The United States District Court for the District of Idaho has ordered the seizure of data from the computers of white hat hacking firm South Fork Security in response to a lawsuit brought by Battelle.
Battelle alleges Southfork’s cofounder, Corey Thuen, copied an application called “Sophia” that he helped develop while working at Battelle, and then planned to sell it as an open source product.
The lawsuit makes eight claims against Thuen and Southfork, including copyright infringement, tortious interference with prospective economic advantage, and trade secret misappropriation.
“Three of our corporate hard drives were imaged, and the data is being held by the court,” Thuen told TechNewsWorld. “No analysis of the drives is permitted at this time.”
Southfork, which is a startup, “has many disadvantages in this case but we intend to fight vigorously because we have the most important advantage: Truth,” Thuen vowed.
Sophia was developed at the Idaho National Laboratory, which is managed by Battelle.
The Back Story
Thuen apparently set up Southfork to bid for an exclusive license to commercialize Sophia and take it out of open source, according to the court order.
Southfork submitted a bid in February but withdrew from bidding in April. In May, it began marketing a software product it called “Visdom” at about the time another company, NexDefense, won the right to negotiate an exclusive commercial license to Sophia.
Battelle terminated Thuen in June.
The Court’s Rationale
Battelle has adequately demonstrated that it authored Sophia and that Sophia is copyrightable subject matter, the court order states. Further, Battelle has put forward adequate circumstantial evidence to permit an inference that the defendants copied Sophia.
Battelle has also shown that the harm from infringement will be immediate and irreparable, and maintained that releasing Sophia as an open source program “has national security implications,” according to the order.
Battelle’s argument is that releasing Sophia to the open source community will give away the application’s keys “to the very attackers Sophia is meant to thwart.”
Still the court “has struggled over the issue of allowing the copying of the hard drive” and described it as “a serious invasion of privacy.”
The tipping point was that the defendants labeled themselves as hackers.
Southfork’s website contains the statement “We’re pretty good at hacking things. The idea is: Identify what you want. We hack it. You fix it.”
The court “finds it significant that defendants are self-described hackers” and that “a well-known characteristic of hackers is that they cover their tracks,” which “makes it likely that defendant Thuen will delete material on the hard drive of his computer that could be relevant to this case.”
Nothing Succeeds Like Stereotyping
“The biggest problem for me is that the court authorized the seizure of the devices by relying on stereotypes and hyperbole about hackers,” Hanni Fakhouri, a staff attorney at the Electronic Frontier Foundation, told TechNewsWorld.
The fear that open source poses some sort of risk, especially in the hands of so-called hackers is “born out of misunderstanding and hyperbole rather than actual facts,” Fakhouri said.
“After the dust clears … it will likely appear that Southfork is not an evil terrorist but a company perhaps advertising their services a little too honestly,” remarked Ray Van Dyke, principal at Van Dyke Law.
The Good Side of Hacking
“Many legitimate computer security researchers test the security of systems in order to make that security better — an activity that many would describe as hacking,” Joseph Gratz, an adjunct professor of law at UC Hastings College of the Law, told TechNewsWorld.
“That kind of hacking is the best way to make all of us safer as users of computer networks,” Gratz pointed out.
Still, hacking “is nearly synonymous” with activities such as stealing code,” Van Dyke told TechNewsWorld, and with claims of national security being involved, “the judge likely was not going to take chances, albeit noting that this was an exceptional case.”