
Coder's Rights Project – Reverse Engineering FAQ - jcr
https://www.eff.org/issues/coders/reverse-engineering-faq
======
lstor
In Norway, we have an un-waverable right by law to reverse engineer computer
systems for learning purposes.

They are described in Åndsverkloven §§ 39h and 39i.

Roughly translated excerpts:

§ 39h Whoever has the right to use a computer program, can copy, change and
work on the program to the extent necessary in order to utilize the program in
accordance with its purpose, including in order to correct errors in the
program.

Whoever has the right to use a copy of a computer program can, during such
reading, screen display, running, transfer or storage of the program that the
user has the right to do, monitor, examine or probe the working of the program
in order to determine the ideas and principles on which the individual parts
of the program is based. [This right is un-waverable]

§ 39i You are allowed to produce a copy of a computer program's code and
translate the form of the code, when this is a prerequisite in order to
produce the information necessary to achieve functional interaction between a
self-developed program and other programs, if

a) the actions are performed by a person who has the right to use a copy of a
computer program, or acting on behalf of someone who do,

b) the information is not already easily accessible, and

c) the actions are limited to the parts of the original program necessary to
achieve functional interaction.

[A few limitations on utilization of the information]

These rights are un-waverable.

~~~
drdaeman
> for learning purposes

> A few limitations on utilization of the information

I don't know how it is in Norway, but I see those clauses as problematic.

There is not much point in reverse engineering a piece of software if you
can't use the results freely, including implementation of directly "competing"
software.

That is, most of RE is just figuring out the data formats and protocols. And I
fear that in too many jurisdictions one who had analyzed those can't also be
the person who can legally write an alternate implementation, and a "clean-
room engineering" is required.

~~~
lstor
As far as I know there is no legal precedence (and I'm not a lawyer), but I
think that figuring out data formats and protocols counts as "ideas and
principles" \-- which is okay. It's hard to say, really, courts aren't famous
for showing any understanding of computer science.

There is the DeCSS-case, which led to acquittal in Norwegian courts:
[http://en.wikipedia.org/wiki/DeCSS](http://en.wikipedia.org/wiki/DeCSS)

------
shmerl
There is a major discussion now about GOG changing their TOS trying to
prohibit reverse engineering and as well introducing DRM-like password
restriction in their installer packages.

See here:

* [https://www.gog.com/forum/general/please_fix_your_user_agree...](https://www.gog.com/forum/general/please_fix_your_user_agreement_to_allow_reverse_engineering_and_tinkering_when_its_fair_use_to_ret)

* [https://www.gog.com/wishlist/site/to_retain_your_drm_free_st...](https://www.gog.com/wishlist/site/to_retain_your_drm_free_stance_please_fix_your_user_agreement_to_allow_reverse_engineering_and_tinkering_when_its_fair_use)

* [https://www.gog.com/forum/general/on_gnulinux_has_anyone_be_...](https://www.gog.com/forum/general/on_gnulinux_has_anyone_be_able_to_extract_the_rar_innosetup_installers)

* [https://www.gog.com/wishlist/site/dont_slip_into_drm_swamp_s...](https://www.gog.com/wishlist/site/dont_slip_into_drm_swamp_stop_using_password_protection_on_installer_packages)

------
mrsteveman1
This post comes at a perfect time for me, as I'm currently documenting the
undocumented API of Ubiquiti's Airview2[1] device, a cheap ($39, 5 years ago)
2.4GHz spectrum analyzer USB stick, which they've now stopped selling and
abandoned in every way.

Just the other day I was pondering who to contact to determine whether my
current method of figuring out how the undocumented API works (typing command
guesses over the CDC-ACM serial interface in gtkterm) puts me at risk, but it
doesn't look like it. I'm not dumping the firmware and don't have a copy of
it, not decompiling the original software, there is no access control on the
interface, no encryption, no handshake, no EULA on the hardware itself.

Seems that I'm in the clear from what I can tell.

I've gotten enough of the commands documented that I've been able to write a
library based on what I've learned, and I'm hoping to publish my documentation
and the code soon. It's been quite fun to figure out how it works so I and
others can actually use these things in other software :)

[1]
[http://dl.ubnt.com/newsletters/0112.html](http://dl.ubnt.com/newsletters/0112.html)

