1998 update: International legal protection for software

1998 Update: International legal Protection for Software

1998 UPDATE:INTERNATIONAL LEGAL PROTECTION FOR SOFTWARE Fenwick & West LLP

This report summarizes the legal protection available for computer software in most significant markets around the world as of January 1998. It also identifies changes in the availability of legal protection since the January 1997 version of this report. The methods of protection covered are copyright, trademark, patent and contract. The accompanying chart summarizes whether software is currently within the subject matter protected under the copyright or patent law of each country listed. Since the extent of copyright protection for a software work also depends on mutual membership in an international convention or a bilateral agreement, the chart identifies convention memberships. Certain bilateral agreements between the US and other countries are identified as well. Thus, for both US and foreign software, the current availability of subject matter protection in a particular country can be determined from the chart. Local counsel should be consulted, however, before distributing software in a particular market to confirm and update this information and to advise on the practicality of enforcement, evidentiary considerations and other protection mechanisms. Not all national laws or convention memberships provide retroactive protection for previously published or unpublished software, so the effective date of the law and the membership can be critical in determining whether a particular work is protected. Such issues of timing are beyond the scope of this report. This report also updates the status of recent legal developments related to encryption software and the liability of online service providers.

Recent Legal Developments Pertaining To Encrypti0nS0ftware by Edward J. Radio I n D e c e m b e r 1996, the US Commerce D e p a r t m e n t promulgated a n e w set of regulations covering the posting of encryption software o n the Internet. In this era of increasing c o m m u n i c a t i o n s over the Internet, there is a countervailing desire o n the part of comp u t e r users for privacy and confidentiality. Much of this will be accomplished via software encryption.While governments throughout the world have long placed restrictions o n all types of e n c r y p t i o n for national security and law enforcem e n t reasons due to fears regarding its use by terrorists and other criminals, recent developments reflect the recognition worldwide that the realization of the potential of electronic c o m m e r c e requires the easing of export controls o n encryption software. The United States, however, regulates the export of e n c r y p t i o n software more strictly than any other country. This has led to a spirited ongoing debate within the United States, embodied in several pieces of proposed national legis-

lation and in three Federal District Court cases. The United States cttrrently places n o restrictions on the import of e n c r y p t i o n software into the United States or u p o n its domestic use. In D e c e m b e r 1996, the US Commerce Department promulgated a n e w set of regulations coveting the posting of e n c r y p t i o n software o n the Internet. This had b e c o m e an issue because US law has long provided that any dissemination of an item to a foreign national constitutes an export u n d e r the export control laws. Thus, posting a piece of software o n one's Internet Web site constitutes an export of the software because persons throughout the world are capable of accessing that Web site to download the software. These regulations provide two methods by w h i c h the o w n e r of a Web site (a 'Web site O w n e r ' ) can be afforded protection from the harsh penalties of the export control laws and still post onto the Web site encryption software sufficiently strong that it would otherwise be prohibited for export.

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

21

1998

Update:

International

legal Protection

for Software

Generally speaking (and with n u m e r o u s exceptions), 'strong' means a key length of over 40 bits in the case of symmetric key ciphers, and a key length of over 512 bits in the case of asymmetric key ciphers. The first m e t h o d by w h i c h a Web site O w n e r can be afforded protection is to comply with a three-step procedure as follows: 1. The Web site's access control system, either through automated means or h u m a n intervention, must check the address of every c o m p u t e r requesting or receiving a download of software from the Web site and verify that the c o m p u t e r is located within the United States. 2. The Web site's access control system must provide every p e r s o n requesting or receiving a download of software from t h e W e b site with notice that the download includes or w o u l d include cryptographic software subject to export controls u n d e r the US Export Administration Act, and that anyone receiving such a transfer cannot export the software w i t h o u t a license. 3. Every person requesting or receiving a download of software from the Web site must acknowledge affn-mativelythat he or she understands that the cryptographic software is subject to export control laws u n d e r the US Export Administration Act, and that anyone receiving the software cannot export it without an appropriate export license. The second m e t h o d by w h i c h a Web site O w n e r can be afforded p r o t e c t i o n is b y "[t]aking o t h e r precautions, approved in writing by the Bureau of Export Administration, to prevent transfer of such software outside the US w i t h o u t a license". 15 C.ER. ~734.2(b)(9) 03)00. I n October 1997, the European Commission issued a nonb i n d i n g C o m m u n i c a t i o n that set forth a n u m b e r of policy guidelines o n the e n c r y p t i o n issue. The European Commission weighed in o n the enCryption issue in October 1997 with a non-binding "Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee, and the Committee of the Regions Insuring Security and Trust in Electronic Communications" This Communication set forth a n u m b e r of policy guidelines. For example, the Conlmission recognized that the exclusive military character of encryption "belongs to the past". The Commission n o t e d that intern a t i o n a l treaties, c o n s t i t u t i o n s a n d laws guarantee the fundamental right to privacy, including secrecy of communications, citing Article 12 of the Universal Declaration of H u m a n Rights, Article 17 of the International Covenant o n Civil a n d Political Rights, Article 8 of the E u r o p e a n Convention o n H u m a n Rights, Article F(2) of the Treaty o n Europe and the European Data Protection Directive. The Commission n o t e d that the large variety of export

schemes in place b y the m e m b e r European countries can lead to a distortion of competition, and can undesirably slow the development of electronic commerce. These export schemes must be consistent with the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual Use Goods and Technologies (19 December 1995) and the DualUse Regulation (December 1994). As to the individual European countries, France is cutwently the only one that imposes domestic controls on the use of encryption. French policy began to liberalize with the TelecommunicationsActof 1996 (whose implementing decrees have not yet b e e n enacted), which stated that the French national interest in encryption resided not only in defenCe and security but also in "the protection of information and development of communications and security for transactions". French law still requires prior authorization by the government for the use of all encryption.The use of strong encryption is prohibited. In January 1998, the French Prime Minister announced a review of French encryption policy. In the United Kingdom, the only restrictions currently in place o n e n c r y p t i o n are those o n exports, p u r s u a n t to a 1939 statute. No export license is required for 'generally available' software. Export of e n c r y p t i o n software by means of posting on the Internet is apparently not restricted, as long as one does not export to embargoed countries and one conforms to the Official Secrets Act. Export of e n c r y p t i o n software from Germany is regulated only by the two European regulations m e n t i o n e d above. German law prohibits domestic access to the plaintext of encrypted communications of German citizens. However, this prohibition nominally expires at the e n d of 1999. Singapore and Israel have strict domestic controls o n the use of encryption, but the controls apply only to hardware (e.g. telephones), not to software.These two countries do not have any export controls on encryption software whatsoever, for fear of harming their domestic industry. Singapore does, however. have minimal import controls on encryption software. Canada has allowed the export of 128-bit symmetric key encryption with no key recovery. In Japan, an Information-technology Promotion Agency was created u n d e r MITI in January 1997 to p r o m o t e encryption technology. Japan has export controls on e n c r y p t i o n in accord with the Wassenaar Agreement.

Conclusion The laws pertaining to encryption software remain in flux in m a n y countries. The laws pertaining to encryption software remain in flux in many countries. In the United States, look for a gradual loosening of export restrictions covering this technology.

Liability of Online Service Providers by David L. Hayes Copyright o w n e r s have sought to hold OSPs a n d BBS operatot's liable o n theories of direct liability, contributory liability, and ~ c a r i o u s liability.

22

Much of the Internet copyright debate in recent years has centred around the issue of copyright liability of online service providers (OSPs), bulletin board service (BBS) operators,

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

1998

Update:

system operators and other online service providers for infringing activities taking place through their facilities. Copyright owners have sought to hold OSPs and BBS operators liable o n theories of direct liability, contributory liability and vicarious liability. In response to the inhibiting effect such liability may have o n electronic commerce, p e n d i n g United States legislation w o u l d limit the liability of online service providers for third-party i n f r i n g e m e n t c o m m i t t e d through their online services.

Direct Liability A majority of the cases decided to date seem to require that there be some kind of a direct volitional act in order to establish direct infringement liability o n the part of an OSP or BBS for infringing postings and unauthorized uses by users. For example, in Religious Technology Center v Netcom On-Line Communications Servers, the court refused to hold an OSP directly liable for automatic pass-through of allegedly infringing messages posted to Usenet b y a subscriber. The subseq u e n t Sega Enterprises v Maphia and Sega Enterprises v Sabella cases extended the logic of Netcom, refusing to hold liable as a direct infringer the operator of a BBS for the uploading and downloading b y subscribers of unauthorized copies of Sega's video games through the BBS, even though the operator encouraged the initial uploading, because the operator had not participated in the very acts of uploading or downloading. In Playboy Enterprises v Frena, however, the court w e n t further in its willingness to i m p o s e direct liability w i t h o u t a direct volitional act o n the part of a BBS operator, at least w h e r e the operator had set u p a b u l l e t i n board devoted to the kind of activity that w o u l d foreseeably lead to infringem e n t . It remains to be seen w h e t h e r the n a r r o w e r liability a p p r o a c h of the Netcom, Maphia and Sabella cases or the b r o a d e r liability a p p r o a c h of Frena will prevail in subseq u e n t cases.

Contributory Liability A party may be liable for contributory infringement w h e r e it has knowledge of the infringing activity and induces, causes or materially contributes to the infringing activity of another. The standard of knowledge is objective: to k n o w or have reason to k n o w that the subject matter is copyrighted and that the particnlar uses were violating copyright law. For liability for contributory infringement, there must be a direct infringem e n t of w h i c h the contributory infringer has knowledge and encourages or facilitates. The r e q u i r e m e n t of k n o w l e d g e may negate contributory liability o n the part of an OSP or BBS operator w i t h respect to m a n y instances of i n f r i n g e m e n t for w h i c h the OSP or BBS is merely a passive i n f o r m a t i o n c o n d u i t and has n o k n o w l e d g e of the i n f r i n g e m e n t . However, given knowledge (or reason to know), a system provider c a n n o t simply c o n t i n u e to provide the facility that enables infringement. For example, the N e t c o m c o u r t held that the copyright n o t i c e s in the posted works w e r e sufficient to give N e t c o m notice that the works were copyrighted. However, the c o u r t was careful to note that w h e r e an operator is u n a b l e to verify a claim of i n f r i n g e m e n t b e c a u s e of a possible fair

International

legal Protection

for Software

use defenCe, the lack of copyright notices o n the copies or the copyright holder's failure to provide the necessary docu m e n t a t i o n to show that there is a likely infringement, the operator's lack of k n o w l e d g e will be f o u n d reasonable and there will be n o liability for c o n t r i b u t o r y i n f r i n g e m e n t for allowing the c o n t i n u e d d i s t r i b u t i o n of the works o n its system. Nevertheless, the c o u r t clearly i m p o s e d a duty o n the operator to actively a t t e m p t to verify a claim of infringem e n t and to take appropriate action in response. I n addition to the N e t c o m case, the c o u r t in the subseq u e n t Maphia case held a BBS and its system operator liable for c o n t r i b u t o r y i n f r i n g e m e n t for b o t h the u p l o a d i n g and the s u b s e q u e n t d o w n l o a d i n g of copies of Sega's video games b y users w h e r e the system operator had k n o w l e d g e that the infringing activity was going o n t h r o u g h the bulletin board, and had specifically solicited the u p l o a d i n g of the games for d o w n l o a d i n g b y users of the b u l l e t i n board. The c o u r t cited the Ninth Circuit's decision i n Fonovisa, Inc. v Cherry A u c t i o n Inc. for the p r o p o s i t i o n that providing the site a n d facilities for k n o w n infringing activity is sufficient to establish c o n t r i b u t o r y liability, suggesting that mere o p e r a t i o n of a BBS, at least if the operator k n o w s that infringing activity is taking place, is sufficient for contributory liability. The laws pertaining to encryption software remain in flux in many countries. An online service provider may b e liable for contributory infringement w h e r e the operator has knowledge of the infrin~rlg activity. In sum, it appears that an OSP, BBS operator or other operator of an online service may be liable for contributory infringement w h e r e the operator has knowledge of the infringing activity. How m u c h the operator must contribute to the infringing activity after gaining such knowledge b e y o n d the mere provision of the facilities used to accomplish the infringement is unclear. Because no case has yet reached the Ninth Circuit involving an issue of contributory liability o n the part of an OSP, BBS operator or other online service provider, the issue of what standard governs such liability in the Ninth Circuit remains s o m e w h a t unclear. However, the cases seem to require a service provider at least to actively attempt to verify a claim of infringement after receiving notice of the same and to take appropriate action in response.

Vicarious Liability A party may b e vicariously liable if it has the right and ability to control the infringer's acts and receives a direct financial benefit from the infl'ingement. Copyright owners have sought to hold OSPs and BBS operators liable o n theories of direct liability, contributory liability, and vicarious liability. A party may be vicariously liable for the infringing acts of another if it (1) has the right and ability to control the infringer's acts and (2) receives a direct Financial benefit from the infringement. Unlike contributory infringement, knowledge is.not an element of vicarious liability.The Netcom case is the principal decision to date to consider the vicarious liability of an online service provider.While the court found

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

23

1 998

Update:

International

legal Protection

for Software

that Netcom may have had the right and ability to control the activities of its subscribers, the second prong of the test was not satisfied, because there was no evidence that Netcom received a direct financial benefit from the infringing postings, or that such postings e n h a n c e d the value of Netcom's services to subscribers or attracted n e w subscribers. It should be n o t e d that the Ninth Circuit subsequently reversed the district court's decision in Fono~sa, a case w h i c h the Netcom court cited as authority, and appears to have adopted a less demanding standard for financial benefit for purposes of vicarious liability, w h i c h may u n d e r m i n e the strength of the Netcom decision as precedent. The Ninth Circuit held that adequate financial benefit was alleged by virtue of the fact that the operator of a swap meet received financial benefits through admission fees, parking fees and sales at concession stands.A copyright holder seeking to hold an OSP or BBS operator vicariously liable might argue, u n d e r Fonovisa, that the subscription fees paid by the infringers should be sufficient financial benefit, just as were the admission fees, parking fees and concession stand sales in Fonovisa. In one decision handed d o w n after both the Netcom and Fonovisa decisions, Marobie-FL Inc. v National Association of Fire Equipment Distributors, the court, citing the Netcom case, refused to hold vicariously liable an OSP supplying Internet service to aWeb site that contained infringing material because the infringements that occurred throughout the Web site did not directly financially benefit the OSPTheWeb site o w n e r paid the OSP a flat quarterly subscription fee that did not change based u p o n h o w many people visited the Web site or what was accessed o n the site. Further judicial development wilt be required to see h o w broadly the courts may apply the doctrine of vicarious liability to online service providers.

Potential Resolutions Outside the Courts In addition to the r e p o r t e d decisions discussed above, the issue of o n l i n e p r o v i d e r liability c o n t i n u e s to generate litigation. For e x a m p l e , d u r i n g 1996 the 1 2 0 0 - m e m b e r Software Publishers Association (SPA) filed several complaints against a Web h o m e page author and several OSPs as part of an 'anti-piracy' c a m p a i g n o n the part of the SPA.The c o m p l a i n t s asserted that the defendants were contributorily liable for copyright i n f r i n g e m e n t b e c a u s e they provided the means, such as 'cracker' tools, for third-parties to make infringing copies of c o p y r i g h t e d software o w n e d by SPA members. The complaints, as well as a "Code of C o n d u c t " promulgated by the SPA that w o u l d require OSPs to actively p o l i c e their c u s t o m e r s ' Web sites, g e n e r a t e d division a m o n g different i n d u s t r y segments, and m a n y OSPs v o w e d to fight the efforts of the SPA. W i t h i n a p p r o x i m a t e l y two weeks, the SPA settled two of the lawsuits against the OSPs in r e t u r n for a g r e e m e n t b y the OSPs to s t r e n g t h e n efforts to w a r n c u s t o m e r s a b o u t c o p y r i g h t laws and to remove software or o t h e r c o n t e n t discovered to be p o s t e d illegally.The SPA did n o t require as a c o n d i t i o n for d r o p p i n g any of the suits that the OSPs acquiesce to the SPA's "Code of Conduct." The SPA c o n t i n u e d to maintain, however, that it was still k e e p i n g legal r e m e d i e s as an o p t i o n against b o t h users and OSPs.

24

Pending US Legislation to Limit Liability of Online Service Providers Legislation is p e n d i n g i n the US Congress that w o u l d limit the liability of OSPs. Legislation is p e n d i n g in the US Congress that w o u l d limit t h e liability of OSPs. I n t h e US H o u s e of Representatives, the substantive provisions of the legislation are set forth in H.R. 2281, w h i c h , in turn, i n c o r p o r a t e s provisions of a p r i o r bill (H.R. 3209, entitled the "On-Line Copyright I n f r i n g e m e n t Liability Limitation Act"). In the US Senate, the substantive p r o v i s i o n s of the legislation ( w h i c h are e x p e c t e d to e m b o d y the same provisions as H.R. 2281) are set forth i n S. 2037, entitled the "Digital M i l l e n n i u m Copyright Act of 1998." The liability provisions contained in the p e n d i n g legislation embody a compromise reached after long negotiations b e t w e e n service providers and copyright owners, and seek to clearly define the conditions u n d e r w h i c h an OSP's liability for infringements that occur o n the OSP's systems or networks will be limited. If the OSP falls within any of four safe harbours defined in the legislation, the OSP will be exempt from monetary damages and will be subject only to carefully prescribed injunctive remedies.

Safe Harbours If the OSP falls w i t h i n o n e o f the safe harbours, it will b e e x e m p t from monetary damages and subject only to limited injunctive remedies. The four safe harbours are described below. Because the House and Senate bills are very similar, the safe harbours will be described with specific reference only to S. 2037. Under Section 512(j) of S.2037, the first safe harbour applies only to "an entity offering the transmission, routing or providing of connections for digital online communications, b e t w e e n or among points specified by a user, of material of the user's choosing, w i t h o u t modification to the c o n t e n t of the material as sent or received". The other three safe harbours apply more broadly to "a provider of online services or network access, or the operator of facilities therefore" .The latter definition would seem to cover a broad array of OSPs, BBS operators, system operators and the like. The first safe harbour covers those acting as a mere conduit for infringing information. Under Section 512(a), an OSP is not liable for monetary relief, and is subject only to limited injunctive relief, for transmitting infringing material through a system or network operated by the OSP, or for intermediate storage of such material in the course of transmission, if: • it was initiated by or at the direction of a person other than the OSP; • it is carried out through an automatic technical process without selection of such material by the OSP; • the OSP does not select the recipients of such material except as an automatic response to the request of another; • n o copy of such material made by the OSP is maintained o n the system or network in a m a n n e r ordinarily accessible to anyone other than anticipated recipients for a period n o longer than is reasonably necessary for the

Computer Law & Security Report V01.15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

1 998

Update:

communication; and the material is transmitted w i t h o u t modification to its content. The second sage h a r b o u r covers certain forms of caching. Section 512(b) provides that an OSP is n o t liable for m o n e t a r y relief, and is subject only to limited injunctive relief, for caching of material placed o n a system or n e t w o r k operated by the OSP b y an originator of the material. Such caching must o c c u r t h r o u g h an automatic technical process u p o n the original transmission of such material to a requester, in order to make the material available to subseq u e n t requesters.Thus, Section 512(b) appears n o t to cover 'advance' caching, in w h i c h material is copied into a cache for anticipated requests for it, rather than u p o n the first actual request for it. In addition, this safe h a r b o u r requires that the OSP comply w i t h all rules of the originator for refreshing, reloading or other u p d a t i n g of the cached material in accordance w i t h an i n d u s t r y standard data c o m m u n i cations protocol (provided such rules are n o t used b y the originator to tmreasonably impair intermediate storage), and that the OSP n o t interfere w i t h any t e c h n o l o g y associated with the cached material that returns information to the originator that w o u l d have b e e n obtained in the absence of transmission t h r o u g h caching (provided such t e c h n o l o g y does n o t interfere w i t h the p e r f o r m a n c e o f the network, is consistent w i t h accepted industry standard c o m m u n i c a tions protocols and does n o t extract other information).The safe h a r b o u r also requires that, if the originator has condit i o n e d access to the information, such as u p o n p a y m e n t of a fee or provision of a password, the OSP must p e r m i t access to the cached information only u p o n the same conditions. Finally, the OSP must r e s p o n d expeditiously to remove or disable access to any cached information that it receives notice has b e e n removed or disabled from the originating site from w h i c h the information was cached. The third sage h a r b o u r relates to innocent storage of infringing information. Section 512(c) provides that an OSP is not liable for monetary relief, and is subject only to limited injunctive relief for storage of infringing material on its system or network where: (1) it does not have actual knowledge that the material is infringing; (2) it is not aware of facts or circumstances from which infringing activity is apparent; (3) it does not receive a financial benefit directly attributable to any infringing activity that it has the right and ability to control; and (4) if properly noticed of the infringing activity, it responds expeditiously to remove or disable access to the infringing material.To take advantage of this safe harbour, the OSP must designate an agent to receive notifications of claimed infringements and make available the contact information for such agent through its service and through the US Copyright Office.

The fourth safe harbour relates to referral or linking to infringing material. Section 512(d) provides that an OSP is n o t liable for monetary relief, and is subject only to limited injunctive relief, for referring or linking users to an online location containing infringing material or activity by using information location tools (including a directory, index, reference, pointer or hypertext link), provided that: (1) it does n o t have actual

International

legal Protection

for Software

knowledge that the material is infringing; (2) it is not aware of facts or circumstances from w h i c h infringing activity is apparent; (3) it does not receive a financial benefit directly attributable to any infringing activity that it has the right and ability to control; and, (4) if properly noticed of the infringing activity, it responds expeditiously to remove or disable access to the infringing material.

General Requirements for Limitations of Liability In addition to m e e t i n g the r e q u i r e m e n t s of one of the specific safe harbours, to be eligible for the limitations of liability, u n d e r Section 512(h) the OSP must adopt, reasonably i m p l e m e n t and inform subscribers of a policy for the termination of subscribers w h o are repeat infringers, and n o t interfere with standard technical measures used by copyright o w n e r s to identify or p r o t e c t copyrighted works that have b e e n developed "pursuant to a broad consensus of copyright o w n e r s and service providers in an open, fair, voluntary, multi-industry standards process," are available to any p e r s o n o n reasonable and non-discriminatory terms and do ' n o t impose substantial costs or b u r d e n s o n OSPs or their systems.

Other Provisions Section 5 1 2 ( 0 provides that an OSP shall n o t be liable for the good faith disabling of access to or removal of material or activity claimed to be, or a p p e a r i n g from the facts and c i r c u m s t a n c e s to be, infringing. Section 512(g) sets u p a p r o c e d u r e t h r o u g h w h i c h a c o p y r i g h t o w n e r may o b t a i n an order t h r o u g h a United States district c o u r t directing the OSP to release the identity of an alleged direct infringer acting t h r o u g h t h e OSP's system or network. U n d e r Section 512(k), failure of an OSP to fit into o n e of the safe h a r b o u r s does n o t affect the OSP's claim that its c o n d u c t is n o n e t h e l e s s n o n i n f r i n g i n g , or a n y o t h e r defense. Finally, Section 512(1) clarifies that the safe harb o u r s are n o t c o n d i t i o n e d u p o n a r e q u i r e m e n t that the OSP m o n i t o r its system for i n f r i n g e m e n t s or accessing, r e m o v i n g or disabling access to material w h e r e such c o n d u c t is p r o h i b i t e d b y law.

Injunctions Under Section 512(i), if an OSP is subject to injunctive relief, courts are limited to injunctions that restrain the OSP from providing access to infringing material at particular online sites o n its service, that restrain it from providing services to a subscriber engaging in infringing activity by terminating the subscriber or that otherwise are "necessary to prevent or restrain infringement of specified copyrighted material at a particular online location, provided that such remedies are the least b u r d e n s o m e to the service provider that are comparably effective for that purpose".

Conclusion The liabilityof OSPs under doctrines of direct, vicarious and contributory liabilityhas not b e e n dearly delineated by the courts.

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

25

1 998

Update:

International

legal

Protection

for Software

The liability of OSPs u n d e r doctrines of direct, vicarious and contributory liability has not b e e n clearly delineated by the courts to date. Pending legislation in Congress w o u l d go a long distance toward clarifying the conditions u n d e r w h i c h

an OSP w o u l d be liable for infringements that o cc ur on the OSP's systems or networks.As of this writing, passage of such legislation seems likely.

1998 Update: International Legal Protection for Software Chart March 1998 This chart is updated to reflect significant d e v e l o p m e n t s at w w w . s o f t w a r e protection.corn Local co u n s el should b e c o n s u l t e d b e f o r e distributing softw a r e in a particular market to confirm and update the informarion in this chart and to advise o n t h e practicality o f enforcement, evidentiary considerations and other protect i o n mechanisms.

How to use this chart

European Patent Convention. Patent treaties to w h i c h the c o u n t r y b e l o n g s are identified u n d e r ' C o n v e n t i o n Memberships.' While a c o m m o n c o n v e n t i o n m e m b e r s h i p means that national treatment will be provided, a patent application may be filed in some countries even w h e n no c o m m o n m e m b e r s h i p exists.

DEFINITIONS OF TERMS USED IN THIS CHART: - subject matter p r o t e c t i o n for software is available pursuant to legislation, significant case law p r e c e d e n t (in the case of patent only), or presidential decree expressly protecting software. "Probably" - significant case law p r e c e d e n t supports subject matter protection. "Maybe" - subject matter p r o t e c t i o n may exist based on, for example, a favourable l o w e r court opinion, views of commentators, or the ability to register software in the country's copyright office. "No" - no substantial indication of subject matter protection for software. "Unknown" - no information identified. "Yes"

This chart can be used to d e te r m in e if subject matter protection is currently available in a particular c o u n t r y for either a US or foreign party's software. The entry u n d e r 'Copyright' indicates w h e t h e r subject matter p r o t e c t i o n is available for software u n d e r the national copyright law of a particular country. If so, the second step is to de term i n e if p r o t e c t i o n is available for a US w o r k in that country. To do so, look at the entry u n d e r 'Convention Memberships' to see if there is an applicable mutual membership or a bilateral ag re e m e n t b e t w e e n the US and that country. If there is, subject matter p r o t e c t i o n is probably available. The same approach is used to d e t e r m i n e if p r o t e c t i o n is available for a foreign party's software in another foreign co u n t r y ( e x c e p t that relevant bilateral agreements are not identified). For e x a m p l e , a J a p a n e s e a u t h o r w o u l d l o o k at t h e 'Convention Memberships' entries to d e te r m in e if Japan and a specific co u n t ry have a c o m m o n c o n v e n t i o n membership. The entry u n d e r 'Patent' indicates w h e t h e r subject matter p r o t e c t i o n is available for software in the specified country, u n d e r either national law or supranational law, such as the

Convention Memberships: - Berne Convention "B" "U" - Universal Copyright Convention ,,p,, - Paris Convention "E" - European Patent Convention ,,C,~ - Patent Co-operation Treaty

CONVENTION COUNTRY

COPYRIGHT

PATENT

MEMBERSHIPS

Argentina Australia Austria Belarus Belgium Bosnia and Herzegovina Brazil Brunei Bulgaria Canada Chile China (PRC) Colombia Costa Rica Croatia Czech Republic

Maybe z* Yes Yes Unknown 3

No Yes a Yes No Yes No No c Probably ~ No Yes No Maybe e Maybe No No No

B,U,P B,U,P, C B,U,P, E, C B*,U,P, C B,U,P, E,C B,U,P, C B,U,P,C None B,U,P,C B,U,P,C B,U ,P B,U, E C B,U ,P B,U,P B,U,P

26

Yes Yes 4 Unknown Yes Yes Maybe Yes Yes Maybe I Yes Yes 5.

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

B,U,P,C

1998

Denmark Dominican Republic Ecuador Egypt Estonia Finland France Germany Greece Guatemala Hong Kong Hungary India Indonesia Ireland Israel Italy Japan Kuwait Latvia Lithuania Luxembourg Macao Malaysia Mexico Netherlands N e w Zealand Nigeria Norway Pakistan Panama Peru Philippines Poland P6rtugal Romania Russia Saudi Arabia Singapore Slovak Republic Slovenia South Africa South Korea (ROK) Spain Sweden Switzerland Taiwan 0ROC) Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yugoslavia

Update:

Yes Yes Maybe Yes Yes Yes Yes Yes Yes Unknown Yes Yes Yes Yes Yes Yes Yes Yes 6 No* Yes Yes 7

Yes 7 Maybe s Yes Yes Yes Yes Yes Yes Yes Yes 9 Maybe Yes Yes Yes Yes 1° Yes Yes Yes Yes 5. Yes Yes Yes Yes Yes Yes Yes Yes Yes 11 Y e s 12

Yes Yes Yes Yes Yes Yes 13 Yes

International

Yes Probablyf Probably* Maybe* Maybeg Maybe Yes Yes Yes No Maybe o* Maybe No No Yes Yes* Yes Yes No Maybe i* Maybe i Yes Probably No No Yes Yes* Probably Maybe g No No Maybe No No Yes No No No Yes* Unknown Maybe No Yes Yes b Yes Yes b Maybe h No No No* No Yes Yes No Maybe Maybe No

legal Protection

for Software

B, U, P, E, C B*, U, P B, U B, P B, P, C B, U, P, E, C B, U, P, E, C B, U, P, E, C B, U, P, E, C B*, U B, U, P (Under UK's m e m b e r s h i p s ) B, U, P, C B, U B*, P, Bilateral Copyright, Patent B, U, P, E, C B, U, P, C B, U, P, E, C B, U, P, C None B, P, C B, P, C B,U,P, E,C None B, P B,U,P, C B, U, P, E, C B, U, P, C B, U, P B, U, P, C B, U B,U,P B, U, P B, P B,U,P, C B, U, P, E, C B, P, C B,U,P, C U P, C, Bilateral Copyright B, U, P, C B, U, P, C B, P B, U, P, C B, U, P, E, C B, U, P, E, C B, U, P, E, C Bilateral Copyright, Patent B B,P, C B,U,P, C P B, U, P, E, C B, U, P, C B,U,P B, U, P P, C B,U,P, C

* Material a d d e d to or substantively revised from 1997 report.

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

27

1998

Update:

International

legal

Protection

for Software

COPYRIGHT FOOTNOTES

PATENT FOOTNOTES

(1) (2)

(a) *Australia: CCOM vJiejing, 122 ALR417 (1994), interpreting the Australian Patent Act, as amended, 30 April 1991. (b) If the EPO route rather than the national route is chosen, the 'technical effects' doctrine applies. Vicom Systems Applications T208/84, 2 EPOR 74, EPO Appeal Board (1987). (c) Brazil: Inventions involving the use of c o m p u t e r software may b e patentable provided they are of 'technical character' ( n e w and utilisable b y industry) for example, if c o m p u t e r software is used to control a machine, a patent may be available for the machine. (d) *Hong Kong: On 27 June 1997, a n e w p a t e n t ordinance provides p r o t e c t i o n provided that one registers a p a t e n t granted b y UK p a t e n t offices or b y the EPO designating the UK or the Chinese Patent Office. (e) China (PRC): Inventions involving the use of c o m p u t e r software may be patentable in the PRC, even if the software c o n c e r n e d forms the major part of the invention, as a technical solution relating to a product, process or improvement. (f) Dominican Republic: Provided one confirms a nonDominican Republic software p a t e n t (e.g. b y re-registering a US patenO. (g) *Norway, and to a partial extent Estonia: have reconciled their national p a t e n t laws w i t h the European Patent Convention even t h o u g h they are not members. (h) Taiwan: An invention relating to the utilisation of software in a hardware apparatus may b e granted a patent. However, if the invention is p u r e c o m p u t e r software and can b e e x e c u t e d on all c o m p u t e r devices, it cannot b e granted a patent. (i) *Latvia and Lithuania: Provided that one extends a European p a t e n t application to this country.

(3) (4)

(5)

(6)

(7)

(8) (9)

(10)

Legislation or decree p r o p o s e d . *Argentina: Although Presidential Decree No. 165/94, dated 3 February 1994, stated that c o m p u t e r software is expressly p r o t e c t e d u n d e r the Argentinean Copyright Act of 1933, copyright p r o t e c t i o n for c o m p u t e r software was p l a c e d into question b y Roggio, a 1995 appellate c o u r t decision, w h i c h effectively held that c o m p u t e r programs are n o t p r o t e c t e d b y the Argentine c o p y r i g h t law. Belarus: Belarus has c o m p l e t e d draft copyright legislation. Brazil: C o m p u t e r programs are p r o t e c t e d u n d e r the Brazilian Software Protection Act (1987), but the act does not expressly p r o t e c t c o m p u t e r programs as literary works. *Czech Republic a n d Slovak Republic: A m e n d m e n t s to the 1965 c o p y r i g h t law w e r e a d o p t e d on 14 March 1996. The a m e n d m e n t s r e p o r t e d l y include provisions that conform the 1965 copyright law to the EU Software Directive and expressly p r o t e c t c o m p u t e r programs as literary works. Japan: No copyright p r o t e c t i o n exists in Japan for syntax, algorithms, or p r o g r a m m i n g languages. In Microsoft v Shuuwa Trading KK, Tokyo District Court, 30 January 1987, the court held that the implementation of a programming language in a BASIC interpreter is p r o t e c t e d b y copyright law. Lithuania: Lithuania enacted a copyright law that came into force on 17 May 1994, w h i c h r e p o r t e d l y protects c o m p u t e r software. Macao: Recent cases in Macao have held that c o m p u t e r software is p r o t e c t e d b y copyright. Panama: On 8 August 1994, Panama's President signed Panama's n e w copyright law, "Law N u m b e r 157 w h i c h expressly protects c o m p u t e r software.Although the law came into force on 1 January 1995, the effect of this law has b e e n s u s p e n d e d p e n d i n g a determination of its constitutionality. Romania: On 14 March 1996, Romania's President signed its n e w copyright law, w h i c h expressly p r o t e c t c o m p u t e r software. The law b e c a m e effective 24 June

1996. (11) *Turkey: A m e n d m e n t s to the 1951 C o p y r i g h t Law passed in June 1995, expressly extend copyright protection to software and include provisions based on the EU Software Directive regarding t h e d e c o m p i l i n g and reverse engineering of software. (12) Ukraine: On 23 February 1994, Ukraine enacted a law relating to copyright and related rights that extends protection to databases and c o m p u t e r programs. (13) Vietnam: On 1 July 1996,Viemam's n e w Civil Code granting express copyright p r o t e c t i o n for c o m p u t e r software came into force. It strengthens copyright p r o t e c t i o n b y granting o w n e r s and authors of works the right to obtain copyright registration for their works. Despite this change, because Vietnam is n o t yet a m e m b e r of Berne or the UCC, w o r k s of foreign authors will b e prot e c t e d in Vietnam only if such works are published in Vietnam within 30 days after the date of first publication in another country.

28

SOURCES OTHER THAN DIRECT AUTHORITY: C o m p u t e r Law Association's International Update; Michael Keplinger, Esq., US Patent andTrademark Office; RIchard Owens, Head of Copyright Law Section; Central and Eastern Europe Business Information Center of the US D e p a r t m e n t of Commerce; US D e p a r t m e n t of State; Business Information Service for the N e w l y I n d e p e n d e n t States o f t h e US D e p a r t m e n t of Commerce;World Intellectual Property Organisation, Geneva, Switzerland; Ranald Robertson, Esq., of Taylor Joyson Garrett of London; Mladen Vukmir, Esq., of Zagreb, Croatia; I. Joel Riff, Esq., of General Counsel Associates of Mountain View, California. © 1998 Fenwick &West LLP. All Rights Reserved

COPYRIGHT PROTECTION Copyright Protection for software c o n t ~ u e s to b e established around t h e world. The trend is strongly t o w a r d express statutory p r o t e c t i o n for software in copyright laws around the world. Statutory p r o t e c t i o n has b e c o m e increasingly important because m o r e software is mass-marketed w i t h o u t a signed license agreement. In many countries, courts have held software to be within the subject matter p r o t e c t i o n of existing copyright law. Generally, copyright laws p r o t e c t the form of expression

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

1998

Update:

of an idea, but not the idea itself.With respect to software, this typically means that the c o m p u t e r program in both humanreadable and machine-executable form and the related manuals are eligible for copyright protection, but the methods and algorithms within a program are not protected expression. Source code and object code are protected against literal copying. In addition, certain non-literal elements of expression (including the structure, sequence, organization and 'look and feel' of a program) have sometimes b e e n afforded protection u n d e r US copyright law.This trend has not clearly surfaced in foreign courts. Therefore, the current scope of protection of software u n d e r US law is, at least in this respect, probably broader than u n d e r any foreign law. A c o m m o n requirement of copyright laws is that a work be original. Originality means that a work has b e e n created i n d e p e n d e n t l y and is the personal expression of the author. This factor must be distinguished from the c o n c e p t of novelty, w h i c h usually is not required. Proof of originality is assisted in some jurisdictions by registration of a work with specified regulatory authorities.

Rights Protected 'Moral rights' are recognized i n the copyright systems o f m a n y countries. The exclusive rights of a copyright holder that are recognized and protected b y most copyright laws are the rights to reproduce or copy, adapt (i.e., prepare derivative works), distribute and publicly perform the work. The precise nature of these rights, however, often differs among countries. The exclusive right to display is n o t generally recognized outside the US, except to the extent that it may be covered by the moral right of disclosure (discussed below). .A n u m b e r of countries, and the EU Software Directive as well, also recognize 'moral rights', w h i c h may include the right to be k n o w n as the author of the work (right of paternity), the right to prevent others from distorting the work (right of integrity), the right to control publication of the work (right of disclosure) and the right to withdraw, modify or disavow a work after it has b e e n published (right of withdrawal). Moral rights p r o t e c t i o n reflects the view that the individual, n o t only the work, is to be protected.The scope of these rights varies among the countries that protect moral rights of authors.The Berne Convention recognizes only the first two moral rights above. In most such jurisdictions, agreements to waive or transfer moral rights are n o t enforceable. In those countries where moral rights are protected, such rights may restrict the transferee of the software (such as the party w h o commissioned the work) from making changes to the software w i t h o u t the express c o n s e n t of the original author.At present, n o reported case law appears to exist o n this issue.

