Slashdot Mirror
Legal Issues of Opening Up Proprietary Standards?
mrjb asks: "The Alesis HD24 is a 24-track, hard disk audio recorder with a built-in 10 megabit FTP server. To improve on file transfer speed, Alesis offers an external Firewire drive with a program called FST/Connect which reads the disks under Windows. I've contacted Alesis about a Linux solution, but none is planned. Also, they are (understandably) not very eager to reveal the file system specs. After a few days of staring at hex codes, I now know enough about the FS to read HD24 IDE disks under Linux (no Firewire required). As I know I benefit from the efforts of the Samba and OpenOffice teams, I'd love to share this info. I'm not, however, the least bit interested in Alesis suing me (in fact, I might want to send them my CV at some point). What would your advice be in such a delicate situation of conflicting interests?"
BTW, the article doesnt have a link for some of us lazy folks...
Here is a link to the product (Alesis HD24)...
Just curious... how can you prove that you didnt have any inside information on the specs and that you decoded it all by yourself?
Find an anonymous ftp site that accepts this kind of information for this area, which in turn will be let loose into the wild.
Reverse Engineering is generally not illegal.
But, to CYA, your best bet is to just write up the specs as you understand them, then have someone else write the driver for the community.
You don't even have to share those specs. Give the author the specs, have him write the driver, then publish it, without your specs. Now, anyone who wants to reverse engineer the driver you wrote, is investigating a full layer of indirection from you. They're not even looking at the specs you wrote, but rather the code that was written upon those specs.
I am unamerican, and proud of it!
Write up a spec sheet, get onto an anonymizer service, and e-mail the specs to either someone interested in writing a driver, or a hobbyist e-mail list. Or write the driver yourself and publish the source in the same manner. Either way, just use an anonymizer service.
If you're looking to take credit for it, well, (possibly) getting sued is the price you pay for fame.
occultae nullus est respectus musicae - originally a Greek proverb
If I were you I'd be awfully careful with what you are doing. Maybe you could just release some sort of closed source linux tool to allow access to this device so your needs are met, and even send it to them so they can release a linux client if they want.
No matter what your feelings are on patent and IP, you still need to tread lightly with their stuff. Esp since you probably contacted them with email so they have documented proof that you went and asked 1st, knew they didnt want to release one, so then set out to reverse engineer it anyway.
But, kudos to you. I'd go the honest route with them, send them your source, say here ya go, I did this cause I LOVE your product and want to use it with Linux, I hope you can appreciate that, and make this available to your customers like me.
This article has recently been linked from Slashdot. Please keep an eye on the page history for errors or vandalism.
As always, this is not legal advice, if you get legal advice on Slashdot, get your head checked.
If you reverse engineered their disk standard by yourself, you are fine legally, There's nothing illegal about reverse engineering (exception copy restriction technology per the DMCA). Now if you used some of their developer docs or something to do it you could be on the hook if they made you agree not to use them for reverse engineering before giving them to you. However if this was all on your own, then there's no worries.
Now, this doesn't mean they can't sue you it just means they won't win if you are competently represented. They could still file a suit and it probably would get past inital hearings, so you'd actually have to fight it in court.
As for employment, well if you release this and it pisses them off then you can expect they won't employ you, and they'll be within their rights to do so. So if you are seriously thinking about getting a job with them, you might want to reconsider.
Something else I will point out, though I am not advocating, is that the Internet is large, spans international borders, and is not well monitored. If you don't care about credit and don't do things to draw attention to yourself (like posting on Slashdot) there's no reason you couldn't do an anonymous release on a website in a country that doesn't much care, like Russia.
Try emailing a public contact at Samba and see if they can give you any advice. They obviously had to figure this out a long time ago.
You could also contact a lawyer.
The global economy is a great thing until you feel it locally.
Before he does that, what he really ought to be doing is talking to an attorney. An attorney can give you advice on what measures you can take to minimize your legal exposure here. That advice may include what you need to do to assure that you've done this in a clean manner. Having specs you hand off to somebody else may not provide the kind of validation that is needed.
In the end though you can do this 100% on the up and up and still get sued. A good lawyer will tell you that. Will they win the lawsuit? Not if you do this right, but then how many thousands of dollars will you blow defending the lawsuit, whether you win or not.
Whatever you decide to do an attorney can give you a clear perspective on what the ramifications are.
