Legal Issues of Opening Up Proprietary Standards?

mrjb asks: "The Alesis HD24 is a 24-track, hard disk audio recorder with a built-in 10 megabit FTP server. To improve on file transfer speed, Alesis offers an external Firewire drive with a program called FST/Connect which reads the disks under Windows. I've contacted Alesis about a Linux solution, but none is planned. Also, they are (understandably) not very eager to reveal the file system specs. After a few days of staring at hex codes, I now know enough about the FS to read HD24 IDE disks under Linux (no Firewire required). As I know I benefit from the efforts of the Samba and OpenOffice teams, I'd love to share this info. I'm not, however, the least bit interested in Alesis suing me (in fact, I might want to send them my CV at some point). What would your advice be in such a delicate situation of conflicting interests?"

Sameway as it has always been done

[Anonymous Coward]

Find an anonymous ftp site that accepts this kind of information for this area, which in turn will be let loose into the wild.

reverse engineering for compatibility

[Anonymous Coward]

I believe that even in the US with the DMCA you're still protected here - reverse engineering for reasons of compatibility is nearly always legal and is subject to special protections.

Difference

[jeffs72]

The problem I see here is that you aren't developing something new and giving back to the OS community with this, you are reverse engineering a (presumably) patented product and wanting to release that knowledge into the OS community.

If I were you I'd be awfully careful with what you are doing. Maybe you could just release some sort of closed source linux tool to allow access to this device so your needs are met, and even send it to them so they can release a linux client if they want.

No matter what your feelings are on patent and IP, you still need to tread lightly with their stuff. Esp since you probably contacted them with email so they have documented proof that you went and asked 1st, knew they didnt want to release one, so then set out to reverse engineer it anyway.

But, kudos to you. I'd go the honest route with them, send them your source, say here ya go, I did this cause I LOVE your product and want to use it with Linux, I hope you can appreciate that, and make this available to your customers like me.

Re:Write Specs, Publish Anonymously

[ecloud]

I agree.

To open up this question a bit more, which are the best guaranteed-anonymous ways to publish stuff like this? Freenet obviously. What about Usenet? Somebody at least is logging your IP address in that case right? Would you have to post from a university or something to avoid this?

What other choices are there? Is there an anonymizing bittorrent service in some nice laissez-faire country?

Post in another country

[Anonymous Coward]

Give the info to a friend in another country that is not bound by that silly DMCA thing.

Re: Work with the company?

[Nevynxxx]

Why not get your working driver, and email the company asking if they would release a driver written by you in any form. Then negotiate either payment, or open-ness.

Depends is right

[hey!]

Depends on all kinds of circumstances. The number one is whether or not there are patents involved. How you obtained the information needed to create compatible drivers is important too, as what you may have done up to that point. For example, if you accepted a EULA under windows before poking around the device using Linux, then a lot may depend on the circumstances of the EULA.

Asking /. folks advice on this is like finding a bomb in a movie theater, then defusing it, taking and audience poll as to whether, according to their memories of old movies with UXBs in them, you should cut the red wire or the blue wire first.

It seems to me common sense dictates one of three approaches:

(1) Walk away.

(2) Cover your tracks. (e.g., release specs through an elaborate process of anonyization)

(3) Cover your ass. (i.e., talk to a lawyer who at least knows the right question to ask; getting permission also falls into this category, but makes approach 2 harder).

Speaking of the last, some smart lawyer might drum up business by doing an IP question of the month feature, suitably whitewashed the way psychologists' case studies are.

Seperate the specs and the implementation

[TTimo]

You might want to investigate how the people writing Linux drivers for the Broadcom bcm43xx ( Airport Express ) went about it. One team sticking to write the specs, and a seperate one working from the specs into a working driver.

http://linux-bcom4301.sourceforge.net/go/progress [sourceforge.net]

This has certainly been done before....

[King_TJ]

The music industry is notoriously "closed mouthed" about letting anyone know how their electronic products work at a technical level. Ever since the mid 80's or so though, companies have been reverse-engineering these instruments and devices, and *selling* commercial products that work with them, not to mention work on freeware projects along the same lines.

For example, I used to own a Roland S-50 sampling synthesizer. It saved its sample data on 720K 3.5" floppy disks. But people with PCs quickly realized it would be much more useful if you could take standard WAV sound files and dump them into the synth via MIDI. Many other makes and models of sampling synths and rack-mounted samplers were in the same boat. The manufacturers (like Roland) had poor documentation for the MIDI "system exclusive" commands that would be required to upload or download the sample data, so a few people worked at reverse engineering all of this on their own. Eventually, prodcuts were sold like "SampleVision" which knew how to do this for many dozens of samplers on the market.

Rather than being sued, it seemed like the synth makers actually ended up endorsing the products, providing links to them from their own web sites - because they learned it made their products more desirable to purchase.

Re:Proof?

[Dashing Leech]

"The point is that the burden of proof is to prove that he did."

That's correct. Though keep in mind that the burdon of proof in civil matters is a lot easier than in criminal. In civil matters it is only necessary to prove it is likely he had inside info ("balance of probabilities"), not "beyond a reasonable doubt". So, although he wouldn't have to prove his innocence, it might be necessary to at least demonstrate he has the capability to reverse engineer such a system on his own. For instance, if Alesis engineers claimed it'd be impossible to reverse engineer it without inside information, that might be enough to make it likely unless he could convincingly demonstrate otherwise.

That being said, I'm not exactly sure why "inside information" makes a difference here. Has anybody identified what law he could be sued under if he open-sourced this? Haven't a lot of open source projects been done by reverse engineering hardware without the manufacturer's consent? I don't think trade secret would work here; that's a very specific type of secret. If he didn't bypass some security mechanisms it wouldn't be DMCA. If he didn't copy and re-use their code, no copyright violations. If he didn't implement a technique patented by them, no patent violation.

Sounds like a standard "after market" type modification which is perfectly legal AFAIK.

EULA can't cover everything

[Anonymous Coward]

A EULA usually specifies that the buyer agrees to not reverse-engineer.
OK, so Person A buys, and Person B comes along, just a nosy friend, and does the reverse-engineering.
Person B releases the information. If it is "proprietary", it is NOT protected information. If they had wanted it protected, they would have copyrighted it or patented it, and thereby have released the data.

In this particular case, the reverse-engineer is also the buyer. He should lend his system to some other competent Person B, who independently would spend "a few days staring at bytes". No copyright can prevent Persons A and B from swapping systems for a few days.

Scary yes... but...

[sterno]

Scary as that may be, that's how the world works. You can be sued for pretty much anything and while you may not lose if you can afford to fight it, you still have to afford to fight it.

A good illustration of this comes from an experience a friend of mine had totally outside the realm of intellectual property. They were trying to extend a covenant in a neighborhood. Somebody who lived in the neighborhood resented the covenenant and sued. Fine, but then they also sued all the members of the neighborhood board personally for libel. There was zero libel or evidence there of, but of course then the individual board members had to defend libel lawsuits. No matter how frivolous they were, it costs money to defend a lawsuit.

During this who affair, my friend's home insurance covered their legal fees. But then the insurance company didn't want to be on the line for defending a libel case. So what did they do? They sued my friend to get out of having to pay the legal fees. My friend ended up settling with the insurance company saying that the insurance company didn't have to cover any more fees and my friend would owe them nothing for what they had already paid.

So in the end, from one legal dispute, three lawsuits emerge, and two of those suits were at best frivolous, taking advantage of the cost of a lawsuit as a tool to try to extract concessions.

It's painteted.

[oliverthered]

"With their patent-pending method of writing to the hard drive HD24 and HD24XR are the first hard disk recorders built from the ground up" [alesis.com]

So, go look up the patent [uspto.gov] (not need to do any reverse engineering and send it off to someone who lives in a country that doesn't have software patents. They will then be free to write a driver, but you won't be able to because you live in the US and have silly patent laws.

They may try and sue your arse if you send them a linux driver and ask them distribute it because you've already infringed upon their patent.

Note, it looks like the patent is still pending as none of the patents [uspto.gov] listed [uspto.gov] seem to be for a file system.