What is Reverse Engineering?
Before diving into the legal issues, let’s define what reverse engineering means in a software context. Reverse engineering is the process of taking a finished program and working backwards to figure out how it was made. Some common reverse engineering techniques include:
- Disassembling object code back into more human-readable assembly language
- Decompiling object code back into high-level source code (like C or Java)
- Analyzing and tracing a program’s behavior and memory at runtime
- Extracting assets and resources (graphics, sounds, etc.) from a compiled program
The goal is to discover the inner workings and design of the software. Reverse engineers might be trying to:
- Figure out how to make a similar or interoperable product
- Find security vulnerabilities to fix
- Modify the program to add features or fix bugs
- Cheat in a video game by revealing hidden data or logic
- Satisfy intellectual curiosity about how something works under the hood
Software is usually distributed in compiled binary form, not human-readable source code. So some amount of reverse engineering is necessary to peek inside a closed-source program you don’t own.
Relevant Laws for Reverse Engineering
Multiple areas of law can come into play when reverse engineering software. The main ones are copyright, contracts, patents, and trade secrets. Let’s look at each in turn.
Copyright Law
In the US and many other countries, software is protected by copyright just like creative works. The copyright owner has exclusive rights to make copies and derivative works.
On the surface, it would seem that reverse engineering violates these exclusive rights. Disassembling and decompiling code requires copying the program and creating a derivative version.
However, copyright law carves out some exceptions and limitations to promote beneficial uses. One of the most well-known is fair use. Fair use allows limited use of copyrighted material without permission for things like criticism, commentary, news reporting, teaching, and research.
Courts consider four main factors when evaluating if something qualifies as fair use:
- Purpose and character of the use (commercial vs. educational, transformative vs. verbatim copy)
- Nature of the copyrighted work (factual vs. highly creative)
- Amount and substantiality of the portion used
- Effect on the market/value of the original
Reverse engineering could potentially be fair use in some cases. It’s often done for research or to create an interoperable product, which can be seen as transformative. The amount used is limited to what’s necessary to figure out compatibility.
That said, reverse engineering for purely commercial purposes or to make a competing product identical to the original is less likely to be fair use. It’s a case-by-case analysis.
Another copyright limitation that’s relevant for reverse engineering is the essential step defense. This allows copies of a program to be made if they’re an essential step in using it, like loading it into memory to run. Reverse engineering techniques like runtime tracing rely on this.
Contract Law
Even if reverse engineering is allowed under copyright law, it could still be prohibited by a contract. Many software licenses and terms of service explicitly ban reverse engineering.
For example, the macOS software license agreement states: “You may not, and you agree not to or enable others to, copy…, decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the Apple Software or any services provided by the Apple Software or any part thereof…”
Courts have generally upheld these “no reverse engineering” clauses. In the case of Davidson & Associates v. Jung, Blizzard sued a group of developers who reverse engineered the protocol for Battle.net to create an interoperable server. Even though their server was not a copy of Battle.net and didn’t contain any of Blizzard’s code, the court still found the developers liable for breach of contract and copyright infringement.
The lesson is that even if reverse engineering would be fair use, you can still get in trouble if you agreed not to do it in a license agreement or terms of service. There are some limits, though – overly broad bans against reverse engineering have been found unenforceable in a few cases.
Patent Law
Patents give inventors a temporary monopoly on a new and non-obvious invention. While patents are less common for software than for physical devices, they do exist. Amazon has a patent on 1-click ordering, for instance.
Reverse engineering a patented invention to make a copy would likely be infringement. Even just using the information you learned through reverse engineering to design around the patent could be risky. One defense is showing that your reverse engineered version uses a substantially different method to achieve the result.
Patents don’t come up that often with reverse engineering of everyday software. They’re more of a concern for specialized, niche applications. But it’s still something to watch out for.
Trade Secret Law
A final area of law to consider is trade secrets. This protects confidential business information that gives a company a competitive advantage. Classic examples are the Coca-Cola formula or Google’s search algorithm.
Generally, anything that’s not public knowledge can potentially be a trade secret if the owner takes reasonable steps to preserve its secrecy (like requiring NDAs and secure access). Intentionally misappropriating trade secrets or inducing someone to leak them is illegal.
For software, a company could potentially claim its private source code or certain details about how a program works internally are trade secrets. Reverse engineering to discover that confidential information might be misappropriation.
However, it’s not a violation of trade secret law to acquire information through reverse engineering a publicly available product. If a company makes its software widely accessible without additional confidentiality agreements, they’re not taking sufficient steps to preserve trade secrets in it.
So in most cases, reverse engineering off-the-shelf software you bought or downloaded should not implicate trade secret law.
Major Court Cases on Reverse Engineering
There have been a few notable court rulings that help clarify when reverse engineering software is and isn’t legal. Let’s examine some of the most impactful cases.
Sega v. Accolade
In this landmark 1992 case, Accolade reverse engineered Sega’s Genesis console to figure out how to make compatible games without using Sega’s official licensing kit. Accolade’s games included a small amount of Sega’s copyrighted code (about 25 bytes) that was necessary for compatibility.
