 who own those systems.
23 Q. Got you.
24 A. For example, our research now
25 involves improving the security of web browsing
90
1
2 systems.
3 Q. Mm-hmm.
4 A. We became interested in this
5 research after we identified weaknesses in the
6 security of web browsing systems. We were not
7 the creators of those systems.
8 Q. Who is "we"?
9 A. Let's say Professor Felten and I.
10 Q. Okay.
11 A. And my students.
12 Q. Okay.
13 A. So the purpose of the public
14 discussion of the weaknesses of the security of
15 these systems is to, among other things,
16 encourage research in these areas, not only by
17 the original providers of those systems.
18 Q. Got you.
19 And to your mind is there a
20 difference between discussion of weaknesses of
21 system and the manufacturer of a utility that
22 takes advantage of a weakness in the system?
23 MR. HERNSTADT: Objection to
24 the form of the question. If you can answer
25 that.
91
1
2 THE WITNESS: I found in my own
3 research, and not specifically limited to, you
4 know, security and devises to you know, exploit
5 the weaknesses of systems, but in computer
6 science in general that a discussion of some
7 aspect of computer science is often much more
8 effective if it's accompanied by exchange of
9 computer programs relevant to that discussion.
10 Q. And how does that computer exchange
11 normally take place?
12 A. Typically by people posting their
13 computer programs on their websites along with
14 articles discussing how they work or as an
15 accompaniment to, let's say, an article
16 published in a journal about how the program
17 might work.
18 Q. And we are talking about what,
19 source code?
20 A. Source code and object code.
21 Q. Okay.
22 And in your view, that's
23 appropriate to do, that is, to make an
24 executable utility available generally on a
25 website even if it has the potential for abuse
92
1
2 by others? That's your view?
3 MR. HERNSTADT: Objection to
4 the form of the question.
5 THE WITNESS: If the source
6 code or object code has some useful purpose in
7 the scholarly discussion or has some useful
8 purpose as a tool, then it's appropriate to
9 post it.
10 Q. Despite the potential for abuse?
11 A. Despite the potential for abuse.
12 Q. So if you and your students created
13 a utility that would defeat the security codes
14 for ATM machines at Citibank and believed that
15 that was of scholarly, academic or
16 cryptological interest, you are dealing me that
17 in your view it would be appropriate to post
18 that utility to the internet in a widespread
19 fashion even though it would be available to
20 pool to basically invade Citibank and take the
21 money?
22 MR. HERNSTADT: Objection to
23 the form of the question. It's an incomplete
24 hypothetical. If you can answer it.
25 THE WITNESS: To give a more
93
1
2 concrete example --
3 Q. What was wrong with my example?
4 A. Let me give a different example and
5 then relate it to your example.
6 Q. I'd like you to answer my example.
7 That's the question on the table.
8 A. Mm-hmm.
9 Q. Appropriate or appropriate?
10 MR. HERNSTADT: I -- If you can
11 answer that question --
12 MR. HART: Ed, we understand.
13 We will stipulate that the witness will only
14 answer the questions that he can answer, okay?
15 MR. HERNSTADT: Now, look --
16 MR. HART: No speeches, please.
17 Honestly. I'm going to throw him out of the
18 room because you're going to coach him again.
19 MR. HERNSTADT: Bill, excuse me
20 I'm going to make my record. I have objected
21 to the form of the question.
22 MR. HART: Please stop.
23 MR. HERNSTADT: Bill, excuse
24 me. I'm making my objection.
25 MR. HART: I will ask the
94
1
2 witness to leave the room before you coach.
3 MR. HERNSTADT: You can make
4 your little speech after I make my objection.
5 MR. HART: I'm not making a
6 speech. There's a question pending.
7 MR. HERNSTADT: You are going
8 to let me make my objection, bill. I have a
9 right to make an objection and then you can say
10 anything you want to after that.
11 MR. HART: Excuse me. Would
12 you let the witness leave the room before you
13 continue.
14 MR. HERNSTADT: No, no. I'm
15 going to make my objection.
16 MR. HART: Then I'm accusing
17 you of coaching the witness.
18 MR. HERNSTADT: Then you can
19 accuse me all you want, Bill, and you can go to
20 the court with it.
21 MR. HART: I would like to
22 witness to leave the room.
23 MR. HERNSTADT: However, I am
24 making my objection.
25 MR. HART: This is outrageous.
95
1
2 MR. HERNSTADT: I object to the
3 form of the question. It think is a question,
4 it is a question that assumes facts not in
5 evidence and it is an incomplete hypothetical.
6 MR. GOLD: Now, would you tell
7 me why you have such a problem with your
8 witness leaving the room to engage in a lengthy
9 discussion?
10 MR. HERNSTADT: I'm not
11 engaging in a lengthy discussion. I'm
12 attempting to make -- I'm attemptinn to make an
13 objection. I'm being interrupted by Mr. Hart's
14 speechifying. How I'm being interrupted by
15 your speechifying.
16 MR. HART: This is outrageous.
17 There is a question pending and you are
18 talking.
19 MR. HERNSTADT: Excuse me.
20 That is the only time than you can make an
21 objection to the question is when it's pending.
22 MR. HART: But you're not
23 making objections.
24 MR. HERNSTADT: I mean, if I
25 made objections after every question, you'd
96
1
2 tell me hey, it's too late to make the
3 objection. This is absurd, Bill.
4 MR. HART: This is insane.
5 MR. HERNSTADT: May I suggest
6 --
7 MR. HART: I don't want you to
8 suggest anything more. That's the problem.
9 MR. HERNSTADT: May I suggest
10 we go on. I find your insinuations and your
11 direct accusations that I am coaching the
12 witness outrageous. I suggest you really go to
13 the judge if you think it's really true. Can
14 we continue the deposition please?
15 MR. GOLD: Calm down. Don't
16 get so upset. Can I ask you why you are so
17 opposed to your witness not hearing a lengthy
18 objection?
19 MR. HERNSTADT: Because it's a
20 waste of time. This is not a lenghty
21 objection. Neither of you had any idea what my
22 objection was when I tried to make it.
23 Mr. Hart interrupted me repeatedly when I
24 attempted to make the objection.
25 MR. GOLD: Is the reason you
97
1
2 don't want the witness to go out of the room
3 because you want him to hear the lengthy
4 objection? Do you have an answer for that?
5 MR. GARBUS: No need for that.
6 MR. HERNSTADT: That's an
7 insulting question, Leon. The answer is
8 obviously no. The answer is it's not a lengthy
9 objection. And, Leon, do you read my mind? Do
10 you have any idea how long my objection is
11 going to be before I make it? The answer is
12 no. The answer is clearly no. I would like to
13 just continue this deposition.
14 MR. HART: May I -- Okay. I
15 would, too. To expedite things let me make an
16 suggestion, okay? I'd like to get your
17 agreement right now, Ed, that the next time
18 that I ask that the witness leave the room
19 because of your objection that you allow that
20 to happen.
21 MR. HERNSTADT: Absolutely not.
22 MR. HART: And then you can say
23 anything you want on this record. I think you
24 are doing is obstructive and improper.
25 MR. HERNSTADT: If I have a
98
1
2 long speech to make like you just made --
3 MR. HART: No, that wasn't a
4 long speech. That was a request. You said no.
5 I got it, no.
6 MR. HERNSTADT: You have no
7 idea what my objection is before I make it,
8 okay? And it's just -- it's outrageous and
9 it's insulting for you to say I can't make
10 objections until the witness has left the room.
11 I find that staggering, okay? having made an
12 absurd record why don't we continue. We
13 probably I should read the last question back.
14 MR. HART: This is my
15 deposition.
16 MR. HERNSTADT: It is my
17 witness.
18 MR. HART: It is. It is your
19 witness.
20 MR. HERNSTADT: And after all
21 this,I certainly don't want him attempting to
22 answer a question that has been on the table
23 for five minutes.
24 MR. HART: I apologize,
25 Mr. Appel.
99
1
2 Let's mark this, if you would,
3 please, Ms. Reporter.
4 Q. Okay. We were with my
5 hypothetical.
6 A. What we have done in case where we
7 have found ways to compromise the security of
8 commercial systems is to notify the commercial
9 provider of those systems a few days before we
10 publically post the description. And this
11 allows them to formulate a response and take
12 whatever measures they may need to take. But
13 when we inform them, we tell them that we are
14 going to go ahead and publish it anyway and
15 this is just a courtesy to them.
16 Q. Got you. And -- I'm sorry.
17 A. And in any hypothetical case of the
18 kind you described, we might do something
19 similar.
20 Q. I see.
21 And in the ordinary course of that,
22 how much lead time do you give the proprietor
23 of the system before you disclose?
24 A. In the cases in the past
25 specifically relating to web browsers,
100
1
2 typically three days.
3 Q. In other cases?
4 A. I have not been involved in any
5 other cases.
6 Q. Okay.
7 The only situation you've been
8 involved in where you compromised security, if
9 you will, was this this web browser situation
10 you described?
11 MR. HERNSTADT: Objection to
12 the form of the question.
13 THE WITNESS: The only cases
14 where we have published descriptions of the
15 compromising the security of commercial systems
16 was a series of -- of security analyses of web
17 browsers in approximately the period 1995 to
18 '97.
19 Q. And is there a difference to your
20 mind between publishing a description of a
21 weakness of system and providing someone with
22 an executable piece of software that takes
23 advantage of that weakness?
24 MR. HERNSTADT: I'm sorry.
25 Could you read back that question?
101
1
2 (Record read)
3 MR. HERNSTADT: Object to the
4 form.
5 THE WITNESS: I guess there is
6 a difference.
7 Q. So to come back to my Citibank
8 hypothetical, which I know you love, you'd feel
9 comfortable in posting a description of the
10 weakness after you contacted Citibank but not
11 so comfortable in providing an executable
12 utility to the general public that would take
13 advantage of that weakness; is that a fair
14 statement?
15 MR. HERNSTADT: Objection to
16 the form of the question. Misstates the
17 testimony. Go ahead.
18 THE WITNESS: I guess it would
19 depend on the circumstances of the particular
20 security flaw and of the nature of, you know,
21 whatever research we had done.
22 Q. Okay. Let's take away those
23 variables. I'll make it real easy.
24 A. Okay.
25 Q. The software utility I'm talking
102
1
2 about enables you to walk into any Citibank,
3 hit an ATM and take money out for free.
4 MR. HERNSTADT: Objection to
5 the form of the question. If you can answer
6 it, go ahead.
7 THE WITNESS: I don't know.
8 The -- in that kind of case we might very well
9 decide to give Citibank more than three days of
10 lead time and we might very well publish, you
11 know, a description of -- of the security
12 weakness. But I don't think we would
13 necessarily completely avoid forever the
14 publication of the software, that is, the study
15 of the software its and the details of the
16 weakness are certainly of interest to the
17 community of researchers doing computer
18 security.
19 MR. GOLD: Bill, we need to
20 break so the video person can change his tape.
21 MR. HART: Okay. This is a
22 good juncture, I think. Can we take five?
23 Bathroom, cigarette.
24 THE VIDEOGRAPHER: This
25 completes Videotape Number 1, the time now is
103
1
2 12:34 p.m. we are going off the record.
3 (Informal discussion held off
4 the record)
5 THE VIDEOGRAPHER: This is
6 Videotape Number 2 of the continued deposition
7 of Andrew Appel. The time now is 12:52 p.m.
8 We are back on the record.
9 Q. Prior to the call and E-mail from
10 Dave Touretzky, you had no knowledge of DeCSS
11 or interest in studying it for any reason, did
12 you?
13 MR. HERNSTADT: Object to the
14 form. Go ahead.
15 THE WITNESS: I had not been
16 motivated to examine DeCSS before that time,
17 that's right.
18 Q. Were you aware of DeCSS before that
19 time?
20 A. I was there that there were some
21 court cases and how -- I don't remember how
22 detailed was my awareness.
23 Q. Okay.
24 But as a cryptography buff, and I
25 don't want to characterize the degree of
104
1
2 sophistication that you have in that field, but
3 to whatever degree you've had it you expressed
4 an interest in cryptography, that was not a
5 subject that came across your radar screen,
6 that is DeCSS, until you to you to Touretzky;
7 is that right?
8 A. I have been interested for a few
9 years now in the question of whether it's
10 really technically feasible to distribute
11 encrypted content to people who have possession
12 of the machine that decrypts it in a secure
13 way. And I've had conversations on -- relating
14 to that topic with several people who work in
15 the field of security over the past three years
16 approximately. So the court case were
17 interesting to me partly for that reason.
18 Q. But prior to the discussion with
19 Touretzky in March you were unaware of DeCSS
20 per se, correct?
21 A. Yes.
22 Q. Despite your background and
23 interest in security systems, cryptography and
24 what you just said?
25 A. I was aware that the court cases
105
1
2 focused on unlicensed decryption software, but
3 I don't know that I could have told you the
4 name of the software.
5 Q. Okay.
6 Now, you mentioned just a moment
7 ago in your testimony that you've had
8 communications with interested parties
9 concerning those subjects over the course of
10 the last three years, correct?
11 A. The subject, not specifically of
12 DeCSS or DVDs, but the distribution of
13 encrypted content.
14 Q. Right.
15 And how did you engage in those
16 communications, through what form or media?
17 A. Generally in person.
18 Q. Generally in person? I'm sorry?
19 A. Yes.
20 Q. What about E-mail?
21 A. I don't think so.
22 Q. Any reason why not?
23 A. I would talk to people at
24 conferences, for example, and/or in my office
25 in discussions or this kind of thing.
106
1
2 Q. Okay.
3 A. But I don't recall any E-mail that
4 I have sent.
5 Q. Now, in those discussions did you
6 have before and available to you and the others
7 code in any form?
8 A. I think not.
9 Q. Okay.
10 Is it possible to E-mail DeCSS from
11 one person to another?
12 MR. HERNSTADT: Object to the
13 form.
14 THE WITNESS: Yes.
15 Q. Okay.
16 Are there encryption programs that
17 are widely available that are used in
18 connection with E-mail communications?
19 A. Yes.
20 Q. Can you name one or two, please?
21 A. PGP is one of them.
22 Q. Okay.
23 Have you ever used any of those
24 encryption programs, whether or not it was PGP,
25 in connection with E-mail communications with
107
1
2 others?
3 A. I have encrypted an E-mail using
4 PGP and sent it.
5 Q. As an experiment or --
6 A. Basically as an experiment.
7 Q. Did it work?
8 A. Yes.
9 Q. And would you explain, just to make
10 the record clear, what the value of doing that
11 is?
12 A. The value of encrypting E-mail is
13 to achieve privacy in communications.
14 Q. As a practical matter, isn't it
15 possible to engage in discussions with
16 researchers, scientists, cryptographers and
17 others who may have some scholarly or
18 engineering interest in DeCSS by communicating
19 with them and transferring to them DeCSS via
20 encrypted E-mail?
21 A. That presupposes the fact that I
22 know which scholars are interested in it. And
23 generally when I do research and public it I
24 don't know in advance exactly which scholars
25 would be interested in it using the results of
108
1
2 my research in their work.
3 Q. So, let's take, for example, the
4 people that you said you met with in person
5 over the course of the last three years. Do
6 you have any of their E-mail addresses?
7 A. Yes.
8 Q. So all those folks that you talked
9 with within the last three years are certainly
10 within the orbit of people that you would know
11 to E-mail to if you wanted to, right?
12 A. Yeah, I'd say they're -- yes.
13 Q. Okay.
14 And is it common when someone has a
15 website to provide an E-mail address for them
16 on their website?
17 MR. HERNSTADT: Object to the
18 form of the question. If you don't understand
19 it --
20 THE WITNESS: Let's say the --
21 a personal home page will typically include an
22 E-mail address.
23 Q. What about websites used by
24 scholars, scientists, cryptographers and the
25 like?
109
1
2 A. Some of the them have E-mail
3 addresses.
4 Q. So it's not uncommon, is it?
5 A. It's common.
6 Q. Common. Right.
7 And so if you wanted to communicate
8 with somebody that had posted something to a
9 website on the internet, you would you have a
10 way to communicate with them via E-mail, right?
11 A. Yes.
12 Q. And encrypted E-mail as well,
13 right?
14 A. No. For me to communicate with
15 somebody by encrypted E-mail, they would have
16 to have posted their public key in some place.
17 Q. Right.
18 A. And not very many people have done
19 that.
20 Q. But you could you E-mail the person
21 and say can you give me your PGP key so I can
22 send you an encrypted E-mail, right?
23 A. Most people have not installed PGP,
24 so I would have to E-mail them and say can you
25 download and install the PGP and make yourself
110
1
2 a key and put this somewhere so I could --
3 Q. Sure.
4 Is that a big deal?
5 A. It's an hour's work.
6 Q. And in the life of a computer
7 person what's an hour?
8 A. If I want to publish my work in
9 such a way that other people will read it, I
10 don't generally want to impose an hour penalty
11 in even accessing what I've written.
12 Q. I understand.
13 So, in other words if you want to
14 makes sure it gets out there to the greatest
15 number of people possible you put it on a
16 website in an unencrypted form?
17 A. Right.
18 Q. Now, have you done any kind of
19 tentative, preliminary, intermediate, final or
20 close to final report or analysis in connection
21 with this case or your testimony in it?
22 MR. HERNSTADT: Objection to
23 the form of the question. I take it you mean
24 apart from his declaration?
25 THE WITNESS: I am not -- I've
111
1
2 not been preparing any kind of document of that
3 description.
4 Q. Were you told not to?
5 A. No.
6 Q. Okay. Why not?
7 A. No one discussed at all either pro
8 or con the preparation of such a document.
9 Q. Okay.
10 So if I wanted to get an
11 understanding of what you planned to testify in
12 in the trial of this case, how do I find that
13 out?
14 A. I don't know.
15 Q. Okay.
16 If I ask you right now, can you
17 tell me all the subjects in which you plan to
18 testify at the trial of this case or are
19 prepared to testify at the trial of this case?
20 Can you tell me?
21 A. Yes, I can tell you some subjects
22 in which I am prepared to testify.
23 Q. Okay.
24 A. The one subject is that scholarly
25 publication is often most effective when it
112
1
2 includes the publication of source and object
3 code in addition to articles and other reports
4 describing that source and object code.
5 Q. Mm-hmm.
6 A. And that that's the way that
7 scientists routinely communicate with each
8 other. One is on distinctions between source
9 code and object code and how they are used to
10 communicate between people and other people as
11 well as operation on a machine.
12 One is on on various kinds of uses
13 of copyrighted material such as those described
14 in my paper of February 17, that is, uses that
15 scholars might put copyrighted material to that
16 would require access to the unencrypted
17 content. And I guess the fact that people
18 working in the field of computer security and
19 cryptography do routinely publish the
20 descriptions of weaknesses in systems or ways
21 of circumventing systems as part of the process
22 of designing and inventing better systems.
23 Q. Anything else?
24 A. Not that I recall at the moment.
25 Q. Now, you are going to be going
113
1
2 away, is that right, soon?
3 A. I will be away the week of July 17.
4 Q. And is that a date that's been
5 fixed for a while for your departure somewhere?
6 A. That date was fixed in
7 approximately January. It's a principal
8 investigators meeting of researchers in
9 computer security funded by the Defense
10 Department.
11 Q. Excellent. Where is that?
12 A. In Hawaii.
13 Q. Sounds terrible.
14 And you let Mr. Hernstadt know
15 that?
16 A. That's right.
17 Q. When?
18 A. When he first told me the trial
19 date, which as I said was approximately a week
20 or two after the filing of my declaration.
21 Q. Sometime in April?
22 A. No, that would have been May.
23 Q. Sometime in May. Okay.
24 In other words a week or two after
25 the filing date of your dec is what you said?
114
1
2 A. Right.
3 MR. HERNSTADT: And obviously
4 sometime after May 12.
5 MR. HART: I'm sorry. Would
6 you read back what Mr. Hernstadt just said?
7 (Record read)
8 Q. I'm sorry. Do you know what the
9 significance of May 12 is?
10 A. No.
11 MR. HERNSTADT: That's when the
12 judge moved the trial date to July 17. It
13 would not have been possible for me to tell him
14 a July 17 date before that.
15 Q. Did Mr. Hernstadt ever advise you
16 that it was the defense's intention to seek an
17 adjournment of the trial?
18 A. I think he has told me that.
19 Q. Do you remember when he first told
20 you that?
21 A. I remember that he told me that
22 about a week ago, but I don't remember if
23 that's the first told that he told me.
24 Q. Okay.
25 Now, coming back to the subjects,
115
1
2 there were four categories. The last of them
3 was the publication or descriptions about
4 weaknesses in security systems.
5 A. The practice of scientists doing
6 research in computer security of publishing
7 descriptions of the weaknesses.
8 Q. And that's what we've already
9 talked about today in your testimony in terms
10 of descriptions and utilities and the like?
11 MR. HERNSTADT: I'm sorry. The
12 last answer and question read back, please?
13 The answer and then his question.
14 (Record read)
15 THE WITNESS: I think we have
16 talked about that.
17 Q. Now, you said it's normal practice,
18 correct me if I'm wrong, that if someone
19 discerns a break in a security system that they
20 contact the proprietor or user of that system.
21 Is that your testimony?
22 A. My testimony was that that had been
23 our practice.
24 Q. Your practice.
25 Do you know if that's a normal
116
1
2 practice?
3 A. I don't know.
4 Q. Do you have any information as to
5 whether that was done in this situation with
6 DeCSS?
7 MR. HERNSTADT: Objection to
8 form.
9 THE WITNESS: No, I have no
10 information.
11 Q. Okay.
12 Now, you also mentioned that one of
13 the other subjects for your anticipated trial
14 testimony is the use of copyrighted material --
15 excuse me. The use of copyrighted materials in
16 connection with scholarly research.
17 A. That's right.
18 Q. Right.
19 And you men -- and these are the
20 subjects that are covered by your article,
21 right?
22 A. That's right.
23 Q. Okay.
24 And you said you have nothing to
25 add to this article other than the little side
117
1
2 bar that's going to appear in the next
3 published version of it describing the basic
4 rules when you submitted this to Congress or
5 the copyright office?
6 A. What I said was that the article as
7 it will appear in Communication of the ACM as
8 it appears on my website includes a one page
9 sidebar explaining the circumstances of their
10 regulatory process.
11 Q. Right.
12 Now, in doing searches of musical
13 works as you described them in your article,
14 does this entail loading musical content into a
15 computer in some kind of digital form before it
16 can be searched through by a computer?
17 A. It's plausible to do the search
18 directly from, for example, a CD. Although the
19 material will have to flow into the computer as
20 it would in any way of using the D -- the CD.
21 Q. And so how would you that be done?
22 A. One would open the file from the CD
23 rom device.
24 Q. Okay.
25 A. For example.
118
1
2 Q. Okay.
3 A. It would be generally more
4 convenient if there were many things to be
5 searched to put them on the hard disk, for
6 example.
7 Q. And why is that?
8 A. Then one could do the search
9 without, you know, repeatedly shuffling the CDs
10 in and out of the CD rom Drive.
11 Q. So what we are talking about --
12 again, I have to make this record clear -- is
13 taking a CD that contains music, copying it
14 electrically onto the hard drive of a computer
15 so that the content of that CD as it now
16 resides in the computer memory could be
17 searched by some kind much computer-assisted
18 search device, is that -- do I have that right?
19 A. Well, I described two versions of
20 the process; one where it is copied to the hard
21 disk and one where it's not copied to the hard
22 disk although it will exist in the computer's
23 ram memory for the time that it's being
24 searched.
25 Q. Got you.
119
1
2 But with respect to the version
3 that involved copying to the hard disk did I
4 have that right?
5 A. That's right.
6 Q. Okay.
7 And with respect to the version
8 that didn't involve copying to hard disk it
9 would involve loading the CD into a CD rom
10 player and searching the content of the CD
11 while it's in the player; is that right?
12 A. That's right.
13 Q. Now, does your scenario of music
14 searches contemplate that there would be some
15 kind of large database containing music files
16 in order to apply the search engine?
17 A. I guess that would be up to the
18 user of the search software.
19 Q. Right.
20 What's the real research or
21 academic value to your mind of searching one or
22 just a handful of CDs? I mean, isn't the real
23 value in having a huge repository of these
24 things --
25 MR. HERNSTADT: Objection to
120
1
2 the form of the question?
3 Q. -- to search through? Isn't that
4 where the computer really makes it alot more
5 efficient?
6 MR. HERNSTADT: Argumentative.
7 Q. With due respect, sir.
8 A. Part of the research is even
9 designing the computer programs that do the
10 search. In order to test those computer
11 programs, one needs content --
12 Q. Sure.
13 A. -- to feed them to.
14 Q. Got you.
15 A. Part of the research is in that one
16 might search in a CD or some passage where --
17 you know, containing a certain theme one
18 sketches out.
19 Q. Sure.
20 A. And it could well be that those
21 kinds of searches will be more effective if
22 performed on a larger database than a smaller
23 one.
24 Q. Rather than flipping CDs in and out
25 of a drive?
121
1
2 A. If there are many CDs to be
3 searched, yes, it would be easier from a larger
4 database.
5 Q. And the point of your article is
6 that if the CDs are wrapped in some kind of
7 encryption that this would inhibit scholarly
8 research unless the encryption were cracked --
9 A. That's right.
10 Q. -- is that right? Okay.
11 And is there any aspect to this, to
12 your mind, that involves consideration of the
13 copyrighted content that's on the CDs, that is,
14 if you were to load a whole bunch of CDs onto a
15 hard drive or put it somewhere in some computer
16 storage facility that it would raise copyright
17 issues to your mind? And again, without a
18 legal conclusion. Just asking what's passed
19 through your mind in the context of considering
20 these issues.
21 A. Not as a legal conclusion, but it
22 is my understanding that there are
23 circumstances where it's permissible to buy
24 copyrighted material and transfer it to another
25 medium for one's own use. And so I can
122
1
2 speculate that it might well be fair use under
3 the copyright law to buy a collection of CDs
4 and load them onto a hard disk for the purpose
5 of searching them.
6 Q. Okay.
7 And would that assumption apply if
8 one were to post the content of those CDs onto
9 the internet so that others could search them?
10 A. I can easily imagine that that one
11 would not fall within the category of fair use.
12 Q. And why is that? And again I'm
13 just using for our view. You're using the word
14 fair use.
15 A. If one posts the unencrypted
16 content on the internet, then indeed it is
17 available for everyone not only to search but
18 to download.
19 Q. Okay.
20 And if people are able to do that
21 with movies on the internet, would your answer
22 be the same?
23 MR. HERNSTADT: Objection to
24 the form of the question. We should read back
25 the answer, too.
123
1
2 Q. Go ahead.
3 A. Well, if people post copies of
4 movies on the internet and in such a way that
5 people can download them, then I imagine that
6 that would not be considered fair use of the
7 material.
8 Q. And coming back to your thesis
9 about the value of scholarly research in this
10 connection, okay, because I think you actually
11 do address video content analysis as part of
12 your article; right?
13 A. That's right.
14 Q. And that's sort of doing the same
15 thing as we just talked about with respect to
16 musical content on CDs with respect to video
17 content in some digitized form, yes.
18 A. That's right.
19 Q. And the notion would be that you'd
20 have a computer program that functions as a
21 search engine. If we wanted to find certain
22 scenes as we described them for the engine,
23 that the engine would search through all the
24 digitized video content and pluckk those scenes
25 out as defined?
124
1
2 A. That's an example.
3 Q. Okay.
4 So I guess I go back to the
5 scenario we just talked about a second ago,
6 which is that the video content is posted to
7 the net, and one purpose for doing that may be
8 to run a search engine of the type we just
9 described, a video analysis search engine,
10 right? But there is also --
11 MR. HERNSTADT: Objection. I'd
12 like to let him answer that question and I
13 object to the form of the question.
14 THE WITNESS: Right. So what
15 -- what we say in the paper and what I said
16 already is that we believe that applying such
17 search engines to a copy of copyrighted
18 material which one has purchased is fair use.
19 And whether or not it's fair use, technically
20 it's true that in order to do that one needs
21 access to the unencrypted content. And -- and
22 I have not said that posting the unencrypted
23 content to the internet is fair use.
24 Q. And you -- fine.
25 A. Okay.
125
1
2 Q. Okay.
3 Let's just forget fair use for a
4 moment, if you will.
5 A. All right.
6 Q. All right?
7 I guess my question is a little
8 more simpleminded.
9 A. Okay.
10 Q. All right? And that is --
11 MR. GARBUS: Speak for yours.
12 MR. HART: I am, thank you.
13 Did you get Mr. Garbus's acerbic comment?
14 MR. HERNSTADT: Smiling
15 comment.
16 Q. Someone puts up --
17 MR. GOLD: You know the
18 definition of a villain? I
19 MR. HERNSTADT: Definition of a
20 --
21 MR. GOLD: Villain with
22 smiling. Afterwards I'll tell you.
23 MR. HART: Good, good.
24 Q. Someone puts up onto the net a
25 bunch of video content, right?
126
1
2 A. Mm-hmm.
3 Q. And it could ostensibly be used if
4 to do the scanning process he just described,
5 the video search analysis process. But it also
6 has the potential for abuse, if you will, in
7 that people can just download the movies for
8 their intrinsic --
9 A. Okay.
10 Q. -- content.
11 In that situation, okay, in your
12 mind do you believe that it would be
13 appropriate to have posted the material to the
14 internet for that purpose given the risk of
15 abuse?
16 MR. HERNSTADT: Objection to
17 the form of the question. I don't think I
18 understand it. Could you repeat the question
19 back?
20 Q. Do you understand the question?
21 A. I think I understand the question.
22 MR. HERNSTADT: Could you read
23 it back? I want to make sure I understand it,
24 too. It's a reasonable desire.
25 (Record read)
127
1
2 MR. HERNSTADT: And this is in
3 the context of the hypothetical?
4 MR. HART: Mm-hmm.
5 MR. HERNSTADT: Okay.
6 THE WITNESS: In such a
7 situation I personally would not post the
8 material to the internet partly because there
9 may be other ways of permitting searches on the
10 material without posting the unencrypted
11 content.
12 Q. Like what?
13 A. Like I could post an interface to
14 the search engine itself.
15 Q. Okay.
16 And by doing that, how does one get
17 the content to search?
18 A. Users might be able to perform
19 searches which would return indexes into the
20 material and --
21 Q. Go ahead. I'm just --
22 A. -- and then they would have the
23 choice of purchasing a copy of that material
24 for their own use having found it by the search
25 or, and this is where my legal expertise in
128
1
2 fair use --
3 Q. Again, I'm not calling for anything
4 --
5 A. Okay. But I could speculate that
6 it might be legal to provide very short
7 excerpts in the search engine interface to
8 permit the users to determine whether they had
9 actually found what they wanted.
10 Q. Okay.
11 But all of what you just described
12 is in effort to avoid putting entire
13 copyrighted content onto the internet for
14 people to download?
15 A. That's right.
16 Q. Okay.
17 If I told you that people today are
18 using DeCSS to decrypt DVD movies in order to
19 traffic them on the internet in the same way
20 that Napster involves so-called file sharing of
21 MP3 audio, what would your view be of the
22 appropriateness of providing DeCSS, the
23 decryption utility, generally to the public?
24 MR. HERNSTADT: Object to the
25 form of the question.
129
1
2 MR. HART: That's okay.
3 MR. HERNSTADT: If you can
4 answer it, go ahead.
5 THE WITNESS: Right. Since in
6 my view DeCSS has legitimate uses --
7 Q. Right.
8 A. -- then it's appropriate to post
9 it. Just as it's legal and appropriate to sell
10 Xerox machines which have many legitimate uses
11 in addition to the illegitimate use of the
12 wholesale duplication of books, for example.
13 Q. So in your mind DeCSS is like a
14 Xerox machine?
15 MR. HERNSTADT: Objection to
16 the question.
17 THE WITNESS: It's a useful
18 tool that also has uses that may be
19 illegitimate.
20 Q. Is there anything special about
21 digital transmission of content that makes the
22 risk involved in, say, abuses more pronounced
23 when you're dealing with the internet, say,
24 than with a photocopy machine?
25 MR. HERNSTADT: Objection to
130
1
2 the form of the question. Tortured
3 hypothetical. You can answer.
4 THE WITNESS: I guess perhaps
5 what you're implying is that it's easier to
6 make a copy of a digital work than it is to
7 make a copy of a physical work. So that it may
8 be more convenient to perpetrate the abuses.
9 Q. Is that your view?
10 A. I have no experience with the
11 transmission of multi-gigabyte files, so I
12 don't know how convenient it is.
13 Q. I understand. But assume -- I'm
14 going -- the premise is assume that it's doable
15 and convenient.
16 A. Mm-hmm.
17 Q. And you suggested that the
18 photocopy machine was an analogy. And my
19 question is really a straightforward one.
20 A. Mm-hmm.
21 Q. It is, isn't there there a greater
22 potential for abuse when you deal with digital
23 content vis-a-vis the internet given the ease
24 with copies can be multiplied and transmitted
25 than when you are dealing with a photocopying
131
1
2 device such as a Xerox brand copier?
3 MR. HERNSTADT: Objection to
4 the form of the question. It's a compound
5 question. Assumes facts not in evidence and is
6 a tortured hypothetical.
7 MR. HART: Thank you.
8 MR. HERNSTADT: Go ahead.
9 THE WITNESS: It seems
10 plausible.
11 Q. What seems plausible?
12 A. That there may be a greater
13 potential for abuse of -- of digital content
14 than non-digital content.
15 Q. Okay.
16 Well, let's -- let's take a look
17 back at your declaration Exhibit 1.
18 MR. GARBUS: It's about 1:30,
19 can we break for lunch?
20 MR. HART: Let me finish up
21 this little bit of questioning and absolutely.
22 Q. Paragraph 8.
23 A. Okay.
24 Q. Here, correct me if I'm wrong, you
25 are describing --
132
1
2 MR. HERNSTADT: 8?
3 Q. Paragraph 8 on Page 4. Garbus
4 Frankfurt Garbus document number --
5 Here you are describing how you
6 made available some software for free back in
7 '87 by sending magnetic tapes through Parcel
8 Post, correct?
9 A. That's right.
10 Q. And then you go on to say in
11 Paragraph 9 that with the advent or at least
12 your recognition of the value of the internet,
13 that you could do so much more readily simply
14 by transmitting it over the internet; is that a
15 fair characterization of what you say?
16 A. Yes.
17 Q. And I guess following what you said
18 in your declaration I ask you the same
19 question.
20 A. Mm-hmm.
21 Q. Isn't there a fundamental
22 difference in terms of the ability to multiple
23 reply and transmit copies on the internet
24 versus hard copies, in this case you were
25 talking about Magnetic tapes, in the example
133
1
2 you gave me you were talking about a Xerox
3 machine.
4 MR. HERNSTADT: Objection to
5 the form of the question.
6 THE WITNESS: So as I said,
7 DeCSS has legitimate uses in addition to uses
8 -- in addition to abuses.
9 Q. Right.
10 A. And -- and I guess one of the
11 abuses is the potential to post unencrypted
12 movies on the internet.
13 MR. HART: Let's stop for
14 lunch. Thanks.
15 THE VIDEOGRAPHER: The time now
16 is 1:31 p.m. We are going off the record. Off
17 lunch recess taken afternoon session.
18 THE VIDEOGRAPHER: The time now
19 is 2:33 p.m. We are back on the record.
20 Q. Are you ready to resume?
21 A. Yep.
22 Q. Thank you.
23 We were talking before the lunch
24 break about different ways to provide
25 researchers and scientists with code for
134
1
2 academic or engineering purposes, and one of
3 the ways we talked about was in person, another
4 way was through E-mail, whether encrypted
5 E-mail or unencrypted E-mail.
6 Are there any other ways, and again
7 I'm talking about short of posting it generally
8 to the public on an internet site?
9 A. Such as the shipping of tapes by
10 Parcel Post or --
11 Q. Okay.
12 A. I don't know if anything else comes
13 to mind.
14 Q. Okay.
15 Are you familiar with a program
16 that's marketed by a company called Cahoots?
17 A. No.
18 Q. You have a website. You've
19 mentioned it a couple of times during your
20 deposition. I'm going to have the reporter
21 mark as Exhibit 4 this group of pages that I've
22 just stapled together. And I guess after she
23 marks it the question will be whether that is
24 --
25 MR. HERNSTADT: Do you have one
135
1
2 for me?
3 MR. HART: I'll go make one for
4 you. That will take time.
5 MR. HERNSTADT: Just as long as
6 I get one before we go.
7 MR. HART: Absolutely.
8 (Thereupon, a Printout of
9 principal pages of Mr. Appel's
10 website was marked as Exhibit 4 for
11 identification as of today's date)
12 Q. I guess my question is can you
13 identify is that? Are those the principal
14 pages of your website?
15 A. These are the pages you get to by
16 following the underlined links on my website.
17 At least one of those is actually a link to a
18 page that's a another website at Bell
19 Laboratories.
20 Q. Uh-huh.
21 A. But this is my website.
22 Q. Okay. Thanks.
23 Now, do you -- do you discuss CSS
24 or DeCSS at all on your website?
25 A. I believe that on my website
136
1
2 there's a copy of my declaration in this case.
3 Q. Is that the extent of your
4 discussion?
5 A. There is perhaps a sentence or two
6 of introduction surrounding the link to my
7 declaration.
8 Q. Okay.
9 A. And I believe that I don't discuss
10 it further on the website.
11 Q. Got it. And when you say the link
12 to our declaration, your declaration exists on
13 what server?
14 A. I have two links. One is the link
15 to my declaration that's in the same web page
16 with all the other declarations filed by the
17 defendants at the same time.
18 Q. Mm-hmm. And where is that website?
19 A. Now I don't remember which website
20 that that is. It might at the EFF.
21 Q. Okay.
22 Not your website though, correct?
23 A. And I have a copy of my declaration
24 accessible at another link just in case the
25 first link goes out of order.
137
1
2 Q. Got you.
3 And where is that other
4 declaration?
5 A. On my own website.
6 Q. You don't post DeCSS on your site,
7 do you?
8 A. That's right, I have not posted
9 DeCSS on my site.
10 Q. Do you link to it?
11 A. Not directly.
12 Q. What -- what do you mean?
13 A. I have a link here to the EFF
14 website with the Universal Studios versus
15 Reimerdes DVD case and I imaging by following
16 links to there I could get to DeCSS.
17 Q. Okay.
18 But your purpose in putting your
19 website up is not to provide DeCSS to anybody,
20 is it?
21 A. That's right.
22 Q. I mean, you don't have a banner at
23 the top of it that says "come get DeCSS here,"
24 do you?
25 A. That's right.
138
1
2 Q. Is there any reason why you didn't
3 feel the need to include DeCSS in source or
4 object code form in your site?
5 MR. HERNSTADT: Objection to
6 the form of the question.
7 THE WITNESS: It seemed to be
8 quite adequately mirrored elsewhere on the web.
9 Q. Why didn't you post it?
10 A. I don't know.
11 Q. Do you get involved or have you
12 ever been involved in any so-called Linux
13 development activities?
14 A. No. I use Linux, but I have not
15 been involved in Linux development activities.
16 Q. Where do you use Linux?
17 A. I do my research primarily on a
18 Linux computer server in my department.
19 Q. Okay.
20 And do you have access to other
21 operating systems there, as well?
22 A. I -- yes.
23 Q. But you have not followed the
24 efforts, exploits and travails of various Linux
25 developers or participants in any of the
139
1
2 so-called Linux community, have you?
3 MR. HERNSTADT: Objection to
4 the form of the question.
5 THE WITNESS: I have read about
6 aspects of Linux development and the way that
7 development is coordinated worldwide, the ways
8 in which various companies have supported Linux
9 since the development of Linux a few years ago.
10 Q. But you have not participated in
11 the development -- any developments yourself in
12 Linux, have you?
13 A. Some of the software I wrote for
14 other purposes and which is described in my
15 declaration I believe has now been made
16 available as part of the some of the Linux
17 distributions. But it's not really a core part
18 of the operating system and I don't participate
19 actively in the Linux development system.
20 Q. And have you ever participated in
21 any of the chat groups that are devoted to
22 Linux development?
23 A. No.
24 Q. You are aware that those exist?
25 A. Yes.
140
1
2 Q. And would you say that that's a
3 pretty -- scratch that.
4 Let's go back to the group of
5 E-mails that we had earlier marked. I believe
6 you have it there as Exhibit 3.
7 A. Mm-hmm.
8 Q. And if you would turn to the --
9 they are unnumbered pages. I'm going to have
10 to count them. First, second, third, I believe
11 it's the fourth page in. And what I'm focusing
12 on is just beneath the top of the page there is
13 "-- Dave" and below that "to: Dave Touretzky"
14 "subject: Gallery," "In-reply-to:" "From:
15 Andrew Appel."
16 Is this an E-mail from you to Dave
17 Touretzsky on the date shown on that header?
18 A. Yes.
19 Q. And is the text that follows
20 beneath that headers yours?
21 A. Yes.
22 Q. What were you referring to when you
23 talked about "and finally, if it's legal to
24 link to A and legal to Link to A xor B then
25 ..".
141
1
2 And then you go, "I don't
3 completely buy this argument, and perhaps it's
4 not the best argument to make for freedom of
5 speech."
6 What was the gist of that?
7 A. Suppose it were illegal to post a
8 certain document on the internet.
9 Q. Okay.
10 A. It would be possible to post two
11 other documents that when you combine them
12 together make the original document, but in
13 which no information from the original document
14 is present in either of the two pieces except
15 as they are combined.
16 Q. And what's your conclusion as it
17 relates to the comment you made in this E-mail?
18 MR. HERNSTADT: Objection to
19 form. What comment?
20 THE WITNESS: I guess I came to
21 the conclusion that very likely one could make
22 the argument that posting in that form would be
23 substantively the same as posting the original
24 document.
25 Q. Okay.
142
1
2 Why?
3 A. I don't know. I guess the reason
4 there is an ellipsis there is that I had
5 difficulty coming to any well-formulated
6 conclusion with a sound explanation.
7 Q. Okay.
8 Was part of your purpose in
9 communicating with Touretzky to discuss
10 different illustrations of source code for the
11 purpose of making arguments about free speech?
12 A. Touretzky's website in particular
13 is to provide evidence and examples for the
14 argument that it's inconsistent to prohibit
15 posting source code for a computer algorithm,
16 but to permit publication of a detailed
17 explanation of the algorithm. And so he has
18 several kinds of examples, and I had thought of
19 one or two other kinds of examples. The
20 example that you brought up just now is sort of
21 the weaker and less useful of the examples and
22 so we dropped it.
23 Q. I got you.
24 When you say English language
25 description of the source code, you mean really
143
1
2 paraphrasing if I can use that word, you can
3 certainly supply your own if you want, verbatim
4 line-for-line what the source code says into
5 English?
6 A. Well, it may mean that. If you
7 look at Frank Stephenson's article with the
8 crypt analysis of the source code that's not
9 paraphrasing line-for-line. That's an
10 explanation.
11 But another example of the
12 difficulty in deciding whether -- where to draw
13 the line or whether it's even possible to draw
14 the line would be an English language document
15 that paraphrased line-for-line.
16 Q. Right.
17 And what this is about, if we could
18 put a label on it, isn't really reverse
19 engineering or cryptographic research, per se,
20 but rather sort of testing line drawing issues
21 in terms of the differences between source and
22 object code and English language descriptions
23 of the code; is that a fair statement?
24 MR. HERNSTADT: Objection the
25 form of the question.
144
1
2 THE WITNESS: Dave Touretzky's
3 web page entitled "Valley of CSS Descramblers"
4 I think is specifically devoted to testing how
5 and whether it's possible that one can draw
6 that line.
7 Q. And it's not about reverse
8 engineering, per se?
9 A. Not about reverse engineering, per
10 se.
11 Q. Or cryptography?
12 A. Yeah, I would say that.
13 Q. Do you know if 2600 is engaged in
14 any reverse engineering or cryptography?
15 A. No. I have looked only once at the
16 2600 website for, you know, three or four
17 minutes.
18 Q. Did you ever read the opinion that
19 was issued by Judge Kaplan in this case?
20 A. Which opinion?
21 Q. I'm sorry.
22 It was the January 20 preliminary
23 injunction opinion, and there there was a
24 following sort of lengthier memorandum opinion.
25 A. I believe so where in this set of
145
1
2 E-mails I -- which page am I on? Page 3. Near
3 the top.
4 Q. Just -- just so the record is
5 clear, Dr. Appel, we are referring again to
6 Exhibit 3?
7 A. Yes.
8 Q. Page 3. Go ahead.
9 A. I have quoted from what's here
10 referred to as an injunction. Is that the
11 opinion you are referring to?
12 Q. I'm sorry. We are looking at the
13 material that's preceded by Number -- Arabic
14 II?
15 A. Yes.
16 Q. Okay.
17 No. I was asking you if you had
18 read the decision where the court explained its
19 reasoning in the case.
20 A. I think I skimmed it. I don't
21 think I read every word of it.
22 Q. Okay.
23 Is that sound academic or scholarly
24 practice?
25 MR. HERNSTADT: Object to the
146
1
2 question.
3 THE WITNESS: If I -- to do
4 what?
5 Q. Well -- and I'm by no means
6 intending to be argumentative with you. I want
7 to make that clear.
8 You have put in a declaration and
9 intend as a witness in this case in part to
10 impart and your specialized expertise to a
11 court because you believe that that's important
12 to do so for whatever reasons we may wind up
13 talking about today. And I guess I'm asking
14 you whether it's sound practice from your
15 standpoint as a scholar or academician to be
16 taking positions in a case over a judge's
17 decision which you have -- you just told me,
18 merely skimmed, whether you regard that as
19 sound academic or scholarly practice?
20 MR. HERNSTADT: Objection to
21 the form of the w -- the form of the question.
22 It's argumentative.
23 MR. HART: And I apologized for
24 that in advance.
25 THE WITNESS: If I were
147
1
2 testifying in some -- or writing an article
3 where in some way I was characterizing the
4 content of something, then I should have read
5 it in detail.
6 Q. I see.
7 Now, the article that you wrote
8 that you submitted to the copyright office, the
9 purpose of your submission of that piece to the
10 copyright office was what?
11 A. They solicited public comment in
12 their process of regulating which classes of
13 works were to be exempted from the prohibition
14 on circumvention.
15 Q. And how did you first become aware
16 of that proceeding?
17 A. I think Professor Felten mentioned
18 it to me.
19 Q. Had you been following the course
20 of the digital Millenium copyright act or its
21 enactment?
22 A. Yes.
23 Q. You had?
24 A. Yes.
25 MR. GOLD: Let's go off the
148
1
2 record for 20 second.
3 THE VIDEOGRAPHER: The time now
4 IS 2:51 p.m. We are going off the record.
5 (Informal discussion held off
6 the record)
7 THE VIDEOGRAPHER: The time now
8 is 3:00 p.m. We are back on the record.
9 Q. Thank you.
10 You mentioned in paragraph -- I
11 want to wait so we don't need to have the
12 question read back because you didn't hear it.
13 That's fine.
14 MR. HERNSTADT: Thank you,
15 Bill.
16 Q. In Paragraph 14 of your
17 declaration, Mr. Appel, you say, and I quote,
18 "many of the websites presently posting are
19 linking to DeCSS state or suggest that the
20 posting is intended to demonstrate sympathy for
21 the right to post DeCSS." And my question to
22 you, sir -- do you see that text in your
23 declaration?
24 A. Yes.
25 Q. My question to you is, how do you
149
1
2 know that?
3 A. I guess by whatever words appeared
4 on those websites. I don't have specific notes
5 about what was on each of those websites since
6 in this paragraph of my declaration I was only
7 concerned with mentioning sites that post DeCSS
8 in the context of a scholarly discussion.
9 Q. Do you know how many websites you
10 reviewed over the course of time with respect
11 to the posting or linking of DeCSS?
12 A. I don't have particular records,
13 but I would guess on the order of 50.
14 Q. And so it's among the 50 that you
15 looked at that you drew your statement in the
16 Paragraph 14 to the effect that many of the
17 websites posting or linking and so forth?
18 A. Yes.
19 Q. And was there anything about the
20 site that indicated to you that it was intended
21 to demonstrate sympathy for the right to post
22 DeCSS?
23 MR. HERNSTADT: Object to the
24 form.
25 THE WITNESS: There would have
150
1
2 been statements on the websites in addition to
3 the link to DeCSS.
4 Q. Do you recall any of those
5 statements?
6 A. No.
7 Q. In words or in substance?
8 A. Not specifically.
9 Q. Okay.
10 But, in other words, it was clear
11 to you that the sites weren't putting up DeCSS
12 either by posting or linking as part of some
13 exercise in scholarship, reverse engineering,
14 cryptography or academic study?
15 MR. HERNSTADT: Object to the
16 form.
17 THE WITNESS: That's right.
18 Many of the websites are not posting for any of
19 those specific reasons that you mentioned.
20 Q. Do you think it's fair to say that
21 of the various sites that you saw, they
22 represented part of a larger effort at
23 electronic civil disobedience?
24 MR. HERNSTADT: Object to the
25 form of the question.
151
1
2 THE WITNESS: That's an
3 interesting question. I hadn't thought about
4 it in those terms before.
5 MR. HERNSTADT: I also object
6 that it assumes facts not in evidence.
7 THE WITNESS: I don't actually
8 know what proportion of those websites were
9 posting it in contravention of any law or
10 injunction so I can't tell whether they were
11 being disobedient or not.
12 Q. Okay.
13 But I'm not looking at what's a
14 violation of law at this point, sir. I'm
15 simply going to your statement in Paragraph 14
16 of your declaration that said that -- and I
17 assume you did this based upon your personal
18 knowledge -- that "many of the websites
19 presently posting or linking to DeCSS state or
20 suggest the postings intended to suggest
21 sympathy for the fight right post DeCSS."
22 Those are your words?
23 A. Yes.
24 Q. Okay.
25 And I asked you how you discerned
152
1
2 that, right?
3 A. Right.
4 Q. And then the question was, do you
5 -- was it fair to say that this was part of an
6 effort at electronic civil disobedience. And
7 that's where you said that's an interesting
8 question.
9 THE WITNESS: Right.
10 Q. And then we started to talk about
11 legalities. And I'm coming back to your
12 question -- I'm sorry, to the question about
13 what you said in your declaration.
14 A. It's my understanding that civil
15 disobedience involves disobedience which is
16 breaking some rule. And it's not at all clear
17 to me for a majority of these websites what
18 rule they are breaking.
19 Q. Okay.
20 And have you ever talked with Eric
21 Corley or Emmanuel Goldstein?
22 A. No.
23 MR. HERNSTADT: Object to the
24 form of the question. That's one person.
25 THE WITNESS: I have not.
153
1
2 Q. Did you ever read 2600, the Hacker
3 Quarterly magazine?
4 A. No, I have not.
5 Q. Now, you mention in your
6 declaration several sites which you regard as
7 -- let me get the declaration out and use your
8 words, okay? Hang on a second. You got my
9 copy?
10 MR. HERNSTADT: Just trying to
11 save time. That's mine. I was pointing out
12 the words I think you're looking for.
13 MR. HART: Appreciate that.
14 Q. Okay. We are still in Paragraph
15 14.
16 A. Okay.
17 Q. Starting with the acceptance "while
18 many of the websites" and, I won't beat that
19 horse anymore. You go on to say "I am aware of
20 as least four," right? And then you mention
21 them.
22 A. Right.
23 Q. One of which is the site of the
24 good Dr. Touretzky who we've been talking about
25 today, okay?
154
1
2 A. Okay.
3 Q. And the others are the sites of
4 Greg Newby, right?
5 A. That's right.
6 Q. Bruce Schneier?
7 A. Right.
8 Q. Right? And David Wagner, right?
9 A. Right.
10 Q. How did you find these sites?
11 A. The web search engine.
12 Q. Do you know whether any of these
13 sites are being linked to by 2600?
14 A. No, I don't.
15 Q. Do you know if any of these sites
16 offer DeCSS as an executable utility?
17 A. No, I don't.
18 Q. Okay.
19 Do you know if any of these sites
20 include DeCSS source code?
21 A. When I did the survey I was, as I
22 said, primarily looking for source code.
23 Q. Mm-hmm.
24 A. It is my recollection that it was
25 accessible from Schneier's site and from
155
1
2 Wagner's site.
3 Q. The "it" being source code?
4 A. The source code.
5 Q. Right.
6 A. And I can't remember if source code
7 was directly accessible from Touretzky's site
8 or indirectly. He had several version of
9 things that were close to CSS, and on Newby's
10 site there were indications that it had
11 previously been accessible but that he had been
12 asked to remove it by the administration of his
13 university.
14 Q. Mm-hmm.
15 A. And so he had a discussion of -- of
16 that and --
17 Q. Okay.
18 Have you ever talked with
19 Mr. Newby?
20 A. No.
21 Q. Have you ever talked with David
22 Wagner?
23 A. Yes.
24 Q. When was the first time you ever
25 talked to David Wagner?
156
1
2 A. He was an undergraduate at
3 Princeton. I'm not sure whether I talked to
4 him during that time.
5 Q. Right.
6 A. But then he visited Princeton for a
7 day in March --
8 Q. Of this year?
9 A. -- as part -- of this year on a job
10 interview.
11 Q. And you had occasion to see him
12 during that visit?
13 A. Yes, I talked to him for about half
14 an hour.
15 Q. Okay.
16 And other than the possibility that
17 you might have bumped into him when he was at
18 Princeton before, was that, to your
19 recollection, the first time you remember
20 talking to him?
21 A. Yes.
22 Q. Did you have any discussions about
23 any of the subjects relevant to this case?
24 A. No.
25 Q. What about Mr. Schneier, ever
157
1
2 spoken to him?
3 A. I believe so. I believe I spoke to
4 him or had E-mail with him three or four years
5 ago on a com -- on some completely unrelated
6 topic.
7 Q. Have you had any discussions with
8 Bruce Schneier relative to any of the issues in
9 this case, DeCSS, CSS?
10 A. No.
11 Q. You mentioned a minute ago that in
12 certain cases code may be on a site and in
13 other case it may be available, I believe you
14 used the word "indirectly"; is that --
15 A. Right.
16 Q. When you say "indirectly," what do
17 you mean?
18 A. That you may need to click on more
19 than one link to get there.
20 Q. Okay.
21 And in saying that, are you
22 referring both to what I'll call internal
23 links, if that means anything, within the same
24 website as well as to external links that take
25 you onto another website?
158
1
2 A. Yes.
3 Q. Okay.
4 Functionally are those any
5 different, internal and external links?
6 A. No. I guess the point is that
7 internal links are in some sense more reliable
8 as they are under the control of the linker.
9 Q. Right.
10 Have you ever looked at the
11 so-called mirror page of the 2600 site?
12 MR. HERNSTADT: Objection.
13 Asked and answered.
14 THE WITNESS: I don't know.
15 I've looked at some DeCSS mirror pages, but I
16 don't believe this they were the 2600 mirror
17 page. And I believe I've looked at the 2600
18 site itself, but I don't recall whether I've
19 looked at mirror pages of the 2600 site.
20 MR. HART: Let's mark -- and I
21 think just to make the reporter's job easier we
22 will do this as a batch exhibit. We are going
23 to need a monster stapler to let that happen.
24 We are up to five, I believe and yes, I do have
25 copies for you, Ed.
159
1
2 MR. HERNSTADT: Thank you.
3 (Thereupon, Printout of the
4 Hacker Quarterly was marked as
5 Exhibit 5 for identification as of
6 today's date)
7 Q. If you turn to a page that says --
8 it's the fifth packet within the exhibit. It's
9 a 19-page grouping with a date line at the
10 bottom of 3/23.
11 A. Yep.
12 Q. And you'll see starting on page --
13 really starting on that -- the first page
14 within that packet, you see the heading
15 "mirrors" toward the bottom --
16 A. Yes.
17 Q. -- of the first page of that
18 packet? And then continuing the list of what I
19 can represent to you are hot links, right?
20 A. Right.
21 Q. We keep turning you'll see when you
22 got to Page 18 of 19 --
23 A. Yes.
24 Q. -- some windows down at the bottom
25 "to submit your mirror site containing these
160
1
2 files, enter the URL here," do you see see
3 that?
4 A. Yes.
5 Q. Click "okay"?
6 Now, my understanding of this is,
7 tell me if I'm wrong, that one would input
8 their URL address of their website "containing
9 these files," i.e. DeCSS, into this window or
10 box, click "okay," and that would transmit the
11 information concerning the URL to 2600 for
12 inclusion on its list of mirrors. Is that your
13 understanding of that how that works?
14 MR. HERNSTADT: Objection to
15 form. No foundation for the question. If you
16 have any idea, please answer.
17 THE WITNESS: That's certainly
18 the impression given by the text on this page.
19 Q. Now, if you turn to the first page
20 of that same little packet, the 1 of 19 page
21 where we started, are you with me?
22 A. Yes.
23 Q. Under the rubric "how you can
24 help," do you see the statement "it's
25 especially important that as many of you as
161
1
2 possible all throughout the world take a stand
3 and mirror these files?"
4 A. Yes.
5 Q. Does that reinforce your impression
6 about what the URL box is at the end of a
7 mirror list?
8 MR. HERNSTADT: Objection to
9 the form of the question. No foundation.
10 THE WITNESS: That text is
11 encouraging people to mirror the files, yes.
12 Q. Okay. Your DeCSS, right?
13 A. I guess so.
14 MR. HERNSTADT: Bill, when you
15 get to a good point to stop, we are at the
16 about 10-minute mark.
17 MR. HART: Oh, really?
18 MR. HERNSTADT: Wherever is a
19 good point to stop would be good. I want to be
20 able to review the stuff before we talk to the
21 judge.
22 MR. HART: Okay.
23 Q. And you mentioned a little while
24 ago about a difference in your mind between an
25 external lick -- link and external link was a
162
1
2 question of control over the link to matter.
3 If I can summarize your testimony that way, is
4 that a fair characterization?
5 A. Yes.
6 Q. With respect to what we've just
7 looked at in terms of the URL window, is it
8 fair to say that the links appearing on the
9 2600 page are ones that to a reasonably
10 knowledgeable person about computers like you
11 appear to be the result of someone posting
12 DeCSS as a result of 2600's cold action and
13 then providing that URL for that posting to
14 2600 in the window?
15 MR. HERNSTADT: Objection to
16 the form of the question. It calls for
17 speculation. And Professor Appel, I'm going to
18 direct you not to speculate.
19 THE WITNESS: All right. I
20 guess I won't speculate.
21 Q. Okay. Now you can answer the
22 question.
23 A. I don't know what's on -- I don't
24 know what I would get to if I traversed the
25 links shown here.
163
1
2 Q. Okay.
3 Another words they might not
4 contain DeCSS at all?
5 A. They might not even be links.
6 Q. Oh, in the sense that --
7 A. They might not be links. They
8 might be links to websites other than the ones
9 listed in the text. I don't know what you get
10 to by clicking on those.
11 MR. HART: Okay. We will stop
12 here for now.
13 MR. GOLD: One last question.
14 Your answer to our request for admissions was
15 due on Monday. I talked to Marty yesterday
16 about it, and he said he would tell me today
17 when you were answering that.
18 MR. HERNSTADT: I think the
19 problem with that was that we were served with
20 other papers and that it was misfiled. So
21 yesterday is the first time I saw it. We are
22 working on it right now and we will have it
23 you, I hope, before the end of the business
24 tomorrow. But as soon as we can possibly
25 answer it I'll get it to you.
164
1
2 THE VIDEOGRAPHER: The time now
3 is 3:18 p.m. We are going off the record.
4 (Informal discussion held off
5 the record)
6 THE VIDEOGRAPHER: The time now
7 is 4:18 p.m. We are back on the record.
8 Q. Thank you.
9 Are you getting paid for your
10 involvement in this case, Dr. Appel?
11 A. No.
12 Q. Are any expenses being reimbursed
13 to you?
14 A. We have not discussed that.
15 Q. I see.
16 Have you talked with anyone at the
17 EFF regarding this case?
18 A. No.
19 Q. Okay.
20 Do you know what the EFF is?
21 A. Yes.
22 Q. Okay.
23 Now, coming back to the four
24 categories of your contemplated trial
25 testimony, I'm going to make a statement and
165
1
2 I'm going to ask you if this fits within one of
3 those four categories.
4 A. Can you summarize the categories
5 again for me?
6 Q. Well, you're going to make me read
7 my own handwriting which is not always the best
8 idea.
9 The notion that publishing
10 information or material on the internet is the
11 best way to address the public; the distinction
12 between source and object code; the kinds of
13 uses of copyrighted materials that one in your
14 belief would need access to to engage in what
15 you call fair uses. I think that was largely a
16 topic covered by your piece with Dr. Felten.
17 A. That's right.
18 Q. And lastly there there is some
19 benefit to probing, if you will, security
20 systems to expose their weaknesses.
21 A. I would characterize the first of
22 those four slightly differently.
23 Q. I'm sorry. Please.
24 A. Which is that a useful April
25 essential part of publishing scientific results
166
1
2 is now the inclusion of source or object code
3 as part of the publication. Okay. But go
4 ahead.
5 Q. Okay.
6 We talked earlier about different
7 examples of scholarly or engineering use of
8 code. And I guess what I need you to clarify
9 for us is this: When one refers to code in the
10 course of a discussion, is it normally -- is
11 the code normally presented in a sort of
12 explicated form? And I'm using the word
13 "explicated" in a sort of English language
14 sense rather than in some kind of a technical
15 term. I'm not sure if you have a certain
16 technical word to substitite for that. Do you
17 know what I -- do you understand -- what is
18 your understanding of the word "explicated"?
19 A. In other words, additional
20 commentary?
21 Q. Right. Right. And so I guess what
22 -- what I'm -- what I'm asking you, and then
23 I'll try to make it as clear as possible is
24 that in kinds of scholarly discussion of code
25 that you talked about that in your view also
167
1
2 requires inclusion of the code, would one
3 ordinarily expect to see the code explicated in
4 some way in the context of a discussion?
5 MR. HERNSTADT: Objection to
6 the form of the question. If you understand
7 that you can answer.
8 THE WITNESS: Sometimes one
9 publishes code that contains comment within the
10 code. It has more often been my practice to
11 publish the code without a large amount of
12 internal commentary, but with a technical
13 article that may accompany it. And it may
14 accompaniment -- it may accompany it only
15 indirectly, that is in a different venue. I
16 might publish the article describing how the
17 code works in a conference or a journal and
18 distribute the code on a website.
19 Q. Okay.
20 And does that answer also apply to
21 any instance involving code relating to
22 encryption or decryption of an encryption
23 devise?
24 MR. HERNSTADT: Objection to
25 the form.
