Frequently Asked Questions (and Answers) about Reverse Engineering

Question: What is reverse engineering?
Answer: Reverse engineering is the general process of analyzing a technology specifically to ascertain how it was designed or how it operates. This kind of inquiry engages individuals in a constructive learning process about the operation of systems and products. Reverse engineering as a method is not confined to any particular purpose, but is often an important part of the scientific method and technological development. The process of taking something apart and revealing the way in which it works is often an effective way to learn how to build a technology or make improvements to it.
Through reverse engineering, a researcher gathers the technical data necessary for the documentation of the operation of a technology or component of a system. In "black box" reverse engineering, systems are observed without examining internal structure, while in "white box" reverse engineering the inner workings of the system are inspected.
When reverse engineering software, researchers are able to examine the strength of systems and identify their weaknesses in terms of performance, security, and interoperability. The reverse engineering process allows researchers to understand both how a program works and also what aspects of the program contribute to its not working. Independent manufacturers can participate in a competitive market that rewards the improvements made on dominant products. For example, security audits, which allow users of software to
better protect their systems and networks by revealing security flaws, require reverse engineering. The creation of better designs and the interoperability of existing products often begin with reverse engineering.
Question: How does reverse engineering differ from other types of engineering?
Answer: The most traditional method of the development of a technology is referred to as "forward engineering." In the construction of a technology, manufacturers develop a product by implementing engineering concepts and abstractions. By contrast, reverse engineering begins with final product, and works backward to recreate the engineering concepts by analyzing the design of the system and the interrelationships of its components.
Value engineering refers to the creation of an improved system or product to the one originally analyzed. While there is often overlap between the methods of value engineering and reverse engineering, the goal of reverse engineering itself is the improved documentation of how the original product works by uncovering the underlying design. The working product that results from a reverse engineering effort is more like a duplicate of the original system, without necessarily adding modifications or improvements to the original design.
Question: What stages are involved in the reverse engineering process?
Answer: Since the reverse engineering process can be time-consuming and expensive, reverse engineers generally consider whether the financial risk of such an endeavor is preferable to purchasing or licensing the information from the original manufacturer, if possible.
In order to reverse engineer a product or component of a system, engineers and researchers generally follow the following four-stage process:
• Identifying the product or component which will be reverse engineered
• Observing or disassembling the information documenting how the original product works
• Implementing the technical data generated by reverse engineering in a replica or modified version of the original
• Creating a new product (and, perhaps, introducing it into the market)
In the first stage in the process, sometimes called "prescreening," reverse engineers determine the candidate product for their project. Potential candidates for such a project include singular items, parts, components, units, subassemblies, some of which may contain many smaller parts sold as a single entity.
The second stage, disassembly or decompilation of the original product, is the most time-consuming aspect of the project. In this stage, reverse engineers attempt to construct a characterization of the system by accumulating all of the technical data and instructions of how the product works.
In the third stage of reverse engineering, reverse engineers try to verify that the data generated by disassembly or decompilation is an accurate reconstruction the original system. Engineers verify the accuracy and validity of their designs by testing the system, creating prototypes, and experimenting with the results.
The final stage of the reverse engineering process is the introduction of a new product into the marketplace. These new products are often innovations of the original product with competitive designs, features, or capabilities. These products may also be adaptations of the original product for use with other integrated systems, such as different platforms of computer operating systems.
Often different groups of engineers perform each step separately, using only documents to exchange the information learned at each step. This is to prevent duplication of the original technology, which may violate copyright. By contrast, reverse engineering creates a different implementation with the same functionality.
Question: What is disassembly or decompilation of a computer software program?
Answer: In the development of software, the source code in which programmers originally write is translated into object (binary) code. The translation is done with a computer program called an "assembler" or "compiler," depending on the source code's language, such as Java, C++, or assembly. A great deal of the original programmer's instructions, including commentary, notations, and specifications, are not included in the translation from source to object code (the assembly or compilation).
Disassembly or decompilation reverses this process by reading the object code of the program and translating them into source code. By presenting the information in a computer language that a software programmer can understand,
the reverse engineer can analyze the structure of the program and identify how it operates.
