The extent of the enormous theft of CIA Internet/comm/malware materials, posted by Assange on Wikileaks, is only beginning to become visible, even to “public” info on it, that is, the actual source code for the various development efforts is apparently in his possession.
I’ll preface this with what should be an ATMB query, but I put it here because it is, more or less, at heart of OP:
Can I post a link to the current Wiikileaks trove? Resources of SD “banned” material —having to do with interchange or production illegal enterprises such as drugs, weaponry, e.g.–cannot be posted. Now, bearing that in mind or not, I’m interested in the laws about “profiting” from stolen material.
If Intel steals code from AMD in a product, well, all hells breaks loose if Intel stole it, and I suspect–but I don’t know–if one of their engineers amazingly enough found all this great code that “fell off a truck” their legal people would be assured of a shitstorm to come if the material were used, once AMD (or anyone else) found about it.
…
Assange said that some tech firms have reached out seeking more details about the CIA tools. He said WikiLeaks hasn’t published the details because it doesn’t want “journalists and people of the world, our sources, being hacked using these weapons.” The best way to avoid that, he said, is to give companies such as Apple, Google and Samsung access first.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Assange said.
What are the legal precedents, for or con, that are at play here, if Apple, Google, Microsoft, Kapersky, Cisco (hell I’m stumped) take possession?
How about me, for if I buy a my neighbor’s fenced stolen tractor, and use it to farm and sell vegetables, and he finds out about it?
Depends if they published a software under an Open Source license ( there are a number ), or under a proprietary license, or even just a little ‘All copyright reserved’ notice with their contact details.
Unless one establishes ownership from the start, all is fair game. Because how else can one show prior ownership that has been infringed ?
And if they don’t want to put their names to ‘A Method for Unnoticeably Recording and Wirelessly Broadcasting Video from a Showerhead’, then sucks to be them.
While I haven’t looked through the materials that were made public, security vulnerabilities are usually not going to be particularly indicative of the actual implementation of something. If there’s a buffer overrun, for example, then I know that somewhere in the logic there is a buffer overrun error. That doesn’t tell me anything about what the rest of the logic is.
It’s unlikely that company A could learn anything about company B’s technology from these resources that would be worth stealing.
Actually, come to think of it, the CIA, NSA etc. etc. are all government agencies, U.S. government publications have no domestic copyright, other than being Public Domain.
As well, you could also state that as a U.S citizen, these agencies work for You, the People — and ultimately the fruits of their labours are yours to enjoy.
Oddly, classified information is still classified and controlled even after it becomes widely available.
One ex-CIA agent wrote a tell-all book many years ago. It was available uncensored overseas in places like the UK. But when the US edition finally came out there were blacked out parts all over it.
Keep in mind that you can copyright programs, explicit implementations of a process. You can’t copyright ideas, concepts, or facts. If there’s a way to “break in” to iOS or Android or Windows - say, send this packet to this port and you get an uncontrolled buffer overrun - the company A will tear apart the program, discover what it does, and then write their own version which is not a violation of copyright.
Of course, taking control of someone else’s system without permission still violates an assortment of laws. More likely they’d pass on these tools so the affected companies - Apple, Microsoft, Google - could figure out what the exploit was and update their systems to prevent it.
I think back in the days, the USA made great efforts to prevent certain nations from acquiring both hardware and software. I cannot begin to think that they were very successful in the latter. Far far better to include failure sections that would unaccountably break the running of the program.
And conversely to that CIA chap, as an exact parallel a British MI5 agent wrote a tell-all book that was available uncensored overseas in places like the USA.
Perhaps the grass is always greener abroad, but it also seems, he’s well-rewarded.
And from that Wiki:
*The concepts and use of public key cryptography (PKC) were discovered by James H. Ellis and British GCHQ scientists in 1969. After the re-discovery and commercial use of PKC by Rivest, Shamir, Diffie and others, the British government considered releasing the records of GCHQ’s successes in this field. *
Leo Bloom, the mods are in fact discussing whether that link would be allowed, and we have not yet come to a conclusion. It was quite presumptuous to ask for permission and then to go ahead before it was granted.
If we come to the conclusion that it’s allowed, then we’ll restore the link.
The courtesy of saying “this is under discussion” – the “answer” one might say – was not offered. That was presumptuous. I received no answer after a significant and suitable time for that fact, that it was under review, to have been acknowledged.
Back in the 1980s IIRC some grad student wrote a paper on how easy it would be to build an atomic bomb - assuming you could obtain the necessary materials. The US government said the result was classified. It was pointed out all the details were in various textbook, and the response was that the textbooks were ok, but highlighting the pertinent parts would make it classified.