Home About Publications Practical Cryptography  

Declaration of Niels Ferguson in the Felten vs. RIAA case 


Grayson Barber (GB 0034)                
Grayson Barber, L.L.C.              
68 Locust Lane              
Princeton, New Jersey 08540             
(609) 921-0391                  

Frank L. Corrado (FLC 9895)                         
Rossi, Barry, Corrado & Grassi  
2700 Pacific Avenue
Wildwood, NJ 08260
(609) 729-1333
Attorneys for Plaintiffs    

              IN THE UNITED STATES DISTRICT COURT
              FOR THE DISTRICT OF NEW JERSEY

EDWARD W. FELTEN; BEDE LIU;
SCOTT A. CRAVER; MIN WU;
DAN S. WALLACH; BEN
SWARTZLANDER; ADAM
STUBBLEFIELD; RICHARD DREWS
DEAN; and USENIX ASSOCIATION,           Hon. Garrett E. Brown, Jr.
a Delaware non-profit non-stock         Case No. CV-01-2669 (GEB)
corporation,                            Civil Action
            Plaintiffs                              
vs.                                     DECLARATION OF
                                        NIELS FERGUSON
RECORDING INDUSTRY ASSOCIATION
OF AMERICA, INC.; SECURE DIGITAL
MUSIC INITIATIVE FOUNDATION;
VERANCE CORPORATION; JOHN
ASHCROFT, in his official capacity as
ATTORNEY GENERAL OF THE
UNITED STATES; DOES 1 through
4, inclusive,

                        Defendants.

I, NIELS FERGUSON, of full age hereby declare:

1. I am a resident of Amsterdam and citizen of the Netherlands.

2. I am a cryptographer and Director in a family company MacFergus BV which I have run since 1998 with my father. MacFergus BV is devoted to providing cryptography consulting services.

3. I used to work for the Centre for Mathematics and Computer Science where I invented cryptographic protocols for electronic payments. Later I worked for DigiCash where we designed and built some of the most advanced cryptographic payment systems anywhere. For Counterpane I have worked on many projects, including the development of Twofish.

4. I have published many articles and given talks on various cryptographic methods and other discoveries. I have (co)authored more than a dozen scientific papers published at conferences, several patents, and a book. I'm currently writing a book on cryptography.

5. I studied Mathematics at Eindhoven University of Technology in the Netherlands and left before obtaining a degree.

6. I have analyzed HDCP (an Intel encryption and authentication system for protecting copyrighted video signals on high definition televisions) and found serious security flaws that lead to a very practical attack. An experienced IT person could recover the master key and publish it, after which HDCP provides no protection whatsoever.

7. I have written a paper that discusses the HDCP system vulnerabilities which I wish to publish at a scientific conference. My research shows how the master key of the system can be recovered if we have access to 50 HDCP display devices and a few desktop computers. Knowledge of the master key allows recovery of all session keys, decryption of any video signal encrypted with HDCP, impersonation of arbitrary devices as well as the creation of new devices that will interoperate with existing HDCP devices.

8. As a scientist, I have been chilled from the recording industry's threats to Professor Felten's research and the arrest of Russian cryptographer Dmitry Sklyarov who revealed flaws in Adobe's security system. I had been planning to submit my HDCP paper to the Workshop on Security and Privacy in Digital Rights Management 2001 in Philadelphia on November 5th. However, since the passage of the DMCA in the United States, I feel I must censor myself in order to avoid prosecution under the DMCA. On August 8th, I sent the following email to the SPDRM Program Chair explaining why I would not be submitting the HDCP paper as expected:

Dear Tomas Sander,

I regret to inform you that I will not be submitting my HDCP paper to the Workshop on Security and Privacy in Digital Rights Management 2001. The DMCA-risks to my personal liberty and financial security are simply too great. I am very angry at this restriction of my freedom of speech. I feel violated, helpless, and out of control. They have taken away a basic human right, and there is nothing I can do about it.

I have been informed by a US lawyer specialising in this area that even publishing my paper here in the Netherlands will open the door to DMCA prosecution and liability. Not publishing this paper will damage my professional reputation, but if I do publish it I would never be able to visit the US again. This would do me even more harm, both professionally and personally.

Thank you for your support and your attempts to resolve this. Feel free to circulate this email amongst the program committee members and the conference organisers.

Best Wishes,

Niels

9. Despite the fact that I performed all the work in Amsterdam, I could face arrest if I visit the US after my research had found its way into the jurisdiction. My research is silenced since I cannot talk about my scientific results to my colleagues and peers, as is now the case since the DMCA became law in the US. Scientific freedom is not only threatened under this law, it is demonstrably curtailed.

I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct and was executed at _________________on this the ___ day of ________, 2001. 

                ______________________________
                NIELS FERGUSON

  Home About Publications Practical Cryptography  

Copyright © 2001-2003 by MacFergus BV, last update 2003-04-04.