Subject: Re: Novel anti-software-patent article
From: "Stephen J. Turnbull" <turnbull@sk.tsukuba.ac.jp>
Date: Tue, 29 Feb 2000 16:48:04 +0900 (JST)

>>>>> "kms" == Karsten M Self <kmself@ix.netcom.com> writes:

    >> Actually, the matter of whether a patent would be enforced by a
    >> court has not yet been determined.  Yes, there have been cases
    >> where a free software author has stopped distributing software
    >> implementing a patent, but as far as I know, none have actually
    >> gone to court and argued that free software should be exempt
    >> from patent enforcement.

    kms> ESR has suggested just this scenario as a possible weakness
    kms> to the patent system as applied to free software, and as one
    kms> of the reasons why there has not yet been a major action,
    kms> taken to court, involving a significant patent player.

I think that the best possible outcome of going to court on a solid
(by USPTO standards in more established areas than software) patent
like LZW or RSA would to win at the Supreme Court level; I just don't
see a lower court decision to exempt FS from patent enforcement as
likely to have appeal refused without comment by superior courts.
IANAL, of course.

You'd have to be crazy (or rms, All Hail rms!) to go to court with
that expection.  And even rms has preferred to invent around IP,
whether copyright or patent, so far, rather than challenge it in
court.  (And of course he uses public advocacy; the point is that
AFAIK he uses courts or the threat thereof to enforce the GNU GPL, not
to challenge other IP.)

    >> You think M$ allows its crypto implementation to be publically
    >> inspectable?  And it seems to me their stuff is being used
    >> pretty heavily.
    >> And I doubt they're the only ones.  How about SDMI (Secure
    >> Digital Music Initiative)?

    kms> Point?

You and I don't use MS crypto because it's obscure and therefore
unsafe.  We want 6 sigma or better QA on our crypto, and we know you
don't get that by making it hard for the good guys to get source.  99%
of users don't understand the point.  Heck, I myself put things 10 in
back on a 4 foot high shelf in the expectation that in our small rooms
my three-foot-tall daughter will never see them.  (But there I don't
need 6 sigma QA, the kid's Mom is a 6-sigma backup system.  ;-)

Ie, the point is that given effective marketing, (illusory) security
through obscurity can have important economic effects.  (This does not
contradict my usual position that marketing is usually not a lie and
even more rarely evilly intended; security is a special case where I
think standards should be stricter.)

And the point about SDMI is that the kind of people who will learn to
crack it are mostly "warez d00dz",[1] and most reasonably moral people
don't want to associate with people who abet crackers because they
want to trade warez via other people's web servers.  So even though
SDMI will not be really secure against a determined assault, enough
people will find the effort that they have to go to to acquire
workarounds sufficiently distasteful that they'd rather pay money for
their music.


Footnotes: 
[1]  I'm not saying that cracking security devices makes you a "warez
d00d", I'm saying that the warez d00dz are going to be a large part of
the market for cracking encryption designed to protect IP.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."