Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Hardware

Obfuscated Circuitry? 224

ortholattice writes "The current issue of EDN has an article Cunning circuits confound crooks that discusses methods that attempt to foil the viewing of software in embedded designs. Interesting is its view on reverse-engineering, which the article consistently calls theft: "As programmable logic increasingly encroaches on high-volume territory formerly dominated by ASICs, unscrupulous operators are licking their lips at the prospects of easily duplicated, or even reverse-engineered, designs." "...The other harder but possibly even more damaging form of theft is 'reverse-engineering'...""
This discussion has been archived. No new comments can be posted.

Obfuscated Circuitery?

Comments Filter:
  • by Anonymous Coward
    I remember when the original VideoCypher system for TVRO (satellite TV) came out. The codes were held in battery-backed RAM. You could not loose power or you lost the code. The guys who hacked it actually drilled tiny holes in the chips, added a drop of mercury, then used the mercury as a conductor path to connect logic analyizers. They would read the outputs from the pins and compare them to what was going on in the chip and wound up cracking the DES encryption. Cpt_Kirks
  • Making a key for the cable/DSS descrambler that lets you steal content that is not yours is not the same as making the key to your house which you access only your own contents. I agree with the DECSS concept, because you did legaly buy regardless of where the copy was purchased (legal not bootleg) access to the content and fair use laws apply. When you buy a lock (DVD) and key (player) than making an extra key should not be illegal!
  • I've worked with embedded systems since the early 80's. You can obfuscate stuff all you want, but it will not stop someone that really wants to copy something from doing it. All you can do is make it a little harder for them to do. In the end if they REALLY want the information they can get it.

    As for legality it all depends on what they do exactly and where.

    If they grab your copyrighted 'code' and just clone it, then that is a copyright violation in many countries.

    If they reverse engineer your system by examining the i/o patterns, then it might by a violation in some countries, not many at this point.

    Either way if you are going to try and rely on obscrutity to protect your market share, you will be in for a very rude awakening.
  • I certainly wasn't arguing that you shouldn't try to take steps to protect your trade secrets. On the contrary! If you as an individual or an organization have trade secret design information, you should take every legitimate technical effort to protect its secrecy.

    Know, however, that once you release a product containing that trade secret, it is unprotected, and you have only those defenses that you implemented to protect your trade secret. Knowing that just about anything can and will be reverse engineered, patent protection is the better option, of course.

    My entire point was simply that reverse engineering is not theft, particularly in the context of trade secrets. (As an aside, reverse engineering of a patented device can, in some circumstances, be actionable). It is the legitimate pursuit of understanding of the operation of a product.
  • "Reverse Engineering" didn't create PC clones. All of the cloning companies simply created a processor that followed the same (freely published) instruction set and rough timings, so that the software still worked. The underlying hardware is irrelevant as long as the interface is the same.
  • Yeah, typically, but there was a mix up with Amish Paradise, and he didn't in fact have permission, but Coolio had no legal recourse.
  • Pretty bad picture, isn't it?

    Brian Dipert
  • This is easily the most lucid thing I've seen written re: this article, including anything I've said. Wish I could mod it up.

    I also wish people would learn the lesson you seem to take to heart so vigorously: There is no tamper-proof hardware, and technical fixes to legal problems rarely stick.

    OK,
    - B

  • Whoa, big breach in logic. You nearly blew my mind with that last sentence, it made so little sense.

    The author didn't say that all people who reverse engineer are criminals. He said that there is an aspect of design theft called reverse-engineering, and that he was going to concentrate on how to prevent it.

    Whether or not they are entitled to not be the victim of this is not the point. Because in some eyes they are entitled to it, and in some eyes they are not. This article, obviously, has no use in a IP-free world, so therefore the target audience is not likely IP-free proponents. The target audience are corporations interested in protecting their investment, and that target audience has most likely decided that they ARE entitled to not be the victim of this sort of theft.
  • I think that you've got it exactly right. The "theft" that is being described here is more akin to the kid who ripped of Linux.com's web design [slashdot.org]. This article merely mentions a few ideas that will make it harder for people to rip off your firmware code.

    I think that everyone here would agree that you shouldn't use someone's code without giving them credit, that's just fair. Why would you expect it to be any different with firmware?
    ________________
    They're - They are
    Their - Belonging to them

  • In what sense is this copyright violation? I'm not a lawyer, but copyright isn't the applicable protection here. Patenting might be, and if the implementation is patented, then reverse-engineering for purposes of introducing a rival product would be illegal (and unnecessary, since if it were patented, the details would have to be disclosed as part of the patent process). However, if it is not patented, then it would be considered a trade secret which is not protected against reverse engineering. As someone else has pointed out, if I open up the hood of my car and figure out how it works and build another car, there is no legal recourse against me unless something in there is patented. Whether or not it is patentable is a separate question.
  • I did not say that no changes or updates would have been made; I said that the "modern version" of Photoshop would not have been created. It may be that *some* newer version of Photoshop would have been created, but the feature-rich (and expensive to develop) "modern version" of Photoshop would have been unnecessary without the pressure of competition. Instead of the incredibly powerful image editing tool we have now, we would instead have a tool only powerful enough to maintain profitability in the face of the (very real) factors you mention. Surely you don't mean to suggest that lack of competition fosters innovation?
  • I saw a special on how it was done ( or the special covered it). One person sat down and figured what did what and wrote it down. The person then closed the book, and the person then handed it off to another person to implement. I thought it was pretty cool becuase there was two people involved IBM lost.
    Another point we would be in trouble form other counties when we tried to reverse engineer their technology. They could just sue us. THat would have put a damper on some of the cold war. I can see the headlines now. "Russia sues U.S. over copyright infringement!"

    All this stuff against reverse engineer is scaring me. It will hold be technology. The simplest case being the cost of the product would go down when you have clones. THe IBM PC is an example of that. Now, how far would we be if the price wouldn't have gone down on PCs? Would we even have Linux? Or would we still be doing timesharing on major computers?
  • Parodies like Weird Al are an obvious example.

    Except that he gets permission from everyone he parodies. He probably doesn't have to, but he does.

    --------
  • Or, at least, it helps demonstrate that something was reverse engineered, rather than simply copied. If I have no chance of following the wires and such, but I can still replicate the device, I must have treated it as a black box, and I thus escape copyright. It's easy to show your version to be a clean-room implementation if there's no way you can get yourself contaminated.
  • One, Hemos just okayed the writeup someone else submitted to the queue. He didn't add any comments to it, except the "dept" tag and possibly the title.

    Two, Hemos' job can be stated as publishing stories on the front page that will generate lots of page visits. To troll, in the fishing sense, is to put bait out that will generate lots of bites on the hook. Thus, Hemos is a troll, but that's his job.

    If you don't want to be baited, don't go somewhere that constantly and loudly claims to have nothing to do with professional journalism. They intend to get people to talk, even if it's on a gut-reaction level, as that is what pays the rent.

  • One problem there - actual reverse engineering - cycling through all possible inputs and recording the outputs, then creating a clean-room implementation that gives the same outputs - is NOT theft (unless the new implementation infringes on someones patent - which has nothing to do with the reverse engineering process).

    To put it plainly - there is no such thing as "full out felonious theft", all theft is unlawfull - reverse engineering is not unlawfull - therefore reverse engineering is NOT theft.


    -Nick
  • Modern versions of Photoshop would never have been created if Adobe did not know for a fact that there were others out there attempting to produce a better product with similar capabilities. Imagine Adobe had patented the use of a computer for the retouching of photos. Why waste money on development when you have a monopoly? Fire the programmers and let the public complain about missing features all they want; anyone who produced a competing product could be sued out of existence.

    It is the competition between the Adobes and Corels, the Intels and the AMDs, that has driven the fantastic pace of innovation these last 40 or so years. Allow every single invention bullet-proof protection from competition and you will see the pace of change slow to a crawl.

    [tinfoil]And the worst part of this is, when the economy goes south because of this, the rich will just get richer. Sometimes I think they're driving the economy into the ground on purpose.[/tinfoil]
  • Whoa, whoa, whoa. There's a difference between fair use and making money from a product. In the original article the idea was of reverse enginnering and making money from that. That's illegal, as it should be. But reverse engineering and never making money, or reverse engineering with permission is a totally different matter.
  • TiVo uses blowfish (or two-fish... some sort of fish!) decryption (and keys) in the hardware. It downloads updates, and then decrypts them in hardware (ASIC). It may run Linux, but some of it isn't open-source (some of the hardware definitely isn't!).

    Is this evil? I don't think so. They need to protect their $10/month service from theft somehow. Hey, TiVo is a good idea. I'll pay the monthly.

    --phil
  • No, that's defined as infringement of a copyright monopoly.
  • MUST be stolen! Someone call the authorities!
  • You have a "monopoly" on your name and identity. Since you're obviously against all forms of monopolies, how about I borrow your identity and then, oh, buy $50 million of banannas.

    There are *SOME* times when a monopoly is a Good Thing. Trade Sectrets are like Patents, but you've got to make an effort to protect them... which I guess includes everything legal you can do.
  • Nope - the compatibles companies simply created their own processor that used the same instruction set and interface, which were freely published (so people could write software). The underlying hardware circuits (which is what this reverse-engineering article is all about) were not copied.
  • by FreeUser ( 11483 ) on Tuesday October 17, 2000 @10:19AM (#698654)
    That is legally defined as theft.

    No, it is not.

    In the case of copyright infringement, making money off of somebody else's copyrighted work is legally defined as copyright infringement, and is explicitly (and with good reason) not equated to theft.

    Making money by reverse engineering a product was never, before the DMCA, defined as copyright infringement, and most certainly not theft.

    Now we have the DMCA, and the dawning of an age of verticle monopolies enforced at the end of a government gun the likes of which we haven't seen before. Why. Because the only damn way anything is going to interoperate in the future is going to be via controlled, licensed standards, which will always put competitors at a disadvantage and, probably quite quickly, lead to their demise.

    The DMCA pays lipservice to "interoperability," but only as a sole purpose, and as any engineer will tell you, very little if anything on this planet can ever be said to have a "sole" purpose -- applications for products are always found which suprise the original maker. As the courts have said "interoperability" as merely one of several possible applications does not suffice to fall under the "interoperability" exclusion of the DMCA, this effectively means no reverse engineering at all, even for interoperability. End of story.

    Fools like you will continue to scream "theft" where no such thing exists, and the even greater fools who run our government will probably listen. And thus ends the age of exponential growth in knowledge and technology, not with a bang, but with a wimper beneath the authoritarian thumb spawned of the greed of own corporate industry and the government which whored itself out to them, and the myopic short sightedness of folks like you.
  • Your not liking (and the implied desire to stop) one sided views is actually a one sided view.

    Point of view is a major component of what makes individuals unique.
  • ...it was a neat idea.

    But now, well, multilayer circuit boards are common and anyone looking at a PC board would expect that. X-rays anyone?
  • Yep that was it (the 1999 article) for some reason I thought I saw it much longer ago ;)

    thanks for the great reference !
  • And thus the real damage of the DeCSS case takes hold. Now, the act of studying things to find out how they work (reverse engineering) is redefined as "theft".
  • by Restil ( 31903 ) on Tuesday October 17, 2000 @03:12PM (#698665) Homepage
    I would rather companies that are intent on keeping their technology secret make it harder (physically) to extract rather than resorting to legal tactics. I personally believe that everyone has the right to reverse engineer anything they want to, but nobody said that the company creating the product has to make it easy.

    There is a drawback though. The more complex the circutry becomes, the harder it will be to debug problems in the circuits and this will lead to longer production cycles which will give the feared competition a leg up anyways. Always a tradeoff.

    -Restil
  • 1) TrueType fonts can't be used or distributed without a license (Apple owns the patents)

    2) DirectX technologies are either patented by MS or licensed (circumventing this MIGHT be possible, reverse engineer them, find a different way to do the same exact thing)

    3) The Windows task bar is patented (yeah, I know...)

    4) The registry and the manner it is modified, protected, installed, etc is patented

    5) Crashing to an unusable state is patented (Microsoft made sure to get that one)

    You get the point.

  • If you want to have examples of obfuscated circuitry, you only have to look at satellite smart cards.
    Agreed. This is really the canonical example, IMHO. Hundreds of thousands of copies of valuable circuits put into hostile environments. And unlike, say, cash cards, the cracked circuit can stay airgapped from the outside world.
    I don't know about the situation here in North America . . .
    Well then, here's a quick precis of what I've been able to find out about it. Enjoy!

    DirecTV receivers contain a smartcard which serves as an authentication token to the receiver. The smartcard can be reprogrammed via a datastream in the satellite's signal. Once you've successfully pointed your dish, you call up DirecTV and tell them the number on your smartcard. They in turn send a signal in the satellite's datastream that activates the card.

    DirecTV is currently transitioning from its second ("H") to its third ("HU") generation of smartcards. (The first ("F") generation was cracked and phased out long ago.)

    Cracks exist for the H cards, but here's the catch: Nobody's ever cracked the ASIC on the H card. The best anybody's been able to do is figure out how to reprogram the firmware in the H card to harness its ASIC for their own nefarious purposes. H card emulators exist, but even they need an actual, physical H card plugged into them.

    Why bother with an emulator, then? Good question. DirecTV buys and analyzes pirated H cards and devises ways to reprogram them via their satellite data stream in such a way as to disable them but leave legit users untouched. These electronic countermeasures ("ECMs") can reprogram the card into an irreparable infinite loop, whereas an emulator can just be terminated and reprogrammed once a counter-countermeasure is devised.

    In the near-to-mid term, DirecTV will send HU cards to all of its subscribers, and then make the H cards cease to function. As far as I've been able to find out, no cracks at all exist yet for HU cards.
    --

  • by xtermz ( 234073 ) on Tuesday October 17, 2000 @09:57AM (#698670) Homepage Journal
    reverse engineering deemed by the supreme court as fair use? The fact that a news organization would post an article like this calling people criminals is well, criminal. Somebody needs to send a clearn message to these news agencies telling them that we wont stand by as they push the big biz agenda.

    "sex on tv is bad, you might fall off..."
  • by xtermz ( 234073 ) on Tuesday October 17, 2000 @10:02AM (#698676) Homepage Journal
    Lets give this guy a call, shall we?
    Let these writers know that one sided views are not cool
    Author Information

    Contact Technical Editor Brian Dipert at 1-916-454-5242, fax 1-530-937-8147, e-mail bdipert@pacbell.net

    "sex on tv is bad, you might fall off..."
  • What do you think would happen if someone created a fully-functional Windows clone? Something that looked almost exactly the same, minus the logo and the name, something that had the stability of Linux and the same UI, binary format, layout, etc, of Windows...?