The data generated in the disassembly of a typical computer program is one to many files with thousands of lines of computer code. Because much of the original programmer's commentary, notations, and specifications are not retained in the object code, the reverse engineered code constitutes only a part of the program information included in the original source code. Engineers must interpret the resulting source code using knowledge and expertise to recreate the data structures of the original program and understand the overall design rationale of the system.
Not all reverse engineering efforts require "decompilation" of software. Some "black box" reverse engineering is done by characterizing software through observation of its interaction with system components, other software, and other (external) systems through networks.
Question: What is the difference between source code and object code?
Answer: Source code is the category of computer language instructions that is most frequently written and read by software programmers. A computer cannot generally run a program in source code form though. The source code is translated, with the use of an assembler or compiler, into a language form that contains instructions to the computer known as object code. Object code consists of numeric codes specifying each of the computer instructions that must be executed, as well as the locations in memory of the data on which the instructions are to operate.
While source code and object code are commonly referred to as different classes of computer language, these terms actually describe the series of transformations a program goes through when being converted from a higher level language more easily comprehensible to humans to the lower level language of computer operations.
Question: What is interoperability?
Answer: Generally, interoperability allows technologies to work together when they use the same inputs and create the same outputs. For computers,
interoperability is the abililty of programs and systems running on various kinds of software and hardware to communicate with each other.
Standards foster interoperability by ensuring that all groups implementing the standard interpret it the same way, so that the technology produces consistent performance regardless of the individual brand or model. By contrast, a lack of standards means that parties must reverse engineer the technology to achieve interoperability. Moreover, owners of proprietary, non-standardized technologies retain control over upgrades and developments to those technologies, and may change them at will, disrupting the interoperability with other technologies.
Question: What are the different uses of reverse engineering?
Answer: A common misperception regarding reverse engineering is that it is used for the sake of stealing or copying someone else's work. Reverse engineering is not only used to figure out how something works, but also the ways in which it does not work.
Some examples of the different uses of reverse engineering include:
• Understanding how a product works more comprehensively than by merely observing it
• Investigating and correcting errors and limitations in existing programs
• Studying the design principles of a product as part of an education in engineering
• Making products and systems compatible so they can work together or share data
• Evaluating one's own product to understand its limitations
• Determining whether someone else has literally copied elements of one's own technology
• Creating documentation for the operation of a product whose manufacturer is unresponsive to customer service requests
• Transforming obsolete products into useful ones by adapting them to new systems and platforms
Question: Is reverse engineering legal?
Answer: Reverse engineering has long been held a legitimate form of discovery in both legislation and court opinions. The Supreme Court has confronted the
issue of reverse engineering in mechanical technologies several times, upholding it under the principles that it is an important method of the dissemination of ideas and that it encourages innovation in the marketplace. The Supreme Court addressed the first principle in Kewanee Oil v. Bicron, a case involving trade secret protection over synthetic crystals manufacturing by defining reverse engineering as "a fair and honest means of starting with the known product and working backwards to divine the process which aided in its development or manufacture." [416 U.S. 470, 476 (1974)] The principle that reverse engineering encourages innovation was articulated in Bonito Boats. v. Thunder Craft, a case involving laws forbidding the reverse engineering of the molding process of boat hulls, when the Supreme Court said that "the competitive reality of reverse engineering may act as a spur to the inventor, creating an incentive to develop inventions that meet the rigorous requirements of patentability." [489 U.S. 141 160 (1989)]
Congress has also passed legislation in a number of different technological areas specifically permitting reverse engineering. The Semiconductor Chip Protection Act (SCPA) explicitly includes a reverse engineering privilege allowing semiconductor chip designers to study the layout of circuits and incorporate that knowledge into the design of new chips. The Competition of Contracting Act of 1984 allows the defense industry to inspect and analyze the spare parts it purchases in order to facilitate competition in government contracts.
The law regarding reverse engineering in the computer software and hardware context is less clear, but has been described by many courts as an important part of software development. The reverse engineering of software faces considerable legal challenges due to the enforcement of anti reverse engineering licensing provisions and the prohibition on the circumvention of technologies embedded within protection measures. By enforcing these legal mechanisms, courts are not required to examine the reverse engineering restrictions under federal intellectual property law. In circumstances involving anti reverse engineering licensing provisions, courts must first determine whether the enforcement of these provisions within contracts are preempted by federal intellectual property law considerations. Under DMCA claims involving the circumvention of technological protection systems, courts analyze whether or not the reverse engineering in question qualifies under any of the exemptions contained within the law.
