[License-discuss] [FTF-Legal] Reverse Engineering and Open Source Licenses

Lawrence Rosen lrosen at rosenlaw.com
Fri Mar 6 18:39:21 UTC 2015


Cindy Ooi wrote:

> It also impose a moral hazard: If one simply has to do the reverse engineering job

> in a  country that permits the  type of reverse engineering in order to be able to legally

> use the result anywhere, then we are merely constrained by the highest common factor

> of all copyright laws. 

 

Or instead perhaps we are constrained by the lowest common factor in a Berne-filled world? That would be truly fearful. Have you seen the laws in Unfairzistan?

 

According to the EFF report, the permission to "use" in a software license without an express prohibition on reverse engineering is effectively a permission to do so in the U.S. That includes every FOSS license I know of. 

 

They also discourage companies from agreeing to prohibitive licenses or restrictive NDAs because that increases the legal risk. In such situations, consult an attorney!

 

Please note, however, that the EFF analysis doesn't encourage willy-nilly reverse engineering. There remains a high bar to taking someone else's proprietary software and analyzing it to determine how it works. And a proper process for reverse engineering involves creating an institutional barrier to prevent mere copyright infringement in the resulting product. So reverse engineer here in the U.S. if you must and don't infringe when creating your own compatible software product. 

 

Then sell it everywhere. (?)

 

/Larry

 

 

From: Cinly Ooi [mailto:cinly.ooi at gmail.com] 
Sent: Friday, March 6, 2015 9:37 AM
To: lrosen at rosenlaw.com; License Discuss
Subject: Re: [License-discuss] [FTF-Legal] Reverse Engineering and Open Source Licenses

 

Dear Larry

I have no doubt about your legal expertise and experience, but I think generally speaking using something legally reverse-engineered in one jurisdiction in another jurisdiction  where that specific act of reverse-engineering is illegal is at the minimum, problematic.  This is regardless of whether the license is open source or not and based mainly on the ground that in the eye of that jurisdiction, the person granting the license has no rights to do so in the first place. 

This is particularly true in a jurisdiction that permits suing the user of the copyright software in addition the person doing the reverse engineering. In this case, it can become the responsibility of the user to show that the process did not violate the law of that jurisdiction.

Perhaps it is easier to understand if I turn the table around and say someone import into the US something legally reverse engineered but which is incompatible with US law. Is it illegal? (Note: If you say I am mistaken, I accept it.)

 

It also impose a moral hazard: If one simply has to do the reverse engineering job in a  country that permits the  type of reverse engineering in order to be able to legally use the result anywhere, then we are merely constrained by the highest common factor of all copyright laws. 

 

Of course any project (open source or proprietary) of any significant would had done a clean room reverse engineering to attempt to get around this issue.

 




Best Regards,
Cinly

*****
I do not read footer and will not be bounded by them. If they are legally enforceable then this one always triumph yours.

 

On 6 March 2015 at 17:09, Lawrence Rosen <lrosen at rosenlaw.com <mailto:lrosen at rosenlaw.com> > wrote:

Nigel and others,

We needn't rely on some DT document to justify our reverse engineering. Here
is what EFF says we can do in the United States:

    https://www.eff.org/issues/coders/reverse-engineering-faq

Perhaps we can rely on their well-researched legal analysis for now. Someone
complained to me that that this EFF analysis is U.S.-centric and ignores the
copyright law in other countries. But if one (legally and effectively!) does
reverse engineering in the U.S. and then distributes the results around the
world via an open source license, won't that be legal enough?

/Larry


-----Original Message-----
From: Tzeng, Nigel H. [mailto:Nigel.Tzeng at jhuapl.edu <mailto:Nigel.Tzeng at jhuapl.edu> ]
Sent: Friday, March 6, 2015 8:29 AM
To: license-discuss at opensource.org <mailto:license-discuss at opensource.org> 
Subject: Re: [License-discuss] [FTF-Legal] Reverse Engineering and Open
Source Licenses

Well, the provided text in the document does not appear to me to be
conclusive that permitting reverse engineering is not required from LGPL
users.  There¹s interesting analysis of the wording but the real ³missing
step² for me would be that your analysis would actually hold up in a court
of law.  Dependence on analysis of the ³logical structure of the sentence²
seems mildly problematic to me.

If this mattered significantly to me (reverse engineering) I¹d simply assert
that using Apache and BSD/MIT licensed code is just better and to continue
to avoid LGPL.  Which is what companies do and will likely continue to do
until there is supporting case law in the jurisdictions that matter to them
(US, EU, China, etc) that this isn¹t actually required for what they wish to
do with such libraries.  That would be the most prudent and conservative
course.  So Mr. Tilly isn¹t obstructing anything.

Now if DT were to offer indemnification for any losses incurred based on
your analysis...



On 3/6/15, 4:09 AM, "Reincke, Karsten" <k.reincke at telekom.de <mailto:k.reincke at telekom.de> > wrote:

>Dear Mr. Tilly;
>
>On a first glance, your mail seems to be clear an reasonable.
>Unfortunately you are impeding the everyday work of those who want and
>must convince and support their companies, employees and colleagues to
>use free software compliantly. Let me explain, how your obstruction
>comes into being...
>
>Sincerely
>Karsten Reincke
>
>--
>Deutsche Telekom Technik GmbH  / Infrastructure Cloud Karsten Reincke,
>PMP®, Senior Experte Key Projekte - Open Stack
>Komplexitäts- und Compliancemanagement
>[ komplette Signatur einblenden:
>http://opensource.telekom.net/kreincke/kr-dtag-sign-de.txt ]
>
>_______________________________________________
>License-discuss mailing list
>License-discuss at opensource.org <mailto:License-discuss at opensource.org> 
>http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

_______________________________________________
License-discuss mailing list
License-discuss at opensource.org <mailto:License-discuss at opensource.org> 
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

_______________________________________________
License-discuss mailing list
License-discuss at opensource.org <mailto:License-discuss at opensource.org> 
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20150306/1be4f3e9/attachment.html>


More information about the License-discuss mailing list