Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: <Cisco Message> Mike Lynn's controversial Cisco Security Presentation

From: Jason Coombs <jasonc () science org>
Date: Fri, 29 Jul 2005 15:42:15 -1000
J.A. Terranson wrote:

I believe that at the moment of disclosure it becomes public domain.
Echoes of RC4...

http://www.infowarrior.org/users/rforno/lynn-cisco.pdf


That letter doesn't change anything.  Theres a lot of law that says that
is now public data, and free of it's trade incumberances.
RC4 is an algorithm, which means it cannot be patented nor copyrighted nor protected as intellectual property as anything other than a trade secret.
The Cisco/ISS trade secrets remain so unless and until these companies forego the legal protections afforded to them under law. i.e. they fail to seek restraining orders and otherwise fail to attempt to keep control of the commercial advantage that they believe they enjoy as a result of their ownership of the trade secret.
Because RC4, as an algorithm, cannot be protected as a trade secret starting the moment it is embodied into a product where the product can be reverse engineered legally, it would not have been possible to obtain injunctions against the dissemination and use of the RC4 algorithm and this is where you end up feeling like RC4 became "public domain" upon its public disclosure. See: 

http://en.wikipedia.org/wiki/RC4
Now, if RC4 had never been used to create a product and had been kept as a trade secret, and that secret had been published, then it would not have become, automatically, an unencumbered algorithm that could be used by anyone with impunity. There being no way other than theft of trade secret for a third party to come to know the algorithm, had a court order been obtained to halt the spread of the secret the algorithm itself could very well have been kept as protectable intellectual property until such time as the company that enjoyed a commercial advantage through preservation of their RC4 trade secret had concluded the public distribution of a product that somebody else could have reverse engineered.
The interesting question in the Lynn case arises when international jurisdictions come into play. It is very clear that anyone inside the U.S. who were to publish an article like the following one: 

http://www.techworld.com/security/news/index.cfm?NewsID=4130
Would be subject to the injunction on distribution of the trade secrets in question, and could be sued for having knowingly possessed and made use of (for the purpose of writing the article) those secrets.
However, techworld.com is a UK-based publisher, apparently, and so should be fine until a UK court concurs with the U.S. court's granting of the injunction. 

Sincerely,

Jason Coombs
jasonc () science org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: