Legal Issues of Opening Up Proprietary Standards? 269
mrjb asks: "The Alesis HD24 is a 24-track, hard disk audio recorder with a built-in 10 megabit FTP server. To improve on file transfer speed, Alesis offers an external Firewire drive with a program called FST/Connect which reads the disks under Windows. I've contacted Alesis about a Linux solution, but none is planned. Also, they are (understandably) not very eager to reveal the file system specs. After a few days of staring at hex codes, I now know enough about the FS to read HD24 IDE disks under Linux (no Firewire required). As I know I benefit from the efforts of the Samba and OpenOffice teams, I'd love to share this info. I'm not, however, the least bit interested in Alesis suing me (in fact, I might want to send them my CV at some point). What would your advice be in such a delicate situation of conflicting interests?"
Proof? (Score:5, Funny)
Here is a link to the product (Alesis HD24)... [alesis.com]
Just curious... how can you prove that you didnt have any inside information on the specs and that you decoded it all by yourself?
Re:Proof? (Score:5, Insightful)
Would you ask a group of doctors how to rebuild you car engine? I would hope you would ask an auto mechanic.
Re:Proof? (Score:4, Insightful)
Admittedly its kind of strange to ask someone else how not to hurt another parties feelings.
Re:Proof? (Score:4, Insightful)
Re:Proof? (Score:3, Informative)
Er, why would ne need to prove it? (Score:4, Informative)
Re:Proof? (Score:2)
Re:Proof? (Score:5, Interesting)
That's correct. Though keep in mind that the burdon of proof in civil matters is a lot easier than in criminal. In civil matters it is only necessary to prove it is likely he had inside info ("balance of probabilities"), not "beyond a reasonable doubt". So, although he wouldn't have to prove his innocence, it might be necessary to at least demonstrate he has the capability to reverse engineer such a system on his own. For instance, if Alesis engineers claimed it'd be impossible to reverse engineer it without inside information, that might be enough to make it likely unless he could convincingly demonstrate otherwise.
That being said, I'm not exactly sure why "inside information" makes a difference here. Has anybody identified what law he could be sued under if he open-sourced this? Haven't a lot of open source projects been done by reverse engineering hardware without the manufacturer's consent? I don't think trade secret would work here; that's a very specific type of secret. If he didn't bypass some security mechanisms it wouldn't be DMCA. If he didn't copy and re-use their code, no copyright violations. If he didn't implement a technique patented by them, no patent violation.
Sounds like a standard "after market" type modification which is perfectly legal AFAIK.
Re:Proof? (Score:2)
Re:Proof? (Score:5, Insightful)
Two Words.... (Score:3, Informative)
The point of proving that he did not have insider information is to protect him from the accusation of trade secret misappropation.
However, IIRC, that would be the extent of what they could go after him for unless he stole actual code.
IANALBAFS.
Re:Proof? (Score:2)
Well, there are tons of ways to get things out there anonymously. Post to USENET via mixmaster email to news, or use NYM accounts. How about a webpage on Freenet...can't be traced there.
Just make sure and do text only files..don't use MS word or anything stupid like that that will leave a meta data trail possibly back to you.
Re:Proof? (Score:2)
Not the point. (Score:5, Insightful)
Re:Not the point. (Score:2)
Re:Not the point. (Score:3, Insightful)
Good idea! Surely that will prove he had no inside information and legally reversed engineered it....
Re:Proof? (Score:4, Informative)
Mr.JB can be sued in civil court for any number of reasons. In civil court, there is no presumption of innocence and no "beyond a reasonable doubt". It is basically a contest to see who can sway the judge and/or jury the farthest.
Re:Proof? (Score:2)
Uh... buddy, when did you check last? While your statement may be true based on, say, the constitution, it no longer seems to be correct in the real world.
The Michael Jackson case demonstrates what is wrong with the system. Either he was guilty, and being rich and the high powered lawyers that buys can get you off in many cases. Or, he really was innocent, and boy what would be scarier than having a prosecuter after you with a vengeance for a cri
Sameway as it has always been done (Score:3, Interesting)
Put a layer of indirection (Score:5, Informative)
But, to CYA, your best bet is to just write up the specs as you understand them, then have someone else write the driver for the community.
You don't even have to share those specs. Give the author the specs, have him write the driver, then publish it, without your specs. Now, anyone who wants to reverse engineer the driver you wrote, is investigating a full layer of indirection from you. They're not even looking at the specs you wrote, but rather the code that was written upon those specs.
