Summary of current TrueCrypt situation...?

135 views
Skip to first unread message

Andraia Matrix

unread,
Feb 5, 2004, 12:20:21 PM2/5/04
to
Let me see if I can summarise the current SecurStar / E4M / TrueCrypt
situation. Please correct me if I'm wrong.

The following three items were mentioned by the TrueCrypt team.

***Quote
1) Intellectual property theft, stealing the source code of E4M
from SecurStar (as an employee of SecurStar)

2) Writing an illegal license that permits anyone to base his/her
own work on E4M and distribute such modified work (while, according
to W. Hefner, P. Le Roux did not have any right to do so).

3) Distributing E4M illegally (according to W. Hefner, all versions
of E4M always belonged only to SecurStar)

***End Quote

My take on those points:

1) E4M was provably publicly available, with a license to
redistribute, modify and redistribute, and even sell. Pretty open
except that you had to acknowledge e4m as the original stuff.

It is provably freely distributable and although Paul might have sold
existing & future rights to e4m to Securstar, the law doesn't allow
that to retroactively apply to past distributions. If it did, then a
vast amount of code would cease to exist. (Hey, that's the risk you
take when you write a commercial program on an open source product!
That brings up a minor point... since e4m & scramdisk were under open
license, and drivecrypt was based on them, could you claim in court
that drive crypt had to be released under an open license too?
Probably not, since were aren't talking about the GPL virus, but still
it's an interesting idea.)

Their claim is further hampered by their own distribution of both
scramdisk and e4m after the release of DriveCrypt.

2) Once you prove that e4m was indeed distributed back then, then that
pretty much kills this claim because the license was written in rather
easy to read english. No fancy law terms.

3) e4m was written before SecurStar was even 'born', right? It
wasn't related to anything that SecurStar owned at that time, even if
the company did exist way back when e4m was first written. (I
remember visiting Pauls home page way back then and it said e4m was
done more as a demo of his abilities, in an effort to get job and more
programming work. That sure sounds like it belonged to him and not to
SecurStar.)

Their claim is further complicated by the fact that scramdisk & e4m
were very widely distributed before drivecrypt was released, and are
still distributed. (And they don't seem to have any problems with the
current distributions, such as on Sam Simpson's site.) And after
drivecrypt was released, they were distributed by SecurStar
themselves, *still* under that open license.

It's also hampered by the co-existance of e4m & scramdisk prior to
DriveCrypt, with e4m & scramdisk actually *sharing* code. (e4m based
the w9x drivers on scramdisk and scramdisk based the nt/2k driver on
e4m.) That proves that both parties were very much aware of the
existence of the other's products and its free distribution.


The one point brought up elsewhere is whether Paul (author of e4m)
helped the authors of TrueCrypt.

That may or may not be true, but that would be an issue between
securstar and Paul.

And it's actually unlikely that Paul would have written code for
trueCrypt. He might have acted as advisor, but even that is unlikely
since he was in this group some time back and had an opinion similar
to Shaun's about helping anybody port e4m / scramdisk to work under
WinXP.

However, if Paul did act as an advisor, then he probably had that
right. After all, SecurStar can buy his code and prevent him from
working on a competitor for 'x' amount of time, but they can't buy his
knowledge. What he knows and has learned belongs to him.

However, I'm not so sure that Paul is the problem here. After all,
the three points listed by the TrueCrypt team don't even suggest that
Paul was the problem. It pretty clearly talks about using e4m being
the problem.

One final possible point is: "How similar is TrueCrypt's code to
DriveCrypt's? In other words, was the code itself stolen." Again,
from the points mentioned by TrueCrypt team, that doesn't seem to be
the issue they have are having a problem with.


Have I missed anything?

cymago

unread,
Feb 5, 2004, 12:49:21 PM2/5/04
to
"Andraia Matrix" summary

Good one. But why the TrueCrypt team have suspended TrueCrypt development
and distribution?
It's not understandable from this review.


Sam Simpson

unread,
Feb 5, 2004, 1:07:50 PM2/5/04
to
I think SS are asserting that E4m NT code included code that "they had no
right to". Deritive works would similarly infringe....And so would
DriveCrypt!!!!

