lauren@rand-unix.ARPA (03/02/85)
I guess I'm just one of those old-fashioned sorts that likes to try abide by both the letter and the spirit of the law. If other people want to go out and play illicit games with other people's code, or decide that if they don't like the way an agreement is written they'll just ignore it, I guess that's their business. But I treat other people's software and trade secrets the same way I expect them to treat mine, which is to say I respect them. Your comment implies that it is OK to violate trade secret agreements if you personally think that they are unnecessarily strict or if you think that "nobody will know." I've seen these same arguments applied to other aspects of Unix and to other company's software as well. I think they're pretty lousy arguments. Excuse me for being ethical. It's attitudes like yours that have forced vendors into ever more restrictive agreements, copy protection schemes, and other similar sorts of things to try protect themselves. In any case, I suspect that this list can live without a rehash of this whole subject, again. --Lauren--
lauren@rand-unix.ARPA (03/04/85)
I tried once before to get a "software ethics" list started, but to no avail. The attitude that some people publicly state that implies it is "all right to try wangle around agreements" shows, if nothing else, a very low ethical standard. I can't help but be saddened when I'm attacked for being "too ethical" since I follow the rules and refuse to rip people off. I suppose it is silly to expect any higher ethical standards in the computer community than in the rest of society at large. If there were a software ethics list I'd invite replies there, but since there isn't, please send flames to /dev/null. --Lauren-- P.S. I too have talked to senior AT&T officials over the years. And they have assured me that they feel quite confident of their trade-secret stance on Unix and will protect it. But in any case, I am disgusted to see the people standing around like vultures trying to find some way to rip off AT&T. I hope there's a special hell for people like that--one where they are condemned to an eternity of running a version 1.0 RSX. I guess this hell would be next door to the hell for people who think that making and distributing "free" copies of licensed microcomputer code is also just fine and dandy. They are clearly related groups. Unless intellectual property rights can be reasonably protected, we are headed down a very rough path indeed. Copy protection systems are a hassle for the legit users, and this really only leaves legal remedies in the absence of any personal ethical sense on the part of many people in the community. Once again, I'd like to propose a separate list to discuss such software ethics topics rather than clog up these technical lists. --LW--
farber@udel-huey.ARPA (Dave Farber) (03/04/85)
I am sorry Lauren, but when a company takes and declares restricted under trade secret things which are just not reasonable to so do, it is more than ethical to argue with them. Surpose someone suddenly declared that top down parsing was a trade secret beacuse it is used in some part of Unix (must be somewhere). What do we do then? The protection of creative works should be protected but not using that route.
lauren@rand-unix.ARPA (03/04/85)
If someone came up with a new way of doing top-down parsing that took substantial work on their part and represented a potential commercial advantage, I see nothing wrong with their placing it under trade-secret protections, given the lack of very useful protection alternatives. If someone invented a neat new way to do process scheduling and wanted to protect it, once again, given the lack of alternatives to prevent ripoffs, it also might be a good candidate for trade secret protection. This doesn't say that nobody else is allowed to invent other methods of doing process scheduling and use their independently created scheduling creations as they see fit. David, if you'd like to contribute to a discussion regarding software ethics and how best to protect the works of individuals and companies who create software from illicit sales and information theft, I'd be glad to welcome your input. But let's do this either in direct mail or on a different list. I offer the other readers of this message the same invitation. These issues are far ranging and need to be discussed, but not in this list which now probably represents more traffic in most ARPA mailboxes than all the other lists put together. Anyone interested in these discussions, please let me know (by direct mail) and I'll see about starting up a list. Please do *not* reply-to or CC: such messages to this list. --Lauren--
fouts@AMES-NAS.ARPA (Marty) (03/05/85)
Actually, software ethics, really part of marketplace ethics, (and also "professional ethics") is much more complicated than what we have seen discussed on the net to date. The basic problem is that it costs money to develop software. (Even at a university. Student labor may be equal to slave labor if you can get students to do the work as part of programming class assignments, but the power company still gets paid for the electricity.) The traditional approach to doing something that costs money is: 1) Get the money by donations - This is how public TV works 2) Let the government fund it (I. E. taxes and deficits) 3) Let the private sector do it. Each of these methods leads to a different set of problems. What we have been discussing so far is the third option. The motivation for the private sector to put money up in front is an expectation of money returned for the effort, what the economists call "Return on investment." A problem which makes software unique (as we are all painfully aware) is that the cost of producing it in the first place greatly (frequently by several orders of magnitude) exceeds the cost of duplicating it. The various schemes for "protecting" software investments, including non disclosure agreements, patents, copy rights, trade secrets, etc are ways in which the provider of the software is attempting to protect that investment. The ethical problems are how much return the developer is entitled to, what constitutes "intellectual property", and how that investment can be guarenteed. I don't have answers (or even well formulated questions) on these topics, but I would like to see this discussion continue, hopefully in a different forum. However, regardless of your stand on the rightness or wrongness of a particular protection scheme, there is a simple "rule of thumb" ethic which I believe in: If you agree (in the legal sense) to abide by someone's groundrules, by signing a license agreement, a non disclosure agreement, or whatever, than you are ethically bound to that agreement. Pragmatically, this means that if you don't agree with something, don't sign it, and accept the consequences. Fight to change the way things are done, but don't subvert them. Marty
farber@udel-huey.ARPA (Dave Farber) (03/05/85)
A final word from me. Many of the students exposed to unix do so under what I am told is legal duress wrt the privaged information. I have been told (not being a lawyer) that the courts have held that students can not be held to any agreements to protect such information due to the suress (they cannot get their degrees if they do not do the research requiring such access). The ethics are vague at this point for them.