How about... (Score:5, Insightful)
In the end though you can do this 100% on the up and up and still get sued. A good lawyer will tell you that. Will they win the lawsuit? Not if you do this right, but then how many thousands of dollars will you blow defending the lawsuit, whether you win or not.
Whatever you decide to do an attorney can give you a clear perspective on what the ramifications are.
Re:How about... (Score:2)
Of course, then you forget to even talk to a lawyer.
But it's still the best legal advice at all times.
Re:How about... (Score:2)
He can NOT do this at all and still get sued. A good lawyer will tell him that too. Interesting system the lawyers have devised in which everyone so blatantly should have a lawyer on staff and everyone who can afford them does.
The best thing would probably be to release the information anonymously. He can still be sued (as with every other course of action) but this way he can be sure to take a leg
Scary yes... but... (Score:5, Interesting)
A good illustration of this comes from an experience a friend of mine had totally outside the realm of intellectual property. They were trying to extend a covenant in a neighborhood. Somebody who lived in the neighborhood resented the covenenant and sued. Fine, but then they also sued all the members of the neighborhood board personally for libel. There was zero libel or evidence there of, but of course then the individual board members had to defend libel lawsuits. No matter how frivolous they were, it costs money to defend a lawsuit.
During this who affair, my friend's home insurance covered their legal fees. But then the insurance company didn't want to be on the line for defending a libel case. So what did they do? They sued my friend to get out of having to pay the legal fees. My friend ended up settling with the insurance company saying that the insurance company didn't have to cover any more fees and my friend would owe them nothing for what they had already paid.
So in the end, from one legal dispute, three lawsuits emerge, and two of those suits were at best frivolous, taking advantage of the cost of a lawsuit as a tool to try to extract concessions.
Re:Scary yes... but... (Score:3, Insightful)
That's not how the world works, it's how the US works.
Re:Scary yes... but... (Score:3, Funny)
Perhaps your friend and his friends should have turned that into a legal dispute, three lawsuits, and a hospitalization. Remember, never cost someone more than they'd have to pay to have you killed.
Re:Put a layer of indirection (Score:3, Informative)
My advice: Get a lawyer now. Someone who's informed on this topic of law. Tell the lawyer what you have got, and what you want from the company. Have the lawyer call the company and get some form of assurance that you haven't killed the company. In writing. Make it clear to the lawyer that you don't want to issue threats, you just want to cover your ass.
Play by companies rules, which incl
Re:Put a layer of indirection (Score:2, Funny)
IANAL -- YADAI (Score:2)
Cliff, for the last time: stop accepting Ask Slashdots that want legal advice. Or else you'll be consulting a lawyer yourself!
Re:IANAL -- YADAI (Score:2)
Abstraction filtration comparison (Score:2)
Funny? No, True! (Score:3, Insightful)
If all you did was look at the file system, you're ok (but you have to prove that.) If you disassembled their windows driver, then all you can do is make a spec like the parent said.
It's the same way Compaq cloned the IBM PC Bios. They had to setup a clean room environment for the actual developers handing them only the spec written by the disassemblers.
But most importantly, talk to a lawyer
Fair use? (Score:2, Insightful)
Fair use does not exist (Score:2)
Re:Fair use? (Score:2)
Maybe a few years ago, yes, but not anymore.
Fair use applies to copyright (Score:2)
I think that is ok (Score:2)
I think the only sticky part may revolve around the DMCA if by releasing this info you are enabling piracy. It doesn't look like it, but someone may try to wrap it that
Re:I think that is ok (Score:5, Insightful)
Second, reverse engineering IS legal. Your cynicism is masking that fact. Yes, it is dangerous, but the question sounded like some frustrated guy who figured out a file format all by himself. There are dozens of things he could have done to make his particular reverse illegal, but I suspect he did so honestly or he wouldn't be asking. Lawyers could clarify the subject, all us geeks are going to say is "if you didn't cheat, it's OK".
Third, the DMCA makes reverse engineering copy protection methods illegal. This particular part of the DMCA has not been tested, ever, on purpose. It probably would get thrown out. It is unlikely that someone would crack copy protection on purpose, without intent to enable piracy. But it has been done, and no charges filed on that issue. That is why I made the statement about "being willing to get drug through the mud".
Fourth, you don't need to be a lawyer to make statements about what is right. Most of law is what society thinks is right vs. wrong turned in to words that can then be applied equally and fairly. Very often the written law is well behind public opinion, and one way that changes is by forcing it.
Finally, Engineering 101. When in doubt, shout it out.
