[ On Wednesday, July 25, 2001 at 14:22:43 (-0400), Eric D. Williams wrote: ] > Subject: hacker copyrights was [RE: telnetd exploit code] > > Re: the lack of legal backing here are a number of links that appear relevant > to the question (do you violate copyright by publishing hacker code, discovered > subsequent to intrusion?). Indeed it appears that the law is fuzzy on this one > concerning copyright and intellectual property. But, given the circumstance > that a listing or binary of the aformentioned code can not be deterined as > authorized in the first case - the intrusion itself is illegal, it appears it > can not pass the copyright or intellectual property tests. > > Refs with USC refs: > http://www.eff.org/Publications/Mike_Godwin/phrack_riggs_neidorf_godwin.article > Ref with USC footnotes: http://www.netatty.com/copyright.html Ah, no, the case discused by Godwin in that article is entirely the opposite of what was suggested initially in this thread -- those cases revolved around a trade secret document stolen and distributed by a crackers, not around code written and distributed by the crackers. Not only that but it would seem clear that anyone receiving a copy of a self-propogating worm or virus explicitly released by its author (or anyone authorised by the author) is in possesion of a legally obtained copy of that code -- it matters not that the foisting of the copy onto your machine was itself probably an illegal act. Once the copies are distributed they're the legal property of whomever has "legally" acquired them, no matter how illegal the actions of the distributor were in creating or "releasing" them. Some of what is said about case law in the USA does actually clearly suggest copyright on hacker-owned code is in fact not violated by anyone analyzing said code The Court in one of those cases even went so far as to say (here is the Court speaking, as quoted by Godwin): "The copyright owner, however, holds no ordinary chattel. A copyright, like other intellectual property, comprises a series of carefully defined and carefully delimited interests to which the law affords correspondingly exact protections." Taken in context with copyright law this declaration and other related ones made by the same court suggests (at least to me, a non-lawyer) that a copyright owner who has explicitly caused his or her work to be freely and anonymously distributed (as is most certainly the case with a virus or worm, etc.) has in fact explicitly given up on all rights to the content of that work as a trade secret or other form of private intellectual property. I.e. as I say above the holder of any copy of such code has become a legal owner of that copy and has every right to read it, run it (so long as they don't as a result commit other offences such as allowing it to propogate to unauthorised hosts), change it, destroy it, etc.; just as you can do with a legally obtained copy of a book. Furthermore under most copyright laws it is my opinion this would even imply the owner has implicitly relinquished all right to control further free and anonymous redistribution of the work (anonymous distribution implies that further distribution cannot be detected or proven). Regardless of my latter point though the rules of "fair use" under most(all?) copyright laws will still permit anyone in possession of a legally obtained copy of the code (eg. one obtained directly from the author or from his or her directly or indirectly authorised agents) to analyze it and to publish the results of that analysis. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoodsat_private> <woodsat_private> Planix, Inc. <woodsat_private>; Secrets of the Weird <woodsat_private>
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 14:57:09 PDT