ElcomSoft refutes Adobe's charges of copyright infringement

Russian company, others address PDF security issues and concerns

July 3, 2001

By Kurt Foss, Planet PDF Editor

Threatened with legal action by Adobe Systems for developing and selling a program that allows secured ebooks in PDF to be decrypted, a Russia-based software company countered with its own claims -- that PDF is an "absolutely insecure" format for ebooks, at least in cases where the protection of the content is a primary concern.

The issue arose between the two companies soon after ElcomSoft announced the release of Advanced eBook Processor, which was described in its press release as software that "lets users make backup copies of eBooks that are protected with passwords, security plug-ins, various DRM (Digital Rights Management) schemes."

With ElcomSoft's Web site temporarily disabled and its U.S.-based ecommerce service discontinuing sales of its Advanced EBook Processor (AEBPR) based on a similar legal notice from Adobe, the company responded to the charges and subsequent 'mistruths' in coverage of the matter with a blatant attack on the security of the Portable Document Format (PDF).

ElcomSoft defends its product and purpose on its Web site by stating that "ANY eBook protection, based on Acrobat PDF format (as Adobe eBook Reader is), is ABSOLUTELY insecure just due to the nature of these format and encryption system developed by Adobe."

In addition, appears to be on the verge of freely distributing the AEBPR worldwide: "We claim that if Adobe Systems will continue to pursue us, we will publish the sources of our software in the Internet, and will do our best to make them available to everyone all over the world."

Thomas Merz, developer of PDFlib (for 'on-the-fly' PDF generation) and author of several books about Acrobat/PDF and PostScript, has been following the matter closely in Germany. At the recent PDF 2001 Conference, Merz presented a one-day course on PDF security, including a review of several programs currently available for recovering passwords and removing security from PDFs.

About the Advanced Ebook Processor product, Merz says that "ElcomSoft can only crack what is weakly protected. There are weak and strong combinations of Acrobat security, and ElcomSoft can successfully only attack the weak ones."

"On a general scale," he says, "secure e-book distribution tries to achieve the impossible: distribute content and protect it at the same time. Some crypto gurus say this will never be achievable since the client side (PCs, as opposed to dedicated hardware which may offer better protection) is so weak."

Merz also noted a fine, but significant, distinction in the controversy: "The new program allows you to save protected e-Books without any protection, but you first have to buy those (at least once)."

"It's an attack against the viewer," he says, "not the file format."

According to one security vendor, this latest controversy shows that the Digital Rights Management (DRM) market is moving from one in which vendors can claim to offer absolute security to one in which we must offer constantly updated systems to combat multiple threats. He likened security in the the changing technological landscape as moving "from a fortress model to a battlefield model."

"In this sense we become like the providers of anti-virus software and firewalls: Not a solution but a process, constantly updating to stay ahead of the crackers."

Stephen Cole, CEO of eBooks Corporation (http://www.ebooks.com/), expressed long-term confidence in Adobe's ability to protect ownership rights of PDF-based ebooks. "It's always a question of cat and mouse," Cole says. "We are partnering with a committed and formidable cat [Adobe]. In doing so, we're protecting the interests of our authors and publishers."

Adobe Systems is closed this week, but previously had declined comment on the matter.


MORE INFO

Planet eBook & Planet PDF has a regularly updated index of all articles related to this issue, as well as links to the coverage by other news outlets.