Re:I think that is ok (Score:5, Insightful)
Could you provide a reference to the particular law and section? It is my understanding that reverse engineering is not only legal in most cases, it is even protected. It's only a few rare exceptions that are illegal such as (potentially) EULA [infoworld.com] restrictions and creating software that bypasses copyright [aspfree.com]protections, thanks to the DMCA.
Unless this guys is violating his EULA, I'm not sure where the violation is. Still, it is good to check with a lawyer.
Re:I think that is ok (Score:3, Insightful)
Re:I think that is ok (Score:2)
Write Specs, Publish Anonymously (Score:5, Insightful)
If you're looking to take credit for it, well, (possibly) getting sued is the price you pay for fame.
Re:Write Specs, Publish Anonymously (Score:3, Interesting)
To open up this question a bit more, which are the best guaranteed-anonymous ways to publish stuff like this? Freenet obviously. What about Usenet? Somebody at least is logging your IP address in that case right? Would you have to post from a university or something to avoid this?
What other choices are there? Is there an anonymizing bittorrent service in some nice laissez-faire country?
Re:Write Specs, Publish Anonymously (Score:4, Insightful)
Yes, because I'm sure they'd have great difficulty in tracking down a Mr J. B. who has contacted them asking for Linux support and specifications.
Re:Write Specs, Publish Anonymously (Score:2, Insightful)
Re:Write Specs, Publish Anonymously (Score:4, Insightful)
There is safety in numbers.
Difference (Score:5, Interesting)
If I were you I'd be awfully careful with what you are doing. Maybe you could just release some sort of closed source linux tool to allow access to this device so your needs are met, and even send it to them so they can release a linux client if they want.
No matter what your feelings are on patent and IP, you still need to tread lightly with their stuff. Esp since you probably contacted them with email so they have documented proof that you went and asked 1st, knew they didnt want to release one, so then set out to reverse engineer it anyway.
But, kudos to you. I'd go the honest route with them, send them your source, say here ya go, I did this cause I LOVE your product and want to use it with Linux, I hope you can appreciate that, and make this available to your customers like me.
Re: Work with the company? (Score:5, Interesting)
Re: Work with the company? (Score:3, Insightful)
Because they already SELL a solution (Score:2)
Re:Because they already SELL a solution (Score:2)
Re:Difference (Score:3, Insightful)
The vendor didn't want to release the fs info. The post author is NOT the vendor.
Since it was reversed, this implies others can reverse it.
Why not release the results? The vendor is simply unwilling to support Linux (implied, BSD) OS. This way, they AREN'T supporting it.
Will the author get sued? If the author lives in the USA, maybe, otherwise almost certainly not. The author wants to work for the company? So, go ahead and publish -- it will get their attention. And if its not in a positive w
Re:Difference (Score:2)
Re:Difference (Score:2)
Re:Difference (Score:2)
Combine that with the other post commenting that this company enjoys filing lawsuits, and what do you think will happen to Mr. Reverse Engineer when he rolls out his Linux client and source to the world?
If you don't see a problem here, you are a naive person. Which is nice in a way, it's refreshing to find someone with a simple innocent mind ou
Re:Difference (Score:2, Insightful)
You claim there's a difference, but this is exactly what OpenOffice and Samba did.
Re:Difference (Score:2)
Re:Difference (Score:2)
k thx
Re:Difference (Score:3, Informative)
If the product was patented, then the spec would be available via the patent office, therefore, no reverse engineering would be needed. If it was patented, it wouldnt matter if it was reverse engineered because the spec would still be under patent.
The issue here is more one of trade-secret. If the company has taken resonable measures to protect the spec, then they could claim that you stole a trade secret, which is a crime.
I don't think trade
Re:Difference (Score:3, Informative)
Now, if there's a EULA involved with the purchase...well, we all know that's where the fun begins, right?
Re:Difference (Score:3, Informative)
If you can figure it out without doing something illegal, like stealing the specs from the company, violating an NDA or license you've signed, then it isn't a trade secret any more. To be a trade secret, it has to be KEPT secret. DMCA doesn't protect trade secrets that are obfuscated through cryptography, it protects copyrighted content. If the ex-trade-secrets that you discover don't allow you to infringe copyright, then DMCA doesn't fall into it either (remember the garage door opener case?).
Re:Patent schmatent (Score:2)
Depends (Score:5, Insightful)
If you reverse engineered their disk standard by yourself, you are fine legally, There's nothing illegal about reverse engineering (exception copy restriction technology per the DMCA). Now if you used some of their developer docs or something to do it you could be on the hook if they made you agree not to use them for reverse engineering before giving them to you. However if this was all on your own, then there's no worries.
