After being quelled by the Secure Digital Music Initiative (SDMI) organization and the Recording Industry Association of America Inc. (RIAA) earlier this year, a research paper on how to crack digital music encryption is due to be presented at the USENIX Security Conference in Washington D.C. Wednesday.
The controversial paper, written by Princeton University Professor Edward Felten and his research team, was previously withdrawn from another conference last April after Felten came under pressure from the SDMI and the RIAA. The groups claimed that by presenting the findings, the team would be in violation of the 1998 Digital Millennium Copyright Act (DMCA).
The DMCA states that it is illegal to provide technology that bypasses industry controls limiting how consumers can use music they have purchased.
Felten and his team filed suit in June against the SDMI, the RIAA, the U.S. Department of Justice (DOJ), and Verance Corp., a company that made one of the watermarks Felten’s team cracked, requesting First Amendment protection to present the research without fear of reprisal.
While the suit is still under way, and the defendants have filed a motion to dismiss, Felten and some members of his team are preparing to present their findings despite the fact that they could be held in violation of the DMCA.
Felten confirmed Monday that he will attend the USENIX conference, saying “it is normal for these types of papers to be presented, which discuss the strengths and weaknesses of the technologies.”
“It is part of the scientific process,” he added.
The scientific community will be closely watching how the conference and the team’s lawsuit unfold, Felten said.
In fact, 17 top scientists appeared before a federal court Monday in support of Felten and his team, describing the stifling effects the DMCA has had on their research, according to the Electronic Frontier Foundation (EFF), the civil-liberties organization that is representing the scientists in their case.
During their testimony, the international scientists expressed concern about traveling to the U.S. where their research could be held in violation of the DMCA, the EFF said. The group noted the high-profile case of Russian programmer Dmitry Sklyarov, who was arrested after the Def Con hacker conference last month on charges of violating the DMCA.
The presence of the group of academics, cryptographers, software programmers and scientific-conference organizers came as part of the EFF’s rebuttal to claims made by the defendants in their motion to dismiss the lawsuit. The motion to dismiss states that the RIAA had no problem with the scientists presenting their research at the USENIX conference, therefore no case existed because there was no controversy for the court to decide.
The EFF, however, told the court that the RIAA threatened litigation with all parties associated with the paper’s publication, and then only relented and agreed to the presentation of the research after the scientists said that they would not go public with it.
“This underscores the problem with the RIAA,” said Robin Gross, staff attorney for the EFF. “They don’t even have to file a lawsuit; just the threat is enough to stifle research.”
Still, the RIAA and SDMI maintain that Felten and his team are free to present their research at USENIX Wednesday.
“We have no objection to the publication,” a representative for the SDMI said Monday.
When Felten was asked if he was worried about the ramifications of presenting the team’s encryption-busting research, the professor said, “I am not concerned about presenting this paper on this particular day.”
The professor added, however, that any similar research, or even a different version of the same paper, could ignite problems under the DMCA. Both the EFF and Felten claim that the RIAA and SDMI’s concession on the USENIX conference is solely due to publicity surrounding the event.
But even if the RIAA and SDMI do not pursue charges against Felten and his team following their presentation tomorrow, the scientists could still face trouble if the DOJ decides to charge them for violating the DMCA, the EFF said.
The DMCA is a new statute that gives the DOJ a host of new powers and funding opportunities, Gross pointed out, making it possible that Felten and his team could suffer the same fate as the jailed Russian programmer.
“Felten is taking his chances and being very brave,” Gross said.
“If you write something that allows somebody to copy stuff later on, you could be jailed,” Gross added.”This is a wake-up call for programmers.”
Felten and some of his colleagues will be appearing on a panel at the USENIX conference Wednesday at 6:30 p.m. Eastern Time. USENIX, which also joined as a plaintiff in the scientists’ lawsuit in hopes of being granted protection for organizing the security symposium, is planning to Web broadcast the paper’s presentation that same day, the EFF said.
SDMI, in San Diego, Calif., can be reached at http://www.sdmi.org/. Felten’s Web site is located at http://www.cs.princeton.edu/sip/sdmi. The Electronic Frontier Foundation, in San Francisco, can be reached at http://www.eff.org. Information about the USENIX conference can be reached online at http://www.usenix.org/events/sec01/.