14 December 2002. Transcript purchased for $98 from Exemplaris.com.
List of daily transcripts: http://cryptome.sabotage.org/usa-v-elcom-dt.htm
This is the earliest transcript available from Exemplaris.
1
1 UNITED STATES DISTRICT COURT
2 NORTHERN DISTRICT OF CALIFORNIA
3 SAN JOSE DIVISION
4
UNITED STATES OF ) CR-01-20138-RMW
5 AMERICA, )
)
6 Plaintiff, )
) San Jose, California
7 vs. ) December 3, 2002
) DIAZ CROSS-EXAM
8 ELCOM LTD., et al., )
)
9 Defendants. )
_ _ _ _ _ _ _ _ _ _ _ _ _)
10
PARTIAL TRANSCRIPT OF PROCEEDINGS
11 BEFORE THE HONORABLE RONALD M. WHYTE
UNITED STATES DISTRICT JUDGE
12
A P P E A R A N C E S:
13
For the United States United States Attorney's
14 of America: Office
By: SCOTT H. FREWING,
15 AUSA
280 South First Street
16 Room 371
San Jose, CA 95113
17
For the Defendants: Duane Morris
18 By: JOSEPH M. BURTON, ESQ
GREGORY G. ISKANDER, ESQ
19 Spear Tower
One Market Street
20 Suite 2000
San Francisco, CA 94105
21
22
23
24 Court Reporter: PETER TORREANO, CSR
License Number 7623
25
2
1 INDEX OF WITNESSES
2 GOVERNMENT'S WITNESSES
3 THOMAS DIAZ
4 Cross-Examination by Burton P. 3
5
INDEX OF EXHIBITS
6
DEFENDANT'S EXHIBITS MARKED ADMITTED
7 145 P. 17
146 P. 31
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
3
1 San Jose, California December 3, 2002
2 PARTIAL PROCEEDINGS
3 THE COURT: Okay. Mr. Burton, do you
4 have any questions?
5 MR. BURTON: Yes, Your Honor.
6 CROSS-EXAMINATION
7 BY MR. BURTON:
8 Q Good morning, Mr. Diaz.
9 A Good morning.
10 Q How long have you been involved in the -- I'll
11 call it the eBook industry, if that's a fair term?
12 A Since early 1998.
13 Q Since 1998?
14 A Yes.
15 Q And it would be fair to say that you were one
16 of the early pioneers or individuals involved in
17 the industry?
18 A Yes.
19 Q And that was with your company Glassbook?
20 A Yes.
21 Q Glassbook was a company that was one of the
22 early, if maybe not the first, companies to be
23 providing eBooks?
24 A Well, we actually were second or third as far
25 as getting a product to market, but we started
4
1 developing our products at a -- we all started
2 developing our products at about the same time in
3 1997 and 1998. They reached the market at
4 different times.
5 Q Okay. And one of the things that you do,
6 you're involved with various standards, boards or
7 committees within the eBook community and business?
8 A Yes, I am.
9 Q For example, something called the Open eBook
10 Forum?
11 A That's correct. I'm on the board of the Open
12 eBook Forum and I'm also one of the workers in a
13 working group of the Open eBook Forum that's
14 working on digital rights management standards.
15 Q And just for the jury could you just briefly
16 explain what the Open eBook Forum is, what it tries
17 to do.
18 A Well, the Open eBook Forum is the leading
19 trade association and technical standards
20 organization involved in the electronic publication
21 industry. So it's the organization in which the
22 major technology companies, the major publishers,
23 the library associations and publisher associations
24 who belong are interested in digital publication
25 technology.
5
1 Q And I take it one of the things that it tries
2 to do and you try to do is to -- is to promote or
3 develop the eBook industry?
4 A That's right.
5 Q Okay. Now, for the jury and for myself is
6 there a standard definition of an eBook?
7 A We have -- there isn't really a completely
8 standard definition at this time. OeBF and others
9 have lexicons, you might say, that do try to define
10 those terms so they are used precisely in standards
11 and so forth.
12 Q Is there a generally accepted definition of an
13 eBook?
14 A I think the generally -- the definition we use
15 in that organization, for instance, is some words
16 to the effect that an eBook is a literary work
17 that's provided in digital form that can be
18 downloaded and the implication usually is that it's
19 copyrighted and valuable, culturally valuable. It
20 may be commercially valuable.
21 Q And, by the way, does it have to be
22 copyrighted to meet that definition?
23 A No.
24 Q And does it have to be a book in the sense
25 that we would normally think of a book that you
6
1 could go out to Barnes & Noble and buy in a store?
2 Does an eBook have to be in that form?
3 A So far -- not intrinsically, but so far in the
4 industry in 1998 in the halls of the Open eBook
5 Forum when people gather and talk about it, they
6 are talking about the same literary works that you
7 think of when you think of the word "book." They
8 are novels, popular nonfiction. They are
9 textbooks. Intrinsically the technology could be
10 used for other kinds of publications, but at this
11 time in history it normally means what you think of
12 when someone says the word "book."
13 Q For example, an e-document, would that be
14 considered an eBook?
15 A Just by its very nature it's a more generic
16 term and it suggests that it might or might not be
17 a book to me.
18 Q Well, what, for example, about a technical
19 manual that a company might produce in book format?
20 A That could certainly be published as an eBook.
21 Q Okay. Now, there are a number of eBook
22 formats, that is, file formats that exist now;
23 correct?
24 A That's right.
25 Q And the -- one of those file formats is the
7
1 PDF file format; correct?
2 A Yes.
3 Q Another is a Microsoft format that I think is
4 called lit.lit; is that correct?
5 A That's right.
6 Q Okay. And are there other formats that exist?
7 A Yes. There are at least three others that are
8 in commercial use at this point.
9 Q And what are they?
10 A Palm Digital Media has a format that it uses
11 for eBooks, mainly intended for handheld computers.
12 I forget what their file type is. Gemstar has a
13 file format that's used to provide eBooks for their
14 reading systems which are specially built hardware
15 devices. And there's a company called MobiPocket
16 that also has a format that's beginning to be used
17 by some publishers.
18 Q Okay. Now, the Adobe Acrobat -- I'll strike
19 the question.
20 Are eBooks produced for purchase in PDF
21 format?
22 A Yes.
23 Q Okay. And are there eBooks that are produced
24 for purchase to be read by the Adobe Acrobat
25 Reader?
8
1 A You said "Adobe Acrobat Reader" as opposed to
2 "Acrobat eBook"? I just wanted to clarify the
3 question.
4 Q Very well. My point. Let me restate the
5 question.
6 The Adobe Acrobat Reader is a product
7 that Adobe makes; correct?
8 A Yes, it is.
9 Q And it also makes a product called the Adobe
10 eBook Reader; correct?
11 A That's correct.
12 Q And is it correct that both of those products
13 can be used to read eBooks?
14 A Yes.
15 Q Okay. And is it correct that eBooks are sold
16 to be used by individuals for -- who have the Adobe
17 Acrobat Reader?
18 A Yes, it is.
19 Q Okay. And, I mean, there are a number of
20 books, perhaps thousands, that are sold for that
21 reader; correct?
22 A When you say "that" you mean the Acrobat
23 Reader?
24 Q The Acrobat Reader.
25 A Yes, that's right.
9
1 Q And by the same token there are many, perhaps
2 thousands, of books, eBooks, that are sold to be
3 read by the Adobe eBook Reader; correct?
4 A Yes. Far more of those at the moment.
5 Q At the moment there are far more?
6 A Correct.
7 Q Now, in, for example, 19 -- in 19 -- well, in
8 2001 was it true that there were far more Adobe
9 eBook Reader publications than Adobe Acrobat Reader
10 publications?
