Barcode Maker Responds After Forcing Drivers Offline

Digital Convergence demanded last week that several developers take drivers offline that work with their "CueCat" barcode reader that was distributed freely through Radio Shack and through other places. They have taken the time to respond to the flak that they've taken, and I've attached their response below, interspersed with a few comments of my own. Read on to see what they have to say for themselves.

The following was sent in by Doug Davis from Digital Convergance. Plain text is his. Bold text is mine.

Digital:Convergence understands this Linux issue and the concerns expressed by the community. Had Digital:Convergence been approached by developers we would have been (and still will be) happy to work with them in a constructive direction. Instead, our products were reversed engineered and what has occurred is a public display of what is clearly our intellectual property. It is unfortunate the supporters of the open source community have taken steps to publicize intellectually property in-order to further their own goals and desires. Unfortunately, for us all, some of the people conducting these efforts would not voluntarily remove our IP, even after being contacted.

Thank god. These folks worked hard to write code to use this piece of hardware, and it would be unfortunate if they were forced to take it down. Imagine if Linus had been forced by Intel to take down kernel versions that used their intellectual property in the early part of the last decade. A lot of companies have bullied a lot of people in the last couple of years, and it's only getting worse. Your CueCat, like DeCSS, is going to redefine what IP is. Personally, I hope that when I get a barcode reader, or a DVD-ROM drive (or a car, or phone, or any other physical thing), that I'm allowed to rip it apart and tinker with it at my discretion. I think that's my right as a consumer.

In the strictest legal terms we had no choice but to proceed protect our interests. By posting our IP to the Net the Linux Community has forced us into a position of having to legally defend our technology . Under IP law if we don't PROTECT our IP, we loose any remedies under law to PROTECT our IP. This IS NOT ABOUT stopping hackers, but trying to get the "hackers" and such to WORK WITH US AND NOT EXPOSE US and destroy over 5 years of hard work by a group of "geeks, hackers and techno-whizzes" like each of you!

IP is a weird beast. If you don't defend it, you don't have it. I imagine if Adaptec or Matrox defended the IP created by the work of their "geeks, hackers and techno-wizzes" by forcing Linux driver writers to take down code utilizing their SCSI controllers, hard drives and video cards, their IP would also be unusable under Linux. Which is too bad because I use hardware that they created every day. Oh, and 5 years of development for "base64+XOR"?

Any professional and serious developer will understand the following: .........Unfortunately the Linux Community could of inadvertently created the WINDOW for the BIG companies to come in and control and profit from this process we have created. So if M$ or some other company decides to do what you are doing *for profit" and DigitalConvergence allows the open source group to continue with out proper licenses, DigitalConvergence could loose its ability to effectively stop them. The Linux Community would of actually had a DIRECT HAND in creating what it stands most vehemently against!

You start it off by saying "Any serious Professional will understand" which is a none-too-subtle way of saying, "If you're smart, you'll understand." Fortunately you don't say that any serious developer will agree. What you're saying is that the Linux community should happily take down the code out of fear of some big company (mentioning Microsoft is poor form: it screams like a bad political commercial where they mention a bunch of scary things just to make their ideas seem more true). If big scary Microsoft came along and released their own distribution, there is nothing we could do about it (provided that they played by the common rules of the GPL). That reality constantly exists, but that doesn't slow anyone down. It's not the point. If Microsoft wants to play by the rules of the GPL, I say let 'em. But by your logic, nobody should ever write and distribute source code, for fear that Microsoft would take it. That strikes me as a bit backwards.

It is our hope the Linux community will help us in our efforts by

1. working with us to create a product to support your needs, and;
2. stop and remove illegal posting efforts, and;
3. encourage others in the Linux community to work with us hand-in-hand to develop a various solutions and useful applications. You too, can be part of this valuable tool and project!"

   The weird thing about open source development is that code gets written where programmers itch. I bet you'll find support for #1, but less so for #2. See, your itches might not be the same as their itches. We all define valuable tools and projects differently, and our needs might be a bit different then yours. I don't think that folks posting this code constitutes "an illegal posting effort" any more then I think posting a driver for a scanner does.

   Digital:Convergence supports the Linux/Unix community and plans to make a version of its software available for Linux available in the near future. Also, licenses are available for any developers wishing to work with any aspect of our technology. We welcome the individuals of the community to contact us and use a more professional, orderly and productive manner in adjusting our products to better serve, in tact and based fully upon our various Patents and Intellectual Property, your community, . Professional Licenses and Development contracts are available to the Linux/Unix community and we welcome your direct and professional contact.