Now, this doesn't mean they can't sue you it just means they won't win if you are competently represented. They could still file a suit and it probably would get past inital hearings, so you'd actually have to fight it in court.
As for employment, well if you release this and it pisses them off then you can expect they won't employ you, and they'll be within their rights to do so. So if you are seriously thinking about getting a job with them, you might want to reconsider.
Something else I will point out, though I am not advocating, is that the Internet is large, spans international borders, and is not well monitored. If you don't care about credit and don't do things to draw attention to yourself (like posting on Slashdot) there's no reason you couldn't do an anonymous release on a website in a country that doesn't much care, like Russia.
Depends is right (Score:3, Interesting)
Asking
Dish Network Hackers do this exact thing (Score:2)
All of this is absolutely 100% legal because they only touch those Dish Network DVRs that have no data encryption . They are (rightfully so) ruthlessly intollerant of anyone trying to h
Huh? (Score:2)
Re:Huh? (Score:5, Insightful)
If reverse-engineering is outlawed, then technological progress is at risk.
Re:Huh? (Score:5, Informative)
Re:Huh? (Score:3, Insightful)
But there are two questions: Is it legal? and, Will there be a lawsuit? It seems that releasing the code would be completely legal. Even so, nobody wants to invite a lawsuit, particularly given the legal environment in the US. Win, lose, or settle, a lawsuit will end up costing time and money. This is truly depressing and unjust. What can we do about it? And on top of all that, the author wants to remain on good terms with the corporation for a possible job application.
Re:Huh? (Score:4, Insightful)
It's utter bullshit, but bullshit with powerful backers.
On the positive side, with wireless, anonymity is trivial.
Ask the Samba people (Score:5, Insightful)
You could also contact a lawyer.
Re:Ask the Samba people (Score:5, Informative)
http://samba.org/ftp/tridge/misc/french_cafe.txt [samba.org]
Seperate the specs and the implementation (Score:5, Interesting)
http://linux-bcom4301.sourceforge.net/go/progress [sourceforge.net]
Use someone's wireless network (Score:2, Funny)
This has certainly been done before.... (Score:5, Interesting)
For example, I used to own a Roland S-50 sampling synthesizer. It saved its sample data on 720K 3.5" floppy disks. But people with PCs quickly realized it would be much more useful if you could take standard WAV sound files and dump them into the synth via MIDI. Many other makes and models of sampling synths and rack-mounted samplers were in the same boat. The manufacturers (like Roland) had poor documentation for the MIDI "system exclusive" commands that would be required to upload or download the sample data, so a few people worked at reverse engineering all of this on their own. Eventually, prodcuts were sold like "SampleVision" which knew how to do this for many dozens of samplers on the market.
Rather than being sued, it seemed like the synth makers actually ended up endorsing the products, providing links to them from their own web sites - because they learned it made their products more desirable to purchase.
Re:This has certainly been done before.... (Score:3, Informative)
Releasing an open source product could be considered revealing the trade secrets of the company and MrJB could quite easily be sued for it.
Now, a possible solution for MrJB MIGHT BE(IANAL) to release a binary only kernel module, assuming he can
You need an attorney (Score:2, Insightful)
Honestly, the best thing you can do is talk to a professional that actually knows something about this, rather than a whole bunch geeks who have nothing better to do than post stuff on Slashdot that is highly apocryphal, or at least wildly inaccurate, especially considering that a lot is at stake here for you.
Chapter 12 of the DMCA (Score:5, Informative)
http://www.copyright.gov/title17/92chap12.html#12
Scroll down to "(f) Reverse Engineering." This section has to do with permitting one vendor to reverse engineer protected/encrypted content.
The notion of reverse engineering a driver for a pipeline which does not encrypt or otherwise disguise its content is theoretically outside the aegis of the DMCA.
Apple used (or misused, depending on your perspective) the DMCA against the OSx86 website because it infringed on protection measures Apple specifically set in place to prevent OSX from installing on whiteboxes. Real told its board members that they might be DMCAed over Fairplay because it unlocks copy protection on iTMS purchases.
If the submitter did not discover any authentication methods or trust related protocols in his reverse engineering, and his driver does not have code which specifically spoofs a platform or other form of identification, it sounds to this non-lawyer like a non-issue.
There may be other legal issues at hand, but AFAIK the DMCA is chiefly concerned with those who circumvent deliberate measures to protect copyright, and simply refusing to publicly document a protocol isn't the same thing.
Now, if the driver somehow replicates code that the vendor had to *license* from Microsoft, Microsoft may have an issue with you. Again, check with a competent IP attorney.