Question: What "copying" of computer programs is permitted under copyright law?
Answer: Copyright law protects any work, including computer software, that is "fixed in a tangible medium of expression" and which contains a "modicum of
originality." While making a copy of an orginal work generally constitutes copyright infringement, the very nature of computer software requires the making of a copy of original elements every time a program runs. In order to solve this problem, Congress included specific exemptions within copyright law outlining the permitted uses of a computer program.
Section 117 of the Copyright Act provides that:
[I]t is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:
1. that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it used in no other manner, or
2. that such new copy or adaptation is for archival purposes only and that all archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful.
Question: Is the making of an intermediate copy in the reverse engineering process copyright infringement?
Answer: There have been many attempts by companies over the past two decades to bring claims against software developers for their reverse engineering efforts. Since reverse engineers must make intermediate copies of the original work through the disassembly or decompilation process, the copyright owners of the initial software program have claimed that such a procedure is not covered by Section 117. They have argued that reverse engineering should be considered copyright infringement since some of the retrieved technical data used in the development process includes copyrightable expression.
In Sega v. Accolade, the case most often referred to discussing reverse engineering of computer software, the appellate court determined that reverse engineering is a fair use when "no alternative means of gaining an understanding
of those ideas and functional concepts exists." The court considered Accolade's intermediate copying of parts of Sega's video game console during the reverse engineering process in order to make compatible games of minimal significance to the rights in Sega's copyrighted computer code. The court held that forbidding reverse engineering in this context would defeat "the fundamental purpose of the Copyright Act--to encourage the production of original works by protecting the expressive elements of those works while leaving the ideas, facts, and functional concepts in the public domain for others to build on."
Question: What elements of a computer program are copyrightable?
Answer: Section 102(b) of the Copyright Act provides that:
"in no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work."
This principle that copyright protects the expression of an idea but not the idea itself is fundamental to copyright law. Commonly referred to as the "idea/expression dichotomy," this distinction is particularly complicated in the context of computer programs. A software program must include many elements of computer code that are external to its particular use in order to function properly, including the specifications of the of the operating system, the computer on which the program runs, compatibility with other programs, and other widely accepted standards. These functional elements of a software program as well as those aspects of the software code that are in the public domain are considered ideas not protected by copyright law.
Question: How does a court determine the difference between the ideas and expressions in a computer program?
Answer: In order to separate out those elements of a computer program that should be considered original expression from the unprotectable ideas and processes, courts utilize the Abstraction, Filtration, and Comparison test described in the case of Computer Associates v. Altai. [982 F.2d 693 (2d Cir. 1992)] Under this test, the court is required to go through the following steps to determine whether copyright infringement occurred:
• Retrace the designer's steps in the reverse order of its creation into manageable components in order to identify the unprotected ideas at each level of abstraction.
• Filter out the non-protectable elements, including those dictated by efficiency (the most efficient implementation of any given task) , merger (when there is only one way to express an idea), external factors (necessity of matching standards), and elements taken from the public domain (expressions not protected by intellectual property).
• Compare the allegedly infringing work and the initial work to determine whether a sufficient similarity exists in the protectable elements of the initial work.
Question: Are the functional elements of a software program protected by copyright?
Answer: In applying the distinction between ideas and expressions, courts have analyzed particular features of software programs over the years in order to determine whether or not they should be protected. While court decisions have varied according to the facts, copyright protection does not extend over the elements of a program's software code that relate to its basic function. For example, in Lotus v. Borland [49 F.3d 807 (1st Cir. 1995)], the court held that the menu command hierarchy and macros of a software program was not protectable since it embodied the basic structure and functionality of that type of program as a "method of operation." Similarly, courts have considered whether certain program outputs such as portions of screen displays or graphical user interfaces (GUI) are protected by copyright. For example, the court in Apple v. Microsoft [35 F.3d 1435 (9th Cir. 1994)] held that Microsoft Windows did not infringe on the Macintosh OS because utilitarian aspects of the user interface such as the use of windows, icons, and menus were considered basic ideas to the "desktop" metaphor in the GUI of an operating system. The fact that such aspects of a program become industry standards is considered in the determination of whether they are functional elements not protected by copyright.