11 A For sale, if that's the context of your
12 question?
13 Q Yes.
14 A Yes. To the best of my knowledge, there were
15 significantly more available for the eBook Reader.
16 Q Okay. Now, when you began your company, the
17 Glassbook company, and you had a product called the
18 Glassbook Reader; correct?
19 A Yes, that's right.
20 Q And the Glassbook Reader later became the
21 eBook Reader that we now know today?
22 A Correct.
23 Q Okay. At the time that the Glassbook Reader
24 was first released -- and that was when?
25 A We first released it on Barnesandnoble.com in
10
1 January of 2000.
2 Q And my question is at the time that you
3 released that were there more eBooks available for
4 that reader than for the Acrobat Reader?
5 A Yes. I believe so, although the numbers were
6 smaller at that time for both products. But I
7 believe the answer is yes.
8 Q Okay. Now, for the Adobe Acrobat Reader, if I
9 can, the books that are produced for that, are they
10 all copyrighted?
11 A No.
12 Q Okay. So there are some eBooks that are
13 produced for the Acrobat Reader that are not
14 copyrighted; correct?
15 A Yes. The obvious examples would be old
16 classic books that are no longer copyrighted
17 because they are now in the public domain.
18 Q Okay. And the books that are produced for the
19 eBook Reader, are they all copyrighted?
20 A I think they almost all are. There could be
21 exceptions to that that I'm unaware of.
22 Q Well, when -- let me ask you this question:
23 When you first developed and introduced the
24 Glassbook Reader, were all of the works produced
25 for the Glassbook Reader copyrighted?
11
1 A No.
2 Q In fact, Glassbooks sold a number of books for
3 its reader that were not copyrighted; correct?
4 A No, that's not correct.
5 Q Not correct?
6 A We provided those books free of charge.
7 Q I'm sorry. All right. You provided them free
8 of charge?
9 A That's right. They were demonstrations of
10 them.
11 Q You provided them free of charge?
12 A We did.
13 Q They weren't copyrighted?
14 A Correct.
15 Q They were, as I think you gave the example,
16 they were generally books that were classics or the
17 copyright had expired or something; is that fair to
18 say?
19 A It is.
20 Q Now, today does Adobe provided any eBooks for
21 its eBook Reader that are not copyrighted?
22 A I believe we still have some of those same
23 books available that we were just referring to,
24 classics like The Adventures of Huckleberry Finn is
25 an example that comes to mind.
12
1 Q Okay. You said -- would "The Raven" by Edgar
2 Allan Poe, would that be another one?
3 A It would.
4 Q And you've provided those and they are
5 uncopyrighted; correct?
6 A To the best of my knowledge.
7 Q Okay. Now I want to talk a little bit about
8 the Adobe eBook Reader so we can talk about that.
9 It's essentially a -- it's essentially
10 the old Glassbook Reader that your company made;
11 correct?
12 A Yes, that's correct.
13 Q And it's been modernized some and some
14 features have been added to it, but it's
15 essentially the same book; correct? I mean the
16 same product.
17 A Same program, yes. Uh-huh.
18 Q Now, does -- the format of book that it reads
19 is based on the PDF format; is that correct?
20 A That's correct, yes.
21 Q Okay. And the format that the Acrobat Reader
22 reads is based on the PDF format as well; correct?
23 A Yes.
24 Q They are both -- both of those products are
25 based on eBooks that are in the PDF format; that's
13
1 correct?
2 A Yes.
3 Q Okay. Now, one difference between a book in
4 the eBook Reader format is that that adds some
5 additional protections, I guess we could call it to
6 the book; is that correct?
7 A That's one difference, that's right.
8 Q Okay. And what are some other differences
9 between books that are for the eBook Reader format
10 versus books for the Acrobat format?
11 A Well, the other categorical difference is that
12 different technology is used to encrypt the file.
13 Acrobat Reader uses a particular kind of security
14 module to encrypt files to put on standard Acrobat
15 encryption -- standard Acrobat permissions. The
16 eBook Reader uses a different security module to
17 encrypt the file, the different one that manages
18 keys differently, as I've described earlier today.
19 Q We're going to talk about this a little bit
20 more later, but when you say it uses a different
21 security model --
22 A Module, yes.
23 Q Module. It would be fair to say it uses
24 what's called a different security handler?
25 A That's correct.
14
1 Q Okay. Now, one of the reasons -- strike the
2 question.
3 One of the things that you are trying to
4 accomplish with the eBook Reader format is to allow
5 for varied distribution of eBooks?
6 A I don't understand what you mean by "varied
7 distribution."
8 Q All right. One of the things that the eBook
9 Reader format is designed to do is to allow
10 publishers to distribute and sell eBooks in a
11 fashion that's very similar to what they do in the
12 real world; correct?
13 A That's true.
14 Q You have a publisher, you might have a
15 distributor, then you might have a local store and
16 then you have an ultimate consumer; correct?
17 A That's right.
18 Q And the eBook Reader format is designed to
19 help enable that process for the distribution of
20 eBooks; correct?
21 A Yes, that's correct.
22 Q Okay. And that's a significant difference
23 between it and the Acrobat format; correct?
24 A It's a difference -- I guess in the context of
25 your question it's really a difference mostly
15
1 between the standard security handler and the
2 different security handler that we developed for
3 eBooks.
4 Q All right. Well, the standard security
5 handler does not allow the same sort of
6 distribution options --
7 A That's right.
8 Q -- if you will --
9 A That's right.
10 Q -- that the -- that the eBook Reader does;
11 correct?
12 A That's correct.
13 Q And that's a significant or a major advantage
14 or feature of the eBook Reader; correct?
15 A Yes, it is.
16 Q And it -- it's -- the eBook Reader has
17 security features which help allow those
18 distribution characteristics; correct to say?
19 A That's correct.
20 Q It has features that the Acrobat Reader does
21 not?
22 A That's correct.
23 Q All right.
24 A At this time.
25 Q Now, I want to talk a little about PDF and
16
1 protection of eBook content. All right?
2 The way that basic PDF files which can be
3 read by the Acrobat Reader can be protected is
4 through encryption of the file; is that correct?
5 A Yes.
6 Q Okay. And the PDF file specification --
7 strike the question.
8 PDF has a specification that tells
9 developers how that encryption works and how to
10 work with it; correct?
11 A Yes, for the most part that's right. It is
12 specified.
13 Q And, in fact, the specification as to how it
14 works and everything, it's publicly available;
15 right?
16 A Yes, it is.
17 MR. BURTON: Okay. If I can approach the
18 witness?
19 THE COURT: Sure.
20 MR. BURTON: Your Honor, and we have also
21 premarked exhibits, but we will have some that
22 won't be premarked. So I'd like to mark this next
23 in order as Defense 145.
24 MR. FREWING: Your Honor, if I may? I
25 haven't had an opportunity to see the Defense
17
1 Exhibit unfortunately.
2 MR. BURTON: Sure.
3 (Whereupon, Defendant's Exhibit Number
4 145 was marked for identification.)
5 BY MR. BURTON:
6 Q I'm going to show you what's marked as Defense
7 145 for identification.
8 Have you ever seen that? That's a book,
9 by the way.
10 A This is. This is a book that's very familiar
11 to all employees of Adobe and a lot of our
12 customers. It's -- it is the published
13 specification of the PDF format. This is the
14 current edition.
15 Q Okay. And it's -- it's published by? Well,
16 it's --
17 A It's published by Adobe Systems Press by a
18 printer working for us.
