Eventually, the article discusses the murky legal status of such hacking in the EU.
It'd be nice to imagine that, for large industrial equipment, buyers could squeeze DRM-happy suppliers out of existence. Vs. in reality...
Eventually, the article discusses the murky legal status of such hacking in the EU.
It'd be nice to imagine that, for large industrial equipment, buyers could squeeze DRM-happy suppliers out of existence. Vs. in reality...
The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.
In what universe this is not sabotage?
I think it's fair to say the manufacturer is intentionally introducing vulnerabilities to a nation's critical infrastructure. Is it possible for a sufficiently motivated actor to shutdown trains in Poland remotely? I'm doubtful the engineers used best practices when implementing such a function.
Hide a GPS spoofer (illegal) at a central train station to make all trains believe they are at the forbidden workshop location and make them brick themselves? Could it be that easy?
Is there such thing as GPS spoofer? I would guess only JAMMER is possible.
You can spoof GPS. It just needs be in the sky, and JAM at the same time. In theory it is possible?
It just needs be in the sky
The target doesn't need to be airborne for such an attack to work.
A "proof-of-concept" attack was successfully performed in June 2013, when the luxury yacht White Rose of Drachs was misdirected with spoofed GPS signals by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin.
The target doesn't need to be airborne for such an attack to work.
I mean, the spoofing signal needs to usually come from sky. You want to hinder the original signal and makes yours stronger. Of course, signal can be reflected and there are other means to reach this.
Can you elaborate on why you think that "the spoofing signal needs to usually come from sky"? As far as I understand, it literally never comes from the sky, in every single case it involved ground-based transmitters.
The GPS system doesn't use the direction to the GPS satellite for localization but rather only the distance i.e. timing, so spoofing GPS is based on accurate control of the time of the transmitted (or replayed!) signals.
The GPS system doesn't use the direction to the GPS satellite for localization but rather only the distance i.e. timing, so spoofing GPS is based on accurate control of the time of the transmitted (or replayed!) signals
GPS uses Signal-to-Noise ratio for determinating the signal quality and integrity. Horizontal signal will suffer pretty fast. Especially if your receiver is sophisticated and could actually detect the signal strength (power) outliers. If you want to spoof GPS signal very well, it should be also weak. But weak signal will quickly disappear with ground-based transmitters.
I used ”strength” incorrectly on the previous comment.
GPS spoofing is generally done at limited range and line of sight so the fact that "horizontal signal will suffer pretty fast" and having the range limited by terrain and curvature of the earth is not a problem but a feature that the spoofers generally want - affecting the target, but not affecting people 500 miles away; and sometimes even explicitly doing that from a pit so that spoofing or jamming affects airborne targets but not those on the ground.
And regarding "If you want to spoof GPS signal very well, it should be also weak" the scenarios I've seen (e.g. targeting drones in current conflicts) often explicitly target non-sophisticated commercial off-shelf GPS modules that don't attempt to detect spoofing and will gladly accept a signal that's 100 times louder than the actual satellites, so I think the spoofers often have no desire to do it "well" according to your criteria.
You can buy this bad boy and hook it up to a software defined radio and it will spoof away!
https://safran-navigation-timing.com/product/skydel-simulati...
Yes[1], and is a regular occurrence.[2] It was also the method by which Iran stole a US drone.[3]
[1]: https://en.wikipedia.org/wiki/Spoofing_attack#GNSS_spoofing
[2]: https://www.ainonline.com/aviation-news/air-transport/2023-0...
[3]: https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incid...
GPS C/A signals are pretty straightforward to generate and not authenticated.
It only bricks if they're there 10 days.
Hide a spoofer on the train itself, this way you can target any train anywhere
Yeah, trains tend to have large cabinets inside, and not like those cabinets are opened and inspected every day.
I would imagine it only works while trying to service the train (or at least while the train thinks it's being serviced).
Any where the corporations have done successful regulatory capture of the legislation.
I bet the fine print on the sales contract is pretty darn small.
