Of course, the competitor agreed not to reverse engineer the software - under the definition "attempting to produce a copy", they definitely did reverse engineer.
But does that mean that re-implementing the same interface is reverse-engineering? That would be scary and terrible for competition.
No software with a reverse-engineering clause could have a clone. Does Windows have one? If yes, Wine developers could not compare if a game works under Wine correctly.
What about APIs? Is it forbidden for US citizens to create NVIDIA CUDA clones now? If someone found a way to reproduce some Photoshop image filter, is it forbidden to compare the resuls? MS Word-produced files?
I really don't like where this is going. Thankfully, reverse engineering cannot be forbidden in the EU (unless I'm wrong).
EDIT: I guess my main gripe is that if the owners of proprietary "standards" which achieved monopoly can effectively forbid any alternatives, cementing the monopolies.
If they had "just" implemented a clone without getting a licence from SAS, then they likely wouldn't be in trouble.
"Is it forbidden for US citizens to create NVIDIA CUDA clones now"
No, but if you download a free piece of software with a license that forbids you from using it to create a clone of NVIDIA CUDA, and you agree to the license and you do just that... well then you breach the license you agreed to. It's not a blanket ban on every case of reverse engineering, just a case of WPL shooting themselves in the foot in an obvious manor.
I just don't buy this. There is literally no way to build a CUDA clone without testing output against both your clone and CUDA itself.
With this reading, EULA's have effectively banned cloning any form of software.
Not necessarily. You might be able to get by only testing against third-party products that use CUDA.
We did something like that at Interactive Systems Corporation in the '80s when we wrote a 286 Xenix emulator to run on 386 System V. If I am remembering correctly, we never actually had a 286 Xenix system to compare to. We just had a bunch of system call level test programs, and a few big applications like word processors.
The difference being that they didn't have a second team dis-assemble and actually reverse engineer the product to write a formal spec for how it functioned. Instead they did A/B testing to ensure that the output of the known product produced the same output as the reference implementation, reportedly without examining how the black box worked.
On the other hand at a certain point it becomes a monopoly with a negative societal impact.
You've gone from "Drug manufacturers get patents and a period of exclusivity" to "Patent and exclusivity, and also protection from generics for the brand's life", but patents can be applied for at any time during a drugs development, including before it's ever been synthesized (e.g., theoretical manufacture via computer models) but the exclusivity is only a U.S. FDA marketing feature. Patents on a drug could expire before the exclusivity, so a competing manufacturer could create a secondary brandname drug and sell it overseas during that period. I'm really confused as to where this EULA would even fit in, since you've just moved the goalposts with your "even after" clause.
If the FDA had some kind of deterministic human trial of a drug, like some dystopian lab-grown identical human clones, of which drugs were trialled on and some company B was able to obtain a set of these clones from company A that had some kind of defect of which the drug was targeting as a cure or remedy for, and then used those proprietary clone models in order to test their clone drug against, we might have some kind of metaphor worth arguing against, but we don't.
> person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs
Courts have generally chosen that a EULA clause can override this provision of the law, which seems pretty backwards to me, especially considering that the validity of shrink-wrap licenses hasn't been established very firmly (although I'm not sure about the nature of the EULA in this case)
Access controls are tricks like basic compilation of source into machine code (and further obfuscation from that departure point such as run-time decryption of code sections, requiring execution to be controlled in a debugger to intercept the decrypted code), and the placement of a program as firmware onto a tamper-resistant chip.
Producing a language specification surely is not reverse engineering on its own. I could equally well contract the company to undertake a rigorous security analysis of the language to look for vulnerabilities or defects. Neither of these companies needs to know how I'll use what they produce. It seems unreasonable to consider the act of producing documentation about a product's public interface behavior as "reverse engineering".
Then, I use the language specification to build my own implementation. Is this permissible? If not, why not? Who is undertaking the act of reverse engineering prohibited by the license?
That someone else is not connected in any way; i.e. you are not both subsidiaries of the same company, etc.
E.g. your manager's uncle has a friend who works in some company where they have a CUDA license; arrangements are made and things are procured.
The requirement specification is not traceable to a particular CUDA license key; there is nothing that can be proven about the identity of the source.
There are entire companies whose only mission is buying electronics, reverse engineering it into its constituent parts and producing a detailed report that tells you whats in it, how it's made and most important what it costs to make. That's possible because when you buy something, you own it. Only in software make-believe do we allow selling some very ill-defined "right to use" with no guarantees or rights.
Protecting the inner workings of a product is precisely what patents are for.
Notably only the way WPL produces manuals that are too similar to SAS has been upheld.
