Possibly something we could leverage the TCNext dialogue with the EFF lawyers about? On 20/06/2014 16:06, Alain Forget wrote: > Be that as it may, you have thus far seemed to be the most knowledgeable > about legal affairs out of all of us. Until someone with more expertise comes > along, I consider you our legal expert, for better or for worse. :-) > > Alain > > -----Original Message----- > From: ciphershed-bounce@xxxxxxxxxxxxx > [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Pyeron > Sent: Friday, June 20, 2014 11:01 > To: ciphershed@xxxxxxxxxxxxx > Subject: [ciphershed] Re: Fwd: Re: WG: AW: TrueCrypt > >> -----Original Message----- >> From: Alain Forget >> Sent: Friday, June 20, 2014 10:51 >> >> TL;DR: First, let's make damn sure they actually have a legal >> right to what they're claiming before we start ripping things >> out of our codebase, *especially* anything to do with the >> user experience/"look and feel". Second, I think we'll be >> happy for *them to join us*, but as was seen when talks with >> TCNext were revealed, our group may strongly value its >> independence to choose our own path. Any merger proposal will >> likely be heavily scrutinised by our whole group (and rightly so!). >> >> No apologies for the top post; I regret nothing. :-P >> >> Thanks for bringing us in the loop early, Bill. In principle, >> this all sounds good and the correct way to go forward. >> However, I have two main concerns: >> >> 1) I hope our legal experts in the group can very closely >> examine and verify their claims to TrueCrypt's (and possibly >> soon-to-be-CipherShed's) similarity to E4M, and their legal >> right to prevent such similarities to exist. I'm particularly >> concerned about their claims to the user experience (UX) and >> 'look and feel'. Although it's not perfect and still >> potentially confusing for new non-technical users, >> TrueCrypt's UX is far more usable any other encryption >> software I've seen. One day, I do hope we'll make a more >> non-tech user friendly UX, but I feel the current UX is >> sufficiently strong that this isn't a priority right now. >> However, if these SecurStar people have any right to assert >> that we cannot use the current UX, then we will be forced to >> come up with a new one...and while I would *love* to explore >> this personally, I simply haven't the resources at the moment. >> >> In any case, I believe the sources shared by Jason (who I >> currently consider one of our legal experts) seems to feel > > I am not a lawyer, just a business man. > >> SecurStar's claims are dubious, but we definitely don't want >> the pants sued off of us, so I wonder if we need to somehow >> clearly verify this? Additionally, Chris, why do you believe >> their claims about 'look and feel' can be ignored? >> >> 2) His last sentence, "Maybe your team might be interested in >> joining our new open project ?" was a bit too casual and >> presumptive for my liking. As I noticed when news about >> (merger? collaboration?) talks with TCNext broke out, our >> group may strongly value our independence. I don't think >> many, if any of us, would object to *others joining our >> project*, I think the reverse (us joining/merging with >> another group) would at least be very carefully scrutinised >> by everyone (and rightly so!). This doesn't mean it would be >> blocked regardless of the proposal, but I think we would all >> be very careful about the terms, expectations, and our >> autonomy in pursuing our goals. >> >> Alain >> >> -----Original Message----- >> From: ciphershed-bounce@xxxxxxxxxxxxx >> [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Pyeron >> Sent: Friday, June 20, 2014 10:35 >> To: ciphershed@xxxxxxxxxxxxx >> Subject: [ciphershed] Re: Fwd: Re: WG: AW: TrueCrypt >> >> Pardon the top post, for Bills mobile. >> >> I am concerend about the consistency of baggage. If the plan >> is to do a re-write >> of the code anyway, then as long as they contribute like any >> other (license to >> cipher shed) so be it. But we must not be held hostage by >> anyone's claim of >> copyright, patent, trademark or other IP. >> >> http://webcache.googleusercontent.com/search?hl=en&q=cache:0Md > LUfMMtP8J:http://w >> ww.pcreview.co.uk/forums/truecrypt-1-0-released-t1967957.html% >> 2Bsecurestart+true >> crypt&gbv=2&&ct=clnk >> >> Quoting the middle of the page .... >> >> From another newsgroup >> >> TrueCrypt suspended-SecureStar hauls out the lawyers >> >> "SecureStar is claiming ownership of E4M, though it was >> released as free with >> source code and a very liberal license before SecureStar was founded. >> Perhaps an attorney can comment, but I don't understand how a >> company can >> claim ownership over intellectual property that was released >> into the public >> domain before the company was born. Certainly the creator of >> E4M, Paul Le >> Roux, gave up most of his ownership rights with the license >> he wrote for E4M >> distribution..It states *specifically* that E4M may be altered and >> distributed under another name without restriction, except >> that its heritage >> must be acknowledged." >> >> The TrueCrypt team has announced on alt.security.scramdisk >> that TrueCrypt >> distribution is suspended until the matter is cleared up. >> >> >> From: TrueCrypt Team <(E-Mail Removed)> >> Organization: TrueCrypt Team >> >> February 3, 2004 >> >> In the last two days, we have been receiving e-mails from Wilfried >> Hafner, manager of SecurStar. In the e-mails he repeatedly accuses >> Paul Le Roux, the author of Encryption for the Masses (E4M), of the >> following: >> >> 1) Intellectual property theft, stealing the source code of E4M >> from SecurStar (as an employee of SecurStar) >> >> 2) Writing an illegal license that permits anyone to base his/her >> own work on E4M and distribute such modified work (while, according >> to W. Hefner, P. Le Roux did not have any right to do so). >> >> 3) Distributing E4M illegally (according to W. Hefner, all versions >> of E4M always belonged only to SecurStar) >> >> >> These statements have been made to make us stop developing and >> distributing TrueCrypt, which is based on E4M 2.02a. >> >> As we have a strong suspicion that these statements are false, we >> e-mailed Paul Le Roux and asked him to clear up this issue. Paul, we >> would also appreciate if you could post a statement to this newsgroup >> and sign it with the PGP key used to sign the archives containing >> the original E4M 2.02a source code. The PGP key properties: >> >> >> Name: Software Professionals <(E-Mail Removed)> >> ID: 0xE7959B99 >> Fingerprint: B37D C864 9437 CD4D C313 9DC9 60E9 73E4 >> Type: RSA Legacy >> Created: December 15, 1998 >> >> >> TrueCrypt distribution is suspended, until this issue is resolved. >> >>> -----Original Message----- >>> From: ciphershed-bounce@xxxxxxxxxxxxx >>> [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Cox >>> Sent: Friday, June 20, 2014 10:18 >>> To: ciphershed@xxxxxxxxxxxxx >>> Subject: [ciphershed] Fwd: Re: WG: AW: TrueCrypt >>> >>> I just wanted to let you guys know that I got a response from >>> the SecureStar guy. Please don't freak out about his >>> position. It sounds like he would be interested in working >>> with us. If it is true that truecrypt is based on his code, I >>> think we need to come to some agreement with him. One thought >>> comes to mind is that many companies will only use a product >>> that has professional support, even if it is open source . >>> Also they have expertise in this field and could be very >>> helpful. I would like to get them to agree that a quick >>> rebranding is a good idea in order to save the truecrypt user >>> base, and that we will work out how to go forward from there. >>> As I told him I can't speak for this project but I think we >>> should deal with this. I am on vacation and am dictating this >>> on my phone so there won't be any signatures this week. >>> However I received no NSL or any other such thing since the >>> last time I said so. >>> >>> Bill >>> >>> ---------- Forwarded message ---------- >>> From: "Bill Cox" <waywardgeek@xxxxxxxxx> >>> Date: Jun 20, 2014 9:07 AM >>> Subject: Re: WG: AW: TrueCrypt >>> To: "Wilfried Hafner" <hafner@xxxxxxxxxxxxx> >>> Cc: >>> >>> >>> >>> Thank you for the reply. I'm on vacation this week and can't >>> get into much detail. While I can't speak for the CypherShed >>> team, please believe me when I say that I will not stand for >>> any stolen code. I do feel strongly that the world needs an >>> open source solution like TrueCrypt and working with your >>> team sounds like a great idea to me. >>> >>> On Jun 16, 2014 10:31 AM, "Wilfried Hafner" >>> <hafner@xxxxxxxxxxxxx> wrote: >>> >>> >>> Dear Mr. Cox, >>> >>> >>> >>> thank you very much for your Email. >>> >>> >>> >>> TrueCrypt is based on our E4M software and it >>> originally included Scramdisk source code which was removed >>> after we protested. However we were especially concered about >>> the TrueCrypt encryption drivers and other code which >>> remained