Re: implications of recent legal trends

[JohnNicholson () aol com (JohnNicholson () aol com)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Off the cuff response.  I'll give this some thought and if I think I need to 
elaborate or correct something, I'll post another reply later.

I'm not sure this is that big an issue as far as the development of security 
tools is concerned.  As I understand it, Mattel argued that cphack violated 
Mattel's copyright by displaying a list of websites that CyberPatrol blocks.  
Mattel argued that the list of sites constituted their intellectual property, 
and that by republishing it without a license, cphack was violating copyright 
law.  Copyright law does (and should) protect the assembly of information 
into databases (i.e. the Yellow Pages), otherwise there wouldn't be an 
incentive for anyone to invest the time and resources necessary to be the 
first one to develop a database, since everyone else could just copy yours. 
The Mattel claim is a pretty specific argument, and probably only works 
because cphack discloses the list of sites.  

IMHO, there are a couple of possible reasons why Mattel wants to prevent the 
list of sites blocked by CyberPatrol from being public knowledge - first, 
Mattel presumably spent a lot of money to research the sites that CP blocks.  
If anyone else can copy the list, then Mattel has paid to develop a product 
on which other blocking software vendors can use cphack, copy the CP list, 
add it to their own and immediately have an advantage over CP.  Second, 
currently, if you want to know whether CP blocks your site, you have to buy a 
copy from Mattel.  If cphack makes the list public, then Mattel will sell a 
lot fewer copies of CP.  Third, various blocking softwares have gotten bad PR 
because they block sites that demonstrate that the vendor has a particular 
political agenda because of the sites that are blocked.  Mattel may want to 
prevent such a PR issue.

For hacking tools in general, unless the hacking tool somehow violates the 
copyright of the developer of an IDS, firewall, auditing tool, etc., the 
vendor who developed such a tool would not be able to make the same kind of 
argument.  Hacking tools, in general, explore for and exploit known 
weaknesses in a software, rather than publicizing specific lists or other 
data included in the software.  

However, if, for example, someone wrote a virus that somehow got into an 
anti-virus package and listed out all of the signatures used by that AV 
package and posted that list on a web page, that might qualify as a similar 
situation where the AV vendor would need to take legal action to protect one 
of the things that supposedly makes that vendor's AV package better than 
others.

John Nicholson