19 Q Okay. And it gives to anyone who wants to
20 know information about the PDF specification;
21 correct?
22 A That's right.
23 Q And, in fact, it -- I'll just leave it here.
24 And, in fact, in that there is
25 information about the PDF specification with
18
1 respect to security for PDF files?
2 A That's right.
3 Q It tells the algorithms that are used to
4 encrypt files?
5 A With a standard security handler.
6 Q With a standard security handler; correct?
7 A That's correct. That's correct.
8 Q So if I wanted to know, if someone wanted to
9 know how to encrypt a file with the standard
10 security handler, they could use that book to help
11 them learn that or gain knowledge about it;
12 correct?
13 A Yes.
14 Q And I take it if somebody wanted to learn how
15 to decrypt a file that uses the standard security
16 handler, they could look at that book to get
17 information about it; correct?
18 A Yes. They'd be looking in the book for
19 information on how to build their own interpreter
20 for PDF files. It could do a lot of things
21 including operate with other systems that use -- as
22 long as they all use the standard security handler,
23 then they could make arrangements for the two
24 products to open the same files for one to encrypt
25 it and the other to decrypt it.
19
1 Q Okay. Well, right now we're going to talk
2 about what's called the standard security handler.
3 A Fine.
4 Q And again for the jury the standard security
5 handler is the security that comes generically with
6 PDF files?
7 A Actually, no. It comes generically with the
8 software products Adobe Acrobat and Acrobat Reader.
9 Q Okay. I'm sorry.
10 A It's a program.
11 Q So it's a program?
12 A It is.
13 Q And it comes with the Acrobat Reader?
14 A Yes.
15 Q Okay.
16 A You could pick up this and build your own
17 product that did the same job as the Acrobat Reader
18 including building your own standard security
19 handler. That's the purpose of the spec.
20 Q Okay. Now, the standard security handler from
21 a user perspective, it allows a user to encrypt a
22 PDF file; correct?
23 A It does.
24 Q And it also allows a user to set what's called
25 permissions; correct?
20
1 A That's right.
2 Q Okay. And what are permissions?
3 A Permissions are little pieces of information
4 that are put inside the file and they control
5 features of the Acrobat product such as whether you
6 can print the file or whether you can make extracts
7 of the content and so forth.
8 Q And these permissions are generally or I think
9 exclusively related to what someone can do with the
10 content of the PDF file; is that correct?
11 A You have to define "content" a little broadly.
12 Q All right.
13 A Because they include things like whether
14 you're permitted to add forms to an electronic form
15 or modify the way forms work. So if you include
16 the forms in content, then yes.
17 Q Well, there are things like whether you can
18 print?
19 A Right.
20 Q Whether you can print the file, whether you
21 can change the file?
22 A That's right.
23 Q You can make changes to the file, those sorts
24 of operations on the content of the document?
25 A That's right.
21
1 Q That's what the permissions allow someone to
2 control?
3 A That's right.
4 Q Correct?
5 A Yes.
6 Q And the person who can control what those
7 permissions are is the creator of the file; is that
8 correct?
9 A That's right. I'm sorry. That's -- that's
10 usually the case. It's possible that someone who
11 is the receiver of the file has also been given a
12 password that he can use to unlock it and change
13 the permission, but the general case is as you
14 said.
15 Q Well, let's talk about that. In order to --
16 well, strike the question.
17 PDF files are not normally encrypted; is
18 that correct?
19 A Well, they are only encrypted if people have
20 set permissions on them. I don't know what you
21 mean by "normally."
22 Q When a PDF file is initially made or
23 distilled, is it in encrypted form?
24 A No.
25 Q Okay. A normal, a usual PDF file when it's
22
1 made is in an unencrypted form; correct?
2 A Right.
3 Q And after that, it's made or it comes into
4 being, the creator can decide to encrypt it or not;
5 correct?
6 A That's right.
7 Q I mean, it's not required that a PDF file be
8 encrypted?
9 A No. That's correct.
10 Q That's a choice that the creator makes with
11 respect to the file?
12 A That's right.
13 Q Correct?
14 A Yes.
15 Q And the way that a file can become encrypted
16 is by the creator setting a password; correct?
17 That's one way?
18 A That's one way.
19 Q Okay. And another way would be that if the
20 creator decided to have permissions put on the
21 file; correct?
22 A That's right.
23 Q Those are the only two ways that the file
24 becomes encrypted?
25 A In the standard handler, that's correct.
23
1 Q Yes. And just so we're clear I'm going to
2 just talk about the standard security handler right
3 now.
4 Okay. So the way it becomes encrypted is
5 if the person either sets a password; correct?
6 A Yes.
7 Q Or they decide to set permissions?
8 A That's right.
9 Q Either/or or both?
10 A You can do both, that's correct.
11 Q Absent doing either one of those two things or
12 both of those two things the file will not be
13 encrypted?
14 A That's correct.
15 Q Okay. It's what's known or what could be
16 called a native or a naked PDF file?
17 A It usually called a plain text file.
18 Q Plain text file. All right.
19 Now, with respect to the passwords, there
20 are two passwords that a creator can set; correct?
21 A Yes.
22 Q And those are what?
23 A One of them is called the owner password and
24 it controls whether someone can change the
25 permissions. And the other is called the user
24
1 password and it controls a higher level encryption
2 of the file. So those are the two.
3 Q Now, if someone were to set the owner password
4 and send a file -- at that point it's an encrypted
5 file -- to someone who had Acrobat Reader, the
6 person receiving the file could open the file
7 because the security handler on the Acrobat Reader
8 they have would allow the file to be decrypted?
9 A Yes.
10 Q Correct?
11 A Yes.
12 Q And they would be able to read the file?
13 A Yes.
14 Q Correct?
15 But they wouldn't be able to change any
16 permissions if they were set, correct, unless they
17 knew the password?
18 A That's correct.
19 Q Okay. Now, if a file in which the user
20 password were set and it was sent to another
21 individual, could the file be opened by that
22 individual?
23 A Not unless the individual also has a copy of
24 the user password.
25 Q Okay. So in that case they would have to have
25
1 the user password in order to even look at the
2 file?
3 A That's right.
4 Q Right?
5 Even if they knew the master password;
6 would that be true?
7 A If I remember correctly, that's true.
8 Q Okay. The permissions and the password that
9 we've just -- password process that we've just
10 defined, that again is the security procedures that
11 are used for the standard security handler;
12 correct?
13 A That's right.
14 Q So if someone were distributing an eBook using
15 the standard security handler, that is, an eBook
16 that could be read in Acrobat Reader, those would
17 be the security options that they would have unless
18 they used the plug-in; correct?
19 A That's right.
20 Q Okay. That's what they are limited to?
21 A That's right.
22 Q Okay. And those security options that we
23 talked about, could they be referred to as sort of
24 a rudimentary form of what's called digital rights
25 management?
26
1 A Yes.
2 Q Okay. I mean, and that's what they were
3 intended to be; yes?
4 A I can't speak with personal knowledge of what
5 they were intended to be because they were designed
6 a long time ago before I worked for Adobe.
7 Q And you as a result now --
8 A I had nothing to do with that design.
9 Q You had nothing to do with that design?
10 A That's correct.
11 Q But they essentially are in a rudimentary
12 digital rights management?
13 A You could say that, I think.
14 Q That would control the security of a document?
15 One of the things it does is prevent people from
16 having unauthorized access to a document; correct?
17 A Yes.
18 Q And it prevents people from copying it or
19 changing it?
20 A That's right.
21 Q Okay. All things that as a publisher you
22 might well want to do; correct?