Article 5 and Article 6 are the most interesting when it comes to reverse engineering, with 5 allowing to study an application while using it legally and breaking some protected rights for bug fixes and 6 allowing decompilation for some purposes.
Does this help you?
I think you'd want to know about the case law before leaning too heavily on that, though.
Contrary to popular belief MS never deliberately obfuscated Office files; they were simply a raw dump of the internal objects as they were in memory. So obviously they would change between versions. Which made sense in the days when computers were a lot more resource constrained than they are now. Now with power and memory to spare, they can be encoded and decoded on the fly.
Kudos to Google for getting such impressive compatibility. Must have been insane amounts of man-hours to achieve. They at least have the ability to crawl the web, download docs and xls, and automate comparison. I’m not sure it’s even feasible otherwise.
Later they made the format a lot saner, but either way I'm pretty sure google would be fine.
It also depends if Microsoft had published the xls[x] spec, and under what license.
If the Google v Oracle case stands, API's are fall under copyright as such you have to have a copyright license to replicate them.
That was the entire case, how google implemented the entire Java API with out using Java
SO things like WINE, or any other implementation of an API that does not have the original author of the API's permission are violating copyright law
If the license was tightly integrated with the software (meaning even a pirated copy would require acceptance before use) then just hire an outside consulting company to generate the output from the test code. It could have all been documented and left the company with clean hands.
The simplicity of side stepping the license in this case highlights the absurdity of the ruling.
Not saying SAS wouldn't still sue them, but they wouldn't have nearly as strong a case with damages less likely to be bankrupting.
That's a perverse but probably accurate reading of the situation.
It reminds me of patent advice I've received: never look at a competitor's patents, or even speculate about them. Damages in a patent lawsuit go way up if the infringement was willful, which is automatically assumed if you know about the patent.
They did reverse engineer the code instead of infringing copyright. The problem is that it violated a license prohibition on reverse engineering. I'm not going to claim that the judges interpreted the law incorrectly, but I think that this legal result is overall bad for society. It means that a company can stifle competition even if potential competitors avoid violating copyright or patents.
Lots of complexities there, but the root of the issue is that you can't pull a company's main asset out from under legitimate creditors. And SAS will soon be a big creditor as soon as the ruling is final and they get a monetary judgment that the company presumably won't be able to pay.
There are lots of ways companies try to evade this basic principle, but none that can withstand the scrutiny of a court and motivated, financed creditor.
It does seem overly broad, this line of reasoning left unchecked would imply no third-party replacement parts for any device, because you need to understand the working to make a part...
On the other hand if I am creating some new technology, inhave now gained a very effective tool to fight the copy-cats. At least the ones who couldn’t setup a shell company for this exact purpose.
Correct. The problem with that is you might hire someone who has lots of experience with a product in order to develop a competing one. You have that person tell you how the new product needs to behave. This is essentially doing the same thing, but who is violating the "agreement"? At the time the employee learned about the product, they were a legitimate user with no intent of reverse engineering. They may or may not have personally accepted the EULA (it may have been installed by the IT folks). When they go to the new company, who becomes responsible to any alleged wrong doing? I guess I'm saying there is a grey area where things boil down to intent rather than action, and that makes me think it's wrong (on top of the more obvious issues).
On the upside, IIRC there are countries where this activity would be legal and the enforcement of the EULA terms against it are unenforceable. IANAL, so find said country(s) and development practices to circumvent this problem on your own. I think it's unfortunate, but it's exactly the kind of stupid problem that pushed RMS to start the GNU project.
This is the same as getting Linux to behave like a Unix kernel, or GNU tools to behave like Unix tools, Wine to behave like Win32 DLL's and so on.
Validating "does my machine produce the same output for the same inputs as this blackbox" is not reverse engineering. It's just engineering. Reverse engineering means taking it apart to look inside. Forward engineering means designing it and building it; reverse means the opposite: disassembling and inferring the design from the pieces and their relationships.
> More specifically, defendant had argued on appeal that the lower court’s summary judgment on the breach of contract/reverse engineering claim was improper because the term “reverse engineering” in the license agreement was ambiguous. Plaintiff and defendant offered competing definitions for what they thought reverse engineering ought to mean. Defendant proposed a narrow definition – essentially, that reverse engineering must have as its objective the re-creation of source code. Plaintiff, however, offered a broader definition, encompassing other efforts to “analyze a product to learn the details of its design, construction, or production in order to produce a copy or improved version.”
(spoiler: court sides with plaintiff)
To what extent can a lawsuit be brought over a system that functions, for many inputs, in the same way as another, separate system? What's the difference between reverse engineering and plain old competition?
