Legal Reverse engineering of software

[CRoberson]

Many are using the term RE (reverse engineering) improperly, thus confusing the issues. Legal RE is a process not a task. If you cut the process short and stop with the task, it is illegal.

Legal Process of RE:
1) Hire a software engineer to disassemble and decompile a binary executable.
2) The same engineer learns from this decompiled code.
3) The same engineer writes a paper/book in a human spoken language (such as English, French, Dutch, German ...) on what is in the program and how it works without including any code at all.
4) The same engineer is now removed from the project completely.
5) The paper/book is now given to another engineer or team of engineers that do not have any access to the first engineer and they don't have any access to the decompiled/disassembled code.
6) The engineer/team reads and learns from the paper/book description of how the original program works to get an understanding of how it works.
7) The new engineer/team creates a completely new program based on that understanding of how the old program works without ever seeing any of the decompiled or disassembled code.

That is it in a nutshell.

With Robbo/Ippo, those that reuse the decompiled source code are doing something illegal - here I mean grab Robbo/Ippo and use it as the starting point for your program and tweak it. If your RE process is tasks 1 and 2 skipping the rest, then it is illegal.

Given that nodoby has written a report on its inner workings, the rest can only read it for abstract ideas. Then they can come up with their own coding of those abstract ideas in their own programs which they started from scratch.

[zullil]

Many are using the term RE (reverse engineering) improperly, thus confusing the issues. Legal RE is a process not a task. If you cut the process short and stop with the task, it is illegal.

Legal Process of RE:
1) Hire a software engineer to disassemble and decompile a binary executable.
2) The same engineer learns from this decompiled code.
3) The same engineer writes a paper/book in a human spoken language (such as English, French, Dutch, German ...) on what is in the program and how it works without including any code at all.
4) The same engineer is now removed from the project completely.
5) The paper/book is now given to another engineer or team of engineers that do not have any access to the first engineer and they don't have any access to the decompiled/disassembled code.
6) The engineer/team reads and learns from the paper/book description of how the original program works to get an understanding of how it works.
7) The new engineer/team creates a completely new program based on that understanding of how the old program works without ever seeing any of the decompiled or disassembled code.

That is it in a nutshell.

With Robbo/Ippo, those that reuse the decompiled source code are doing something illegal - here I mean grab Robbo/Ippo and use it as the starting point for your program and tweak it. If your RE process is tasks 1 and 2 skipping the rest, then it is illegal.

Given that nodoby has written a report on its inner workings, the rest can only read it for abstract ideas. Then they can come up with their own coding of those abstract ideas in their own programs which they started from scratch.

So basically you're saying it's legal to use a disassembler to steal someone's idea and use it as long as it's done in this rather inefficient manner. Great.

[JuLieN]

Many are using the term RE (reverse engineering) improperly, thus confusing the issues. Legal RE is a process not a task. If you cut the process short and stop with the task, it is illegal.

Legal Process of RE:
1) Hire a software engineer to disassemble and decompile a binary executable.
2) The same engineer learns from this decompiled code.
3) The same engineer writes a paper/book in a human spoken language (such as English, French, Dutch, German ...) on what is in the program and how it works without including any code at all.
4) The same engineer is now removed from the project completely.
5) The paper/book is now given to another engineer or team of engineers that do not have any access to the first engineer and they don't have any access to the decompiled/disassembled code.
6) The engineer/team reads and learns from the paper/book description of how the original program works to get an understanding of how it works.
7) The new engineer/team creates a completely new program based on that understanding of how the old program works without ever seeing any of the decompiled or disassembled code.

That is it in a nutshell.

With Robbo/Ippo, those that reuse the decompiled source code are doing something illegal - here I mean grab Robbo/Ippo and use it as the starting point for your program and tweak it. If your RE process is tasks 1 and 2 skipping the rest, then it is illegal.

Given that nodoby has written a report on its inner workings, the rest can only read it for abstract ideas. Then they can come up with their own coding of those abstract ideas in their own programs which they started from scratch.

Sorry, but it is totally false (at least in EU). The RE of a software is only allowed in two, limited, cases:

1- if you are a customer (not a competitor), with a valid license of the program. Then you are allowed to decompile it in order to understand it and satisfy your curiosity. You are totally forbidden to disclose your findings. (So your 3rd, 5th, 6th and 7th point are totally illegal).
2- for interoperability: if you are a competitor and need to interface your own program with the other program (and this is only allowed IF this other program is not documented enough).

The poor engineer you hired would be in jail very fast. And you too. Just like you can't hire a hit-man. Or more exactly you can, but this is illegal.

