Slashdot Mirror
Legal Issues of Opening Up Proprietary Standards?
mrjb asks: "The Alesis HD24 is a 24-track, hard disk audio recorder with a built-in 10 megabit FTP server. To improve on file transfer speed, Alesis offers an external Firewire drive with a program called FST/Connect which reads the disks under Windows. I've contacted Alesis about a Linux solution, but none is planned. Also, they are (understandably) not very eager to reveal the file system specs. After a few days of staring at hex codes, I now know enough about the FS to read HD24 IDE disks under Linux (no Firewire required). As I know I benefit from the efforts of the Samba and OpenOffice teams, I'd love to share this info. I'm not, however, the least bit interested in Alesis suing me (in fact, I might want to send them my CV at some point). What would your advice be in such a delicate situation of conflicting interests?"
BTW, the article doesnt have a link for some of us lazy folks...
Here is a link to the product (Alesis HD24)...
Just curious... how can you prove that you didnt have any inside information on the specs and that you decoded it all by yourself?
Find an anonymous ftp site that accepts this kind of information for this area, which in turn will be let loose into the wild.
Reverse Engineering is generally not illegal.
But, to CYA, your best bet is to just write up the specs as you understand them, then have someone else write the driver for the community.
You don't even have to share those specs. Give the author the specs, have him write the driver, then publish it, without your specs. Now, anyone who wants to reverse engineer the driver you wrote, is investigating a full layer of indirection from you. They're not even looking at the specs you wrote, but rather the code that was written upon those specs.
I am unamerican, and proud of it!
Wouldn't this fall into the fair use catagory? I mean if you purchase the equipment then don't you have the right to be able to use it?
I love random hex numbers! Just like this one, 09f911029d74e35bd84156c5635688c0.
Write up a spec sheet, get onto an anonymizer service, and e-mail the specs to either someone interested in writing a driver, or a hobbyist e-mail list. Or write the driver yourself and publish the source in the same manner. Either way, just use an anonymizer service.
If you're looking to take credit for it, well, (possibly) getting sued is the price you pay for fame.
occultae nullus est respectus musicae - originally a Greek proverb
If I were you I'd be awfully careful with what you are doing. Maybe you could just release some sort of closed source linux tool to allow access to this device so your needs are met, and even send it to them so they can release a linux client if they want.
No matter what your feelings are on patent and IP, you still need to tread lightly with their stuff. Esp since you probably contacted them with email so they have documented proof that you went and asked 1st, knew they didnt want to release one, so then set out to reverse engineer it anyway.
But, kudos to you. I'd go the honest route with them, send them your source, say here ya go, I did this cause I LOVE your product and want to use it with Linux, I hope you can appreciate that, and make this available to your customers like me.
This article has recently been linked from Slashdot. Please keep an eye on the page history for errors or vandalism.
As always, this is not legal advice, if you get legal advice on Slashdot, get your head checked.
If you reverse engineered their disk standard by yourself, you are fine legally, There's nothing illegal about reverse engineering (exception copy restriction technology per the DMCA). Now if you used some of their developer docs or something to do it you could be on the hook if they made you agree not to use them for reverse engineering before giving them to you. However if this was all on your own, then there's no worries.
Now, this doesn't mean they can't sue you it just means they won't win if you are competently represented. They could still file a suit and it probably would get past inital hearings, so you'd actually have to fight it in court.
As for employment, well if you release this and it pisses them off then you can expect they won't employ you, and they'll be within their rights to do so. So if you are seriously thinking about getting a job with them, you might want to reconsider.
Something else I will point out, though I am not advocating, is that the Internet is large, spans international borders, and is not well monitored. If you don't care about credit and don't do things to draw attention to yourself (like posting on Slashdot) there's no reason you couldn't do an anonymous release on a website in a country that doesn't much care, like Russia.
Try emailing a public contact at Samba and see if they can give you any advice. They obviously had to figure this out a long time ago.
You could also contact a lawyer.
The global economy is a great thing until you feel it locally.
Before he does that, what he really ought to be doing is talking to an attorney. An attorney can give you advice on what measures you can take to minimize your legal exposure here. That advice may include what you need to do to assure that you've done this in a clean manner. Having specs you hand off to somebody else may not provide the kind of validation that is needed.
In the end though you can do this 100% on the up and up and still get sued. A good lawyer will tell you that. Will they win the lawsuit? Not if you do this right, but then how many thousands of dollars will you blow defending the lawsuit, whether you win or not.
Whatever you decide to do an attorney can give you a clear perspective on what the ramifications are.