and these are based on E4M Code as TrueCrypt >>> clearly admits. Even the TrueCrypt user interface was >>> virtually identical to E4M (and doesn't look that different even >>> >>> now) and so our concerns were about rather more than >>> the source code use. There was also a "look and feel" aspect >>> to our concerns as well. >>> >>> >>> >>> Both products were created by our co-founding partners Mr. >>> >>> Hollingworth and Mr. Le Roux, neither of them were ever >>> asked for permission to use their intellectual propery or to >>> base a product on the apperance of E4M although Mr. >>> Hollingworths license agreement clearly made that requirement >>> absolutely clear granting the right to >>> >>> private study of the code only. >>> >>> >>> >>> In addition to this it is be noted that the E4M disk >>> and encryption >>> >>> driver technology belong to SecurStar and not to Mr. >>> Le Roux. The >>> >>> E4M license agreement written by Mr. Le Roux (co. >>> founder SecurStar) was mistakenly incomplete and not phrased >>> correctly so Mr Le Roux partially granted some rights that >>> did not fully belong to him. In no case were any rights >>> granted to anyone to make a product that LOOKED like E4m. >>> >>> >>> >>> The TrueCrypt team were informed about these facts very >>> early on soon after the initial appearance of TrueCrypt, but >>> they decided to ignore some of the facts and stay anonymous, >>> so we could not take them to court so far. However if at >>> some point the identity of the group becomes public we >>> maintain our right take proper action. >>> >>> >>> >>> We did not review the very latest TrueCrypt sources so >>> I am not yet sure which parts of these are still based on our >>> original code. >>> >>> >>> >>> Please note, that long before TrueCrypt existed we >>> offered free and open source software to the public, and >>> there are currently internal discussions to retake this road >>> and re-open our sources offering our disk and maybe phone >>> encryption software to the public free of charge. >>> >>> >>> >>> We will be making an official statement in the coming >>> months as soon as we have made a clear decision. >>> >>> >>> >>> Maybe your team might be interested in joining our new >>> open project ? >>> >>> >>> >>> Best regards >>> >>> >>> >>> Wilfried Hafner >>> >>> General Manager and founding partner >>> >>> >>> PhoneCrypt: 5010 (Secure Telephone Line)* >>> >>> Tel Office: +49 - 89 -710661727 >>> <tel:%2B49%20-%2089%20-710661727> >>> Fax: +49 - 89 - 710661728 >>> <tel:%2B49%20-%2089%20-%20710661728> >>> >>> >>> >>> >>> >>> Beschreibung: Beschreibung: ostlogoSecurStar GmbH >>> Fürstenrieder Str. 279A >>> D-81377 München - Germany >>> www.securstar.com <http://www.securstar.com/> >>> >>> >>> >>> * NOTE: If you wish to communicate with us in a fully >>> secure way and without the risk of being intercepted, please >>> do so by calling us with PhoneCrypt universal. More details >>> can be found here: >>> http://www.securstar.com/products_phonecrypt_universal.php >>> >>> >>> >>> >>> >>> Von: Daiana Grosz [mailto:daiana@xxxxxxxxxxxxx] >>> Gesendet: Dienstag, 10. Juni 2014 12:49 >>> An: hafner@xxxxxxxxxxxxx >>> Betreff: Re: AW: TrueCrypt >>> >>> >>> >>> Here is the contact info: >>> >>> Name: >>> >>> Bill Cox >>> >>> Email: >>> >>> waywardgeek@xxxxxxxxx >>> >>> >>> >>> The message I sent you previously is from the ticket system. >>> On Facebook he wrote this: >>> >>> "Hi. I'm Bill Cox, and I'm working with some developers >>> at CipherShed.org on a TrueCrypt fork. I read on >>> Wikipedia.org that SecurStar claims ownership of some of the >>> code. I would like to understand specifically which parts of >>> the code SecurStar feels was stolen. I cannot support code >>> theft, and wish to remove any stolen code from the code base. >>> However, I will need more details than I can find on the >>> Internet to do so. Thanks, Bill" > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > - - > - Jason Pyeron PD Inc. http://www.pdinc.us - > - Principal Consultant 10 West 24th Street #100 - > - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - > - - > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > This message is copyright PD Inc, subject to license 20080407P00. > > > -- -- At the time of writing, no warrants have been served to me, nor am I under any legal compulsion concerning the CipherShed project. I do not know of any searches of seizures of my assets.
Attachment:
signature.asc
Description: OpenPGP digital signature