Bans against reverse engineering, like the one recently announced by Microsoft's Skype unit, are the latest front in the open source vs. proprietary war.
There is little doubt that the law is on Skype's side. As with the whole question of business patents, this is court-made law that legislators are unlikely to overturn. The case is Bowers vs. Baystate Technologies, and it used Massachusetts law to create something like the failed UCITA, legalizing bans.
UCITA, for those who don't remember, was an effort early in this century to impose bans on reverse-engineering under state laws across the country. Activists fought it back. But before they could celebrate their victory, the Court of Appeals for the Federal District, which is generally the high court for patent cases, lowered the boom on everyone.
When you keep people from reverse-engineering something, you are explicitly preventing them from looking at how it works. You are explicitly preventing them from inventing a way around it.
The Free Software Foundation regularly puts out calls for reverse engineering and even Linus Torvalds got slapped down when he protested Andrew Tridgell's use of the technique on Bitkeeper.
But here's the real problem I have with Skype's decision, or any such decision banning reverse engineering of code.
It's a security risk.
Whenever there's a nasty virus about, the first thing security firms do is reverse-engineer the thing. What if such a bug gets placed into Skype? Only Microsoft will be allowed to solve the problem. The entire computer security complex – and we're talking about a huge industry – will have to keep its hands off. And users will just have to wait until a patch is downloaded.
If Microsoft offered an “exception” to the rule for purposes of security, they're giving the game away. They're admitting that reverse engineering is a valid technique, one that needs to remain valid. But if they don't create such an exception, they can't get anyone's help when (and it's when, not if) some hacker decides to get malware into the code base, or create malware that specifically attacks Skype code.