If it was a documented anti-theft feature it could be legit. A state could theoretically have some use for the proverbial 'blow up your own bridges when you are invaded' sort of measures.
Ignoring the lack of disclosure of what should be a selling point and that there hasn't been a case of trains being stolen for later illicit reuse in recent memory.
I'm fine if DRM cuts both ways. Manufacturer is free to try locking things down as long as that's disclosed, I'm free to tamper with something I own. They own the trains.
DRM is not merely a technological issue; it's a legal one as well.
Yes, by "free to" I mean it's legal to.
It's only DRM if it's from the Article 11 region of the WIPO Copyright Treaty; otherwise, it's just sparkling obfuscation.
Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.
(DRM's a silly name, anyway; it should be called "technological measures" or "technological protection measures" or something.)
I think it's meant as a derogatory term cause people hate DRM. Like, I don't feel entitled to pirate movies, but plenty of times DRM has gotten in the way of legally watching movies I paid for.
Digital Restrictions Management is a backronym popularised by the EFF, but DRM is the actual legal term used in the US, and doesn't necessarily carry a derogatory meaning.
I disagree, DRM actually is seen as an extremely negative thing. Perhaps people who work to create DRM don't think it's a negative but saying someone's work is DRM is actually a pejorative statement.
taking my BMW to the shop to do a DRM delete
I don't know, I've never happily acknowledged the existence of DRM. I'm from the US and, as far as I can tell, I and people in my periphery see it as a negative and use it as basically "This f-ing DRM is always preventing me from watching my movies in 4K even though I paid for 4K" kinds of situations
I used to never curse. Apple TV HDCP DRM was the first time.
In this particular case though, railway companies are usually part of the government which enacts and enforces those laws.
Right, they should just not purchase DRM'd trains. We're not hearing the part of the story where someone made that bad decision.
That, too. Independent repairability should've been part of the requirements in the purchase contract.
One that challenges traditional notions of property rights when attempted to be enforced in this manner.
They might win in the short term but I can't imagine that would serve the train company well in the long term - lawmakers (who are typically octogenarians) often don't understand how software restrictions limit use of equipment traditionally enjoyed under property rights until they're interfered with. Like a train being geofenced.
I’m not actually ok with companies using DRM to brick public infrastructure.
The manufacturer should be put out of business.
Trains are critical infrastructure. Intentionally introducing vulnerabilities deserves the corporate death penalty and prison time for those involved. Best make an example out of them, lest the others get ideas.
If they really wanted to, they could certainly pursue criminal charges for sabotaging rail infrastructure. Possibly even capital charges.
I don't think Newagg stands a chance. The hackers didn't hack a third party IT network/system. They hacked a train that was owned by the railway company, not Newagg.
Personally I object to calling it hacking (it the popular/mass media sense).
If a company hires me to inspect their systems, and it's not shady (i.e. everything seems legitimate), then I'm not hacking anything. It's really no different to working on a CRUD (well, it's more interesting :)).
There might be some legal provisions (DRM laws, some EULA, etc.) that muddy the water. But that doesn't change the fact, that I can't find any ethical problem with what the Dragon Sector folks did[1]. And for me hacking is something unethical--criminal aspect is secondary.
[1] based solely on the articles I read
Given that the word "hacker" originated in the model railway world, I think its the perfect name here.
Ha, I didn't know this (I'm serious!), thanks!
Ethical hacking is a thing. And it is definitely hacking in the sense that they did something someone attempted to prevent them to do, and from a technical standpoint, it is not much different to what criminals do. Hacking a train so that it accepts third party repairs and hacking a credit card reader to steal your money make use of the same techniques. And for me at least, hacking is about technique, not ethics.
The ethical distinction is between white hats and black hats. The people in the article are white hats, that is, they work legally, ethically, and they are open about their activities.
Note: I mean hacking as it is most commonly known now. Not MIT-style hacking.
