Dave Emery wrote:
> On Fri, Mar 17, 2000 at 04:01:08PM -0800, Ed Gerck wrote:
> >
> > Thus, what mildly bothers me is that when choosing between privacy and
> > security we seem (of all groups) to prefer security. We need to accept
> > that the privacy of source code is protected by intellectual property rights
> > which the owner chose to claim (trade secret) *before* the end-user decided
> > to use the software. Security of others, even in the good name of free speech,
> > cannot in my view justify an invasion in the privacy of one. Those that prefer
> > securit over privacy deserve none, would perhaps Ben Franklin say today.
> >
> This is an absolutist view of intellectual property ethics that
> says your shrink wrap rubber stamp non-negotiated software license
> trumps my right to inquire as to what software I install on my machine
> does and does not do. Your trade secret is what your software does to
> me.
I agree with you that different models may be used in different situations.
In this regard, however, the user is laways free NOT to use it if the software
producer decides to declare reverse engineering out of bounds.
BTW, reverse enginering is not the trump card either, because we would
also need to check the OS, the firmware, etc. At the emd, we are trusting
many different things -- and we need to trust them exacrtly because we
cannot measure them.
A solution that I favor is to promote peer review and open protocols,
if not source code, so that at elast we know what model is being used,
we know the test vectors, etc.
This approach may also have a better chance to provide a middle ground
for different situations since it does not intrude so much into the
developer's right to privacy and intellectual property protection --
if so desired/necessary.
Cheers,
Ed Gerck
