Is reverse engineering ethical?

[phyzguy]

And I'd say the same for software used in most science. If a published paper references a specific software package, shouldn't scientists reading the paper be able to reverse engineer the software referenced to determine how the published results were really arrived at? Repeatability is at the heart of the scientific method. If software is a "black box" there is a fundamental limitation on both repeatability and peer review.

I agree completely. This is why I and many other researchers only use open source software for doing research. For almost any software task you have, there is open source software available that does the job.

 

[anorlunda]

So if a programmer buys a software with a EULA stating no reverse engineering and while playing with the software he figures out which algorithms to choose to accomplish the same results, he would have breeched the EULA?

That doesn't sound like reverse engineering at all. But if he tried to decompile the software to understand how their algorithm was implemented, that would be reverse engineering.

Edit: You might also try to find the login info for for the manufacturer's website embedded in the code. That too would be reverse engineering, this time with very evil intent.

 

[jedishrfu]

@anorlunda : So if a programmer buys a software with a EULA stating no reverse engineering and while playing with the software he figures out which algorithms to choose to accomplish the same results, he would have breeched the EULA?

This is more like blackbox testing.

 

[stevendaryl]

I think there is basically a consensus that reverse-engineering is fine, legally and ethically. But I just want to remark that when someone invents something new, there are really two different creative acts involved:

1. Figuring out what functionality would be desirable.
2. Figuring out how to implement that.

Patents as far as I know can only protect the second kind of creative act, even though it's often the case that #1 is the real breakthrough. Often, nobody has any idea that anyone would want a particular thingamajig until it exists, and its usefulness or coolness can be demonstrated. Then once you know that it's possible and desirable to build thingamajigs, the engineering difficulty in figuring out how to build one might be relatively trivial.

 

[jack action]

That doesn't sound like reverse engineering at all.

From https://en.wikipedia.org/wiki/Reverse_engineering:

Reverse engineering, also called back engineering, is the processes of extracting knowledge or design information from anything man-made and re-producing it or re-producing anything based on the extracted information. The process often [personal note: but not necessarily] involves disassembling something (a mechanical device, electronic component, computer program, or biological, chemical, or organic matter) and analyzing its components and workings in detail.

What about Clean Room design?

What about doing reverse engineering to do a competitor analysis and not to copy the product? Can you really forbid someone to find your flaws? Especially if it is to build a new program for a more specialized sector that your program doesn't support well?

My point is that you cannot forbid someone to be curious about how your product works. You may forbid someone to sell copies of your product, but not the mere fact of examining it.

 

[Dr. Courtney]

I agree completely. This is why I and many other researchers only use open source software for doing research. For almost any software task you have, there is open source software available that does the job.

Agreed. But this does not help when reviewing or assessing the work of others who may have used commercial or closed source tools.

There are other times when using the closed source stuff is just to much faster. LabVIEW with instrument drivers and other software supplied by instrument vendors is usually the fastest path to data acquisition, and their built in tools also make real-time data analysis pretty easy also. It's usually much easier to do enough reverse engineering to understand it, validate it, and trust it than adapting an open-source solution.

Further, many vendors push their stuff in the training environments (schools) so a newly minted scientist may have much more experience with commercial finite element tools.

Finally, I work in some fields (like internal ballistics) where the open sourced tools lag way behind the commercial products.

 

[jedishrfu]

Its the need that some solves by the "implementation"

Patents teach you something others (as someone skilled in the art) didn't know before and because of that the govt gives you a 20 year license to allow you to develop your idea without being outgunned by others.

Some classic examples of these kinds of races:
- Einstein in his development of GR raced against Hilbert after having presented the still unfinished theory to him and others at a seminar
- novel apps on iTunes that quickly get overrun by imitations. Angry Birds to Flappy Birds...
- the "Wrench Case" where a young inventor gets outplayed by Sears who even hires his attorney to get the patent that was being filed and 17 years later the inventor is awarded $5 million in damages
- the spreadsheet app from VisiCalc was quickly overrun by Lotus123 neither of which had patents on the idea

 

[jedishrfu]

Clean room aka Chinese Wall

 

[Dr. Courtney]

By the way, I read that the EPA really wants to keep consumers out of car computers, because they would invent and distribute patches that circumvent pollution controls to favor performance. Like Volkswagen, they could make them smart enough to switch back for annual inspections.

