Intellectual Property Policy Online: A Young Person’s Guide

This is an edited version of a presentation to the Intellectual Property Online panel at the Harvard Conference on the Internet and Society, May 28-31, 1996. The panel was a reminder of both the importance of intellectual property and the dangers of legal insularity. Of approximately 400 panel attendees, 90% were not lawyers. Accordingly, the remarks that follow are an attempt to lay out the basics of intellectual property policy in a straighforward and non-technical manner. In other words, this is what non-lawyers should know (and what a number of government lawyers seem to have forgotten) about intellectual property policy on the Internet. The legal analysis which underlies this discussion is set out in the Appendix

Interfaces on Trial 2.0

The debate over the use of copyright law to prevent competition and interoperability in the global software industry.We live in an interoperable world. Computer hardware and software products from different manufacturers can exchange data within local networks and around the world using the Internet. The competition enabled by this compatibility between devices has led to fast-paced innovation and prices low enough to allow ordinary users to command extraordinary computing capacity. In Interfaces on Trial 2.0, Jonathan Band and Masanobu Katoh investigate an often overlooked factor in the development of today's interoperabilty: the evolution of copyright law. Because software is copyrightable, copyright law determines the rules for competition in the information technology industry. This book—a follow-up to Band and Katoh's successful 1995 book Interfaces on Trial—examines the debates surrounding the use of copyright law to prevent competition and interoperability in the global software industry in the last fifteen years.Band and Katoh are longtime advocates for interoperable devices but present a reasoned view of contentious issues related to interoperability issues in the United States, the European Union, and the Pacific Rim. They discuss such topics as the protectability of interface specifications, the permissibility of reverse engineering (and legislative and executive endorsement of pro-interoperability case law), the interoperability exception to the U.S. Digital Millennium Copyright Act and the interoperability cases decided under it, the enforceability of contractural restrictions on reverse engineering; and recent legal developments affecting the future of interoperability, including those related to open source-software and software patents

Patent Scope and Innovation in the Software Industry

Software patents have received a great deal of attention in the academic literature. Unfortunately, most of that attention has been devoted to the problem of whether software is or should be patentable subject matter. With roughly eighty thousand software patents already issued, and the Federal Circuit endorsing patentability without qualification, those questions are for the history books. The more pressing questions now concern the scope to be accorded software patents. In this Article, we examine the implications of some traditional patent law doctrines for innovation in the software industry. We argue that patent law needs some refinement if it is to promote rather than impede the growth of this new market, which is characterized by rapid sequential innovation, reuse and re-combination of components, and strong network effects that privilege interoperable components and products

SOFTWARE INTEROPERABILITY: Issues at the Intersection between Intellectual Property and Competition Policy

The dissertation project proceeds through three papers, analyzing issues related to software interoperability and respectively pertaining to one of the three following interdependent levels of analysis. The first level addresses the legal status of software interoperability information under current intellectual property law (focusing on copyright law, which is the main legal tool for the protection of these pieces of code), trying to clarify if, how and to what extent theses pieces of code (and the associated pieces of information) are protected erga omnes by the law. The second level complements the first one, analyzing legal and economic issues related to the technical possibility of actually accessing this interoperability information through reverse engineering (and software decompilation in particular). Once a de facto standard gains the favor of the market, reverse engineering is the main self-help tool available to competitors in order to achieve interoperability and compete “inside this standard”. The third step consists in recognizing that – in a limited number of cases, but which are potentially of great economic relevance – market failures could arise, despite any care taken in devising checks and balances in the legal setting concerning both the legal status of interoperability information and the legal rules governing software reverse engineering. When this is the case, some undertakings may stably gain a dominant position in software markets, and possibly abuse it. Hence, at this level of analysis, competition policy intervention is taken into account. The first paper of the present dissertation shows that interoperability specifications are not protected by copyright. In the paper, I argue that existing doubts and uncertainty are typically related to a poor understanding of the technical nature of software interfaces. To remedy such misunderstanding, the paper focuses on the distinction between interface specifications and implementations and stresses the difference between the steps needed to access to the ideas and principle constituting an interfaces specification and the re-implementation of a functionally equivalent interface through new software code. At the normative level, the paper shows that no major modifications to the existing model of legal protection of software (and software interfaces) are needed; however, it suggests that policymakers could reduce the Fear of legal actions, other forms of legal Uncertainty and several residual Doubts (FUD) by explicitly stating that interface specifications are unprotectable and freely appropriable. In the second paper, I offer a critique of legal restraints on software reverse engineering, focusing in particular on Europe, but considering also similar restraints in the US, in particular in the context of the Digital Millennium Copyright Act. Through an analysis of entry conditions for late comers and of the comparative costs of developing programs in the first place or reverse engineering them, the paper shows that limitations on decompilation imposed by article 6 of the Software Directive were mostly superfluous and basically non-binding at the time of drafting. What is more, the paper shows that nowadays new – and largely unanticipated – developments in software development models (e.g. open source) make these restraints an obstacle to competition against dominant incumbent controlling software platforms. In fact, limitations on the freedom to decompile obstacle major reverse engineering projects performed in a decentralized way, as in the context of an open source community. Hence, since open source projects are the most credible tools to recreate some competitive pressure in a number of crucial software markets, the paper recommends creating a simpler and clear-cut safe harbor for software reverse engineering. The third paper claims that, in software markets, refusal-to-deal (or “information-withholding”) strategies are normally complementary with tying (or “predatory-innovation”) strategies, and that this complementarity is so relevant that dominant platform controllers need to couple both in order to create significant anti- competitive effects. Hence, the paper argues that mandatory unbundling (i.e. mandating a certain degree of modularity in software development) could be an appropriate – and frequently preferable – alternative to mandatory disclosure of interoperability information. However, considering the critiques moved from part of the literature to the Commission’s Decision in the recent European Microsoft antitrust case, an objection to the previous argument could be that – also in the case of mandatory unbundling – one should still determine the minimum price for the unbundled product. The last part of the paper applies some intuitions coming from the literature concerning complementary oligopoly to demonstrate that this objection is not well grounded and that – in software markets – mandatory unbundling (modularity) may be a useful policy even if the only constraint on the price of the unbundled good is the one of non-negativity

