Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/12/84; site desint.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!tektronix!hplabs!sdcrdcf!trwrb!desint!geoff From: geoff@desint.UUCP (Geoff Kuenning) Newsgroups: net.unix-wizards,net.legal Subject: Re: yacc: public domain? Message-ID: <298@desint.UUCP> Date: Thu, 10-Jan-85 04:13:59 EST Article-I.D.: desint.298 Posted: Thu Jan 10 04:13:59 1985 Date-Received: Sun, 13-Jan-85 07:09:52 EST References: <6779@brl-tgr.ARPA> <2114@umcp-cs.UUCP> <1276@orca.UUCP> <288@desint.UUCP> <4866@utzoo.UUCP> Organization: his home computer, Manhattan Beach, CA Lines: 91 Xref: watmath net.unix-wizards:11476 net.legal:1292 In article <4866@utzoo.UUCP> henry@utzoo.UUCP (Henry Spencer) writes: >Anyone who has granted access to this stuff without imposing a non-disclosure >requirement as a condition of access is in violation of their Unix licence, >and AT&T could sue them for their shirts over it. So? Does U of Toronto require literally *every* student who has ever taken a Unix course or had a Unix signon to sign a nondisclosure? If so, you are the exception, not the rule. Besides the obvious case of university students, there are also public access Unixes. I know of installations in Chicago and San Francisco. Both have 'guest' logins, and will grant a login to anyone who asks, as well. There are also several budding commercial timesharing Unix systems. I can also point out at least several cases of Unix systems which are on dialup phone lines accessible to any "cracker," and which have guest logins with no password. Several 68000 companies, for example, provide "demo" phone numbers with guest logins. (In fact, I have seen systems that don't even have a root password!). Finally, there are the commercial installations. When a TRW employee hires on, he or she typically signs a blanket nondisclosure/invention ownership document. Two or more years later, he/she is given a UNIX login. But was it made clear that this involved a specific nondisclosure responsibility to AT&T? Also, a number of AT&T customers (OEM's) have been sloppy about UNIX licenses, especially in the early days. I know of more than one 68000-based system which the owner paid cash for, legally, yet never signed a nondisclosure. My point is that, although technically you are right (all of these people are guilty of violating the nondisclosure agreement), legally AT&T has no recourse against these people. One of the requirements of trade secret law is that AT&T must make a sincere good-faith effort to maintain the secrecy of their material. My position (if sued by AT&T) would be that the number of people who have had non-restricted access to all or part of UNIX is prima facie evidence that AT&T has not taken sufficient care to restrict their trade secret. In particular (warning: I am working from rusty memory on the contract; forgive me if I blow it): (1) Many editions of the AT&T contract have not explicitly prohibited granting access to the "publicly-readable" files. I am pretty sure that I have seen contracts listing /usr/src as the only thing that must be protected as an AT&T trade secret. (2) Most editions of the contract have said nothing about who may be given logins on the system, although there is a provision that anyone who is given "access" to the *sources* (not the timesharing system as a tool or entity) must be bound by nondisclosure. (3) AT&T has been aware for some time of the existence of university students who use Unix. I suspect AT&T has taken no action to make sure that these "ordinary" users are bound by non-disclosure. (4) The same goes for public-access Unixes, which have been around for at least two years now -- plenty of time for an aggressive company to learn of their existence and write them a nasty legal letter. (5) Finally, AT&T has not (in my perception) been very aggressive about seeking out and prosecuting violators of their trade secrets. In my experience, it is normal for your average Unix wizard to leave his or her job with tapes under the arm. The last guy I worked with who had access, had tapes of V7, SIII, and BSD. All illegal, to be sure, but nevertheless AT&T hasn't made much news suing those types. Even former AT&T employees are among the violators. Note that, under US trade secret law, all of the people responsible for letting the cat out of the bag are liable for damages to AT&T. However, anyone who learned these secrets *from* those people can use them at will. So, although AT&T can sue a bunch of people for a bundle, the "secrets" are no longer AT&T's property in the sense that anyone can be sued for using them. If one accepts that Bell cannot successfully defend "trade secret" protection on their binaries/public files, many of Henry's other comments become irrelevant. >Whether it is in the public domain in practice is another story. Quite >possibly one could argue that illicit access to Unix materials, including >sources, is so common that AT&T cannot realistically claim that the >stuff is secret any more. The problem is, AT&T would fight such a >contention tooth and nail, and being right is not comforting when you >are facing a legal battle of that magnitude and expense. This is true. As Ed Gould pointed out, no wise person is going to volunteer to be a test case. But AT&T is in a bit of a bind here. If they don't fight AND WIN a test case pretty soon, the thing is going to be so open and shut that even you and I could afford to fight them off. DISCLAIMER: As before, I am not a lawyer. The legal opinions expressed herein are gleaned from layman-oriented articles and are probably completely bogus. Trust them at your own risk. -- Geoff Kuenning ...!ihnp4!trwrb!desint!geoff