From: bill@twwells.com (T. William Wells)
To: cypherpunks@toad.com
Message Hash: 61a107d70e5b1a4751b7c58c0aa06abccac9c5c72c091df1ff04eb4925cc250f
Message ID: <CE1xH2.1Dt@twwells.com>
Reply To: <m0ohWe6-0001EbC@vanbc.wimsey.com>
UTC Datetime: 1993-09-28 07:11:24 UTC
Raw Date: Tue, 28 Sep 93 00:11:24 PDT
From: bill@twwells.com (T. William Wells)
Date: Tue, 28 Sep 93 00:11:24 PDT
To: cypherpunks@toad.com
Subject: Re: Verilog encryption broken
In-Reply-To: <m0ohWe6-0001EbC@vanbc.wimsey.com>
Message-ID: <CE1xH2.1Dt@twwells.com>
MIME-Version: 1.0
Content-Type: text/plain
In article <m0ohWe6-0001EbC@vanbc.wimsey.com>,
Mark C. Henderson <markh@wimsey.com> wrote:
: What should one do when one discovers that a vendor is marketing
: an encryption scheme for the protection or to limit the use of
: specific information, which is easy to break.
Whatever you want to do. Contrary to what I suppose is a popular
opinion, this is not an ethical question *unless* you have some
sort of contractual obligation that makes it so or unless your
personal, *private* ethics says something on the subject.
People who rely on trade secrets are making a bet. The bet is as
follows: first, that all people who have access to the trade
secret will respect the agreements, both by not disclosing their
trade secret and by protecting it from disclosure; and, second,
that if someone does violate one of those agreements, he has deep
enough pockets that suing him will make up for the loss. When the
trade secret is exposed, *it is gone*. *Forever*. That's the law.
Those who once had a trade secret cannot legally demand of
(uninvolved) others that they help them protect it.
I would guess that it is *Verilog* whose ass is in the fire. If
you or I were to use that script to extract information from their
libraries, *unless* we had an agreement with Verilog not to, it
would be perfectly legal to do so. And it would be perfectly
legal to broadcast that information. However, Verilog, by not
adequately protecting the information in the libraries, may well
be liable for the disclosure. What it looks like from this
distance is that Verilog is running scared, trying to frighten
would be extractors into not spreading the information they would
get so that the amount of damage Verilog will have to take will be
limited.
Verilog, their customers, and library providers, made a bet. They
lost. No one (who is uninvolved) has *any* obligation to help
them minimize the loss from losing their bet. I have no doubt
that Verilog would like to have the discussion turn away from the
simple business aspects toward a touchie-feelie mass-debation
about ethics but to do so would simply be evading the real issues.
Return to September 1993
Return to “markh@wimsey.bc.ca (Mark C. Henderson)”