Subject Re: [firebird-support] Re: Undocumented internal encrypt/decrypt in FB
Author Geoff Worboys
> My understanding is that some deliberate effort to keep the
> IP out of the public domain is also required (in addition
> to a legal deterrent).

You have to be a little careful here as some terms have special
meaning in this context. For example "public domain" is a term
generally used for information to which copyright does not
apply (copyright has expired or was explicitly released).

Trademarks dont apply to this conversation, I am not a believer
in software patents (and could not afford them even if I did
believe) and so I rely on the IP protection of copyright.

Copyright law does not (cannot) require that you keep the work
out of the public view. What it does do is allow you to limit
what rights others have with regard to copying, broadcasting,
publishing and adaptation.

A movie can be broadcast to thousands of people, a web page may
be seen by millions of people but both are still be covered by
copyright. The GPL and LGPL try to call themselves "copyleft",
but in fact the restrictions imposed under these licences are
only enforceable due to copyright law.

Computers muddy the water quite a lot, and DRM is all about
industry trying to channel that muddy water. DRM can be used
not only to try and prevent copying but also to identify
details about the original in the copy as this can be helpful
in tracing and enforcing copyright. Some jurisdictions do
make it illegal to use, create or import devices and services
to circumvent such protection, but this is distinct from the
copyright protection of the work which will exist whether such
devices are used or not. DRM is unlikely to ever be completely
effective - which is why it needs laws to discourage people
getting around it, even though there were already laws to
discourage people from doing what the DRM is there to prevent
anyway... (arrrgghhh! let's not go there on this list).

> So I would ask: won't encryption hooks even support a legal
> model - a-la DRM? - and - even if it will, is the presence
> of hooks just too dangerous anyway?

As you see above I dont believe that there is a legal
requirement - at least not in terms of copyright law.

I dont really mind if the the FB team decide to put such hooks
in the engine. Such hooks will impact performance, even when
not used, but I dont imagine it will be noticable until you
attach some encryption. I would suggest that such hooks should
be clearly documented as "use at own risk" etc etc (or maybe
just a label of: "WAFTAM" ;-)

If they do get implemented then I would strongly suggest that
anyone interested in achieving any security by obsurity should
not use them but find their own system - it is difficult to be
obscure when the details are published on the Internet.

Geoff Worboys
Telesis Computing