It becomes more like reverse engineering the more you dig into, to the user, irrelevant technical details of the product.
In this case it does sound like they were trying to figure out API conventions, and not real engineering details, but that's just my cursory reading.
This is particularly ironic as the company itself was founded based on mainframe storage and interface technologies -- the SAS program editor and interactive environment through the 1990s was based on the IBM TSO/ISPF environment.
Earlier challenges included the BASS System, by Jeff Bass (a DOS run-alike in the 1980s), and a dataset reader/converter, DBMSCopy. The latter eventually included a program interpreter as well, I believe.
My recollection is that DBMS/Copy's developer and SAS came to a mutual understanding.
SAS's key asset is control over utility and access to a decades-old legacy of programs and data at enterprise and government sites, though it's lost ground to Python and R in tech and most especially academia.
(I use SAS because I like data analysis and my pension plan and governments don't do open source, not because I like SAS...)
I mean not saying it doesn't have legitimate uses, fast well tested and a few procs with the right options can accomplish a the equivalent of a lot of Python, and I only ever learned enough to run a few datasets and port some old code to python/r/vba, but observing the crazy ass shit people did to implement any kind of logic or data transformation was enlightening. Many many "wait people actually do this" moments. Like an entire ancient programming paradigm I never knew existed.
The problem I've encountered with SAS specifically is that the more powerful tools are hard to gain access to (or proficiency with) given the licensing costs.
I have literally been told by SAS regional sales staff that I would be better off pirating a copy of the software to gain access to it. I politely declined.
I was told I could use Python instead for the same tasks, but I liked the single-mindedness of SAS, the program pretty much writes itself.
The DATA step follows conventions very similar to awk, though what SAS offers by way of data conversion (especially from mainframe formats) is hard to provide. The fundamental concept of iterating over the input stream is useful to keep in mind.
I've also found that awk is useful for writing SAS programs themselves. I bumped into this dealing with large data dictionaries and trying to make sense of them. Parsing those and generating the corresponding SAS statements, then seeing if the results made sense was far easier than coding by hand. (The dictionary, of course, failed to correspond entirely to the actual datasets, requiring mods, but the dev/test/modify cycle was far faster, and far more repeatable.)
For data storage, an RDBMS backend or SQLite is probably good, though you can also use various structured files (CSV, other delimited, column-formatted, etc.) Columnar + compression buys you much of the advantages of a SAS data set in terms of size.
For the various statistical and graphics capabilities, R, gnuplot, the JS plotting library, and some related bits. I'd really like to see what tools for generating dyamic SVG there are these days, as that's a graphics format that seems exquisitely suited to data-driven rendering.
For advanced quantitative programming: Python or related languages and libraries.
For report generation: these days I'd probably head to a lightweight markup language and Pandoc to create whatever format(s) I wanted. Or you could wire up dynamic Web output with the application engine of your choice.
For application design or creating commandline / back-end tools: whatever tools you prefer, ranging from scripting languages to compiled langauges. It's been a long time since I've worked with SAS, but its Macro and app development language (which I can't even remember the name of now) are both quite crufty.
The key advantage to SAS as I noted in an earlier comment is that many of the tool choices are made for you, in that that's what SAS offers you. You can go outside that set, though back in the day, few shops really seemed to be much interested in that. The problem is that the tool choices are limited, and any additional tools have significant costs.
Going with free/open options liberates you, but also means you've got to litigate the tool-choice battle. That seems to be a problem mostly at shops that continue to use SAS in part -- I don't know if it's sunk-cost fallacy or other dynamics, but there's quite often resistance at both management and developer/analyst levels to going to other tools (or had been in my experience). I found that and other dyanmics sufficiently frustrating that I largely stopped using the tool decades ago, with occasional (and regrettable) relapses.
This case is interesting and disturbing. As far as it goes, the plaintiff won only because 1> their license forbade using their product for reverse engineering and 2> the defendent tried to claim that reverse engineering would be a complete reconstruction of the original source code. A stretch, and it's understandable that they tried, but it's good they lost on that one.
On 1> I suppose the court correctly stood by contract law. The dreadful thing about this is that such terms could be enforceable. I would hope that the doctrine that prevents car manufacturers from forbidding you to use third party parts in your car would protect this and it's a shame the plaintiff didn't try. Also since this ruling, reverse engineering printer cartridges have thankfully been validated by the supreme court.
Sorry I don't remember the case that permits third party repair parts -- IIRC it was a lawsuit against Toyota and Volkswagen. Note that the car and tractor companies have recently tried fishing back with DMCA(!!!) claims.
