It depends entirely on the circumstances, and it's not just a matter of
copyright. There's licensing, contracts, copying, etc. Analysis doesn't
necessarily involve copying, but...
"It is legally risky to bypass any “technical protection measures” (e.g.,
authentication handshakes, protocol encryption, password authentication,
code obfuscation, code signing) that control access to the code or any
specific functionality."
That seems to be more about DRM, though, per
"Section 17 U.S.C. 1201, the anti-circumvention provisions of the DMCA,
prohibits circumvention of “technological protection measures” that
“effectively control access” to copyrighted works. The law also prohibits
trafficking in tools that are primarily designed, valuable or marketed for
such circumvention."
However,
"Reverse engineering generally doesn’t violate trade secret law because it
is a fair and independent means of learning information, not a
misappropriation. Once the information is discovered in a fair and honest
way, it also can be reported without violating trade secret law."
There's an exception allowing it for security purposes, though:
"Section 1201 contains an exception for reverse engineering, as well as
security research, encryption research, and the distribution of security
tools, all of which may support reverse engineering. "
"The list is offered just to give you an idea of the kinds of things that
distinguish permissible from impermissible reverse engineering:
You lawfully obtained the right to use a computer program;
You disclosed the information you obtained in a good faith manner that did
not enable or promote copyright infringement or computer fraud;
Your sole purpose in circumventing is identifying and analyzing parts of
the program needed to achieve interoperability;
The reverse engineering will reveal information necessary to achieve
interoperability;
Any interoperable program you created as a result of the reverse
engineering is non-infringing;
You have authorization from the owner or operator of the reverse engineered
software or the protected computer system to do your research;
You are engaged in a legitimate course of study, are employed, or are
appropriately trained or experienced, in the field of encryption technology.
You provide timely notice of your findings to the copyright owner."
Above from Coders’ Rights Project Reverse Engineering FAQ
https://www.eff.org/issues/coders/reverse-engineering-faq
TL;DR: It's a bit murky, but it's less likely if the FBI needs to copy the
existing iOS code to implement the backdoor they want - as opposed to being
able to modify the existing code with an update that was written entirely
by FBI.
"To our knowledge, no agency of the executive branch has argued, or
advised, that government copying is per se a fair use."
http://www.loc.gov/flicc/gc/fairuse.html
One academic article argues that the reason the software usually isn't
considered part of the fair use exception when seized by law enforcement is
that it's not part of the subject of a legal proceeding - I'm not sure that
applies in this case.
http://faculty.usfsp.edu/gkearns/Articles_Fraud/Copyright%20and%20Law%20Enforcement's%20Use%20of%20Seized%20Computers.pdf
On Sun, Feb 21, 2016 at 6:16 PM, douglas rankine <
douglasrankine2001@xxxxxxxxxxx> wrote:
Michael,
Question...can anyone, any group, any organisation reverse engineer
proprietary software, whether they keep it to themselves or not...If
so...can you please refer me to where it says so, in US, UK or
international law?
ATB
Dougie.
On 21/02/2016 22:19, Michael Best wrote:
I don't think reverse engineering it is a problem unless they try to
distribute that info or profit from it. Plus, reverse engineering is its
own analysis which provides some degree of separation (I think).
On Sun, Feb 21, 2016 at 5:16 PM, Andrew Hornback <achornback@xxxxxxxxx>
wrote:
Would the FBI be liable in the event that they reverse engineered Apple's
product in order to break it? I'm sure that's part of the problem.
Personally, I've heard that the NSA has the capabilities to handle this
issue without making a big deal out of it, but they don't want to tip their
hand and prove that they do... so, we end up with the smoke and mirrors
show asking Apple to get involved. Of course, it could simply be their way
of asking Apple to validate the NSA's process...
From looking at the court documents, it appears that the FBI is simply
wanting Apple to circumvent the "self-destruct" routine within iOS so they
can brute force the password on the device. That doesn't break or negate
the encryption, it merely prevents the device from pulling a "Mission
Impossible" after they get the code wrong the 10th time.
Now, if Farook's employer had done things properly and implemented an
appropriate MDM solution prior to deploying the phone, we wouldn't be
having this conversation since the MDM client/widget/whatever you want to
call it operates at a low enough level to allow administration of the phone
without it being unlocked.
I also wouldn't be surprised to find some young, enterprising lawyer in
California to be soliciting those beneficiaries of Farook's employer's
services to file suit agains them for failure to properly safeguard their
data on those mobile devices. I figure someone's going to be screaming
about HIPAA and PII security in order to make a few bucks...