This sig has been temporarily disconnected or is no longer in service
Why not get your working driver, and email the company asking if they would release a driver written by you in any form. Then negotiate either payment, or open-ness.
Depends on all kinds of circumstances. The number one is whether or not there are patents involved. How you obtained the information needed to create compatible drivers is important too, as what you may have done up to that point. For example, if you accepted a EULA under windows before poking around the device using Linux, then a lot may depend on the circumstances of the EULA.
/. folks advice on this is like finding a bomb in a movie theater, then defusing it, taking and audience poll as to whether, according to their memories of old movies with UXBs in them, you should cut the red wire or the blue wire first.
Asking
It seems to me common sense dictates one of three approaches:
(1) Walk away.
(2) Cover your tracks. (e.g., release specs through an elaborate process of anonyization)
(3) Cover your ass. (i.e., talk to a lawyer who at least knows the right question to ask; getting permission also falls into this category, but makes approach 2 harder).
Speaking of the last, some smart lawyer might drum up business by doing an IP question of the month feature, suitably whitewashed the way psychologists' case studies are.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
You might want to investigate how the people writing Linux drivers for the Broadcom bcm43xx ( Airport Express ) went about it. One team sticking to write the specs, and a seperate one working from the specs into a working driver.
http://linux-bcom4301.sourceforge.net/go/progress
What's remarkable is that the IP lobbyists have managed to generate such a level of paranoia that people are frightened to use their God-given gifts to advance technology and the interests of the community.
If reverse-engineering is outlawed, then technological progress is at risk.
Easy, dude. Write up the specs, hop onto someone's open wireless network, and post the file online from there. ;)
The music industry is notoriously "closed mouthed" about letting anyone know how their electronic products work at a technical level. Ever since the mid 80's or so though, companies have been reverse-engineering these instruments and devices, and *selling* commercial products that work with them, not to mention work on freeware projects along the same lines.
For example, I used to own a Roland S-50 sampling synthesizer. It saved its sample data on 720K 3.5" floppy disks. But people with PCs quickly realized it would be much more useful if you could take standard WAV sound files and dump them into the synth via MIDI. Many other makes and models of sampling synths and rack-mounted samplers were in the same boat. The manufacturers (like Roland) had poor documentation for the MIDI "system exclusive" commands that would be required to upload or download the sample data, so a few people worked at reverse engineering all of this on their own. Eventually, prodcuts were sold like "SampleVision" which knew how to do this for many dozens of samplers on the market.
Rather than being sued, it seemed like the synth makers actually ended up endorsing the products, providing links to them from their own web sites - because they learned it made their products more desirable to purchase.
Even if the onus of proof is on the prosecution, that won't stop them from creating a long, drawn-out trial that will bankrupt the defendant before the case even gets close to providing justice. So yes, in an idealistic world where lawyers don't require money and time is not an issue, the onus is on the prosecution. However, we don't live in that world, and unless he can prove very quickly that the case has no merit, he's going to get the legal crap beat out of him, regardless of whether or not he's done anything wrong.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Well, that's half of the problem, but the idiots yelling "IT'S A VIOLATION OF TEH DMCA!!! YUO NEED TO MOVE TO RUSSIA!!!" on every case of perfectly legitimate reverse engineering are the other half. That's why it's important to explain that this guy is (unless he signed an NDA or the like) on perfectly safe ground, instead of feeding the persecution fantasies of the mob.
What I'm listening to now on Pandora...
I understand the value of this question as a conversation topic, but..
Honestly, the best thing you can do is talk to a professional that actually knows something about this, rather than a whole bunch geeks who have nothing better to do than post stuff on Slashdot that is highly apocryphal, or at least wildly inaccurate, especially considering that a lot is at stake here for you.
Register the editry.
Chapter 12's permission vis-a-vis reverse engineering for compatibility purposes refers to copy protection and issues pertaining to copyright, not generic protocols:
0 1
http://www.copyright.gov/title17/92chap12.html#12
Scroll down to "(f) Reverse Engineering." This section has to do with permitting one vendor to reverse engineer protected/encrypted content.
The notion of reverse engineering a driver for a pipeline which does not encrypt or otherwise disguise its content is theoretically outside the aegis of the DMCA.
Apple used (or misused, depending on your perspective) the DMCA against the OSx86 website because it infringed on protection measures Apple specifically set in place to prevent OSX from installing on whiteboxes. Real told its board members that they might be DMCAed over Fairplay because it unlocks copy protection on iTMS purchases.
If the submitter did not discover any authentication methods or trust related protocols in his reverse engineering, and his driver does not have code which specifically spoofs a platform or other form of identification, it sounds to this non-lawyer like a non-issue.
There may be other legal issues at hand, but AFAIK the DMCA is chiefly concerned with those who circumvent deliberate measures to protect copyright, and simply refusing to publicly document a protocol isn't the same thing.
Now, if the driver somehow replicates code that the vendor had to *license* from Microsoft, Microsoft may have an issue with you. Again, check with a competent IP attorney.
"Made up/misattributed quote that makes me look smart. I am on
Why don't you write it anyway (strictly for your own use, to start with), and then once it is working well (and you are happy with it), pitch it back to the manufacturer?
t er, but assuming you find someone with some imagination, they might actually help you with it (or indeed, if you are really lucky, employ you...)
If you look at it from their perspective: through reverse-engineering, you have created a driver for their product which potentially extends the market of that product for no up-front cost to them. What's more, assuming you don't release it into the wild without their consent, you have given them a chance to decide how they want to proceed with it -- you are playing fair with them.
Worst case, they get all legal about it, and cease/desist/wash-your-mouth-out-with-soap-and-wa
That might work against him, and I would say check with a lawyer first. They might say he was blackmailing him or something.
To give you a little bit of perspective, I've worked for several Alesis dealers, the first back in 1985 when they were just getting off the ground.
The company loves to sue. LOVES to.
And they don't particularly care about the consequences, even if it hurts them. I've watched them pull product from major accounts because they'd gotten into some tiff with the store over policy.
I'd keep your discovery under wraps.
And, for what it's worth, I'd avoid working there.
Boycott everything - they're all trying to fuck you one way or another
remove your name from the source code
zip the source code
rename it pamela anderson new video (2006)
share it on kazaa, dc++, bittorrent, etc, etc, etc
So first off, anyone who "asks slashdot" about legal issues is asking for public opinion, not legal fact. I did not need to preface this with "IANAL", but I did so to call attention to the fact that slashdot is the wrong forum. You can't get legal advice from anyone but a lawyer you have arragements with. It's stupid even to go to somewhere like groklaw and ask for advice. Pay a lawyer or take your chances.
Second, reverse engineering IS legal. Your cynicism is masking that fact. Yes, it is dangerous, but the question sounded like some frustrated guy who figured out a file format all by himself. There are dozens of things he could have done to make his particular reverse illegal, but I suspect he did so honestly or he wouldn't be asking. Lawyers could clarify the subject, all us geeks are going to say is "if you didn't cheat, it's OK".
Third, the DMCA makes reverse engineering copy protection methods illegal. This particular part of the DMCA has not been tested, ever, on purpose. It probably would get thrown out. It is unlikely that someone would crack copy protection on purpose, without intent to enable piracy. But it has been done, and no charges filed on that issue. That is why I made the statement about "being willing to get drug through the mud".
Fourth, you don't need to be a lawyer to make statements about what is right. Most of law is what society thinks is right vs. wrong turned in to words that can then be applied equally and fairly. Very often the written law is well behind public opinion, and one way that changes is by forcing it.
Finally, Engineering 101. When in doubt, shout it out.
But there are two questions: Is it legal? and, Will there be a lawsuit? It seems that releasing the code would be completely legal. Even so, nobody wants to invite a lawsuit, particularly given the legal environment in the US. Win, lose, or settle, a lawsuit will end up costing time and money. This is truly depressing and unjust. What can we do about it? And on top of all that, the author wants to remain on good terms with the corporation for a possible job application.
Could you provide a reference to the particular law and section? It is my understanding that reverse engineering is not only legal in most cases, it is even protected. It's only a few rare exceptions that are illegal such as (potentially) EULA restrictions and creating software that bypasses copyrightprotections, thanks to the DMCA.
Unless this guys is violating his EULA, I'm not sure where the violation is. Still, it is good to check with a lawyer.
While I agree if he's interested in a job he should be careful that they don't mind what he's doing, I don't see where this would deny them revenue. They sell a piece of hardware (HD24), and an extension piece of software on Windows that works through firewire. (It's not clear if they charge extra for the Windows software.) They were very clear they're not building drivers for Linux presumably because the cost to develop, maintain, and support Linux wouldn't cover the small market gains. This guy figured out how to make it work in Linux. He basically just opened up a market for them by effectively developing a Linux driver for free, with no required commitment from them for support or maintenance. Now they can potentially sell more hardware at no extra cost.
Where exactly is the denied revenue?
The point of proving that he did not have insider information is to protect him from the accusation of trade secret misappropation.
However, IIRC, that would be the extent of what they could go after him for unless he stole actual code.
IANALBAFS.
