Is reverse engineering ethical?

[mastermechanic]

Suppose that there are 2 companies. One of them is yours and other company publishes a product which can affect your situation in marketplace.Is it ethical to buy the product and resolve it by reverse engineering to get an idea to counterattack?

It's not about producing similar technology but getting an idea to help you to think differently.

 

[phyzguy]

Reverse engineering is done all the time. Large companies have whole departments dedicated to it. Why would you think it is unethical? If I buy a product, I own it and I can do what I want with it. If I buy a car, would you think it is unethical for me to take the engine apart to see how it works? Whether you can legally use any ideas you get to produce competing products depends on the patent and copyright protection that the company selling the product has, but simply dissassembling a product to see how it works is completely legal, and in my opinion, completely ethical.

 

[phinds]

Suppose that there are 2 companies. One of them is yours and other company publishes a product which can affect your situation in marketplace.Is it ethical to buy the product and resolve it by reverse engineering to get an idea to counterattack?

It's not about producing similar technology but getting an idea to help you to think differently.

Why would it NOT be ethical? Should you bury your head in the sand and pretend you have no competition?

 

[anorlunda]

Interesting question. Legal is often used as a substitute for ethical.

[/PLAIN]
In the United States even if an artifact or process is protected by trade secrets, reverse-engineering the artifact or process is often lawful as long as it has been legitimately obtained.[29]

Reverse engineering of computer software in the US often falls under both contract law as a breach of contract as well as any other relevant laws. This is because most EULA's (end user license agreement) specifically prohibit it, and U.S. courts have ruled that if such terms are present, they override the copyright law which expressly permits it (see Bowers v. Baystate Technologies[30][31]).

Sec. 103(f) of the DMCA (http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00001201----000-.html ) says that a person who is in legal possession of a program, is permitted to reverse-engineer and circumvent its protection if this is necessary in order to achieve "interoperability" - a term broadly covering other devices and programs being able to interact with it, make use of it, and to use and transfer data to and from it, in useful ways.
...

European UnionEdit
EU Directive 2009/24, on the legal protection of computer programs, governs reverse engineering in the European Union. The directive states:[
(15) The unauthorised reproduction, translation, adaptation or transformation of the form of the code in which a copy of a computer program has been made available constitutes an infringement of the exclusive rights of the author

 

[anorlunda]

If I buy a car, would you think it is unethical for me to take the engine apart to see how it works?

If taking it apart includes software, they are trying to tell us that is illegal. I hate that, but I am not a lawyer.

 

[phinds]

If taking it apart includes software, they are trying to tell us that is illegal. I hate that, but I am not a lawyer.

But when you buy a car you don't sign a contract saying that you won't take the engine apart or at least you didn't the last time I bought a new car (and that was long before there was much, if any, software involved).

 

[anorlunda]

But when you buy a car you don't sign a contract saying that you won't take the engine apart or at least you didn't the last time I bought a new car (and that was long before there was much, if any, software involved).

That's the rub. Almost everything has software today and very different rules apply to software. You can't buy software, you buy a lease with restricted rights. So even if the software does nothing useful, the manufacturer can restrict your ownership rights by including software in the product. It's a scandalous mess IMO.

 

[phyzguy]

That's the rub. Almost everything has software today and very different rules apply to software. You can't buy software, you buy a lease with restricted rights. So even if the software does nothing useful, the manufacturer can restrict your ownership rights by including software in the product. It's a scandalous mess IMO.

But you signed the contract saying you won't reverse engineer the software. You did this of your own free will. If it bothers you, don't sign the contract or don't use the software

 

[DaveC426913]

But you signed the contract saying you won't reverse engineer the software. You did this of your own free will. If it bothers you, don't sign the contract or don't use the software

Perhaps, but not all stipulations in a contract are legally enforceable - even with a signature.
The clauses are put it as a deterrent, but it's a judge who ultimately makes the decision about whether a given stipulation is binding.

 

[mastermechanic]

But as @anorlunda said, you stuck on the "legal" term. My concern is about ethics, of course you can disassemble the products but is it ethical in terms of personal conscience as an enginneer?

 

[anorlunda]

in terms of personal conscience as an enginneer

To that question you will get different answers from different people. To me, I say hell yes; there is nothing bad about reverse engineering.

