Comments:"CipherCloud DMCA notice - Cryptography Meta Stack Exchange"
URL:http://meta.crypto.stackexchange.com/questions/250/ciphercloud-dmca-notice
CipherCloud just filed a DMCA notice with stack exchange to take down the question How is CipherCloud doing homomorphic encryption? (now deleted by stackexchange).
Since I obviously can't post the full question+answers here, a short summary of what it contained:
- The question itself asks if/how CipherCloud uses homomorphic encryption.
- The answers use public information (from their website, papers, promotional videos etc.) to make educated guesses about how their encryption might work.
- Answers guess quite a few technical details (from that public information)
- CipherCloud doesn't give any clear description of how their crypto works. So the answers might not be entirely correct, but seem reasonable.
- Some answers are pretty critical of the security
- Some answers use a few screenshots as evidence for their speculation (three total)
I'd like to get it online again, minus the infringing material if there is any. Some thoughts:
It's not really clear to me how this question or any answer violate CipherCloud's rights. The texts look like they're written by the posters, and not taken from the CipherCloud website.
The only copyrighted material should be the screenshots.
So perhaps we could edit them out them out to get it online again? Do a few screenshots of a piece of software really count as copyright infringement? Or does that fall under fair use?
Or is the takedown not about copyright, but rather slander or something similar? I'm not too familiar with the US legal system and don't know if DMCA can be used for that.
While critical, the answers look like reasonable speculation based on the few available facts to me.
Or is their crypto itself so secret that analyzing it in public already infringes their rights? Seems very unlikely to me that IP rights extend that far.
Is there any information in the notice beyond the url and the sender? The email from stackexchange didn't contain anything else specific to this case.
Update: SE sent a copy of the DMCA notice to involved users. I'll leave publication to SE, but here is a summary:
The notice consists of two parts. The first is a DMCA notice for copyright infringement. In particular they claim that using the three images infringes their copyright.
The second part is about SE ToS and "false and misleading statement"s. They go through the answers disputing the accuracy of technical statements. In particular they claim that the system is not deterministic, defeats frequency analysis and that CipherCloud does not incorporate 1:1 mapping.
There is some statement that I read as a claim that CipherCloud's product offering could different from the public demo sid observed. But the wording is a bit ambiguous.
The first part of the notice has some merit: The images were taken from CipherCloud material. I still think using them falls under fair-use. But since that's a tricky area of law, I probably won't challenge that.
The second part is interesting. Some of the statements they challenged were dubious, in particular the statements about ECB mode and xor are probably not correct.
But at least the determinism claim has some clear evidence in the screenshots. For example in one screenshot (From their 5 minute product tour video around 2:53) the words meet, to and want occur multiple times with matching ciphertexts and new occurs twice with differing case and slightly different (but obviously related) tokens. So at least in that screenshot some form of deterministic encryption with 1:1 mappings between words and ciphertext tokens was used.