What I meant wasn't about HN, but about the "outside" world--I don't think "hacker" is a positive word among general public. And they did positive work--they helped train companies and revealed some Bad Stuff going on. If police takes someone's computers, then it's forensic investigation performed by forensic investigators, and not hackery performed by hackers.
But of course on technical forums like HN we call it hacking ("we" includes myself).
To address some of your points:
they did something someone attempted to prevent them to do
Well, Newag claims they didn't add any shady stuff to the firmware, i.e. they didn't prevent anyone from anything. Which means Dragon Sector didn't break any protection mechanism, they were just debugging potential glitches! :)
I've debugged a lot of software in my life and no one has ever called me "hacker" for finding that missing CSS class :)).
Hacking a train so that it accepts third party repairs and hacking a credit card reader to steal your money make use of the same techniques.
This is a very low level discussion ("low level" as in "assembler", and not intellectually, for the lack of a better word), but in this case there's one significant different--train firmware is supposed to be unchanged (according to Dragon Sector).
And credit card reader's fw has been modified.
So for me, again, they acted as forensic investigators/"debuggers".
The ethical distinction is between white hats and black hats. The people in the article are white hats, that is, they work legally, ethically, and they are open about their activities.
Yes, I agree. But I would still prefer if the non-tech world called them something like "forensic investigators", as white hats are still a kind of hackers.
Isn't disassembly illegal in EU, because [something something] IP yada yada?
Still, to put such restrictions in code and threaten the people who found them with legal action... I'm not even sure how to describe it.
Exactly opposite. EU high court ruled that you are free to decompile software to fix bugs etc. Also, in Poland at least, it used to be legal to even crack software that you own for the purpose of making backup copies etc (not sure how it is now)
https://www.traple.pl/legalna-dekompilacja-programu-komputer...
Article in polish, but you can auto-translate easily.
They have deep pockets - all they have to do is grind them down, and they win by default. What’s legal or not is practically irrelevant when you’re dealing with individuals vs a corporation.
the railway company might also have deep pockets
Some railway specialist also noted that some of the trains that were publicly known to be part of this have explicit registrations that make the owners also fully in their right to decide about their maintenance.
They hacked a train that was owned by the railway company ...
The article seems to say the hackers were hired by the maintenance place that the owner of the trains (Lower Silesian Railway) hired.
Newagg is the manufacturer of the trains which were bought, not the owner of them.
The legal system may be quite different in Poland to whereever you are (assuming it's not Poland). Also many products these days have a licence/EULA that supposedly prevents you doing certain things.
Janusz Cieszynski Former Minister of Digital Affairs
https://twitter.com/jciesz/status/1732411016221524070?s=20
translation: > The president of Newag contacted me. He claims that Newag fell victim to cybercriminals and it was not an intentional action by the company. The analysis I saw indicated something else, but for the sake of clarity, I will write about everything.
What interest would cybercriminals have in bricking trains at only independent repair centers? This is a ridiculous claim.
Black flag operation, by competition pretending to be Newagg? But that is plot-of-cartoon-villain level of nonsense.
Ah, thanks for the laughs.
To bring Newag down if they don't pay the ransom, of course. Cue brainpower meme.
If their train software contains patches by cybercriminals that they were unable to detect but a third party hacking group without documentation were, how can we possibly believe that the train's software is safe? Surely the hackers could have put some other bugs in there.
Exactly. If they "fell victim to cybercriminals" who entered backdoors in the code (that they didn't know about for over 2 years!) then Newag should instantly recall all trains for inspection.
Contrarily, if they _knew_ about it, and didn't tell anyone, then it's even worse.
Hey, but what about that *physical* undocumented module that allowed to control the train?
Aint it at least the proof of something shady?
Of course they won't straight admit they've been screwing their customers, so they need a bullshit excuse.
It doesn't make any sense either: "falling victim to cybercriminals" who entered GPS coordinates of all competitors in the code, to make competitors-repaired only trains down - sounds legit! That's exactly what cybercriminals do!
Executive 101: Blame the techies.
The moment I heard about this event, I knew that it was only a matter of time before the offending company executives would be blaming the developers. Interesting that their particular path forward is blaming malicious third party developers because the next thing that happens is someone interviews their devs and finds out that they in fact are the people who put this in. At the behest of middle management who behested at the behest of upper management.
My prediction is that we'll soon be hearing about how upper management would never have told a developer or middle manager to program this in and it's the lower level guys who have gone rogue which is why they blamed cybercriminals.
A lot of philosophy and poetics go into software engineering ethics that I find uncompelling at best. However, the pair of "why would you want to injure someone you don't even know" and "you will be the one blamed" feels to me to cover 95% of what software ethics claims to.
But if that's true, then what ground does the train company have for threatening the hackers? If you got hacked, then we weren't breaking your stuff. We were just undoing damage that someone else did to you as well as to your customer.
"During the height of the pandemic, I wrote an article about how a Polish hacker had developed a dongle that was being used by American repair professionals to bypass DRM on ventilators needed to keep COVID-19 patients alive."
That's extremely evil. I'm not emotionally invested in right-to-repair like many others here are, but it's corrupt that DRM is causing/has caused difficulty in operating things necessary for people's survival. Shame on these companies.
Those who want to convince others of right-to-repair should point to cases like this because it's the #1 thing that makes me want to rally behind it too.
Am I correctly reading your implication that, although this is a strong point in favor of the right-to-repair movement, you remain personally unconvinced in it as a whole? If so, what's holding you back from being fully convinced?
I feel the opposite of him. I don't like DRM, I do like DRM circumvention--I like tech in genral--but if we have DRM to protect intellectual property and enforce licenses and contracts, I have no problem with ventilators also being DRMed.
If a person who decides to make pop music can DRM their work, why shouldn't a person who goes into life saving tech DRM theirs? "think of the children!" Hey, if you care so much about the children, pay your bills. Covid caused unforseen problems? you know what? they were unforeseen.
The person who created the life saving tech already saved a bunch of lives, those lives are still saved, and it seems a little ungrateful to claim they haven't done enough for you.
Maybe there are more important things than a bottom line.
so, if I go into a frivolous profession, fashion say, I can work as little or as hard as I want? but if I go into a serious life-saving profession which you ostensibly value, my work product must belong to you as if I'm your slave? Maybe principles of individualism and autonomy are more important than the greed lust of the collectivist mob.
and btw, what you said is completely obvious to the point of dreary cliche, "things more important than the bottom line", like Phoebe's realization on Friends that she and her mother had a lot in common because turns out they both love pizza and puppies.
What I said was food for thought and unexpectedly (in an inside out sort of way) explanatory toward the question asked by the comment I was replying to.
maybe you could stop stopping and smelling the flowers on the road less taken for a minute and consider ideas with depth, it might make all the difference.
I don't know why your tone is so combative in the second paragraph, and in your further reply to another user down below. No one said anything here to warrant it.
I think you point to a real conflict of interests though where some may feel less motivated to work on life-saving tech if they aren't compensated for it. Here in the UK, the government launched a scheme called "Eat Out to Help Out" to help support businesses like takeaways which had understandably had low revenue during COVID. I would have been happy to see a subsidy (and pay a tax towards it) for companies manufacturing life-saving tech if it was the only sustainable solution.
I think it would be good for society if right-to-repair laws were passed but I just feel indifferent towards the topic and would rather spand time and energy caring about something that I feel (to me personally) is more important.
This is probably the thing https://hackaday.com/2020/07/15/diy-dongle-breathes-life-int...
It's not quite as bad as it sounds - the hack allowed people to buy second hand ventilators and fix them up which I guess is handy in an emergency but could create safety risks if the thing then fails when a patient is relying on it.
A opposed to it failing immediately, and the patient never being able to rely on it...
In that spirit of horrendous stories that make you want to support laws on your right to own the physical hardware you bought: have you heard about the airbag for bikers that is subscription only and doesn't activate if your subscription is not up to date.
https://jalopnik.com/this-dystopian-biker-airbag-crash-vest-...
