TL;DR: First, let's make damn sure they actually have a legal right to what they're claiming before we start ripping things out of our codebase, *especially* anything to do with the user experience/"look and feel". Second, I think we'll be happy for *them to join us*, but as was seen when talks with TCNext were revealed, our group may strongly value its independence to choose our own path. Any merger proposal will likely be heavily scrutinised by our whole group (and rightly so!). No apologies for the top post; I regret nothing. :-P Thanks for bringing us in the loop early, Bill. In principle, this all sounds good and the correct way to go forward. However, I have two main concerns: 1) I hope our legal experts in the group can very closely examine and verify their claims to TrueCrypt's (and possibly soon-to-be-CipherShed's) similarity to E4M, and their legal right to prevent such similarities to exist. I'm particularly concerned about their claims to the user experience (UX) and 'look and feel'. Although it's not perfect and still potentially confusing for new non-technical users, TrueCrypt's UX is far more usable any other encryption software I've seen. One day, I do hope we'll make a more non-tech user friendly UX, but I feel the current UX is sufficiently strong that this isn't a priority right now. However, if these SecurStar people have any right to assert that we cannot use the current UX, then we will be forced to come up with a new one...and while I would *love* to explore this personally, I simply haven't the resources at the moment. In any case, I believe the sources shared by Jason (who I currently consider one of our legal experts) seems to feel SecurStar's claims are dubious, but we definitely don't want the pants sued off of us, so I wonder if we need to somehow clearly verify this? Additionally, Chris, why do you believe their claims about 'look and feel' can be ignored? 2) His last sentence, "Maybe your team might be interested in joining our new open project ?" was a bit too casual and presumptive for my liking. As I noticed when news about (merger? collaboration?) talks with TCNext broke out, our group may strongly value our independence. I don't think many, if any of us, would object to *others joining our project*, I think the reverse (us joining/merging with another group) would at least be very carefully scrutinised by everyone (and rightly so!). This doesn't mean it would be blocked regardless of the proposal, but I think we would all be very careful about the terms, expectations, and our autonomy in pursuing our goals. Alain -----Original Message----- From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Pyeron Sent: Friday, June 20, 2014 10:35 To: ciphershed@xxxxxxxxxxxxx Subject: [ciphershed] Re: Fwd: Re: WG: AW: TrueCrypt Pardon the top post, for Bills mobile. I am concerend about the consistency of baggage. If the plan is to do a re-write of the code anyway, then as long as they contribute like any other (license to cipher shed) so be it. But we must not be held hostage by anyone's claim of copyright, patent, trademark or other IP. http://webcache.googleusercontent.com/search?hl=en&q=cache:0MdLUfMMtP8J:http://w ww.pcreview.co.uk/forums/truecrypt-1-0-released-t1967957.html%2Bsecurestart+true crypt&gbv=2&&ct=clnk Quoting the middle of the page .... From another newsgroup TrueCrypt suspended-SecureStar hauls out the lawyers "SecureStar is claiming ownership of E4M, though it was released as free with source code and a very liberal license before SecureStar was founded. Perhaps an attorney can comment, but I don't understand how a company can claim ownership over intellectual property that was released into the public domain before the company was born. Certainly the creator of E4M, Paul Le Roux, gave up most of his ownership rights with the license he wrote for E4M distribution..It states *specifically* that E4M may be altered and distributed under another name without restriction, except that its heritage must be acknowledged." The TrueCrypt team has announced on alt.security.scramdisk that TrueCrypt distribution is suspended until the matter is cleared up. From: TrueCrypt Team <(E-Mail Removed)> Organization: TrueCrypt Team February 3, 2004 In the last two days, we have been receiving e-mails from Wilfried Hafner, manager of SecurStar. In the e-mails he repeatedly accuses Paul Le Roux, the author of Encryption for the Masses (E4M), of the following: 1) Intellectual property theft, stealing the source code of E4M from SecurStar (as an employee of SecurStar) 2) Writing an illegal license that permits anyone to base his/her own work on E4M and distribute such modified work (while, according to W. Hefner, P. Le Roux did not have any right to do so). 3) Distributing E4M illegally (according to W. Hefner, all versions of E4M always belonged only to SecurStar) These statements have been made to make us stop developing and distributing TrueCrypt, which is based on E4M 2.02a. As we have a strong suspicion that these statements are false, we e-mailed Paul Le Roux and asked him to clear up this issue. Paul, we would also appreciate if you could post a statement to this newsgroup and sign it with the PGP key used to sign the archives containing the original E4M 2.02a source code. The PGP key properties: Name: Software Professionals <(E-Mail Removed)> ID: 0xE7959B99 Fingerprint: B37D C864 9437 CD4D C313 9DC9 60E9 73E4 Type: RSA Legacy Created: December 15, 1998 TrueCrypt distribution is suspended, until this issue is resolved. > -----Original Message----- > From: ciphershed-bounce@xxxxxxxxxxxxx > [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Cox > Sent: Friday, June 