Battle brews over reverse engineering

Computerworld - Recent court decisions limiting developers' rights to reverse-engineer software products have sparked an outcry by critics who say these actions could severely limit developers and users trying to interoperate or find flaws in commercial software.
U.S. judges have recently ruled that unauthorized re-engineering of the digital video disc playback system and a Web filtering program called CyberPatrol violated copyright and trade-secret laws.
Reverse engineering is also forbidden by many shrink-wrap license agreements. This restriction will likely be strengthened by the Uniform Computer Information Transactions Act (UCITA), which gives vendors powerful leverage in contract negotiations.
While some software vendors and content owners insist these decisions strengthen intellectual property protections, developers and system administrators argue they are losing the right to use products as they wish.
"Clearly, if we are not allowed to reverse-engineer the software that we didn't buy but are most graciously allowed to 'license' by agreeing to an arbitrary contract, then we have no control over what software is running on the computers we own," said Ian Goldberg, chief scientist at Zero-Knowledge Systems Inc. in Montreal. "Bugs, security holes or worse, explicit back doors, might be undetected, but only talked about within the bad guys' community. Publicly disclosing the information would be illegal."
Fair-use provisions in the copyright laws that permit reverse engineering have spurred the development of software that competes with proprietary applications such as Microsoft Word and Excel. For example, San Jose-based Phoenix Technologies Ltd.'s reverse engineering of IBM's BIOS in the mid-1980s became the basis for the entire PC clone industry.
During the annual Computers, Freedom and Privacy conference held last month in Toronto, Jessica Litman, Professor of Law at Wayne State University in Detroit, Mich., said controversial court decisions are rapidly eroding the "fair use" provisions that traditionally permitted unauthorized use of software for the purpose of reverse-engineering. The provision allows developers to disassemble and decompile a program and use what they learned to create and sell an interoperable or competing program as long as it doesn't infringe on the original code.
While Congress made exceptions in the 1998 Digital Millennium Copyright Act for interoperability development and security testing, these exceptions have been overridden in favor of anticircumvention provisions and trade secrecy laws.
But Pamela Samuelson, a professor at the School of Information Management and Systems at the University of California at Berkley, said the ruling is unprecedented because defendants in the DVD CCA case hadn't violated the shrink-wrap license. "If you have gotten information from somebody that the judge decides was a misappropriation of