Hackers angry about the Federal Bureau of Investigation’s (FBI’s) arrest of Russian programmer Dmitry Sklyarov have spawned a campaign against Adobe Systems Inc., which filed the complaint leading to the arrest in Las Vegas last week after Def Con, an annual conference for hackers.
Def Con attendees Peter Shipley and Bill Scannell have launched a Web site, BoycottAdobe.com, and called on members of the security and hacking communities to not use Adobe products. They’re asking hackers to eschew such Adobe products as PhotoShop and PageMaker, and to join a letter-writing campaign to Adobe and Washington legislators who passed the Digital Millennium Copyright Act, the law under which Sklyarov is being charged.
Sklyarov, who works for a Moscow-based company called ElcomSoft, was arrested for allegedly selling software that cracks the encryption code used for electronic books produced with Adobe Acrobat. The encryption limits the use of the books by their buyers. For example, customers can’t make copies of the reading material to distribute to a second system.
Sklyarov allegedly brought 500 copies of a trial version of the program to demonstrate during his Def Con presentation, and gave information about purchasing the full program. The DMCA prohibits the distribution of such copying tools. Sklyarov, if convicted, faces a prison sentence of up to five years and a $500,000 fine.
Adobe was not immediately available to respond to the complaints. However, company officials have agreed to meet with representatives from the Electronic Frontier Foundation next week. The EFF postponed a scheduled protest at Adobe’s headquarters when the vendor agreed to meet.
Reaction in the hacking community has been “swift and strong,” says Jay Dyson, a security consultant. Like many in the hacker community, he contends the FBI arrested Sklyarov at Adobe’s urging.
“There has been a groundswell of animosity toward Adobe for bringing in the FBI to cover up their own programming mistakes,” Dyson says.
Besides the boycott and letter-writing campaign, BoycottAdobe.com is telling people to sell all but one share of Adobe stock in protest. The site advises consumers to hold or purchase one share in order to have voting rights at Adobe’s stockholder meetings.
Dyson also urges fellow hackers to exercise restraint in their complaints against Adobe.
“I would strongly urge against launching a (denial of service) attack against Adobe. That would only denigrate the position we’re taking and hurt the concept of what we’re trying to get across,” he says. “A better alternative is to just not use Adobe products.”
Paul Holman, designer and Webmaster of the boycott site, reports receiving about 500 overwhelmingly positive e-mail messages daily since the site went live on Tuesday. But the immediate goal is to get Sklyarov released, he says.
“Our aim is to put pressure on Adobe to get them to repeal their complaint against him,” Holman says.
The case could challenge the DMCA, which some contend is unconstitutional. Critics say it contradicts Supreme Court rulings that allow consumers limited rights to copy copyrighted material, such as copying music from a CD to a cassette tape.
“This legislation tries to further restrict fair use and it violates rights that the courts have already given us,” Holman says. “We’re excited about it because it represents a possibility to challenge the DMCA.”
Sklyarov’s case may not be the best legal challenge, Holman notes. His technique was to reverse-engineer Adobe’s technology, deconstructing the program’s code to see how it works. That usually violates software licenses.
“It’s unfortunate that this Russian guy is in the middle of it,” Holman says of the challenge to DMCA. “He’s the wrong guy for all of us to use to try to fix our laws.”
Dyson, who also goes by the name Cancer Omega, says the arrest will probably deter demonstrations of reverse engineering at Def Con.
“If I were to write something now on a code that I broke, I wouldn’t put my name on it,” Dyson says.
But he believes Sklyarov was arrested for simply pointing out that “the emperor has no clothes.”
“Adobe’s cryptography is fundamentally flawed. With nothing more than a good tug Sklyarov showed how quickly it all fell apart, and for that he was arrested,” says Dyson, who is also a member of Attrition.org, which tracks hacker activities.
Some hackers are concerned that the arrest at Def Con will discourage other researchers from making future presentations about technological flaws.
James Atkinson, president of security firm Granite Island Group, says he pulled out of a scheduled talk at Def Con this year when he heard rumors that “numerous arrests” would take place.
“I didn’t have any interest in being at a place where people were being arrested,” says Atkinson, whose organization helps companies develop countermeasures to combat surveillance devices. He believes Sklyarov was “exceedingly stupid” in his conduct.
“It would be the equivalent of Osama bin Laden coming to the U.S. He’d have to be out of his mind to attend a conference here when he knows he’s doing something illegal,” Atkinson says.
Dyson agrees. “If I were him, I would have teleconferenced in instead of coming to the [United States].”
However, Dyson does not expect a backlash against the federal agents who attend Def Con every year.
“The Feds have been coming undercover to Def Con for about a decade. It’s only in the last couple of years that they’ve been open about who they are,” Dyson says.