smb@ulysses.UUCP (Steven Bellovin) (03/05/85)
It would help if people were a bit more careful about using phrases like "trade secret". I'm sure a lawyer can do better, but let me try to define some relevant terms: trade secret -- some knowledge that is truly kept secret by the owner, for commercial gain. An example is the formula for Coca Cola(R). It is *legal* to attempt to deduce a trade secret by reverse engineering, and to use this knowledge commercially. Thus, if I buy a computer and find all the secret ROM entry points by disassembling a readout, I can write programs to use them. I can also use the algorithms contained therein if they are not otherwise protected. patent -- a limited-term right to use an original invention, in exchange for publication of the patent. Because of the limited duration, and because essential information must be disclosed, many companies choose not to patent some items -- again, Coca Cola is a good example. (Btw, the patent on Valium expired last week....) copyright -- a very general sort of protection, applicable to a wide class of works, including computer programs and (now) ROM masks. Copyright vests in the creator of a work by virtue of the act of creation; however, an appropriate notice must be affixed at time of publication or the work reverts to the public domain. Copyrighted works need not be published to retain their protection; I've even seen some programs with explicit notices describing the file as an unpublished, copyrighted work. If I write a program on my home computer, and you break in and steal it, I can sue you for copyright infringement. Derivative works are also protected. That is, if you write a book, no one can make a movie of that book withou your consent. Copyrights expire, too, but after a much longer period of time -- I believe that current (U.S.) law specifies the life of the author plus 50 years. Additionally, copyrights can be renewed under certain conditions. contract protection -- in general, the owner of any object can convey, under any sorts of terms, more or less limited rights to use that object. Most software falls in this category, combined with copyright protection to establish ownership. That is, AT&T Technologies (formerly known as Wester Electric) *owns* the set of programs we know as UNIX. In return for some consideration (i.e., large quantities of bucks), they'll sign a contract giving you certain specified rights to use their software. Now -- algorithms are in general not eligible for any of these forms of protection except trade secret. (I assume that one can license a trade secret, but I'm not certain of that.) I just don't know what class a protocol falls in. If protocols are in the same category as algorithms, then Lauren could *probably* look at some (copyrighted, licensed) UNIX code to understand it, then sit down and write his own version. (Note: before you do this, please remember again that I'm *not* a lawyer.) On the other hand, he might have to prove to some big hairy lawyer that his code is not derivative from the protected code. That can make for expensive lawsuits, and AT&T has lots of money and lots of lawyers... And of course, whatever source license he's working under might contain some restrictive covenants that would bar such use -- remember that the UNIX source code is someone's property, and you can only use it with their permission. I don't know what UNIX licenses say today; I do know that 5 years ago, an educational license prohibited using UNIX source code in the classroom. You don't like this, you don't think it's right? Well, what do you do about other property laws you don't think are right? It's really the same thing; the only question at issue here is what is the definition of property. If you believe in the concept of private property (and if you don't, please reply to net.politics....), I suggest that you lobby to have your own definitions accepted instead by Congress. Personally, I do accept the concept of intangible property, including intellectual property; given that, I admire Lauren for declining to steal someone else's property. --Steve Bellovin ulysses!smb P.S. The opinions expressed herein are *mine* and mine alone, and do not necessarily represent the opinions of AT&T Bell Laboratories, its lawyers, etc. And I decline to accept any responsibility for any actions anyone takes based on my understanding of the law.