Question: Is reverse engineering affected by patent law?
Answer: Though software programs had generally not been granted patents in the past, more recently the U.S. Patent Office has granted patents for those programs that meet the patent requirements of usefulness (it must work and have an actual use), novelty (it must not have been previously known), and non-
obviousness (it must not be an obvious invention to an ordinary person in that field). Due to the additional requirement that the specifications of the invention must be disclosede in the published version of a patent, reverse engineering is generally not necessary to discover the method or process necessary to the independent creation of that invention. However, many integrated systems contain many components, some of which may be patentable, which may implicate a reverse engineer in a patent infringement lawsuit. Since electronic products often contain many constituent parts, made by a number of different manufacturers, it would not be possible to figure out how the whole product works without having to replicate some of its parts. Despite the first sale doctrine in patent law, which allows a purchaser of a product on the open market to use it and even take it apart, some courts have upheld contracts that specifically prohibit the reverse engineering of that product. The lack of a fair use exemption in patent law may threaten reverse engineering efforts when they involve software, but the question has not yet been addressed by courts.
Question: Does trade secret protection of information contained within a product restrict reverse engineering?
Answer: Increasingly, manufacturers protect the know-how behind their software and electronics through the use of trade secret protection. This form of protection is attractive since the kinds of information that trade secrets is very broad and can include "any formula, pattern, device or compilation of information which is used in one's business, and which gives him an opportunity to obtain an advantage over competitors who do not know or use it." [Restatement of Torts, §757] Among other factors, the status of a trade secret depends on the efforts undertaken by the owner to maintain the secrecy of the information. Since there is no time limitation on its enforceability, trade secrets can potentially provide eternal protection for software. Trade secrets terminate and become public domain information if they are publicly disclosed for any reason, however, including the widespread publication of the information on the Internet. Reverse engineering and independent discovery of the technical information within a product s are considered legally viable means of ending another's trade secret, provided that the product is obtained lawfully. Trade secret misappropriation is found when the trade secret is used or disclosed through "improper means," which includes illegal conduct or conduct that violates a generally accepted standard of commercial morality. The explicit prohibition on reverse engineering is therefore not the only licensing provision one must consider in determining whether reverse engineering will be considered legitimate. For example, a common cause of action in a trade secret case involving an anti reverse engineering contract provision is the duty of confidentiality. Depending on the facts of the case, the court must determine whether the confidentiality required in regards to the information was established by marking those specific parts as
proprietary or as restricted technical information and informing employees working with such information of their duty to preserve its confidentiality. The disclosure of such information to a third party may be considered trade secret misappropriation and may create liability for both the party which disclosed the information and the party who received it.
Question: Should a reverse engineer worry about the original product manufacturer's trademarks?
Answer: Software developers are generally not affected by a company's trademark when reverse engineering software. Trademark law protects words, names, symbols, or devices that identify the source of goods and services. While trademarks should not be a big concern for a reverse engineer , Sega v. Accolade was one case in which a manufacturer used trademarks to prevent the creation of programs compatible to its system. Sega developed a trademark security system (TMSS) embedded in an initialization code on its games so that other companies could not develop games for the Sega Genesis console without infringing on Sega's trademark. The court did not find infringement because the SEGA trademark was used as an essential element of the functional device that regulates access. Furthermore, the court held that this type of security system discouraged competition by excluding independently developed games from its video game market.
Question: What kind of proof is necessary to show the copying of a computer program?
Answer: Courts determine whether or not copying occurred, rather that the independent creation of a program, by comparing the two programs for evidence of copyright infringement. The determination of copyright infringement is done through an analysis of whether there exists a "substantial similarity" between the initial work and the product of the reverse engineering effort. Making such a determination can be quite complicated in the software context since different parts of the computer code may be similar due to the industry standards of the overall structure and user interface of programs as well as their compatibility requirements. In order to prove a claim of copyright infringement, the burden is on the initial work's owner to show that the defendant had access to the original code.