168
1
2 THE WITNESS: My previous
3 answer was about my practice and the articles
4 that I have published and the code I have
5 written and have not really been about
6 encryption and decryption.
7 Q. And can you speak to the normal as
8 you understand it in the scholarly, academic,
9 cryptographic or other academic communities in
10 relation to the publication of code as it
11 applies to encryption or decryption?
12 A. I can't speak to a specific norm in
13 the field of encryption and decryption.
14 Q. Okay.
15 And what about reverse engineering?
16 MR. HERNSTADT: Objection to
17 the form of the question.
18 Q. I'm sorry. Let me -- let me
19 rephrase the question. I'm sure it won't cure
20 the form problem, but it's actually a slightly
21 different question.
22 What about reverse engineering of
23 encryption systems? Same question.
24 A. So I'm familiar in fair detail with
25 the practice of science and the forms of
169
1
2 publication in areas most related to my own
3 research, and those have been programming
4 languages, compilers and certain aspects of
5 computer security.
6 Q. Okay. And I -- I'm sorry.
7 A. And in those areas in general
8 people public research papers in venues in
9 which there is not much room to include a lot
10 of code.
11 Q. Right.
12 A. And they public the code in other
13 venues. Partly that's because typically the
14 articles are published in print media.
15 Q. Right.
16 A. Even though the article may be
17 available on the web, there is some version of
18 it in the print media. And the code itself is
19 not well-suited to publication in the print
20 media.
21 Q. And why is that?
22 A. Because in order for people to
23 search in it and manipulate it, it needs to be
24 in digital form.
25 Q. And that's source code or object
170
1
2 code or both?
3 A. Both.
4 Q. And would you expect to see the
5 entirety of an object code utility for a
6 decryption device being made available on the
7 net for academic or encryption research
8 purposes?
9 A. Yes.
10 Q. Such that it could be used by
11 others for what we've called abusive purposes?
12 MR. HERNSTADT: Objection.
13 Assumes facts not --
14 MR. HART: I'm trying to
15 shortcut it. If you want me to go the long
16 way, I'll go the long way.
17 MR. HERNSTADT: If he can
18 answer the question, he's free to answer the
19 question. I'm just making my objection.
20 THE WITNESS: When people
21 invent let us say "encryption systems," it's
22 common to publish a paper describing the
23 encryption or decryption algorithm and source
24 code for the encryption and decryption programs
25 and object code for those programs so that
171
1
2 people can make their own experiments and come
3 to their own conclusions.
4 Q. Okay.
5 And when you say that's common
6 practice, that's what you said, right?
7 A. Right.
8 Q. By doing that, doesn't the
9 proprietor of that system or the user of that
10 system compromise that system by exposing the
11 source code and the object code?
12 A. No. In the field of cryptography
13 as practiced in the last 60 years or so, it's
14 generally accepted that the way to achieve
15 security in a system is to publish the
16 algorithms, the mechanisms of the system, and
17 keep the keys secret. And there are several
18 reasons for that. The first is that if a key
19 leaks you can always choose a different key in
20 -- in most cases. If the mechanism of the
21 system leaks, you can't choose another very
22 easily. You have the one.
23 So -- and the second reason is that
24 by exposing the mechanism to public scrutiny
25 that gives experts in the field and even
172
1
2 adversaries the opportunity to test the
3 strength of the underlying mechanism. So it's
4 generally accepted that trying to achieve
5 security of a cryptographic system by keeping
6 the mechanism secret is a kind of fallacy and
7 will not generally work well. So that's why
8 it's common practice to publish the source code
9 and object code of cryptographic systems and
10 rely on the keys to provide secrecy.
11 Q. Got you.
12 And is that your understanding of
13 how the CSS system works, that is, that it
14 depended upon secrecy of the keys?
15 MR. HERNSTADT: Objection to
16 the --
17 Q. To the extent that you know.
18 MR. HERNSTADT: Well, objection
19 to the form of the question.
20 THE WITNESS: My -- most of my
21 understanding of the CSS encryption algorithm
22 comes from reading Frank Stephenson's paper.
23 Q. Okay.
24 A. And in principle, one should be
25 able to publish the algorithm and if the key is
173
1
2 secret then one achieves security.
3 Q. Right.
4 A. His paper explains at least two
5 reasons why the particular CSS program falls
6 short of that goal. And in addition, of
7 course, there is the problem that the keys
8 themselves leaked out.
9 Q. And what is your understanding of
10 Stephenson's two reasons?
11 A. The first reason is that the CSS
12 program uses keys of only 40 bits, and this was
13 to comply with U.S. law at the time that it was
14 designed. And for a computer to search through
15 the space of 40 bit keys, wouldn't take too
16 long. So that is the computer -- you could
17 write a computer program to try every key.
18 And the second reason is that even
19 within the space of 40 bit keys, the algorithm
20 itself seems to be badly designed so that you
21 have an effective strength equivalent to 25 bit
22 keys. There are only approximately 30 million
23 25 bit keys so it's not difficult for a
24 computer to try them all.
25 Q. Do you have any understanding of
174
1
2 how CSS was actually hacked?
3 MR. HERNSTADT: If you know.
4 THE WITNESS: No, I don't.
5 Q. Do you have any anecdotal
6 understanding based on your reading of any
7 materials?
8 A. What I have read in -- I believe in
9 documents that are evidenced in this case is
10 that some of the information may have leaked
11 from a company that was licensed to make a DVD
12 player for Microsoft Windows.
13 Q. Now, when you say that it's not
14 that hard to get a computer program to run all
15 the permutations for you before it figures out
16 a 40 bit or 28 bit key length -- do I have that
17 right so far?
18 A. Right, right.
19 Q. Do you know if that is in fact,
20 based on what you've heard or read, what
21 happened here?
22 A. What I've read leads me to believe
23 that that is not what happened.
24 Q. Right.
25 A. And that the keys themselves were
175
1
2 leaked from one of the companies licensed to
3 make a DVD player.
4 Q. Got you.
5 Is the effort to discern the
6 various permutations leading to the key through
7 the application of computer programs called a
8 brute force attack? Is that -- do I have the
9 terminology right?
10 A. More or less.
11 Q. Okay.
12 A. Let us say that searching through
13 the space of 40 bit keys would be a brute force
14 attack, and Stephenson's description of an
15 algorithm it would take time proportional only
16 to 2 to the 25th instead of 2 to the 40th would
17 not be a brute force, it would be something
18 some what more elegant than brought force. And
19 --
20 Q. Sorry, I thought it was 2 to the
21 28th, not the 25th.
22 A. It was the 25th.
23 Q. 25th. Excuse me.
24 A. And that kind of search would be
25 approximately 30,000 times faster than
176
1
2 searching through a 2 to the 40th.
3 Q. Because that wasn't done in this
4 case as far as you know?
5 A. From reading the documents it
6 appears that that was not how --
7 Q. Right.
8 A. -- it was originally cracked. And
9 it may be that somebody like Frank Stephenson
10 did the experiment to see whether it would have
11 been possible from the beginning.
12 Q. After he had the algorithm?
13 A. That's right.
14 Q. After it was discerned from the
15 fact that the keys, I think as you said, were
16 exposed?
17 A. Right.
18 Q. Now, using the key analogy, again
19 to the best of your understanding, where does
20 DeCSS fit into the process? Does DeCSS include
21 the keys?
22 MR. HERNSTADT: Objection to
23 the form of the question.
24 THE WITNESS: Yes. I believe
25 that DeCSS as it's distributed contains keys.
177
1
2 Q. Okay.
3 So the notion that you described
4 earlier in terms of an acceptable cryptographic
5 model for publication and external testing,
6 namely to publish the mechanism but not the
7 keys, if I got it right, is not equivalent of
8 make DeCSS available on the internet is it?
9 A. When I talked about the general
10 procedure of publishing the mechanism but not
11 the keys, I was talking about the designers and
12 commercializers of the cryptographic system
13 itself. I wasn't really talking about people
14 who were reverse engineering the system.
15 Q. Right.
16 A. That is, it's very typical for
17 people inventing and marketing a cryptographic
18 system to themselves publish the details of the
19 algorithm.
20 Q. Got you.
21 A. So I think the analogy doesn't
22 really hold for that reason.
23 Q. Right.
24 Is there, in your view, reverse
25 engineering utility to the publication of
178
1
2 DeCSS? And by "publication" I mean making
3 available of the software, not descriptions
4 about it.
5 A. Yeah, it enables the use of DVD
6 movies that people purchase on other kinds of
7 encryptment than those licensed by the DVD
8 manufacturers.
9 Q. How do you know that?
10 A. From -- I guess from my reading of
11 claims about DeCSS in the documents relating to
12 this case.
13 Q. Would you say that Linux users are
14 mainstream or more sort of esoteric level
15 computer users generally?
16 MR. HERNSTADT: Object to the
17 form of the question.
18 Q. And you can use your owning words.
19 I'm just --
20 A. Right.
21 Linux is very widely used. It's an
22 operating system that runs on many mainstream
23 servers, it's supposed by IBM and other
24 companies for use on equipment that they sell
25 because in many ways it's more secure and more
179
1
2 reliable than Microsoft Windows. I use Linux
3 in my daily research.
4 Q. At school.
5 A. Yes, at Princeton University.
6 Q. Right.
7 A. I use a machine in which, you know,
8 some of the windows on my screen are open to
9 Linux servers and others are open to Microsoft
10 windows machines as a matter of course.
11 Q. Okay.
12 But leaving aside sort of
13 industrial level computers, leaving aside what
14 you have in the university right now, I guess,
15 and looking at it from the standpoint of
16 playing back DVD movies which you just
17 mentioned a moment ago, what's a basic system
18 comprised of Linux operating system, what have
19 you, cost? I mean, are we talking about
20 something that's the equivalent in place of an
21 IBM P.C. plus the accessories or --
22 MR. HERNSTADT: Objection to
23 the form of the question.
24 MR. HART: Okay.
25 MR. HERNSTADT: To the extent
180
1
2 that it was intended to be a restatement it
3 wasn't. To the extent it wasn't intended to be
4 a restatement, then it's just a confusing
5 question. But I think it's -- that's clear.
6 Q. Leaving aside the servers that are
7 available in universities right now, okay, for
8 a home P.C. Linux user, what are we talking
9 about in terms of the price of a normal kit?
10 A. The equipment that runs Linux is
11 basically the same equipment that runs
12 Microsoft Windows. And that ranges, you know,
13 from a thousand dollars on up.
14 Q. Okay.
15 MR. HERNSTADT: Off the record.
16 Does this mean that you're done?
17 MR. HART: Excuse me?
18 MR. HERNSTADT: Does this mean
19 you're done?
20 MR. HART: No.
21 Q. Do you know what the cost of a
22 commercially available CSS-licensed DVD player
23 is? By "cost" I mean what it would cost a a
24 consumer to buy one.
25 A. No.
181
1
2 Q. Now, apart from enabling playback
3 on another system -- and I believe you were
4 talking about Linux. I don't know if you said
5 that explicitly or not.
6 A. I believe I said Linux.
7 Q. Yeah.
8 A. But it would apply in general.
9 Q. Okay.
10 To your knowledge, are there any
11 other reverse engineering values to the
12 providing of DeCSS code?
13 A. It would enable the kind of
14 scholarly research that I described in the
15 attachment to my declaration, it would --
16 Q. Namely decryption for the purposes
17 of making what you call a fair use?
18 A. Right.
19 Q. Okay.
20 Anything else?
21 A. It would permit the viewing of
22 material on many other kinds of devices perhaps
23 not envisioned by the manufacturers of the DVDs
24 such as, you know, large-screen displays that
25 take a different kind of input or devices for
182
1
2 the handicapped. I believe that professional
3 librarians in general have an interest in
4 archiving the material that they purchase and
5 to make that easier.
6 Q. Okay.
7 A. So there are many such uses.
8 Q. Now, does the provision of DeCSS
9 code in itself enable such uses or are we
10 talking about using DeCSS in conjunction with
11 other things that have to be developed in order
12 to engage in the kinds of uses that you are
13 talking about?
14 MR. HERNSTADT: Objection to
15 form. Go ahead.
16 THE WITNESS: I believe that
17 for many of these kinds of uses one would
18 connect the DeCSS to an Mpeg player, and Mpeg
19 players are and have been available. So I
20 guess DeCSS is the component that fills the
21 major hole in this process.
22 Q. By unlocking the encryption?
23 A. Right.
24 Q. But DeCSS in itself is not a player
25 or a playback device as far as you know?
183
1
2 A. As far as I know.
3 Q. And DeCSS has no utility to decrypt
4 anything other than CSS as far as you know; is
5 that right?
6 A. That's right.
7 Q. Apart from the filing of the
8 affidavits that you mentioned in the Younger
9 and Bernstein cases, have you ever been
10 testified in any court cases?