--- A
On Sun, Feb 21, 2016 at 4:11 PM, Michael Best < <themikebest@xxxxxxxxx>
themikebest@xxxxxxxxx> wrote:
What does copyright have to do with it? FBI isn't trying to redistribute
the code. Apple's NDAs and IP agreements might apply, but I don't see what
role copyright plays. (I'm asking, not arguing. I haven't exactly following
the case though, and I already got one major detail wrong lol.)
Sent from my iPhone
On Feb 21, 2016, at 3:45 PM, douglas rankine <
douglasrankine2001@xxxxxxxxxxx> wrote:
see url: <https://twitter.com/cfarivar/status/701430905076731906>
https://twitter.com/cfarivar/status/701430905076731906
Even if the FBI did screw up...or Farooks Employer screwed up...or they
both screwed up...It wouldn't have made a lot of difference regarding what
is at present on Farooks phone. The back up was done on October 19th
whereas the crime was committed one and a half months later. In that time,
up until the time of the crime, the phone had NOT been backed
up...according to the affadavit from the FBI. From looking at the
affadavit, the FBI is saying that they agreed to trying to change the
password to see if they could get access to the back up, and the phone.
It didn't work, so that makes the FBI stupid because they should have
known. Does this mean that if the FBI/Farooks employer hadn't changed the
password that there would have been an automatic backup made?
Remember, according to the FBI, it is Apple software, it is copyright
and the FBI is not allowed under US Law to breach that copyright. Any
experts out there on Apples end-to-end encryption software, who isn't bound
by Apple's copyright and non-disclosure agreements? Perhaps they could
enlighten us.
Whom do I believe? I'll reserve my judgement until the facts come
out!... :-) . Coward that I am...
ATB
Dougie.
--
Veritas aequitas liberabit vos
Veri universum vici
That 1 Archive <http://that1archive.neocities.org/>
@NatSecGeek <https://twitter.com/NatSecGeek>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.5
Comment: Hostname: pgp.mit.edu
mQINBChG9zoBEADKzALG4UHCjY6L9OFUxWRVGGCW7LY71K2EAK/0jkRh1wPkJ4chPaVJ3vVD
nJ0d8HxsyR5R3+y7GH6GCc/tK0IDPJah+xpQnraS1nWUvAlSaaxsBK4hJfuVGyfBg/joQVKU
OhpqJLQhRIkUWk30QC94IbOKiCTb6V4pStLYyrLieewjT481vvRIYp/48IS5eiveZW0/IpcA
HBON7xJw6P1murC8PNOJSWRCp9FJhcs3wIPG3cFTfsxSZnGcoivMgFLtGAfLbztpZkcHEMOR
4qamVvirzYGHma0UlOzyNr7xpxyLXFsU5kKzQ8Az2nP1GG7vuqXSjPNLIvvHFL+g+gKuCe9W
xTa9Ac038RRSiBGdDrvTFpQ/h9h5GWIHP7nsA4TCeZSpL81aqp7Cb0MK3KPQmteTPIujVCnx
jXXHrOe9Tj6iYUU8edApISyBEVFZMd+EtfDEDf/ZwDjzSGE85vv1dZ/ck7iJvS8FwM8hsRBG
U9huCKiItGs26teUJ2Sum49YaEiDL4QLQhJ+FbsAusxJg+V3GE/4w75K/6/czT0p10Mf66Uo