   If I own a Ford, do I need a Ford wrench to fiddle with my engine? If I buy a frame, do I need a nail & hammer from the same company in order to hang a picture on my wall? If your tools are the best tools, and at the right price, then by all means, I'd happily use your nail & hammer, but we live in a marketplace where competition drives everything, and you have competition. You have the advantage: you have the technical specifications and the most developed tools, wheras the open source guys are groping blindly in the dark looking for answers. Oddly enough this groping is a large part of the fun. It's a challenge.

   And, by the way, the AT HOME - PERSONAL USE DEVELOPER LICENSE is $20 USD! So please, HELP US PROTECT, what a group of talented developers, have worked so very hard on for over the last 5 years!

   J. Jovan Philyaw - Chairman & C.E.O. ceo@digitalconvergence.com
   Doug Davis - President Technology Group ddavis@digitalconvergence.com

   I seriously wish you guys the best of luck, and hope you figure out a way to work with the developers who are writing this cool code. If you haven't alienated the developers, I bet they would be happy to work with you. My fear is that your business model is shaky: you've given away zillions of barcode readers, (no doubt at great expense) but failed to realize that they, like iOpeners and TiVos and Furbys and AIBOs and DVD-ROM drives and everything else physical, can (and will!) be ripped apart and played with by people. You're trying to use lawyers to take away people's rights to screw around with their own hardware, and that's a problem... your service strikes me as being about a lot more then a silly little barcode scanner and what people do with it. If your software serves a need, people will use it. If some hacker finds some cool other use for the hardware, maybe people will use their code too. This is very real, but this is a free country where we can tear apart our toys and rebuild them if we want.

   On a practical note, you have a website and a net service. Thats different. Thats not a physical piece of hardware that someone can hold in their hands. You should focus on that, and not waste your energy going after hackers who are just poking around with a cool piece of hardware. I'm not a business guy, so I don't know what the answers are, but I do know a dead end when I see it. And don't forget that the percentage of people who are actually gonna mess with this stuff is very tiny. You should concentrate on making your services better for the huge majority of your users who don't run Linux, and wouldn't run software other then yours even if it did exist. It's the blinking 12:00 syndrome. Most users just don't change the defaults.

   I'd also like to say something to the readers: don't get angry and attack these guys. They're just a group of guys trying to feed their dogs by coming up with ideas to make a buck. Yelling and screaming doesn't help anyone. It's easy to forget that every company is just a group of people trying to accomplish something; they aren't evil, even when they make mistakes or do things that we disagree with. But don't stop writing the code. I can think of many uses for this barcode scanner (like maybe software to index my DVDs?). It's still legal to reverse engineer, and that sure better never change.

Still a bit vague on one thing....

What Intellectual property?

Interesting Parallel: X10

This whole situation reminds me of X10. They come up with some pretty cool hardware that appeals to geeks. They give away a starter kit for free--give away the razors, sell the blades idea. Pretty cool, a ton of geeks fork over the $5.00 S/H. X10 sells a bunch of gear.

Geeks come up with some cool implementations of this hardware. They write some software, that works with Linux (X10 hasn't released any that I know of). X10 sells a bunch more gear.

The difference is that X10 is giving away the razors and selling the blades. The Digital Convergence guys are giving away the razors and trying to sell blades that can easily be made of of normal everyday household items.

Which, isn't neccessarily a flawed business model--someone brought up the blinking 12:00 analogy.

Also, convenience is an issue: Kool-aid sells two main types--with sugar and without. They make a much better margin on the 'with sugar' ones--but they aren't quite as popular as the 20 for $1 kind. I guess I mean that people will pay a lot for value added convenience--and Digital Convergence needs to work hard to provide it.

Anyway, I don't understand why it is that they don't sell a SOHO multi-purpose barcode? Seems like a cool peripheral. Hopefully someone will see the demand for such a product and release one--perhaps even X10.

-k

Full of Holes

But keep in mind, we are the ones breaking laws, not Digital Convergence.

Actually, since reverse engineering is legal, and since all D:C did was send a nice, threatening letter...nobody on either side has broken any laws. But this is the least of the problems with your argument...

If you buy electronics and build an FM transmiter of a moderate amount of power, the FCC will find you, and they will fine you.

They sure will. But will they bust you for taking apart your radio? No. You have every right to take apart your radio, and even to build a transmitter with the parts. They'll just bust you for transmitting over regulated frequencies without a licence.

If you modify your car to make it look cool by taking the bumpers off of it, again police will stop you. Its simply not legal.

You're wrong again. I can take any part of my car off that I want to, including the bumpers. And as long as I'm driving my bumperless car on my own property, the police have no right to stop me. On the other hand, if I go onto public roads like that -- if I go onto property that isn't mine, and break the rules set by the property owners -- then yes, they certainly can stop me.

