Bugtraq mailing list archives

RE: hacker copyrights was [RE: telnetd exploit code]

From: "Eric D. Williams" <eric () infobro com>
Date: Wed, 25 Jul 2001 20:27:51 -0400

Greg,

With all do respect it is clear the case especially the Godwin ref. are not 
directly material to the issue / topic here but rather the application of the 
principles herein as you discussed.  I am not clear on what your allusion to 
self-propagating worm is here, I believe this thread started where a question 
was asked whether a cracker would be protected from scrutiny by copyright.  Be 
that as it may I appreciate your arguments and they are clarifying to the 
subject.

Eric

Eric Williams, Pres.
Information Brokers, Inc.    Phone: +1 202.889.4395
http://www.infobro.com/        Fax: +1 202.889.4396
               mailto:eric () infobro com
           For More Info: info () infobro com
                    PGP Public Key
   http://new.infobro.com/KeyServ/EricDWilliams.asc
Finger Print: 1055 8AED 9783 2378 73EF  7B19 0544 A590 FF65 B789


On Wednesday, July 25, 2001 5:25 PM, Greg A. Woods [SMTP:woods () weird com] 
wrote:

[ On Wednesday, July 25, 2001 at 14:22:43 (-0400), Eric D. Williams wrote: ]

Subject: hacker copyrights was [RE: telnetd exploit code]

Re: the lack of legal backing here are a number of links that appear
relevant
to the question (do you violate copyright by publishing hacker code,
discovered
subsequent to intrusion?).  Indeed it appears that the law is fuzzy on this
one
concerning copyright and intellectual property.  But,  given the
circumstance
that a listing or binary of the aformentioned code can not be deterined as
authorized in the first case - the intrusion itself is illegal, it appears
it
can not pass the copyright or intellectual property tests.

Refs with USC refs:

http://www.eff.org/Publications/Mike_Godwin/phrack_riggs_neidorf_godwin.artic

le
Ref with USC footnotes: http://www.netatty.com/copyright.html


Ah, no, the case discused by Godwin in that article is entirely the
opposite of what was suggested initially in this thread -- those cases
revolved around a trade secret document stolen and distributed by a
crackers, not around code written and distributed by the crackers.

Not only that but it would seem clear that anyone receiving a copy of a
self-propogating worm or virus explicitly released by its author (or
anyone authorised by the author) is in possesion of a legally obtained
copy of that code -- it matters not that the foisting of the copy onto
your machine was itself probably an illegal act.  Once the copies are
distributed they're the legal property of whomever has "legally"
acquired them, no matter how illegal the actions of the distributor were
in creating or "releasing" them.

Some of what is said about case law in the USA does actually clearly
suggest copyright on hacker-owned code is in fact not violated by anyone
analyzing said code The Court in one of those cases even went so far as
to say (here is the Court speaking, as quoted by Godwin):

      "The copyright owner, however, holds no ordinary chattel.  A
      copyright, like other intellectual property, comprises a series
      of carefully defined and carefully delimited interests to which
      the law affords correspondingly exact protections."

Taken in context with copyright law this declaration and other related
ones made by the same court suggests (at least to me, a non-lawyer) that
a copyright owner who has explicitly caused his or her work to be freely
and anonymously distributed (as is most certainly the case with a virus
or worm, etc.) has in fact explicitly given up on all rights to the
content of that work as a trade secret or other form of private
intellectual property.  I.e. as I say above the holder of any copy of
such code has become a legal owner of that copy and has every right to
read it, run it (so long as they don't as a result commit other offences
such as allowing it to propogate to unauthorised hosts), change it,
destroy it, etc.; just as you can do with a legally obtained copy of a
book.

Furthermore under most copyright laws it is my opinion this would even
imply the owner has implicitly relinquished all right to control further
free and anonymous redistribution of the work (anonymous distribution
implies that further distribution cannot be detected or proven).

Regardless of my latter point though the rules of "fair use" under
most(all?) copyright laws will still permit anyone in possession of a
legally obtained copy of the code (eg. one obtained directly from the
author or from his or her directly or indirectly authorised agents) to
analyze it and to publish the results of that analysis.

--
                                                      Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>     <woods () robohack ca>
Planix, Inc. <woods () planix com>;   Secrets of the Weird <woods () weird com>

Current thread:

hacker copyrights was [RE: telnetd exploit code] Eric D. Williams (Jul 25)
- Re: hacker copyrights was [RE: telnetd exploit code] Stan Horwitz (Jul 26)
- Re: hacker copyrights was [RE: telnetd exploit code] Stanley G. Bubrouski (Jul 26)
  - Re: hacker copyrights was [RE: telnetd exploit code] Timothy Lawless (Jul 26)
  - 10 Big Myths about Copyright (especially as pertains to Internet Publication) Don Papp (Jul 26)
- Re: hacker copyrights was [RE: telnetd exploit code] Greg A. Woods (Jul 26)
- Re: hacker copyrights was [RE: telnetd exploit code] Joe Shaw (Jul 26)
- <Possible follow-ups>
- RE: hacker copyrights was [RE: telnetd exploit code] Eric D. Williams (Jul 26)
  - RE: hacker copyrights was [RE: telnetd exploit code] Greg A. Woods (Jul 26)
- RE: hacker copyrights was [RE: telnetd exploit code] Eric D. Williams (Jul 26)
- Re: hacker copyrights was [RE: telnetd exploit code] Joe Shaw (Jul 26)