A generalized (and not purpose-bound) safe harbor for software decompilation

Comparing my description of the economics of decompilation and the case studies of actual decompilation projects, the idea that software reverse engineering is both costly and time consuming is reinforced. The likelihood that this kind of activity generates market failures in the field of software is very low. Moreover, the first paper of this dissertation showed that copyright law already offers various tools allowing the achievement of interoperability, but also avoiding free riding on the significant cost of expression. Hence, I argue that the determination of the legitimacy of software decompilation should not be based on later uses of

233 _{Tom Wickline, Wine with Safedisc and GLSL support, on Wine Reviews, November 11, 2007 (available at}

http://www.wine-reviews.net/news/wine-with-safedisc-and-glsl-support.html; last visited July 25, 2008).

234 _{These include: Safedisc 1, 2 and 4, also known as SafeCast; Securom 4; Ring PROTECH. See}

http://wiki.winehq.org/CopyProtection for more information.

235 _{DVD Jon (who was 15 at the time!) was charged with copyright violation, but Norwegian courts acquited him after having}

verified that he actually “cracked” his own legitimately acquired DVDs. Evidently, the same could not have happened under the DMCA, also because DVD Jon published its results on the Internet, de facto allowig other people to crack the DVD scrambling system. (See f.n. 236.)

236 _{See Robert Levine, Unlocking the iPod, Fortune Magazine, October 23, 2006 (available at}

http://money.cnn.com/magazines/fortune/fortune_archive/2006/10/30/8391726/index.htm; last visited July 22, 2008).

237 _{FairPlay is the DRM technology used by Apple’s iTunes.}

238 _{DEANA SOBEL, A Bite out of Apple? iTunes, Interoperability, and France's Dadvsi Law, 22 Berkeley Technology Law Journal, 267}

the obtained (unprotected) ideas and principles (information). On the contrary, decompilation should always be considered as legitimate, while the legality of the aforementioned later uses should be based on the market effect of the use of the obtained “expression”. That means that, in the EU, the law should be changed to reflect this principle, essentially abrogating article 6.2.a and 6.2.b of the Software Directive. In the US, no legal changes would be strictly needed. In principle, courts should just be careful in interpreting clean-room reverse engineering as a tool favoring defendants against alleged copyright infringements during the re- implementation stage and not as a necessary step for legitimate decompilation. However, a clear-cut statutorily established safe harbor could reduce legal uncertainty and transaction costs supported by the legal system.

It is important to notice that making software decompilation legal with a clear-cut safe harbour would not condone copyright infringing uses of the obtained information. After all, books are easily understandable, but they cannot be copied and the same holds true for open source software. About that, it may be appropriate to notice that “the exam of case law demonstrates that the vast majority of copyright infringement cases consist in conducts of authentic duplication, or quasi-integral reproduction also of the literal code.239_{” Italian cases,}

quoted by Guglielmetti, frequently show percentages of identical code above 80% or approaching 100%240_.

Moreover, these cases of blatant infringement are normally based on direct access to the original source code or even on direct copying of part of the distributed object code. This kind of parasitism will not be condoned by a safe harbour for decompilation, simply because true economic parasites do not engage in serious reverse engineering, because it is an excessively complex and costly activity. Free riders tend to mask literal (or otherwise automatic) copying. The same author241 _{stresses some other problems that should be carefully}

taken into account, but which are not – once again – related to reverse engineering. The violation of trade secrets and non-disclosure agreement, other forms of unfair competition or unfair business practices, frequently related to former employees’ disloyalty and/or breaches of fiduciary duties. In fact, similar issues are behind the vast majority of copyright infringement cases in the field of software, including world-famous US cases, like Computer Ass. V. Altai (where a former employee of CA took with him copies of the source code of various programs and went to work for Altai, the founder of which was another former employee of CA242_{); Cmax/Cleveland v. UCR (where the defendant and the plaintiff where former business partners and}

the defendant had “requested the source code [of the plaintiff’s program] in order to better communicate problems to and request improvements”243_{); Whelan Assoc. v. Jaslow Dental Lab (where the plaintiff and the}

defendant were business partners and the defendant’s program was so clearly derived from the plaintiff’s original one that it had been advertised as “a new version” of the former jointly distributed system244_{). In the}

last two mentioned cases, the actual developers of the infringing code were also inexperienced programmers, essentially learning by doing while copying from the source code of professional programmers; hence – even without being computer experts – it is actually quite easy to imagine that the copying was not limited to general principles and ideas.

In summary, reverse engineering is not the appropriate tool to practice low cost competition. This kind of competition is normally only feasible if one engages in some forms of unfair practices, and there are specific legal tools to deal with this category of behaviours. Hence, both a reverse engineering safe harbour, as suggested in this paper, and a narrow reading of the protection of structural software elements (idea, principles, methods and algorithms, including interfaces abstract specification), as suggested in the first paper, are coherent with a legal paradigm of copyright protection that does not tacitly condone infringement. Finally, notice that – even if, in the future, decompilation became an easier, cheaper and faster process – provisions like article 6.2.a and 6.2.b should be limited in time, introducing just a short blocking period to the disclosure (or even to the use) of the information obtained through decompilation. A quasi-perpetual, quasi- property rule protecting ideas and principles hidden in compiled code is incoherent with general intellectual property principles. A blocking period, if any, should be justified as a quasi-liability rule, established to artificially recreate some lead-time for the incumbent, following the suggestion of Prof. Reichman245_{. The}

239 _{Tentative translation from GUGLIELMETTI, L'invenzione di software (2nd ed.), p. 295-296. See Id., also for additional references.} 240 _{Id., p. 296 and footnote 94 in particular.}

241 _{See Id., p. 297.}

242 _{See the Discrict Court’s Findings of Fact in case 775 F.Supp. 544, with particular reference to section II.E, Dramatis Personae (p.}

553).

243 _{See 804 F.Supp. 337, § 10, 19 and 47 in particular.} 244 _{See 797 F.2d 1222, 1227.}

duration of this artificial lead time should be in the order of a few years: about two or three, unless the pace of software innovation slowed down dramatically.246