Imagine a hammer that was sold with a license that prohibited hammering a competitor's nails.
After you sell me something you should not be allowed to place restrictions on its use.
Of course, if you are a retail consumer who had no bargaining power and agreed to a standard form contract without any legal counsel then different rules should apply to you and in such cases courts will apply the test of unconscionability before enforcing any clause.
Even when I try to play devil's advocate, it's hard to justify. The fact that you invented something, should not give you eternal rights to exclusively profit from it. Even the warped patent industry knows that. The laws of innovation should be a balancing act between incentive for the innovator and incentive to society, and this decision is way out of balance in detriment of society.
How if at all does this apply to API interfaces? For example, if someone makes an app that has a compatibility interface that works exactly like Amazon S3 while simultaneously competing with S3.
I know several people on HN run services like that. Where the code is their own but the API interface is flat out copied from the competition.
This is a contract dispute around the common sense term "reverse engineer", not a copyright or IP dispute.
Say Snapchat mentioned in its TOS that you should not use this product to copy the features under reverse engineering and it proved that Facebook employees did it. Does Snapchat has a legal claim?
And you would have to wonder how it would work for simple features, that can be communicated in a few sentences.
If you use the learning edition once, are you bound by it for a lifetime with no way to end the agreement?
I vehemently refused to use it and did all my analyses on Jupyter notebooks w/ Python. Simply because the software sucked so bad to the point of being unusable. For starters, it ran ONLY on windows and to complete my assignments, I had to use bootcamp on my Mac just for this shitty software. It was not a cloud based interface and it seemed like it was built specifically for Windows. And to add to the pain, it would randomly crash, throw out irrelevant errors (uploaded too large of a data file? Here's an error stating something about the file extension) and really looked like it was developed in the 90's.
I was blown away when I realized people were paying millions in just licenses for this crap. Over time, even the school realized everything was moving towards the cloud and started advocating the use of Jupyter more and more.
I for one would seriously hope this company burns down to ashes. Simply because they're sitting on top of millions and yet can't afford to make usable software for the amounts they charge and yet, still have the audacity to shove it down at people's throats. Fuck SAS.
As much as we like to rail on Microsoft (and it's well-deserved), companies like them and Apple, etc., have really made quantum leaps in usability that most enterprise software still hasn't made.
Based on my experience, SAS isn't an egregious example, it's typical.
Reverse engineer SAS software, without using SAS software. Just rely on public documentation of SAS functionality/APIs, and test with SAS code shared from customers.
FotPS generally appies to evidence rather than copyright or contract, but I seem to recall this argument being made. Years ago....
But yes, that would mean that peeking in the kitchen to see how they prepare the food would somehow be an agreement violation...
Software might mean the complete destruction of private property as a concept.
I can see an argument made for removal of the concept of intellectual property as something that's legally protected. It sounds like you're wanting to say something stronger. What's the step into the material world?
Its not much of a stretch to imagine common security/networking/etc type clauses in those restrictions as in many cases condo's sold in the US basically have similar situations where you agree to adhere to building wide decisions (on say which ISP services the building).
Then the servicing company comes along and starts to behave like John Deere and starts prescribing what TV/pc/whatever they will inter-operate with.
There are those who would argue that current encumberances have already destroyed private property; I think most people don’t find this to be the case, at least to the point of completely destroying it. We accept limits on freedoms and rights because we understand they need to be balanced with respect to one another. As absolutes they’re ultimately incompatible. Though this is now tending towards general ideology, so I’ll stop right here.
Not "Software", but "SAAS".
This is a contract dispute plain and simple. It has nothing to do with California law and everything to do with civil procedure. You have a contract, and you claim and prove damages.
If you want to reverse engineer software, don’t enter into a contract with the maker of that software
Contract law has limits, and those limits differ on a state-by-state basis.
Later I had a second race where I defeated my opponent by driving with a full tank of gas.
The victory was overturned when a judge ruled that my use of a full tank of gas to generate similar performance was ruled “reverse engineering.”
I have a hard time understanding the idea that generating the same result without deriving how the other feature works is reasonably called “reverse engineering.”
I feel like this example doesn't really reflect what happened in this court case.
Is modifying your output to be in par with a competitor reverse engineering?
My point is that the competition doesn’t know if SAS uses banana peels to generate their output- we only know that the the results are the same- and I don’t think that is a reasonable definition of reverse engineering.
The algorithm has not been copied- only the resulting output. Trade secrets remain protected.