11 A. No.
12 Q. And apart from the filing of those
13 two affidavits and the declaration that you
14 filed in this case, have you made any other
15 filings in any court proceedings?
16 MR. HERNSTADT: No. Was your
17 earlier question meant to ask if he testified
18 in Younger and Bernstein? Because you said
19 that he filed papers and said other than that
20 well, you know, I --
21 MR. HART: Thanks. That's a
22 good clarification.
23 Q. You didn't personally testify
24 beyond supplying affidavits in this case, did
25 you?
184
1
2 A. That's right.
3 Q. Now, is it your concern that by
4 prohibiting the trafficking in decryption
5 devices that the kinds of uses that you've
6 described in your article and that you've
7 described here in your deposition would be
8 inhibited or impeded? Is that the basic gist
9 of your testimony?
10 A. That's one of the two basic gists.
11 Q. Okay.
12 What's the other?
13 A. That by prohibiting the
14 dissemination of DeCSS then the freedom to
15 concretely discuss security systems in general
16 will be inhibited.
17 Q. Are you aware that there are
18 exceptions in the DMCA circumvention provisions
19 regarding encryption research and reverse
20 engineering and the like?
21 A. Yes.
22 Q. And you make this statement not
23 withstanding the existence of those exceptions?
24 MR. HERNSTADT: Objection to
25 the form. Argumentative. You can answer.
185
1
2 THE WITNESS: I'm not familiar
3 in great detail at the moment with the text of
4 that law.
5 Q. I understand.
6 A. And one of my concerns is that in
7 the free scholarly discussion of any issue one
8 is never sure who are the interested audience.
9 Q. Who do you mean by that?
10 A. When I publish a paper I have some
11 idea of the community of scholars who are going
12 to read it.
13 Q. Right.
14 A. And yet most of the people who are
15 going to read it and make use of it, I don't
16 know in advance who they are. And I would not
17 like to be limited to speak only to those
18 identified in advance about the results of my
19 research.
20 Q. And is there something that
21 suggests to you that the statue would so limit
22 you?
23 A. If the distribution of research
24 results about security is limited to those who
25 are officially identified as experts in
186
1
2 cryptography, that would in my view make it
3 quite a bit more difficult to widely
4 disseminate the results of the research to the
5 best audience.
6 Q. Okay.
7 And in what you're referring to as
8 dissemination of research you are also
9 including the provision of code including
10 executable utility?
11 A. That's right.
12 Q. Including an executable utility
13 that could decrypt an encryption system?
14 A. That's right.
15 Q. So do you have a better approach?
16 I mean, do you -- and I'm not saying this
17 facetiously. I need to understand where you
18 come out Andrew Appel. Does that mean that
19 there shouldn't be any laws regarding
20 circumvention or the proliferation of
21 circumvention devices?
22 MR. HERNSTADT: Objection. The
23 form of the question. And there is a couple of
24 ones there. You can answer, I guess, the last
25 question.
187
1
2 Q. Yeah.
3 A. In the case where a circumvention
4 device has important social useful purposes or
5 in the case where the discussion of how secure
6 a system really is has a socially useful
7 purpose, then I think it's important to freely
8 discuss and publish the circumvention devices.
9 Q. Okay.
10 So to take the second part of what
11 you said to its logical conclusion, if a system
12 can be hacked, then the results of the hack
13 including the utility to accomplish he
14 defeating the system should be published for
15 the reasons you described notwithstanding the
16 fact that as we talked about earlier there is
17 potential for abuse?
18 MR. HERNSTADT: Objection to
19 the form of the question. It is a mish-mash of
20 hypothetical and --
21 MR. HART: Fine. You got your
22 objection on.
23 MR. HERNSTADT: Right.
24 THE WITNESS: Perhaps I can
25 answer that with a concrete example. There
188
1
2 have been systems published in the form of
3 executables that allow people to scan the
4 internet for sites that have left doors open,
5 so to speak. And many of the users of those
6 tools are system administrators who scan their
7 own sites to see if the doors have been left
8 open. And if those system administrators could
9 not get access to the tools by being able to
10 freely download them from the web, then the
11 only people who would have those tools are the
12 ones to develop them. Which might not be the
13 good guys.
14 Q. Right.
15 Now give me a concrete example of
16 now pointing out the security flaws of CSS is
17 helpful to the people that rely on CSS for
18 encryption.
19 A. Suppose there is a content provider
20 who is considering the possibility of using
21 CSS, licensing it from the Copy Control
22 Association, and they are not sure of how
23 secure the system is. Then having had a open
24 discussion of the level of security achieved by
25 CSS would be to the advantage of that party.
189
1
2 Q. And it would be needful to also
3 provide the executable utility to inform that
4 person?
5 A. Any kind of scientific claim is
6 best supported by evidence.
7 Q. I understand.
8 A. So that the reader of that claim
9 can repeat the experiment and replicate the
10 results.
11 Q. And it's on that basis that you
12 believe with respect to the second prong of
13 your testimony that there is value in the
14 trafficking of CSS as an executable utility
15 because it allows people to verify the fact
16 that CSS indeed can be defeated and somehow
17 even enures to the benefit of potential
18 licencees of CSS? Is that a good one to sum
19 that up?
20 MR. HERNSTADT: Objection.
21 Misstates the testimony of the witness.
22 THE WITNESS: I think that's a
23 good approximation of some of what I said.
24 Q. Okay.
25 Now, let's go to the first prong of
190
1
2 your testimony that somehow any law prohibiting
3 trafficking in circumvention devices would
4 prevent people from making uses of copyrighted
5 content that they should otherwise be able to
6 make. That's the first prong, right?
7 A. Right.
8 Q. We've recognized, at least
9 theoretically, the potential for abuse of
10 proliferating decryption devices?
11 A. Right.
12 Q. You need to -- thank you.
13 Is it your testimony that if there
14 are some good uses in your estimation, that
15 that has to outweigh the risks of abuse or are
16 you setting a higher standard by saying that it
17 has to be the preponderant use that's a good
18 use before you'll let that outweigh the
19 potential for abuse? I'm just trying to get a
20 sense again of where you draw the line here.
21 MR. HERNSTADT: Objection to
22 the form of the question.
23 MR. HART: That's fine.
24 THE WITNESS: I'm not sure
25 where I would draw the line in general. In
191
1
2 this case, there are very substantial good uses
3 to which this tool can be put, and in my
4 opinion outweighs the potential for abuse in
5 this particular case.
6 Q. Can you give me an example of the
7 decryption device that in your estimate would
8 not satisfy your test and that should be
9 prohibited?
10 MR. HERNSTADT: Objection.
11 Calls for speculation.
12 Q. Or is there one? I mean, that may
13 be an answer, too.
14 MR. HERNSTADT: Objection.
15 THE WITNESS: Most uses of
16 encryption involve the publication of the
17 encryption and decryption programs. Could you
18 repeat the question?
19 MR. HERNSTADT: Can we stop for
20 a second?
21 THE VIDEOGRAPHER: Off the
22 record. The time now is 4:56 p.m. We are
23 going off the record.
24 (Informal discussion held off the
25 record)
192
1
2 THE VIDEOGRAPHER: This is
3 Videotape Number 3 of the continued videotape
4 deposition of Andrew Appel. The time is 5:03
5 p.m. and we are back on the record.
6 MR. HART: There was a question
7 pending during this interruption. And --
8 MR. HERNSTADT: Can you repeat
9 the question?
10 MR. HART: I think to save time
11 I will just restate it.
12 My question is, in view of
13 everything you've said about what you view as
14 reasons to circumvent encryption systems for
15 what you consider to be legitimate purposes,
16 are there any situations that you envision in
17 which the proliferation of a circumvention
18 device would be inappropriate?
19 MR. HERNSTADT: Objection to
20 the form of the question. Misstates the
21 testimony.
22 THE WITNESS: In the two
23 particular criteria that I have used in this
24 case are that there are substantial legitimate
25 fair uses of the circumvention device and
193
1
2 substantial interest in freedom to discuss the
3 implementation and evaluation of security
4 devices.
5 Q. Right.
6 A. And I suppose if there were some
7 decryption system where neither of those issues
8 came up, I don't know how I'd feel.
9 Q. Can you envision such a situation?
10 I mean, isn't the purpose of an encryption
11 device to beat an encryption system, to get
12 into the content?
13 MR. HERNSTADT: Objection to
14 the form of the question. Argumentative.
15 THE WITNESS: The usual purpose
16 of a decryption device is to decrypt encrypted
17 material, and anyone who uses encrypted
18 material legitimately or otherwise needs a
19 decryption device.
20 Q. Now, in some of the examples that
21 you posed in your article you I think
22 acknowledged earlier, say, in the case of
23 Shakespeare that there was no copyright problem
24 with getting at Shakespeare.
25 MR. HERNSTADT: Object to the
194
1
2 form of the question. I'm not sure what
3 "getting at" means.
4 Q. I'll rephrase that. Sorry.
5 You wouldn't have a copyright
6 problem in reproducing the works of William
7 Shakespeare, right?
8 MR. HERNSTADT: Subject to the
9 stipulation. He's not a lawyer.
10 MR. HART: Right. I know.
11 THE WITNESS: But if a scholar
12 purchased the works of Shakespeare in digital
13 form with a -- an access -- technological
14 access control device on it, then he would need
15 to circumvent that access control device to do
16 that research regardless of whether the
17 material was legally under copyright or not.
18 Q. Got you.
19 And one of your concerns is that if
20 someone encrypted Shakespeare that the law
21 could be read to basically prevent the people
22 from getting access to Shakespeare even though
23 it was no longer in copyright; is that -- is
24 that right?
25 MR. HERNSTADT: Objection to
195
1
2 the form.
3 THE WITNESS: It will always
4 been possible to get access to Shakespeare in
5 printed books, I imagine.
6 Q. No, I meant in the encrypted form.
7 A. But access in a particular digital
8 form that might be most useful for the
9 scientific research might be hindered by the
10 technological device even though Shakespeare is
11 not under copyright.
12 Q. Got it.
13 You are aware that right now there
14 are currently now prohibitions against acts of
15 ircumvention?
16 MR. HERNSTADT: Objection to
17 form.
18 THE WITNESS: What you mean is
19 the date on which certain provisions of the
20 DMCA become effective? Yes, I'm aware of that.
21 MR. HART: I think I'm going to
22 thank you for your time. I'm sorry that we did
23 not get to see some of the documents that you
24 had, but that counsel apparently advised you
25 you shouldn't turn over. So I'm not going to
196
1
2 close the deposition record at this point. And
3 obviously there may be some issues in terms of
4 what I think we are going to get to next,
5 namely your availability for trial and the use
6 of that deposition. But that need not concern
7 you right now, Dr. Appel. I want to thank you
8 for your patience and your candor.
9 THE WITNESS: You're welcome.
10 THE VIDEOGRAPHER: Off the
11 record for a moment?
12 MR. HART: We can stay on the
13 record.
14 I just want to make it clear
15 that we object to any effort on defendant's
16 part to try and use this deposition in lieu of
17 having the witness appear, including the fact
18 that despite everything that's been said or not
19 said we were only given notice of that this
20 morning as the deposition began.
21 And having said that, I would
22 just admonish that, you know, if you have
23 redirect or whatever you want to call it of
24 this witness, that you keep my objection in
25 mind because we are not waiving it. And we by
197
1
2 no means agree to allow this deposition to be
3 used in lieu of trial testimony.
4 MR. HERNSTADT: On the grounds
5 of -- the grounds that you just stated?
6 Q. As well as any others which I don't
7 think I need to detail right now for the
8 purpose of this record.
9 MR. HERNSTADT: Okay.
10 EXAMINATION
11 BY MR. HERNSTADT:
12 Q. Professor Appel, you've talked a
13 little bit about the difference between a
14 source code and an object code. Does it matter
15 if you get or if you can find on the internet
16 the utility in source code or in object code?
17 MR. HART: Form.
18 THE WITNESS: Matter for what
19 purpose?
20 Q. Does it -- for the ability to use
21 the utility.
22 A. If you get a utility in source code
23 form you have to compile it. This requires a
24 compiler, compilers are generally available, so
25 one would have to push the appropriate buttons
198
1
2 to convert the source code form of a program to
3 object code by running the compiler on it.
4 For other purposes such as
5 understanding how it works it may make a
6 difference whether you get source code or
7 object code.
8 Q. And in terms of the results --
9 strike that.
10 In terms of the content of the
11 code, is there a difference between the source
12 code and the object code?
13 A. The source code will have a little
14 bit more of the structure of the program as
15 designed by a human, and it will have
16 components and these -- as they are named by
17 the human, and these are generally lost in the
18 translation from source code to object code.