--

Was this really from a lawyer?

I agree that CmdrTaco should have kept his opinions as a sidebar or bookends to the letter in full. As I read, I skipped over the baldfac- er, boldface material and read the letter itself.

Aside from the interspersed comments, are we sure this is actually from a lawyer or official of this company?

There's several grammatical errors that make the letter sound like it's coming from, well, from a twenty-something hothead. "Would of"s and ranting allcap phrases are what I expect to see in the less decorous 'leet crowd, not from someone at the helm or hire of a respectable company.

Besides, if there was intellectual property litigation involved, the company would probably best be served by holding its temper and its collective tongue.

"Major asshole." --Dubya Bush "Big time." --Dick Cheney

Re:Destroying the Loss Leader business model.

I support this business model. Free trials are a great way to get people to use a product and maybe later, pay for it.

What I object to are laws that say people have a right to make money on this sort of stuff.

You mention Sony and the PS2... They sell a PS2 at a loss hoping the license fees for games make up for it. A valid business model imho.

But, what about someone who decides they don't like the PS2? Sony is out a bit of money if the person buys the system and gets the default game, plays it once and tosses it in a box, never to buy more PS2 games. Should the law mandate purchase of at least twelve games?

What if I buy a PS2 and play games on it, thus satisfying Sony's business model, but would also like to run Linux on it. Do they have a right to say I can't?

If they're concerned, they should sell the system *and* twelve games, or whatever they need to break even, as a unit, or with a clearly written contract requiring the purchase of these games by a certain date. Unfortunately, few people would be willing to spend the $800 or so that this would cost on a system they may not like, so Sony would sell few units.

Instead, they gamble. If the PS2 is good, the games will rock and people will buy them. If the PS2 sucks, nobody will buy them and they'll lose money.

I would have been willing, had DC asked politely, without threats and lies (yes, provable lies) to makre sure any CueCat software I wrote would *by default* communicate with their servers, if used in a network mode. That is, if the user scanned something and wanted to look it up, the default server would be theirs, changeable to Amazon(etc) only if the user wished. Instead they lie and threaten, telling us any unquthorized use is against the contract (this is fraud on their part) and demand we don't use the product in any way they disagree with. This is where I stop supporting them in any way.

Instead of them having a reasonable business which I would support, and hobby usage as well, they try for 100% of the pie instead of 99.9% and lose my support and the support of almost everyone else.

It's not their business model, it's them. They're lying, threatening, assholes commiting fraud and I'll take any and all actions I can to see them bankrupt in a short a time as I can manage.

Step 1: Flood their service with repetitive and automated scans and created serial numbers.

Step 2: Reveal this to their potential customers, dropping the value of their data to zero.

Maybe the next group of people to try this business model will realize that fraud and lies aren't going to help them, those people I will support.

this EULA smells like "bait and switch" to me...

...and if you, Gentle Reader, picked up a CueCat in Massachusetts, please email me [mailto], and maybe we can take this issue to the Massachusetts Office of Consumer Affairs and Business Regulation [state.ma.us]. Either Digital Convergence or Radio Shack is in some kind of doo-doo here, because...

• I picked up a CueCat from a Radio Shack in Boston on Friday. My wife picked one up today. Nobody told us anything about being bound by any license agreement. If Digital Convergence really cared about protecting their IP in the hardware, they should have required Radio Shack to warn people of the licensing terms when they picked up the device -- especially after this whole thing broke on Friday. (If the EFF takes this case and wants people to give depositions, we're available.)
• The catalog that Radio Shack gave me with the CueCat says, on the back cover, "come by a Radio Shack store and get your free :CAT scanning device", and on page 3, "You can pick up your :Cue:C.A.T. device FREE at any of over 7,000 participating RadioShack stores nationwide." (Boldface added.) Seems like Digital Convergence Legal needs to have a word with Radio Shack Marketing.
• The sleeve with the CD-ROM does say "Opening this software constitutes acceptance of our License terms contained herein." However, I haven't opened the software, and there's nothing there about using the hardware constituting acceptance of the license.

--

I Liked Taco's Editorial!

Hey wait,

Taco deserves the freedom to Editorialize as he wishes on his web page. I am happy he did it. I enjoyed reading it. I think it was well written and complete.

Enough of this Politically Corect, lets not ruffle any feathers crap.

When we have no rights left (they were sold to corporations by our duly elected reps in congress and executive offices) we will be dreaming of opportunities such as this where we can defend our rights.

