Subject Re: [firebird-support] Re: Undocumented internal encrypt/decrypt in FB
Author Max Renshaw-Fox
Hi Geoff,

>> 'OK there is no silver bullet - now what is the balance
>> between IP law requiring "reasonable efforts to protect"
>> and loading a gun to shoot your friends in the foot'.
>> We don't face this issue - we consider Client Data theirs -
>> incl DB schema.
>
> I dont go that far. I have huge amounts of metadata (most
> forms and reports are in a database too). Like the rest
> of the "software" (the programs and help files) this belongs
> to my company and is only licenced to the client.
>
> A signed licence agreement is what I use for "reasonable
> efforts to protect" the IP. This is very standard and widely
> used and accepted.
>
My understanding is that some deliberate effort to keep the IP out of the
public domain is also required (in addition to a legal deterrent). My
first thought was to ask what format you store forms & reports in the
database - binary, some IL - or plain source - but I doubt that is the key
- since you may be using other mechanisms to support your license (at your
client & own locations).

Another analogy may help - ohloh says the Firebird code is "worth" $35
million - but I doubt that could validly appear on a balance sheet
anywhere. JBoss & mySQL otoh do have "value" - but that is ultimately for
the "business" (future cashflow - or willing buyer for JBoss) rather than
the code per-se. Similarly, every time I purchase a book - I get the
"source", in a sense, but I don't get the IP (that enabled the book to be
assembled) - or the recording industry, struggling to retain traditional
IP now that p2p has undermined their mechanism - and they don't yet have
an alternative (like sheet music 100 yrs ago when the US was the "baddie"
in IP law).

Neither DRM nor lawsuits will "save" recordings - but a change in business
model will (after all they still have the process that created the "value"
- if not the delivery medium) - but that requires a mindset change (I
suspect the original questioner may be in this category).

To come full circle then - what I was supporting was the idea that a fully
open source project with no specific *business* end-point (ie Firebird - I
hope I haven't miss-stated that goal) can validly support the *sensible*
business objectives of it's stakeholders. "Sensible" being the key.

So I support the idea of a recognisably weak lock on a garden shed (eg
reports stored in IL, bytecode or XML - or encryption hooks - maybe - see
below) to protect my bicycle ownership (license) - while recognising the
danger of my neighbour storing his BMW (motorcycle) there because *he*
thought I'd made it impregnable - or no-one would guess.

I think a valid argument for not having encryption hooks is that it would
be a honey-pot for my neighbour rather than that it can't ever be secure
(my shed could even be lifted out by helicopter). Then again - if my
neighbour had the expertise - he could build his own bunker (compile
custom fb source). So I would ask: won't encryption hooks even support a
legal model - a-la DRM? - and - even if it will, is the presence of hooks
just too dangerous anyway?

I don't have the expertise to make that choice - but I think that's the
area for consideration.

hth

Max