[ZirconiumX]

Many are using the term RE (reverse engineering) improperly, thus confusing the issues. Legal RE is a process not a task. If you cut the process short and stop with the task, it is illegal.

Legal Process of RE:
1) Hire a software engineer to disassemble and decompile a binary executable.
2) The same engineer learns from this decompiled code.
3) The same engineer writes a paper/book in a human spoken language (such as English, French, Dutch, German ...) on what is in the program and how it works without including any code at all.
4) The same engineer is now removed from the project completely.
5) The paper/book is now given to another engineer or team of engineers that do not have any access to the first engineer and they don't have any access to the decompiled/disassembled code.
6) The engineer/team reads and learns from the paper/book description of how the original program works to get an understanding of how it works.
7) The new engineer/team creates a completely new program based on that understanding of how the old program works without ever seeing any of the decompiled or disassembled code.

That is it in a nutshell.

With Robbo/Ippo, those that reuse the decompiled source code are doing something illegal - here I mean grab Robbo/Ippo and use it as the starting point for your program and tweak it. If your RE process is tasks 1 and 2 skipping the rest, then it is illegal.

Given that nodoby has written a report on its inner workings, the rest can only read it for abstract ideas. Then they can come up with their own coding of those abstract ideas in their own programs which they started from scratch.

So basically you're saying it's legal to use a disassembler to steal someone's idea and use it as long as it's done in this rather inefficient manner. Great.

Pretty much - it's how Phoenix got a BIOS - by disassembling the IBM BIOS.

http://digital-law-online.info/lpdi1.0/treatise27.html

Matthew:out

[Uri Blass]

Many are using the term RE (reverse engineering) improperly, thus confusing the issues. Legal RE is a process not a task. If you cut the process short and stop with the task, it is illegal.

Legal Process of RE:
1) Hire a software engineer to disassemble and decompile a binary executable.
2) The same engineer learns from this decompiled code.
3) The same engineer writes a paper/book in a human spoken language (such as English, French, Dutch, German ...) on what is in the program and how it works without including any code at all.
4) The same engineer is now removed from the project completely.
5) The paper/book is now given to another engineer or team of engineers that do not have any access to the first engineer and they don't have any access to the decompiled/disassembled code.
6) The engineer/team reads and learns from the paper/book description of how the original program works to get an understanding of how it works.
7) The new engineer/team creates a completely new program based on that understanding of how the old program works without ever seeing any of the decompiled or disassembled code.

That is it in a nutshell.

With Robbo/Ippo, those that reuse the decompiled source code are doing something illegal - here I mean grab Robbo/Ippo and use it as the starting point for your program and tweak it. If your RE process is tasks 1 and 2 skipping the rest, then it is illegal.

Given that nodoby has written a report on its inner workings, the rest can only read it for abstract ideas. Then they can come up with their own coding of those abstract ideas in their own programs which they started from scratch.

Sorry, but it is totally false (at least in EU). The RE of a software is only allowed in two, limited, cases:

1- if you are a customer (not a competitor), with a valid license of the program. Then you are allowed to decompile it in order to understand it and satisfy your curiosity. You are totally forbidden to disclose your findings. (So your 3rd, 5th, 6th and 7th point are totally illegal).
2- for interoperability: if you are a competitor and need to interface your own program with the other program (and this is only allowed IF this other program is not documented enough).

The poor engineer you hired would be in jail very fast. And you too. Just like you can't hire a hit-man. Or more exactly you can, but this is illegal.

"The poor engineer you hired would be in jail very fast"

Can you give examples when it happened?

Uri

[ZirconiumX]

Many are using the term RE (reverse engineering) improperly, thus confusing the issues. Legal RE is a process not a task. If you cut the process short and stop with the task, it is illegal.

Legal Process of RE:
1) Hire a software engineer to disassemble and decompile a binary executable.
2) The same engineer learns from this decompiled code.
3) The same engineer writes a paper/book in a human spoken language (such as English, French, Dutch, German ...) on what is in the program and how it works without including any code at all.
4) The same engineer is now removed from the project completely.
5) The paper/book is now given to another engineer or team of engineers that do not have any access to the first engineer and they don't have any access to the decompiled/disassembled code.
6) The engineer/team reads and learns from the paper/book description of how the original program works to get an understanding of how it works.
7) The new engineer/team creates a completely new program based on that understanding of how the old program works without ever seeing any of the decompiled or disassembled code.

That is it in a nutshell.

With Robbo/Ippo, those that reuse the decompiled source code are doing something illegal - here I mean grab Robbo/Ippo and use it as the starting point for your program and tweak it. If your RE process is tasks 1 and 2 skipping the rest, then it is illegal.

