wdr@security.UUCP (06/03/83)
My reply to :
arl@mb2c.UUCP
I will first address his comments on legal protection of software,
postponing discussion of physical protection.
I quote his article:
The current implementation of US copyright law
explicitly recognizes the right of the purchaser of a
piece of software to make 'archival' copies of legally
acquired programs. As much as software houses wish
otherwise, copying programs for legitimate back-up
purposes is VERY legal, no....more than legal.., it is
a RIGHT recognized by law.
WRONG. The copyright statute specifies that software protected by its
publishers by copyright may be archived with out violating the
copyright. It is not a new inviable RIGHT, to stand with the
Constitutional Rights Endowed by the Bill of Rights. It is ONLY a
statement that one of the 'Fair Use' exceptions to the Copyright Law is
Archival.
Archival is not a recognized Right. If the software is ONLY protected
by copyright, that is to say there is NO liscence agreement or other
contractual restrictions AND it IS marked COPYRIGHT (C) 1983 W D
RICKER, then you may freely copy it knowing the Congress has
specifically instructed the Courts to consider that act within the
bounds of the 'Fair Use' doctrine. If the Software is legally
protected by means other than Copyrights, whether instead of or in
addition to, this exception does not make null and void those contracts
or legal protections.
The customer and supplier individually and collectively have the
Constitutional Right to Free Contract. If they wish to enter into a
contract in which one guarantees to the other that no more than N
copies will be produced, that is within their right. It makes no
difference whether the guarantor is the seller (guaranteed limited
collectors edition, signed and numbered by the engraver) or the
purchaser (guaranteed no more backups than the agreed upon reasonable
number and thus no possiblility of misuse).
You have the right to not purchase software under ridiculous terms. If
it's the only game in town, though, tough. If everyone stays away, the
price will drop or the terms will become reasonable. If people buy it
with ridiculous terms, then the terms and price are DE FACTO
reasonable and those of us who refuse to buy will have to pay a higher
price. Some vendors are more reasonable than others. There are
money-back guarantees with (a) demo-disk & sealed master disk;
(b) documentation delivered first and disk after return of license which
includes waiver of refund if unsealed; (c) documentation and extensions
disk delivered once licences is signed and sale is final.
Physical Protections: I quote arl's article:
Try as they may to protect their goods, there is very
little than can stand up to the energy and persistence
of hyperkinetic twelve-year-old hackers. I review
software for some national mags and was recently given
a DB to review that was so heavily "protected" that it
took over four and a half minutes to boot up. I don't
know about you folks, but I have little use for such
lunacy. The most successful firms I have encountered
are those who supply extensive documentation, free
technical support, reasonably priced new releases and
refuse to impair the utility of their products with
so-called "protection".
I agree with the above quoted passage. Physical protection is a mild
deterrent at best. Typical hacker-hobbiest systems include a programmable
drive controller and are thus able to duplicate disks in any format if
they have the software to control them. That software is readily
available under much more innocuous names than LOCKSMITH: I have
demonstrated the ability of a TRS 80 III running FORTH instead of DOS
to duplicate DOS disks which were 'protected' by DOS. I suspect any
disk O.S. which does not require iteself to be on EVERY disk has the
capability of copying disks of other operating systems. And an
operating system which requires the first N tracks of every 5 1/4"
floppy disk be identical (read wasted) should not be commercially
viable.
Combination of Physical and Legal
However, some form of physical protection is required to protect
algorithms under the 'Trade Secret' doctrine. Trade secret is the only
protection available to algorithms (unless they fall into the small
subset of patetentable algorithms). Trade secret status is lost
irrevocably upon fair discovery or reverse engineering by a
competitor. Thus reverse engineering MUST be made DIFFICULT. This
implies user modifcation of the critical code is to be impossible. By
definition, Copyright materials are published; thus no item may be
protected by both Trade Secret and Copyright status. Claiming
copyright on an item waives any Trade Secret claims.
Bill Ricker
(617) 271-3725
wdr@security.UUCP
and wdr@MITRE-Bedford.ARPA
..!decvax!genrad!
..!decvax!utzoo!
!linus!security!wdr
..!allegra!dan@idis.UUCP (06/04/83)
References: security.306 Unless the Supreme Court has made a recent decision about the matter, trade secret protection and copyright protection are not incompatible. It is true that published materials cannot be trade secrets, but the copyright laws also protect unpublished materials. It it probably not appropriate to place the standard copyright statement, something like Copyright (C) 1983 by Whoever on proprietary material because the year is intended to be the year of publication. Unpublished materials are *automatically* copyrighted. They don't have to be labelled with a copyright statement. The problem with copyright protection for trade secrets is that an almost inconsequential copyright violation can completely ruin a trade secret and penalties for inconsequential copyright violations are not very intimidating. The serious penalties only apply after a work is registered with the copyright office and even then there is no percentage in prosecuting individuals who make single copies. Dan Strick [decvax|mcnc]!idis!dan