Legal Issues of Opening Up Proprietary Standards? 269
mrjb asks: "The Alesis HD24 is a 24-track, hard disk audio recorder with a built-in 10 megabit FTP server. To improve on file transfer speed, Alesis offers an external Firewire drive with a program called FST/Connect which reads the disks under Windows. I've contacted Alesis about a Linux solution, but none is planned. Also, they are (understandably) not very eager to reveal the file system specs. After a few days of staring at hex codes, I now know enough about the FS to read HD24 IDE disks under Linux (no Firewire required). As I know I benefit from the efforts of the Samba and OpenOffice teams, I'd love to share this info. I'm not, however, the least bit interested in Alesis suing me (in fact, I might want to send them my CV at some point). What would your advice be in such a delicate situation of conflicting interests?"
Put a layer of indirection (Score:5, Informative)
But, to CYA, your best bet is to just write up the specs as you understand them, then have someone else write the driver for the community.
You don't even have to share those specs. Give the author the specs, have him write the driver, then publish it, without your specs. Now, anyone who wants to reverse engineer the driver you wrote, is investigating a full layer of indirection from you. They're not even looking at the specs you wrote, but rather the code that was written upon those specs.
Re:Ask the Samba people (Score:5, Informative)
http://samba.org/ftp/tridge/misc/french_cafe.txt [samba.org]
Re:Huh? (Score:5, Informative)
Re:Put a layer of indirection (Score:3, Informative)
My advice: Get a lawyer now. Someone who's informed on this topic of law. Tell the lawyer what you have got, and what you want from the company. Have the lawyer call the company and get some form of assurance that you haven't killed the company. In writing. Make it clear to the lawyer that you don't want to issue threats, you just want to cover your ass.
Play by companies rules, which include lawyers and contracts.
Chapter 12 of the DMCA (Score:5, Informative)
http://www.copyright.gov/title17/92chap12.html#12
Scroll down to "(f) Reverse Engineering." This section has to do with permitting one vendor to reverse engineer protected/encrypted content.
The notion of reverse engineering a driver for a pipeline which does not encrypt or otherwise disguise its content is theoretically outside the aegis of the DMCA.
Apple used (or misused, depending on your perspective) the DMCA against the OSx86 website because it infringed on protection measures Apple specifically set in place to prevent OSX from installing on whiteboxes. Real told its board members that they might be DMCAed over Fairplay because it unlocks copy protection on iTMS purchases.
If the submitter did not discover any authentication methods or trust related protocols in his reverse engineering, and his driver does not have code which specifically spoofs a platform or other form of identification, it sounds to this non-lawyer like a non-issue.
There may be other legal issues at hand, but AFAIK the DMCA is chiefly concerned with those who circumvent deliberate measures to protect copyright, and simply refusing to publicly document a protocol isn't the same thing.
Now, if the driver somehow replicates code that the vendor had to *license* from Microsoft, Microsoft may have an issue with you. Again, check with a competent IP attorney.
Re:Proof? (Score:4, Informative)
Mr.JB can be sued in civil court for any number of reasons. In civil court, there is no presumption of innocence and no "beyond a reasonable doubt". It is basically a contest to see who can sway the judge and/or jury the farthest.
Re:This has certainly been done before.... (Score:3, Informative)
Releasing an open source product could be considered revealing the trade secrets of the company and MrJB could quite easily be sued for it.
Now, a possible solution for MrJB MIGHT BE(IANAL) to release a binary only kernel module, assuming he can do that without running afoul of the GPL. But, even then, he may have legal exposure.
Re:Difference (Score:3, Informative)
The issue here is more one of trade-secret. If the company has taken resonable measures to protect the spec, then they could claim that you stole a trade secret, which is a crime.
I don't think trade secret can apply here though, unless they used some sort of encryption or something to obfuscate things.
Two Words.... (Score:3, Informative)
The point of proving that he did not have insider information is to protect him from the accusation of trade secret misappropation.
However, IIRC, that would be the extent of what they could go after him for unless he stole actual code.
IANALBAFS.
Re:Proof? (Score:3, Informative)
Re:Difference (Score:3, Informative)
Now, if there's a EULA involved with the purchase...well, we all know that's where the fun begins, right?
Thats what anonymity is for. (Score:3, Informative)
Er, why would ne need to prove it? (Score:4, Informative)
Re:Difference (Score:3, Informative)
If you can figure it out without doing something illegal, like stealing the specs from the company, violating an NDA or license you've signed, then it isn't a trade secret any more. To be a trade secret, it has to be KEPT secret. DMCA doesn't protect trade secrets that are obfuscated through cryptography, it protects copyrighted content. If the ex-trade-secrets that you discover don't allow you to infringe copyright, then DMCA doesn't fall into it either (remember the garage door opener case?).