If they get in trouble for repairing a goddamn train, what chance do we have to keep the right to repair our phones?
I hate living in (techno)feudalism, I thought we moved past that...
Newagg are probably more concerned about the knock on their reputation and future sales than actually caring what the hackers did.
Their bellicose behavior will only further tarnish their reputation. And the Barbara Streisand effect will ensure that everyone knows about it. Not a very wise move in a liberalized European market where news travel fast and competition is ruthless.
This time around corrupting the national politicians won't cut it to get the contracts — the European regulator is keeping a close eye on this and it's not known for being complacent with attempts to bypass its oversight.
Well, I, for one, surely won't be buying any trains from them!
You jest, but the odds are rapidly increasing that they encounter someone in charge of the purchasing decision who won't work with them on principle.
I have friends who work indirectly in rail systems procurement in Canada. If they don't know about this already, they will soon from me.
As well they should be.
They really should be concerned about knocks on their door at 4 am.
I thought we moved past that...
We have barely even started.
While I understand DRM problem, there should be concerns about safety indeed. Unauthorized access to operating system of public transport could be abused in many bad ways.
There is no unauthorized access when the owner of a train hires a company to service it.
If they bought it with knowing about DRM and they sign contract about it, it's technically "unauthorized".
Why buying DRM things in first place?
If they bought it with knowing about DRM a
well, they didn't. No single word in manual about that. Also the locks are illegal vs. EU wide regulation about train maintenance.
Then they should sue manufacturer for hiding technical details.
Trains did not have DRM in sticker price.
Companies bought trains with „full technical documentation and service instructions” - I put it in quotes because all the locks and „DRM” stuff was undocumented and producer is claiming they never put anything like that in the first place.
This is sure to backfire and increase attention to NEWAG's own alleged criminal behavior.
NEWAG executives & those responsible should face criminal charges for conspiracy to defraud in addition to libel.
It's clear that NEWAG knowingly lied about alleged malfeasance from the third party repair shops, and took advantage of their sabotage to incentivize if not require their customer to pay for service at NEWAG's own repair shops.
I would love to see criminal charges on this one, especially if they come under a computer hacking law, as that might set a great precedent for consumer protections. Unfortunately it will probably be more like a fine if anything.
Hacking? No. This is simply sabotage for the purposes of extortion.
That would be lovely, but it depends on how the media presents it (I can see the image of a hooded “hacker” being used and the story being “hackers intrude into trains, face criminal charges, government demands investigation and hardening of DRM to prevent future illegality which poses a risk to the public”), and on how much cash they’re willing to throw at it to crush the hackers with civil and criminal suits.
The story I read said that the repair delays impacted train schedules (owing to fewer trains in operation). Potentially millions of people had their life disrupted because of corporate greed.
Seems like a slam dunk public outcry.
Related:
original news story discussion just over a week ago: https://news.ycombinator.com/item?id=38530885
And the followup from the company
Polish train maker denies claims its software bricked competitor rolling stock https://news.ycombinator.com/item?id=38570654
More late quality from 404
Thanks! Macroexpanded:
Polish train maker denies claims its software bricked competitor rolling stock - https://news.ycombinator.com/item?id=38570654 - Dec 2023 (2 comments)
Dieselgate, but for trains – some heavyweight hardware hacking - https://news.ycombinator.com/item?id=38567687 - Dec 2023 (289 comments)
Polish trains lock up when serviced in third-party workshops - https://news.ycombinator.com/item?id=38530885 - Dec 2023 (357 comments)
I think there may have been others?
The story is missing a lot of details. It says very little about the role of Lower Silesian Railway, the company that that purchased the train from NEWAG and hired SPS to repair the train. Did Lower Silesian Railway (LSR) know that NEWAG expects that the trains need to be repaired at NEWAG facilities? Did LSR know about the technological measures implemented by NEWAG? What was in the original procurement contract between LSR and NEWAG? What is in the repair contract between LSR and SPS? Why is NEWAG still providing updates/LSR installing NEWAG updates for trains that are no longer under NEWAG's maintenance?