23 A Yes.
24 Q Okay. Now, the Adobe eBook Reader adds
25 another level of security to the security that
27
1 we've just described; correct?
2 A It really replaces that handler with a
3 different handler. So I think it's better to
4 describe it that way than saying it adds to it.
5 Q All right. So it replaces the standard
6 security with a different handler. Okay? What
7 other security features does the eBook Reader
8 handler provide?
9 A It provides a few permissions that are not
10 provided by the standard handler such as
11 permissions that cause documents to expire at a
12 given time, permissions that control whether the
13 document could be read by a text-to-speech system,
14 permissions that state whether the book can be lent
15 to another consumer or given to another consumer.
16 Q Okay.
17 A And then, as you alluded to previously, we use
18 a different system of distributing keys that was
19 designed more with -- which was designed with the
20 value chain of publishers and book distributors and
21 Internet retailers in mind.
22 Q But it nonetheless has the basic security
23 features that we discussed a moment ago with
24 respect to the document, copying, printing, making
25 changes?
28
1 A Well, from an outsider's viewpoint, from a
2 user's viewpoint it seems to have a very similar
3 effect, that's right.
4 Q Okay. Now, you indicated that you were
5 familiar with -- well, that prior to the receipt of
6 Exhibit 1, which was the e-mail, I believe you
7 indicated that you were familiar with Elcomsoft?
8 MR. FREWING: Objection. I think it
9 mischaracterizes the testimony.
10 MR. BURTON: Well, then let me ask the
11 question.
12 THE COURT: Okay.
13 BY MR. BURTON:
14 Q Prior to the receipt of Exhibit 1, the e-mail,
15 were you familiar with the Elcomsoft company?
16 A I had heard of Elcomsoft before. I can't say
17 I was as familiar as I am now.
18 Q All right. Were you familiar with any other
19 products that Elcomsoft made?
20 A Yes.
21 Q What other product were you familiar with?
22 A The main product that had come to my attention
23 was a product for removing passwords from -- from
24 PDF files that had been -- that employed the
25 standard security handler.
29
1 Q And how is it that you came to know about that
2 program?
3 A I -- I saw e-mail circulated within Adobe in
4 January of 2001, if I remember correctly. Just
5 somebody had basically sent a question to the
6 technical community at Adobe asking whether they
7 were aware of this program.
8 Q Okay. And other than seeing that e-mail did
9 you -- well, when you saw it did you do anything
10 with respect to that e-mail?
11 A I didn't. The standard security handler is
12 developed by another department of the Acrobat
13 engineering group. So while personally interested
14 in it I wasn't professionally responsible for
15 responding to the e-mail.
16 Q Did the fact that it would -- that it could,
17 as you put it, remove passwords -- was that the
18 phrase that you used?
19 A Actually, that is the phrase I used and that's
20 just my understanding from reading the e-mail that
21 that's what it did.
22 Q Okay. Well, other than reading the e-mail, is
23 it your testimony that you did nothing about it?
24 A As I said, I personally didn't do anything
25 about it. It wasn't my area of the product.
30
1 Q Are you aware of whether Adobe took any action
2 with respect to it?
3 A I don't have any firsthand knowledge of action
4 Adobe took about it.
5 Q Were you aware of whether or not Adobe
6 analyzed the program to determine -- the "program,"
7 by that I mean the Advanced PDF Password Recovery
8 program, whether they analyzed the program to
9 determine whether or not it presented any threat to
10 Adobe's products?
11 MR. FREWING: Objection. Lack of
12 foundation. The witness made clear he doesn't know
13 about it.
14 THE COURT: All right.
15 MR. BURTON: Well, then --
16 THE COURT: Do you want to withdraw the
17 question?
18 MR. BURTON: I'll withdraw the question,
19 Your Honor.
20 If I can just have a moment, Your Honor?
21 THE COURT: Sure.
22 MR. BURTON: I'm going to mark this as
23 defense next in order for identification, please.
24 THE COURT: That will be 146 then.
25 //
31
1 (Whereupon, Defendant's Exhibit Number
2 146 was marked for identification.)
3 BY MR. BURTON:
4 Q Mr. Diaz, I'm going to show you what's marked
5 as Exhibit 146. I'm going to ask you in a minute
6 some questions about it.
7 Mr. Diaz, prior to today did you have
8 occasion to testify in a grand jury proceeding
9 related to this case?
10 A I did.
11 Q Okay. And when you testified there you were
12 sworn and you testified under oath; correct?
13 A Yes.
14 Q Okay. Could I ask you to turn to page --
15 well, strike the question.
16 Do you recognize that as your grand jury
17 testimony?
18 A I'm only looking at the front page. I did
19 testify before the grand jury on -- it says August
20 14th, 2001. That sounds right.
21 Q Okay. I would ask you to turn to page 6 of
22 that document.
23 And I would ask you to look at starting
24 at line 7 and line 14 and right for now I want you
25 to read it to yourself.
32
1 A I've read it.
2 Q All right. And it says -- and is that your
3 testimony that you gave?
4 A It's -- I assume it is. I have no reason not
5 to think so.
6 Q You don't have any reason to believe that it's
7 inaccurately recorded, do you?
8 A No.
9 Q Okay. And it says the question: "Did Adobe
10 take any steps in January 2001 relative
11 to this other password product that they
12 had?"
13 Answer, your answer: "Not to my
14 knowledge. We discussed it. So not to
15 my knowledge did Adobe take action. We
16 discussed that incident within the
17 engineering groups and felt that the --
18 in that particular case there was no
19 serious security breach they were
20 exploiting. So we had no motive to
21 pursue that particular case with them."
22 Is that what you testified to?
23 A I -- I assume so. It looks correct to me.
24 Q Okay. Well, having looked at that and read it
25 do you now remember having any discussions in Adobe
33
1 with respect to the other Elcomsoft product?
2 A My memory isn't really refreshed very much by
3 this. If it says we discussed it, it would have
4 meant that we had a brief e-mail discussion about
5 it or something. The group in question that's
6 responsible for the standard handler is here in
7 California. I'm located in Boston. So I -- so if
8 we had discussed it at any great length, I'd
9 remember.
10 Q Well, do you -- having looked at it, your
11 answer being there was no serious security breach
12 they were exploiting, is that -- as you sit there
13 is that true in your mind?
14 A I don't -- I don't know from firsthand how --
15 exactly what the Elcomsoft product does, but my
16 general knowledge of the security handler is that
17 if -- if the user password is properly chosen,
18 meaning it's a long password that's hard to guess
19 and so forth, that it's extremely hard to break.
20 So --
21 Q Well, that would be true for the -- in the
22 context of the Adobe eBook Reader, if there was a
23 user password?
24 A There are no user passwords, though.
25 Q Oh, there are not?
34
1 A No. The application of the standard handler I
2 would say is primarily for sending confidential --
3 for user passwords in the standard handler is for
4 me to send a confidential document to you in which
5 we both know the password. So I -- if I said it
6 wasn't a serious security breach, I must have meant
7 that. In other words, if you chose a long user
8 password and share it with the person receiving the
9 message, then it wouldn't be a -- then you wouldn't
10 be threatened.
11 If you choose a short one or don't use
12 your passwords at all, then you have other security
13 exposures that are intrinsic to the design of the
14 standard handler, as I understand it.
15 Q Well, I take it you believed then that it was
16 some sort of security threat to Adobe? Did you?
17 A Yes. Because I said "no serious." So I'm
18 saying I guess by implication that it's a not so
19 serious security breach.
20 Q All right. Now here's my question to you: As
21 I understand from you, one can purchase eBooks in
22 the Acrobat format, that is, the format that uses
23 the standard security handler; correct?