From the ASME code of ethics

[/PLAIN]
1. Engineers shall hold paramount the safety, health and welfare of the public in the performance of their professional duties.
2. Engineers shall perform services only in the areas of their competence; they shall build their professional reputation on the merit of their services and shall not compete unfairly with others.
3. Engineers shall continue their professional development throughout their careers and shall provide opportunities for the professional and ethical development of those engineers under their supervision.
4. Engineers shall act in professional matters for each employer or client as faithful agents or trustees, and shall avoid conflicts of interest or the appearance of conflicts of interest.
5. Engineers shall respect the proprietary information and intellectual property rights of others, including charitable organizations and professional societies in the engineering field.
6. Engineers shall associate only with reputable persons or organizations

Only point 5 seems relevant. The question is: do manufacturers of products have the right to keep secret details of their products that can be determined by close inspection? I say, no they don't.

There is the concept of trade secret, but that only binds the employees and contractors of the secret holder. Anyone else who learns the secret is not violating anything. So if you learned proprietary info via a confidence, then you are ethically bound to protect it. If you learned it by reverse engineering, you have no ethical burden. If you learned it by reading an article in the newspaper, you have no ethical burden.

But I stress, that everything I just said does not apply to software. You can only buy a license for software (I said lease before, that's the wrong word). The license is binding legally and ethically even if you didn't sign anything. The license restricts what you can do. If it says no reverse engineering, then you're stuck with that. So if the product includes a software component, you can reverse engineer only the non-software portion.

In the USA we have the Computer Fraud and Abuse Act, CFAA. which makes it a felony to reverse engineer software in loosely defined circumstances. It is a pernicious law because the ordinary person can not legally tell in advance what is and is not legal. For example, my Facebook account does not use my real name. That violates Facebooks terms of service. It should be my privilege to do that, but in at least one case a woman was convicted of a CFAA felony for doing the same thing.

 

[Rive]

Only point 5 seems relevant. The question is: do manufacturers of products have the right to keep secret details of their products that can be determined by close inspection? I say, no they don't.

I think if it's about the how-to (which knowledge is the goal of reverse engineering) then yes, they can keep it secret.
'Intellectual property rights' in case of a car covers only the patents used to produce the car, not the car itself. As it should be with an industrial product. You can disassemble and reverse engineer it as much as you want, only reproduction will violate the relevant patents.

As you say, software is indeed treated differently since it belongs under the 'copyright' kind of rights: every mass-produced instance of it is treated kind of as an art. So only black-box kind of investigation is 'legal' (which is not the same as 'ethical'.)

 

[Baluncore]

But you signed the contract saying you won't reverse engineer the software. You did this of your own free will. If it bothers you, don't sign the contract or don't use the software

Writing clear specifications and new code would probably produce a better result faster than by studying the legacy code used by the competition.

Ethical now seems to be synonymous with obeying the law. There are four ways to protect IP.
1. Hide the critical details well, then don't draw attention to their importance by bragging about features.
2. Photograph the object and register the design.
3. Copyright the documentation and the code pattern in memory.
4. Patent the algorithm or mechanism.

1, 2 & 3 should be used together.
4, patents are the most expensive up front and you must publish clearly how you do it. Your lawyer legal costs will probably destroy you financially if your patents are ever noticed.

This advice was brought to you by E.S. Rever Engineering.

 

[jack action]

But I stress, that everything I just said does not apply to software. You can only buy a license for software (I said lease before, that's the wrong word). The license is binding legally and ethically even if you didn't sign anything. The license restricts what you can do. If it says no reverse engineering, then you're stuck with that.

I'm not sure the law is as strict as you are telling it. It is true only if you do it in a "let's copy the source code" sense, which is basically stealing intellectual property. It doesn't mean you cannot reverse engineer a software to see how it works because you're simply curious. US courts have allowed software reverse engineering in cases where the software is not copied per say, as mentioned in your Wikipedia quote or even here (source):

In response to the OP, I have a (not so) hypothetical situation:

Let's say all car companies make cars that are started with a key. One company change its design and begin using a starting button instead. Being an appreciate feature by users, all other car companies, simply looking at the competitor's feature - without disassembling the car - can deduce how to make such a feature and apply this knowledge to their cars.

In a sense, they reverse engineered the mechanism. It was just easy to guess how it worked just by looking at it and there was no need to go with actual disassembling. Is that unethical? I don't think so.

 

[anorlunda]

I'm not sure the law is as strict as you are telling it.

It is certainly more complex than can be explained in a few sentences (or a few thousand sentences).

But there are multiple ways they restrict you. Even when copyright law allows reverse engineering as you cite, the end user license agreement EULA can impose a contractual obligation on you to not reverse engineer. Enforceable EULAs have been widely upheld in court. If you don't like the EULA, you can not buy it or perhaps return the product for a refund, but it you keep it and use it you become legally bound by the EULA terms. So contract law can get you even where copyright law or patent law doesn't.

