1996-02-02 - Re: RC2 Source Code - Legal Warning from RSADSI

Header Data

From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
To: cypherpunks@toad.com
Message Hash: c5f5caa1b1521febb3a345e5fd398de250b4e3690d27dd57bb4a924cbebcd035
Message ID: <ad36b3ea020210044647@[132.162.233.188]>
Reply To: N/A
UTC Datetime: 1996-02-02 11:02:12 UTC
Raw Date: Fri, 2 Feb 1996 19:02:12 +0800

Raw message

From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Fri, 2 Feb 1996 19:02:12 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <ad36b3ea020210044647@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:06 PM 02/01/96, baldwin wrote:
>WARNING NOTICE
>
>        It has recently come to the attention of RSA Data
>Security, Inc. that certain of its confidential and
>proprietary source code has been misappropriated and
>disclosed.  Despite such unauthorized use and disclosure,
>RSA Data Security reserves all intellectual property rights
>in such source code under applicable law, including without
>limitation trade secret and copyright protection.  In

Well, now we know it really was RC2.

Is there a law-knowing type out there who can tell us what's going on
legally?  As I understand things, RSA is just bullshitting here.  When
something has 'trade secret' status, the only people with legal obligations
toward it are those with contractual obligations to RSA--you can only
enforce 'trade secrets' through contractual obligations, non-disclosure and
confidentiality agreements, etc.  Once something has been disclosed, as I
understand it,  people without contractual obligations in regards to it are
free to do whatever they want to it--trade secret status of RC2 has nothing
to do with me, who has no contractual obligations to RSA regarding RC2.
(Unless the license agreement for RSAref could be stretched to apply
somehow, but I don't think so).

Now, copyright might be another matter.    But you can't copyright an
algorithm, only specific text in fixed form (ie, the source code).  So this
would mean you couldn't use the particular code posted to sci.crypt, but
wouldn't stop anyone from using the algorithm, if they wrote their own code
(to be safe, without having seen the RSA-copyrighted code, only having the
algorithm described to them by someone else).   You can _patent_ an
algorithm, but as I understand it, something can't be patented and a trade
secret--you have to disclose it in full to the patent office to get a
patent, at which point it's no longer a trade secret.  And the legalese
from RSA doesn't even mention patents anyway (because they dont' have one,
of course), only copyright and 'trade secret'.

I'm not a lawyer of course.  Information from someone more sure of their
knowledge then I am would be appreciated.  But, as I understand it, they're
basically making stuff up, and there is nothing stopping any of us, who
haven't signed any non-disclosure agreements with RSA, from using the RC2
algorithm.







Thread