Wednesday, April 11, 2012

[TECH] circumventing EULA reverse engineering clauses

Background: Many EULAs (End-User License Agreements) of commercial software products attempt to prohibit reverse engineering of the software.

Question: Apart from complaining, what can be done about this?

First of all, a clause prohibiting "reverse engineering" is inherently vague, because reverse engineering means different things to different people. I believe that the term "reverse engineering", in its most usual sense, refers to the process of figuring out how a device or a piece software works by examining a specimen. Note that this is distinct from the process of "cloning" a design. One might produce an exact copy of a design without understanding how it works (cloning without reverse engineering), or one might attempt to understand how it works without producing an exact or even an approximate copy of a design (reverse engineering without cloning).

Normally, reverse-engineering is legal under U.S. law and under the law of most civilized countries. In its broad sense of attempting to understand a mechanism made by someone else, reverse engineering is not even unethical. A gray area is reached only when reverse engineering efforts are specifically directed at producing an exact or approximate replica (which may be protected under copyright laws). Of course, ideas that have been learned through reverse engineering may be subject to the protection of in-force patents, so there is no guarantee that ideas learned through reverse engineering may be used without encumbrance. Nevertheless, the act of reverse engineering itself is usually legitimate.

Of course, big software doesn't like this state of affairs. While big software does file patents, it's an expensive procedure since they have to pay a patent attorney to prepare the application. Frequently, the patent examiner is able to find prior art that invalidates the application. The risks are high since the chances of originality are low. Instead, lawyers sold them the idea that an anti-reverse-engineering clause in their software license would give them a "virtual patent" -- nobody would be allowed to grab hold of their ideas, and they would not have to prepare a patent application or subject their work to legal tests of originality.

But how does big software get the world at large to accept the terms of the software license? Usually, two parties can't enter into a contract without an exchange of value from both sides. This is known as "consideration". If you walk into a software shop and buy a boxed software product for cash, a basis for a contract is formed because you have provided the vendor with money and the vendor has provided you with an installation CD. This is a contract for the sale of the software. Under my personal interpretation of contract law, the subsequent "clickwrap" agreement (EULA) that appears when you attempt to install the software is not a legally binding contract because there is no further "consideration" -- you do not give additional money for the privilege of -using- the copy of the software you now own the installation CD for and the software vendor is not giving you anything you are not already entitled to.

While judges have considered interpretations of contract law similar to mine, they have ultimately decided on a different interpretation -- the clickwrap agreement "amends" or "supplements" or "clarifies" the original contract for the sale of the software (which met the legal condition of consideration, because you paid and they delivered). I consider this to be an example of judicial error. In the long run, I believe this mistake will be corrected, and clickwrap agreements formed after the sale of the software will be found to lack consideration. Until then, I can see a very simple workaround -- have a third party purchase and install the software onto a laptop computer (including pressing "I Accept"), and then purchase the laptop computer from the third party. In this arrangement, no contract between yourself and the vendor can possibly exist, since there is no consideration from either party to the other. You may then tinker and reverse engineer to your heart's content.

In a business setting, the third party must be kept at arm's length, in a contract that does not allow him/her to obligate the business to the EULA or any other legal agreement. For such a task, an employee would be a poor choice and a business partner would be a disastrous choice.

Courts frequently prioritize objective factors (the "I Agree" button was pressed) over subjective factors (the user didn't genuinely wish to enter the agreement in the EULA since it served purely to limit their options without any benefit to them). Therefore, however silly it may seem, you are in much better shape if you do not push the "I Agree" button yourself.

This workaround may seem to contradict the premise of the software license, which usually states that "by using this software you agree ...". Legally, however, it's a non-sequitur that you must agree to the vendor's terms simply because you use the software, even if the vendor has stated such a requirement. By continuing to read this page beyond this sentence, you agree to pay the author $10,000 USD. Will that be cheque or cash?