The issue is complicated. So far there's no proof for Newag involvement. It's very different to how security researchers publish their results. All is based on hearsay.
Gynvael Coldwind - one of the guys from Dragon Sector (but probably not a member of the team that hacked those trains)
wrote an article about why company's line of defence that malicious code could be injected is flawed
https://gynvael.coldwind.pl/?id=777
It is mostly about reverse engineering, compilation process, how thing are laid out in the final binary -.text, .data sections, offsets and stuff like
i think people should be allowed to tinker with stuff. why not. it is ok to.memif.that voids the warranty tho. fair enough.
its a bit funny in.this case the company first claims.it doesnt brick stuff, and subsequently threatens these guys.. did they lie first? that seems bordering criminal for a company to do... just admit it :/. 'yes we drm our crap and brick stuff with anti tamper detections'. how hard is it...
hope dragon sector doesnt get into trouble, they do amazing work!
I hate the article is using DRM as explanation. It has nothing to do with DRM or anything with preventing software from being tampered with.
It was parts of software included by producer to make 3rd party shops look incapable of servicing. Placed there in a sneaky way.
DRM makes it look like official documented tampering prevention - article itself is good. Use of DRM in title and in article is just wrong.
From the articles in relevant media, I gather they have got themselves a very good attorney. There's a possibility Newag might be in hot water, because sabotaging trains like this smells of criminal offense. Which is why they huff, puff, and try to employ scare tactics.
Here's a direct link to the article with Dragon Sector answers to Newag's statement:
https://www.rynek-kolejowy.pl/wiadomosci/hakerzy-odpowiadaja...
Fasten your seatbeats, it seems there's a lot more details this time. For instance, the say they have a before/after Newag service diff of the firmware, and there are interesting changes there.
If that's true, then the "rogue hackers" must be sprinkled inside Newag :).
Holding the railway system hostage should make even the most short-sighted realize that DRM is an assault on national sovereignty.
I will say my takeaway from this story is manufacturers screwing over their users to make more money isn't a "you are too small to fight back problem" but unmitigated greed.
Jailbreaking your train should be legally protected, but I don't know anything about Polish circumvention laws.
The manufacturer is trying to evoke "murky status".
But both national law states it's OK, and there is a ruling by Court of Justice of the European Union stating that Reverse Engineering done by owner even of a program license (EULA style) to make it work or fix errors is legal.
If the law is huge and complex, and a large company wants to make your life hell...
I don't think this is true. I think the legality of what they did is totally clear under article 5 & 6 of the EU Computer Programs Directive. https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32...
Reverse Engineering (Decompiling) software that you own to fix errors and allow interoperability is explicitly allowed.
I think this should be filled under sabotage of critical infrastructure.
It is either that or DRM means the OEM gets to remotely shut down entire train network whenever they like? Imagine the money one could make with such a service.
yeah screw this. if they are claiming that they hacked their DRM they should absolutely counter sue that this DRM counts as sabotage and/or domestic terrorism. There was literally code in there that told the trains to stop working after X date if it sat still for X amount of time.
That's bonkers. And criminal.
Prosecution started working from statues that talk about crimes of preventing someone from operating, as well as manipulation or prevention of proper handling of data relevant to national security and/or transportation.
Neither cares about breaking DRM or IP, but third party (including vendor) manipulation.
Yes, imagine if a individual did this and not a company. A individual would probably go to jail.
From what I gathered in Polish media, the Dragon Sector's attorney has implied they are eyeing exploring this possibility legally.
I don't think that you are reading that like a lawyer would.
For example article 6, part 2 (a) does not allow the information retrieved to be used for any purpose other than establishing interoperability. The hackers stepped over that line when they released some of what they discovered for the purpose of publicly criticizing the manufacturer.
There's ECH ruling that fixing errors is legit case of interoperability.
