[Beowulf] All Your BASH Are Belong To Us

Douglas Eadline deadline at eadline.org
Thu Aug 11 09:58:47 PDT 2011 

I had a chance to read some of the depositions, really interesting
and even embarrassing stuff. My guess is Atipa got angry when
Bret and the other employees left to form a new company. They
may have searched for ways to stop them and decided
to go after them for what Atipa considered "trade secrets."
A more or less traditional method to prevent ex-employees from
stealing your secret sauce (as you explain below).

The only problem was much of the "secrets" were developed
and shared in an open environment. This may have been a
surprise to those in charge and makes their claims
a bit harder to swallow. (i.e. a fundamental misunderstanding
of how trade secrets can be protected in an open source ecosystem).
And, what I try to point out in the article, is that this
open source ecosystem is what allowed hardware vendors to
sell clusters in the first place.

There is of course more to this case than I describe in the article.
I'll post more as it progresses.

--
Doug

> Interesting.. You wrote:
> There is a general understanding that unless explicitly marked in the
> contents of the script (the text file that is the Bash program), a Bash
> script is freely available for use and modification by anyone. In some
> cases there is a copyright notice or a license that allows (or disallows)
> sharing or modification. These are always explicitly stated at the
> beginning of the script and obvious to anyone who reads or modifies the
> script.
>
> This is, of course, not correct under current law, marking is not required
> for copyright protection.  pretty much everything is born copyrighted.
> Putting markings on it helps you claim for willful infringement (i.e. the
> recipient can't claim "I didn't know") which helps on the damages
> situation.  And, under the Berne convention, marking is required to assert
> your rights in some countries (All Rights Reserved is also required in
> some places)  Likewise, under current law, registration of copyright isn't
> required.  Registration allows you to collect statuatory damages for
> infringement, though.
>
> For trade secrets, it's a bit trickier.  The recipient has to know that
> it's trade secret, but that can be done by marking on the delivery media,
> by a separate document, or even by verbal communication (here, this is
> proprietary, don't disclose it).  And you have to take some means to
> protect it: claiming something that is trade secret that is printed on bus
> stop  benches won't fly.  In any case, just because scripts aren't
> obfuscated doesn't mean they're not subject to trade secret protection.
> If the owner of the secret takes some precautions to prevent wide
> disclosure (e.g. warning the recipient of its proprietary nature).  This
> is the aspect that will surely be the core of litigation:  would a
> "reasonable person" have known that the material was subject to trade
> secret protection.  As we all know, reasonable people differ, and the
> attorneys on both sides will trot out examples of marking and disclosure
> practices: good, bad, and indifferent.  As Doug noted, "special measures"
> need to be taken, but there's no bright line standard for those measures,
> and, in practice, they can be pretty lax (and would be expected to be
> proportionate to the value of the secret.. the secret formula for Coke is
> probably more protected than the schedule for sweeping the floor in the
> manufacturing plant... both provide competitive advantage to Coke, but one
> is probably more important)
>
> Something that a lot of tech people  in industry (particularly those
> coming from academia and working with open source) probably don't really
> fully understand is that pretty much everything you do for your employer
> is probably proprietary in some sense, and there is probably a written
> policy to that effect, which you, as an employee, are expected to be aware
> of. Or your supervisor told you, or the nice personnel person told you
> when you hired in 20 years ago, etc.  Mundane operational details of the
> business might be claimed to provide competitive advantage, especially if
> they're not "industry standard"  (humorously, if the employer has some
> really lame practice that's horrible, that might make it protectable..
> then you could argue in court about whether it had any value). This is why
> there are "document review" departments and periodic training:  It helps
> reduce the problem of "inadvertent disclosure" and "I didn't know".
>
>
> This is the really tricky thing about trade secret: inadvertent disclosure
> can ruin the protection.  There have been cases of deliberately (and
> nefariously) "losing" trade secret info to spoil the protection.  And
> then, there is a somewhat notorious case of documents from Intel(?) that
> were in an envelope at a hotel desk or convention(?) with a person's name
> on it. Turns out there was a competitor (AMD?) with an employee of the
> same name, who accidentally got the documents handed to them (Hi, I'm John
> Smith, I think you have something for me.), opened the envelope, realized
> the problem, handed them right back, but in later action, it was alleged
> that this was sufficient to break the protection.  I don't recall all the
> details, and it probably settled out of court.  It's really complex.. "the
> bell, having been rung, cannot be unrung" (the phrase shows up in tons of
> legal writings), but in reality, if the inadvertent disclosure wasn't too
> big, etc.
>
>
> Important things:
> 1) The language it's written in or obfuscation or not makes no difference.
> 2) the size of the work makes no difference.  "Candy/Is dandy/But
> liquor/Is quicker" is/was copyrighted by Ogden Nash (used here as fair
> use, and anyway, the copyright may have expired)
> 3) the intellectual effort in the work makes no difference (unlike
> patents, there's no requirement of novelty) (unless you're trying to claim
> trade secret protection on something that's already public knowledge.. the
> thing might be public, but the fact that you selected that particular one
> might be trade secret.)
>
>
> Jim
>
> I am not a lawyer, but I spent all too many (hundreds) of hours in
> depositions and meetings and court where one of the main issues was the
> "was there adequate notice of the trade secret status of the information"
> as well as "did they steal it", not to mention the always popular "can you
> describe the secret with specificity and particularity".  If the bad guy
> steals the trade secret and then keeps it secret, it's fairly hard to show
> that they actually have it.  There are also folks who have developed
> techniques to evade the restrictions of an NDA ("Sure, I signed it, but
> that exceeded the scope of my corporate authority, so it's invalid. "
> "Technically, I wasn't an employee that afternoon, even though I was in
> the morning, and I was the next week, but hey, for that afternoon, I
> wasn't an employee, so I'm not bound by the NDA signed by corporate. Sorry
> about giving you that business card with the company name on it, but it
> was what I happened to have in my wallet")
>
>
>
> ________________________________________
> From: beowulf-bounces at beowulf.org [beowulf-bounces at beowulf.org] On Behalf
> Of Douglas Eadline [deadline at eadline.org]
> Sent: Thursday, August 11, 2011 05:04
> To: beowulf at beowulf.org
> Subject: [Beowulf] All Your BASH Are Belong To Us
>
> Most of you are probably not aware of this story
> about trade secrets and Bash scripts on HPC clusters
> (I was not until a few months ago)
>
>   http://www.clustermonkey.net//content/view/308/33/
>
>
> --
> Doug
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>


--
Doug

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Beowulf mailing list