Graf 1, sentence 1: "a few board threads" -> Internet's current most important programming forum.
Graf 1, sentence 1: "contributed to by our competitors" -> Smoke screen, unsupported, irrelevant.
Graf 2, sentence 2: "basically admitted they really didn't know the facts" -> Because the facts weren't provided, the contributors set about reversing them from published material, the point of the thread.
Graf 3, sentence 4: "does use publicly available, well researched, and NIST validated cryptographic algorithms" -> Virtually all cryptography anywhere can make a similar claim, and most of that code is broken. NIST validates primitives and a few basic constructions, but tying those primitives into a functional cryptosystem is outside their purview.
Graf 4, sentence 1: "for any customer deployments" -> Leaves open the question of whether they implement semantically insecure constructions in any setting.
Graf 5, sentence 2: "fundamental security features (full field encryption, randomization through IVs) were disabled" -> Randomized encryption isn't a feature, it's a fundamental property of a cryptographic construction.
Graf 6, sentence 1: "currently in the process of obtaining our FIPS 140-2 certification" -> FIPS 140-2 doesn't involve a rigorous analysis of cryptographic primitives; the crypto-specific components focus on use of NIST-approved ciphers and block modes, but do not assure that those primitives are used securely. To illustrate that point: every vulnerable version of SSL3 and TLS1.0 and TLS1.1 has had a FIPS-compliant implementation somewhere.
They should just be honest about their desire to suppress the use of their copyrighted IP in critiques of their product. They're in a competitive space, they're a small company, hard to manage their online reputation and build product, &c. The Reddit/HN/Stack Overflow scene wouldn't like that response, but it's better than this one, which actually creates more questions about their product capabilities.
I'm curious who has standing. One of the people who posted/commented in the original thread? A user who wanted to learn about CipherCloud? StackExchange itself?
Actually, is a DMCA notice against something that's fair use technically bad faith? You are still violating their copyright, you just have a defense against it in court.
Ultimately, whether something is fair use or not is the purview of the courts. Does the DMCA require you to make that judgement before submitting a notice? I would guess not.
And unfortunately, you can't sue people just for being jerks.
Graf 1, sentence 1: "a few board threads" -> Internet's current most important programming forum.
Graf 1, sentence 1: "contributed to by our competitors" -> Smoke screen, unsupported, irrelevant.
Graf 2, sentence 2: "basically admitted they really didn't know the facts" -> Because the facts weren't provided, the contributors set about reversing them from published material, the point of the thread.
Graf 3, sentence 4: "does use publicly available, well researched, and NIST validated cryptographic algorithms" -> Virtually all cryptography anywhere can make a similar claim, and most of that code is broken. NIST validates primitives and a few basic constructions, but tying those primitives into a functional cryptosystem is outside their purview.
Graf 4, sentence 1: "for any customer deployments" -> Leaves open the question of whether they implement semantically insecure constructions in any setting.
Graf 5, sentence 2: "fundamental security features (full field encryption, randomization through IVs) were disabled" -> Randomized encryption isn't a feature, it's a fundamental property of a cryptographic construction.
Graf 6, sentence 1: "currently in the process of obtaining our FIPS 140-2 certification" -> FIPS 140-2 doesn't involve a rigorous analysis of cryptographic primitives; the crypto-specific components focus on use of NIST-approved ciphers and block modes, but do not assure that those primitives are used securely. To illustrate that point: every vulnerable version of SSL3 and TLS1.0 and TLS1.1 has had a FIPS-compliant implementation somewhere.
They should just be honest about their desire to suppress the use of their copyrighted IP in critiques of their product. They're in a competitive space, they're a small company, hard to manage their online reputation and build product, &c. The Reddit/HN/Stack Overflow scene wouldn't like that response, but it's better than this one, which actually creates more questions about their product capabilities.