Digital Signatures: Prelude

For many, the word “encryption” has a mysterious quality that invokes images of math virtuosos in secret bunkers working feverishly during wartime to break the enemy’s coded communications. My first exposure to encryption came in 1996 when I began working with Paul Kohut on the first version of CADLock software for locking AutoCAD drawing files. After overcoming my initial struggle to understand the terminology and get a handle on the mathematics behind encryption, I realized that it wasn’t nearly as mysterious and complicated as it first appeared.

I knew it would take a long time for encryption terminology to become standardized and commonly understood by laypersons. From the first days of CADLock, we recognized that the key to success for our software was going to be our ability to educate consumers about our technology, it’s possibilities and its limitations, its strengths and its weaknesses, what it could do and what it could not do. I felt that we needed to be realistic and patient while we waited for the market to catch up with our technology at its own pace. In the meantime, we needed to resist any temptation to needlessly bandy about sexy buzzwords like “encryption” lest we delay our mission by further muddying the waters in an already crowded ocean of technical jargon.

This recognition of the need for patience and perseverance has led me on a personal crusade to prevent encryption terminology from being perverted or hijacked by overeager marketing departments and uninformed experts. I’ve also tried to nudge the learning process along by adding my two cents whenever the opportunity arises. With this last goal in mind, I have prepared the following three part essay about digital signatures, tailored for the CAD industry. This is not written to academic standards, nor do I claim to be the final authority on the subject. Let me be clear about my agenda: I hope that furthering the common understanding of encryption related technology such as digital signatures will indirectly help sell more CADLock software!

What time is it?

AutoCAD 2004 introduced the ability to digitally sign drawing files when they are saved, but very few people use this feature. Even fewer use the time stamp feature that goes along with it. Time stamping a digital signature is important when it’s not only important to know *who* signed it, but also *when* they signed it.

For time stamping to be reliable and trustworthy, you need an independent (and trustworthy) third party to provide the time stamp, along with a verifiable receipt so that anyone can verify the authenticity of a claimed time stamp in the event of a future dispute.

Since the inception of the digital signature feature, AutoCAD has included three default time servers for this purpose. Unfortunately, none of the three are accessible any more. If you need to digitally sign drawing files with a time stamp, you’ll have to modify this list of time servers.

The list of time servers is maintained in a file named timesrvr.txt in the AutoCAD installation folder. You can edit the file with notepad, and the format is obvious and straightforward when you view the file.

If you just want to play around with time stamps, try adding the following to the end of the file (you do not need to restart AutoCAD to see the new servers):
NIST A [Maryland] (time-a.nist.gov)
NIST B [Maryland] (time-b.nist.gov)

As of this writing, both of these NIST servers are available and working, but you get what you pay for. For officially incorporating time stamped digital signatures into your workflow, I recommend subscribing to a commercial time service with guaranteed uptime and a web based time stamp verification console. I can’t recommend one, because I have never used a commercial time service myself, but a good place to start is the list of public time servers maintained by NTP.org at http://support.ntp.org/bin/view/Servers/.

AutoCAD drawing files: possession is 9/10 of the law?

The title sums up the puzzling conclusion in a recent 6th Circuit Court of Appeals ruling (CA6 Grusenmeyer Decision.pdf) in a decision about a copyright infringement claim filed by Cleveland architect Jeffrey Grusenmeyer.

Grusenmeyer had contracted to provide a “master plan” for Magnificat High School. The master plan was provided to Magnificat in hardcopy format, Magnificat paid the architect $15,000 as agreed in the contract, and the project was apparently concluded. Some time later, a Magnificat facility manager requested DWG files for “personal use”. Grusenmeyer asserted at the time that he retained all rights to the DWG files but agreed to provide them on the condition they only be used internally and not be further distributed.

Fast forward to the eventual “request for proposal” for an anticipated new building at the school. Upon request, Magnificat provided the Grusenmeyer files to the defendants (a competing architectural firm), who then used portions of the files in their winning proposal. The defendants were aware that Grusenmeyer claimed copyrights to the files, but they used the files anyway. The appeals court notes that “[a]ccording to the individual DSC architects, such reliance on drawings of existing conditions is routine in the industry.”

In affirming the district court’s summary judgement in favor of the defendants, the appeals court noted that the contract between Grusenmeyer and his client (Magificat High School) provided that Grusenmeyer would “provide a master plan for the implementation of the capital improvements program, including plans, renderings, and perspectives suitable for use in presentation and future reference during master plan implementation.” They concluded that this “plain language” gave Magnificat permission to send the AutoCAD DWG files to Grusenmeyer’s competitor.

The district court had previously ruled that Grusenmeyer’s drawings were not sufficiently original to warrant copyright protection, but the appeals court did not address the copyrightability issue at all, dismissing the infringement claim out of hand with their opinion that Grusenmeyer had already given Magnificat carte blanche copyrights to the files vis a vis the quoted clause in their contract — even though the files were never provided as part of the contract!

I think the court erred in determining that the DWG files were subject to the terms of the master plan contract (its incorrect interpretation of the contract notwithstanding), but what I find really surprising in the ruling is the appellate court’s complete disregard of the plaintiff’s claimed and federally registered copyrights.

The moral of the story
If you are providing electronic files, don’t rely on copyright law alone to protect your intellectual property. This case reinforces the 3 C’s for protecting AutoCAD DWG files: copyright, contract, and CADLock.

Update
William Patry (Senior Copyright Counsel, Google Inc.) writes about this case at The Patry Copyright Blog: Make Sure the Contract is Signed.

Do you use protection?

If you were at AU this year, you may have seen some of my take5 and AUGI friends wearing blue T-shirts with this tag line on the back. This year my CADLock compatriots (Dietmar Rudolph of Germany and Steve Johnson of Australia) were both at AU, so we decided to have a little fun with this protection theme. We brought some “protection” to go along with the shirts (no, those little matchbooks did not contain matches).

Now that you’re back home, I hope you’ll take a few minutes to learn how to protect your AutoCAD drawings. You can download CADVault for AutoCAD from the CADLock web site and run it in fully functional evaluation mode to see for yourself how CADVault can securely lock your AutoCAD drawing content.

Help fight IP theft: practice safe CAD!