[ciphershed] Re: Fwd: Re: WG: AW: TrueCrypt

  • From: PID0 <p1dz3r0@xxxxxxxxx>
  • To: ciphershed@xxxxxxxxxxxxx
  • Date: Fri, 20 Jun 2014 16:07:43 +0100

Possibly something we could leverage the TCNext dialogue with the EFF
lawyers about?

On 20/06/2014 16:06, Alain Forget wrote:
> Be that as it may, you have thus far seemed to be the most knowledgeable 
> about legal affairs out of all of us. Until someone with more expertise comes 
> along, I consider you our legal expert, for better or for worse. :-)
> 
> Alain
> 
> -----Original Message-----
> From: ciphershed-bounce@xxxxxxxxxxxxx 
> [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Pyeron
> Sent: Friday, June 20, 2014 11:01
> To: ciphershed@xxxxxxxxxxxxx
> Subject: [ciphershed] Re: Fwd: Re: WG: AW: TrueCrypt
> 
>> -----Original Message-----
>> From: Alain Forget
>> Sent: Friday, June 20, 2014 10:51
>>
>> TL;DR: First, let's make damn sure they actually have a legal 
>> right to what they're claiming before we start ripping things 
>> out of our codebase, *especially* anything to do with the 
>> user experience/"look and feel". Second, I think we'll be 
>> happy for *them to join us*, but as was seen when talks with 
>> TCNext were revealed, our group may strongly value its 
>> independence to choose our own path. Any merger proposal will 
>> likely be heavily scrutinised by our whole group (and rightly so!).
>>
>> No apologies for the top post; I regret nothing. :-P
>>
>> Thanks for bringing us in the loop early, Bill. In principle, 
>> this all sounds good and the correct way to go forward. 
>> However, I have two main concerns:
>>
>> 1) I hope our legal experts in the group can very closely 
>> examine and verify their claims to TrueCrypt's (and possibly 
>> soon-to-be-CipherShed's) similarity to E4M, and their legal 
>> right to prevent such similarities to exist. I'm particularly 
>> concerned about their claims to the user experience (UX) and 
>> 'look and feel'. Although it's not perfect and still 
>> potentially confusing for new non-technical users, 
>> TrueCrypt's UX is far more usable any other encryption 
>> software I've seen. One day, I do hope we'll make a more 
>> non-tech user friendly UX, but I feel the current UX is 
>> sufficiently strong that this isn't a priority right now. 
>> However, if these SecurStar people have any right to assert 
>> that we cannot use the current UX, then we will be forced to 
>> come up with a new one...and while I would *love* to explore 
>> this personally, I simply haven't the resources at the moment.
>>
>> In any case, I believe the sources shared by Jason (who I 
>> currently consider one of our legal experts) seems to feel 
> 
> I am not a lawyer, just a business man.
> 
>> SecurStar's claims are dubious, but we definitely don't want 
>> the pants sued off of us, so I wonder if we need to somehow 
>> clearly verify this? Additionally, Chris, why do you believe 
>> their claims about 'look and feel' can be ignored?
>>
>> 2) His last sentence, "Maybe your team might be interested in 
>> joining our new open project  ?" was a bit too casual and 
>> presumptive for my liking. As I noticed when news about 
>> (merger? collaboration?) talks with TCNext broke out, our 
>> group may strongly value our independence. I don't think 
>> many, if any of us, would object to *others joining our 
>> project*, I think the reverse (us joining/merging with 
>> another group) would at least be very carefully scrutinised 
>> by everyone (and rightly so!). This doesn't mean it would be 
>> blocked regardless of the proposal, but I think we would all 
>> be very careful about the terms, expectations, and our 
>> autonomy in pursuing our goals.
>>
>> Alain
>>
>> -----Original Message-----
>> From: ciphershed-bounce@xxxxxxxxxxxxx 
>> [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Pyeron
>> Sent: Friday, June 20, 2014 10:35
>> To: ciphershed@xxxxxxxxxxxxx
>> Subject: [ciphershed] Re: Fwd: Re: WG: AW: TrueCrypt
>>
>> Pardon the top post, for Bills mobile.
>>
>> I am concerend about the consistency of baggage. If the plan 
>> is to do a re-write
>> of the code anyway, then as long as they contribute like any 
>> other (license to
>> cipher shed) so be it. But we must not be held hostage by 
>> anyone's claim of
>> copyright, patent, trademark or other IP.
>>
>> http://webcache.googleusercontent.com/search?hl=en&q=cache:0Md
> LUfMMtP8J:http://w
>> ww.pcreview.co.uk/forums/truecrypt-1-0-released-t1967957.html%
>> 2Bsecurestart+true
>> crypt&gbv=2&&ct=clnk
>>
>> Quoting the middle of the page ....
>>
>> From another newsgroup
>>
>> TrueCrypt suspended-SecureStar hauls out the lawyers
>>
>> "SecureStar is claiming ownership of E4M, though it was 
>> released as free with
>> source code and a very liberal license before SecureStar was founded.
>> Perhaps an attorney can comment, but I don't understand how a 
>> company can
>> claim ownership over intellectual property that was released 
>> into the public
>> domain before the company was born. Certainly the creator of 
>> E4M, Paul Le
>> Roux, gave up most of his ownership rights with the license 
>> he wrote for E4M
>> distribution..It states *specifically* that E4M may be altered and
>> distributed under another name without restriction, except 
>> that its heritage
>> must be acknowledged."
>>
>> The TrueCrypt team has announced on alt.security.scramdisk 
>> that TrueCrypt
>> distribution is suspended until the matter is cleared up.
>>
>>
>> From: TrueCrypt Team <(E-Mail Removed)>
>> Organization: TrueCrypt Team
>>
>> February 3, 2004
>>
>> In the last two days, we have been receiving e-mails from Wilfried
>> Hafner, manager of SecurStar. In the e-mails he repeatedly accuses
>> Paul Le Roux, the author of Encryption for the Masses (E4M), of the
>> following:
>>
>> 1) Intellectual property theft, stealing the source code of E4M
>> from SecurStar (as an employee of SecurStar)
>>
>> 2) Writing an illegal license that permits anyone to base his/her
>> own work on E4M and distribute such modified work (while, according
>> to W. Hefner, P. Le Roux did not have any right to do so).
>>
>> 3) Distributing E4M illegally (according to W. Hefner, all versions
>> of E4M always belonged only to SecurStar)
>>
>>
>> These statements have been made to make us stop developing and
>> distributing TrueCrypt, which is based on E4M 2.02a.
>>
>> As we have a strong suspicion that these statements are false, we
>> e-mailed Paul Le Roux and asked him to clear up this issue. Paul, we
>> would also appreciate if you could post a statement to this newsgroup
>> and sign it with the PGP key used to sign the archives containing
>> the original E4M 2.02a source code. The PGP key properties:
>>
>>
>> Name: Software Professionals <(E-Mail Removed)>
>> ID: 0xE7959B99
>> Fingerprint: B37D C864 9437 CD4D C313 9DC9 60E9 73E4
>> Type: RSA Legacy
>> Created: December 15, 1998
>>
>>
>> TrueCrypt distribution is suspended, until this issue is resolved.
>>
>>> -----Original Message-----
>>> From: ciphershed-bounce@xxxxxxxxxxxxx 
>>> [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Cox
>>> Sent: Friday, June 20, 2014 10:18
>>> To: ciphershed@xxxxxxxxxxxxx
>>> Subject: [ciphershed] Fwd: Re: WG: AW: TrueCrypt
>>>
>>> I just wanted to let you guys know that I got a response from 
>>> the SecureStar guy. Please don't freak out about his 
>>> position. It sounds like he would be interested in working 
>>> with us. If it is true that truecrypt is based on his code, I 
>>> think we need to come to some agreement with him. One thought 
>>> comes to mind is that many companies will only use a product 
>>> that has professional support, even if it is open source . 
>>> Also they have expertise in this field and could be very 
>>> helpful. I would like to get them to agree that a quick 
>>> rebranding is a good idea in order to save the truecrypt user 
>>> base, and that we will work out how to go forward from there. 
>>> As I told him I can't speak for this project but I think we 
>>> should deal with this. I am on vacation and am dictating this 
>>> on my phone so there won't be any signatures this week. 
>>> However I received no NSL or any other such thing since the 
>>> last time I said so.
>>>
>>> Bill
>>>
>>> ---------- Forwarded message ----------
>>> From: "Bill Cox" <waywardgeek@xxxxxxxxx>
>>> Date: Jun 20, 2014 9:07 AM
>>> Subject: Re: WG: AW: TrueCrypt
>>> To: "Wilfried Hafner" <hafner@xxxxxxxxxxxxx>
>>> Cc: 
>>>
>>>
>>>
>>> Thank you for the reply. I'm on vacation this week and can't 
>>> get into much detail. While I can't speak for the CypherShed 
>>> team, please believe me when I say that I will not stand for 
>>> any stolen code.  I do feel strongly that the world needs an 
>>> open source solution like TrueCrypt and working with your 
>>> team sounds like a great idea to me.
>>>
>>> On Jun 16, 2014 10:31 AM, "Wilfried Hafner" 
>>> <hafner@xxxxxxxxxxxxx> wrote:
>>>
>>>
>>>     Dear Mr. Cox,
>>>
>>>      
>>>
>>>     thank you very much for your Email.
>>>
>>>      
>>>
>>>     TrueCrypt is based on our E4M software and it 
>>> originally included Scramdisk source code which was removed 
>>> after we protested. However we were especially concered about 
>>> the TrueCrypt encryption drivers and other code which 
>>> remained  and  these are based on E4M Code as TrueCrypt 
>>> clearly admits. Even the TrueCrypt user interface was 
>>> virtually identical to E4M  (and doesn't look that different even
>>>
>>>     now) and so our concerns were about rather more than 