Question: What is UCITA?
Answer: The Uniform Computer Information Transactions Act (UCITA) is a proposed state law that would enforce the licensing provisions in click-wrap,shrink-wrap, and browse-wrap agreements. These types of agreements are the most common types of transactions that occur in agreements over uses of computer information. There is a great deal of controversy over the inclusion of UCITA in contract law due to the effect it may have on the notice individuals have of the licensing provisions included and the ability of individuals to negotiate the terms of the contract. Whether or not an individual is sufficiently aware of the license terms to which they have agreed and the opportunity to bargain over these terms are important considerations in establishing a valid contract. Currently, UCITA is only in effect in two states - Maryland and Virginia. Several other states, though, have pending legislation that considers adopting UCITA as law. On the other hand, states such as Iowa have passed "bomb shelter" legislation in order to protect its citizens from being governed by UCITA.
Question: What is the difference between a license and a sale of a product?
Answer: As opposed to the transfer of ownership of property when a consumer buys a product, a licensee enters into a relationship with the manufacturer where the permitted uses of the product are defined in a contract and the manufacturer still retains ownership. The software industry generally makes end-user license agreements, which define these permitted uses in the form of a shrink-wrap, click-wrap, or browse-wrap agreement.
Even though copyright law includes explicit exemptions on the use of computer programs under section 117 of the Copyright Act, some controversy exists over whether those exemptions apply in the case of a license that prohibits reverse engineering. Under section 117, an top
Question: What are shrink-wrap, click-wrap, and browse-wrap licenses?
Answer: In the context of computer software and the Internet, written agreements that indicate the formation of a contract between the user and the manufacturer have been replaced by shrink-wrap, click-wrap, and browse-wrap agreements.
Shrink-wrap licenses refer to the cellophane wrapping that seals boxes of mass marketed software are commonly called "shrink-wraps." Software manufacturers generally attach license agreements inside the packaging of their products, which bind the consumer to the terms of the agreement upon removal of the shrink-wrap.
Some courts have held that shrink-wrap licenses are unenforceable as contracts of adhesion, while other courts have considered them valid. An adhesion contract is a bargain drafted unilaterally by a dominant party, and presented as a final offer to a party with very little bargaining power. The terms are generally presented as a preprinted form to the weaker party, who lacks any realistic ability to negotiate the terms. If an individual chooses to return the product, however, they are no longer bound by the terms of the contract.
Click-wrap licenses are another form of creating an electronic agreement, except that the license is included on the computer screen before installation rather than on the box. By clicking on a button that says "I agree" or "I accept," the licensee agrees to the terms of use of the contract. An important difference between click-wrap agreements and shrink-wrap agreements is the fact that the user actually has an opportunity to read the contract before using or installing the program.
Browse-wrap agreements are contracts in which the terms of use are listed on a web site page. In such contracts, manufacturers presume to bind the user to the license terms merely by their visit to the web site or downloading software from that site. Courts are generally reluctant to hold such contracts enforceable because of the lack of assent, or explicit agreement, on the part of the user.
Question: Are licensing provisions prohibiting reverse engineering enforceable?
Answer: While the validity of licensing prohibitions of reverse engineering has not yet been decided by courts, the conflict between state laws that would enforce these provisions and federal intellectual property law has been addressed. When considering cases where breach of contract or trade secret misappropriation is claimed (both state law claims), courts must first determine whether or not intellectual property law preempts those contracts enforced by the individual state. Preemption occurs when courts determine that federal intellectual property law must be considered in order to address the issues involved in the particular provisions.
Section 301 of the Copyright Act provides that a state law claim is preempted if:
1. (1) the work to be protected comes within the subject matter of copyright; and
2. (2) the state-created right forming the basis of the state law claim is equivalent to any of the exclusive rights within the general scope of copyright."
In order for the claim to be preempted it must first pass this equivalency test, which determines whether the state-created rights in upholding the contract are merely alternative articulations of the exclusive rights of copyright law. If the court determines that the contract provisions contain an "extra element" that require analysis of the contract to be preempted by copyright law, the courts generally proceed to an analysis of the possible infringement or exemption under fair use of the activities of the reverse engineer.