Note also that the ASME ethics said "Engineers shall respect the proprietary information and intellectual property rights of others," intellectual property is defined as patent, copyright and trademark. But proprietary information can be almost anything else. My point is that intellectual property laws can not be the full story.

 

[anorlunda]

In a sense, they reverse engineered the mechanism. It was just easy to guess how it worked just by looking at it and there was no need to go with actual disassembling. Is that unethical? I don't think so.

I agree that it should not be unethical to reverse engineer even software. But it is sometimes illegal anyhow.

Ethical and legal, do not mean the same thing in all circumstances. There is nothing to stop Congress from making ethical behavior illegal.

I and many others think that the government's application of CFAA is overreach and not justified. But they are doing it. Even when copyright allows fair use, and the EULA is not explicit, security researchers have been threatened with prosecution under CFAA for reverse engineering for research purposes. As I said before, CFAA is a pernicious law. It has harmful and nonsense effects. In my opinion it is unconstitutionally vague. But I am not a judge so my opinion doesn't count.

 

[jack action]

But I am not a judge so my opinion doesn't count.

In a democracy, your opinion should count and I'm glad you can express it freely (at least on this forum).

 

[russ_watters]

But when you buy a car you don't sign a contract saying that you won't take the engine apart or at least you didn't the last time I bought a new car (and that was long before there was much, if any, software involved).

Engine computers are often encrypted, and I think it is illegal to break encryption.

 

[russ_watters]

I agree that it should not be unethical to reverse engineer even software. But it is sometimes illegal anyhow.

Ethical and legal, do not mean the same thing in all circumstances. There is nothing to stop Congress from making ethical behavior illegal.

In general I would say that illegal is a subset of unethical, but it does get sticky when laws or codes of ethics change.

I think my issue with proprietary things, including software, is the breadth of the contract protections and whether broad protections are actually legal/enforceable. While I do sympathize with IP concerns, I tend to favor the consumer and I'm annoyed that my car won't let me adjust the drive-by-wire steering feel or transmission shift points.

Needless to say, I've never owned an Apple product...but I haven't gone as far as Linux.

Not quite the same, but close, this is also an issue with HVAC controls: depending on the context of the question, different vendors' controls are either compatible with others (if they are trying to get a foot in the door) or not (if they are trying to keep someone else out).

 

[anorlunda]

I just remembered a great example of ethical versus legal. Aaron Swartz https://en.wikipedia.org/wiki/Aaron_Swartz

Many of us think that Aaron acted in a superbly ethical way, even heroic. But the crush of legal grief that landed on his head cost him his life.

By the way, I read that the EPA really wants to keep consumers out of car computers, because they would invent and distribute patches that circumvent pollution controls to favor performance. Like Volkswagen, they could make them smart enough to switch back for annual inspections.

EPA is supporting Detroit in trying to make it illegal for us to peek under the covers of the computers in our cars.

 

[rootone]

I've heard of a few interesting legal cases where the 'intellectual property' involved is pop music.
Generally it turns out that plagiarizing somebody else's song is OK, claiming it as your own, as long as there is one different word or chord sequence.

 

[Nugatory]

It's not about producing similar technology but getting an idea to help you to think differently.

Even if you're planning to produce similar technology, there's nothing unethical about reverse engineering unless you have promised (usually by accepting a license agreement) not to do so.

 

[collinsmark]

Just to be clear [this has been touched upon already in a previous post], in recent years things are more complicated due to the Digital Millennium Copyright Act (DMCA).

Yes, in the past you could reverse engineer the heck out of something for the sake of the learning experience, if you don't plan to sell it. But now [with the DMCA], if there is software involved, and if reverse engineering involves making copies of that software [or messing with the software], then it falls under piracy laws, like those that forbid you from making digital copies of your favorite Metallica song.

This sort of thing has been bubbling in the [farm] tractor industry for a couple of years now, for example.

http://modernfarmer.com/2016/07/right-to-repair/

Farmers Demand Right to Fix Their Own Dang Tractors

This might be hard to believe for non-farmers, but owners of tractors aren't actually allowed to fix them, thanks to a set of laws designed to protect software intellectual property.

In fact, the craziness of this goes even further: In a 2015 letter to the United States Copyright Office, John Deere, the world’s largest tractor maker, said that the folks who buy tractors don’t own them, not in the way the general public believes “ownership” works. Instead, John Deere said that those who buy tractors are actually purchasing an “implied license for the life of the vehicle to operate the vehicle.”

