For the half-year to 30 June 2014, the IPKat's regular team is supplemented by contributions from guest bloggers Alberto Bellan, Darren Meale and Nadia Zegze.

Two of our regular Kats are currently on blogging sabbaticals. They are David Brophy and Catherine Lee.

Monday, 2 September 2013

Can you Tango with a Megamos?

The best way to immobilise a car?
The IPKat has received a fascinating and detailed review of Volkswagen Aktiengesellschaft v Garcia, et al [2013] EWHC 1832 (Ch) -- the 25 June 2013 decision of Katfriend and flavour-of-the-month Patents Court judge Mr Justice Birss, sitting this time in the Chancery Division of the High Court, England and Wales.  In an unusually short judgment by today's standards, standing at just 46 paragraphs [of which the 46th doesn't really count, says Merpel, because all it says is "46. Those are my reasons"], Birss J granted a preliminary injunction to restrain publication of an academic research paper in the field of cryptographic research.

Now, the detailed review to which this Kat alludes is not a subtle reference to anything emanating from the Court of Appeal, which is never short of a word or two when it comes to IP litigation.  Rather, it takes the form of a paper grandly entitled "Megamos Crypto, Responsible Disclosure, and the Chilling Effect of Volkswagen Aktiengesellschaft vs Garcia, et al", authored by another Katfriend -- Robert Carolina (a UK/US technology lawyer), who has teamed up with Professor Kenny Paterson (a University of London mathematician, cryptographer, and security researcher) for the purpose of crafting the circa 7,600 words that you can count, or read, by clicking here.

Safe from theft: distinctive markings
deter all but the most hardened criminals
As this Kat reported back in July, this case is all about an academic paper by university researchers who discovered a weakness in the cryptographic algorithm used in Megamos automobile immobilisers. They want to publish these findings, which would include details of the crypto algorithm. The algorithm is claimed as a trade secret. The researchers obtained the algorithm through reverse engineering, but they did not actually reverse-engineer the immobiliser. They reverse-engineered a third party product called Tango Programmer. How did the algorithm find its way into Tango Programmer? The court concluded that it was not derived from a legitimate source. The court then decided that the infringement of free speech was outweighed by the need to maintain the security of millions of automobiles fitted with the immobiliser.

In addition to shedding light onto the fascinating (if little understood) field of cryptographic research, Carolina and Paterson provide six detailed criticisms of the decision.

* there is an inherent problem in attributing value to a secret crypto algorithm. The science of cryptography normally assumes that an attacker can discover the algorithm, and that an algorithm that is so widely distributed in consumer products will not likely remain secret forever. The court even appears to accept that the algorithm had been successfully reverse engineered by others.

* the decision does not provide a searching analysis of the risk created by publishing. It is not sufficient to say that publication would lower security. A risk analysis should attempt to explain how far that security has been lowered. Even if the immobiliser can be defeated, there is no discussion of how difficult that might be and what other actions might be necessary to steal a car. Even though balancing an infringement of free speech, there is nothing of substance on this issue in the decision.

* why was the court so willing to conclude that Tango Programmer was created using misappropriated – not reverse-engineered – information?  The court draws a major inference from evidence that the manufacturer is aware that its product is sometime misused for criminal purposes. This conflates two issues: (i) how the manufacturer created Tango Programmer and (ii) how Tango Programmer is (sometimes) used. The court does not acknowledge that legitimate security products can (and do) find their way into the hands of criminals as well as legitimate locksmiths.

* the wrong legal standard may have been applied in making its preliminary assessment of the academics' responsibility. The court concluded that Tango Programmer was made using a misappropriated trade secret and that the academics "ought to have appreciated that". The recent UK Supreme Court decision in Vestergaard Frandsen A/S et al v Bestnet Europe Ltd et al, [2013] UKSC 31 [noted by the IPKat here] suggests that a higher standard should apply to this question – that the academics can be found liable only if they had actual knowledge or so-called "blind eye knowledge" of misappropriation. The latter requires a finding of "dishonesty" – not a finding that they merely "ought to have known".

