FRAMINGHAM (04/03/2000) - A federal ruling on a collection of programs that decoded Cyber Patrol filtering software is raising questions about the power of U.S. courts to force the removal of information from Web sites. The case could also have implications for the reverse-engineering of commercial software and attempts by companies to halt the practice, which they say damages the marketability of their products.
Abner Germanow, an Internet security analyst at International Data Corp. (IDC) in Framingham, Massachusetts, predicted that the Internet community will find itself increasingly confronted by untested court rulings governing reverse-engineering and the freedom to post contested programs on the Web.
"This is the beginning of many similar issues that businesses will face - it sets a precedent," said Germanow.
The legal proceedings began last month when Mattel Inc. in El Segundo, California, parent company of Framingham, Massachusetts-based Cyber Patrol, filed a lawsuit in U.S. District Court in Massachusetts against the authors of the cphack, cndecode and cph1_rev programs. Those programs enable the re-creation of Cyber Patrol's list of blocked Web sites and newsgroups.
The suit claimed that authors Eddy Jansson of Sweden and Mathew Skala of Canada violated U.S. copyright laws.
"Our issue is not the list; the issue was the reverse-engineering and decompiling of software in violation of copyright and the posting [of] large sections of original source code and two executables derived from source code," said Sydney Rubin, a spokesman for Cyber Patrol.
On March 24, Mattel reached a settlement agreement with Jansson and Skala in which the authors agreed to turn over all rights to the software and an explanatory essay. Mattel then used its copyright to seek a court order against an estimated 50 mirror sites that linked to the contested software.
A week earlier, on March 17, U.S. District Court Judge Edward Harrington had granted Mattel a temporary restraining order against Jansson and Skala. Mattel sent notices of the restraining order to the mirror sites and requested that they remove the programs and turn over logs of people who had downloaded the banned software.
The American Civil Liberties Union, which represents three of the targeted Web site operators, fired back with a motion to suppress what it said were improper subpoenas. The ACLU argued that the software and links to the mirror sites represented constitutionally protected speech and that the "anonymity of persons accessing Internet Web sites should not be breached."
"We argued that the U.S. court doesn't have any authority to enter injunctions because the U.S. copyright laws don't apply overseas," said Chris Hansen, an ACLU staff attorney.
Rubin maintained that the injunction applies to mirror sites that post the program but not to those that post links to the mirror sites. IDC's Germanow said a ban on reverse-engineering would damage attempts to evaluate software for security holes and interoperability.
"If you restrict software to only being used in a way that the vendor intended, you risk stifling a lot of innovation," Germanow said.
Cphack appeared to be released under the Free Software Foundation's GNU General Public License (GPL), which could allow unlimited distribution of the program even if Mattel owns the copyright.
Jansson had attached the statement "Released under the GPL" to the cphack program because he wanted it to be freely available. But he said he never discussed releasing the entire package under GPL with Skala.
"Mattel got my rights to it," Jansson said in a statement.