[ On Wednesday, July 25, 2001 at 14:22:43 (-0400), Eric D. Williams wrote: ]
> Subject: hacker copyrights was [RE: telnetd exploit code]
>
> Re: the lack of legal backing here are a number of links that appear relevant
> to the question (do you violate copyright by publishing hacker code, discovered
> subsequent to intrusion?). Indeed it appears that the law is fuzzy on this one
> concerning copyright and intellectual property. But, given the circumstance
> that a listing or binary of the aformentioned code can not be deterined as
> authorized in the first case - the intrusion itself is illegal, it appears it
> can not pass the copyright or intellectual property tests.
>
> Refs with USC refs:
> http://www.eff.org/Publications/Mike_Godwin/phrack_riggs_neidorf_godwin.article
> Ref with USC footnotes: http://www.netatty.com/copyright.html
Ah, no, the case discused by Godwin in that article is entirely the
opposite of what was suggested initially in this thread -- those cases
revolved around a trade secret document stolen and distributed by a
crackers, not around code written and distributed by the crackers.
Not only that but it would seem clear that anyone receiving a copy of a
self-propogating worm or virus explicitly released by its author (or
anyone authorised by the author) is in possesion of a legally obtained
copy of that code -- it matters not that the foisting of the copy onto
your machine was itself probably an illegal act. Once the copies are
distributed they're the legal property of whomever has "legally"
acquired them, no matter how illegal the actions of the distributor were
in creating or "releasing" them.
Some of what is said about case law in the USA does actually clearly
suggest copyright on hacker-owned code is in fact not violated by anyone
analyzing said code The Court in one of those cases even went so far as
to say (here is the Court speaking, as quoted by Godwin):
"The copyright owner, however, holds no ordinary chattel. A
copyright, like other intellectual property, comprises a series
of carefully defined and carefully delimited interests to which
the law affords correspondingly exact protections."
Taken in context with copyright law this declaration and other related
ones made by the same court suggests (at least to me, a non-lawyer) that
a copyright owner who has explicitly caused his or her work to be freely
and anonymously distributed (as is most certainly the case with a virus
or worm, etc.) has in fact explicitly given up on all rights to the
content of that work as a trade secret or other form of private
intellectual property. I.e. as I say above the holder of any copy of
such code has become a legal owner of that copy and has every right to
read it, run it (so long as they don't as a result commit other offences
such as allowing it to propogate to unauthorised hosts), change it,
destroy it, etc.; just as you can do with a legally obtained copy of a
book.
Furthermore under most copyright laws it is my opinion this would even
imply the owner has implicitly relinquished all right to control further
free and anonymous redistribution of the work (anonymous distribution
implies that further distribution cannot be detected or proven).
Regardless of my latter point though the rules of "fair use" under
most(all?) copyright laws will still permit anyone in possession of a
legally obtained copy of the code (eg. one obtained directly from the
author or from his or her directly or indirectly authorised agents) to
analyze it and to publish the results of that analysis.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
