Hi Eric,
On Wed, 2004-05-26 at 01:54, Eric Scher wrote:
---------------------------------------------------------
On Tue, 2004-05-25 Tobias W. wrote:
Well, let's face the simple facts. Cisco's code is copyrighted and it's
illegal to copy it, distribute it or even use it. There's no way around
it.
----------------------------------------------------------
STATEMENT: "There's no way around it."
RESPONSE: I beg to differ. No disrespect intended, but given the mission
statement for the Full Disclosure mailing list, the use of the "stolen code"
clearly falls under the "FAIR USE" exemption of copyright law. Having said
that, there may be criminal and civil liability issues involved in
possessing, transfering or receiving said code, but it is manifestly not a
violation of copyright law.
==========================================
UNITED STATES CODE - TITLE 17 - CHAPTER ONE - SECTION 107
Sec. 107. - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a
copyrighted work, including such use by reproduction in copies or
phonorecords or by any other means specified by that section, for purposes
such as criticism, comment, news reporting, teaching (including multiple
copies for classroom use), scholarship, or research, is not an infringement
of copyright. In determining whether the use made of a work in any
particular case is a fair use the factors to be considered shall include -
(1) the purpose and character of the use, including whether such use is of a
commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the
copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or value of the
copyrighted work. The fact that a work is unpublished shall not itself bar a
finding of fair use if such finding is made upon consideration of all the
above factors
==========================================
As has been pointed out by Valdis, "fair use" certainly doesn't cover
the distribution and copying of hundreds of megabytes of Cisco code that
wasn't to end up on the Internet in the first place. The intentions, so
for example security code audits, don't matter for determining "fair
use" either. If we were to decide for ourselves what we define as fair
use then there'd be no use for copyright at all since we would be using
everything under "fair use". Whatever we do with code we would always
define it "for educational purposes".
And since you quoted only US law you should be aware that things might
actually look a little different now that you have the DMCA.
And let's just go a step further. Do we really /want/ to look at code
that hasn't been licensed to us? Why /should/ we want to do this? So
anytime in the future we are being creative Cisco can claim we must have
copied it from their source code since we obviously "took a look at
it"?!
Closed source products don't become "Open" Source products over night
just because the code leaked into the Internet. They stay closed source.
Without a corresponding license the availability of Cisco's code (or any
other) is useless.
The "fair use" thing is an illusion here. But it isn't an illusion big
enough to cover the legal risks that are obvious if you touch unlicensed
propriety code.
regards,
Tobias
