The DMCA vs "Reverse Engineering" Software

First and foremost - I would just like to say that obviously I am not a lawyer, and you shouldn't take anything I write (especially this piece) as legal advise; so please don't do anything silly and blame me :smileyhappy:


As we open up another Black Hat & Defcon week ... this should make your research presentation more interesting...


So there is this exceptionally interesting story running in the "Your Rights Online" section of Slashdot today, and the more I think about it the more I think this needs to be analyzed more.  The article is specific to a recent ruling in the GE vs. MGE UPS case [cited here] where a "dongle" was bypassed to continue to use expired software but I think there are more far-reaching implications here...


To take a quote from the PDF:

"Merely bypassing a technological protection that restricts a user from viewing or using a work is insufficient to trigger the DMCA's anti-circumvention provision... The owner's technological measure must protect the copyrighted material against an infringement of a right that the Copyright Act protects, not from mere use or viewing



So...  I got it, I think.  Bypassing protections to merely view a protected work is insufficient to get you in trouble with the DMCA?  If you bypass a protection in the software you also have to infringe upon a right afforded by the Copyright Act?  Hold the phone ...


This is all interesting and leads right into a conversation I've had many times with researchers when it comes to the case of Flash files.  Since they're technically "compiled" (at least to an intermediary format) reverse engineering them (pulling out the ActionScript "source") may fall under the DMCA protective statutes ...or does it?


I've talked this through with many different people from researchers, to developers, to digital media types and the answers differ based on the agenda that is served - but interestingly enough many folks seem to think that the DMCA (Digital Millenium Copyright Act) protects their flash files (and yes, this may pertain to Java and other software as well...) from being reverse engineered to "look for vulnerabilities" or do other type of research on.


Where this most obviously applies is online video games where the objective is to win some prize, although I suppose it could apply anywhere digital content is necessarily "protected" in this form.


Now I suspect that there may be a different angle here too ...because Flash! has obfuscators, encryptors, and other fun things that can "protect" the files ... so perhaps if your Flash object is encrypted* you can expect to be protected against tampering by the DMCA.  All interesting thoughts... I repeat that I am not an attorney nor do I have any specific legal references other than this ruling to base this conversation-starter on but this is sure a tantalizing subject!


Let's take some of the DMCA-related actions (or threatened actions) against researchers [] who did nothing more than merely reverse engineer software to discover what made it tick, and how it could break.  All those silenced researchers, if I'm reading this ruling properly and I think I am, have a voice again as long as they're not directly infringing on the copyright of the software.


This is all fascinating.  So as we move into another Black Hat & Defcon week ... does this effectively create a timely open season on reversing software long as the treading is done carefully enough not to infringe copyright?


Wow ... as someone on Slashdot so poetically put it...

Say what? I think I just saw a pig fly by.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About the Author

Follow Us
Community Announcements
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation