tag:blogger.com,1999:blog-37798047.post2686483973970365978..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Liability of reverse engineeringDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-37798047.post-59438572703488716282008-12-17T00:47:00.000-05:002008-12-17T00:47:00.000-05:00Jennifer Granick acknowledges that IOActive may be...Jennifer Granick acknowledges that IOActive may be guilty of patent "inducement" (see http://www.wired.com/politics/law/commentary/circuitcourt/2007/02/72819.<BR/><BR/>At http://www.generalpatent.com/different-types-patent-infringement-0, Alexander Poltorak of General Patent Corporation explains<BR/>"Indirect infringement takes two forms: contributory infringement or inducement to infringe. Patent law states that "whoever actively induces infringement of a patent shall be liable as an infringer" (35 U.S.C. ยง 271(b)). In other words, a company does not have to infringe a patent directly in order to be sued for patent infringement."<BR/><BR/>"Induced infringement is that which enables the direct infringer to practice the patented intention. This type of infringement can take the form of helping the direct infringer to assemble the patented product; providing instructions that detail how to produce the patented invention; preparing instructions for consumer use; or licensing plans or a process which enable the licensee to produce the patented product or process. The test for induced infringement is whether the inducer has demonstrated active aiding and abetting of the direct infringer's infringing activities."<BR/><BR/>Based on this, it actually seems likely that IOActive would have been guilty of patent inducment had they gone ahead released schematics and source code.<BR/>IOActive backed off after consulting their expensive attorneys for a reason. So they decided to take the "safe" route and not release the source code and schematics. By posting HID's letter, IOActive managed to make it look like another case of a big company stiffling a security researcher which is why this became big news. As pointed out by other people, this wasn't the first time that a Prox card was cloned.Unknownhttps://www.blogger.com/profile/13054288920973245583noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-52086128190187150962007-05-18T01:37:00.000-04:002007-05-18T01:37:00.000-04:00I have always questioned the legality of writing g...<B>I have always questioned the legality of writing generic reverse engineering tools as well. Is it legal? I've gotten multiple conflicting answers for from various experts.</B><BR/><BR/>As I said in the post, reverse-engineering is legal, therefore writing tools for a legal activity is also legal. You wouldn't get conflicting answers from experts, although they might not have understood the question.<BR/><BR/>One reason they might not understand is if you are writing reverse-engineering tools in order to bypass the DMCA. The answer an expert should give is "it hasn't been tested in court, so we don't know".Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-1798641699116575242007-05-16T12:46:00.000-04:002007-05-16T12:46:00.000-04:00I have always questioned the legality of writing g...I have always questioned the legality of writing generic reverse engineering tools as well. Is it legal? Even if the tool CANT make changes to the binary/code? Its a tricky question that I've gotten multiple conflicting answers for from various experts.Chris Rohlfhttps://www.blogger.com/profile/16615531060194715892noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-17764927466942218472007-05-14T12:19:00.000-04:002007-05-14T12:19:00.000-04:00Mangoboy writes: Copyright holders can argue that....Mangoboy writes: <B>Copyright holders can argue that...</B><BR/><BR/>My point was to pin the debate on what has been successfully argued in existing cases. Trying to imagine creative ways around the law will get you into trouble. Imaging ways your adversary might sue you will make you too afraid to do anything, which is worse.Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-38346372878773421992007-05-09T14:51:00.000-04:002007-05-09T14:51:00.000-04:00You missed part of the copyright issue, Robert. W...You missed part of the copyright issue, Robert. When talking about software, the process of reverse engineering requires some number of intermediate copies of the target be made (a disassembly). Copyright holders can argue that these intermediate copies are not authorized, and therefore constitute infringement.<BR/><BR/>The ensuing question is whether this is covered by fair use doctrine (in the US). The Supreme Court held in Sega v Accolade that Accolade's reverse engineering (for compatibility purposes) *was* fair use, but the decision is not necessarily broad enough to cover all RE. In this case the intent of the copying is relevant, so if you are reverse engineering software with the intent to do something that would cause harm to the software vendor, it would be a much harder case. You'd run a real risk of an infringement suit in that case.Ken Buchananhttps://www.blogger.com/profile/05071807361449831019noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-43767545803278908652007-05-09T08:36:00.000-04:002007-05-09T08:36:00.000-04:00Fantastic. Thanks, Robert. I appreciate the post...Fantastic. Thanks, Robert. I appreciate the post and the corner-case illustrations.<BR/><BR/>/HoffChristofer Hoffhttps://www.blogger.com/profile/06755101021610973483noreply@blogger.com