[Edit: for what it's worth, I think the DMCA is seriously flawed due to these sorts of things.]

 

[Logical Dog]

Few people in business or government care for ethics. :/

you must patent your ideas/technology, and even then it will surely be reversed by someone (but not sold in the market covered by the parent I guess). I read somewhere some defence products that are sold have restrictions on the buyer disassembling them and some kind of software locks, some kind of end user license agreement + ip protection

 

[rcgldr]

"Clean room" design is a situation that involves reverse engineering by someone or a group outside of the "clean room" doing the reverse engineering and then producing a specification that doesn't violate copyright. Wiki article:

http://en.wikipedia.org/wiki/Clean_room_design

patent

In the case of a patent, there's no need to reverse engineer because a patent clearly details the inner workings of a device and/or algorithm.

EULA

Wiki article:

http://en.wikipedia.org/wiki/End-user_license_agreement

 

[sa1988]

I spent a year in China and gained an interesting insight into their culture, part of which includes a lot of copying and reverse-engineering.

In Chinese culture, they don't see it as cheating at all if they copy an idea (in fact they don't see it as cheating even if you cheat - the ends very much justify the means for those people!). Regarding products and ideas, it seems to be accepted that if something is good it just makes sense to take the idea and use it - nobody should ever complain about having more of a good thing. I guess it's something to do with the historic communist mindset they had drilled into them by Mao and his successors. "Intellectual property" is quite a 'capitalist' concept I suppose. It harks back to the old "would I patent the sun?" rhetoric from the guy who discovered the polio vaccine and happily allowed it to be copied and used worldwide.

Given this, I personally would say reverse engineering can't be 'unethical'. Aside from the fact that sharing knowledge is always better for society, it's also the most natural thing for a human to do. If reverse-engineering is unethical, then we should really start to punish every toddler who ever takes apart a toy...

This is just a philosophical conjecture, however. I know that in the 'real world' such things can definitely be described as a nuisance at the least.

And then we have things like this: "A burglary at an innovative Scottish wave-power company went forgotten, until a very similar project appeared in China"

I believe a line may have been crossed there.

 

[houlahound]

I've heard of a few interesting legal cases where the 'intellectual property' involved is pop music.
Generally it turns out that plagiarizing somebody else's song is OK, claiming it as your own, as long as there is one different word or chord sequence.

In fact this is a major legal problem. This band is in huge financial trouble for copying some chords from a 1930's song written by a school teacher.http://mobile.abc.net.au/news/2010-02-04/men-at-work-plundered-kookaburra-riff-court/321624

 

[Dr. Courtney]

But you signed the contract saying you won't reverse engineer the software. You did this of your own free will. If it bothers you, don't sign the contract or don't use the software

I've never signed a contract when buying software. Often I don't even see the license agreement until after the purchase. I'm not sure the same ethical considerations apply when there is only a unilateral "agreement" that the buyer is not even informed of until after the purchase.

True, bilateral contracts, are indeed legally and ethically binding. But I would not say the same of all the fine print put in something they call an "agreement" that the buyer seldom sees prior to a purchase decision. One side cannot add arbitrary stipulations after a purchase is made. (I'm not justifying copyright violations or pirating of software, I'm just suggesting that everything in a software agreement that is not really mutually agreed upon is not necessarily ethically binding. In the context of this thread, reverse engineering - trying to see how software does what it does.)

Consider, for example, the government's success in hacking into the iPhone. Was that a violation of a user agreement? What about an expert reverse engineering software in a civil lawsuit? The software algorithms governing air bag deployment are complex and proprietary. Shouldn't an expert for the plaintiff in a case against the manufacturer be able to reverse engineer the deployment system to see how it works? Shouldn't this freedom always exist? In adversarial legal cases, should not the opposing team of experts always be able to reverse engineer all the software used by the other side as needed to understand and assess the validity of the opposing claims?

And I'd say the same for software used in most science. If a published paper references a specific software package, shouldn't scientists reading the paper be able to reverse engineer the software referenced to determine how the published results were really arrived at? Repeatability is at the heart of the scientific method. If software is a "black box" there is a fundamental limitation on both repeatability and peer review.

 

[Grinkle]

My personal view is that it cannot be unethical to figure out how things work - our brains do that involuntarily and we are curious by nature.

How one is allowed to use knowledge gained for personal profit must be a legal question, not an ethical question. There is no universal human drive to do one thing or another with a personal understanding of some reverse engineered technology that feels 'right' or 'wrong'. Reasonable people can and do disagree. Its a matter of regulation, not ethics.