Analysing Use of High Privileges in Android Applications

The number of Android smartphone and tablet users has experienced a rapid growth in the past few years and it raises users' awareness on the privacy and security of their mobile devices. The features of openness and extensibility make Android unique, attractive and competitive but meanwhile vulnerable to malicious attack. There are lots of users rooting their Android devices for some useful functions, which are not originally provided to developers and users, such as backup and taking screenshot. However, after observing the danger of rooting devices, the developers begin to look for other non-root alternatives to implement those functions. ADB workaround is one of the best known non-root alternatives to help app gain higher privilege on Android. It used to be considered as a secure practice until some cases of ADB privilege leakage have been found. In this project, we design an approach and implement a couple of tools to detect the privilege leakage in Android apps. We apply them to analyse three real-world apps with millions of users, and successfully identify three ADB privilege leaks from them. Moreover, we also conduct an exploitation of the ADB privilege in one app, and therefore we prove the existence of vulnerabilities in ADB workaround. Based on out study, we propose some suggestion to help developers create their apps that could not only satisfy users' needs but also protect users' privacy from similar attacks in future.Comment: 13 page

Software reverse engineering education

Software Reverse Engineering (SRE) is the practice of analyzing a software system, either in whole or in part, to extract design and implementation information. A typical SRE scenario would involve a software module that has worked for years and carries several rules of a business in its lines of code. Unfortunately the source code of the application has been lost; what remains is “native ” or “binary ” code. Reverse engineering skills are also used to detect and neutralize viruses and malware as well as to protect intellectual property. It became frighteningly apparent during the Y2K crisis that reverse engineering skills were not commonly held amongst programmers. Since that time, much research has been undertaken to formalize the types of activities that fall into the category of reverse engineering so that these skills can be taught to computer programmers and testers. To help address the lack of software reverse engineering education, several peer-reviewed articles on software reverse engineering, re-engineering, reuse, maintenance, evolution, and security were gathered with the objective of developing relevant, practical exercises for instructional purposes. The research revealed that SRE is fairly well described and most of the related activities fall into one of tw

Modeling assembly program with constraints. A contribution to WCET problem

Dissertação para obtenção do Grau de Mestre em Lógica ComputacionalModel checking with program slicing has been successfully applied to compute Worst Case Execution Time (WCET) of a program running in a given hardware. This method lacks path feasibility analysis and suffers from the following problems: The model checker (MC) explores exponential number of program paths irrespective of their feasibility. This limits the scalability of this method to multiple path programs. And the witness trace returned by the MC corresponding to WCET may not be feasible (executable). This may result in a solution which is not tight i.e., it overestimates the actual WCET. This thesis complements the above method with path feasibility analysis and addresses these problems. To achieve this: we first validate the witness trace returned by the MC and generate test data if it is executable. For this we generate constraints over a trace and solve a constraint satisfaction problem. Experiment shows that 33% of these traces (obtained while computing WCET on standard WCET benchmark programs) are infeasible. Second, we use constraint solving technique to compute approximate WCET solely based on the program (without taking into account the hardware characteristics), and suggest some feasible and probable worst case paths which can produce WCET. Each of these paths forms an input to the MC. The more precise WCET then can be computed on these paths using the above method. The maximum of all these is the WCET. In addition this, we provide a mechanism to compute an upper bound of over approximation for WCET computed using model checking method. This effort of combining constraint solving technique with model checking takes advantages of their strengths and makes WCET computation scalable and amenable to hardware changes. We use our technique to compute WCET on standard benchmark programs from M¨alardalen University and compare our results with results from model checking method