>>> the source code use. There was also a "look and feel" aspect 
>>> to our concerns as well.
>>>
>>>      
>>>
>>>     Both products were created by our co-founding partners Mr.
>>>
>>>     Hollingworth and Mr. Le Roux, neither of them were ever 
>>> asked for permission to use their intellectual propery or to 
>>> base a product on the apperance of E4M although Mr. 
>>> Hollingworths license agreement clearly made that requirement 
>>> absolutely clear granting the right to
>>>
>>>     private study of the code only.   
>>>
>>>      
>>>
>>>     In addition to this it is be noted that the E4M disk 
>>> and encryption
>>>
>>>     driver technology  belong to SecurStar and not to Mr. 
>>> Le Roux.   The
>>>
>>>     E4M license agreement written by Mr. Le Roux (co. 
>>> founder SecurStar) was mistakenly incomplete and not phrased 
>>> correctly so Mr Le Roux partially granted some rights that 
>>> did not fully belong to him. In no case were any rights 
>>> granted to anyone to make a product that LOOKED like E4m.
>>>
>>>      
>>>
>>>     The TrueCrypt team were informed about these facts very 
>>> early on soon after the initial appearance of TrueCrypt, but 
>>> they decided to ignore some of the facts and stay anonymous, 
>>> so we could not take them to court so far.  However if at 
>>> some point the identity of the group becomes public we 
>>> maintain our right take proper action.
>>>
>>>      
>>>
>>>     We did not review the very latest TrueCrypt sources so 
>>> I am not yet sure which parts of these are still based on our 
>>> original code.
>>>
>>>      
>>>
>>>     Please note, that long before TrueCrypt existed we 
>>> offered free and open source software to the public, and 
>>> there are currently internal discussions to retake this road 
>>> and re-open our sources offering our disk and maybe phone 
>>> encryption software to the public free of charge.
>>>
>>>      
>>>
>>>     We will be making  an official statement in the coming 
>>> months as soon as we have made a clear decision. 
>>>
>>>      
>>>
>>>     Maybe your team might be interested in joining our new 
>>> open project  ?
>>>
>>>      
>>>
>>>     Best regards
>>>
>>>      
>>>
>>>     Wilfried Hafner
>>>
>>>     General Manager and founding partner
>>>
>>>     
>>>     PhoneCrypt:       5010     (Secure Telephone Line)*
>>>
>>>     Tel Office:           +49 - 89 -710661727 
>>> <tel:%2B49%20-%2089%20-710661727>  
>>>     Fax:                       +49 - 89 - 710661728 
>>> <tel:%2B49%20-%2089%20-%20710661728> 
>>>
>>>      
>>>
>>>      
>>>
>>>     Beschreibung: Beschreibung: ostlogoSecurStar GmbH
>>>     Fürstenrieder Str. 279A
>>>     D-81377 München - Germany
>>>     www.securstar.com <http://www.securstar.com/> 
>>>
>>>      
>>>
>>>     * NOTE:   If you wish to communicate with us in a fully 
>>> secure way and without the risk of being intercepted, please 
>>> do so by calling us with PhoneCrypt universal. More details 
>>> can be found here: 
>>> http://www.securstar.com/products_phonecrypt_universal.php
>>>
>>>      
>>>
>>>      
>>>
>>>     Von: Daiana Grosz [mailto:daiana@xxxxxxxxxxxxx] 
>>>     Gesendet: Dienstag, 10. Juni 2014 12:49
>>>     An: hafner@xxxxxxxxxxxxx
>>>     Betreff: Re: AW: TrueCrypt
>>>
>>>      
>>>
>>>     Here is the contact info:
>>>
>>> Name:
>>>
>>> Bill Cox
>>>
>>> Email:
>>>
>>> waywardgeek@xxxxxxxxx 
>>>
>>>     
>>>     
>>>     The message I sent you previously is from the ticket system.
>>>     On Facebook he wrote this:
>>>         
>>>     "Hi. I'm Bill Cox, and I'm working with some developers 
>>> at CipherShed.org on a TrueCrypt fork. I read on 
>>> Wikipedia.org that SecurStar claims ownership of some of the 
>>> code. I would like to understand specifically which parts of 
>>> the code SecurStar feels was stolen. I cannot support code 
>>> theft, and wish to remove any stolen code from the code base. 
>>> However, I will need more details than I can find on the 
>>> Internet to do so. Thanks, Bill"
> 
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> -                                                               -
> - Jason Pyeron                      PD Inc. http://www.pdinc.us -
> - Principal Consultant              10 West 24th Street #100    -
> - +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
> -                                                               -
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> This message is copyright PD Inc, subject to license 20080407P00.
> 
> 
> 

-- 
--

At the time of writing, no warrants have been served to me, nor am I
under any legal compulsion concerning the CipherShed project. I do not
know of any searches of seizures of my assets.

Attachment: signature.asc
Description: OpenPGP digital signature

Other related posts: