Tuesday, February 27, 2007

Blogging Blackhat

The big story today is how a company (HID Corp) successfully suppressed a talk by threatening to sue a researcher (Chris Paget). This is the third such action in recent times, after Cisco tried to suppress Mike Lynn and Apple tried to suppress Dave Maynor. The threatened legal action in this case is that HID claims Paget's work infringes their patents.

There is an important legal distinction here. In the Lynn case, Cisco claimed it was about trade secrets. In trade secret cases like this, a company is forced to take legal actions against their will. They cannot selectively enforce their rights against some people but not others, they must sue people even if they don't want to, else people would be compromise their trade secrets and claim that since Cisco doesn't sue in some cases, they cannot sue in any case.

The same is true of trademark infringement. When Steve Jobs announced the iPhone, Cisco was forced to immediately sue Apple over the trademark. Cisco didn't have a choice in the matter: even though they wanted to negotiate in a friendly manner with Apple, they had to immediately file court papers against Apple. Otherwise, they would lose any rights they had over the trademark.

While you cannot selectively enforce secrets and trademarks, you can be selective about patents. In other words, you can choose not to sue some people who infringe your patents, and choose to sue others. Just because you failed to sue person A does not hurt your suit against person B.

Thus, Cisco's reason is at least plausible, but HID's reason is not. They are not actually suing to protect their patents, they are threatening to sue in order to suppress free speech.

However, it's not likely to suppress much. You can get schematics for a device that can be used to break into HIDs systems here http://cq.cx/proxmark3.pl, you'll just have to do a few hours of extra work without Plaget's speech.

1 comment:

- Rish - said...

hey, could you please help me out by answering a questionnaire that is related to the use of RFID?
btw, do you use RFID?