 

[jedishrfu]

From experience, companies do reverse engineer things to see how they work. We have many bad examples of foreign companies reverse engineering popular products and then underselling the product here.

For software, we had to follow the Chinese Wall methodology to show that we didn't unethically steal code from another source. Specifically one engineer, the tainted one, would reverse engineer the code and write a functional spec on how it worked. The spec was given to a second engineer to write equivalent code.

https://en.wikipedia.org/wiki/Chinese_wall

This would often happen with folks writing code in Unix where one programmer would be able to view the UC Berkeley or ATT source code and then develop the functional spec. The second engineer would write an equivalent function. In many cases, for low level functions the new code is virtually the same as the old since there are a limited number of way to do things optimally and experienced programmers often think alike.

In our case, we were writing equivalent code for OS/2 and Windows from code on Unix for I18N functionality and we had to strictly follow this methodology.

We were also enjoined from borrowing code samples from the web and were required to sign originality documents that stated we did not copy the code nor obfuscate it to hide where it came from. There were folks who ran scan tools against our code looking for questionable comments and key phrases that might indicate a breach in the methodology.

The ethical issue here is the tainted engineer. Perhaps, companies should instead treat the competitors software as a BlackBox and do testing to discover how it works and then write equivalent code. However, the complexity of the code makes this a very difficult and time consuming approach.

https://en.wikipedia.org/wiki/Black-box_testing

 

[anorlunda]

My personal view is that it cannot be unethical to figure out how things work - our brains do that involuntarily and we are curious by nature.

I agree, but you must add the qualifier, "unless I agreed to not do so in an employment agreement, a non-disclosure agreement, or a contract."

The ASME ethics code cited above says that you must not only respect the legal rights of others but also their "proprietary" information. Things become proprietary, via agreements or contracts.

 

[cosmicminer]

It's complicated.
Michael Faraday claimed copyright for electricity but he lost his case. The judge said to him you cannot own a natural force.
But Pirelli won their case against Michelin in the sixties, because the courts opined Pirelli copied the French and the design of the car tire was so complicated that only by copying could it be reproduced.
So you can do it provided you won't be caught.
Most people become irrational about copyright. One day a friend mailed me a story about an equestrian event. I republished and I thought the journalist who wrote it would be happy with me so I wrote an email to him. But he responded with a threatening phone call and he wanted me to take it down "immediately".
So I suppose if I write a book about let's say the life of general De Gaulle and I use a picture from 1955 "De Gaulle in Bonn" and this picture is taken from an old "Le Monde" newspaper, they will start chasing me.
I believe that things that are meant to be hidden should be protected to the extent it is possible. But not things like the above. It's one of the historic pictures of le general, so what the heck ?
But there are those who copy musical tunes too. Did you know that "Save the queen" is German ? The composer did not however file the copyright back in the 17th century so nobody can claim it. After the fifties the tune thieves could n't do it anymore. The famous Turkish song "ninanai yavroum" was copied by a Greek bouzouki player, but it was the Greek courts themselves in that case that ruled in favour of the Turkish composer.

 

[Grinkle]

I agree, but you must add the qualifier, "unless I agreed to not do so in an employment agreement, a non-disclosure agreement, or a contract."

The ASME ethics code cited above says that you must not only respect the legal rights of others but also their "proprietary" information. Things become proprietary, via agreements or contracts.

I can't turn my brain off. I can agree to not deliberately with specific intent put effort into figuring something out, and if I knowingly break that agreement I am lying. Its the lie that would be unethical, of course.

 

[Dr. Courtney]

For me, the issue of reverse engineering is distinct from patent and copyright issues.

Reverse engineering is the act of figuring out how a product works, independently of how that knowledge may be used downstream.

Certainly there may be ethical and legal issues relating to how that knowledge is used after it is gained. Patent and copyright law must be respected.

But all valid notions of "intellectual property" center around how the knowledge is used downstream, not gaining the knowledge for its own sake (or for potential use after a patent expires).

 

[jack action]

My personal view is that it cannot be unethical to figure out how things work - our brains do that involuntarily and we are curious by nature.

I agree, but you must add the qualifier, "unless I agreed to not do so in an employment agreement, a non-disclosure agreement, or a contract."

@anorlunda : So if a programmer buys a software with a EULA stating no reverse engineering and while playing with the software he figures out which algorithms to choose to accomplish the same results, he would have breeched the EULA?