I hope that you are correct.
I fear that (allowing for the "someone with enough money and lawyers can make your life hell" effect) you are not.
There was an EU ruling on the subject, this year, stating explicitly that you can decompile software to fix bugs, under certain restrictions.
https://www.traple.pl/legalna-dekompilacja-programu-komputer...
The article is in polish, but auto-translate should do it's job easily.
Newag's revenue is about $300 million. This isn't Siemens.
DRM is, generally, about whether or not you can copy the files, or how you use the software (whether it's licensed use).
This isn't DRM (though that's bad too). It's far worse. It's ransomware, they hijacked trains. Everyone involved should be locked in a dungeon for the better part of a century.
In some EU countries it's also legal to reverse engineer computer programs fully when compatibility with other computer systems is the goal. Without the need from any authorisation of the copyright holder and it doesn't have to be buggy or broken.
That's EU-wide law, plus the EEA.
We also have this right:
The person having a right to use a copy of a computer program shall be entitled, without the authorisation of the rightholder, to observe, study or test the functioning of the program in order to determine the ideas and principles which underlie any element of the program if he does so while performing any of the acts of loading, displaying, running, transmitting or storing the program which he is entitled to do.
Article 5(3) and 6.
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32...
But those articles in no way gives one the right to harm the rightholder's business practices. For example by exposing them to public criticism. That potential limitation is implied in both 5.3 and 6.2.a.
I don't know what other provisions of EU law might apply here. But it is literally the job of the lawyers issuing the threats to find potential gotchas like that. I would assume that they are competent.
you cant call breaking someone elses property a business practice
Similarly it's criminal to put undisclosed lockouts preventing owner of the device from using it.
Oh, I didn't know it was an EU-wide directive. Estonian copyright law has contained that paragraph since 1992.
Not only that, the article being from American media, even with the footnote, the commenters, miss the whole point about copyright being exclusively American concept and we don’t have this in EU. We have IP and authorship rights that work differently. See last part for explanation: https://thehftguy.com/2020/09/15/french-judge-rules-gpl-lice...
since when copyright does not exist in Europe?
For instance, in Poland (which is in Europe) you have all rights to create copies of software, music, movies, for your personal use after paying for the original copy. You cannot do this under copyright which strictly forbids you from creating copies of the original media. Copy-right, as a right to create copies.
In this meaning, copyright is not the same as authorship rights, which is a basis of intellectual property protection in Europe.
Similarly for software patents, they do not work in EU.
That was 2020. The case evolved in favor of the GPL, see e.g. https://www.april.org/violation-d-une-licence-libre-entr-ouv...
I suspect that the legal differences are less than claimed.
The first test of an open source license in court was https://en.wikipedia.org/wiki/Jacobsen_v._Katzer. It was initially lost on a somewhat similar argument. Namely that it was a contract, not a copyright license, and then was an unenforceable contract and therefore invalid. This decision was reversed on appeal.
I have no particular reason to believe that the first French judge to rule on an open source license did a better job than the first US judge to do the same. Both ruled against the license.
It's strange. Usually the competition for train contracts is quite fierce and train operators have a lot of power dictating terms.
This is not some david vs goliath thing.
European Railway Agency, through EU directives, secured unbundling of maintenance& repair operations from vendors. Vendors no longer are allowed to claim trade secrets or IP as reason for not providing complete and effective maintenance & repair documentation suitable for performing all levels of maintenance.
Since then, MRO is purchased through separate tender process - and NEWAG didn't win several times.
Yeah, the more I look into this the more dire this looks for Newag.
Trains are often, somehow or another, public infrastructure. (In Poland it looks like they are run by state-owned companies, mostly?) Countries should work in the interest of their populations, so really we hope David vs Goliath here, except Goliath is the good guy and also hopefully wins.
This is a consequence of the train operator winning a court judgement to permit them to use third parties for servicing the trains, followed by "technical measures" of the manufacturer to cripple the trains if this was actually done.