If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Hardware Reverse Engineering (HRE) is common practice for security researchers in order to detect vulnerabilities and assure integrity of microchips. Following last years talk “Mehr schlecht als Recht: Grauzone Sicherheitsforschung” and from the standpoint of a research group regularly applying HRE, we asked ourselves about potential negative legal implications for our personal lives. Therefore, we consulted an expert who assesses the legal implications of our work.
For a long time, our law has solely protected the inventor of a product. Discovering the underlying technical details and mechanisms of, e. g. microchips, has been deemed illegal due to intellectual property (IP) protection laws. Only lately, the legislation has recognized the importance of cybersecurity that heavily relies on reverse engineering to find security gaps and malfunctions. Subsequently, Germany introduced a new trade secret allowing for the “observation, study, disassembly or testing of a product or object” in 2018. However, at this stage, several questions remain unanswered: Is it possible to restrict this freedom by, e. g. contractual agreements? How may the gained knowledge (not) be used? How do claims from IP holders from other legal systems such as the US influence our case?
The talk will shed light on these questions from a techno-legal perspective. Ultimately, it will give guidance for reverse engineers, demonstrating the boundaries of such new developments and highlighting the legal uncertainties in need of clarifications by literature and practice.