This post is going to discuss the legality and morality of reverse engineering. It will introduce a definition to start, list some common use-cases, and weave in and out of the morality of it all. A discussion and comparison of the similarities and differences between patents and copyrights will be given, followed by a brief overview of digital rights management (DRM) and the Digital Copyright Millennia Act (DCMA) to finish things up.
I wouldn’t be a very good computer programmer and cyber security graduate student if I didn’t study up on reverse engineering. Since that isn’t a course offering at BU, I decided to buy a book on the subject and learn about it my own accord. Nearly all of the information I am about to parlay comes from that book – Reversing: Secrets of Reverse Engineering by Eldad Eilam.
Reverse engineering is the disassembly of an engineered product. The purpose of reverse engineering is to gain an understanding of a product’s architecture and design. In software, this typically means decompiling a binary and digging through machine generated assembly code. From ChillingEffects.Org, “Reverse engineering has been used by innovators to determine a product’s structure in order to develop competing or interoperable products.” There are a lot of moral concerns regarding reverse engineering, with theft of intellectual property or otherwise patented or copyrighted material being the biggest.
Reverse engineering is the cornerstone of malicious software development. It’s true. Every virus and software exploit comes to light through the practice of reverse engineering. Malicious hackers find vulnerability, find a way to exploit it, and use that exploit to inject dirty code. However, it isn’t just them doing the reversing; it is the good guys, too. Anti-malware vendors reverse engineer malware to determine how it works, how it spreads, how to defeat it, and how to protect against it. Reverse engineering is also used to provide better interoperability, which is a fancy way of saying it can make software/hardware/information usable by more things, creating more value through increased functionality and increased competition.
As mentioned above, however, it can be used to steal things, too. A patented process, design, or algorithm can typically be reverse engineered out of software. The goal of reverse engineering is usually to derive a high-level design from a low-level language, though; and since the high-level design is included in the publicly searchable patent filing, it doesn’t generally make sense to expend the level of effort required in reversing. Conversely, if the details are what one is after, having the high-level design from a patent filing can make reversing patented software easier. Copyrighted materials, on the other hand, are a different story. In layman’s terms, a copyright means that the owner is the only person allowed to make and distribute copies of something. This is tough in software, since every time a program is executed, the user’s computer creates a copy of it in memory. For this reason, it is not illegal to reverse engineer copyrighted material. However, most software license agreements do state that the user shall not reverse engineer it in any way, and accepting those license agreements is no different than signing contracts; they are legally binding.
Digital rights management technologies are software tools used to prevent the reverse engineering and subsequent copying and distribution of copyrighted materials. The music and movie industries were the biggest proponents of DRM software. The problem with DRM tools is that they are susceptible to reverse engineering themselves. In an attempt to remedy this problem, the Digital Millennium Copyright Act of 1998 made it illegal to tamper with DRM software with few exceptions. So, while it is not illegal to reverse copyrighted materials, it is illegal to reverse copyright protection software.
In summary, reverse engineering of software is a pretty gray area. There are good uses and bad uses. It can be used to steal and destroy, but it can also be a powerful research tool used in many ways to teach and benefit society – most obviously through the extension of functionality and interoperability.
References
ChillingEffects.Org. (2014). Reverse Engineering. Retrieved from https://www.chillingeffects.org/reverse/
Eilam, Eldad. (2005). Foundations. Reversing: Secrets of Reverse Engineering. (pp. 17-23). Indianapolis, IN: Wiley Publishing, Inc.