Did you ever wonder what press release writers do in their spare time? Given Autodesk’s recent trademark litigation with SolidWorks and related efforts by Autodesk to trademark “DWG”, and given the fact that US Patent and Trademark Office (USPTO) trademark examiners are known to use Wikipedia during their research, it doesn’t take an evil genius to realize that a little subversive editing here and there might be helpful to the corporate cause. So, I decided to use Wikiscanner to go spelunking through the labyrinth of Wikipedia editing history to see if I could unearth any nuggets.

It didn’t take long to find some interesting edits. For example, in the edit history for “SolidWorks” you can see that someone from an Autodesk IP address changed “and has since been copied by others like [[Autodesk Inventor]]” to “and is now part of the midrange CAD market along with [[Autodesk Inventor]]”. Eventually this changes to “and is currently a leader in the ‘midrange’ CAD market”, and from that to “It is currently one of the most popular products in the 3D mechanical CAD market” with a citation to a SolidWorks web page as evidence of the claim.

I expected to find plenty of quid pro quo, but I have to say, either SolidWorks’ press release writers are a lot sneakier than Autodesk’s, or they have a lot less free time. According to this list of edits from SolidWorks IP addresses, there haven’t been any edits made to Autodesk entries since about March of 2007. In October of 2006 someone from SolidWorks changed a few things in the entry for “Autodesk Inventor”, but then things appear to have cooled off considerably.

So what about “DWG”? The entry for “AutoCAD DWG” contains this edit from an Autodesk IP address made in January of 2007, but not much since. Two months later, someone from Autodesk changed “for that reason they constituted a consortium ([[OpenDWG]]) to develop open tools to access DWG data” to “for that reason they constituted a consortium ([[OpenDWG]]) to reverse engineer Autodesk’s technology and access DWG data”. Since then, things have been fairly quiet on the “DWG” front.

My conclusion is that blog posts like this one from Franco Folini at NOVEDGE Blog may have resulted in more strict internal controls being instituted over the editing of Wikipedia content. I have no doubt that it still goes on, but covertly enough to provide plausible deniability.

Ed Foster: Loss Of A Legend

InfoWorld columnist and legendary consumer advocate Ed Foster died over the weekend. Ed was a tireless crusader for consumer rights in the digital age, and he will certainly be missed. For many years Ed has authored GripeLine, where he called companies and politicians to task for abusive anti-consumer practices.

I’ve written before about how Ed exposed and publicised shamefully lopsided software license agreements, including Autodesk’s and Adobe’s. Recently, Ed commented about the May, 2008 Vernor decision (see my CAD/Court web site for more information about the Vernor case).

It will be no easy task to fill Ed’s shoes. We can be certain, though, that his work must go on.

Vernor Decision Making a Splash

From the NewsFeed on my CAD/Court web site:

“The court today issued an order denying Autodesk’s motion to dismiss the charges in the Vernor lawsuit. Normally such a denial is perfunctory and mundane, but in this ruling the court performs a breathtaking analysis of whether the AutoCAD software was a sale or a license, and reaches conclusions that, if not reversed, are certain to change the face of software sales in the USA. Technically, the scope of this order is limited to simply refusing to grant Autodesk’s motion to dismiss the lawsuit, but the implications of the judge’s analysis are almost stunning in their rejection of Autodesk’s legal claims. I’m sure you will be hearing much more about this order in the coming weeks, as the entire software industry will certainly take notice of this case.”

Digital Signatures: Practical Guidelines

We use digital signatures every time we visit a secure web site. Visiting a secure web site involves an authentication process that includes verifying the identity of the server by ensuring that its digital certificate, or “server certificate”, is signed by a trusted certificate authority. This verification process might involve verifying an entire chain of certificates from the actual server certificate up through one or more intermediate certificate authorities and ending with a trusted root certificate authority. This all takes place quickly and automatically before the web page is displayed in your web browser because the web browser includes built in logic to do this work without any user interaction. More importantly, the web browser warns us when the server certificate is expired or invalid.

The biggest obstacle when using digital certificates in a CAD environment today is not creating them, but easily and automatically verifying them at the receiving end. Even in a completely digital distribution system where everybody works from the CAD model, the various software tools we use to view and work with the model do not handle digital signature verification automatically in a standardized way. As long as downstream consumers of CAD data cannot easily and automatically ensure the trustworthiness of digital data, they will continue to rely on handwritten signatures on paper.

A second obstacle to the use of digital signatures is the difficulty in accepting that digitally signed data is only trustworthy while it remains in digital format, and therefore the digital file is the “record” document. There is substantial social inertia that must be overcome before a digital document can gain the same amount of trust as a paper document. Engineers and architects must deal with the specter of previously hidden meta data in their CAD models becoming part of their signed document, thereby exposing them to new liabilities that don’t exist with paper drawings. Construction supervisors must learn to refer to the CAD model instead of relying on hardcopy blueprints when resolving disputes or establishing responsibility for errors. Here I think it should be noted that the use of a digitally signed model does not preclude the creation of hardcopy blueprints. Those can be created and “wet stamped” separately at the same time the CAD model is signed digitally; or they can be created in the field for reference without any signature at all.

AutoCAD has supported digital signatures for several years, but using the built in functionality is limited to only individual DWG files, lacks support for co-signing (more than one person signing), and forces the signed document to remain in the proprietary DWG format or lose its signature. These problems can be worked around by using third party tools, but doing so requires recipients to use the same tools.

Over the past few years, many government plan review bodies have amended laws and administrative rules to accommodate digital signatures as part of the plan review process. Without standardization, however, organizations still struggle to effect the necessary changes in their workflow. A lack of uniformity in terminology from one set of regulations to another adds to the confusion. If you are involved in amending or creating rules or regulations that enable the use of digital signatures, you should use generic and well defined terms of art in the regulations, but supplement these with practical guidelines that mention specific technologies, software tools, and file formats that will meet the legal requirements and that you are capable of working with.

If you are an architect, engineer, or CAD manager working to implement digital signatures into your firm’s workflow, there are some concrete steps you can take to make the task easier. Start by segregating your distribution network into “digital-only” and “hardcopy” classes of downstream users. Begin the transition with the digital-only part of the network (perhaps only the plan reviewing authority, for example). Next, decide which file format to use for your digital “documents”. Rather than signing CAD files, many companies start by signing 2D output files such as PDF, DWFx, or XPS. These files are essentially digital versions of the hardcopy documents, so they are more familiar to a wider audience and avoid some of the liability issues of exposing formerly hidden metadata that lives within the CAD model files.

You’ll need to obtain a digital ID and establish internal policies for storing and accessing the digital ID so that only the owner of the digital ID ever has access to the private key. Windows includes a built in certificate manager that you can use to view and manage your digital IDs. To start the certificate manager, run the certmgr.msc management console by entering its name in the Start -> Run command window. Your digital certificate will be installed in your personal certificates folder along with a link to the private key stored in the Windows secure key repository. Make a backup of the digital ID by exporting it to a password protected PFX file. Once a backup is made, the private key should be marked as not exportable to further secure it.

If you want to create digitally signed AutoCAD DWG files, you can use the digital signature feature of AutoCAD to sign a drawing file either while saving it or after it is saved. You should also consider subscribing to a commercial time service (see What time is it?) to ensure that your signatures are accompanied by a reliable time stamp in case your digital ID becomes compromised at some point in the future. Third party tools like CADVault for AutoCAD even make it possible for different people to sign different parts of the CAD model, but such advanced functionality is not needed in most cases.

If you use different CAD software that does not support digital signatures natively, or if you choose to sign only the secondary files produced by exporting your CAD model to a different format, then you will need to use either tools specific to that format or third party tools that work with files of any format. Adobe Acrobat (PDF) and Microsoft’s free XPS Viewer both provide integrated digital signature tools that use the same digital IDs that you would use in AutoCAD, Internet Explorer, or Outlook/Windows Mail, and both applications are easy for recipients to obtain and use.

Another popular tool for managing digital IDs and signing files is an open source tool called GnuPG. GnuPG utilizes encryption and key storage standards called OpenPGP. OpenPGP is not compatible with the X.509 standard used by Windows and many other encryption tools, however it is an attractive alternative when cost or closed source tools are a prohibitive barrier. There are many other digital signature resources available on the internet for those wanting more information, or needing specialized tools.

Unfortunately, no matter what software tools or file formats you use, today’s CAD software and document viewers still do not provide the user experience that web browsers do when it comes to digital signatures. These problems can be overcome by end users, but ultimately they need to be addressed by the makers of the software tools we use. Software for handling digital data will need better user interfaces that allow users to easily specify which digital signatures should be trusted for which purposes, and provide requisite warnings when a document should not be trusted. I am confident that these improvements will come in the future, especially as more companies begin to use digital signatures in their workflow and demand for better digital signature support rises.

If you already use digital signatures with your CAD related documents, I would like to hear about it. Please leave a comment about your experiences, whether good or bad!

Autodesk Resale Prohibition Under Attack

I’ve just posted at CAD/Court about a new lawsuit filed by Timothy S. Vernor of Seattle accusing Autodesk of using fraudulent means to enforce its license agreement prohibition on reselling legitimately purchased software. This subject comes up often, and I think there is a lot of grass roots support for Mr. Vernor’s argument extending well beyond Autodesk customers.

The license agreement is not the central tenet of the lawsuit, but questions about its legitimacy do come into play. The legal principle involved is called the First Sale Doctrine, which essentially exempts buyers of copyrighted works from copyright infringement claims when they resell the work. The nebulous legal framework around so-called “shrink-wrap” software licenses, and the degree to which the First Sale Doctrine applies to software, is still an open question here in the US.

For those of you interested in learning more about the First Sale Doctrine, listen to this podcast discussion on the Technology Liberation Front web site.