Re: RC2 Source Code - Legal Warning from RSADSI
At 7:06 PM 02/01/96, baldwin wrote:
WARNING NOTICE
It has recently come to the attention of RSA Data Security, Inc. that certain of its confidential and proprietary source code has been misappropriated and disclosed. Despite such unauthorized use and disclosure, RSA Data Security reserves all intellectual property rights in such source code under applicable law, including without limitation trade secret and copyright protection. In
Well, now we know it really was RC2. Is there a law-knowing type out there who can tell us what's going on legally? As I understand things, RSA is just bullshitting here. When something has 'trade secret' status, the only people with legal obligations toward it are those with contractual obligations to RSA--you can only enforce 'trade secrets' through contractual obligations, non-disclosure and confidentiality agreements, etc. Once something has been disclosed, as I understand it, people without contractual obligations in regards to it are free to do whatever they want to it--trade secret status of RC2 has nothing to do with me, who has no contractual obligations to RSA regarding RC2. (Unless the license agreement for RSAref could be stretched to apply somehow, but I don't think so). Now, copyright might be another matter. But you can't copyright an algorithm, only specific text in fixed form (ie, the source code). So this would mean you couldn't use the particular code posted to sci.crypt, but wouldn't stop anyone from using the algorithm, if they wrote their own code (to be safe, without having seen the RSA-copyrighted code, only having the algorithm described to them by someone else). You can _patent_ an algorithm, but as I understand it, something can't be patented and a trade secret--you have to disclose it in full to the patent office to get a patent, at which point it's no longer a trade secret. And the legalese from RSA doesn't even mention patents anyway (because they dont' have one, of course), only copyright and 'trade secret'. I'm not a lawyer of course. Information from someone more sure of their knowledge then I am would be appreciated. But, as I understand it, they're basically making stuff up, and there is nothing stopping any of us, who haven't signed any non-disclosure agreements with RSA, from using the RC2 algorithm.
WARNING NOTICE
It has recently come to the attention of RSA Data Security, Inc. that certain of its confidential and proprietary source code has been misappropriated and disclosed. Despite such unauthorized use and disclosure, RSA Data Security reserves all intellectual property rights in such source code under applicable law, including without limitation trade secret and copyright protection. In
Well, now we know it really was RC2.
Is there a law-knowing type out there who can tell us what's going on legally? As I understand things, RSA is just bullshitting here. When something has 'trade secret' status, the only people with legal obligations toward it are those with contractual obligations to RSA--you can only enforce 'trade secrets' through contractual obligations, non-disclosure and confidentiality agreements, etc. Once something has been disclosed, as I understand it, people without contractual obligations in regards to it are free to do whatever they want to it--trade secret status of RC2 has nothing to do with me, who has no contractual obligations to RSA regarding RC2. (Unless the license agreement for RSAref could be stretched to apply somehow, but I don't think so).
Uh ... wait ... better check on the stupid Scientology cases because they did win some small battles regarding what they considered trade secrets. Did they win that on copyright basis or trade secret basis? There must be some case history here. Ern
Date: Thu, 1 Feb 1996 18:26:15 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Sender: owner-cypherpunks@toad.com Precedence: bulk Now, copyright might be another matter. But you can't copyright an algorithm, only specific text in fixed form (ie, the source code). So this would mean you couldn't use the particular code posted to sci.crypt, but wouldn't stop anyone from using the algorithm, if they wrote their own code (to be safe, without having seen the RSA-copyrighted code, only having the algorithm described to them by someone else). If the source code posted to sci.crypt was in fact a copy of an RSADSI copyrighted soure code listing, then making copies of that listing is a copyright violation. However, copyright protection does not extend to the underlying algorithm, so unless RSADSI has a patent on the algorithm the idea is free, and can be reimplemented using a "clean room" or "Chinese wall" approach. If the posted source code was *not* a copy of RSADSI source code but instead produced by disassembling object code RSADSI's claims are tenuous at best. RSADSI could conceivably claim that the disassembled code is a derivative product of their copyrighted object code, but I think they would have a hard time distinguishing themselves from the facts in _Sega v. Accolade_. I fail to see how the legality of "alleged-RC2" is any different than that of the "alleged-RC4" code which was published last year. --bal
participants (3)
-
Brian A. LaMacchia -
Ernest Hua -
jrochkin@cs.oberlin.edu