Legal Issues of Opening Up Proprietary Standards?

mrjb asks: "The Alesis HD24 is a 24-track, hard disk audio recorder with a built-in 10 megabit FTP server. To improve on file transfer speed, Alesis offers an external Firewire drive with a program called FST/Connect which reads the disks under Windows. I've contacted Alesis about a Linux solution, but none is planned. Also, they are (understandably) not very eager to reveal the file system specs. After a few days of staring at hex codes, I now know enough about the FS to read HD24 IDE disks under Linux (no Firewire required). As I know I benefit from the efforts of the Samba and OpenOffice teams, I'd love to share this info. I'm not, however, the least bit interested in Alesis suing me (in fact, I might want to send them my CV at some point). What would your advice be in such a delicate situation of conflicting interests?"

Put a layer of indirection

[Krach42]

Reverse Engineering is generally not illegal.

But, to CYA, your best bet is to just write up the specs as you understand them, then have someone else write the driver for the community.

You don't even have to share those specs. Give the author the specs, have him write the driver, then publish it, without your specs. Now, anyone who wants to reverse engineer the driver you wrote, is investigating a full layer of indirection from you. They're not even looking at the specs you wrote, but rather the code that was written upon those specs.

Re:Ask the Samba people

[smittyoneeach]

Oui, le French Cafe method:

http://samba.org/ftp/tridge/misc/french_cafe.txt [samba.org]

Re:Huh?

[Otter]

Well, that's half of the problem, but the idiots yelling "IT'S A VIOLATION OF TEH DMCA!!! YUO NEED TO MOVE TO RUSSIA!!!" on every case of perfectly legitimate reverse engineering are the other half. That's why it's important to explain that this guy is (unless he signed an NDA or the like) on perfectly safe ground, instead of feeding the persecution fantasies of the mob.

Re:Put a layer of indirection

[Daniel_Staal]

Yes, this sounds completely legal. That's not the point. He wants to have the manufacturer still like him as well.

My advice: Get a lawyer now. Someone who's informed on this topic of law. Tell the lawyer what you have got, and what you want from the company. Have the lawyer call the company and get some form of assurance that you haven't killed the company. In writing. Make it clear to the lawyer that you don't want to issue threats, you just want to cover your ass.

Play by companies rules, which include lawyers and contracts.

Chapter 12 of the DMCA

[Orrin Bloquy]

Chapter 12's permission vis-a-vis reverse engineering for compatibility purposes refers to copy protection and issues pertaining to copyright, not generic protocols:

http://www.copyright.gov/title17/92chap12.html#120 1 [copyright.gov]

Scroll down to "(f) Reverse Engineering." This section has to do with permitting one vendor to reverse engineer protected/encrypted content.

The notion of reverse engineering a driver for a pipeline which does not encrypt or otherwise disguise its content is theoretically outside the aegis of the DMCA.

Apple used (or misused, depending on your perspective) the DMCA against the OSx86 website because it infringed on protection measures Apple specifically set in place to prevent OSX from installing on whiteboxes. Real told its board members that they might be DMCAed over Fairplay because it unlocks copy protection on iTMS purchases.

If the submitter did not discover any authentication methods or trust related protocols in his reverse engineering, and his driver does not have code which specifically spoofs a platform or other form of identification, it sounds to this non-lawyer like a non-issue.

There may be other legal issues at hand, but AFAIK the DMCA is chiefly concerned with those who circumvent deliberate measures to protect copyright, and simply refusing to publicly document a protocol isn't the same thing.

Now, if the driver somehow replicates code that the vendor had to *license* from Microsoft, Microsoft may have an issue with you. Again, check with a competent IP attorney.

Re:Proof?

[DaveV1.0]

In criminal proceedings, yes. In civil proceedings, no.

Mr.JB can be sued in civil court for any number of reasons. In civil court, there is no presumption of innocence and no "beyond a reasonable doubt". It is basically a contest to see who can sway the judge and/or jury the farthest.

Re:This has certainly been done before....

[DaveV1.0]

What you say is true, but there is a difference here. The products you mention are, presumably, closed source products. MrJB is talking about releasing an open source product. The closed source product did not reveal the "trade secrets" of Roland and other companies.

Releasing an open source product could be considered revealing the trade secrets of the company and MrJB could quite easily be sued for it.

Now, a possible solution for MrJB MIGHT BE(IANAL) to release a binary only kernel module, assuming he can do that without running afoul of the GPL. But, even then, he may have legal exposure.

Re:Difference

[aprilsound]

you are reverse engineering a (presumably) patented product

If the product was patented, then the spec would be available via the patent office, therefore, no reverse engineering would be needed. If it was patented, it wouldnt matter if it was reverse engineered because the spec would still be under patent.

The issue here is more one of trade-secret. If the company has taken resonable measures to protect the spec, then they could claim that you stole a trade secret, which is a crime.

I don't think trade secret can apply here though, unless they used some sort of encryption or something to obfuscate things.

Two Words....

[Chyeld]

Trade Secrets [lawguru.com]

The point of proving that he did not have insider information is to protect him from the accusation of trade secret misappropation.

However, IIRC, that would be the extent of what they could go after him for unless he stole actual code.

IANALBAFS.

Re:Proof?

[budgenator]

why worrry about inside info when

With their patent-pending method of writing to the hard drive, HD24 and HD24XR are the first hard disk recorders built from the ground up exclusively for the purpose of recording music instead of data

It is probably going to be patent encumbered. The Patent will protect the device no matter how public knowlege its interface is!

Re:Difference

[Overzeetop]

Regardless of the measures they took, if he didn't have a contract with them that prevented his reverse-engineering, I think they're SOL. That's the danger of a trade secret - if somebody figures it out without inside knowledge (ie: theft), then there's no restriction on them from building your product or releasing the information.

Now, if there's a EULA involved with the purchase...well, we all know that's where the fun begins, right?

Thats what anonymity is for.

[aminorex]

Release it pseudonymously, or have someone front for you, like Jon Lech Johannsen (sp?) fronts for MoRE. I'd be happy to act as an anonymizing layer between you and your release agent, if you wish.

Er, why would ne need to prove it?

[autopr0n]

Unless he signed an NDA, he's free to do whatever he wants, as long as it dosn't violate their copyrights. (If you're wondering, the reason Compaq was so careful about their clean-room implementation was that their BIOS was certain to duplicate IBM's BIOS, which was published openly. They only way they could prove they weren't violating copyrights was to prove no one on their team had ever seen it)

Re:Difference

[tricorn]

If you can figure it out without doing something illegal, like stealing the specs from the company, violating an NDA or license you've signed, then it isn't a trade secret any more. To be a trade secret, it has to be KEPT secret. DMCA doesn't protect trade secrets that are obfuscated through cryptography, it protects copyrighted content. If the ex-trade-secrets that you discover don't allow you to infringe copyright, then DMCA doesn't fall into it either (remember the garage door opener case?).