There is a lively debate going on in the open-source community, and it comes down to the morality of reverse engineering software.

What happened is that Linux kernel development was using a closed-source (commercial) tool for their source code control application (SCM) called BitKeeper. Linus Torvalds has said that BitKeeper was far and away better than any free source code control application, including CVS.

The creator of BitKeeper gave Linux developers a free (web based I think) way of getting to the Linux source code, and everyone was happy. Well, everybody except for one person.

That person decided to try and reverse engineer the protocol so that he could develop his own way of getting stuff out of the source code server without using a BitKeeper client. When asked to stop, he wouldn't. And so the owner of BitKeeper revoked the license for all of Linux. So basically, this is a case of “looking a gift horse in the mouth“. Or “one bad apple ruining the whole bunch“. There are many cliches that could apply here.

Commercial software developers have a right to try to make a profit. They also have the right to set the terms of a license. And they have the right to revoke that license if those terms are violated. Noone can dispute these rights.

But do “hackers” have the right to try and break the secret algorithms in commercial programs? Is reverse-engineering ever immoral or wrong? Since software is all virtual and not physical, let's look at some real-world examples of reverse engineering and see if there is a parallel...

Technically speaking, reverse-engineering is the process of figuring out how something works. In this example, BitKeeper was being reverse engineered so that the hacker could create his own client without using the (free) one provided by BitKeeper. It's an odd reason, I know.

A real world example would be if you opened up a phone handset to figure out how it worked, and then built your own handset to plug into your phone so you would not have to use the original one that came with it. There is probably not anything wrong with doing this to a telephone if you wish, because there is nothing secret about the way a telephone handset communicated with the phone base. Also, you clearly own the phone, and there is a concept in law (I think) that says that if you own something, you can do anything you want with it (including using a phone as a doorstop instead of as a phone). You do not own software - software is licensed - so this analogy does not apply.

But what if you refused to use the bank's ATM machine, and instead reverse-engineered how it communicated with the bank's central servers so that you can develop your own ATM machine? Is that right or wrong? Clearly it is wrong - because the bank owns both the ATM machine and the servers. Clearly there are several things wrong with this, not the least of which is that it takes away some important levels of security embedded in the ATM machine itself.

And if the bank takes the ATM machine away from the people reverse-engineering it, whose fault is it? The bank, or the people trying to break their communication protocol?