Back to the Basics

The Ethical Aspect of Reverse Engineering

What Is Reverse Engineering?

What Is Reverse Engineering?

“The process of analyzing a system's code, documentation, and behavior to identify its current components and their dependencies to extract and create system abstractions and design information. The subject system is not altered; however, additional knowledge about the system is produced.”

–Software Technology Review, http://www.sei.cmu.edu/str/indexes/glossary/reverse-engineering.html 2/26/00

Why Reverse Engineering? Produce compatible product Produce competing product Academic use Hacking/cracking

Why Reverse Engineering?

Specifically: Discern specifications Ensure compatibility Understand program operation Understand solutions to programming

problems Understand concepts

What’s Wrong With Reverse Engineering? Copyright violation

Temporary copies of code in RAM Copying portions of code (BIOS,

ROMs) Copying “non-literal” elements (look

and feel) Both literal and non-literal parts of

software protected by law

What’s Wrong With Reverse Engineering? Patent infringement

Intermediate copies may violate patents

Hacking/cracking Exploit security holes Disable copy-protection Modification and redistribution of

copyrighted material

Ethical Considerations Consider purpose of reverse

engineering Fair use vs. Unethical/criminal use Healthy competition vs. Monopoly

US Law Digital Millennium Copyright Act

Circumventing anti-piracy controls is illegal

Hardware and software for unauthorized duplication is illegal

Cracking is legal for assessing product security and compatibility

Cracking is legal for academic use

Specific Cases AOL vs. Microsoft: the instant

messenger wars Microsoft reverse-engineered AOL

Instant Messenger to provide compatibility

AOL repeatedly changed protocols In similar incident, AOL reportedly

asked Prodigy to license IM protocol Did either company act ethically?

Specific Cases Sony vs. Connectix

Playstation emulator for Macintosh Sony claimed copyright infringement,

damage to Playstation name Initial injunction against Connectix

recently overturned Is Connectix capitalizing on

Playstation name?

The “Newspaper Test” Texas Instruments’ solution: the

Ethics Quick Test Is the action legal? Does it comply with our values? If you do it, will you feel bad? How will it look in the newspaper?

http://www.onlineethics.org/text/corp/bench.html 2/27/00

TI’s stance“Reverse engineering is a very common, accepted, and expected practice in our business world today. When we put a product on the market, we assume that it will be reverse engineered by competitors and others. Once it is on the market, there are few secrets left…perhaps some in our manufacturing process. That is one reason we so vigorously defend infringements on our patents. But this philosophy allows reverse engineering to pass the last three quick tests”

http://www.onlineethics.org/text/corp/bench.html 2/27/00

Summary Reverse engineering can be used

for ethical and non-ethical purposes

Use newspaper test to evaluate Laws protect against improper use