Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[William Allen Simpson]

-BEGIN PGP SIGNED MESSAGE-

I finally took the time to read the whole (very long) web page, and it 
is quite interesting -- I wish that all analysis had such detailed 
explanations!  Any above-average congress-critter should be able to 
understand quite a bit of it. ;-)

The Merc report says:

  In its legal filings, Microsystems said it suffered ``irreparable harm'' 
  from the publication of the bypassing software, which it said sought 
  to destroy the market for its product by rendering it ineffective.

Is there a right for snake oil salesmen to profit from a questionable 
product?  As the report shows, the hashing and encryption functions 
didn't meet any standard well-known design requirements.  And many 
sites are improperly blocked, while many other sites are missing.

Instead, isn't there a civil cause of action by all the purchasers of 
the product?  It manifestly doesn't do what the marketing promises.

I'd also encourage state attorney's general to take action, as the 
researchers found that half of the blocked sites didn't exist, or 
were improperly blocked.  When a manufacturer ships 100,000 units, 
but they are half filled with rocks, isn't that fraud?

And a fine example of using cryptography to hide the fraud.  Good thing 
that extra criminal penalty didn't pass last year

Also, couldn't we put together a class action by the folks that were 
improperly blocked or classified.  Anti-competitive, damage to 
reputation, etc.  Could be some nice punative damages.  


-BEGIN PGP SIGNATURE-
Version: PGP 6.5.1

iQCVAwUBONFu3Nm/qMj6R+sxAQGokwP9FsROKCe2bgmxWnSK5Gm4YLNddoRcKGoZ
yid0z0Ww0D9eRutnCP+oJWD4BDFiQMbywP+r0Gz6QMZ+ZMeqt2BrLuVIDeJ8FU5U
ZaUw2+vI7xv8J5s9BI8jQ8Fww+FLzT5VVi5dzQr2wzhLQLAukF4EU3xG3HMNYgTP
m22qRVWC3rg=
=cMT6
-END PGP SIGNATURE-

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Michael Froomkin - U.Miami School of Law]

Presumably they make some representation somewhere - in the manual? -
about what they block or why?

On Fri, 17 Mar 2000, Ed Gerck wrote:

> 
> 
> "Michael Froomkin - U.Miami School of Law" wrote:
> 
> > I think there may be a claim in defamation if your site was blocked and
> > the software claims you have some kind of nasty content...
> 
> But, what happens (as is the case) when that software claims nothing...
> you cannot even view what is being blocked.  A difamation claim IMO
> would require others seeing a disclosure of the site's name in a blocking list
> ... hmmm, that is perhaps why they do not disclose (even to parents?).
> 
> Anyway, the idea of blocking and not even telling you what is being
> blocked is a "trust me" procedure -- a well-known nothing. Trust me ;-)
> 
> Cheers,
> 
> Ed Gerck
> 
> 

-- 

A. Michael Froomkin   |Professor of Law|   [EMAIL PROTECTED]
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
-->It's warm here.<--

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[William Allen Simpson]

Pardon me for interrupting a fine theoretical discourse, and summarizing the 
dialog for the benefit of our moderator, but perhaps we should take a look 
at the actual application under discussion?

The application itself reports who it blocks.  When access is attempted, 
the site is listed as blocked.  What I am unsure about: is the precise 
reason for blocking displayed?  When there are multiple reasons?

However, the reasons can be deduced, without reverse engineering, by 
selecting the individual blocking class, and re-testing the URL.

Therefore, I believe that we have both elements:
 (a) the blocking is reported;
 (b) the reason is evident to the user.

So, are the reasons defamatory to the blocked sites?

Will some fine lawyer undertake to contact and ask them?

To take examples, from the paper:

  the anti-censorware site of Peacefire 
  is listed as containing 
"Violence / Profanity, Partial Nudity, Full Nudity, 
Sexual Acts / Text, Gross Depictions / Text, Intolerance, 
Satanic or Cult, Drugs / Drug Culture, Militant / Extremist, 
Sex Education, Questionable / Illegal & Gambling, Alcohol & Tobacco".