Obviously, in a free country, you have the right to do anything not explicitly disallowed by law. The law does not disallow you from using a vendor's software -without- accepting the vendor's terms, in the same way that the law does not disallow you from reading a sentence without obeying an imperative. It's just a matter of making a clear case for the stance that you did not ever accept the EULA. The vendor will try to push for the interpretation that you initially accepted the EULA but then decided to act against its provisions, but this is not an insurmountable obstacle. It should be noted that the state of Louisiana has a Louisiana Software License Enforcement Act that specifically forces users, through mere use of software, to bind to a subset of specifically enumerated clauses of a vendor's software license terms. For a time, this included anti-reverse-engineering clauses (until part of the act was invalidated because federal law stipulates that states may not create additional copyright protections).

In this vein, it should be noted that the concept of a software license is rather bogus itself. In most states, you don't need a license from an author to merely -use- a piece of software he/she wrote. You only need a license to -copy- the software, and only because the software is protected by copyright law, not because the author says so. In most states, the only case in which you need a license merely to -use- a piece of software is when the underlying technology is protected by a patent. In this case, you need a license from the owner of the patent, not the author of the software embodying it (though the vendor may hold both the copyright and the patent). In any case, such a license is not a "software" license, but a patent license.

Even so, you are not forced to enter an agreement with the vendor simply because use of the software would otherwise infringe a patent owned by the vendor. You have the sensible option of using the software without a patent license and waiting for the vendor to sue you for patent infringement. If you do not redistribute the software, or a clone of it, this will virtually never happen. Besides, the damages would not amount to much, as you are not commercially exploiting the invention, you are only employing it to the extent of studying a single instance of it. It would be difficult to justify a "reasonable royalty" greater than the price of the software and there would be no provable loss of revenue to the vendor. In fact, if your copy of the software was originally bought from the vendor, should find a strong defense from patent infringement claims from the vendor under the Exhaustion Doctrine, though not necessarily from patent claims brought by parties other than the vendor.

A noteworthy snag to the above reasoning that "mere use of software does not require a license" is that intermediate copies may be generated when a computer program is run. Lawyers have split hairs over the extent to which the generation of these intermediate copies may be a form of copyright infringement. Fortunately, courts have found intermediate copies produced during a reverse-engineering effort to be "fair use" when there are no other ways to obtain otherwise unprotected technical information. However, the DMCA introduces a ban on reverse engineering for the purpose of defeating a software protection mechanism. Again, a basic premise of legitimate reverse engineering is that the engineer is merely trying learn the techniques and technologies utilized by the software. Defeating a protection mechanism is a highly dubious motivation; it is not surprising that courts have held against it.

Summary: Reverse engineering is still legitimate even if the software ships with an EULA. It is a matter of jumping through hoops to avoid obligating yourself under the EULA. The pioneers of reverse engineering EULA-protected software have generally been burned -- partly through their own ignorance and partly through (in my view) unreasonable judicial interpretation. While legal scholars are content to document the cases that arise, few suggest workarounds. EULAs are an advance in the field of legal engineering, but they are still gimmicks and cannot possibly be equivalent to the "real" intellectual property protection that copyrights and patents afford. Accordingly, it is plausible that a simple workaround, such as purchasing pre-installed software from a third party, can defeat an EULA.

Warnings: I am not a lawyer. If you are contemplating reverse engineering, you should definitely consult a real lawyer and give him/her the full details of your reverse engineering project. In complete contradiction of common sense, anti-reverse-engineering clauses present in EULAs have been held legally binding by courts, notwithstanding the fact that such clauses harm the public interest. Definitely consult with a lawyer as early as possible in the process. Nothing in this document should be construed as being legal advice; it is written exclusively for the purposes of entertainment.

4 comments:

  1. Each time a man introduces programming on his PC, an assention page turns out. It remains for End User Licensing Agreement. It is an understanding went into by and between the product distributer and the client whereby the last embraces not to offer or circulate the project without the authorization of the product proprietor. http://www.mordocrosswords.com/2016/02/end-license-agreement.html

    ReplyDelete
  2. Another technology may also be interesting for you or your followers - data room services . Any type of info can be exchanged via this tool from any part of the world.

    ReplyDelete
  3. Knowing about energy systems in-depth would help the students about different operating practices through which it opens getaways to green building initiatives.
    Floods Pro System and Company

    ReplyDelete
  4. Additionally, rise in the use of new engineering modes such as building information modeling, 3D modeling, 3D printing, and concurrent engineering are major drivers for the engineering software market.cheap SolidWorks 2016 software

    ReplyDelete