Sell the company a Linux implementation. You make money, the company makes money, everyone is happy.
Obviously the company might not be all that willing to do that, but if they are, it's a win-win situation.
In Soviet Russia, I ruled you
The problem is that some of the idiots yelling "VIOLATION" have lawyers. See the Blizzard v. Bnetd case. Even if you haven't signed an NDA, they can get you for reverse-engineering their code, either through the DMCA or by pulling out the shrink-wrap EULA.
It's utter bullshit, but bullshit with powerful backers.
On the positive side, with wireless, anonymity is trivial.
Scary as that may be, that's how the world works. You can be sued for pretty much anything and while you may not lose if you can afford to fight it, you still have to afford to fight it.
A good illustration of this comes from an experience a friend of mine had totally outside the realm of intellectual property. They were trying to extend a covenant in a neighborhood. Somebody who lived in the neighborhood resented the covenenant and sued. Fine, but then they also sued all the members of the neighborhood board personally for libel. There was zero libel or evidence there of, but of course then the individual board members had to defend libel lawsuits. No matter how frivolous they were, it costs money to defend a lawsuit.
During this who affair, my friend's home insurance covered their legal fees. But then the insurance company didn't want to be on the line for defending a libel case. So what did they do? They sued my friend to get out of having to pay the legal fees. My friend ended up settling with the insurance company saying that the insurance company didn't have to cover any more fees and my friend would owe them nothing for what they had already paid.
So in the end, from one legal dispute, three lawsuits emerge, and two of those suits were at best frivolous, taking advantage of the cost of a lawsuit as a tool to try to extract concessions.
This sig has been temporarily disconnected or is no longer in service
In the US the same person can't disassemble and examine as the person whose writing the new code.
;)
If all you did was look at the file system, you're ok (but you have to prove that.) If you disassembled their windows driver, then all you can do is make a spec like the parent said.
It's the same way Compaq cloned the IBM PC Bios. They had to setup a clean room environment for the actual developers handing them only the spec written by the disassemblers.
But most importantly, talk to a lawyer
"With their patent-pending method of writing to the hard drive HD24 and HD24XR are the first hard disk recorders built from the ground up"
So, go look up the patent (not need to do any reverse engineering and send it off to someone who lives in a country that doesn't have software patents. They will then be free to write a driver, but you won't be able to because you live in the US and have silly patent laws.
They may try and sue your arse if you send them a linux driver and ask them distribute it because you've already infringed upon their patent.
Note, it looks like the patent is still pending as none of the patents listed seem to be for a file system.
thank God the internet isn't a human right.
Release it pseudonymously, or have someone front for you, like Jon Lech Johannsen (sp?) fronts for MoRE. I'd be happy to act as an anonymizing layer between you and your release agent, if you wish.
-I like my women like I like my tea: green-
Generally speaking, if a company wants to make it difficult for you to use their product in some way that you consider important, the right thing to do is to not do business with them. That way you don't run into all of these hairy legal issues. Honestly, it's just not worth the trouble - why would you even want to go down this road?
Reverse engineering their product may be legal, depending on the jurisdiction in which you live. Litigating it will cost you more than you can afford, unless you're rich.
If you want to get a job there, you definitely mustn't release this stuff - given their (weird) stance on patents and file formats, it's extremely unlikely that the management there would let you be hired even if the geeks there were impressed with your work.
Unless he signed an NDA, he's free to do whatever he wants, as long as it dosn't violate their copyrights. (If you're wondering, the reason Compaq was so careful about their clean-room implementation was that their BIOS was certain to duplicate IBM's BIOS, which was published openly. They only way they could prove they weren't violating copyrights was to prove no one on their team had ever seen it)
autopr0n is like, down and stuff.
First thing you need to do is talk to a lawyer specializing in IP and patents. The company's very likely to try legal action against you if you release your driver, and you're going to need legal advice and help to deal with them. A couple of questions:
The main point above is that you're in for legal flack even if you're completely in the clear, so talk to a lawyer first.
Could you provide a reference to the particular law and section?
Bright Tunes Music v. Harrisongs Music, 420 F. Supp. 177 (SDNY 1976), upheld on appeal as ABKCO Music v. Harrisongs Music, 722 F.2d 988, 221 USPQ 490. The key finding of law in Bright Tunes was that subconscious copying is actionable infringement. The dirty/clean room structure of a reverse engineering operation is a way to eliminate possibility of subconscious copying by eliminating possibility of the clean room engineers' access to the copyrighted work under analysis. Though this works in software, it unfortunately does not work in music because commercial FM radio puts the whole world in the dirty room.