  Church of the SubGenius.
Banned in every category except sex-ed.

  The Nuclear Control Institute.
"Militant / Extremist"
"Violence / Profanity"
"Questionable / Illegal & Gambling"

  Anti-nuclear-bomb articles from the Tri-City Herald newspaper.
"Violence / Profanity"
"Militant / Extremist"
"Questionable / Illegal & Gambling"

   The Marston Family Home Page, with the usual round of pictures of 
   Mom, Dad, the kids, the dog, etc. Entire directory blocked for 
 "Militant / Extremist, Questionable / Illegal & Gambling",
   apparently just because of this paragraph in young Prescott's section: 

   In school they teach me about this thing called the Constitution 
   but I guess the teachers must have been lying because this new law 
   the Communications Decency Act totally defys [sic] all that the 
   Constitution was. Fight the system, take the power back, WAKE UP! 


"Michael Froomkin - U.Miami School of Law" wrote:
> I think there may be a claim in defamation if your site was blocked and
> the software claims you have some kind of nasty content...
> 

Ed Gerck wrote:
> But, what happens (as is the case) when that software claims nothing...
> you cannot even view what is being blocked.  A difamation claim IMO
> would require others seeing a disclosure of the site's name in a blocking list
> ... hmmm, that is perhaps why they do not disclose (even to parents?).
> 
> Anyway, the idea of blocking and not even telling you what is being
> blocked is a "trust me" procedure -- a well-known nothing. Trust me ;-)
> 

"Michael Froomkin - U.Miami School of Law" wrote:
> Presumably they make some representation somewhere - in the manual? -
> about what they block or why?
> 

Ed Gerck wrote:
> "What they block" does not seem to be defamation, it seems to be freedom of
> choice. The way I understand it, a defamation claim would have to be based on
> a two-part test: (a) they have to publicly report  "who they block" (so, there is
> cause for action by someone in that list) and (b) they have to say they do it for a
> reason considered to be derogatory, offensive, etc. (so, there is actually
> defamation).
> 
> Thus, "why they block" (the reason, item b above) alone cannot be defamation
> either, IMO, because they do not report who they block.
> 
> Otherwise, we would support the funny idea that someone could suffer defamation
> without ever being reported by any means.  A very contradiction with the
> word "fame" (report) in defamation.
>

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[William H. Geiger III]

In <[EMAIL PROTECTED]>, on 03/17/00 
   at 04:23 PM, William Allen Simpson <[EMAIL PROTECTED]> said:

>   The Marston Family Home Page, with the usual round of pictures of 
>   Mom, Dad, the kids, the dog, etc. Entire directory blocked for 
> "Militant / Extremist, Questionable / Illegal & Gambling",
>   apparently just because of this paragraph in young Prescott's section:


>   In school they teach me about this thing called the Constitution 
>   but I guess the teachers must have been lying because this new law

>   the Communications Decency Act totally defys [sic] all that the 
>   Constitution was. Fight the system, take the power back, WAKE UP! 


Now now, the nice folks at CyberPatrol wouldn't block sites just because
the site's author didn't agree with their political agenda now would they?

-- 
---
William H. Geiger IIIhttp://www.openpgp.net  
Geiger Consulting

Data Security & Cryptology Consulting
Programming, Networking, Analysis
 
PGP for OS/2:   http://www.openpgp.net/pgp.html
---

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Ed Gerck]

William Allen Simpson wrote:

> Pardon me for interrupting a fine theoretical discourse, and summarizing the
> dialog for the benefit of our moderator, but perhaps we should take a look
> at the actual application under discussion?
>
> The application itself reports who it blocks.  When access is attempted,
> the site is listed as blocked.  What I am unsure about: is the precise
> reason for blocking displayed?  When there are multiple reasons?

