Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation

• Previous message: J.A. Terranson: "Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation"
• In reply to: J.A. Terranson: "Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation"
• Next in thread: J.A. Terranson: "Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation"
• Reply: J.A. Terranson: "Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 29 Jul 2005 15:42:15 -1000
To: "J.A. Terranson" <measl@mfn.org>

J.A. Terranson wrote:
>>>I believe that at the moment of disclosure it becomes public domain.
>>>Echoes of RC4...
>>http://www.infowarrior.org/users/rforno/lynn-cisco.pdf
>
> That letter doesn't change anything. Theres a lot of law that says that
> is now public data, and free of it's trade incumberances.

RC4 is an algorithm, which means it cannot be patented nor copyrighted
nor protected as intellectual property as anything other than a trade
secret.

The Cisco/ISS trade secrets remain so unless and until these companies
forego the legal protections afforded to them under law. i.e. they fail
to seek restraining orders and otherwise fail to attempt to keep control
of the commercial advantage that they believe they enjoy as a result of
their ownership of the trade secret.

Because RC4, as an algorithm, cannot be protected as a trade secret
starting the moment it is embodied into a product where the product can
be reverse engineered legally, it would not have been possible to obtain
injunctions against the dissemination and use of the RC4 algorithm and
this is where you end up feeling like RC4 became "public domain" upon
its public disclosure. See:

http://en.wikipedia.org/wiki/RC4

Now, if RC4 had never been used to create a product and had been kept as
a trade secret, and that secret had been published, then it would not
have become, automatically, an unencumbered algorithm that could be used
by anyone with impunity. There being no way other than theft of trade
secret for a third party to come to know the algorithm, had a court
order been obtained to halt the spread of the secret the algorithm
itself could very well have been kept as protectable intellectual
property until such time as the company that enjoyed a commercial
advantage through preservation of their RC4 trade secret had concluded
the public distribution of a product that somebody else could have
reverse engineered.

The interesting question in the Lynn case arises when international
jurisdictions come into play. It is very clear that anyone inside the
U.S. who were to publish an article like the following one:

http://www.techworld.com/security/news/index.cfm?NewsID=4130

Would be subject to the injunction on distribution of the trade secrets
in question, and could be sued for having knowingly possessed and made
use of (for the purpose of writing the article) those secrets.

However, techworld.com is a UK-based publisher, apparently, and so
should be fine until a UK court concurs with the U.S. court's granting
of the injunction.

Sincerely,

Jason Coombs
jasonc@science.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: J.A. Terranson: "Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation"
• In reply to: J.A. Terranson: "Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation"
• Next in thread: J.A. Terranson: "Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation"
• Reply: J.A. Terranson: "Re: [Full-disclosure] <Cisco Message> Mike Lynn's controversial Cisco Security Presentation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]