[tptacek]

Weasel wording filter:

Graf 1, sentence 1: "a few board threads" -> Internet's current most important programming forum.

Graf 1, sentence 1: "contributed to by our competitors" -> Smoke screen, unsupported, irrelevant.

Graf 2, sentence 2: "basically admitted they really didn't know the facts" -> Because the facts weren't provided, the contributors set about reversing them from published material, the point of the thread.

Graf 3, sentence 4: "does use publicly available, well researched, and NIST validated cryptographic algorithms" -> Virtually all cryptography anywhere can make a similar claim, and most of that code is broken. NIST validates primitives and a few basic constructions, but tying those primitives into a functional cryptosystem is outside their purview.

Graf 4, sentence 1: "for any customer deployments" -> Leaves open the question of whether they implement semantically insecure constructions in any setting.

Graf 5, sentence 2: "fundamental security features (full field encryption, randomization through IVs) were disabled" -> Randomized encryption isn't a feature, it's a fundamental property of a cryptographic construction.

Graf 6, sentence 1: "currently in the process of obtaining our FIPS 140-2 certification" -> FIPS 140-2 doesn't involve a rigorous analysis of cryptographic primitives; the crypto-specific components focus on use of NIST-approved ciphers and block modes, but do not assure that those primitives are used securely. To illustrate that point: every vulnerable version of SSL3 and TLS1.0 and TLS1.1 has had a FIPS-compliant implementation somewhere.

They should just be honest about their desire to suppress the use of their copyrighted IP in critiques of their product. They're in a competitive space, they're a small company, hard to manage their online reputation and build product, &c. The Reddit/HN/Stack Overflow scene wouldn't like that response, but it's better than this one, which actually creates more questions about their product capabilities.

[TillE]

> their desire to suppress the use of their copyrighted IP in critiques of their product

Which is a textbook case of fair use. They may want to do that, but legally, they almost certainly can't.

[zapdrive]

An example needs to be set. They should be sued for issuing a DMCA notice in bad faith.

[rdl]

I'm curious who has standing. One of the people who posted/commented in the original thread? A user who wanted to learn about CipherCloud? StackExchange itself?

[zapdrive]

I think it should be StackExchange. I wouldn't mind pooling in for legal fees, if they start a fund or something.

[shardling]

Actually, is a DMCA notice against something that's fair use technically bad faith? You are still violating their copyright, you just have a defense against it in court.

Ultimately, whether something is fair use or not is the purview of the courts. Does the DMCA require you to make that judgement before submitting a notice? I would guess not.

And unfortunately, you can't sue people just for being jerks.

[joeframbach]

You can sue anybody for anything. The outcome of such action is not guaranteed either way, however.

[analog]

The damage to their reputation should be quite a good example. Nowhere near so many would have heard of this if they hadn't issued the takedown.