Whether you work for a telco or a vendor, you have to protect your company’s property. When I was with Compwise, selling software that verified and analyzed tariffs, our software was protected by a dongle – if somebody copied the software but did not have the dongle, the software would not run. We utilized the HASP (Hardware Against Software Piracy) dongle made by Aladdin, to ensure our software was used in accordance with the customer contract.
I mostly work with financial institutions now; they also need to protect themselves against thieves. Recently I googled SafeNet, the business that acquired Aladdin, partly because they were purchased in turn by Gemalto, who featured in recent headlines after Ed Snowden claimed Gemalto had been hacked by the NSA and GCHQ. Looking at the links returned by Google, my attention was immediately drawn to the fifth result in the list:
This website has an ‘about’ page. It says SoftKey Solutions, the makers of these dongle workaround products, is:
…an offshore company operating on Mauritius when (sic) there’s no anti reverse engineering legislation.
Sadly, when I checked the testimonials page it only returned an error. I would have liked to see who recommended this product!
This reminded me of a distant memory. Compwise’s customer support function once received a very interesting call from a Chinese mobile operator. It seems somebody was unhappy with our product – and with the HASP dongle especially. They wanted some advice because they had tried to crack the dongle, but couldn’t work out how to do it!
It took us a while to realize that this Chinese CSP wasn’t our client, and that they were ‘experiencing the use of it’ by borrowing the software from other Chinese provider… whose name they refused to disclose. We told the man at the CSP that the dongle was impossible to crack. He found this news to be very upsetting. Maybe he felt like a dissatisfied customer, but if he wanted more satisfaction, then maybe he should have become an actual customer first.
Luckily for us, it seems this man hadn’t heard of the Maldive-based SoftKey Solutions. However, if he is still out there and reading this, I can only ask he does not call me for support if he has any problems with their anti-dongle dongle. They may promise “..to provide you with a 100% working alternative to your original hardware dongle,” but they don’t provide a hotline for customer service.
From a legal perspective, the prohibition on dongle cracking services does not rely on anti reverse engineering laws. In fact, limited reverse engineering is legal in the US and other countries (for a detailed discussion, see this paper on Berkeley’s website). The legal objection to dongle workarounds is that they are a rather obvious breach of the software license agreement. Executing the software without the anti-piracy dongle counts as a case of unauthorized use.
Regardless, a quick read shows that the Mauritian legal system is largely based on English and French law, where the criminal and civil litigation is mainly English, as is company law, while substantive law is modelled on the French Napoleonic Code. Mauritius has chosen to maintain the Judicial Committee of the Privy Council in England as its highest court of appeal.
I wonder if SoftKey’s interpretation of the law is also a benchmark for the quality of their products.