Question: Is the reverse engineering of a technological protection measure illegal under the DMCA?
Answer: The Digital Millennium Copyright Act (DMCA) made an effort to recognize the value of interoperability to competition and innovation and included an exemption expressly allowing reverse engineering in order to preserve a healthy market in the information technology industry. Section 1201(f) of the DMCA allows software developers to circumvent technological protection measures of a lawfully obtained computer program in order "the elements necessary to achieve interoperability of an independently created computer program with other programs." A person may reverse engineer the lawfully acquired computer program only where the elements necessary to achieve interoperability are not otherwise readily available and reverse engineering is otherwise permitted under the copyright law. The reverse engineer is required to ask permission first, however. The prohibition on the dissemination of circumvention devices also applies to reverse engineering. Under the "trafficking ban", a person may only develop and employ technological means to circumvent and make the circumvention information or tool available to others solely for the purpose of achieving interoperability. Reverse engineers are not exempt from the "trafficking ban" only if they permit the device to be made available to other persons for the purpose of gaining access to protected works for infringing purposes.
Question: What are the limitations of the interoperability criteria for the DMCA's reverse engineering exemption?
Answer: Section 1201(f) allows software developers to circumvent technological protection measures of a computer program that was lawfully obtained in order to identify the elements necessary to achieve the interoperability of an independently created computer program to achieve program to program interoperability. This means that reverse engineering a product to achieve interoperability between data and program is not permitted, nor is reverse engineering for any other purpose. In Universal v. Corley, the district court in New York held that this limitation on the interoperability criterion of the exemption therefore did not apply to the circumvention of the access control mechanism protecting digitally formatted works, such as music, movies, or video games. In order to be viewed on a computer, motion pictures on DVD require software systems that enable the Content Scrambling System to be decrypted in addition to the hardware requirement of a DVD drive. From the perspective of the consumer, the inability to view their DVDs on computer players that do not decrypt CSS may seem to be a problem of software interoperability.
The issue of whether or not the use of a technological protection measure can allow a copyright owner to control the hardware products on which the protected content can be used has not yet been fully addressed by the courts. By limiting the reverse engineering exemption to interoperability between programs, the DMCA may have effectively granted copyright owners some control over the hardware products used to operate digitally protected content in addition to the content itself. Without consideration of the effect of technological protection measures, courts have held that copyright holders cannot use copyright to exercise control over products which are outside the scope of the owner's rights under copyright. For example, in the recent case of Sony v. Connectix (which did not include a DMCA claim), the Ninth Circuit held that a product allowing Sony games to be played on computers and not only on the Sony PlayStation was a creation of a new product. The court considered the reverse engineering work engaged in during the creation of the product a "transformative" use of the initial copyrighted work, making it permissible according to copyright law.
Question: How are software development projects conducted over the Internet affected by the DMCA?
Answer: While the reverse engineering exemption permits software programmers to develop and distribute circumvention tools as part of their projects, there are significant limitations over who can do so and in what manner they can do it. Section 1201(f)(3) provides that only the person who performs the reverse engineering can provide the information necessary to achieve interoperability to others. Collaborative project environments conducted over the Internet, such as those used by many open source software developers may be considered illegal under a strict interpretation of the exemption. Even if the
sharing of information regarding circumvention is done for the purpose of developing an interoperable product, its placement on the Internet may be interpreted as "trafficking" under the circumvention device ban.
Question: How is reverse engineering different from circumvention?
Answer: Circumvention, according to Section 1201(a)(3)(A), means "to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner." Reverse engineering, on the other hand, is the scientific method of taking something apart in order to figure out how it works. While not all acts of circumvention require the use of reverse engineering, the reverse engineering of works protected by technological mechanisms requires circumvention. The placement of digital protection systems on copyrighted works essentially fences in the information a reverse engineer seeks to discover about the way the product works.
Question: Someone has alleged that, by putting the process for running their equipment on a web page, I have infringed their copyrights. Are they right?
Answer: No. Copyright does not cover ideas, processes, procedures, systems, or methods of operation. See Sec. 102(b)

No comments: