Stanford CIS Excecutive Director Jennifer Granick is the talented criminal law attorney who has been helping Michael Lynn sort out what to do in the face of legal threats over his BlackHat conference presentation exploring problems with Cisco's security. In the second post in a series on "Ciscogate," Granick picks through the grab bag of legal claims in the Cisco/ISS complaint [PDF], giving her take on the legitimacy of each claim. The result is an educational look at a range of legal tools that can be leveraged to silence people: copyright law, trade secret law, and end user license agreements (EULAs).
Here, Granick makes short work of the copyright claims:
You'll remember that I wrote yesterday that ISS claimed copyright in the slides Mike used on Wednesday morning. I hadn't seen the original ISS slides, but I imagined that they looked different but had similar bullet points or words. This wasn't very interesting to me. I would argue that the bullet points were unoriginal and not deserving of much copyright protection, or that it was fair use, or that Mike jointly retained the copyright with ISS, but none of this is particularly fun. The second copyright claim was Cisco's in the decompiled code. Certainly Cisco has copyright in the source code, and I suppose in the binary, too, and therefore it probably has copyright in the machine code as well. But Mike only used little edited snippets of the machine code to illustrate his points about how he found the IOS vulnerability and why it existed. This was classic fair use, something important to defend, but only kind of fun, if only because it was so damn obviously permissible.
The two posts are worth the read in full, especially for those curious about the legal paths available to people like Lynn who have information they believe they must share with the public:
Also worth the read: Seth Finkelstein's Jennifer Granick on Defending Mike Lynn (Cisco/ISS router disclosures)