[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verilog encryption broken



In article <[email protected]>,
Mark C. Henderson <[email protected]> wrote:
: What should one do when one discovers that a vendor is marketing
: an encryption scheme for the protection or to limit the use of
: specific information, which is easy to break.

Whatever you want to do. Contrary to what I suppose is a popular
opinion, this is not an ethical question *unless* you have some
sort of contractual obligation that makes it so or unless your
personal, *private* ethics says something on the subject.

People who rely on trade secrets are making a bet. The bet is as
follows: first, that all people who have access to the trade
secret will respect the agreements, both by not disclosing their
trade secret and by protecting it from disclosure; and, second,
that if someone does violate one of those agreements, he has deep
enough pockets that suing him will make up for the loss. When the
trade secret is exposed, *it is gone*. *Forever*. That's the law.
Those who once had a trade secret cannot legally demand of
(uninvolved) others that they help them protect it.

I would guess that it is *Verilog* whose ass is in the fire. If
you or I were to use that script to extract information from their
libraries, *unless* we had an agreement with Verilog not to, it
would be perfectly legal to do so. And it would be perfectly
legal to broadcast that information. However, Verilog, by not
adequately protecting the information in the libraries, may well
be liable for the disclosure. What it looks like from this
distance is that Verilog is running scared, trying to frighten
would be extractors into not spreading the information they would
get so that the amount of damage Verilog will have to take will be
limited.

Verilog, their customers, and library providers, made a bet. They
lost. No one (who is uninvolved) has *any* obligation to help
them minimize the loss from losing their bet. I have no doubt
that Verilog would like to have the discussion turn away from the
simple business aspects toward a touchie-feelie mass-debation
about ethics but to do so would simply be evading the real issues.