ed@mtxinu.UUCP (Ed Gould) (03/22/85)
I'm not a lawyer, either, but in the process of setting up a software business I spent a lot of time talking to lawyers about just these questions. Being a Unix business, too, we often discussed the particulars of the AT&T license. > It would help if people were a bit more careful about using phrases like > "trade secret". I'm sure a lawyer can do better, but let me try to define > some relevant terms: > > trade secret -- some knowledge that is truly kept secret by the > owner, for commercial gain. An example is the formula > for Coca Cola(R). It is *legal* to attempt to deduce > a trade secret by reverse engineering, and to use this > knowledge commercially. Thus, if I buy a computer and > find all the secret ROM entry points by disassembling > a readout, I can write programs to use them. I can also > use the algorithms contained therein if they are not > otherwise protected. That's why ROMs are often copyrighted - see below. > patent -- a limited-term right to use an original invention, in > exchange for publication of the patent. Because of the > limited duration, and because essential information must > be disclosed, many companies choose not to patent some > items -- again, Coca Cola is a good example. (Btw, the > patent on Valium expired last week....) [Agrees with my understanding.] > copyright -- a very general sort of protection, applicable to a > wide class of works, including computer programs and (now) > ROM masks. Copyright vests in the creator of a work by > virtue of the act of creation; however, an appropriate > notice must be affixed at time of publication or the work > reverts to the public domain. Copyrighted works need > not be published to retain their protection; I've even seen > some programs with explicit notices describing the file > as an unpublished, copyrighted work. If I write a program > on my home computer, and you break in and steal it, I can > sue you for copyright infringement. Derivative works are > also protected. That is, if you write a book, no one can > make a movie of that book withou your consent. Copyrights > expire, too, but after a much longer period of time -- I > believe that current (U.S.) law specifies the life of the > author plus 50 years. Additionally, copyrights can be > renewed under certain conditions. Copyright protects "representations", not ideas. Thus, algorythms may not be copyrighted, although implementations may. > contract protection -- in general, the owner of any object can convey, > under any sorts of terms, more or less limited rights to use > that object. Most software falls in this category, combined > with copyright protection to establish ownership. That is, > AT&T Technologies (formerly known as Wester Electric) *owns* > the set of programs we know as UNIX. In return for some > consideration (i.e., large quantities of bucks), they'll > sign a contract giving you certain specified rights to use > their software. Parties are free to enter into *any* contractual relationship that is not prohibited by law. That's how trade secrets are let out by their owners. > Now -- algorithms are in general not eligible for any of these forms of > protection except trade secret. (I assume that one can license a trade > secret, but I'm not certain of that.) One certainly can. The contract by which it's licensed specifies how the licensee is required to protect the secret. > I just don't know what class a > protocol falls in. If protocols are in the same category as algorithms, > then Lauren could *probably* look at some (copyrighted, licensed) Copyrighted, yes, if the *implementation* were "substantially" different from the original. Licensed, probably not. > UNIX code > to understand it, then sit down and write his own version. (Note: before > you do this, please remember again that I'm *not* a lawyer.) On the other > hand, he might have to prove to some big hairy lawyer that his code is not > derivative from the protected code. That can make for expensive lawsuits, > and AT&T has lots of money and lots of lawyers... And of course, whatever > source license he's working under might contain some restrictive covenants > that would bar such use -- remember that the UNIX source code is someone's > property, and you can only use it with their permission. Exactly. The Unix license requires the licensee to protect AT&T's trade secret. They also specify, in a fairly reasonable way, what *is* secret in the Unix code. Not *all* of it is. What is secret are the (I don't remember the exact wording here) methods and concepts embodied in the code. Most, if not all, of the trade secret licenses I've ever seen contain the release that anything the licensee learns from a third party without restriction, or is found to be in the public domain, is not part of the secret. > I don't know what > UNIX licenses say today; I do know that 5 years ago, an educational license > prohibited using UNIX source code in the classroom. > > You don't like this, you don't think it's right? Well, what do you do about > other property laws you don't think are right? It's really the same thing; > the only question at issue here is what is the definition of property. If > you believe in the concept of private property (and if you don't, please reply > to net.politics....), I suggest that you lobby to have your own definitions > accepted instead by Congress. Personally, I do accept the concept of > intangible property, including intellectual property; given that, I admire > Lauren for declining to steal someone else's property. I agree completely! If, as our economic system and culture embrace, people are to benefit from their labors (again, disagreements/discussions to net.politics) then one must include programmers' labors, too. > --Steve Bellovin > ulysses!smb > > P.S. The opinions expressed herein are *mine* and mine alone, and do not > necessarily represent the opinions of AT&T Bell Laboratories, its lawyers, > etc. And I decline to accept any responsibility for any actions anyone takes > based on my understanding of the law. -- Ed Gould mt Xinu, 739 Allston Way, Berkeley, CA 94710 USA {ucbvax,decvax}!mtxinu!ed +1 415 644 0146