At 7:06 PM 02/01/96, baldwin wrote:
WARNING NOTICE
It has recently come to the attention of RSA Data Security, Inc. that certain of its confidential and proprietary source code has been misappropriated and disclosed. Despite such unauthorized use and disclosure, RSA Data Security reserves all intellectual property rights in such source code under applicable law, including without limitation trade secret and copyright protection. In
Well, now we know it really was RC2. Is there a law-knowing type out there who can tell us what's going on legally? As I understand things, RSA is just bullshitting here. When something has 'trade secret' status, the only people with legal obligations toward it are those with contractual obligations to RSA--you can only enforce 'trade secrets' through contractual obligations, non-disclosure and confidentiality agreements, etc. Once something has been disclosed, as I understand it, people without contractual obligations in regards to it are free to do whatever they want to it--trade secret status of RC2 has nothing to do with me, who has no contractual obligations to RSA regarding RC2. (Unless the license agreement for RSAref could be stretched to apply somehow, but I don't think so). Now, copyright might be another matter. But you can't copyright an algorithm, only specific text in fixed form (ie, the source code). So this would mean you couldn't use the particular code posted to sci.crypt, but wouldn't stop anyone from using the algorithm, if they wrote their own code (to be safe, without having seen the RSA-copyrighted code, only having the algorithm described to them by someone else). You can _patent_ an algorithm, but as I understand it, something can't be patented and a trade secret--you have to disclose it in full to the patent office to get a patent, at which point it's no longer a trade secret. And the legalese from RSA doesn't even mention patents anyway (because they dont' have one, of course), only copyright and 'trade secret'. I'm not a lawyer of course. Information from someone more sure of their knowledge then I am would be appreciated. But, as I understand it, they're basically making stuff up, and there is nothing stopping any of us, who haven't signed any non-disclosure agreements with RSA, from using the RC2 algorithm.