This decision should allow more competition from innovative newcomers and higher prices in software generally. Right now software is priced artificially low because very few vendors have any pricing power... because competitors can just rip off what they are doing. If that's not as easy companies with innovative ideas protected by strong ToS should be able to compete more aggressively and price their products much higher.
I believe you're going to see many companies put all their content behind an "agree" button.
This shift should also make acquisition prices go WAY up since companies will have to be priced more by the opportunity/IP rather than their replacement cost.
This is a big deal.
"Ideas" in the abstract aren't protected, except by trade secret laws. Patents are, at least in theory, supposed to apply to something more concrete than a mere "idea".
This decision should allow more competition from innovative newcomers
What? No it won't, it'll inhibit innovation by putting more power in the hands of large incumbents who employ many lawyers and have large war chests to fund lawsuits. No startup is going to prevail in a lawsuit against Facebook unless a miracle happens, because they'll run out of money and close down before the case is ever settled. That is, if the "chilling effects" of this kind of ruling doesn't prevent them from ever getting started in the first place.
This also works to inhibit innovation, as companies can lock out competitors via legal machinations, as opposed to needing to innovate continuously.
Maybe. It was a circuit court decision, so (in the US at least) to the extent that it establishes any precedent, it's only strictly applicable in the 4th circuit (for now).
Time will tell, I view this in a hopeful way as a shift in direction.
I think companies that invest in innovative products big or small should be able to defend those innovations against being ripped off.
Yes, fights over this will be resource intensive but there are ways to fund expensive litigation if winning is plausible. And of course the expense of litigation touches on all kinds of unrelated problems.
"This also works to inhibit innovation, as companies can lock out competitors via legal machinations, as opposed to needing to innovate continuously."
You're flat out wrong here. Companies will need to create their own innovations rather than ripping off others. This will give power to the the people actually innovating and encourage companies to invest in their own R&D.
RE the 4th circuit, yes it's not the Supreme Court but it's a big decision in the right direction in my view... and suggests this and/or related issues may be heard by the supreme court.
Maybe not, in any case the status quo is letting giant tech companies power and influence grow without limits... and that needs to change.
I'm not a FSF zealot or anything, not somebody who abhors the very existence of proprietary / closed-source software. That said, I do prefer OSS / Free Sofware in the general sense... but the rub is, software being F/OSS doesn't mean you can't make money from it. So I'm not really sure where you're coming from.
But this ruling benefits the tech giants at the expense of the "little guy". How many startups already never come into being because of fears of being sued by AmaGoogFaceSoft? And consider that most "innovation" is an incremental improvement to an existing "thing" and not some whole new thing cut from whole cloth. If you can't reverse engineer / clone products made by AmaGoogFaceSoft, Oracle, IBM, SAS, etc., it's going to be even harder for smaller companies to contribute their innovations.
This question has been the subject of many lawsuits for several decades and isn't going away any time soon.
I agree with you that the power of the large companies remains largely unchecked and that that's a bad thing.
The world doesn't divide into "innovators" on one side and "copycats" on the other side. It would certainly be convenient, but it's simply not the case, especially when it comes to developing software.
How would you call a company developing a smartly enhanced version of their competitor's product? A "copinovator"?
And by the way: I don't see why anyone would want "higher prices for software" (which seems to be one of your goals).
This only looks good if you narrow your vision down to the software you're trying to sell, ignoring the incredibly larger amount of third-party software you're already paying for.
Example. Joe Smith builds innovative software. He sells this to 10 local businesses for $5K/mo each. He is able to take care of his family, hire a couple folks and live the american dream... no VC required. Then someone goes to his website, signs up, studies what he's done and copies this innovative software and sells it for $2.5K/month profitably because they don't have to incur the R&D costs or the lifetime of work experience Joe needed to come up with his innovations. Joe is forced to cut prices dramatically or be out of business. Joe's default path now is he must grow to $200K/month at all costs... sell a portion of his business to VC, then try to grow it to millions a month. Then sell more to VC. Rinse, repeat. This is nuts. People should be able to have innovative businesses that aren't copied and don't have the aim of scaling to infinity to enrich VC's. This is important because unlike other businesses such as construction the marginal cost for providing software is so close to zero you can (and many companies do) round it down to zero.
I don't care if any of you agree with me. ...but ask yourself... is the tech landscape serving the guys in the garage right now? If not why not? I believe part of the reason is there is no strong protection for IP anymore. This case was an example of an egregious rip off and the offender was rightly penalized to the tune of $80m, then that penalty was upheld by an appeals court. I think that is a just outcome based on the limited info I have about it... and I am encouraged by the precedent. I hear many of you disagree, and you're certainly entitled to your opinion.