fRFTvYRE7S6CNDxzTI4q7+pnRlxMBduGC33KY4eq4Py/O3LWHBDxZ+LffIa/tWcB/7oZ6yDo
bdWleNk5wnJdPGr6lUTHTM4tpDIEcXYpvjzyLcMtg4tFm/Dc0QARAQABtGVNaWNoYWVsIEJl
c3QgKFByaXZhdGUsIG5vdCBzZWN1cmUuIEZvciBzZWN1cmUgZW1haWwsIHJlcXVlc3QgYSBv
bmUtdGltZSBrZXkuKSA8dGhlbWlrZWJlc3RAZ21haWwuY29tPokCPQQTAQoAJwUCKEb3OgIb
AwUJNXc1AAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCiYH9hY4dAS3e+D/sFwyJER4/4
ZnHYC/1EzCpHeDikSmULEgsvNgzo73thOV9/Q2I8mCJTlQjsK4rZ2YiDzi4b0CN8kzjpxtVz
BsBsxfyPLrdH4VoqeqeBVzbwHxSk7bYUI3vFt+e3gBgpAxbVfPXCnYUnWPRlr9dc/JZoPJH4
p8yRIqktehbAE3Fa3gkfrXJ5e6+/nKlQhikyvo9VuErrLpPMXBzOq4/2LVfurkcOzlp1RBjs
hWr6B98EiOXs44ZGLEkINxJiW8koFhw/WDuON8LKi/DtLiqqtBVTjrkqKCuKzSAVncGGcEVO
3Om3aOIOvG0do/wQKYXnpbeGsHwx2PGrJ7H+lb2bIb5KhbZkbG4rMTjsVnuGN+IF4BxBhmGz
MYoooWy4VCLL0o8keomU8JPXt+fZDqJ9sNjY/asTsjOa6aE3bIa6w3mWUeefGwA25oXur3Rr
L3wmu1pPzCejumfA1X93dS9UZS3xni+7W34g6YbsREuaZ+YBxFLN227JXAx2pEdjLsuVOaqM
9CO7ARHsxDZoE9U7n0s3txnSw/2YYwjEK1wDhdLnHBL3ZzaAcaHnpzsTYQAVW7uXKKHhzeSK
GP3O4ByCisM/7WLFvIIpaNNs85jI1PvKH0GutSTl9xXDfWuYMl9rwwbteBB/oGSxlIFe0pqq
IDNfAJdR/HjTLqrTES2wdXJS1bkCDQQoRvc6ARAAmltXrhVfpePdIFrfEHCet4nkQvmRI+AX
rUgiNlxQDW8M5FzlUfT2xpMXHMWuKehTYpFq7bNbFi+fwBhMajgvgDsTuLInftKSFp+sisbR
n8psv7CpGB4jp0Xd4y1Wm/HejV/kga0kcUVVetaqyzgZedn1UnccQRzDBVWW2j2ed+hi/8g0
/d7mbVG81yzJo8tLidM90xFF7JGlijm0dBAqmhD4UgkxSnJQ3PK5onqdjdbx7HkP68RrkeTQ
vhWK1978qzdSl9ljJ0jLnoAaDNPs5Dj/TyYCtqoKHUqMbTwU5nIQnJG7geMeSw/7OVnKlypF
Rs/JesZzMBooZTRxZJuIB/q0wOfE/MYTwGSwLs2brUwJFJ6bSYmerZ+81S8W/Y4mehJ3o6Vl
SabrrVN+LlBfUuRqd5U909WECzk6HVnwnRfL07zD+1y5cLU+e4MQs2227kLriTIxtDZ/umeG
hKQgNgFGTAPHJxA96xGvQ8Ovv+XEivlO0jxBNMIiopNSlMDE+k3nigWHuavt9LUUCOd45aw7
0pgKstQQgpFfVAwV98LPpUKxa61q6wQiQHAcP7YxuQG0dsr4nUq2xids5l1IpOLzZJ3nRThM
k7alkljBbqphbocV3FsSXOkpcSWns94k1QGmrPzEPLF0FHFBG6whWoaoEySMkdsN1zVu4GMU
o2EAEQEAAYkCJQQYAQoADwUCKEb3OgIbDAUJNXc1AAAKCRCiYH9hY4dASzTaEACKXVgc8KmZ
xWyYTUQgIwrj3J/re68uIilq0iBBDocgEZZpxyf6lD1V3IKBjAPpWyYHMrrrLY64rFDR+8DE
Xyhm1Wv2S6YJuWJtyAlS4bciXjJE6evirIH5GoFq++vzsufRaudAoQ56hJ0+Z3dNMMWZ6YuP
zWNNL2tvpdo3Nvd8bqiADWSffFdIPv5Yj/mZsXmaDN+7iWYlAdCrubGyGzFHlCh26Ghu6SS0
/u8x1/Oi7ma7fUMFnEsFiYjwBkD3pQKK1dm7j2f1OMxi8uky8vgBgx40aeJkoUgEvIHWsCIi
CWVTyfiGeWIcKbK7tYP5jsjV5fUv+TaQ1pApt++Pyop1aogfQ8icNBQQkdX6E4gNhnPOPTM8
FTl69Tq5Ori5+TM8VM0iPGiydlcAXIAD3OyR4tZM12Ga1AtppKjx31EyDB4SPzUmDWRy5WgG
NRH3+RgiK/iXVcvLdFIKj3/AvctSLdbayyaFD8zrE/wcMzLfie+iE231+rG/7gmcR3H1rcYE
vxvmWAPikLQKiMUpPBNSvfLPUTrwNSGiZ5ieAAPgOooc3u5nohwZmEW1pg6HirZgIAgAYuyL
aLgnikwH70guiQ4Ufsih3gy0ddsUwliUTtbYQyX0OBQoTUyaiXPy0Wu2FJfsxiW8X9Lu9pIH
KOwU9K76VKot+UikGqeFQsS/Ig==
=M+du
-----END PGP PUBLIC KEY BLOCK-----
