Reverse engineering Discussion on validity and legality of this practice
This article discusses the controversial role of reverse engineering in the computer industry, among others. To this end, it borrows examples from the software industry, high-tech hardware production and the pharmaceutical industry, all these practical examples of the advantages and disadvantages of using this controversial practice.
It is primarily the determination of the concept of reverse engineering, its most significant practices and results. Reverse engineering aims to take ownership of new strategic concepts from the deconstruction of ready-made models or solutions.
This practice can be considered as the process of analyzing a physical or virtual product, such as devices, computer programs, or even business models, including the details of its operation, usually with the intention of constructing a clone with the same Without actually copying anything from the original.
Objectively reverse engineering consists of, for example, disassembling a machine or decupping a computer program to find out how it works.
According to Ricardo Drizin “Reverse engineering in the case of hardware requires a much higher level of knowledge, and is much more expensive than Software. A manufacturer, for example, wants to know how the competitor’s processor works, can buy it, reverse engineer it, and create a similar processor. In general, Reverse Hardware Engineering uses electronic measuring tools, such as a multimeter, oscilloscope, and a device programmer. ”
On the one hand, we can see immense progress in the massification of the use of technologies that began with the use of reverse engineering as the starting point of the production in scale, citing here the classic case of the creation of the first Compaq PC-compatible personal computer that employed reverse engineering on equipment originally produced by IBM.
On the other hand, this practice is also put at the service of the so-called “cracker culture” and its harmful practices to consumer society, the right to intellectual property and the right to authorship. In this article, we will use the term ‘cracker’ as the individual belonging to a specific community of programmers, also known as ‘hackers’, however, their intentions depend on activities considered illegal in the community where they operate. It is important to discriminate more clearly the individuals working in the so-called ‘open source’ or ‘open source’ development community. They make their knowledge available for technological development, developing new features to pre-existing systems or creating new systems and are known as hackers. In contrast, there is the individual who, for the most part, is treated as a ward by this community, because , generally put their skills at the service of a petty project and of questionable ethics, by creating malicious systems by legally and morally violating cybernetic systems, these individuals are the crackers.
The discussion raised here, regarding the positive and negative aspects arising from reverse engineering application may shed new light on the moral, ethical and legal limits of this practice and alert systems developers on how to guard against this practice.
Reverse engineering software
The software area, despite the fact that’s already part of our everyday life, by striking and direct presence in our professional, personal or educational activities, or by indirect presence through the many technological solutions embedded in our vehicles, electronic equipment or appliances called ‘last generation’ also raises serious doubts in the majority of the population “not started” on their secrets.
The creation of a new technology does not automatically guarantee the right to your property or even the copyright. In order for these rights to be recognized, it is necessary to proceed with the legally appropriate means of recognizing these rights, and even the financial fruition of creation.
After the established legal procedures, an object can be recognized by the person or organization that created it as not profitable enough to justify its commercial exploitation. In this case there are some possible options to be adopted by the holder of the rights in question such as: 1) he can abandon the object rejecting any disclosure or access to it; 2) may make available the general purpose end product as a freeware that is the free distribution of its creation, however, there may be some restrictive license to its use, distribution and modification; 3) may make it available in the form of shareware which is the free distribution of the software, however, there are restrictions on some of its features and (or) for a fixed time use, in order to provoke the use experience and create the need for Acquisition of the full version; Or 4) may make available the full version of the product accompanied by its development codes, so-called ‘source codes’, allowing future users to use, copy, study, modify and redistribute without any restrictions, this mode is known as’ Software Free’.
According to Prof. Rodolfo Politano in his article for the Journal UNIEMP Innovation “Another important aspect is that the protection is linked to the way that the new design materialized – and not the idea itself. Mechanisms of internal masking algorithms to ensure prevention of reverse engineering. ”
The use of reverse engineering in the development of new applications is legally accepted when applied to software abandoned by developers, such as Cosmo Player (software for virtual reality environment in navigation originally developed by Computer Associates). At first the company sold this product in the traditional bases of the software trade, however, this practice did not produce sufficient returns to justify the effort of maintenance and marketing. Under this scenario, the company decided to discontinue its production and support and provided the full software for widespread use without compensation. Some years passed and when a group of developers was interested in acquiring the rights to the original proprietary software claimed that the documents and sources were no longer locatable and authorized the code breaks. The process of reverse engineering could aid in the recovery of the source code that has undergone improvements and new developments provided by a global development consortium that formed the basis for several products marketed independently.
One of the companies that participated in the consortium to exploit the tool is the Brazilian P3D Engenharia de Software Ltda. This company, which until now distributes the Cosmo Player for free with its education software, received funding from FINEP’s grant program in 2007 and is completing the development of its own virtual reality player, based on the characteristics of the original software. This product will hit the market in 2009 if forecasts are confirmed.
Reverse engineering is also considered to be an effective tool for assuring the security of highly critical systems, because through its techniques it can explore the code of the programs in order to check for malicious code, to verify if the original code of a software has not undergone changes like injection of hidden routines or if there are development codes forgotten by the idealizers.
The reverse engineering techniques can also be useful in disaster recovery with data. For example, an encrypted file system can be understood and its decoding key to recover lost data.
In some reverse engineering practice countries it is illegal and some practitioners interested in gaining unauthorized access to software features not offered free by the holders of the commercial product rights. This practice is called cracking.
Legal applicability of reverse engineering
The question of the legality of the breach of a functional process, applicability and business model can be widely discussed, but it is precisely in the patents, copyright and property law that the questioning about the validity of the use of reverse engineering is massively opposed.
In contrast, certain applicability of reverse engineering are considered perfectly valid and even elevated to the category of “best practices”. We can cite as welcome examples of the use of this practice, classified by some “war” against computer viruses, military research and aspects of national or government security audit and security among others.
The war against computer viruses seems to be endless, but without reverse engineering it could be considered lost. According to Ricardo Drizin, “Antivirus companies usually have specialized teams to receive infected files (users and developers) and analyze them so that the next version (signatures) antivirus there is a new virus detection. Modern viruses use the same encryption technology that packers and therefore reverse engineering can be used to study a virus that uses the same techniques for cracking a program. “.
The budgets of Government and military for a safe stay in the virtual world have increased dramatically. In 1999 Bill Clinton announced $ 1.46 billion to improve the security of government computers and this was just the beginning. No reverse engineering such values could be multiplied many times and with an expectation of efficiency far below the currently found.
How to ensure the safety of trillions of dollars of public and private capital traveling in an increasingly globalized and connected world? The pursuit of relative tranquility desired by financial institutions to ensure the security of your data is echoed in the audit of the main software they use. When the source code is available, it goes through a security audit, which will assess the risks involved. When the source code is not available, it is customary to use reverse engineering to certify the safety and software behavior.
Questions regarding the copyright protection
It should be noted the motivation that leads to protection of an intellectual product. For Prof. Dr. Rodolfo Politano in his article for the newspaper Orbit Ipen “There is a concern regarding the circumvention of intellectual property. An innovation that ceases to be protected is like a good material that is exposed carelessly. Others can make use of this innovation without the inventor (and institution) receive any financial reward. – And worse, without any legal mechanism that may require this retribution. ” So we can consider an applicant’s obligation to a copyright make use of all forms in their power to hinder the practice of reverse engineering, if this your intention.
The DMCA is a US law that criminalizes the production and dissemination of technology that can circumvent measures taken to protect copyright, and increases penalties for copyright breach on the Internet. The breach of copyright is not the object of this article, but the production and dissemination of technologies or knowledge.