Sega sued Accolade for copyright infringement and trademark infringement. The Ninth Circuit ruled that Accolade’s reverse engineering was fair use because:
- Their purpose was to study the functional requirements for Genesis compatibility, not to copy Sega’s games
- They used no more of Sega’s code than was necessary
- Their games were not substantially similar to Sega’s and didn’t harm the market for them
This case established an important precedent that reverse engineering to achieve interoperability can be fair use. It’s fine to reproduce a small bit of copyrighted code if that’s required for compatibility and the final product is not just a copy.
Sony v. Connectix
Sony sued Connectix in 1999 over their Virtual Game Station, a PlayStation emulator for Macs and PCs. Connectix had reverse engineered the PlayStation BIOS to figure out how to emulate its functionality.
The Ninth Circuit again found this to be fair use. The court focused on how the VGS was transformative, opening up a new platform for PlayStation games. It did not replace the PlayStation console since you still needed the original game discs.
This reinforced that reverse engineering to create an interoperable product serving a different market can be legal. The VGS emulator did not contain any copyrighted Sony code in the end product.
Bowers v. Baystate
In the early 2000s, Harold Bowers made a template for CAD software and licensed it with a EULA prohibiting reverse engineering. Baystate reverse engineered Bowers’ template anyway to make a competing product.
The Federal Circuit ruled that the “no reverse engineering” clause in Bowers’ license was enforceable. Baystate had agreed to those terms, so they were liable for breach of contract. This was true even if their reverse engineering would have been fair use absent the agreement.
This case illustrates the power of contracts to restrict reverse engineering even where copyright law would allow it. The results might be different today, in light of more recent decisions casting doubt on overly broad bans on reverse engineering.
Anti-Circumvention Laws
So far we’ve focused on how reverse engineering interacts with IP rights in the software being analyzed. But what about legal protection for the reverse engineering tools themselves?
Enter the Digital Millennium Copyright Act (DMCA) in the US and similar anti-circumvention laws in other countries. These make it illegal to circumvent technological measures that control access to copyrighted works.
Courts have interpreted this to mean that bypassing copy protection and encryption can be a separate violation on top of any copyright infringement. It also restricts trafficking in tools that are primarily designed for circumvention.
Some courts have applied the DMCA to reverse engineering tools like mod chips and emulators in a way that makes them effectively illegal. But there are limited exceptions for reverse engineering aimed at interoperability.
In practice, whether anti-circumvention laws impact a particular reverse engineering tool may depend on how the court interprets its primary purpose. Tools designed mainly to enable piracy or full copies are more likely to be restricted than ones intended for interoperability and transformative uses.
FAQ
Still have questions about the legality of reverse engineering apps? Here are answers to some common ones.
Is reverse engineering illegal?
It depends. Reverse engineering is not always illegal by itself, but it often implicates legal issues around copyright, contracts, patents, and anti-circumvention. Whether a particular act of reverse engineering is allowed is a case-by-case determination.
Is reverse engineering protected by fair use?
Sometimes. Courts have found that reverse engineering to achieve interoperability can be fair use if you only reproduce what’s necessary for compatibility and your final product is not substantially similar to the original. But it’s still infringement if you go beyond that or agreed not to reverse engineer in a license agreement.
What is an example of legal reverse engineering?
One example is reverse engineering APIs and protocols to make an interoperable product serving a different market, like the Virtual Game Station in Sony v. Connectix. The key is transforming the underlying work and not including any more of it than is required for compatibility.
Is it legal to reverse engineer games?
Reverse engineering video games is a common gray area. It may be fair use if done to create a transformative work like a mod or to preserve access to abandoned games. But some consoles and games use technical protections that raise anti-circumvention issues.
Can you go to jail for reverse engineering?
Most of the time, the penalties for improper reverse engineering are civil, like monetary damages or an injunction. But in rare cases, criminal charges are possible if the reverse engineering is done to commit piracy or violate national security laws.
Reverse Engineering Goal | Potentially Legal? | Key Considerations |
---|---|---|
Achieving interoperability | Yes, if transformative and only what’s necessary | Amount reproduced, market impact |
Accessing own copy | Yes, the “essential step” defense | License agreements may still prohibit |
Discovering trade secrets | No, illegal misappropriation | Is information truly secret and protected? |
Circumventing copy protection | No, likely prohibited by DMCA | Narrow exceptions for some interoperability |
Creating derivative fan work | Maybe, a fair use balancing | Transformativeness, commercial impact |
Conclusion
The legality of reverse engineering apps and software is a complex issue that depends on the specifics of each case. Courts have to balance promoting progress and healthy competition against protecting the rights of creators and owners.
In general, reverse engineering is on safer ground legally when it’s done for a limited, transformative purpose like understanding the functional requirements for interoperability. Reproducing more copyrighted material than necessary or violating an agreement not to reverse engineer is riskier.
Anti-circumvention laws add an additional wrinkle by restricting tools that bypass copy protection, even if the underlying reverse engineering would be fair use. Reverse engineering a program you’re not authorized to access in the first place is even more likely to be illegal.
The cases and statutes we’ve discussed provide a framework, but applying it to new scenarios is often uncertain. Ultimately, anyone considering reverse engineering should carefully assess their purpose and methods with the help of an experienced attorney. Intellectual property law is still evolving to keep up with technology.