Question

Is reverse engineering viewed as a legitimate or illegal act through the lens of the law?

Answer 1

Reverse engineering:

Reverse engineering, also called backwards engineering  is the process by which an artificial object is deconstructed to reveal its designs, architecture, code or to extract knowledge from the object.

Software reverse engineering can help to improve the understanding of the underlying source code for the maintenance and improvement of the software, relevant information can be extracted to make a decision for software development and graphical representations of the code can provide alternate views regarding the source code, which can help to detect and fix a software bug or vulnerability. Reverse engineering can also help to detect and to eliminate a malicious code written to the software with better code detectors.

Reverse engineering viewed as a legitimate act through the lens of the law.

It is quite often the case that reverse code engineering a software product is teetering on the border of legal and illegal. So as a reverse engineer, you should know your rights and the rights of the software owner.In some countries even if an artifact or process is protected by trade secrets, reverse engineering the artifact or process is often lawful if has been legitimately obtained.

In terms of reverse engineering and fair use, the law tends to favor the reverser. However, negatively affecting the value of the original product will almost never result in it being categorized as fair use. Also keep in mind that fair use does not permit breaking the user license terms.

Because reverse engineering can be used to reconstruct source code, it walks a fine line in intellectual property law. Many software license agreements strictly forbid reverse engineering. Software companies fear (and rightly so) that their trade secret algorithms and methods will be more directly revealed through reverse engineering than they are through external machine observation. However, there is no general-purpose law against reverse engineering.

Because reverse engineering is a crucial step in removing copy protection schemes, there is some confusion regarding its legality. Patching software to defeat copy protection or digital rights management schemes is illegal. Software vendors forbid reverse engineering in their license agreements for many reasons. One reason is that reverse engineering does, in fact, more obviously reveal secret methods. To a skilled reverse engineer, looking at the binary machine code of a program is just as good as having the source code. So the secret is already out, but in this case only specialists can "read" the code. Note that secret methods can be defended through means other than attempting to hide them from everyone but specialists in compiled code.

Patents exist specifically for this purpose, and so does copyright law. A good example of properly protecting a program can be found in the data encryption algorithms domain. To be acceptable as actually useful and powerful, encryption algorithms must be published for the cryptographic world to evaluate. However, the inventor of the algorithm can maintain rights to the work. Such was the case with the popular RSA encryption scheme.

Another reason that software vendors would like to see reverse engineering made illegal is to prevent researchers from finding security flaws in their code. Quite often security researchers find flaws in software and report them in public forums like bugtraq. This makes software vendors look bad, hurts their image, and damages their reputation as upstanding software vendors. (It also tends to make software improve at the same time.) A well-established practice is for a security specialist to report a flaw to the vendor and give them a reasonable grace period to fix the bug before its existence is made public. If reverse engineering is made illegal, then researchers will be prevented from using a critical tool for evaluating the quality of code. Without the ability to examine the structure of software, users will be forced to take the vendor's word that the software is truly a quality product. Keep in mind that no vendor is currently held financially liable for failures in its software. We can thus trust the vendor's word regarding quality as far as it impacts their bottom line (and no farther).

When you download software on-line, you are typically asked to press "I AGREE" in response to a EULA document displayed on the Web site. These agreements usually contain language that strictly prohibits reverse engineering. However, these agreements may or may not hold up in court.