    This should be completely legal, but $10 says Microsoft would go after it. And that's just dumb.

    Mike

    "I would kill everyone in this room for a drop of sweet beer."
  • While this topic is worth discussing, the article isn't as nasty as the story might lead you to believe. It's about industrial espionage; reverse engineering in order to gain access to (legally protected?) trade secrets for commercial purposes. I don't think that falls under fair use.

    Some parellels have been drawns to DeCSS; reverse engineering in order to gain access to what we have a legal right to under fair use, for personal use. There's a big difference ethically and legally.

    Yes, the writer of the article throws around some terms a little too freely, but I don't think it's a big deal taken in context.


    My mom is not a Karma whore!

  • by ichimunki ( 194887 ) on Tuesday October 17, 2000 @11:42AM (#698694)
    Whoa! You have fair use rights as an individual, not as a company. Fair use does not extend to making money off of somebody else's copyrighted work. That is legally defined as theft.

    Posts like this make a strong case for having a moderation option like "-1, Blatantly Untrue." First of all, fair use is not limited to individuals. That makes no sense at all. Newspapers take advantage of the Fair Use rules when they quote others, press releases, and books (like in reviews).

    Second. Fair use protects all kinds of commercial endeavors. Parodies like Weird Al are an obvious example. A case with a Supreme Court precedent behind it would be the 2 Live Crew "parody" of the song "Pretty Woman". They did not obtain permission or pay a fee (although they appear to have been willing to do so), but they were not liable for any damages nor found to be infringing anything.

    Finally, copyright infringement is not theft. Theft involves taking real property from the control of the rightful owner. There is no paradigmatic relationship between theft and the act of reproduction (whether direct or indirect) for illicit profiteering.

    As a final note, this article is about a device, no? As such copyright does not apply. A device would require a patent, which has a completely separate set of rules governing time of protection, application, and what is considered fair use.
  • I understand I'm a bit 'popular' on slashdot.org today ;-) I'll say publicly what I've said privately to everyone who's written me so far; although I admit that I didn't explicitly state this, what I meant was reverse-engineering with intent to illegally re-use IP protected by copyright and/or patent. I even mention legal reverse engineering when I brought up Integrated Circuit Engineering....

    It appears from some of the earlier-made postings I've just scanned that some of you figured this out already. I thank you for defending me. And for those who I confused with my less-than-exact wording, I apologize. Profusely. Now quit clogging my email inbox! ;-)

    I'll be publishing a print clarification of this point in an upcoming issue of EDN.

    Regards,
    Brian Dipert
  • Copyright is an *intentional* monopoly, and the best reason that I can see for abolishing it is that it would once and for all eliminate the viral nature of the GPL... :-)
  • by GhostCoder ( 108387 ) on Tuesday October 17, 2000 @10:23AM (#698702)
    The author doesn't call reverse-engineering theft. He says that in this type of theft that he is reporting on, one of the more sinister versions of it is reverse engineering. The author is writing an article about preventing design theft. And he isn't really talking about theft in the legal sense, although he does bring it up. He talks about keeping people from snaking your work, regardless of whether you have a legal right to protect it (i.e. copyrights, patents, trade secrets, etc).

    Does he flat out say that reverse-engineering is illegal? No! In addition, all of his examples involve theoretical rival companies, not an evil band of OSS zealots.

    From what I read, the author's view is that reverse-engineering is a tool that can be used to commit IP theft, and here are some ways to prevent it.

  • Sure, you can use my identity and by $50 million i bananas, I don't mind that, but you'll pay for them.

    I am an individual, not a company. Companies and individuals have different rights. If someone creates something, other people should have the right to study it and create something like it based on their findings.

    Mike

    "I would kill everyone in this room for a drop of sweet beer."
  • About 20 years ago, a friend of my Dad's made a couple of million dollars selling specialized hardware devices to accupuncture quacks^Wdoctors. Most of these devices were dead simple electronically, and this guy approached my Dad to get some ideas on how to make the guts all fall to pieces if anybody tried to take the box apart. Mostly he did it with fake circuits and real ones expoxied to one surface of the box wired to other fake circuits or real ones on other surfaces of the box so that if you took the box apart, both the fake circuits and the real ones would have wires rip out, making it harder to see which circuits were real.
  • by Samrobb ( 12731 ) on Tuesday October 17, 2000 @10:24AM (#698705) Journal
    You have to consider that the products they ship are intended to be "black boxes" and may contain trade secrets, which are legally protected.

    Any of you lawyer types, feel free to correct this - but from what I understand, there are no legal protections for a trade secret. However, there are legal protections for a person or company that decides to disclose a trade secret to another person or company, if they identify it as a trade secret.

    In other words - if they tell you what the trade secret is, and that it is a trade secret, they they can hold you accountable if you disclose it to someone else without their permission. If you lie or comit breach of contract in order to gain the secret, then you're right - that's essentially theft; but then again, there's no reverse engineering involved there. If they never tell you what the trade secret is, and you discover it on your own, then it's game over - their secret is no longer a secret, and you have every right to make use of it.

    There's a tradeoff here - if a company gets a patent on an invention, process, or what have you, then they have a legal monopoly on it for a few dozen years in return for disclosing their secret. If they don't get a patent, then they can keep their secret as long as nobody discovers it, which might be a good long time (for example, Coke) or might not last more than a few years.

  • Although most slashdotters won't agree with me on this point, I'd be totally happy if I found out one of my competitors was stealing my design. Because I have a butt-load of patents protecting it, and if my competitor wants to sell his product in any major market, I'm going to sue his ass into the ground.

    As for adding protection against reverse-engineering it simply commits too much cash to the design to make it worth-while.
    Preventing someone from stealing your designs, is like any other type of theft, no matter what you do, a determined thief will still be able to steal it.

    Besides his prevention method only discusses a black box type look at things. What if its a professional reverse engineering company like Semiconductor Insights [semiconductor.com] decides to reverse engineer it. They are going to take the chip, de-cap it, and reverse engineer the circuitry right off the silicon. What exactly can you do to stop that?

    Anyway, basically this guy is selling a new lock, and what what you should be doing is buying theft insurance (i.e. patents).
  • by buckrogers ( 136562 ) on Tuesday October 17, 2000 @10:26AM (#698709) Homepage
    This may sound shocking, but I don't care about the trade secrets of a company where I don't work. I never signed a non disclosure agreement with the company, so I never agreed not to disclose trade secrets.

    Patents are designed to give the company a limited monopoly in exchange for them providing the rest of humanity with the information on how that device or procedure works... This is considered _good_ by most because it prevents knowledge from being lost.

    However, a company has _no_ such protection for information that they don't share with humanity. Companies who wish to keep their information away from everyone employ a tactic know as trade secrets. This means that they try to keep information secret so that others can't do what they can do.

    However this tactic has one serious drawback, other people can learn your secrets through looking at your products, or by simply watching your procedures... Then those other people can compete against you with your own information... We can't have that now!

    If something isn't protected by a patent, it is fair game to be reverse engineered and that information used against them in a competetive market... If they feel like sharing then our society will reward them with a 17 year monopoly. Their choice...

    Only the whiners go crying to court when their secrets become public knowledge... As if the court can somehow make everyone forget the truth... *laughs* No court is _that_ powerful.
  • by jms ( 11418 ) on Tuesday October 17, 2000 @11:51AM (#698713)
    A couple of problems with #2

    2. Unlimited reverse engineering aka "Perfect Reverse Engineering". All products may be disassembled and duplicated without hinderence of patent, trade secrecy, or any other form of intellectual property. Knowledge flow is instantaneous from creator to user.

    That's exactly the way it works now. Even the disassembly and duplication of patented inventions is legal, so long as it is "for the mere [berkeley.edu]
    purpose of philosophical experimentation, or to ascertain the verity and exactness of the specification"

    Trade secrecy laws do not protect against reverse engineering. Trade secrecy laws only protect against "insider jobs" -- where the trade secret is disclosed by someone who is contractually obligated to keep it secret.

    The other applicable form of IP is copyright, and it is well established that you have the right to read copyrighted works, and thus, to understand them.

    Outcome: The tragedy of the commons. Companies will play "wait-n-see" to see who comes up with difficult to engineer solutions to problems. If they are making a profit, they will not bother to spend money on R&D.

    This is not what "tragedy of the commons" means. Tragedy of the commons only applies to depletable resources, like a silo full of corn. If everyone takes corn out of the silo, and no one refills it (or pays money which is then used to refill it), the silo will quickly empty out, and no one will have corn. IP is not a depletable resource, and the "tragedy of the commons" does not apply.

    Copyrights and patents create incentives to publish, which is good, but also turn unlimited resources into limited, scarce resources at the same time, which is bad.

    Here's hoping that we can remain civil, and arrive at solutions that provide a fair balance for each individual case.

    Good patent and copyright laws maximize the amount of disclosure of inventions and publication of works, while at the same time minimize the tremendous accumulation of power that can result from granting a corporate monopoly over an unlimited resource. The fact that our media corporations, which are basically holding companies for copyrights on nearly all of the intellectual work of the 20th century, are quickly becoming the most powerful entities on the planet -- more powerful then even national governments, is a sign that the system is not fairly balanced.

  • > This should be completely legal, but $10 says Microsoft would go after it. And that's just dumb

    No, Apple would sue. Microsoft would just change all the formats again.
  • Do you want your company's trade secrets disclosed? Not really. That's why reverse engineering is not a good thing.
    This may be a troll, but I've seen people make the same point seriously... this kind of reasoning really bothers me. Do I want some guy who just got out of prison dating my sister? Hell no. But it shouldn't be illegal. Now go write "trade secrets are not patents" on the blackboard fifty times.
  • The bits that you can read from an FPGA, or EPROM constitute "the code" and as we all know, code is copyrightable whether it be source, object, or machine code.

    If you want to analyze the signals generated by a device in order to build something compatible, or to build a "workalike" that is what "we" at /. consider to be reverse engineering. If you want to copy the internals of a device in order to sell a "clone" that is theft. There has been much discussion in the courts over "clean room" implementations of workalikes, just ask intel and AMD. Their court cases clarified what you can and cannot copy and resell, and what you must build yourself from scratch(without looking inside) long ago.

    if I open up the hood of my car and figure out how it works and build another car, there is no legal recourse against me unless something in there is patented

    This is correct unless something is copyrighted or trademarked. For instance, you can't make a perfect copy of a Cadillac, including the trademarked name and hood ornament and then turn around, call it a Cadillac and sell it as such. Nor can you copy the owner's manual and sell it. It is afterall, a book. OTOH, you can look at a car, see how it rolls, its doors open and so on, then build something with 4 wheels, engine, seats, and so forth and call it a car, and sell them all day long.

    Just as with a CD which contains copyrighted bit patterns that are essential for its proper operation, you can make a personal copy or replica for your own use, so long as that "use" does not include selling or giving the copy to someone else.

    Taking something apart in order to find out how to connect to it is what the /. folks would generally regard as rev-eng. That's not what this article is about.

    Good judgement comes from experience, and experience comes from bad judgement.
  • If the circuit is copyrighted, then duplicating it and using it for your own use is infringement and illegal.

    If the circuit uses patented elements, then using those same elements in your circuit is infringement and illegal.

    If the circuit is only under trade-secret protections.. Well, if your secret ever gets discovered, you can do nothing to prevent widespread disclosure or use of it. (I assume that it isn't being disclosed in violation of a NDA contract.) If I found the secret recipe of coca cola in my cupboard tonight, I can start bottling my own drink. I can't call it coca-cola (trademark infringement), but I can bottle and sell it.

    So, the question is: Is an FPGA circuit copyrighted or a trade secret? IANAL, but I would think that it would be trade secret. The company doesn't disclose the circuit to you, so why shouldn't it be uncopyrighted. If they disclosed it under copyright or patents, then they have a way to prevent you from copying it, or using ideas in it.

    But, for anyone in the industry to think that you can send out millions of copies of a circuit, with no more than trade-secret protections, and think it's illegal for anyone to reverse-engineer and use it, then they're an idiot.

    IMHO, this is just a risk of the business of FPGA circuits. If you make airplanes, expect to be sued by lawyers. If you sell tobacco, expect everyone to hate you. If you think that somkething has just as many rights under trade-secret protections as under copyright or patent protections, you're deluded.

    Copyrights and patents exact a cost for their additional protections: Disclosure of the device or artistic work. You can either accept or reject the deal they offer.

    ... But in this case, it seems as if they (like UCITA/DMCA) wish to use law to rewrite the rules ...
  • Circuitry is the word.

    Fill in cute tag line here...
  • by photozz ( 168291 ) <photozz@g[ ]l.com ['mai' in gap]> on Tuesday October 17, 2000 @10:28AM (#698725) Homepage
    If anyone wants the specifications and RAR files, I have sucessfully reverse engeneered a turkey bagel. I plan to create my own turkey bagels, and market them under a diferent label. Would this be considered fair use? or THEFT! you decide.

  • It doesn't make it any less insulting, and it is insinuating to the target audience that they are somehow entitled to not be the victim of this sort of "theft". He might as well call people who overclock hardware child molestors.
  • The BIOS was copyrighted by IBM. No-one could make a clone without an equivalently functional BIOS, and IBM would have sued anyone who simply copied it. Hence the need to spec the BIOS as a black box, and reimplement it in a clean room.

    Remember, this is DOS 1.0 we're talking about. Unlike a real OS, it does not abstract the hardware. You are right about only having to recreate the interface, but the interface is the hardware.

    --
  • by 2Bits ( 167227 ) on Tuesday October 17, 2000 @10:31AM (#698730)
    It's amazing that reverse-engineering software and hardware is becoming an issue now, and it seems to be controversy, especially when it's related to computer.

    Why don't we see this in IP of other domains? Let's say an economist has come up with a new "innovative" theory, and that theory becomes his IP. Then a junior economist comes out, disect the theory into pieces, run it through scenario simulation, plug in all kinds of data to see how it works, and finally, figures that he changes a few premises in that theory, it would become a better theory.

    Now, is the junior economist going to be sued for reverse-engineering?

    How about those who are studying Sartre's existentialism? I'm sure the copyright on existentialism has not expired yet.

  • You're 100% right on your first point.

    But reverse engineering by "black box" testing has been ruled as legal by the Supreme Court. It is perfectly legal to create a device that will create the same output for the same input. It would however be a copyright infringment to copy the circuit designs or code that goes with the device.

    The mistake is in equating reverse engineering with doing a straight copy of the design.

  • I've worked on projects where we added bogus parts to a board to catch cloners (we bought some obsoleted batch of the bogus parts cheapsomewhere and put them on - and we caught a copier too :-).

    On another project we built such a cheap graphics accelerator we didn't want our competition to realize how easy it was - so we had all the off-the-shelf PALs and SRAMs screen-printed with our own part numbers to hide the design.

    Also back before congress passed the law to make masks copyrightable people would regularly put in design features into chips that were designed to not be easily copied optically - for example a poly that was just a little bit narrow so that it became very unreliable if you cloned the chip without carefully hunting down in the masks and touching it up (that could make a chip work - but not reliably enough to make a sellable product - and could be really hard to find if all you have is masks and no idea of how the die's internals are supposed to work).

  • While this topic is worth discussing, the article isn't as nasty as the story might lead you to believe. It's about industrial espionage; reverse engineering in order to gain access to (legally protected?) trade secrets for commercial purposes. I don't think that falls under fair use.

    This article isn't about industrial espionage. Industrial espionage is where you, for instance, pay someone who works at the company to obtain the internal schematics of a gate array.

    That's completely different from reverse engineering. It's illegal, and immoral. It's what trade secret law is supposed to protect against.

    Reverse engineering is not industrial espionage. It is the legal method of breaking a trade secret. Trade secret law provides zero, nada, absolutely no protection against reverse engineering. Deliberately.

    Fair use is a concept that only applies to copyright, not to trade secrets.

  • by ewhac ( 5844 ) on Tuesday October 17, 2000 @10:46AM (#698738) Homepage Journal

    As for reverse engineering being theft: it is.

    Incorrect. Reverse-engineering is, and always has been, a legitimate form of study and exploration.

    The R&D investment by the high-tech industry is easily dwarfed by that of the automobile industry. Yet the auto industry has little problem with people opening the hoods of their cars and mucking around. Yes, it voids the warranty, but Detroit does not labor under the illusion that such exploration by their customers is "theft".

    You have to consider that the products they ship are intended to be "black boxes" and may contain trade secrets, which are legally protected.

    Trade secrets are a really dubious form of intellectual "property". The onus of proof is on the party claiming trade secret protection. Without going into nauseating details, trade secret protection can vanish once the secret is independently discovered by lawful means. In nearly all cases, reverse-engineering falls within lawful means, especially when taking apart systems available on the open market.

    With reference to "black box" systems, it is especially those systems that need to be taken apart and inspected, or else how will you know they are good products? How will you know, for example, that they aren't selling your privacy down the river (CueCat, anyone?)?

    Do you want your company's trade secrets disclosed? Not really. That's why reverse engineering is not a good thing.

    "Disclosure" is a very different thing from "independent discovery," the latter being what we're talking about here.

    BTW, if your company is relying on secrecy for its market advantage ("security by obscurity") rather than its ability to execute and deliver excellent products, you're ultimately hosed no matter what.

    Schwab

  • A patent affords the ultimate protection, I agree, but how on EARTH can you possibly argue that people don't have the right to make reverse-engineering difficult?

    Nothing stopping them doing that, except that doing so is likely to push up the manufacturing cost of the product. So when someone does produce a competing product they will be better able to undercut the original.
  • Trade secret protection is a gamble. If you manage to keep your invention secret, you can hold onto it indefinitely (as in the case of Coca-Cola), and you win. If your secret slips out or is discovered, you lose.

    It's perfectly possible for someone to work out what is in a soft drink, just as it is possible for someone to work out what is in a CD player.
    The most likely reason why Coka-Cola still sells is brand recognition and marketing, not lack of "clones".
  • He is saying that _a thief_ can use reverse engineering to steal a competitor's design.

    Just about every tool and technique known to man can be used for illegal activities.
  • I've worked on projects where we added bogus parts to a board to catch cloners (we bought some obsoleted batch of the bogus parts cheapsomewhere and put them on - and we caught a copier too :-).

    There is a distinction between a reverse engineer, who'd actually understand what was going on and remove any bogus junk and a "cloner" who dosn't have much of a clue how it's ment to work.
  • We have to work out out te ratio (turkey to earnings)

  • Which law applies to an FPGA design? Copyright law, is it an artistic work? Or is it an invention? (Patent law)

    If it is an artistic work, then copyright would automatically apply.. But I could create a similar device and be free&clear.

    If it is an invention, then they can either patent it or not. If it is unpatented, then I can use it IN ANY WAY as soon as I determine how it works. Their only protections are trade-secret protections. (Obfuscation)

    It's strange to me that ANYTHING one does that someone else doesn't like is being called theft. Everything from an open DVD player, to MP3's, to Napster, to CueCat, to RIAA.

    It's beginning to piss me off.

    Scott

    (FYI: Fair use rights apply to anything, individual or corporate.. A newspaper has the right to excerpt another publication for discussion or debate.)
  • "Quite frankly is someone can reverse engineer it, odds are it was so damn obvious, it didn't deserve protection in the first place."

    I think 'reverse-engineering' in the sense of this article relates to copying and distributing technology in its exact form.

    Take a look at DVD players for example (There are many examples though). DVD players are non-programmable devices. They serve no purpose to the consumer other than to take a dvd and throw it straight to a television unencrypted.

    When people go to purchase a DVD player, the only thing they really want is something thats affordable and good quality, and lasts for a long time.

    Well, if i was Fishbulb Heavy Industries in Sako Japan, and US patent and copyright law didn't quite hold up where I'm living, I could very easily take a nice, popular DVD player and pull it apart.

    Inside, I would find a slew of resistors. I could decide there value with a $5.00 ohm meter if they weren't labelled. In fact I could decipher and note the value of all components within the player instantaniously using a multi-meter or just my eyes.

    When it comes down to the encryption itself - well that's a hard deal to decipher. Sure its been done and suppressed ... [2600.com] but say I don't want to bother looking it up; all I do is take the Programmable Chips (PGA, FPGA, CPLD) and copy them exactly to my own $1.00 chips. In the end, I remove all components and copy the circuit board.

    There ya go, I now have a cheap fabricating operation to start-up which will yield millions of dollars; because I sell my DVD players for $50 less, and had to invest 0 dollars in R&D.

    This entire scenario applies to graphics cards, sound cards, 3Com hardware, Cisco hardware... it applies to everything. It's only reverse engineering because copying the chips requires pulling them open.

    to recap: "If figuring out how something works is a crime, then curosity should be outlawed." - I agree 100%, and I even agree that bad technology shouldn't generate money, it should be open-source. If however, I designed some awesome new doohickey, as i'm sure to do in the future, I don't want it to be stolen by some know-nothing capitalist and sold as "as good as the competition only cheaper".

    Curiosity and Cash don't often hold the same moral arguments.

  • Map makers use a similar tactic to prevent copying. They add nonexistant towns, roads, etc. to their maps. If someone else's map shows up with one of these fake features it's off to court they go.

    Steve M

  • As for reverse engineering being theft: it is. You have to consider that the products they ship are intended to be "black boxes" and may contain trade secrets, which are legally protected. Do you want your company's trade secrets disclosed? Not really. That's why reverse engineering is not a good thing.

    Clean room reverse engineering is not theft. If you can duplicate the function of a black box without knowing how it works, then you haven't stolen any trade secrets.

    Clean-room reverse engineering must continue to be legally protected. The whole idea behind the clean-room process is that you have one group analyze the original, to create a specification which describes what it does, without describing how it works.

    This specification is then given to a second team, which has no knowledge about the design of the orignal, and is therefore clean. The second team then designs their device to meet these specs --thereby duplicating the function of the original without stealing any trade secrets.

    This is the process which led to the first PC clone. You're not suggesting that Compaq or Phoenix stole IBM's trade secrets...are you?
  • by Anonymous Coward
    As for reverse engineering being theft: it is. You have to consider that the products they ship are intended to be "black boxes" and may contain trade secrets, which are legally protected. Do you want your company's trade secrets disclosed? Not really.
    There are lots of things that I don't want to happen. That doesn't make them theft.

    Also, wrt trade secrets: keep in mind the reason patents are protected and trade secrets are not. Trade secrets do not benefit society the way that patents do, and thus society provides no incentive for their creation. Reverse engineering is an important mechanism in encouraging people to patent -- and thus disclose to society, and offer (eventually) to the public domain -- their inventions. If reverse-engineering becomes theft, essentially society is granting monopoly rights but getting nothing in return. This is a bad deal, one that society should not put up with.

    Bottom line: if you don't want your discovery copied, patent it. Otherwise, it's still free for the taking, as it should be. Monopoly over your invention is a trade with society, for your putting that invention in the public domain. It's not a right -- you don't get it for nothing.

  • Consideration of profit is only one of the factors laid out in 17 USC 107 [cornell.edu], the fair use clause of copyright law. Another one is "the amount and substantiality of the portion used in relation to the copyrighted work as a whole". In other words, if nothing is copied exactly, then it could be a possible fair use.

    Anyway, it's a judge's responsibility to eventually decide if the factors of fair use, taken as a whole, allow the alleged infringement to be considered a fair use. In Sega v. Accolade, (notice that the defendant is Accolade, which is a company, not an individual) the judge decided that reverse engineering can be a fair use.
    --

  • Sure you can protect your investment by using technological means to protect your trade secrets, which is what these are, but it is not theft to discover trade secrets by reverse engineering.

    On the contrary, trade secrets deliberately lack legal protection against reverse engineering. If you want such legal protection, you must seek a patent, and disclose your work. That's a big part of the incentive to go through the trouble of obtaining a patent.

    Why would people disclose their ideas by filing for a patent if they could have the same legal protection by keeping their ideas and implementations secret?

  • Actually, reverse engineering is legal in the sense of stepping through instructions and watching everything or even decompiling (eg. the first step of clean room reverse engineering that took place in the IBM v. Compaq case). So even though this definition is more than curiousity or obviousness, it's allowed.

    Otherwise, yes, interoperability is one of the main (only?) reasons that reverse engineering is considered a fair use.
    --

  • The opportunity to slashdot a phone number!

    I just tried it, its busy. Easy way to avoid a slashdotted number is to take the phone off the hook. And the author can only take one call at a time, as opposed to thousands of simultaneous connections against a website.

    I'm not sure why xtermz thinks this is a one sided article. I've read it, and it seems to be prety even-handed. There is a problem in the ASIC/FPGA world, with well funded criminals quickly reverse engineering electronic items, and then flooding the market with cheap copies. It hurts the company that spend a lot of R&D money to be ripped off easily, so a number of ASIC and controller manufacuturers are adding clever circuitry to prevent easy hardware copying.

    Hardware reverse engineering was getting easier and easier over the last few decades. Its about time it got interesting (in a difficult crossword puzzle kind of way) again.

    the AC
  • Sorry, no. General Motors has a whole building in Warren, Michigan devoted to taking apart cars from other companies. They look at methods used, quality of construction, and new ways of thinking about car design. Even though they can't copy patented mechanisms, they learn a whole lot about how they can make their product better.
  • by Samrobb ( 12731 ) on Tuesday October 17, 2000 @10:34AM (#698767) Journal

    OK... here's an odd question that popped into my head:

    The DMCA explicitly allows for reverse engineering for compatability purposes. What if I am interested in reverse engineering a circuit design, piece of code, etc. not for compatibility purposes, but in order to determine if they designer/implementor is infringing on a patent that I or my company holds?

    Now, according to the DMCA, I'm a criminal - I've engaged in reverse engineering for other purposes than compatibility. No matter that I may have proof, via the reverse engineering, that someone was infriging on a patent; according the the DMCA, I committed a crime in order to obtain that information.

    Am I missing something here? Or does the DMCA - which it's advocates touted as being essential to protecting intellectual property in today's digital world - allow someone to essentially ignore patents under the right circumstances?

  • This is totally different from simply stealing a design. This second type of reverse engineering is obviously what the article is about.

    Duplicating an unpatented design is not theft.

    That's the whole point of a patent -- in exchange for disclosing your design, you gain government protection. Without a patent, you have no legal protection for your design, and your design enters the public domain the instant someone examines it and realizes how it works.

    Just because the author wants reverse engineering to == theft doesn't make it so.
  • How do you think Polaroid found out that Kodak had ripped off thier patents on instant cameras more than a decade ago. Thier engineers bought one and cracked it open. Polaroid sued and the judge ordered Kodak to pay restitution and try to recall EVERY Kodak instant camera sold. They are now pretty rare collectables.
  • by mpe ( 36238 )
    For example look for small alleys in city maps that don't really exist - there's a technical term for these that I forget ....

    What happens when people use these as addresses to poision junk mail databases :)
  • Whoa! You have fair use rights as an individual, not as a company. Fair use does not extend to making money off of somebody else's copyrighted work. That is legally defined as theft.
  • Sorry, but there are no magical "IP" laws that protect your revenue stream unless you have
    • A patent
    • A copyright
    • A trademark
    That's it. IANAL, but I believe there are some provisions against stealing intellectual property, where "stealing" means breaking into an office and physically taking/copying trade secret material. That is a crime because the "trade secret" was obtained through a criminal act.

    However, in this country, there is no such law outlawing reverse engineering, not even the DMCA. The DMCA forbids the circumvention of copyright protection other than for interoperability, so whether that circumvention was obtained through reverse engineering or not is irrelevant (which makes me wonder if I could publish my weak protection scheme and still claim that the DMCA applies, but that's another story...).

    In fact, if it were legal to reverse engineer, every single "invention" would be illegal. Let's see... birds can fly... I want to build a flying machine... ILLEGAL. Fire good, fire warm, me want fire, me bang rocks... ILLEGAL. I want to cure a disease... unfortunately I cannot analyze the disease because that would be... ILLEGAL.

    So, unless you have it patented, consider it public domain once you release a product. Horrors, you may actually have to compete in a free market! Oh dear God, no!

    In the perfect world, vague overgeneralized IP laws would apply to everyone except me, and then I would be your god.

  • As for reverse engineering being theft: it is. You have to consider that the products they ship are intended to be "black boxes" and may contain trade secrets, which are legally protected.

    The only legal protection of trade secrets is protection against their being revealed by "insiders." Trade secrets may be legitimately revealed by reverse engineering, and then they cease to be trade secrets -- they are in the public domain, with no protection.

    This is good.

    Do you want your company's trade secrets disclosed?

    If you want the government to provide you with a monopoly on your invention, you need to file for a patent, and completely disclose your invention. It's your choice. Choosing the trade secret route carries benefits and drawbacks. The benefit is that you don't have to disclose. The drawback is that you are subject to reverse engineering.

  • Reverse engineering can be defined on so many levels it isn't right to just broadly categorize it as theft!

    When we figure out how quantum mechanics work, we are essentially reverse engineering it (from God, the universe, whatever).

    There is no judgement on that practice, only on the applications derived from the knowledge gained!

    In a similar way, reverse engineering a product can be said to be similar. Intel produces a high commodity, high volume, very popular part.

    Is it fair for AMD to produce a plug in replacement part to try to make a profit?

    Yes. There's nothing illegal about that, it's just commercialism/capitalism.

    Now, as for the gritty details of reverse engineering... As long as you don't take the work that someone else has done, there's not way to qualify that as theft. You haven't taken their research, you haven't taken their documents, you haven't taken their personal. All you have done is taken their product, which you own if you purchase it, and analyzed it, which is fair use if anything is, and watched it work, which is no more or less wrong than trying to find another particle in the quantum menagerie.

    Trade secrets are not legally protected. Patents are. Do we want company trade secrets disclosed? Of course not! But they are only trade secrets while they are unknown, and the minute they are known, they are not trade secrets.

    Reverse engineering has given us the PC! It has given us PSX emulators, Gameboy emulators, Linux SAMBA(I think), DeCSS, and loads of other things. In a competitive landscape, reverse engineering seems downright commendable!

    The nick is a joke! Really!
  • by marcus ( 1916 ) on Tuesday October 17, 2000 @10:54AM (#698808) Journal
    This whole story should be modded down as "Troll". Quit stirring up trouble with inflamatory headlines and out of context quotes. Hemos, you and several other /. "editors" need to go and read the Linux-PR HOWTO again. Behave yourselves as decent and responsible members of the community or you find yourselves with the level of community respect that currently reserved for your very own /. trolls.

    What this guy is talking about, translated to /. speak, is copyright violation, and that is theft. It is not what we call reverse-engineering.

    Good judgement comes from experience, and experience comes from bad judgement.
  • by ichthus ( 72442 ) on Tuesday October 17, 2000 @10:08AM (#698813) Homepage
    Now, the act of studying things to find out how they work (reverse engineering) is redefined as "theft".

    No. Finding out how things work is not theft. Taking the work that someone else has done (like the code that used to go into building an ASIC, but is more and more being used to program FGPAs) and using it in your own product without even knowing how it works -- that's theft. This happens, and it's a legitimate concern to protect the intellectual property that goes into building a circuit.
  • Neither do I. If you are copying patented technology or duplicating something that qualifies for copyright protection, then you would be committing infringement, but certainly not theft.

  • From Justice Reinhardt's decision on Sega v. Accolade:
    • Accolade used a two- step process to render its video games compatible with the Genesis console. First, it "reverse engineered" Sega's video game programs in order to discover the requirements for compatibility with the Genesis console. As part of the reverse engineering process, Accolade transformed the machine- readable object code contained in commercially available copies of Sega's game cartridges into human- readable source code using a process called "disassembly" or "decompilation".[1] Accolade purchased a Genesis console and three Sega game cartridges, wired a decompiler into the console circuitry, and generated printouts of the resulting source code. Accolade engineers studied and annotated the printouts in order to identify areas of commonality among the three gameprograms. They then loaded the disassembled code back into a computer, and experimented to discover the interface specifications for the Genesis console by modifying the programs and studying the results. At the end of the reverse engineering process, Accolade created a development manual that incorporated the information it had discovered about the requirements for a Genesis- compatible game. According to the Accolade employees who created the manual, the manual contained only functional descriptions of the interface requirements and did not include any of Sega's code.
    This was eventually found to be legal.

    I believe one of the reasons for clean room reverse engineering is stated in the last line there, to make sure none of Sega's IP (their copyrighted code) gets copied into the new code. Copyright only covers implementation, so clean room reverse engineering translates Sega's implentation into conceptual stuff that copyright can't cover and then into Accolade's implentation, without skipping the concept part.
    --

  • That's very insightful, thanks for this information. I must say that I tend to agree with the neo-Lockean property view in general. It certainly prevents outright illicit duplication, which is very applicable in the case of books, songs, movies, etc etc. Derivative works would only be "theft" in part, and really this is the major gist of our current Fair Use rules. However, our current US law and societal norms seem to fall under the idea that property is objective, in terms of occupying space moreso than time-- although this is changing (witness DMCA). Sadly, we seem to be inheriting only the intellectual property aspects of the neo-Lockean view (as you describe it). There is still no widespread acceptance of the idea that involuntary taxes, conscription, or exploitation of labor (whether through slavery or less obvious means) is theft in any real way.
  • by Auckerman ( 223266 ) on Tuesday October 17, 2000 @10:11AM (#698822)
    Some time ago, there was a really big powerful computer company that decided to make Personal Computers and licensed a clone of CP/M from a small company that was owned by the son of a personal friend of the CEO of the larger company. This Personal Computer (PC) had an "protection mechanism" called a BIOS that was designed to stop other companys from making a PC that did the same exact thing as this larger company. Then a smaller company came along and "reverse-engineered" this BIOS, licensed the CLONE of CP/M that the larger company was using and began selling CLONES of the larger companies computers.

    They were sued. They won. The WinTel PC industry was born. This doesn't even take into account the amount of software "look and feel" cloning that took place some 8-9 years later.

    If figuring out how something works is a crime, then curosity should be outlawed. Quite frankly is someone can reverse engineer it, odds are it was so damn obvious, it didn't deserve protection in the first place.

  • Yes.

    At first I thought they were just errors. But then I learned that these 'mistakes' were intentional. I don't recall if I read about it or saw it on TV, but someone from a map publisher was interviewed about and confirmed the practise.

    As for the examples, here are a couple I think are instances of this, but they could be errors.

    I've seen maps of NJ that show a town called "Hiltons" between Atlantic Highlands and Highlands. I grew up in Atlantic Highlands. There is no such town.

    When I first moved to Burlington county NJ I picked up some maps so that I could find my way around. Twice I got messed up because short (>= 1/2 mile) roads marked on the map didn't exist.

    Finally, a map I own (I live in NJ but I'm in CA on business now or I'd dig out the map and give an exact reference) the condo complex I live in is not shown and a road that does not exist is shown instead.

    Steve M

  • I remember such an article. Perhaps the ever resourceful Markus Kahn [cam.ac.uk] can be of service.

    http://www.cl.cam.ac.uk/Resear ch/ Security/tamper/ [cam.ac.uk]
  • You describe one method of reverse engineering, but not the only method.

    Reverse engineering can also involve dumping out the program, disassembling and commenting the code.

    That would be the first step of a "clean-room" project. The result of the first step would be a copy of the original program, which, as you correctly pointed out, you can't use, because of copyrights on the code. You can't stop there.

    The second step of the clean-room process is for the person who now understands the program to write a complete description of what the program does. Copyright only protects implementations of ideas, not the ideas themselves, so you describe the ideas of the program without revealing the details of the implementation.

    The third step of the clean-room process is to hand the complete description of what the program does to a second party who has never been "contaminated" by examining the original implementation. The second party is then free to write a new implementation, based on the description.

    This is how the first PC clone BIOS was developed.

    The first step in this completely legal, commonly used process is to copy the actual program. It is not theft.

    What the article is describing is not just how to prevent someone from copying the data, it is describing how to prevent someone from reading the data; in order to prevent legitimate reverse engineering and legal clean-room re-implementations.

    The author is describing how to obtain protections over and above what the law provides, not how to obtain legal protection. Legal protection comes from patents and copyrights. Trade-secret protection comes from obscurity and obscurity alone, not from the government.
  • by istartedi ( 132515 ) on Tuesday October 17, 2000 @11:08AM (#698835) Journal

    1. Reverse engineering absolutely never occurs aka "Perfectly Secret Engineering". Even when a design feature is obvious (such as a winglet on a plane) other companies cannot copy it. They must arrive at the same conclusions as the first company through trial and error. Knowledge never passes into the public domain unless someone explicitly places is there.

    Outcome: Technology stagnates due to duplication of effort. There is a lack of incentive to innovate because once a product is sufficiently complex as to be difficult to duplicate, the company that originated the idea will have a long time before anybody can duplicate it. Companies will drown in a sea of paperwork required to prove that they arrived at the same design independantly.

    2. Unlimited reverse engineering aka "Perfect Reverse Engineering". All products may be disassembled and duplicated without hinderence of patent, trade secrecy, or any other form of intellectual property. Knowledge flow is instantaneous from creator to user.

    Outcome: The tragedy of the commons. Companies will play "wait-n-see" to see who comes up with difficult to engineer solutions to problems. If they are making a profit, they will not bother to spend money on R&D. The outlay can't be justified for the low expected return. Companies will only innovate when the entire business segment is threatened. Because all companies share IP in this scenario, the entire sector would have to be threated before it would decide to innovate. If even one company were making a profit, then the failing companies would blame their marketing or management departments. Actually, marketing and management techniques are also IP, and would be shared too. Effectively, such a situation would be akin to a monopoly, since all companies would have the same IP, and would be different companies in name only.

    It shouldn't be a surprise that both of these scenarios suck. An equillibrium is required. Politics is the art of compromise. Geeks need to recognize that compromise is a necessary part of the equation. That means Free Software people tolerating some patents, trademarks, and copyrights. That means businesses tolerating some hacking, reverse engineering, and parodies.

    Does this provide an easy answer to the questions? Of course not. There is no easy answer. The opposing parties and the mediator(s) are all part of a complex solution. Here's hoping that we can remain civil, and arrive at solutions that provide a fair balance for each individual case.

  • ...but had the company that created the ASIC/FPGA/"other 4-letter acronym device" encrypted the configuration bit stream (which is decrypted on the ASIC) - even if it was simple ROT-13 - you would be in violation of the DMCA provisions regarding encrypted streams, etc...

    This world is rapidly becoming a fucked place, and I fear a revolution is brewing...

    I support the EFF [eff.org] - do you?
  • by Speare ( 84249 ) on Tuesday October 17, 2000 @11:09AM (#698838) Homepage Journal

    The story is right, but you have the wrong computer.

    Apple's ROMs had entrypoints that were all over the ROMs' address range, because they didn't want to dedicate any area as a jump table. Franklin copied the ROM verbatim, as rewriting it would screw up the entrypoints. Apple sued Franklin, and WON.

    IBM made the BIOS (with function numbers instead of haphazard entry vectors) specifically so that it could be re-written, extended, improved over time. They PUBLISHED the source code to the whole BIOS, and knew that this put them in the risk of being cloned. COMPAQ rewrote the BIOS, function by function, complying with the data interfaces only. IBM sued COMPAQ, and LOST.

  • You mentioned the ability to reverse engineer a product of a manufacturer who spent millions of dollars to develop their product. The only problem is that most of these devices in the consumer world can easily be developed by any engineering student for a senior project. The integrated circuits, the pre-built pick up modules for players, the movie playing software, etc, --all has been written by those who have done it as a hobby and have made it available for free.

    It appears to me the so called millions of dollars of development manufacturers claim for their product, was to design it in such a way to promote vendor lock in and maximum marketability with their partners. This is good business sense, but is it fair to deny consumers the ability to hack the product they purchased to rebuild or redesign it in such a way to be compatible with other household products? I see the patent system and so called "license agreements" attempting to convince us we do not have certain rights as curious humans who want our tools to adapt to our own needs. What we have is corporate dictatorship. They will order us what we can or can't do if we purchase their product. Is this fair? I think its patently absurd to support their notions.
  • by Joffrey ( 242525 ) on Tuesday October 17, 2000 @11:10AM (#698840)
    As an intellectual property attorney, I am appalled by the stance taken by the author of that article. Below please find the letter I just e-mailed him to briefly correct his misperceptions:

    In reference to your article, "Cunning Circuits Confound Crooks," found at: http://www.ednmag.com/ednmag/reg/2000/10122000/21d f2.htm , I find it particularly disturbing that you refer to reverse engineering as "theft." In particular, the following text gives me tremendous pause:

    "The other harder but possibly even more damaging form of theft is "reverse-engineering." In that scenario, someone uses the information stored in the programmable-logic device to reconstruct the original circuit details and then alters and incorporates those details in part or whole into other designs." Your analysis is woefully misguided.

    Intellectual property protections in the United States exist for copyright, trademark, patent and trade secret information, and each of these areas includes its own particular set of limitations. These limitations are present for very good reasons, ranging from free speech to the encouragement of innovation. For any truly new, useful and unobvious circuit, patent protection can be obtained -- protection that gives the inventor the exclusive right to manufacture, use and sell the patented invention for a limited time. However, that protection comes at a price: the inventor must disclose to the world precisely how to make and use the invention, so that others may build upon it and so that further innovation may be encouraged.

    Similarly, trade secret protection also has limitations. Trade secrets are protected only while they are precisely that: secret. Since trade secret protection (a) gives unlimited time-duration protection, and (b) fails to educate the rest of the world and thereby foster further innovation, it is extremely limited. Once a given technology is no longer secret, it may be used by anyone freely.

    If a circuit designer decides to forego the greater protections afforded by patent, he or she cannot complain about reverse engineering under the law. So long as someone is not directly infringing a copyright (or mask work) by literally copying a chip design, they are free to use the underlying ideas to improve their own devices.

    Reverse engineering is not theft, either legally or ethically, and I suggest that you consider my comments in your journalistic pursuits.

    Joffrey X. XXXXXXXX
    xxxxx & xxxxx, LLP
  • Actually they used a clean room implementation, lookin at the bios as a black box and reproducing its functions. This could be reverse engineering, but they never looked into the bios to see the code.

    The people doing the coding had to start with little to now prior knowledge of the existing BIOS.

  • It depends on what the ulterior motive is. The issue is if you are studying things to find out how they work with the intention to create a compatible item to undersell your competitor. Now, obviously, I don't think this is wrong because Competition Is Good (tm). Again, we go back to the reverse engineering of the IBM PC BIOS. There was no harm there. It's capitalism at its best.

    Maybe it sucks for the company that created the idea/product because they now don't have a monopoly (which, the last time I checked, was a good thing), but it sure as hell isn't theft. Any claims like that are ridiculous.

    Mike

    "I would kill everyone in this room for a drop of sweet beer."
  • Well, ideas have been patented in the mechanical industry before (tounge in cheek: that's why they were originated!) but as far as I can tell, there's never been a successful suit about a clean-room implementation. Even Microsoft just gave up trying to force a "clean room" implementation of NTFS for Linux. (The company participating also licenced the NTFS source from MS.)

    Once the patent runs out, go ahead and clean-room all you like.

"Pok pok pok, P'kok!" -- Superchicken

Working...