EPA is supporting Detroit in trying to make it illegal for us to peek under the covers of the computers in our cars.

Is the EPA too stupid to understand the difference between reverse engineering (understanding and documenting) and modifying? Certainly, there may be a place for government to prevent modification of emissions systems.

But preventing independent understanding and validation of how they work and what they are doing is too much of a government and corporate mandate to "trust us." It is not consistent or compatible with a free republican society or free enterprise where fundamental checks and balances between consumers and industry and between citizens and government are necessary to curb corruption.

 

[anorlunda]

My point is that you cannot forbid someone to be curious about how your product works. You may forbid someone to sell copies of your product, but not the mere fact of examining it.

You seem to think that the motivation of the reverser (I just made that word up) makes a difference. I don't think it does.

You used the words examine and disassemble in the same post. There's a world of difference between them. The devil is in the details.

If you want to explore the fine line between what is and is not allowed, you should go to a lawyers forum or to case law, not to Physics Forum. I believe that most of us here think that reverse engineering is morally ethical in almost all circumstances, but that it is nevertheless forbidden in many circumstances.

 

[jack action]

If you want to explore the fine line between what is and is not allowed, you should go to a lawyers forum or to case law, not to Physics Forum.

The subject of this thread was ethics and you are the one who brought up the legal part:

Interesting question. Legal is often used as a substitute for ethical.

You're the one who made a strong statement that EULA is giving all mighty power to the software companies over what a user can do:

The license is binding legally and ethically even if you didn't sign anything. The license restricts what you can do. If it says no reverse engineering, then you're stuck with that.

I am no lawyer either, but to state that one can forbid you to read a file with a decompiler is an interpretation of the law that is way too restrictive IMHO. Contracts are there to prevent damages and you must prove that the action done caused you damages before you can sue anyone.

Otherwise, one could just put anything in an EULA: «By buying this software, you agree to only use it on a computer with a legal version of Windows.» You can put that in your EULA if you want, but good luck going to court with it because no damages are done to your software company if one uses it with another OS.

 

[anorlunda]

Contracts are there to prevent damages and you must prove that the action done caused you damages before you can sue anyone.

Not always. There are also such things as injucntive relief, statutory damages, and liquidated damages that do not require showing actual damages.

I don't understand why you're getting worked up. Opinions about ethics are only opinions. Laws are things we have to deal with in real life. Laws are not constrained to be logical, or to make sense, or to be benevolent, or to align with ethics. I think that outrageous laws that do stupid things are common, but I have to live with them.

 

[Averagesupernova]

Just to be clear [this has been touched upon already in a previous post], in recent years things are more complicated due to the Digital Millennium Copyright Act (DMCA).

Yes, in the past you could reverse engineer the heck out of something for the sake of the learning experience, if you don't plan to sell it. But now [with the DMCA], if there is software involved, and if reverse engineering involves making copies of that software [or messing with the software], then it falls under piracy laws, like those that forbid you from making digital copies of your favorite Metallica song.

This sort of thing has been bubbling in the [farm] tractor industry for a couple of years now, for example.

http://modernfarmer.com/2016/07/right-to-repair/

​

[Edit: for what it's worth, I think the DMCA is seriously flawed due to these sorts of things.]

How far can this be taken though? While it may be a stretch in the above case, how can one be legally prevented from repurposing hardware? What happens if I jerk the engine out of a tractor and replace it with something that uses absolutely NO software? While it may be an issue for the EPA, the company that licensed the software has no jurisdiction if I am not using the software. I am using the tractor as an example because it was mentioned in the post by @collinsmark . Again, it may be quite a stretch but it certainly would not be a stretch with some equipment for me to simply discard and replace said companies software. My guess is that the future will bring aftermarket software for industrial equipment such as this. If politics shift to a more lenient EPA it is VERY likely you will see this as John Deere currently is VERY careful about letting software out that can 'plug in' to their equipment.

 

[krater]

Those of us who were present for the early world-wide-web may have stumbled across the somewhat renowned +HCU. Those were the heady days when massive increases in net access began to really put IP law to the test. Central to the organization was the concept of reverse engineering, viewed as not only ethical but vital. One can still dredge a few shadows of +Fravia's site in web archive, or in mirrors.