"cymago" <cym...@nospam.com> wrote in message
news:40228224$0$273$626a...@news.free.fr...

nemo

unread,
Feb 5, 2004, 8:05:06 PM2/5/04
to
In article <e1cd25ba.04020...@posting.google.com>, andrai...@subdimension.com (Andraia Matrix) wrote:

>Have I missed anything?

Everything you say is spot on. On the face of it Securstar does
not appear to have a leg to stand on.

However, if Paul actively collaborated in the production of
Truecrypt (i.e., Truecrypt didn't just use his old E4M code)
then, conceivably, Securstar could have been wronged by Paul
because of conflict of interest. This is utterly and completely
speculative on my part, and I've heard nothing so far that might
substantiate or corroborate it, but it is conceivable.

But you did forget one thing - one minor thing:

The E4M licence appears to put that code as generally available
to anyone subject to only minor restrictions (e.g.,
acknowledgement of Paul, etc.). No contract that Paul signed
later with Securstar could retroactively invalidate that licence.

But - and here's the minor item you forgot - even if there was,
hypothetically, some valid restriction on others reusing Paul's
E4M code (although I don't think there is - or could be), the
public distribution of E4M by Securstar constitutued,
constructively, a *condonation* of that use and a *waiver* of
Securstar's putative rights (assuming, rashly, that any exist) to
that code.

Regards,

PS And I think Securstar is on even shakier ground if, on
the basis of some agreement with Paul (and I have no indication
any such agreement exists) they claim to have acquired "moral
rights" in the E4M code. The concept of assignment of moral
rights is widely regarded by most jurisdictions as nugatory for
being against public policy.

David T.

unread,
Feb 6, 2004, 12:59:33 PM2/6/04
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

nemo ou...@erewhon.com (nemo outis) wrote in
news:6LBUb.410763$ts4.391954@pd7tw3no:

> However, if Paul actively collaborated in the production of
> Truecrypt (i.e., Truecrypt didn't just use his old E4M code)
> then, conceivably, Securstar could have been wronged by Paul
> because of conflict of interest. This is utterly and completely
> speculative on my part, and I've heard nothing so far that might
> substantiate or corroborate it, but it is conceivable.

Paul Le Roux did not collaborate in the production of TrueCrypt.
In my opinion, there isn't even any reason why he would want to.


> The E4M licence appears to put that code as generally available
> to anyone subject to only minor restrictions (e.g.,
> acknowledgement of Paul, etc.). No contract that Paul signed
> later with Securstar could retroactively invalidate that licence.

The problem is that, so far, Paul has not confirmed the validity
of that license, because, as he told us, his lawyer advised him
not to comment on these issues.


Regards,
David

Member of TrueCrypt Team


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com

iQA/AwUBQCPMCIesvJ5VJm9jEQL8VQCgtutlUz0d+FM7wLzE1p9ILg+QCaIAoN4t
jM91bf6pyQ/76jVlAh+vO4Tk
=qRB1
-----END PGP SIGNATURE-----

nemo

unread,
Feb 6, 2004, 3:14:54 PM2/6/04
to
In article <30e9930aece70b0f...@news.teranews.com>, "David T." <da...@atlas.cz> wrote:

>The problem is that, so far, Paul has not confirmed the validity
>of that license, because, as he told us, his lawyer advised him
>not to comment on these issues.

Paul's opinion on the matter would be interesting, but is not
essential. The licence for E4M must stand (or fall) on its own,
irrespective of what Paul now thinks or says, or what his lawyer
advises.

Regards,

David T.

unread,
Feb 7, 2004, 5:53:22 AM2/7/04
to
nemo ou...@erewhon.com (nemo outis) wrote in
news:2BSUb.419173$X%5.5555@pd7tw2no:

Well, there is very little we can do at the moment. I'm afraid we cannot
act "in good faith" anymore (also because Paul was unable to confirm the
validity of E4M license). We will have to wait for the outcome of the
dispute between him and SecurStar.

Regards,
David

Reply all
Reply to author
Forward
0 new messages