Good summary.  I guess we all dislike someone else controlling what
we are allowed to see.  But, in this case, perhaps we should also take
a look at what this discussion may turn into -- find a way to demonize the
application CyberPatrol as if that could justify the *illegal* means used to
render it ineffective.

I guess that there is no doubt that reverse engineering is illegal when the
software copyright owner so denies.  Now, can we say that it is illegal for
a parent to shut off the TV when certain shows are aired? Or, to allow the
V-chip to block certain shows? Or, finally, to allow software to do it? Is using
the V-chip a defamation? No -- it is done inside one's own house.  Why is
this different from the same parent using Cyberpatrol for the same objective
but in a computer -- and, look, the parent wants it.

Regarding the political agenda, this is also one's own choice -- otherwise,
we must assume that someone can tell me what to watch or read, like it
or not.

Thus, what mildly bothers me is that when choosing between privacy and
security we seem (of all groups) to prefer security.  We need to  accept
that the privacy of source code is protected by intellectual property rights
which the owner chose to claim (trade secret) *before* the end-user decided
to use the software.  Security of others, even in the good name of free speech,
cannot in my view justify an invasion in the privacy of one.  Those that prefer
securit over privacy deserve none, would perhaps Ben Franklin say today.

That said, I agree with any argument for the first amendment but as long
as privacy is respected. It cannot be that privacy is important as long as it
is my privacy only.

The guys that reverse engineered CyberPatrol seemed to believe that
"security" can justify trespassing.  I think we need to ponder about
the fallacy of it, as if the end could justify the means.

Cheers,

Ed Gerck



>
>
> However, the reasons can be deduced, without reverse engineering, by
> selecting the individual blocking class, and re-testing the URL.
>
> Therefore, I believe that we have both elements:
>  (a) the blocking is reported;
>  (b) the reason is evident to the user.
>
> So, are the reasons defamatory to the blocked sites?
>
> Will some fine lawyer undertake to contact and ask them?
>
> To take examples, from the paper:
>
>   the anti-censorware site of Peacefire 
>   is listed as containing
> "Violence / Profanity, Partial Nudity, Full Nudity,
> Sexual Acts / Text, Gross Depictions / Text, Intolerance,
> Satanic or Cult, Drugs / Drug Culture, Militant / Extremist,
> Sex Education, Questionable / Illegal & Gambling, Alcohol & Tobacco".
>
>   Church of the SubGenius.
> Banned in every category except sex-ed.
>
>   The Nuclear Control Institute.
> "Militant / Extremist"
> "Violence / Profanity"
> "Questionable / Illegal & Gambling"
>
>   Anti-nuclear-bomb articles from the Tri-City Herald newspaper.
> "Violence / Profanity"
> "Militant / Extremist"
> "Questionable / Illegal & Gambling"
>
>The Marston Family Home Page, with the usual round of pictures of
>Mom, Dad, the kids, the dog, etc. Entire directory blocked for
>  "Militant / Extremist, Questionable / Illegal & Gambling",
>apparently just because of this paragraph in young Prescott's section:
>
>In school they teach me about this thing called the Constitution
>but I guess the teachers must have been lying because this new law
>the Communications Decency Act totally defys [sic] all that the
>Constitution was. Fight the system, take the power back, WAKE UP!
>
> "Michael Froomkin - U.Miami School of Law" wrote:
> > I think there may be a claim in defamation if your site was blocked and
> > the software claims you have some kind of nasty content...
> >
>
> Ed Gerck wrote:
> > But, what happens (as is the case) when that software claims nothing...
> > you cannot even view what is being blocked.  A difamation claim IMO
> > would require others seeing a disclosure of the site's name in a blocking list
> > ... hmmm, that is perhaps why they do not disclose (even to parents?).
> >
> > Anyway, the idea of blocking and not even telling you what is being
> > blocked is a "trust me" procedure -- a well-known nothing. Trust me ;-)
> >
>
> "Michael Froomkin - U.Miami School of Law" wrote:
> > Presumably they make some representation somewhere - in the manual? -
> > about what they block or why?
> >
>
> Ed Gerck wrote:
> > "What they b

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Ed Gerck]

List:

If you can't cope, sue.  The reverse-engineering
argument, that it trespasses on property, was already
used by Microsoft many years ago (ca. 1993) against Stacker.

In short, Stacker (the then market leader for on-the-fly
disk compression software) found out that Microsoft had
pirated its code for disk compression in Doublespace, and sued
Micrsoft -- but Microsoft countersued saying that Stacker
could not have reverse engineered Microsoft's code without
a court order. The argument is the same as if you think that
your stolen property is within a certain house -- you can't
trespass or invade the house in order to verify it, you
need to get a court order.  Stacker won in part, but lost
a lot. As an aside, the then market leader (Stacker), now
is no longer even a player.

Thus, what happened here is not new and those that want to
effectively combat "hidden" features, pirated code or covert
weaknesses  by decompiling code should be aware of it. The
end, however merit it may have, cannot justify the means.

Cheers -- Ed Gerck

 Original Message 
Subject: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware
Date: Wed, 15 Mar 2000 23:09:55 -0500
From: Declan McCullagh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]

>In an unusual legal strategy, Microsystems alleged that Skala and Jansson
>violated U.S. copyright law when they reverse-engineered Cyber Patrol to
>analyze it, which the company said is expressly prohibited in its license
>agreements.
>

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Tom Vogt]

Ed Gerck wrote:
> Thus, what happened here is not new and those that want to
> effectively combat "hidden" features, pirated code or covert
> weaknesses  by decompiling code should be aware of it. The
> end, however merit it may have, cannot justify the means.

there is an important difference here. in both the cyberpatrol and the
decss cases, the end-users of a piece of software were sued, for
violation of the license. (and while stacker probably had a valid
license and was thus technically and end-user, I think it is obvious
where the difference is)

this touches on the uncertain state of click-wrap or shrink-wrap
licenses and on the question of whether or not the seller of my car can
forbid me to open the hood. of course, that you don't BUY software, but
LICENSE it is exactly why he (technically) can in software. which brings
up the next point, namely whether licensing is appropriate for software
or simply being used because it gives the companies more power than a
sales contract would - power that they strive to extend further, see
UCITA.

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Ed Gerck]

Tom Vogt wrote:

> Ed Gerck wrote:
> > Thus, what happened here is not new and those that want to
> > effectively combat "hidden" features, pirated code or covert
> > weaknesses  by decompiling code should be aware of it. The
> > end, however merit it may have, cannot justify the means.
>
> there is an important difference here. in both the cyberpatrol and the
> decss cases, the end-users of a piece of software were sued, for
> violation of the license. (and while stacker probably had a valid
> license and was thus technically and end-user, I think it is obvious
> where the difference is)

Stacker was an end-user of Doublespace and violated the license
agreement by decompiling it.  Reverse-engineering was prohibited
even for private uses (ie, without publishing it).  Thus, with or
without  publication, Stacker, Skala and Jansson did reverse engineer
and did trespass on property of others.  This is the important similarity
-- and effective legal precedence -- which was ignored in the news release:

>>In an unusual legal strategy, Microsystems alleged that Skala and Jansson
>>violated U.S. copyright law when they reverse-engineered Cyber Patrol to
>>analyze it, which the company said is expressly prohibited in its license
>>agreements.

and which, possibly, will be very hard for Skala and Janson to overcome.

> this touches on the uncertain state of click-wrap or shrink-wrap
> licenses and on the question of whether or not the seller of my car can
> forbid me to open the hood. of course, that you don't BUY software, but
> LICENSE it is exactly why he (technically) can in software. which brings
> up the next point, namely whether licensing is appropriate for software
> or simply being used because it gives the companies more power than a
> sales contract would - power that they strive to extend further, see
> UCITA.

Yes.  But the other model (selling) has its faults too.