* the court does not demonstrate a clear understanding of the phrase "responsible disclosure" as a term of art in security research. This misunderstanding is especially unfortunate, as the court is not shy in using this phrase to criticise the researchers.

* why did it take so long for the owners of this allegedly confidential information to enforce their rights? The court accepts that the Tango Programmer software has embodied the crypto algorithm since 2009, and suggests that the device is used (at least sometimes) by criminals. The product's website offers the device for sale throughout the EU, including a sales channel in the UK. The decision does not report on any past efforts to enforce trade secret rights in the UK or elsewhere against the manufacturer, importers, or sales agents.

Carolina and Paterson worry that this decision will have a chilling effect on security research in the UK: it could jeopardise the ability of UK academics to form multinational research efforts since collaboration partners outside the UK might not wish to face the risk of a High Court injunction (in this case, for example, two of the three researchers appear to reside in the Netherlands. Only one appears to be employed by an English university).

Although they are critical of the decision, Carolina and Paterson conclude with an expression of sympathy for the court. "Judges, no matter how able, cannot be experts in all subjects. … it is the responsibility of others to explain … technology under review. Perhaps for no reason other than the compressed timetable leading up to the hearing and decision, it appears to us that this process of explaining complex technical facts and practices from an otherwise abstruse specialist field has somehow broken down".

The IPKat notes the authors' sympathy for the court as well as for the researchers, but reserves the main part of his sympathy for the owners of the cars which may, it seems, be only temporarily immobilised.  If the algorithm is published, the cat (as it were) will be let out of the bag; if the algorithm isn't published, every crook on the planet with cryptographic skills has been alerted to the promise of success if he's clever or lucky enough.  Presumably motor insurance companies have been busily re-calibrating their premiums too.  This in turn leads him to speculate as to the circumstances in which a vulnerable third party, such as the owner of an expensive car, might succeed in an application to be joined in proceedings such as this.  He doesn't think there's much chance, but wonders if readers have any better ideas.

Do litigants and code-crackers buy the
same aspirational empowerment posters?
Merpel notes the irony of the fact that Carolina and Paterson have sympathy with the court, and the court at para 41 has some sympathy with the researchers but it's Volkswagen, for which no-one expresses any sympathy, that comes out on top -- for now, at any rate.  Putting on her practical hat, she says (i) it's only an application for interim relief, not a real trial on the merits, so it doesn't really count; (ii) injunctions to suppress disclosure, distribution, dissemination etc can always be reversed on appeal or set aside at trial, while publication can never be undone, a factor that yields an automatic bias in favour of caution and (iii) it's worth noting what Birss J says at para 38 ("The claimants do not have an overwhelming case on the merits, not even a very strong one"), adding at para 43 that "the merits [of the claimant's case] are not overwhelming". This is a polite way of saying: "This is as good as it gets, so why not settle now? Instead of wasting your money in futile litigation and in generating poor publicity, why not direct it to solving your immobiliser's security issue?"

Megamos here and here
Megamoth here
Megamouth here and here
Mega moth here

2 comments:

Kharol said...

I must confess that for me this judgement feels "shocking". While I understand that a judge may grant the applicant a reasonable term (e.g. 6 to 12 weeks) to fix their faulty product (basically, the customers received a simple doorknob instead of a real lock) I don't understand at all how the current result can be of any advantage to the general public. The average customer has an "immobilizer" that's not worth it's name and no remedy besides - possibly - class action, which will be more difficult because the proof of the vulnerability was barred from publication.
An interesting way of avoiding warranty for a faulty product.
And just another case of the financially more potent party winning what should be a hopeless case just by asymmetry of power.

Rob said...

@Kharol: We were also surprised by this ruling, but as IPKat and Merpel point out it is a preliminary ruling rather than a final judgment. It's not yet clear when the matter will proceed to trial, although it's possible that the parties could settle the case before a trial happens. With respect to timing, as we point out in the article the academics disclosed the weakness to the crypto chip vendor (EM) in November 2012 - about 9 months before scheduled publication. Volkswagen (one of many downstream customers in the supply chain) only learned about this in May 2013.

Subscribe to the IPKat's posts by email here

Just pop your email address into the box and click 'Subscribe':