 

[houlahound]

Those of us who were present for the early world-wide-web may have stumbled across the somewhat renowned +HCU. Those were the heady days when massive increases in net access began to really put IP law to the test. Central to the organization was the concept of reverse engineering, viewed as not only ethical but vital. One can still dredge a few shadows of +Fravia's site in web archive, or in mirrors.

Can you give some back story, sounds interesting.

 

[Kaura]

I do not know
Is there some sort of equation or boolean function for ethics?

 

[phyzguy]

They used to teach us that if you weren't sure if something was ethical, imagine reading about it in the newspaper. If that thought doesn't bother you, then it's probably OK. If the thought of reading about it in the newspaper makes you cringe, it's probably not something you should do.

 

[Dr. Courtney]

They used to teach us that if you weren't sure if something was ethical, imagine reading about it in the newspaper. If that thought doesn't bother you, then it's probably OK. If the thought of reading about it in the newspaper makes you cringe, it's probably not something you should do.

These days one needs to consider whether you expect to read a straight, unbiased factual version in the newspaper, or a spin doctored skewed, version where a third party is guessing at your motives and assuming a nefarious intent and and only giving an exaggerated interpretation of little know federal regulations as context.

I only think of something as unethical if one cringes at the thought of a straight, unbiased factual version in the newspaper.

Who would bother to get out of bed, much less do anything useful if they lived in fear of the spin doctored, skewed version where the only context is a little known federal regulation also twisted all out of proportion to make it look like something illegal was done.

 

[jim hardy]

Reverse Engineering seems to me a tool that like any other can be put to ethical or unethical ends.

Using it to steal knowledge without working for it is like copying somebody else's homework,

using it to keep some old machine running that would otherwise go to the landfill is laudable IMHO.

In the nuclear power industry there exist several small outfits making reverse engineered replacements for obsolete instruments .

Big outfits like GE and Westinghouse simply can ill afford to continue making gizmos designed fifty years ago for which even the components are no longer made. They offer wholesale replacements at the system level, multi-million dollar undertakings that require retraining whole maintenance departments.

Allowing the maintenance guys to keep their old stuff in good repair until such time as the organization becomes ready to undertake drastic system level change is in my opinion the ethical and safe thing to do, and in the general public's best interest.

To quote Huckleberry Finn: "I've been there..."Right now I'm struggling to figure out how to replace the obsolete power transformer on a friend's microwave oven controller board. It's a built-in and needs to match the rest of her kitchen.
Not to mention the magnetrons in those things contain a small amount of thoriated tungsten that doesn't need to be migrating into new steel through metal recycle yards. My junk man says a half dozen microwave ovens will cause a truckload of scrap to be rejected - too radioactive.

The transformer has three windings and I'm trying to figure out what is their voltage.
If anybody here is a gray-haired Maytag engineer with access to archives-
transformer is marked 6170w1g022a
board is marked 6870w1a393a
both seem to be obsolete part numbers

old jim

 

[newjerseyrunner]

I reverse engineer things all the time, maybe not fully but sometimes it's not hard.

I was on the phone with a developer from a company that we contract work out to. I was asking about why the couldn't add a feature. They told me that I wouldn't understand how the software worked. I said something like "you have a 1.5GB data file that's replaceable, it's clearly a neural network."

I got about ten seconds of silence followed by "did you work here?"

 

[Work Hard Play Hard]

Reverse Engineering seems to me a tool that like any other can be put to ethical or unethical ends.

Using it to steal knowledge without working for it is like copying somebody else's homework,

using it to keep some old machine running that would otherwise go to the landfill is laudable IMHO.

In the nuclear power industry there exist several small outfits making reverse engineered replacements for obsolete instruments .

Big outfits like GE and Westinghouse simply can ill afford to continue making gizmos designed fifty years ago for which even the components are no longer made. They offer wholesale replacements at the system level, multi-million dollar undertakings that require retraining whole maintenance departments.

Allowing the maintenance guys to keep their old stuff in good repair until such time as the organization becomes ready to undertake drastic system level change is in my opinion the ethical and safe thing to do, and in the general public's best interest.
View attachment 114181
To quote Huckleberry Finn: "I've been there..."

Old jim

Great input. Have you ever run into old prints that are spec'd with "As Needed?"

 

[jim hardy]

Have you ever run into old prints that are spec'd with "As Needed?"

indeed, and "By Field" .Thanks for the feedback !