Ricardo Drizin cites in his writings, breaking the DVD encryption format. “The DeCSS program to decrypt DVDs, was written by a 16 year old in Norway, and therefore was not subject to US law (DMCA). However, he was tried for copyright infringement on your own, and your program is prohibited from being hosted on American websites. The teenager’s lawyers argue that the DVD decryption was not to make copies of movies, but to be able to create software that touch DVD on Linux, which until then did not exist. “.
But a copyright can be broken or bypassed. For this there is a methodology called ‘clean room design’.
A case of clean room design that was practiced by Compaq in 1982 is treated as classic. The previous year, IBM had entered the personal computer business with its IBM PC. The BIOS of the IBM machines was owner code and, as such, protected. On the wave of success of IBM Compaq produced the first PC, called the “PC compatible”. According to a court decision, Compaq could not directly copy the BIOS from IBM, but could reverse engineer this and create your own BIOS using the clean room design.
Ulysses Buonanni defines Clean Room Design as “A method which can be used reverse engineering to understand the operation of a software and clone it from the team that makes the clone encoding has contact only with the system specification, made by team that made the reverse engineering. Thus someone who had contact with the original code can not participate in the direct development of the clone, only the detailed specification. “.
It was from the Clean Room Design, and Compaq initiative, which emerged the industry of PC clones and popularization of these systems that underpinned the so-called ‘culture of information’.
News widely disseminated in the Brazilian and international press report that in 2001 the Minister of the Brazilian government’s health determined the first break of patent medicines of Brazil. Nelfinavir drug, manufactured by Roche, had broken his patent due to the high price for the consumer. Each tablet of the drug cost the equivalent of US $ 1.36. In Brazil, this medicine is used by 25% of patients with AIDS. The public laboratory Far-Manguinhos, Fiocruz (Oswaldo Cruz Foundation) began producing generic of Netfinavir not exclusively. The laboratory could produce the drug for 40% lower than the amount charged by the holder of the right to manufacture of nelfinavir. This represented a savings of $ 88 million per year for the country.
A copy of this molecule drug substance was obtained from the technical reverse engineering and bioequivalence testing.
To justify the procedure, the Brazilian government used Article 71 of the Patent Act, which reads “Art. 71 – In cases of national emergency or public interest, declared by the Federal Executive Branch, since the patentee or his licensee does not meet this requirement may be granted legal, compulsory, temporary and non-exclusive license to the exploitation of the patent, subject to the holder of the rights.
Sole Paragraph – The license granting act will establish its term of validity and the possibility of extension “and thus provides for compulsory licensing in cases of emergency. The government claimed it would be difficult to maintain free distribution with the high cost of imported product.
Who certainly did not like the unilateral termination of the Brazilian government was Roche, manufacturer of the product and victim of reverse engineering. As an immediate measure, the industry cut its research budget on new drugs claiming that the costs for development of new molecules were considered guaranteed investments by law, which now became uncertain.
Other laboratories, before the break of patents carried out by countries like India and Brazil established a reverse incentive policy for its researchers. This policy consisted of an award to the researcher who close down the research of new drugs if detected the possibility of imminent failure. That is, the breaking of the patent guarantees discouraged the longest and uncertain research having as a direct consequence not the launch of a truly innovative molecule by the pharmaceutical industry worldwide for over four years.
The practice of reverse engineering, when treated as a phenomenon without ideology, is an effective tool for technological development and the adoption of safer practices for day-to-day organizations and society. It is undeniable that the reverse engineering accelerates the development process and encourages the popularization of technologies through cost reduction and consequent reduction of the final price of the products developed, but what we think is the social cost ethical and hidden moral in the adoption of this practice justify the immediate savings obtained.
Encouraging the creation and invention can not be obscured by more convenient practices or the lack of investment in research centers by institutions or countries unprepared to act in the knowledge era.
Definitely, reverse engineer lives in a permanent seesaw between legality and illegality, the validity and conviction and its practitioners, by association, they may be considered gurus encouraging the knowledge or sailors pirates technological ocean.
Eduardo José Stefanelli
Miltom Mansilla Vargas
Dr. Rodolfo Politano