Reverse Engineering/Legal Aspects
It is quite often the case that reverse code engineering a software product is teetering on the border of legal and illegal. Note that reverse engineering a competing car or a weapon is never legally challenged, nor was reverse engineering software a few decades ago. So as a reverse engineer, you should know your rights and the rights of the software owner. This chapter will focus on just that, exploring issues surrounding patents, copyrights, and licensed software. Even if you play by the rules, you are not immune to harassment lawsuits. (NB: The material here reflects the legal position in the USA. Other juridictions may have different laws.)
Patented Software
editExplain the rights of the software owner under the patent law
Copyrighted Software
editThere are laws about the copyright that someone who reverse-engineers must take care of in open source projects, and the common approach to this problem is to divide the programmers into 2 groups:
- The one who disassembles the code of the program/firmware and writes the specifications.
- The second group that makes a program using these specifications.
Fair Use
editUnder a few circumstances, fair use allows the reproduction of copyrighted material without the owner's permission. The Copyright Act of 1976, 17 U.S.C. § 107 states specifically:
“ |
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include—
The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors. |
” |
In terms of reverse engineering and fair use, the law tends to favor the reverser. However, negatively affecting the value of the original product will almost never result in it being categorized as "fair use." Also keep in mind that fair use does not permit breaking the user license terms.
It needs to be noted that fair use is not black and white. The line between fair use and copyright infringement is very gray. Unless you are very confident about what you are doing, you shouldn't do it.
Digital Millennium Copyright Act
editThe Digital Millennium Copyright Act was put into place in 1998 in order to make any service or device with purpose of undermining or removing DRM (Digital Rights Management) copyright infringement. The act forbids any service or device from being designed to circumvent, or even being marketed to circumvent any DRM.
There is, however, an exception in the DMCA stating that reverse engineering can be done under the purposes of inter-operability between software components.[1] It states the following:
“ |
REVERSE ENGINEERING.—
|
” |
Fair use does still apply. However, it is not fair use to gain unauthorized access to copyrighted work.[2]
End User License Agreement
editAn end user license agreement (or EULA) is a legal contract between the software manufacturer and the user. It explains the terms under which the user may use the software, giving a list of conditions of what the user may and may not do. This contract can state anything from the number of copies that can be made to conditions under which it can be reverse engineered.
EULA and Fair Use
editFair use seems to be safe ground for reverse engineers, almost always using it as a defense. However, an EULA is a legally binding contract. If a user agrees to terms which are in conflict with fair use, the user has effectively waived their rights to fair use.
In the case of Davidson & Associates v. Jung [3], Ross Combs, Rob Crittenden, and Jim Jung reverse engineered Blizzard's protocol language to allow gamers to play pirated video games online. In this case, the reverses agreed to an EULA and TOU (Terms of Use) prohibiting reverse engineering. The judge found the EULA and TOU to be enforceable by law and that a user's right to reverse engineer a product can be contractually waived.
Famous Cases
editWhen Nintendo came out with the Nintendo Entertainment System, they designed a program, the 10NES, to prevent unauthorized video games from working on the NES. In order to make an authorized game, you had to become licensed with Nintendo, and the license agreement essentially stated that a company could make up to five games per year and prevented them from selling the same games to other home entertainment systems.
Atari attempted to crack the 10NES to bypass the restrictive licensee agreement. In 1986, they purchased some NES units and started reverse engineering. By chemically dissolving top layers of the chip containing the 10NES, they could use a microscope to physically look at the bits and accrue some of the object code. The object code was then decompiled to source. However, Atari was unable to completely reverse the 10NES using this method.
In 1988, Atari requested a copy of the 10NES source code from the Copyright Office by falsely saying they were involved in an infringement lawsuit with Nintendo. After completely understanding the 10NES program, they built a program to defeat it. In 1989, Nintendo filed charges against them for unfair competition, patent infringement, copyright infringement, and trade secret violations.
One of Atari's defenses was that reverse engineering was fair use under the copyright law. In the end, the courts decided the act of chemically peeling back the chip and looking at the bits to get the object code on systems they purchased was fair use. It was expected that the courts would find Atari at fault for copyright infringement for stealing the source from the Copyright Office. However, in 1994, Atari and Nintendo settled out of court.
This case concerned Sega's video game console and cartridges. The cartridges had a 20-25 byte code segment which was interrogated by the console, as a security measure.
Accolade disassembled the code which was common to three different Sega games cartridges, to find the security segment, and included it in competing games cartridges.
The Ninth Circuit held this disassembly to be a permitted "fair use" of the copyright in the games' programs. The disassembly of copyrighted object code, as a necessary step in examination of the unprotected ideas and functional concepts embodied in the code, is a fair use that is privileged by section 107 of the Copyright Act: because disassembly was the only means of gaining access to those unprotected aspects of the program, and because Accolade has a legitimate interest in gaining such access (to determine how to make its cartridges compatible with the Genesis console).
Jon Johansen Case
editGive a description of this case
Further Reading
edit- "The Law and Economics of Reverse Engineering", Pamela Samuelson and Suzanne Scotchmer, Yale Law Journal 111, May 2002, 1575-1663.
References
edit- ↑ Digital Millennium Copyright Act, Public Law 105–304 (1998)
- ↑ "The Digital Millennium Copyright Act of 1998" Copyright Office Summary (December 1998)
- ↑ "Davidson & Associates v. Jung, 422 F.3d 630 (8th Cir. 2005)"
- ↑ "Atari Games Corp. v. Nintendo of America Inc." U.S. Court of Appeals (September 1992)
- ↑ "Sega Enterprises Ltd. v. Accolade Inc." U.S. Court of Appeals (October 1992)