24 A I believe that's right.
25 Q I mean that eBooks are available in the public
35
1 in that format; yes?
2 A Yes.
3 Q So someone who could break into that format
4 would present some sort of a security threat to
5 Adobe, wouldn't they?
6 A I see the point. I think so, yes.
7 Q My question is from the standpoint of eBooks
8 and the threat to eBooks why did you believe that
9 the Advanced PDF Password Recovery program
10 presented less of a threat than the eBook Processor
11 program?
12 A Because it's not our recommended handler for
13 publishing commercial copyrighted material.
14 Q Not your recommended handler?
15 A That's right.
16 Q But you're aware that a number of publishers
17 and authors use it; correct?
18 A Yes, I am.
19 Q Okay. And, in fact, not only is it used for
20 eBooks, it's used for e-documents, that is, for
21 example, in companies to send internal manuals or
22 documents. The standard security handler is used
23 to do that; yes?
24 A You made that assertion. I imagine that's
25 true, yes.
36
1 Q You don't know that?
2 A I -- I think it's probably true.
3 Q Well, given your experience in the industry
4 you don't know whether or not documents are used
5 internally to utilizing the standard security
6 handler?
7 A Oh, yes. Of course, they are.
8 Q Okay. And, in fact, it's common to do that;
9 yes?
10 A Yes.
11 Q And, in fact, people use the standard security
12 handler in that context to protect the document;
13 correct?
14 A Yes.
15 Q Well, for example, one of the uses one could
16 use is to send the confidential document to a
17 colleague; correct?
18 A Yes.
19 Q Or, for example, to send a document to a
20 colleague that contains trade secret information?
21 A Right.
22 Q Yes?
23 A That's correct.
24 Q And people use PDF to do that; correct?
25 A That's correct.
37
1 Q And when they do that people use the standard
2 security handler; correct?
3 A Yes. That's a very different application than
4 the typical eBook application.
5 Q All right. But it's an important application
6 to Adobe, is it not?
7 A So are many things, yes, including that.
8 Q Many things, but that certainly is, is it not?
9 A Sure.
10 Q I mean, it's not trivial, is it?
11 A No, not at all.
12 Q Adobe does not find it trivial that
13 individuals use the standard security handler to
14 protect confidential information?
15 A That's correct.
16 Q Yes?
17 A You're right.
18 Q But your feeling was that a program that could
19 breach the standard security handler was not a
20 significant threat to Adobe?
21 A I don't believe that program could
22 successfully breach the standard handler if it were
23 used for a confidential document. That's why I
24 made the point about user passwords.
25 Q Well, do you assume, therefore, that all
38
1 confidential documents are sent with a user
2 password? Is that what you're saying?
3 A No. But if someone who is a
4 security-conscious person is trying to protect a
5 confidential document, they would -- they would use
6 that feature if they were following good security
7 practices.
8 So people can use our products in ways of
9 their own choosing, but if they followed our
10 recommendations they would use user passwords and
11 choose long ones for confidential material.
12 Q Now, you -- I believe your testimony was --
13 well, strike the question.
14 Is it your testimony that you do not know
15 how the Advanced eBook Processor program,
16 Elcomsoft's program, how it works?
17 A I know -- I know some things about how it
18 works or how it does its job because they were
19 subsequently presented to the public.
20 Q Okay. And so you do know something about
21 generally how it works; correct?
22 A Yes.
23 Q Okay. And do you know something about
24 generally how the other Elcomsoft product, the
25 Advanced PDF Password Recovery program, works?
39
1 A No.
2 Q You don't?
3 A As I said earlier, I haven't analyzed the
4 program.
5 MR. BURTON: Okay. If I can just have a
6 moment, Your Honor?
7 THE COURT: Sure.
8 BY MR. BURTON:
9 Q If you would look at I think it's Exhibit 146,
10 the grand jury testimony that's there. And I'd ask
11 you to turn to page 15.
12 A Okay.
13 Q And just a minute while I get there. I'll
14 direct you.
15 Now, and you can read -- if you start
16 reading at the second line down to line 19.
17 A Yes. I've read it.
18 THE COURT: Just read it to yourself.
19 THE WITNESS: I have read it.
20 BY MR. BURTON:
21 Q Okay. Now, there you were asked a question
22 about how the Advanced eBook Processor generally
23 worked; correct?
24 A The question is on the preceding page.
25 Q All right. Then you can turn to that. I want
40
1 to make sure you have the context.
2 A Okay.
3 Q You were asked a question about how the
4 Advanced eBook Processor worked in general?
5 A The question was how did it circumvent the
6 Adobe eBook Reader. That was Mr. Frewing's
7 question.
8 Q Well, that was asking how it worked.
9 A I think that's a more specific question than
10 how it worked, but anyway.
11 Q All right. And your answer in part was that
12 its goal was to find the keys that were hidden;
13 correct?
14 A Yes.
15 Q That were hidden in the software; is that
16 correct?
17 A Yes. That's correct. That's near the end of
18 my answer.
19 Q All right. And it worked by finding the keys,
20 not by breaking the encryption of the file;
21 correct?
22 A Again, we didn't reverse engineer the
23 Elcomsoft program, but it appears to me that it
24 actually works by having copied key material from
25 the eBook Reader software into itself so that every
41
1 copy of the Elcomsoft program has some key material
2 that we had meant to be kept only in the eBook
3 Reader. And so it has -- it has key material
4 that's used to unravel the rest of the keys in
5 anyone's reader and decrypt their books.
6 Q Would you turn to page 12.
7 A Okay.
8 Q And start looking at -- you can look at line 1
9 through 12.
10 A I've read the answer.
11 Q Okay. And your answer says -- and I'm going
12 to read and you can correct me if you think I'm
13 creating any misimpression, but it starts -- or it
14 doesn't start, but it says: "And I will also say
15 we aren't certain exactly how the
16 Elcomsoft engineers went about their job,
17 but what they did succeed in doing was
18 not breaking the encryption. They
19 succeeded in finding the key that was
20 buried inside our software and moving
21 that key into their own software."
22 Correct?
23 A That's what I said.
24 Q Okay. And that was true? You believed that?
25 A I believed it to be true. I'm going to say
42
1 again we haven't reversed engineered or analyzed
2 their program. I can only testify as to what's my
3 opinion on this point.
4 Q And do you know whether or not the Advanced
5 PDF Password Recovery program worked the same or
6 differently?
7 A I'll say again I don't know how that program
8 works.
9 Q You don't know whether what it does is to find
10 a key?
11 MR. FREWING: Objection. Asked and
12 answered.
13 THE COURT: I'll let him answer that, but
14 I think we are going over it.
15 You can go ahead and answer that.
16 THE WITNESS: I don't know. I'd only be
17 guessing.
18 BY MR. BURTON:
19 Q All right. Now, in your direct examination
20 you indicated that there were certain I think you
21 used the term "passive programs" that were in
22 the eBook Reader that were put there for various
23 purposes; correct?
24 A Mr. Frewing said "passive." There are
25 programs that run and attempt to monitor the
43
1 computer to see if people are running debuggers.
2 Q What I want to know is are there similar
3 programs -- these are programs that are part of the
4 eBook Reader?
5 A They are.
6 Q Okay. Are there similar programs that are
7 part of the Acrobat Reader?
8 A No.
9 Q So there are no such measures in the Acrobat
10 Reader?
11 A That's right.
12 Q Okay. Now, you also testified -- you
13 testified on direct examination that the eBook
14 Processor program presented a security threat that
15 you hadn't anticipated?
16 A Yes.
17 Q Do you remember that?
18 Okay. And that was because it was -- it
19 was -- I think your testimony was it was because it
20 was being sold commercial?
21 A That's right.
22 Q At least in part because it was being sold
23 commercial. And what was unusual about having a
24 program like that being sold commercially?
25 A First, the fact that it was not being offered
44
1 to people in a clandestine manner. Second, the
2 fact that, as I said earlier, as a commercial
3 product I was assuming that developers of the
4 product would not publish all of the details. In
5 other words, that I was assuming that they would
6 regard some aspects of the program as trade secrets
7 that they would keep to themselves.
8 Q Well, let's talk about the first part of your
9 answer. You said that the program was hot being
10 published in a clandestine manner. Why was that
11 unusual or did that strike you as unusual or
12 different?
13 A There's something of a pattern in the Internet
14 community of people who are security analysts and
15 hackers to develop cracking programs and distribute
16 them anonymously and that's one -- that's one
17 common pattern.
18 Some professional security analysts who
19 are legitimate researchers also develop cracks of
20 security systems and publish them in academic
21 literature. It's just unusual to see research and
22 development of that kind wind up as a commercial
23 product that has an anti-reverse engineering clause
24 in its license agreement.
25 Q Well, in your answer you talked about the
45
1 Internet security community?
2 A Right.
3 Q Then you talked about the -- I think your term
4 was the "professional security community." What is
5 the difference between those two?
6 A There's not any intrinsic difference. In the
7 context of my answer professional researchers would
8 be -- would usually be inclined to publish their
9 full findings in some public place and to not do so
10 anonymously. And there's another Internet security
11 community that provides a lot of information of
12 this kind, analytical information about security
13 flaws, but many of its proponents remain anonymous.
14 Q Let me see if I can ask this question: I
15 mean, in your experience you know that there are
16 individuals or communities on the Internet that
17 produce programs for the purpose of violating
18 copyright?
19 A Yes.
20 Q Correct? I mean, that's not unusual. You
21 know that that exists?
22 A Well, it's unusual, but it certainly exists.
23 Q All right. It's not unusual in the fact that
24 it is exists?
25 A Correct.
46
1 Q Correct?
2 Okay. And sometimes those individuals
3 that do that are referred to as "crackers"?
4 A That's right.
5 Q I mean crackers. Crackers, C-R-A-C-K-E-R-S.
6 Crackers are usually individuals who make programs
7 for an improper purpose, to be used for an improper
8 purpose?
9 A What's your question? Is that a question?
10 Q Yes. I'm asking you.
11 A I don't really -- I don't really think that's
12 true.
13 Q You don't?
14 A No. People could be developing those programs
15 for legitimate research purposes as well as
16 improper purposes.
17 Q Okay. So you make no distinction between
18 crackers or hackers by the name; correct.
19 All right. Let me restate?
20 A Yeah. Would you restate the question.
21 Q A person could develop a program for a
22 legitimate or an illegitimate purpose as far as you
23 know; correct?
24 A Yes, that's my opinion.
25 Q It depends upon what their purpose in
47
1 developing the program is; correct?
2 A Yes. And it also depends on what -- what uses
3 are made of it. So what their purpose and what the
4 intended purpose its users have, that's right.
5 Q You think that the -- your testimony is that
6 you believe that the user of a program, that
7 person's purpose -- strike the question. Let me go
8 back.
9 I think my first question was that a
10 person could make a program for a lawful or an
11 unlawful purpose; correct?
12 A Yes.
13 Q Okay. And whether that was the case depends
14 upon what their purpose in making the program was;
15 correct?
16 A Yes.
17 Q Okay. It does not have anything to do with
18 what the end-user's purpose is, does it?
19 A If you're asking for my opinion, I think both
20 factors are important.
21 Q So you could make a -- one could develop a
22 program for the developer's purpose, a lawful
23 purpose, but it could turn out to be used for
24 unlawful purposes; correct?
25 A That's correct.
48
1 Q Okay. But you wouldn't be able to
2 characterize the program itself as being lawful or
3 unlawful, would you?
4 A It depends on whether it has a very narrow
5 use. Some programs could have only one reasonable
6 use, and this is in my opinion, and that use might
7 be illegal.
8 Q I see. All right. Well, now let's talk about
9 the Advanced eBook Processor program. Is it your
10 view that it only has one narrow use?
11 MR. FREWING: I'm going to object to
12 relevance. I'm not certain how Mr. Diaz's opinion
13 of the purpose of the program is relevant.
14 MR. BURTON: Your Honor --
15 THE COURT: I think he can ask him what
16 his understanding of what it does is, but to get
17 into his opinions as to whether something is a
18 lawful use or an unlawful use I think --
19 MR. BURTON: Oh, I'm not going to ask
20 whether it's lawful or unlawful. I'm going to ask
21 about its uses, not whether they are unlawful or
22 unlawful but narrow in the sense of function.
23 THE COURT: If he knows what, in fact,
24 it's used for?
25 MR. BURTON: Correct. Consistent with
49
1 his previous answer.
2 Let me phrase the question. I won't
3 phrase it in the context of lawful or unlawful.
4 THE COURT: All right.
5 BY MR. BURTON:
6 Q Does the Advanced eBook Processor have, in
7 your opinion, one narrow function?
8 A Yes.
9 Q And what is that function?
10 A It's to remove the permissions and the
11 encryption from an eBook file.
12 Q Okay. Are you aware of any other programs
13 that perform a similar function?
14 A I'm aware of only -- no. I'm actually not
15 aware of any that perform a completely similar
16 function.
17 Q Now, are you aware of programs that can be
18 used to remove protections from an Acrobat eBook
19 file?
20 A I'm confused by what you mean when you say
21 "Acrobat eBook file."
22 Q I mean standard security handler. So we won't
23 do that. That's Acrobat, the Acrobat Reader. I'm
24 sorry.
25 A I've heard that there are programs that can
50
1 remove permissions if you don't have specified
2 owner password and don't have a user password. In
3 other words, I've heard that if you just have the
4 default behavior that there are programs that can
5 remove those permissions.
6 MR. FREWING: Objection. Move to strike
7 as hearsay.
8 THE COURT: I think if we are getting to
9 just something that he's heard unless it's offered
10 for some purpose other than the accuracy of the
11 statement, I think the objection is well taken.
12 BY MR. BURTON:
13 Q Are you aware that there are --
14 THE COURT: So I'll sustain the
15 objection. I'm sorry. Go ahead.
16 MR. BURTON: I'm sorry, Your Honor. I
17 thought you did. I'm sorry. I'm sorry.
18 BY MR. BURTON:
19 Q Are you aware that there are programs that you
20 can buy commercially that are designed to remove
21 the protection on standard security handler files?
22 A The only one I'm aware of that sounds like
23 that is the one you asked about earlier, the
24 Elcomsoft product that you asked about earlier.
25 MR. BURTON: If I can have just a moment,
51
1 Your Honor?
2 Your Honor, could we just -- maybe we
3 could take just a short break because I don't want
4 to fumble around.
5 THE COURT: That's fine.
6 MR. BURTON: I'll find the document that
7 I'm looking for.
8 THE COURT: All right. We'll take 15
9 minutes.
10 (Recess taken.)
11 THE COURT: I think I overheard what
12 Mr. Frewing asked you and that's just the question
13 I had as to what from a scheduling standpoint we
14 should do.
15 How much more do you anticipate?
16 MR. BURTON: I -- I think probably I
17 have -- I probably have 30 minutes. I have 20
18 minutes, 30 minutes.