Pitch it back to the manufacturer (Score:3, Insightful)
If you look at it from their perspective: through reverse-engineering, you have created a driver for their product which potentially extends the market of that product for no up-front cost to them. What's more, assuming you don't release it into the wild without their consent, you have given them a chance to decide how they want to proceed with it -- you are playing fair with them.
Worst case, they get all legal about it, and cease/desist/wash-your-mouth-out-with-soap-and-wa
Alesis loves lawsuits (Score:5, Insightful)
The company loves to sue. LOVES to.
And they don't particularly care about the consequences, even if it hurts them. I've watched them pull product from major accounts because they'd gotten into some tiff with the store over policy.
I'd keep your discovery under wraps.
And, for what it's worth, I'd avoid working there.
Re:Alesis loves lawsuits (Score:2)
Re:Alesis loves lawsuits (Score:4, Funny)
solution (Score:2, Funny)
zip the source code
rename it pamela anderson new video (2006)
share it on kazaa, dc++, bittorrent, etc, etc, etc
Product link that works better (Score:2)
The previous link provided has broken menus at the top.
I love these questions.... (Score:2)
Mining
The signal to noise ratio makes it pretty useless.
I am not a lawyer, and you shouldn't be one either!
some things ARE still legal. (Score:2)
So you want to have your cake and eat it too? (Score:2)
You can't have both. Grow up.
Answering your own question (Score:2)
There's no law against farting, but letting one out at the end of an otherwise-succesful job interview's not going to get you far...
Ok Rule #1, DO NOT TRUST legal Advice on Slashdot (Score:2)
This is a good place for the debate of such a topic, but don't screw with your life based on the post of other Slashdotters, even myself.
#1 Seek legal advice
#2 Then proceed by probably making 'reasonable' inquires to the company expressing that if they don't support linux would they be willing to support 3rd party work that does. (After getting legal advice to help with the inquiry.)
See, here is the problem, many have correctly stated things like certain t
Contact the company - sell a solution to them (Score:3, Insightful)
Obviously the company might not be all that willing to do that, but if they are, it's a win-win situation.
I say Don't Bother... (Score:2)
In Soviet Russia, Alesis writes to YOU! (j/k)
Just release it (Score:2)
And even though you got a C&D letter, you can still put it on your resume/CV. And some companies will hire someone just because he reverse engineered their stuff. It's pretty rare tha
follow the GNU (Score:2)
If you just want to give back to the community with little obligation on your own part then release it anonymously and let someone else run with it.
If you're looking for work then by all means contact the company, show them what you did and explain to them why they should pay you to maintain their linux drivers -- if they're smart they'll recognized a great opportunity to expand i
It's painteted. (Score:5, Interesting)
So, go look up the patent [uspto.gov] (not need to do any reverse engineering and send it off to someone who lives in a country that doesn't have software patents. They will then be free to write a driver, but you won't be able to because you live in the US and have silly patent laws.
They may try and sue your arse if you send them a linux driver and ask them distribute it because you've already infringed upon their patent.
Note, it looks like the patent is still pending as none of the patents [uspto.gov] listed [uspto.gov] seem to be for a file system.
Thats what anonymity is for. (Score:3, Informative)
The choice here seems pretty simple. (Score:3, Insightful)
Reverse engineering their product may be legal, depending on the jurisdiction in which you live. Litigating it will cost you more than you can afford, unless you're rich.
If you want to get a job there, you definitely mustn't release this stuff - given their (weird) stance on patents and file formats, it's extremely unlikely that the management there would let you be hired even if the geeks there were impressed with your work.
What to do (Score:3, Insightful)
First thing you need to do is talk to a lawyer specializing in IP and patents. The company's very likely to try legal action against you if you release your driver, and you're going to need legal advice and help to deal with them. A couple of questions:
The main point above is that you're in for legal flack even if you're completely in the clear, so talk to a lawyer first.
Re:Nothing personal (Score:5, Insightful)
While I agree if he's interested in a job he should be careful that they don't mind what he's doing, I don't see where this would deny them revenue. They sell a piece of hardware (HD24), and an extension piece of software on Windows that works through firewire. (It's not clear if they charge extra for the Windows software.) They were very clear they're not building drivers for Linux presumably because the cost to develop, maintain, and support Linux wouldn't cover the small market gains. This guy figured out how to make it work in Linux. He basically just opened up a market for them by effectively developing a Linux driver for free, with no required commitment from them for support or maintenance. Now they can potentially sell more hardware at no extra cost.
Where exactly is the denied revenue?
Re:Post in another country (Score:2)
Re:Post in another country (Score:2)