Cheers,

Ed Gerck

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[William Allen Simpson]

Pardon my failing memory, but if memory serves, Microsoft lost that 
argument and the court case, and was assessed serious damages, a 
couple of hundred million!

Stacker is still a major player, because Microsoft did what they 
always do when they are losing -- they "invested in" Stacker.  So, 
LZS (the compression algorithm in question) is still widely used,
by Microsoft.

Oh, and the Stacker folks took the M$ money and spun off "hi/fn".

Ed Gerck wrote:
> 
> ...  Stacker won in part, but lost
> a lot. As an aside, the then market leader (Stacker), now
> is no longer even a player.
> 

[EMAIL PROTECTED]
Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[keyser-soze]

At 04:01 PM 3/17/00 -0800, you wrote:

The guys that reverse engineered CyberPatrol seemed to believe that
"security" can justify trespassing.  I think we need to ponder about
the fallacy of it, as if the end could justify the means.

Not trespass.  Regardless of law, anything I purchase is mine to do as I 
see fit, including resale, rental or reverse engineering.  Period.

Regardless of law, anything I can detect from my property is mine to listen 
to, decrypt and enjoy.

And I'll defend to their death my right to do so.

KS



IMPORTANT NOTICE:  If you are not using HushMail, this message could have been read 
easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Tom Vogt]

Tom Vogt wrote:
> anyways, the pure gut of sueing someone because he took away your
   ^^^
this must read "apart", of course.


> product astonishes me. it's like saying live on the news "we don't want
> people to take our stuff apart (they might find out just how crappy it
> is)".

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Tom Vogt]

Ed Gerck wrote:
> This is also not a US-centric view. Privacy of communications applies
> to anyone, in most countries.  Also, in the US as well as in most
> countries, a newspaper can protect the anonymity of its source, a
> private company does not have to disclose its statements, etc. --
> all,  expressions of privacy rights.

it seems the word IS used differently. I fully agree to what you said, I
just wouldn't call it privacy, or better: the equivalent of privacy in
german ("Privatsphäre").

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Mac Norton]

Breach of privacy?  You put it out there, albeit in code, but
you put it out there.  You don't want me to crack it, don't
put it out there. Breach of privacy? Huh? Huh?
MacN

On Mon, 20 Mar 2000, Ed Gerck wrote:

> 
> However, if the message is encoded or encrypted and I manage to read the
> plaintext then I can no longer claim I had no choice and no intent. Actually,
> I must have spent time and work in order to break your privacy -- so, I must
> have done it with intent.
> 
> "Reverse engineering" is done with the intent to break the protection built
> into the product, between the user and the technology behind the software.
> If this is done for your own private purposes and you tell no one, there is
> not even a way for the producer to reach you. However, if you are
> Microsoft and you reverse engineer code of a competitor (as MS did, with
> Stac -- 1994) and stealthly use it in your own Microsoft  product (as MS
> did, in its DoubleSpace product) ... then, is that OK?  Should that breach of
> privacy be allowed?
> 
> Cheers,
> 
> Ed Gerck
> 
> 
> 

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Tom Vogt]

Ed Gerck wrote:
> Take apart what I own is one thing -- publishing the results of taking
> it apart for a profit (fame or money) is another.  The case of CB's RE
> is closer to the second, IMO.

publishing the results (for fame, not money) is not fundamental
difference, since everyone else could have gotten them himself by taking
it apart.
using the results for your own commercial purposes is a slightly
different animal and I agree that there should be some restrictions on
it.

I fully agree with the ORIGINAL intend of patent law here: make the
inventors publish what they know, in exchange for certain, limited
rights.



> I agree with this view. But, I am also prepared to accept the view  of
> those that think otherwise. We live in a society that increasingly
> values local discourse, in spite of increasing globalization. We also
> accept multiple truths and multiple ways of knowing.  If I am truly
> democratic, I must respect those that do not agree with what seems
> obvious to me -- I cannot claim to possess the whole truth. 

I read too much Feyerabend to not agree on that. basically, I'd be happy
to leave them alone, if they'd do the same to me. seems they don't - the
cyberpatrol guys just requested my FTP logfile. probably because they
want to hunt down everyone who owns a copy of the hack. what for?
(too bad, that my xferlog is a link to /dev/null)


> As to the counter-example you ask, the general public profits by
> lack of disclosure of the algorithm that allows nuclear bombs
> to be made with 1 pound of enriched uranium.   We have less
> nuclear powers.

you'd still need to get hold of a pound of enriched uranium. that's not
exactly sold in the supermarket. :)

Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Steve Schear]

At 09:50 AM 3/20/00 -0800, Ed Gerck wrote:


>[EMAIL PROTECTED] wrote:
>
> > I don't acknowledge that reverse engineering violates any right to privacy.
>
>Send someone a plaintext message in a postcard. If I read it, I can
>claim that I could not help but read it when I saw it -- so, I had
>no intent to break your privacy and you cannot prove otherwise.
>
>However, if the message is encoded or encrypted and I manage to read the
>plaintext then I can no longer claim I had no choice and no intent. Actually,
>I must have spent time and work in order to break your privacy -- so, I must
>have done it with intent.

So, if the neighbors on either side of me are Navaho and use their language 
whenever they talk to one another across my property am I invading their 
privacy if I take a Navaho night school course and don't ell my 
neighbors?  What about if I purchase the Navaho module for my Dragon 
Dictate, voice input software, and have it translate the conversations I 
capture from by back porch?

--Steve

The trump card, was Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Ed Gerck]

William Allen Simpson wrote:

> Ed Gerck wrote:
> >
> > William Allen Simpson wrote:
> > >  (1) Microsoft _lost_ the Stac lawsuit.
> >
> > I never said otherwise -- and I was the first one to point out that
> > those guys that reverse engineered CyberPatrol's software
> > were not very much different from Microsoft, in what
> > Microsoft did to Stac (for fame, or money, who cares?
> > it is all profit).  So, the reporter's argument that this was
> > an unexpected legal strategy by CB is not correct.
> >
> Speaking as an interested person stuck in the middle of the lawsuit,
> because I was writing the IETF PPP LZS specification, and having
> visited the Stac offices from time to time, and based on my
> recollection of discussions -- there is something terribly wrong
> with your analogy.
>
> Microsoft did not reverse engineer Stac.  Microsoft stole Stac source
> without paying for it, by falsely representing that they were interested
> in licensing the software, then falsely representing that they developed
> their own compression technique.

I have heard this version, which seems to be slightly better to Microsoft
than the version I reflected above. Maybe you are right and Microsoft
did not do the two bad things, just one

> I've had the same happen to me --
> companies often want to see source before they license it -- only twice
> (so far) have they then later claimed to have developed it independently.

Only twice seems to be one too many.

> Microsoft claimed that Stac improperly reverse engineered Microsoft's code
> in discovering the fraud.  Microsoft lost the argument, and the case.

Yes, there is no contention of that.  But, the argument weighed against
Microsoft.

> Now, the usual disclaimer: IANAL.  These are my interpretation, based on
> information, knowledge and belief.
>
> I'm curious, tho'.  Where are you licensed to practice law?

In the US, amateur engineers are not allowed by law, but amateur
lawyers are. Accordingly, everyone is also expected to know the law --
not just lawyers, which of course does not apply to the more complex
art of engineering or physics.  My qualifications are public, btw, if you
want to know just do an altavista search.

> > You may have your personal version of the decision, but in fact Microsoft
> > won the argument *at the time*,
>
> Well, I had/have my personal COPY of the decision  I'll look around for
> it when I have nothing better to do.
>
> > that Stac should not have trespassed without
> > a legal warrant, and this decreased the compensation awarded to
> > Stac in the final balance.
> >
> I don't remember the phrase "trespassed without a legal warrant".
>
> I don't remember a reduction in compensation.
>
> Could you please cite the decision text?