19 MR. FREWING: And I will have five to ten
20 minutes I would say of redirect.
21 THE COURT: To be safe do you want to
22 just pick a time in your cross where we could
23 interrupt and take that witness?
24 MR. BURTON: Sure. That's fine.
25 THE COURT: And your anticipated direct
52
1 on her is how long?
2 MR. FREWING: Is approximately ten
3 minutes.
4 MR. BURTON: Ten, fifteen minutes, ten
5 minutes.
6 THE COURT: All right.
7 Thank you. Just let me know and I'll
8 explain to the jury while we're doing it.
9 MR. BURTON: Okay.
10 MR. FREWING: I appreciate that, Judge.
11 THE COURT: Why we're interrupting.
12 MR. BURTON: Thank you, Your Honor.
13 MR. FREWING: Thank you, Your Honor.
14 (Recess taken.)
15 THE COURT: All right. Mr. Burton, you
16 can continue.
17 MR. BURTON: Thank you, Your Honor.
18 BY MR. BURTON:
19 Q I think, Mr. Diaz, at the break I was starting
20 to ask you whether or not you were aware that there
21 are commercial companies that make programs whose
22 purpose is to remove encryption and protections
23 from standard security files.
24 A Yes. I answered that the only one I'm aware
25 of that builds a product that sounds like it does
53
1 that is Elcomsoft. I think the product you asked
2 me about earlier this morning, the PDF Password
3 Recovery program, sounds from its name that it does
4 that.
5 MR. BURTON: All right. Your Honor, I
6 have some premarked exhibits.
7 THE COURT: All right.
8 MR. BURTON: And I've shown them to
9 counsel.
10 THE COURT: Okay.
11 BY MR. BURTON:
12 Q Mr. Diaz, first, I'm going to put two exhibits
13 in front of you. One is marked Defense Exhibit 141
14 and the other is Defense Exhibit -- Defense Exhibit
15 142. Now I just want you to look at them for a
16 moment.
17 A I've looked at them.
18 Q Now, have you ever heard of a company called
19 LostPassword.com?
20 A No.
21 Q You have not. And are you aware -- you've
22 never had a discussion in Adobe about that company?
23 A I've never had one.
24 Q Okay. And until I showed you the document you
25 were not aware that there was such a company?
54
1 A No.
2 Q And it would appear from the two exhibits I
3 put in front of you, 141 and 142, that that company
4 sells a product that -- that removes the encryption
5 and protections from PDF files?
6 MR. FREWING: Objection. Hearsay.
7 THE COURT: Sustained.
8 MR. BURTON: All right, Your Honor. Then
9 I will tie it up later. I will take those two
10 exhibits.
11 BY MR. BURTON:
12 Q Let me also show you what's marked 143 and
13 144.
14 A Okay.
15 Q Now I'll ask you the same question, which is
16 have you heard of a company called AccessData?
17 A No.
18 Q I'll take these two from you.
19 You're aware of a company called Apple
20 Computer; correct?
21 A Yes, I am.
22 Q Do you -- are you aware of the fact that Apple
23 Computer makes a product which removes the
24 security -- decrypts and removes the security
25 protections on PDF files?
55
1 A I guess I wouldn't have put it that way, but,
2 yes, I'm aware of the issue.
3 Q How would you have put it?
4 A Apple is the best known company other than
5 Adobe that has implemented PDF. So they use the
6 PDF specification to implement their new OS10 file
7 system's file format. And I've heard people say
8 that their use of PDF does not honor all of the
9 specified parts of -- the specified behavior of the
10 standard security handler.
11 Q Well, when you say "it doesn't honor," what do
12 you mean by that?
13 A Well, the specification -- as I said earlier
14 when you asked me about the specification --
15 Q Uh-huh.
16 A -- the specification is a very detailed
17 document that explains how to build products that
18 would process PDF files you might say in the same
19 manner that Adobe Acrobat does. Because you're
20 implementing a software product you might or might
21 not implement everything exactly to the published
22 specification just as an engineer you have a choice
23 of doing things differently.
24 So it's called the standard security
25 handler, but that doesn't mean you have no choice
56
1 about how to implement it or whether to build it
2 exactly the same way as specified.
3 Q But are you suggesting that Apple is doing
4 this with Adobe's approval?
5 A No.
6 Q Okay. And do you, in fact, know whether if
7 there is such a -- well, strike that.
8 You know there is such a program that
9 Apple makes. It's part of their system software;
10 correct?
11 A I don't know that there's a program that's
12 provided by them for the exact purpose of removing
13 that.
14 Q You don't know that?
15 A No. I testified to what I know. I've heard
16 that some aspects of their system don't -- don't
17 honor the standard security permissions.
18 Q And when you say you've heard, have you read
19 it any place?
20 A No.
21 Q You've not read it on the Web?
22 A No.
23 Q You've heard from other individuals?
24 A Yes.
25 Q Hearsay?
57
1 A Yes.
2 MR. FREWING: Your Honor, I move to
3 strike on the basis of hearsay.
4 MR. BURTON: Well, he can certainly say
5 what he's aware of.
6 THE COURT: Yes. It cannot be considered
7 for the truth of the statement that Apple offered
8 such a program or feature. It will only be offered
9 for showing that he's heard that.
10 BY MR. BURTON:
11 Q And do you know in Apple offering that
12 program, did Apple -- did Apple publish anything
13 about its program and how it was used?
14 MR. FREWING: Objection. Lack of
15 foundation.
16 THE COURT: Yes. What is the relevance
17 other than the truth of the statement?
18 MR. BURTON: He testified earlier with
19 respect to practices, as he put it, within the
20 industry with respect to programs that could
21 decrypt or remove protections. And one of the
22 things he said earlier was how Elcomsoft proceeded
23 in this case and he contrasted that with others.
24 THE COURT: Okay. Well, the only
25 relevance would be then as to his understanding,
58
1 not whether or not that in fact is what Apple does
2 or some other company does.
3 MR. BURTON: Correct.
4 THE COURT: All right. I'll allow it for
5 that purpose only.
6 MR. BURTON: Can I have the question read
7 back then, please, Your Honor?
8 THE COURT: Sure.
9 THE COURT REPORTER: "Question: And do
10 you know in Apple offering that program,
11 did Apple -- did Apple publish anything
12 about its program and how it was used?"
13 THE WITNESS: I don't know.
14 BY MR. BURTON:
15 Q In I believe -- strike the question.
16 Are you familiar with the Stephen King
17 novel Riding the Bullet?
18 A I am.
19 Q Okay. And that -- that novel is in eBook
20 form, is it not?
21 A Yes. It was originally published exclusively
22 in eBook form and only rather recently on paper.
23 Q Okay. And when it was originally -- when was
24 it originally published approximately?
25 A March of 2000.
59
1 Q March of 2000. And when it was originally
2 published in eBook form was your predecessor
3 company, your prior company Glasswork involved --
4 A Yes.
5 Q -- in the distribution?
6 A Yeah, Glassbook. We were intimately involved
7 with that.
8 Q And it was published in what format?
9 A My recollection -- we published it using our
10 technology in PDF format. It was also published in
11 PDF format for the Macintosh Acrobat Reader using
12 WebBuy. It was published in the Peanut Press
13 format for Palm and Pocket PC computers and it was
14 published by yet another company in PDF format
15 called SoftLock using their security plug-in.
16 Q Was it published in a format that used the
17 standard security handler?
18 A Not to my knowledge.
19 Q Okay. It was published in the Glassbook
20 format; correct?
21 A Yes, correct.
22 Q Now, and after it was published it was, if you
23 will, broken into?
24 A Yes.
25 Q The security of the program was breached;
60
1 correct?
2 A That's correct.
3 Q And one of the programs or, in fact, the
4 program that was breached or the handler that was
5 breached was the Glassbook handler; correct?
6 A Yes.
7 Q Okay. And when it was breached did the -- was
8 it ever determined who the individuals were that
9 breached it?
10 A Not by me. The person that wrote the crack-in
11 program briefly appeared -- he briefly published
12 his name in a little blurb on the Web and so we
13 believe he's -- he was in Switzerland. I don't
14 know if he was a Swiss national, but he quickly
15 removed that notice. And so we didn't know
16 anything about his identity.
17 Q Okay. And so when you say "briefly published
18 his name" he somehow put on the Web his name and
19 then very quickly took it down; is that your
20 testimony?
21 A That's correct.
22 Q And do you know whether that was a commercial
23 company?
24 A I have no idea.
25 Q Okay. You just knew the name or the alleged
61
1 name of the person; correct?
2 A That's right.
3 Q And did the person publish anything about how
4 they did it?
5 A Yes.
6 Q They did. And did they do that after the --
7 after the act was performed?
8 A Immediately after.
9 Q Okay. And so you certainly knew something
10 about how it was done or you were able to try to
11 determine how it was -- how it was done; correct?
12 A We did, yes.
13 Q And the program that was used by this person,
14 was it made available?
15 A Yes.
16 Q Was it made available for cost?
17 A Not to my knowledge.
18 Q How was it made available?
19 A He posted it on Internet web servers and news
20 groups.
21 Q And did he keep it up there for -- strike the
22 question.
23 You indicated his name was up and then he
24 took it down?
25 A Yes.
62
1 Q When he published the program did he -- was it
2 maintained or was it also taken down?
3 A It was taken down. To the best of my
4 knowledge, it was taken out from -- taken down from
5 most of the places it was originally posted. I
6 wouldn't be surprised if it's still out there
7 somewhere.
8 Q And I'm sorry to ask this again. I'm not
9 sure. Did you indicate whether it was free or
10 whether it was a commercial product?
11 A Well, it was free as far as I'm aware.
12 Q Okay. I want to ask you a question about
13 eBooks in the standard security handler format.
14 You indicated I think in your direct testimony that
15 publishing or selling eBooks in that format was not
16 Adobe's preferred format; is that correct to say?
17 A I did say that.
18 Q Okay. And you meant it?
19 A Well, we developed a product specifically for
20 eBooks.
21 Q Okay.
22 A So if we thought that was -- so clearly it was
23 because we thought that that was a preferable way
24 to package and distribute eBooks.
25 Q And the publishers who use -- who still
63
1 publish in the standard security handler format,
2 would it be fair to say that they are the smaller
3 publishers, solo individuals or authors or small
4 companies?
5 A I actually don't know. I don't know whether
6 they are big or small.
7 Q Okay.
8 A We have far too many Acrobat users for me to
9 know that as an engineer.
10 Q With respect to the publishers in the -- in
11 the eBook Reader format, those publishers are some
12 of the larger publishers; correct?
13 A Yes. Large and small, but certainly a lot of
14 the well known and large publishers are in that set
15 of customers.
16 MR. BURTON: Okay. All right. If I can
17 have Government Exhibit 1. I'm not sure if it's --
18 MR. FREWING: It's right here.
19 BY MR. BURTON:
20 Q All right. Mr. Diaz, you recognize again
21 Government's Exhibit 1. It was shown to you on
22 direct examination; correct?
23 A Yes.
24 Q And this is the e-mail that you received.
25 The e-mail indicates it's from -- or it
64
1 was sent -- the original message was sent to a
2 Mister or I don't know if it's a Mister or not, but
3 a Hardwick at Infoworks.com?
4 A Yes. It is a Mister. Steve Hardwick is his
5 name.
6 Q That's the person that sent it to you?
7 A Yes.
8 Q And at the time that the e-mail was -- that
9 you received it, was Mr. Hardwick employed by
10 Adobe?
11 A No. He was employed by Infoworks was his
12 employer.
13 Q And that was his own independent company?
14 A I don't think he's an owner. Infoworks is a
15 security and digital rights management development
16 company that was working with us in the open eBook
17 forum at the time.
18 Q Do you know why he decided to send the e-mail
19 to you?
20 A I could speculate about why he sent it to me.
21 Q But you don't know?
22 A No.
23 Q You didn't talk with him about it or anything?
24 A He told me the previous night that he had
25 received e-mail about a crack of the eBook Reader.
65
1 So that would have been the night of June 20th.
2 Q All right.
3 A And he said, "Have you seen it?"
4 And I said, "no." So he forwarded this
5 copy to me.
6 Q Okay. Now, it says in the e-mail that he sent
7 you, it says -- it's addressed to "Dear Customer";
8 correct?
9 A Yes.
10 Q Did you know that Mr. Hardwick was a customer
11 of Elcomsoft?
12 A No.
13 Q You didn't know that prior to receiving the
14 e-mail?
15 A I've never thought of it until this moment.
16 Q Well, you realize he was a customer?
17 A If you say so. As I said, I didn't know that.
18 Q Well, the e-mail purports to be from Elcomsoft
19 to a Dear Customer; correct?
20 A It does.
21 Q And Mr. Hardwick is the one who they sent the
22 e-mail to; correct?
23 A Yes.
24 Q Okay. Now, earlier you were talking about the
25 language here. It says: "As well as Adobe" -- I'm
66
1 sorry. Let me start here.
2 "It is a program to decrypt eBooks in
3 Adobe Acrobat eBook Reader format, as
4 well as Adobe Acrobat PDF files protected
5 using the standard security method."
6 Correct?
7 A Yes.
8 Q So the Advanced eBook Processor program does
9 both. It does at least both. It does the standard
10 security handler as well as the -- the EBEX or the
11 eBook Reader security handler; correct?
12 A That's what it says.
13 Q That's what it says. And it also indicates
14 that it does several other security handlers,
15 WebBuy Technology. That's another --
16 A That's another Adobe product.
17 Q And is it -- would it be fair to call it a
18 security handler at least in part?
19 A Yes, it would.
20 Q Okay. And it says: "Or any other Acrobat
21 security plug-in like SoftLock."
22 Would it be fair to call that a security
23 handler?
24 A Yes.
25 Q And I'm not sure. Internet Standards
67
1 Australia. Do you know what that is?
2 A No, I don't.
3 Q All right. So it would appear and would you
4 agree that the Advanced eBook Processor program
5 does the standard security handler and a number of
6 other security handlers?
7 THE COURT: Your question is does it
8 appear or does it?
9 MR. BURTON: I'll rephrase that. It's a
10 terrible phrase.
11 BY MR. BURTON:
12 Q Is it your understanding that it does the
13 standard security handler and a number of other
14 security handlers?
15 A The only ones about which I have any personal
16 knowledge are the eBook format, WebBuy and the
17 standard security handler.
18 Q Okay.
19 A There are other things there I haven't put to
20 any test. I don't have any personal knowledge.
21 MR. BURTON: All right. I'll accept that
22 answer.
23 Your Honor, I think --
24 THE COURT: It's a good time?
25 MR. BURTON: Yes.
68
1 THE COURT: All right. Ladies and
2 gentlemen, I talked to counsel at the break about
3 taking a witness out of order. So we're going to
4 interrupt Mr. Diaz's testimony at this point to
5 take a witness now out of order and we'll finish
6 with him tomorrow.
7 So see you tomorrow, I guess.
8 THE WITNESS: All right.
9
10 ---oOo---
11
12