20, 2014 10:18 > To: ciphershed@xxxxxxxxxxxxx > Subject: [ciphershed] Fwd: Re: WG: AW: TrueCrypt > > I just wanted to let you guys know that I got a response from > the SecureStar guy. Please don't freak out about his > position. It sounds like he would be interested in working > with us. If it is true that truecrypt is based on his code, I > think we need to come to some agreement with him. One thought > comes to mind is that many companies will only use a product > that has professional support, even if it is open source . > Also they have expertise in this field and could be very > helpful. I would like to get them to agree that a quick > rebranding is a good idea in order to save the truecrypt user > base, and that we will work out how to go forward from there. > As I told him I can't speak for this project but I think we > should deal with this. I am on vacation and am dictating this > on my phone so there won't be any signatures this week. > However I received no NSL or any other such thing since the > last time I said so. > > Bill > > ---------- Forwarded message ---------- > From: "Bill Cox" <waywardgeek@xxxxxxxxx> > Date: Jun 20, 2014 9:07 AM > Subject: Re: WG: AW: TrueCrypt > To: "Wilfried Hafner" <hafner@xxxxxxxxxxxxx> > Cc: > > > > Thank you for the reply. I'm on vacation this week and can't > get into much detail. While I can't speak for the CypherShed > team, please believe me when I say that I will not stand for > any stolen code. I do feel strongly that the world needs an > open source solution like TrueCrypt and working with your > team sounds like a great idea to me. > > On Jun 16, 2014 10:31 AM, "Wilfried Hafner" > <hafner@xxxxxxxxxxxxx> wrote: > > > Dear Mr. Cox, > > > > thank you very much for your Email. > > > > TrueCrypt is based on our E4M software and it > originally included Scramdisk source code which was removed > after we protested. However we were especially concered about > the TrueCrypt encryption drivers and other code which > remained and these are based on E4M Code as TrueCrypt > clearly admits. Even the TrueCrypt user interface was > virtually identical to E4M (and doesn't look that different even > > now) and so our concerns were about rather more than > the source code use. There was also a "look and feel" aspect > to our concerns as well. > > > > Both products were created by our co-founding partners Mr. > > Hollingworth and Mr. Le Roux, neither of them were ever > asked for permission to use their intellectual propery or to > base a product on the apperance of E4M although Mr. > Hollingworths license agreement clearly made that requirement > absolutely clear granting the right to > > private study of the code only. > > > > In addition to this it is be noted that the E4M disk > and encryption > > driver technology belong to SecurStar and not to Mr. > Le Roux. The > > E4M license agreement written by Mr. Le Roux (co. > founder SecurStar) was mistakenly incomplete and not phrased > correctly so Mr Le Roux partially granted some rights that > did not fully belong to him. In no case were any rights > granted to anyone to make a product that LOOKED like E4m. > > > > The TrueCrypt team were informed about these facts very > early on soon after the initial appearance of TrueCrypt, but > they decided to ignore some of the facts and stay anonymous, > so we could not take them to court so far. However if at > some point the identity of the group becomes public we > maintain our right take proper action. > > > > We did not review the very latest TrueCrypt sources so > I am not yet sure which parts of these are still based on our > original code. > > > > Please note, that long before TrueCrypt existed we > offered free and open source software to the public, and > there are currently internal discussions to retake this road > and re-open our sources offering our disk and maybe phone > encryption software to the public free of charge. > > > > We will be making an official statement in the coming > months as soon as we have made a clear decision. > > > > Maybe your team might be interested in joining our new > open project ? > > > > Best regards > > > > Wilfried Hafner > > General Manager and founding partner > > > PhoneCrypt: 5010 (Secure Telephone Line)* > > Tel Office: +49 - 89 -710661727 > <tel:%2B49%20-%2089%20-710661727> > Fax: +49 - 89 - 710661728 > <tel:%2B49%20-%2089%20-%20710661728> > > > > > > Beschreibung: Beschreibung: ostlogoSecurStar GmbH > Fürstenrieder Str. 279A > D-81377 München - Germany > www.securstar.com <http://www.securstar.com/> > > > > * NOTE: If you wish to communicate with us in a fully > secure way and without the risk of being intercepted, please > do so by calling us with PhoneCrypt universal. More details > can be found here: > http://www.securstar.com/products_phonecrypt_universal.php > > > > > > Von: Daiana Grosz [mailto:daiana@xxxxxxxxxxxxx] > Gesendet: Dienstag, 10. Juni 2014 12:49 > An: hafner@xxxxxxxxxxxxx > Betreff: Re: AW: TrueCrypt > > > > Here is the contact info: > > Name: > > Bill Cox > > Email: > > waywardgeek@xxxxxxxxx > > > > The message I sent you previously is from the ticket system. > On Facebook he wrote this: > > "Hi. I'm Bill Cox, and I'm working with some developers > at CipherShed.org on a TrueCrypt fork. I read on > Wikipedia.org that SecurStar claims ownership of some of the > code. I would like to understand specifically which parts of > the code SecurStar feels was stolen. I cannot support code > theft, and wish to remove any stolen code from the code base. > However, I will need more details than I can find on the > Internet to do so. Thanks, Bill" > -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.