Like you, I will look around when I have nothing better to do, but
you may  look in Dr. Dobb's archives for an article at the time.

> > Interesting case law basis. But, ...
> > you will find in the Bern convention
> > that the use of copyrighted works can be legally restricted -- such
> > as prohibiting commercial use, copying (where an archival copy
> > may be allowed by law), and ... you guessed it ... decompilation
> > as a type of "copy".
> >
> Funny thing, I've never seen such a citation.  Please provide it!

I will look around but you can check for copyright owner's right
in altavista meanwhile.  As I said, everyone is expected to know
the law.

> Conveniently at hand, Sony v Connectix says:
>
> [9] With respect to the third statutory factor, amount and
> substantiality of the portion used in relation to the copyrighted
> work as a whole, Connectix disassembled parts of the Sony
> BIOS and copied the entire Sony BIOS multiple times. This
> factor therefore weighs against Connectix.

This is correct, according to what I know -- and, supports what I
have been saying. Note that the sentence affirms that the reverse
engineering and copying does "weigh  against" Connectix. Now, let's read
about the *false* application of this (true) fact by Sony, which actually
depicts a quite diiferent problem than the one we have here between
CyberPatrol and the RE-patrol as well as between Microsoft and Stac:

> But as we con-
> cluded in Sega, in a case of intermediate infringement when
> the final product does not itself contain infringing material,
> this factor is of "very little weight."

Haha!! It says that this factor (ie, reverse engineering and copying)
is of little weight "when the final product does not itself contain infring
material" -- which I must repeat, for clarity, in direct logical
order and with the previous context..

It says, when the final product does not itself (ie, substantially,
measurably as a unit) contain infring material (ie, sections
of the copyrighted source code) then the *infringing* act of
reverse engineering and copying is of little weight.  Which is
rather obvious as we think of it -- but guess what ... This
was NOT the case for Microsoft (yes, the final Microsof product
Doubl

Re: The trump card, was Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Declan McCullagh]

I haven't read enough to know for sure who's right or wrong, but William 
has been citing the decision and using it to buttress his arguments, and Ed 
has been mostly just saying his point of view is the correct one.

Can we end this argument already, or at least stop copying people who have 
professed no interest in it?

-Declan



At 10:09 3/24/2000 -0500, William Allen Simpson wrote:
>-BEGIN PGP SIGNED MESSAGE-
>
>Ed Gerck wrote:
> > > I'm curious, tho'.  Where are you licensed to practice law?
> >
> > In the US, amateur engineers are not allowed by law, but amateur
> > lawyers are. Accordingly, everyone is also expected to know the law --
> > not just lawyers, which of course does not apply to the more complex
> > art of engineering or physics.  My qualifications are public, btw, if you
> > want to know just do an altavista search.
> >
>Apparently, you've never even seen the Stac decision that you argue
>supports your rhetoric, and don't follow important cases on this
>subject.  Unfortunately, you just ran into someone who has some
>actual knowledge of the case.  That's why I asked for citations.
>
>Your incorrect first sentence compounds the error.  Perhaps you
>could provide citations here, also?  (At least in Michigan, legal
>representation by non-lawyers is prohibited by law, engineering
>advice from non-engineers is not -- lawyers write the laws.)
>
>The lawyer that shares my social life thought the opinions were
>ill-informed; she guessed correctly as to your practice status.
>
>
> > So, Sonny v Connectix is NOT your trump card in this thread,
> > as you seem to take it for. Quite to the contrary, I show above
> > that a logical  reading of the decision both supports my arguments
> > as well as it denies what you have been assuming all along. I take it thus
> > as one of my trump cards, thank you, conveniently at hand as you might say.
> >
>It would be really, really helpful when you would actually read the
>entire text quoted, check the cited cases, and most importantly,
>refrain from amazingly tortured and contorted interpretations of fairly
>straightforward court decisions.
>
>(Again, I followed that particular case because I'm personally
>acquainted with the defendants.  I Am Not A Lawyer -- but, I've won
>a fair number of cases pro se in both Federal and Michigan courts, at
>District, Circuit and Appellate level, and take some satisfaction
>that several judges have congratulated me on my preparation.   Heck,
>I'm not a cryptographer, either, or a "licensed" engineer -- but I've
>designed a few security protocols that have some degree of
>widespread use.  I've never removed any signatures from written
>documents for a military hunta.  Wow, what a qualification!)
>
>-BEGIN PGP SIGNATURE-
>Version: PGP 6.5.1
>
>iQCVAwUBONuE1Nm/qMj6R+sxAQFU/QP9EmbSZM3dtIyT5FPKWTiI4fA0/meC4R4R
>ZqZfY05JYNmqpyMDvePblvo9DL9uhHAiJWCJX/ITMxPYwoCxcYjRiwHyLe/qgCd7
>9gQWYo/7iC6a3dLQLgGjM8ZRWEZzVnYxkfPYvt/nE1U8pwwFfF/hyJpKaN4NUFTE
>b5k6qzICsKQ=
>=f6j8
>-END PGP SIGNATURE-

Re: The trump card, was Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[William Allen Simpson]

-BEGIN PGP SIGNED MESSAGE-

Ed Gerck wrote:
> > I'm curious, tho'.  Where are you licensed to practice law?
> 
> In the US, amateur engineers are not allowed by law, but amateur
> lawyers are. Accordingly, everyone is also expected to know the law --
> not just lawyers, which of course does not apply to the more complex
> art of engineering or physics.  My qualifications are public, btw, if you
> want to know just do an altavista search.
> 
Apparently, you've never even seen the Stac decision that you argue 
supports your rhetoric, and don't follow important cases on this 
subject.  Unfortunately, you just ran into someone who has some 
actual knowledge of the case.  That's why I asked for citations.

Your incorrect first sentence compounds the error.  Perhaps you 
could provide citations here, also?  (At least in Michigan, legal 
representation by non-lawyers is prohibited by law, engineering 
advice from non-engineers is not -- lawyers write the laws.)

The lawyer that shares my social life thought the opinions were 
ill-informed; she guessed correctly as to your practice status.


> So, Sonny v Connectix is NOT your trump card in this thread,
> as you seem to take it for. Quite to the contrary, I show above
> that a logical  reading of the decision both supports my arguments
> as well as it denies what you have been assuming all along. I take it thus
> as one of my trump cards, thank you, conveniently at hand as you might say.
> 
It would be really, really helpful when you would actually read the
entire text quoted, check the cited cases, and most importantly, 
refrain from amazingly tortured and contorted interpretations of fairly 
straightforward court decisions.

(Again, I followed that particular case because I'm personally 
acquainted with the defendants.  I Am Not A Lawyer -- but, I've won
a fair number of cases pro se in both Federal and Michigan courts, at
District, Circuit and Appellate level, and take some satisfaction 
that several judges have congratulated me on my preparation.   Heck, 
I'm not a cryptographer, either, or a "licensed" engineer -- but I've 
designed a few security protocols that have some degree of 
widespread use.  I've never removed any signatures from written 
documents for a military hunta.  Wow, what a qualification!)

-BEGIN PGP SIGNATURE-
Version: PGP 6.5.1

iQCVAwUBONuE1Nm/qMj6R+sxAQFU/QP9EmbSZM3dtIyT5FPKWTiI4fA0/meC4R4R
ZqZfY05JYNmqpyMDvePblvo9DL9uhHAiJWCJX/ITMxPYwoCxcYjRiwHyLe/qgCd7
9gQWYo/7iC6a3dLQLgGjM8ZRWEZzVnYxkfPYvt/nE1U8pwwFfF/hyJpKaN4NUFTE
b5k6qzICsKQ=
=f6j8
-END PGP SIGNATURE-