19 Q. Okay.
20 And is -- have computer programs
21 always been written in source code?
22 A. Until about 1955 or '60, computer
23 programs were written in object code and at
24 that time translators were insubsequented
25 called compilers to translate from source code
199
1
2 to object code.
3 Q. Is source code a language that any
4 person who can read English can read?
5 A. I think to read source code one
6 would need some knowledge of computer
7 programming which could be achieved by
8 self-study or by taking a course in computer
9 programming.
10 Q. So source code is not something you
11 could pick up on a piece of paper that had
12 source code on it, if you had no source code
13 training you couldn't pick it up and read it?
14 MR. HART: Object. Form.
15 THE WITNESS: One couldn't make
16 much sense of it.
17 Q. That's what I meant. Thank you.
18 Can -- is there any pedagogic or
19 pedagogical utility to having access to DeCSS
20 in source code and/or object code?
21 MR. HART: Form.
22 THE WITNESS: If one is
23 teaching, let's say, a college course on
24 computer security or cryptography, one would
25 want to perhaps use it as a case study. In
200
1
2 order to learn how to build secure systems, one
3 needs to study what kinds of weaknesses can
4 occur in real systems. And this would be a
5 good example.
6 Q. And what would the impact on you of
7 a bar posting DeCSS?
8 MR. HART: Object. Form and
9 testimony.
10 Q. You can answer.
11 A. In general, it would mean that if I
12 were to do research in that aspect of computer
13 security, I would not be free to publish all of
14 my results in that area if they related
15 specifically to CSS, and I would not be able to
16 -- if I were not able to access DeCSS from
17 other websites, then I would not be able to use
18 it in experiments on computer security and I
19 would not be able to use it if I had occasion
20 to make the kinds of examinations of DVD movies
21 described in the article that we submitted to
22 the copyright office.
23 Q. Earlier Mr. Hart asked you about a
24 utility called PGP.
25 A. Yes.
201
1
2 Q. What is PGB?
3 A. PGP stands for pretty good privacy.
4 It was invented approximately 10 years ago by
5 Phil Zimmerman. It implements the RSA
6 cryptographic algorithm which can be used to
7 encrypt computer files and also to
8 authenticate, that is digitally sign computer
9 files.
10 Q. And so has this program been around
11 for about 10 years you said?
12 A. Approximately 10 years.
13 Q. And has it been available for 10
14 years?
15 A. At the time that the program was
16 invented, United States State Department
17 regulations prohibited that export of
18 cryptographic algoritms, so there was a legal
19 restriction on posting it to the web. However,
20 it was posted to the web from Finland and other
21 places. So that it was generally available.
22 Q. And was it generally used?
23 A. I think there may have been a few
24 people that used it regularly at that time, and
25 maybe more who tried it out to see how it
202
1
2 worked, such as I did. I think it's in
3 substantially wider use now and very likely in
4 many commercial applications.
5 Q. When you say "now," what do you
6 mean?
7 A. I mean in the last two or three
8 years.
9 Q. Okay.
10 And when did it stop being illegal
11 to use?
12 A. I think it's never been illegal to
13 use it. It's been illegal to export the
14 program.
15 Q. Okay.
16 Does that mean it's illegal to post
17 it on the internet?
18 A. Recent changes announced by the
19 administration in the last few months have
20 liberalized the controls on the export of
21 Kirkpatrick software. So I believe that it is
22 now legal to post that software on the
23 internet. But at least according to the
24 administration's interpretation of the laws
25 until this year, they would say that it was not
203
1
2 previously legal to post that software to the
3 internet.
4 Q. Okay.
5 Now, Mr. Hart asked you before
6 about using a CD rom to access music in a
7 digital form as opposed to -- for research
8 purposes as opposed to downloading the digital
9 information onto hard disk. Are there reasons
10 why you would want to put that music on a hard
11 disk in order to use it for research purposes?
12 A. You might wish to scan more than
13 one disk's worth at once or the access to the
14 material might be faster from a hard disk from
15 than from the CD rom drive.
16 Q. Okay. Do you want to --
17 You were asked a number of
18 hypothetical questions or even non-hypothetical
19 questions about posting DVD movies on the
20 internet. Is -- do you understand that it's
21 possible to -- that's practical to post DVD
22 movies on the internet?
23 MR. HART: Object. Form and
24 prior testimony.
25 Q. I'm asking specifically in
204
1
2 connection with the questions that Mr. Hart
3 asked about --
4 MR. HART: Go ahead.
5 Q. -- posting an unencrypted content
6 on the internet.
7 MR. HART: I maintain the
8 objection.
9 THE WITNESS: From documents
10 that I've read in connection with this case I
11 have the impression that a DVD movie is several
12 gigabytes. One can certainly put a several
13 gigabyte file on a website. It might be quite
14 inconvenient and time consuming to download it.
15 Q. Is -- are DVD movies the only
16 copyrighted material that can be put on the
17 internet in a digital form?
18 A. Many kinds of copyrightable digital
19 materials are described in the paper that we've
20 been discussing that Ed Felten and I wrote
21 including text such as books and articles;
22 audio, such as music and other kinds of sounds;
23 video, such as movies and basketball games; and
24 even computer programs themselves.
25 Q. I'd like you to take a look at
205
1
2 Exhibit 1, which is your declaration. And
3 turning to Paragraph 3, could you tell me what
4 the basis is for the statement you make that
5 Paragraph 3, "publication of ideas which
6 includes in particular publication by means of
7 posting and linking on the internet is a
8 fundamental part of the academic world"?
9 A. Doing scientific research does the
10 world no good if the results of the research
11 can't be understood and used by other than the
12 scientist who invented it. So we need to
13 publish in order to get those ideas out into
14 the world so they can be used.
15 Furthermore, some of the results we
16 come up with are not actually correct or if
17 correct, they are sometimes not useful or if
18 useful, they are sometimes not interesting. So
19 one purpose of publication is to allow the
20 community, the scientific community and the
21 broader community to evaluate those ideas and
22 respond to them.
23 Q. Okay.
24 And the basis of that statement is
25 what?
206
1
2 A. That -- that I myself have used the
3 results of other people's scholarship that I
4 learned of by reading published papers and I
5 have seen papers published that refute some of
6 the claims made by other published papers which
7 helps me in that don't rely so heavily on
8 refuted ideas.
9 Q. Do you have any personal experience
10 in the publishing of academic papers?
11 A. Yes. I've published a few does
12 papers that are listed in the vita attached to
13 my declaration. And I have had civil graduate
14 students who have published papers that I've
15 advised on how to write papers and publish
16 them.
17 Q. Have you been involved in any
18 editorial capacity in the publishing of papers?
19 A. Yes. I've served on programming
20 committees of conferences where we decide which
21 papers are correct enough and interesting
22 enough to merit publication in a conference,
23 and I've served as associate editor of two
24 different journals as the editor-in-chief of
25 one journal where I decide on editorial
207
1
2 policies and work with associate editors to
3 decide which papers are worthy of publication.
4 Q. Turning to Paragraph 4 of your
5 declaration, what's the basis for the -- the
6 examples that you set forth in this paragraph?
7 A. In this paragraph I was
8 specifically discussing a published idea that
9 looked apparently correct to the editor of the
10 jornal and to the external referees selected by
11 that editor. So that the article in question
12 was published in the ACM transactions on
13 programming languages and systems. And only a
14 few years later, after evaluation by other
15 members of the academic community by specific
16 people who could not have envisioned,
17 specifically by the editors of the journal at
18 the time the paper was submitted, found an
19 error in the paper and so they published a
20 response paper that was then published in the
21 same journal.
22 Q. Okay.
23 And what is the basis for the
24 statements you include in Paragraph 6 of the
25 declaration?
208
1
2 A. When one publishes a scientific
3 idea, one generally tries to provide with it
4 enough convincing evidence that will allow
5 other scientists either to duplicate the result
6 or to fail to duplicate the result, which is
7 also interesting, or to use the result in
8 coming up with successor results. And
9 especially in the field of computer science,
10 but now also in the field of biology and
11 economics and chemistry and so on, many of the
12 scientific results are partially embodied in
13 computer programs and the effective publication
14 of evidence for the scientific advance that
15 requires the publication of those programs.
16 Q. And is that based on your
17 experience as an academic and an editor?
18 A. That's right that's right.
19 MR. HERNSTADT: Bill, give me
20 give mines. I may be able to wrap this up
21 quickly.
22 THE VIDEOGRAPHER: The time now
23 is 5:30 p.m.. We are going off the record.
24 (Informal discussion held off the
25 record)
209
1
2 THE VIDEOGRAPHER: The time now
3 is 5:43 p.m. We are back on the record.
4 Q. Professor Appel, looking at
5 Plaintiff's Exhibit 1 which is your
6 declaration, is everything in this declaration
7 true and correct and accurate?
8 A. I think the sentence in Paragraph 1
9 describing my research is a little bit out of
10 date. It correctly describes my research up to
11 a couple years ago. Now the focus of my
12 research is more in certain aspects of computer
13 security, more particularly in the protection
14 of computer systems from computer viruses and
15 in protocols for authentication over
16 distributed systems.
17 Q. Okay.
18 And with respect to your expertise
19 in the areas of source code and object code, is
20 that the result of your current research or is
21 that something that you had acquired prior to
22 beginning the current research?
23 MR. HART: Object. Form.
24 THE WITNESS: I think it's
25 both, that my previous research in compilers
210
1
2 directly involves source code and object code
3 and the relation between them and my current
4 research is in finding ways to prove the safety
5 and security of object code itself based on
6 knowledge of the structure of the source code.
7 MR. HERNSTADT: I don't have
8 any further questions.
9 MR. HART: I just have one
10 question.
11 EXAMINATION
12 BY MR. HART:
13 Q. Despite everything you've said
14 about your specialization in matters of
15 security systems and everything else, you have
16 not at any time seen fit to post or link to
17 DeCSS in source or object code form on your
18 site; is that correct?
19 MR. HERNSTADT: Objection to
20 the form of the question.
21 THE WITNESS: I have not posted
22 DeCSS on my site.
23 Q. Pardon?
24 A. I have not posted DeCSS on my site.
25 Q. Do you link to it?
211
1
2 A. If I link -- link to it it's only
3 very indirectly.
4 MR. HART: Again, I thank you.
5 Subject to all the reservations of all the
6 appropriate rights, without belaboring them,
7 for your benefit I won't.
8 Ed, just for housekeeping, the
9 deal that you made with Leon hours ago, and it
10 really was hours ago now, was that you'd wait
11 until you got back to your office, give you an
12 hour essentially and get back to the schedule.
13 MR. HERNSTADT: Obviously
14 that's been affected by the fact that the judge
15 called and we had a conference a 3:30 and the
16 judge instructed me to meet with Chuck Simms
17 for as long as it takes to -- to look at all
18 the documents. I was pointing out the door.
19 There is something like 15,000 pages of
20 documents. What I am going to do is after I he
21 is escort Professor Appel out I'm going to call
22 my office and where I instructed him before we
23 went through this last bit to check all my
24 E-mails and to check all my messages and I'm
25 going to get another body over here so that I
212
1
2 can do both at once.
3 MR. HART: So you're going to
4 stay here, at Proskauer's offices?
5 MR. HERNSTADT: I'm going to
6 stay here. It's going to take a little longer
7 to do what had to be done and I'm going to have
8 to ask for the use of your telephone system,
9 but I'm going to try to get that done, as well.
10 MR. HART: We'll accommodate
11 you. I guess all I'm trying to extract for you
12 is the assurance that you will be conferring
13 with my colleague, Mr. Gold, this evening
14 subject what the judge ordered to work out
15 scheduling issues.
16 MR. HERNSTADT: Subject to the
17 requirements of the court, I will do what I
18 said I was going to do.
19 MR. HART: Thank you so much.
20 THE VIDEOGRAPHER: This
21 completes Videotape Number 3. The time now it
22 5:47 p.m. We are going off the record.
23
24 ______________________________
ANDREW W. APPEL
25
213
1
2 Subscribed and sworn to
3 before me on this _____ day of
4 ______________________, 2000.
5
6 _________________________________
Notary publish
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
214
1
2 CERTIFICATION
3
4 I, MICHELE ANZIVINO, a Notary
5 publish in and for the State of New York, do
6 hereby certify;
7 THAT the witness whose
8 testimony is hereinbefore set forth, was duly
9 sworn by me; and
10 THAT the within transcript is a
11 true record of the testimony given by said
12 witness.
13 I further certify that I am not
14 related, either by blood or marriage, to any of
15 the parties to this action; and
16 THAT I am in no way interested
17 in the outcome of this matter.
18 IN WITNESS WHEREOF I have
19 hereunto set my hand this 29th day of June,
20 2000.
21
22 ___________________________
MICHELE ANZIVINO
23
24
25