------
lsiebert
I'm curious if reverse engineering software which is classified or otherwise
protected from disclosure by the force of government is legally risky. I
presume doing so for those who have access to such software because of a
security clearance might face a legal penalty under national security laws.

~~~
jcr
Good question, particularly if interpreted in a very broad sense. The FCC is
the portion of the US Fed Gov that handles things like validating the
acceptable RF interference and frequency transmit/receive parameters of
products. If you reverse engineer something, and the resulting
reimplementation violates the FCC rules, then you'll have legal trouble.
Similar would be true for Europe with the CE regulatory/testing body.

For example, most wifi (802.11-) chipsets have "modes" for various countries
due to the fact that the "freely available" RF spectrum varies from country to
country. Though illegal (according to the FCC/CE/etc), it is often possible to
make wifi chipsets use chunks of frequency that are not legally accessible
(within some jurisdiction). This can be done via software (drivers) or
firmware (blobs), as well as through the use of additional or modified
hardware (amps, antennas, ...).

When you get into "licensed spectrum" that is supposedly "owned" by a company
like a mobile carrier, things get even more "legally risky" since messing
around in those bands can wreak a lot of havoc. I don't know if the operation
of the (mobile) baseband processors qualify as "classified" but such info is
definitely protected from disclosure by both technical (hardware/software
protections) and legal (contracts, NDA, etc.) means. Of course, using a self-
modified baseband processor is definitely illegal since the device has not
been tested and approved by the required regulatory body (FCC or CE), but the
laws do have some limited exclusions/registrations for test/development
purposes.

If you cause problems for a carrier that spent many billions to own/license a
chunk of spectrum, then you also open yourself up to civil liability for
damages, in addition to the legal problems you'll have with the Fed Gov
regulatory body. Needless to say, if you go mucking around in the frequency
bands dedicated by law for use by the military or law enforcement, then you
are going to have a whole lot of legal problems.

~~~
TD-Linux
There is nothing "secret" about the operation of basebands, or what they put
out on the air. This is just the companies protecting trade secrets, trying to
avoid patent litigation, or just general open source averseness.

Linux includes an open source regulatory information database that several
open source wifi drivers use, so FCC licensing is not an issue for open source
software either. It is not a form of DRM and does not require any "black
boxing". Obviously you might be able to modify the software so you violate FCC
rules, but you can also build your own radio transmitter and violate the FCC
rules just as well. There's no special case for it being software.

If you want to experiment on the radio bands, you can trivially get a ham
radio license and modify the radio as you see fit, as long as you stay within
the ham radio limits.

------
shmerl
What are fair use regulations in EU in general? Are they worse than in US?

Also, how exactly does it work when contractual prohibitions try to take away
fair use rights? What wins? In this FAQ it's only mentioned that it's risky.

------
ck2
Has EFF ever addressed if we have the right to root our phones?

Because smartphones are getting more and more locked down, they have reached
the point in late 2014 where many models simply cannot be rooted by 3rd
parties.

Note I am not talking about carrier unlocking, I mean root.

I want full control over any device I use.

It is like buying a car but not being allowed into the trunk.

~~~
shmerl
It would depend on what exactly prevents you from getting root rights on your
device.

If it's DRM, to address that you'll need to fix DMCA-1201. Or more precisely,
allow breaking DRM for any non infringing purpose. Right now it forbids it,
and instead provides idiotic method of Librarian of Congress deciding what
exceptions to grant.

This corrupted law was passed undemocratically using backdoor method of WTO
trade agreements.

~~~
dragonwriter
> This corrupted law was passed undemocratically using backdoor method of WTO
> trade agreements.

No, while the anticircumvention prevention is in a Title of the DMCA named for
WIPO treaties that (among other treaties) were implemented in US law in other
provisions of the title, the anticircumvention provision was not part of those
treaties and, in any case, neither it nor any part of the DMCA was "passed"
through trade agreements, the DMCA was passed through the normal legislative
process.

~~~
shmerl
_> the DMCA was passed through the normal legislative process._

Wrong. First of all those treaties took place before DMCA (including 1201) was
passed. And there was nothing normal about it. Normal process actually
rejected such idiotic restriction outright (since DRM proponents first
attempted to pass it normally).

When they were kicked by normal democratic process, they turned to WIPO
treaties which have no democratic oversight. Corruption there is much easier,
so they squeezed anticircumvention provisions into such treaties affecting US.
Then they turned back to the Congress and said: "you can't ignore your
international obligations! Pass this law". And Congress passed it without much
of opposition. That's not called a normal democratic process, it's called
corruption and backdoor dealing.

See:
[https://en.wikipedia.org/wiki/WIPO_Copyright_Treaty](https://en.wikipedia.org/wiki/WIPO_Copyright_Treaty)

~~~
dragonwriter
> First of all those treaties took place before DMCA-1201 was passed.

But they aren't self-executing, and, in any case, DMCA 1201 isn't -- despite
being in part of the DMCA titled for various treaties that were implemented in
that Title -- part of them in any case. DMCA (the whole thing, including 1201)
was passed as normal legislation by the House and Senate and with the
signature of the President. You can argue that that is undemocratic.

