Russian crypto expert arrested at Def Con

The FBI took a Russian encryption expert into custody Monday at his hotel in Las Vegas for allegedly publishing software that cracks a variety of methods used to secure e-books.

The bureau acknowledged Tuesday that it had arrested security researcher Dmitry Sklyarov for what it said was a violation of the Digital Millennium Copyright Act. The arrest came a day after Sklyarov outlined the problems plaguing e-book formats and Adobe's PDF format at the Def Con hacking conference.

"He is being held pending extradition back to San Francisco," said Daron W. Borst, a spokesman for the FBI's Las Vegas office. According to Borst, the warrant for Sklyarov's arrest was issued in the Northern District of California. If convicted, Sklyarov would face a maximum penalty of a $500,000 fine and five years in prison.

The arrest was first reported by Planet eBook.

Sklyarov is an employee of Elcom, a Moscow-based company and the publisher of the Advanced eBook Processor, a program that cracks the encryption protection on Adobe's eBook format, converting it to Adobe PDF format.

While Elcom has been careful to stress what it sees as fair-use aspects of the program, such as making backups of e-books or enabling them to be read on other devices owned by the same user, the software has been criticized by Adobe Systems and other e-book companies as a technology that could allow the rampant copying of electronically published texts.

According to Elcom's Web site, the ability to make a backup copy of electronic software or documents is required by Russian law. The Advanced eBook Processor software only grants non-U.S. users of such software the rights they have by law, Elcom says.

Adobe has filed a lawsuit against the company and, according to the Elcom site, its complaints are the source of the warrant behind Sklyarov's arrest. Adobe could not be reached for comment Tuesday morning.

This is the second use of the DMCA's criminal provisions to prosecute a person accused of copyright infringement. Dario Diaz, a public defender in Tampa, Fla., told Def Con attendees on Saturday of another case, in which Diaz's client is accused of violations of the DMCA for creating cards that can decrypt satellite TV signals.

"This is pretty amazing," said Siva Vaidhyanathan, professor of the School of Library and Information Studies at the University of Wisconsin at Madison. "I never thought that the DMCA criminal provisions would be actively used. (Anti-piracy efforts) are usually all about threat and bluster and money."

The prosecution of the Russian software engineer should worry security researchers, said Robert Graham, chief scientist for security company Internet Security Systems.

"All security people in this industry are in danger of falling afoul of laws," he said, adding that the choice of who gets prosecuted by the FBI is typically a matter of bad luck. "There is so much stuff going on right now; if the FBI doesn't like you--if you are not squeaky clean--they can get on your case.

"Most security researchers I know aren't squeaky clean," he added.

Edward Felten, a professor of computer science at Princeton University, has already fallen afoul of the DMCA. After researching the weaknesses in several possible technologies proposed by the Secure Digital Music Initiative, Felten and his research group were prevented from publishing their research paper by the threat of a civil lawsuit. Now Felten is suing the Recording Industry Association of America and the SDMI for effectively censoring his research.

Jennifer Granick, the clinical director of Stanford University's Center for Internet and Society, has also criticized the move by the software industry and the FBI.

"American corporations have never been shy about using taxpayer money to enforce their rights," she said.

Like the Felten case, however, these cases offer an opportunity to challenge the law.

"This could be the beginning of something bad," Granick said. "Or it could be the beginning of something good--if people say, 'What the heck is this law that we've passed?'"