BTW: The business model of this product (I picked up one from Radio Shack on Thursday) implies that they are recording the data and selling it without the users permission (or was it hidden in the shrink wrap). I think their model is flawed. Just like I think the Grocery chains model of holding us ransome for 'preferred savings cards' panel id card is flawed.

Re:Yes, but...

Perhaps some definition of the term "clean room" is in order. A clean room implementation is one in which the hardware is treated as a black box, and then software is written to imitate its behavior under ever conceivable circumstance. The classic example of this was the Compaq reverse engineering of the original IBM PC BIOS. It would have been trivial for Compaq simply to slurp the BIOS off the EEPROM and make copies onto their own chips. That would be stealing, and not OK.

What they did instead was to give the BIOS to engineers who has not seen the assembler code on the chip and instruct them to duplicate it based on its behavior. So they sent various signals to the chip, and watched what it did as it booted up, and basically systematically looked at precisely what it was doing. They were then, with some trial and error, able to write code that duplicated all the observable behavior of the IBM BIOS. That is a cleanroom implementation, as evidenced by the fact that Compaq came out with a fine clone of the BIOS and was legally allowed to sell it. Mere use of the hardware is not enough to make it not a clean implementation

The CueCat reverse engineering is remarkably similar to this, except much more simple. The hackers merely had to figure out what the output meant, which apparently was pretty easy. They treated the CueCat as a black box, recording the output from the scanner and figuring out what it meant. No harm, no foul.

Walt

Overstates damage

Unfortunately the Linux Community could of inadvertently created the WINDOW for the BIG companies to come in and control and profit from this process we have created.

Excuse me? The Protocol between the cat and the keyboard port was *TRIVIAL* to reverse engineer. I figured most of it out in 10 minutes. And it took another 20-30 to get the last bit right (the xor was the kicker). 45 minutes after I started looking at bar codes, I knew the protocol.

Even if Microsoft programmers are as incompotent as people at slashdot paint them from time to time (and I know they aren't), I doubt that it would take more than a day for them to reverse engineer the protocol.

Current US laws allow for reverse engineering to effect interoperability. Nothing more than that was engaged in here.

Finally, I think they are just a bunch of crybabies out to give opensource a bad name. Look how much whining they did. Look how unspecific they were about what IP was allegedly stolen. My guess is that they lost sales of some development kit or another, or fear such loss, and are using the IP argument to scare people into not blabbing.

Using "Intellectual Property" as a shield

Reading through the letter, it becomes obvious that these folks don't know what Intellectual Property is. Intellectual Property law takes on three main forms: Trade Secrecy Law, Patent Law, and Copyright Law.

Anyone taking apart their barcode reader and creating software from what they see isn't violating Trade Secrecy law, because reverse-engineering is permitted under Trade Secrecy law. It doesn't fall under Patent law unless they have a patent that hasn't yet been mentioned (this would have to be a patent on the software, because that's what's being recreated), and it doesn't fall under Copyright law unless folks are actually using code from the barcode reader's software or ROM, or producing a work heavily derived from them.

It is a company's sad obligation to go after everyone who is violating one of these IP laws, lest they lose protection under the law, but it's a sadder 'obligation' for a company to use FUD (even when they're apologizing at the same time), under the guise of protecting legal rights, to try to dissuade people who have every right to do what they're doing.

The question here is whether D:C knows it has no legal footing, but is ding everything it can to get people to stop anyhow, or if they read too much slashdot and think 'that's our intellectual property! We must defend it!' without knowing the ramifications of IP law.

Kevin Fox

Re: Reverse Engineering in general...

What most people have to realise is that this idea against reverse engineering in general is again an invention of the software developement industry.. In all the other industries, reverse engineering is common, and used by all.

For example, if you visit a car manufacturer you will see they have groups dedicated to tear down and study in detail their competitors' cars. I know also a few persons in the microelectronics field, who had as a project to design machines for helping reverse engineering. (for a big big player in the market) (those were physical machines to permit the manufacturer in question to open the chips and study each layer of them)

Re:Concerns warrented..

I cannot disagree more!
All that has happened here is that someone has taken their scanner, plugged it into a computer, scanned some barcodes, seen what they got, figured out how it was converting the barcode into the data it supplied and finally wrote a bit of code to turn the data from the device into something useful. They didn't go near the distributors software (it wasn't even close to being complicated enough to need that) so all they did was use the hardware the manufacturer gave away for free as it was intended with different software.
Now ask yourself this, if Ford gave away car fresheners for their Fiesta and then asked people to remove from websites the instructions for how to fit the freshener to other models of cars would you say "the right channels have to be used when dealing with other peoples work is concerned"?
I think this is a simple case of a company who are trying to implement a business plan with a potential flaw ("the WINDOW for the BIG companies to come in and control and profit from this process we have created"). Guess they should have made sure that door was closed BEFORE they handed the things out. Besides, do you really think that MS would need the Open Source community to help them crack this OR that MS would be deterred from rolling drivers for this into their software by claims of infringment of IP rights.
Bottom line I think they are stupid....not mallicious just stupid.....ah well so much for another dot.com dream!

