More on fortifying Lotus Notes
William H. Geiger III
whgiii at openpgp.net
Mon, 07 Jun 1999 11:20:04 -0500
-----BEGIN PGP SIGNED MESSAGE-----
In <3.0.5.32.19990607155223.00948d20@mail.netkonect.co.uk>, on 06/07/99
at 03:52 PM, Nicholas Bohm <nbohm@ernest.net> said:
>Not quite. Section 50B of the Copyright, Designs & Patents Act 1988, as
>amended by the Copyright (Computer Programs) Regulations 1992 in order to
>implement the Software Directive (Council Directive No 91/250/EEC),
>permits decompilation of a program if this is necessary in order to
>obtain information required in order to create an independent program
>which can be operated with the program to be decompiled.
>This is a fairly limited right of decompilation. It might apply in the
>present case if the fortifying program can be regarded as "an independent
>program which can be operated with the program to be decompiled"; but I
>wonder whether the fortifying program is really independent. Perhaps it
>is.
>Even so, this does not by itself permit Notes to be run in a modified
>form if this is prohibited by the licence terms. And section 50C, which
>permits modification, does not override a contrary licence term.
Well if you really want to put an end to the silliness of weak or
backdoored crypto there is a direct way of doing so: hit them where it
hurts; in the wallet.
There are to legal principles that can be used to do so:
#1 Most western countries have some type of consumer protection laws in
place to protect consumers against defective products. By all current
industry standards, a product that uses either weak "export" encryption or
has crypto "backdoors" is defective.
#2 Most western countries have criminal fraud statutes. If a software
company markets & advertizes a software product as "secure" but uses weak
"export" encryption or has crypto "backdoors" they have committed fraud.
These two legal principles can be used to attack the software vendors both
in the civil courts (#1) and in the criminal courts (#2). Export
restrictions by the USG are not a defences for there actions. Imagine if
instead of software we were talking about cars. All cars that Ford exports
has the wheels fall off if the driver goes over 30kph. In addition to this
Ford marketing advertizes the car as safe for driving at highway speeds.
Would your courts allow the defence that the USG mandates it so it is ok?
While IANAL, and do not know all the nuances of the European court
systems, it seems like an open and shut case, and would put a quick end to
the entire crypto export issue.
PS: If one really wanted to have fun, name the USG as a criminal
co-conspirator in the fraud case <EG>.
- --
- ---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
- ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i OS/2 for non-commercial use
Comment: Registered_User_E-Secure_v1.1b1_ES000000
Charset: cp850
wnUDBQE3W/WX0fdTsSGZnTUBAfggAwC8Rt+sCYpTpgRINMYTjJ4Eo5mfoYlEHLZe
HDAPgCQQ5CTglDKX4wVQOLC1FRRuttlvbzPEJiwQfp0jPb6z0qck90w/d1buEKTu
b0b8Ps8rgysHNsrjINlDp1p5u6GMzUY=
=He2z
-----END PGP SIGNATURE-----