Given that nodoby has written a report on its inner workings, the rest can only read it for abstract ideas. Then they can come up with their own coding of those abstract ideas in their own programs which they started from scratch.

Sorry, but it is totally false (at least in EU). The RE of a software is only allowed in two, limited, cases:

1- if you are a customer (not a competitor), with a valid license of the program. Then you are allowed to decompile it in order to understand it and satisfy your curiosity. You are totally forbidden to disclose your findings. (So your 3rd, 5th, 6th and 7th point are totally illegal).
2- for interoperability: if you are a competitor and need to interface your own program with the other program (and this is only allowed IF this other program is not documented enough).

The poor engineer you hired would be in jail very fast. And you too. Just like you can't hire a hit-man. Or more exactly you can, but this is illegal.

"The poor engineer you hired would be in jail very fast"

Can you give examples when it happened?

Uri

I can give examples of where it didn't happen:

Phoenix BIOS (clone of IBM BIOS)
Samba (cloned Microsoft Windows's file sharing API)
OpenOffice.org (cloned Microsoft Office)
Wine (cloned Windows APIs)
ReactOS (cloned Windows - all of it)

Matthew:out

[BubbaTough]

The poor engineer you hired would be in jail very fast. And you too. Just like you can't hire a hit-man. Or more exactly you can, but this is illegal.

My understanding is exactly like Charles. I think its called Clean Room Design, and its how Compaq copied IBM's BIOS.

-Sam

[JuLieN]

I have been a bit fast when translating Charle's "reverse engineering" into "decompilation" (or disassembly), which are two different notions (although Charles' post focus on disassembly). Reverse engineering is not illegal. But De-compilation/Disassembly can be (and always is, in Europe, if you are a competitor).

I heard of this clean-room design. This is also called "Chinese wall". But Charles' example wouldn't work in Europe, because you can only disassemble a program for your personal curiosity (or for interoperability) and are forbidden to communicate your findings.

So there seem to be some differences between the EU and the USA. In EU the law is very clear (quoting Wikipedia):

European Union
Article 6 of the 1991 EU Computer Programs Directive allows reverse engineering for the purposes of interoperability, but prohibits it for the purposes of creating a competing product, and also prohibits the public release of information obtained through reverse engineering of software.

When compared with the situation in the US:

United States
In the United States even if an artifact or process is protected by trade secrets, reverse-engineering the artifact or process is often lawful as long as it is obtained legitimately. (...)
The reverse engineering of software in the US is generally a breach of contract as most EULAs specifically prohibit it, and courts have found such contractual prohibitions to override the copyright law which expressly permits it; see Bowers v. Baystate Technologies.

Apparently, software companies in the US protect themselves against this by the mean of the EULA. And ironically, in the EU, you can't contractually deprive a customer from his legal right to decompile the program he acquired legally.

[hgm]

Phoenix BIOS (clone of IBM BIOS)
Samba (cloned Microsoft Windows's file sharing API)
OpenOffice.org (cloned Microsoft Office)
Wine (cloned Windows APIs)
ReactOS (cloned Windows - all of it)

That is all "inter-operability", right?

[kinderchocolate]

I have been a bit fast when translating Charle's "reverse engineering" into "decompilation" (or disassembly), which are two different notions (although Charles' post focus on disassembly). Reverse engineering is not illegal. But De-compilation/Disassembly can be (and always is, in Europe, if you are a competitor).

I heard of this clean-room design. This is also called "Chinese wall". But Charles' example wouldn't work in Europe, because you can only disassemble a program for your personal curiosity (or for interoperability) and are forbidden to communicate your findings.

So there seem to be some differences between the EU and the USA. In EU the law is very clear (quoting Wikipedia):

European Union
Article 6 of the 1991 EU Computer Programs Directive allows reverse engineering for the purposes of interoperability, but prohibits it for the purposes of creating a competing product, and also prohibits the public release of information obtained through reverse engineering of software.

When compared with the situation in the US:

United States
In the United States even if an artifact or process is protected by trade secrets, reverse-engineering the artifact or process is often lawful as long as it is obtained legitimately. (...)
The reverse engineering of software in the US is generally a breach of contract as most EULAs specifically prohibit it, and courts have found such contractual prohibitions to override the copyright law which expressly permits it; see Bowers v. Baystate Technologies.

Apparently, software companies in the US protect themselves against this by the mean of the EULA. And ironically, in the EU, you can't contractually deprive a customer from his legal right to decompile the program he acquired legally.

So Richard Vida was legal to decompile Houdini because he was satisfying his personal curiosity. As long as he is not using the decompiled code directly he is also legally improve Critter with ideas he found in Houdini???