Intellectual Property Law
Ask an Intellectual Property Lawyer. Get an Answer ASAP.
hello, I will be assisting you.
Let me review the question.
It is unlikely that the use contemplated in the question can lead to criminal charges. Criminal charges in cases involving trademarks are often for forging trademarks not mentioning them in academic work.
You are correct to note that typically security researchers will notify the company if they find security breaches. This is meant in part to assist the public but also to assure the company that the security researcher is acting in good faith and is not actually a hacker disguised as a security researcher.
Thank you for allowing me to assist you
I trust I answered your questions. Please rate my answer. Without your rating I do not get compensated for my work.
Can you please give more details, because I set level of detail to high and the answer is short.
Trademark laws permit a non mark owner to use a trademark nominatively. This means that a mark can be used for example in comparison advertising, to refer to the product's source, to criticize the product or analyze it.
The nominative use test essentially states that one may use or refer to the trademark of another if:i) The product or service cannot be readily identified without using the trademarkii) The user only uses as much of the mark as is necessary for the identificationiii) The user does nothing to suggest sponsorship or endorsement by the trademark holder.
Actually, its more than just using the trademark, if you study this website, I will be able to steal their entire database of information, though we are not gonna use it for any other purpose than academic research. And, here we are violating the contract. So my question is what if we violate the agreement.
BTW, apologies in advance but experts on Just Answer are not permitted to review specific documents. Can you describe in general what will you be researching?
are still in chat?
I am sorry, I was talking to someone, so what we will be doing is that an Android app, essentially we reverse engineer the app and simulate the app on the computer and the contract says to do no reverse engineering.
and then we can use the simulated app to query the database of the company and we think our approach can potentially steal the entire database of the company.
Thank you for clarifying.
Are you doing this as part of academic research? If so can you describe the circumstances (CS class, maybe graduate thesis etc.)?
Yes, we are doing it as academic research as part of my computer science PhD.
though its not my primary focus, but its one area in which I am working with my colleagues
This one is a tough one. On the one hand as part of academic research generally under the fair use doctrine you have the right to use copyright materials without the copyright holder's permission for research and criticism. However on the other side, this is not necessarily a matter involving the first amendment (most fair use cases come about as a result of first amendment claims) because it involves back engineering an application and an associated database and this does not involve first amendment (the act of criticism such an application would be 1st amend. but the act of back engineering generally wouldn't)
There are other over arching issues as well. Generally speaking, according to the DMCA (Digital Millennium Copyright Act) reverse engineering is lawful as long as the item that is being reverse engineered has been obtained legitimately. In your case however the EULA specifically prohibits reverse engineering and therefore the software would NOT be considered as if obtained legitimately. There are a number of court cases on this topic that note that the contractual prohibitions contained in the EULA override the copyright law.
So this leaves you in a bad spot. By continuing this project you are definitely taking a risk, though it's impossible to assess the risk without the company's input. To the extent possible I would contact the company and explain that you are a PhD and you are conducting research and that if you make certain findings you will of course disclose it to them first and then you would like their cooperation.
This would be the safest route for you.
Please rate my answer. Without your positive rating I do not get compensated for my work.
I just use the term reverse engineering for ease of explanation but in reality its not reverse engineering the software, our aim is to understand the protocol and it can be done without reverse engineering.
Regardless of whether it is reverse engineering or not my analysis stands. As noted, to a large extent, reverse engineering is actually permitted by law. So the fact that you will only be examining this does not change my original analysis of running afoul of the EULA and some limitations you will have in publicizing your findings.
Realistically, speaking if it's purely for internal academic consumption your exposure is very low but if you intend to publicize the study or write your thesis with it then be aware of the potential challenges ahead or contact the company and seek permission.
DISCLAIMER: Answers from Experts on JustAnswer are not substitutes for the advice of an attorney. JustAnswer is a public forum and questions and responses are not private or confidential or protected by the attorney-client privilege. The Expert above is not your attorney, and the response above is not legal advice. You should not read this response to propose specific action or address specific circumstances, but only to give you a sense of general principles of law that might affect the situation you describe. Application of these general principles to particular circumstances must be done by a lawyer who has spoken with you in confidence, learned all relevant information, and explored various options. Before acting on these general principles, you should hire a lawyer licensed to practice law in the jurisdiction to which your question pertains.
The responses above are from individual Experts, not JustAnswer. The site and services are provided “as is”. To view the verified credential of an Expert, click on the “Verified” symbol in the Expert’s profile. This site is not for emergency questions which should be directed immediately by telephone or in-person to qualified professionals. Please carefully read the Terms of Service (last updated February 8, 2012).