> When they were kicked by normal democratic process, they turned to WIPO
> treaties which have no democratic oversight.

Since any treaty, to be law in the US, requires ratification by the Senate, it
is simply false to state that they have "no democratic oversight". But its
irrelevant in this case, since DMCA 1201 is a provision of statute law adopted
through the regular legislative process, not something that is binding law as
a result of at treaty without implementing legislation adopted through the
regular legislative process.

> Then they turned back to the Congress and said: "you can't ignore your
> international obligations! Pass this law".

A tactic which is not actually effective when Congress wants to ignore the
"international obligation" at issue. At most, one could argue -- if the
anticircumvention provisions were actually contained in any of the treaties
that were being implemented in the DMCA, which they weren't -- that the
treaties provided political cover for something Congress wanted to do.

> That's not called a normal democratic process, it's called corruption and
> backdoor dealing.

To the extent there was corruption or backdoor dealing involved, it wasn't WTO
or WIPO treaties "passing" the provision. You can argue that the regular
legislative process was subject to corruption or backdoor dealing -- such is
not at all unheard of in US legislative processes -- but any treaty process is
a sideshow to that in this case, since the provision didn't become US law by
being included in a treaty, it became US law by being included in a regular
bill passed through Congress and signed by the President.

~~~
shmerl
See my response here
([https://news.ycombinator.com/item?id=8840676](https://news.ycombinator.com/item?id=8840676)),
it quotes the creator of DMCA himself who clearly states that he intended to
bypass the democratic process. That's unquestionably corruption and a perfect
example of undemocratically passed law.

It also highlights how broken the current system is, when corrupted
international treaties are used to shape the law bypassing normal democratic
ways.

 _> A tactic which is not actually effective when Congress wants to ignore the
"international obligation" at issue. _

It should ignore it in theory, but in practice it doesn't have the guts and
gives the power away to USTR and the like. That's what all this fast track
idiocy is exactly about.

~~~
dragonwriter
> See my response here
> ([https://news.ycombinator.com/item?id=8840676](https://news.ycombinator.com/item?id=8840676)),
> it quotes the creator of DMCA himself who clearly states that he intended to
> bypass the democratic process.

How he describes his intent is irrelevant. The _fact_ is that the law was
passed through the House, Senate, and Presidents signature in exactly the
manner laid out in the Constitution, not "by WTO treaty". And, while some of
the law implemented things previously agreed to in WIPO and other treaties,
the particular provision at issue -- Section 1201 -- did not.

It might be undemocratic and/or corrupt, but if so the undemocratic/corrupt
mechanism by which Section 1201 was passed is the normal US legislative
process.

> It should ignore it in theory

It does in practice, when it is something that Congress doesn't want to do
anyway -- this happens quite a lot on non-trade issues.

> but in practice it doesn't have the guts and gives the power away to USTR
> and the like.

More likely, on trade issues Congress takes advantage of treaties to provide
for political cover for things Congress would like to do but where there might
be greater political costs without that cover.

~~~
shmerl
_> How he describes his intent is irrelevant. The fact is that the law was
passed through the House, Senate, and Presidents signature_

Using corrupt manipulation scheme and pressure by international trade
agreements like described above. When democracy doesn't work, the fact that
it's called democracy on paper is pretty meaningless.

 _> It might be undemocratic and/or corrupt, but if so the
undemocratic/corrupt mechanism by which Section 1201 was passed is the normal
US legislative process._

Yes, it is undemocratic and corrupt and it was passed through the legislative
process, but as I said there was nothing normal about it. That process is not
supposed to be manipulated by such treaties in such corrupt fashion, yet it
is.

Unless you simply mean that such level of corruption is generally a norm and
this participial incident should be a default expectation of how Congress
would function. It doesn't fit with what Lehman said that initially his
attempts to pass these laws were rejected. I.e. he didn't manage to manipulate
the Congress directly, and had to pull the weight of international agreement
to change that.

 _> It does in practice_

No it doesn't. Otherwise such stuff as fast track proposals to relinquish
Congress oversight won't be even considered.

------
nnd
I'm curious if non-US entities were ever prosecuted by US companies for
reverse-engineering?

~~~
drdaeman
Dmitry Sklyarov?

[http://en.wikipedia.org/wiki/United_States_v._ElcomSoft_and_...](http://en.wikipedia.org/wiki/United_States_v._ElcomSoft_and_Sklyarov)

~~~
thekaleb
Were any successfully prosecuted?

------
TeMPOraL
Interestingly, four out of five court cases mentioned are from games industry.

~~~
Sir_Cmpwn
The gaming industry is well known for exercising as much control as possible
over their hardware and software. Console manufacturers want to control what
runs on the console and software authors want to prevent piracy.

