n one of the first cases of criminal prosecution under a 1998 federal digital copyright law, a 27-year-old Russian cryptographer was arrested at a Las Vegas hotel on Monday morning, a day after giving a presentation to a large convention of computer hackers on decrypting the software used to protect electronic books.
Dmitri Sklyarov, who was being held in Las Vegas without bail, is being charged with one count of trafficking in software to circumvent copyrightable materials and one count of aiding and abetting such trafficking. Mr. Sklyarov is expected to be transferred to San Jose, Calif., where he would face charges of violating the Digital Millennium Copyright Act, a 1998 law that limits the unauthorized copying of digitized material.
Mr. Sklyarov is one author of a software package released in June that breaks through electronic book encryption developed by Adobe Systems Inc. (news/quote) He faces up to five years in jail and a $500,000 fine.
This is the first criminal case under the act involving electronic books, a small but competitive industry in which the players include Adobe, Microsoft (news/quote), Palm and Gemstar. Other high-profile cases involving the act, including one that involves decryption software for DVD's, have mostly been civil suits.
Mr. Sklyarov, a tall, lanky graduate student with a lopsided smile, is currently completing his Ph.D. at Moscow State Technical University. His dissertation, which examines the security of electronic book software, was the basis of his presentation, entitled "E-Book Security: Theory and Practice." He is the father of two young children.
Mr. Sklyarov is an employee of ElcomSoft, a small, Moscow-based company that has recently drawn the ire of Adobe for distributing a software package that circumvents Adobe eBook Reader software by converting encrypted books to unprotected files, which can then be distributed freely.
BarnesandNoble.com briefly halted distribution of Adobe-format electronic books last month, listing them as "out of stock," from June 26 to June 27 while Adobe updated its encryption software. ElcomSoft said Adobe's changes were superficial and released a new demonstration version of the decryption program shortly after Adobe's update.
Over the last several weeks, Adobe has aggressively pursued ElcomSoft, forcing it to switch Web-host services several times by sending cease-and-desist notices to Web service companies. Adobe also met with the F.B.I. on June 26 to discuss the impact of ElcomSoft on its business.
As a result of pressure from Adobe, ElcomSoft stopped selling its Advanced eBook Processor software, which initially cost $100. Instead, the company created a demonstration version that decrypts only a portion of an electronic book, and made that available free on its Web site.
Although Mr. Skylarov is a Russian citizen and ElcomSoft is based in Moscow, the sales of the product took place partly in the United States, since a United States-based company called Register Now handled the financial processing. Scott Frewing, one of the assistant United States attorneys who is handling the case, said that despite the borderless nature of the Internet "the question of jurisdiction was not particularly in contest in this case."
In his technical presentation on Sunday to an audience of several hundred people at the conference, called Def Con, Mr. Sklyarov argued that the security behind Adobe's widely used Acrobat Portable Document Format, known as PDF, is inherently flawed. "E-book distribution based on PDF technology is insecure," he said.
Bruce Schneier, a cryptographer who has written a popular textbook on the subject, agreed. "Trying to secure this is like trying to make water not wet," he said. "Bits are copyable by definition."
Nevertheless, companies are determined to protect their products and are looking to the copyright act for help. "No software on the market is 100 percent secure to determined hackers," said Susan Altman Prescott, vice president for cross-media publishing at Adobe. "We're confident that we are taking all of the right steps on an ongoing basis to incorporate the most sophisticated technologies available."
ElcomSoft is a 20-person company best known for its password recovery software for programs like Microsoft Word and Quicken, produced by Intuit. According to Aleksandr Katalov, president of ElcomSoft, the company's clients include many United States government agencies, including the F.B.I. and the Central Intelligence Agency.
The pursuit of criminal charges against an individual employee rather than the company drew surprised reactions. "I thought maybe I would be arrested because I am the owner and the president of the company, but not Dmitri," said Mr. Katalov, who also attended the conference. "But I think this is the easiest way to send a message that it is a single Russian hacker at work, but really it is the entire encryption that is flawed."