Product misuse: American as apple pie

Oddly enough, my friend Josh Hadler did something almost exactly like this. He wanted to study electromagnetic standing waves, so he build himself a long metallic waveguide, some neon tubes (not wired for lighting -- just long glass tubes with neon in 'em) and a CHEAP MICROWAVE OVEN. He pulled the microwave apart and plugged the clystron into the waveguide, with a Nalgene water hose crossing through the waveguide to absorb most of the energy. Made beautiful standing waves.

The best part was that the store was having a sale -- buy a microwave, get a free home microwave inspection (where a guy would come out and test your oven for RF leaks). Of course Josh had the guy come out and test the microwave AFTER he had taken it apart and used it to make his standing-wave-generator. The guy was scared shitless but tested the apparatus anyhow.

My point is that your example is a particularly cogent one about using a product in a manner for which it's not intened.

Ever use a car as a nutcracker? You jack up a drive wheel, put it in fourth and put a brick on the gas. Then you throw nuts into the gap between the wheel and the ground. Works VERY WELL with fresh walnuts.

Ever use a stereo as a degausser? You short a speaker line through a long spool of wire, ram a bunch of iron things into the center of the spool, and use the volume knob to degauss.

Ever use a Craftsman screwdriver in a way for which it wasn't intended? Did you break it?

Using products in ways in which they weren't intended is a big part of the American ideal. If the Wright Brothers hadn't used bicycle parts in a way for which they SERIOUSLY weren't intended, it might take a lot longer to get to that ski vacation today...

Re:Yes, but...

Cleanroom would only need to be used if this were done:

• Examine software
• Abstract to figure out how the software works
• Write new implementation

because the problem there is that they directly saw DC's IP (their software source code).

But the FlyingButtMonkeys didn't reverse engineer the software, they reverse engineered the protocol and built their own software to use the protocols. So clearly they didn't copy any of DC's source code.
--

Re:Have a dog and bark yourself

Whilst I can appreciate your desire to rip to shreds some of the specious arguments presented in this letter, I would humbly suggest in future that you refrain from doing so.

I wouldn't want the Commander ot refrain entirely, but he should refrain from doing it in the body of the story, but instead do it as a reply to the story. Of course...

The first law of public posting is that someone else always has a smarter angle on the whole thing than you do, so if you act in a restrained manner and don't rip into the offender, someone else will.

Which means that the Commander wouldn't be able to guarantee that his inspired thoughts would be foremost in our minds if he opened them up to the hazards of moderation. I hope that he (and his compatriots) will do this in the future, and even consider modifying this story to remove his commentary.

Re:Still a bit vague on one thing....

I think what their gripe really boils down to is they're giving away hardware and attempting to build a software and service business model around that.

And this is the flawed reasoning that will kill a lot of "free/cheap hardware, but buy our service" businesses. A lot of people, including some misguided business owners and managers, can't deal with the fact that computers are, in the end, user-programmable devices. If you develop hardware centered around a computer, someone can (and these days will) develop a free implementation of the software end, just because they can. All the legal threats and letters in the world won't stop an interested hacker from indulging his/her curiosity and reverse-engineering something, especially if that something is hardware that currently doesn't work with his/her favoured OS. As long as no secret documents or specs have been stolen directly from the company (as in, broke into their computers/offices and copied/took the docs) or leaked by an employee under an NDA, nothing legally or morally wrong has been done.

Either some business owners need to wake up to that reality now and learn to live with it, or the future will see even more legal stupidity as frightened CEOs loose their attack dogs in futile attempts to stifle curiosity and interoperability outside of their control.

Re:Yes, but...

I made an implicit assumption that I'd like to clarify...

Thomas claimed that the protocol is IP. I think that's false. Even if it were, the actual embodiment of "the protocol" is not one specific string of bits that it spits out (no more than an image generated by a Adobe Photoshop is the IP of Adobe), but rather the set of rules for generating that string of bits, namely the logic/code stored in the CueCat and in the driver on the computer.

Additionally, if this were the case, I think they'd have to have a patent on the rules for the protocol. Otherwise, the rules for the protocol were independantly figured out, which is a legal way to get the information under trade secrets law.
--