This sig has been temporarily disconnected or is no longer in service
Why not get your working driver, and email the company asking if they would release a driver written by you in any form. Then negotiate either payment, or open-ness.
You might want to investigate how the people writing Linux drivers for the Broadcom bcm43xx ( Airport Express ) went about it. One team sticking to write the specs, and a seperate one working from the specs into a working driver.
http://linux-bcom4301.sourceforge.net/go/progress
What's remarkable is that the IP lobbyists have managed to generate such a level of paranoia that people are frightened to use their God-given gifts to advance technology and the interests of the community.
If reverse-engineering is outlawed, then technological progress is at risk.
The music industry is notoriously "closed mouthed" about letting anyone know how their electronic products work at a technical level. Ever since the mid 80's or so though, companies have been reverse-engineering these instruments and devices, and *selling* commercial products that work with them, not to mention work on freeware projects along the same lines.
For example, I used to own a Roland S-50 sampling synthesizer. It saved its sample data on 720K 3.5" floppy disks. But people with PCs quickly realized it would be much more useful if you could take standard WAV sound files and dump them into the synth via MIDI. Many other makes and models of sampling synths and rack-mounted samplers were in the same boat. The manufacturers (like Roland) had poor documentation for the MIDI "system exclusive" commands that would be required to upload or download the sample data, so a few people worked at reverse engineering all of this on their own. Eventually, prodcuts were sold like "SampleVision" which knew how to do this for many dozens of samplers on the market.
Rather than being sued, it seemed like the synth makers actually ended up endorsing the products, providing links to them from their own web sites - because they learned it made their products more desirable to purchase.
Even if the onus of proof is on the prosecution, that won't stop them from creating a long, drawn-out trial that will bankrupt the defendant before the case even gets close to providing justice. So yes, in an idealistic world where lawyers don't require money and time is not an issue, the onus is on the prosecution. However, we don't live in that world, and unless he can prove very quickly that the case has no merit, he's going to get the legal crap beat out of him, regardless of whether or not he's done anything wrong.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Well, that's half of the problem, but the idiots yelling "IT'S A VIOLATION OF TEH DMCA!!! YUO NEED TO MOVE TO RUSSIA!!!" on every case of perfectly legitimate reverse engineering are the other half. That's why it's important to explain that this guy is (unless he signed an NDA or the like) on perfectly safe ground, instead of feeding the persecution fantasies of the mob.
What I'm listening to now on Pandora...
Chapter 12's permission vis-a-vis reverse engineering for compatibility purposes refers to copy protection and issues pertaining to copyright, not generic protocols:
0 1
http://www.copyright.gov/title17/92chap12.html#12
Scroll down to "(f) Reverse Engineering." This section has to do with permitting one vendor to reverse engineer protected/encrypted content.
The notion of reverse engineering a driver for a pipeline which does not encrypt or otherwise disguise its content is theoretically outside the aegis of the DMCA.
Apple used (or misused, depending on your perspective) the DMCA against the OSx86 website because it infringed on protection measures Apple specifically set in place to prevent OSX from installing on whiteboxes. Real told its board members that they might be DMCAed over Fairplay because it unlocks copy protection on iTMS purchases.
If the submitter did not discover any authentication methods or trust related protocols in his reverse engineering, and his driver does not have code which specifically spoofs a platform or other form of identification, it sounds to this non-lawyer like a non-issue.
There may be other legal issues at hand, but AFAIK the DMCA is chiefly concerned with those who circumvent deliberate measures to protect copyright, and simply refusing to publicly document a protocol isn't the same thing.
Now, if the driver somehow replicates code that the vendor had to *license* from Microsoft, Microsoft may have an issue with you. Again, check with a competent IP attorney.
"Made up/misattributed quote that makes me look smart. I am on
To give you a little bit of perspective, I've worked for several Alesis dealers, the first back in 1985 when they were just getting off the ground.
The company loves to sue. LOVES to.
And they don't particularly care about the consequences, even if it hurts them. I've watched them pull product from major accounts because they'd gotten into some tiff with the store over policy.
I'd keep your discovery under wraps.
And, for what it's worth, I'd avoid working there.
Boycott everything - they're all trying to fuck you one way or another
So first off, anyone who "asks slashdot" about legal issues is asking for public opinion, not legal fact. I did not need to preface this with "IANAL", but I did so to call attention to the fact that slashdot is the wrong forum. You can't get legal advice from anyone but a lawyer you have arragements with. It's stupid even to go to somewhere like groklaw and ask for advice. Pay a lawyer or take your chances.
Second, reverse engineering IS legal. Your cynicism is masking that fact. Yes, it is dangerous, but the question sounded like some frustrated guy who figured out a file format all by himself. There are dozens of things he could have done to make his particular reverse illegal, but I suspect he did so honestly or he wouldn't be asking. Lawyers could clarify the subject, all us geeks are going to say is "if you didn't cheat, it's OK".
Third, the DMCA makes reverse engineering copy protection methods illegal. This particular part of the DMCA has not been tested, ever, on purpose. It probably would get thrown out. It is unlikely that someone would crack copy protection on purpose, without intent to enable piracy. But it has been done, and no charges filed on that issue. That is why I made the statement about "being willing to get drug through the mud".
Fourth, you don't need to be a lawyer to make statements about what is right. Most of law is what society thinks is right vs. wrong turned in to words that can then be applied equally and fairly. Very often the written law is well behind public opinion, and one way that changes is by forcing it.
Finally, Engineering 101. When in doubt, shout it out.
Could you provide a reference to the particular law and section? It is my understanding that reverse engineering is not only legal in most cases, it is even protected. It's only a few rare exceptions that are illegal such as (potentially) EULA restrictions and creating software that bypasses copyrightprotections, thanks to the DMCA.
Unless this guys is violating his EULA, I'm not sure where the violation is. Still, it is good to check with a lawyer.
While I agree if he's interested in a job he should be careful that they don't mind what he's doing, I don't see where this would deny them revenue. They sell a piece of hardware (HD24), and an extension piece of software on Windows that works through firewire. (It's not clear if they charge extra for the Windows software.) They were very clear they're not building drivers for Linux presumably because the cost to develop, maintain, and support Linux wouldn't cover the small market gains. This guy figured out how to make it work in Linux. He basically just opened up a market for them by effectively developing a Linux driver for free, with no required commitment from them for support or maintenance. Now they can potentially sell more hardware at no extra cost.
Where exactly is the denied revenue?
The problem is that some of the idiots yelling "VIOLATION" have lawyers. See the Blizzard v. Bnetd case. Even if you haven't signed an NDA, they can get you for reverse-engineering their code, either through the DMCA or by pulling out the shrink-wrap EULA.
It's utter bullshit, but bullshit with powerful backers.
On the positive side, with wireless, anonymity is trivial.
Scary as that may be, that's how the world works. You can be sued for pretty much anything and while you may not lose if you can afford to fight it, you still have to afford to fight it.
A good illustration of this comes from an experience a friend of mine had totally outside the realm of intellectual property. They were trying to extend a covenant in a neighborhood. Somebody who lived in the neighborhood resented the covenenant and sued. Fine, but then they also sued all the members of the neighborhood board personally for libel. There was zero libel or evidence there of, but of course then the individual board members had to defend libel lawsuits. No matter how frivolous they were, it costs money to defend a lawsuit.
During this who affair, my friend's home insurance covered their legal fees. But then the insurance company didn't want to be on the line for defending a libel case. So what did they do? They sued my friend to get out of having to pay the legal fees. My friend ended up settling with the insurance company saying that the insurance company didn't have to cover any more fees and my friend would owe them nothing for what they had already paid.
So in the end, from one legal dispute, three lawsuits emerge, and two of those suits were at best frivolous, taking advantage of the cost of a lawsuit as a tool to try to extract concessions.
This sig has been temporarily disconnected or is no longer in service
"With their patent-pending method of writing to the hard drive HD24 and HD24XR are the first hard disk recorders built from the ground up"
So, go look up the patent (not need to do any reverse engineering and send it off to someone who lives in a country that doesn't have software patents. They will then be free to write a driver, but you won't be able to because you live in the US and have silly patent laws.
They may try and sue your arse if you send them a linux driver and ask them distribute it because you've already infringed upon their patent.
Note, it looks like the patent is still pending as none of the patents listed seem to be for a file system.
thank God the internet isn't a human right.
Unless he signed an NDA, he's free to do whatever he wants, as long as it dosn't violate their copyrights. (If you're wondering, the reason Compaq was so careful about their clean-room implementation was that their BIOS was certain to duplicate IBM's BIOS, which was published openly. They only way they could prove they weren't violating copyrights was to prove no one on their team had ever seen it)
autopr0n is like, down and stuff.