Formalities Membership i n Berne eliminates the r e q u i r e m e n t of observing formalities i n order to obtain copyright protection. Berne Convention countries provide for copyright protection w i t h o u t stipulating the observance of any formalities. Some countries (such as the US prior to the effective date of its Berne m e m b e r s h i p o n 1 March 1989 and some Latin

International

legal Protection

for Software

American countries), however, require a copyright notice o n published works.This notice is necessary o n published works u n d e r the Universal Copyright Convention. Additionally, a deposit of all or portions of the work and/or registration is required by some jurisdictions in order to secure protection or prior to bringing a lawsuit for copyright infringement. Even if registration is not stipulated to obtain or enforce protection, it may provide important evidentiary benefits. In certain countries where formalities must be observed in order to obtain protection, they apply only u p o n publication. As indicated below, the c o u n t r y where first publication occurs is important in determining w h e t h e r works of foreign authors will be granted copyright protection.

Copyright Protection Abroad Copyright laws USually provide protection only for a country's nationals o r for works first published in the country. Copyright laws operate territorially. They usually provide protection only for a country's nationals or for works first published in the country. Treaties and bilateral agreements address the availability of protection for foreign authors and grant the same protection to foreign authors as to nationals, usually tinder the condition of reciprocity. The most significant international treaties relating to copyright protection are the Berne Convention, the Universal Copyright Convention and the Buenos Aires Convention. The US is a longstanding m e m b e r of the Buenos Aires and Universal Copyright Conventions and became a m e m b e r of Berne o n 1 March 1989. The US also has bilateral arrangements with several nations that do not belong to any copyright convention.

UCC The US is a m e m b e r of the Universal Copyright Convention (UCC). Under this treaty, each m e m b e r state grants the same protection to works (whether published or not) of nationals of, and to works first published in, any other m e m b e r state as it grants to its nationals for works first published in its territory or to u n p u b l i s h e d works created within its territory.This is called 'national treatment'. Thus, software created by a US author or first published in the US is protected in a convention m e m b e r c o u n t r y to the extent that the member's current copyright statute protects software. I n contrast to Berne, the observance of formalities may b e required b y UCC m e m b e r states in order to enforce copyright protection. The UCC provides that any m e m b e r c o u n t r y that requires, as a condition of copyright protection, compliance with formalities (such as registration, deposit or notice) must treat such formalities as satisfied if all published copies of a work bear the symbol '© ', the name of the copyright proprietor and the year of first publication. This provision applies, however, only to works that (i) were first published outside the country requiring the observance of the formalities, and (ii) were not authored by one of that country's nationals. In contrast to Berne, formalities such as registration are permitted u n d e r the UCC in order to bring an infringement suit. As of 1 January 1998, UCC m e m b e r countries not listed on the chart were: Algeria, Andorra, Azerbaijan, Bahamas,

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

29

1998

Update:

International

legal Protection

for Software

Bangladesh, Barbados, Belize, Bolivia, Cambodia, Cameroon, Cuba, Cyprus, E1 Salvador, Fiji, Ghana, Guinea, Haiti, Holy See, Iceland, Kazakhstan, Kenya, Laos, Lebanon, Liberia, Liechtenstein, Macedonia, Malawi, Malta, Mauritius, Moldova, Monaco, Morocco, Nicaragua, Niger, Paraguay, Rwanda, Saint Vincent and the Grenadines, Senegal, Sri Lanka, Tadjikistan, Trinidad and Tobago,Tunisia and Zambia.

Buenos Aires Convention The Buenos Aires Convention has b e e n adopted by the US and most Latin American countries. It provides for national treatment and requires the use of "All Rights Reserved", or its equivalent, in the copyright notice. This treaty has b e c o m e less important since most m e m b e r states have also adopted the UCC, w h i c h supersedes the Buenos Aires Convention to the extent they conflict.

whose ' c o u n t r y of origin' is a Berne m e m b e r if that work had n o t fallen into the public domain in that m e m b e r c o u n t r y as of 1 March 1989. As of 1 January 1998 (except as n o t e d below), other Berne countries not listed on the chart were: Albania, Aruba, Bahamas, Bahrain, Barbados, Benin, Bolivia, Burkina Faso, Cameroon, Cap Verde, Central African Republic, Chad, Congo, Cuba, Cyprus, E1 Salvador, Equatorial Guinea, Fiji, Gabon, Gambia, Georgia, Ghana, Guinea, Guinea-Bissau, Guyana, Haiti, Holy See, Honduras, Iceland, Ivory Coast, Jamaica, Kenya, Lebanon, Lesotho, Liberia, Libya, Liechtenstein, Macedonia, Madagascar, Malawi, Mali, Malta, Mauritania, Mauritius, Moldova, Monaco, Mongolia (effective as of March 12, 1998), Morocco, Namibia, Netherlands Antilles, Niger, Paraguay, Rwanda, Saint Kitts and Nevis, Saint V i n c e n t and the Grenadines, Santa Lucia, Senegal, Sierra Leone, Sri Lanka, Suriname, Tanzania, Togo, Trinidad and Tobago, Tunisia, Zaire, Zambia and Zimbabwe.

Berne Convention The Berne Convention contains a more far-reaching regulation of copyright than does the UCC. Berne m e m b e r s constitute a u n i o n that is o p e n to all countries of the world, provided that certain m i n i m u m protective requirements are satisfied. These requirements include (i) national treatment (whether or not a work is published), (ii) the granting of certain moral rights to authors with regard to the exploitation of their works, (iii) the granting of certain 'economic rights' (such as exclusive rights of translation, reproduction, perform a n c e or adaptation with respect to protected works) and (iv) the adoption of certain m i n i m u m terms of protection (generally the life of the author plus 50 years) for various works. In addition, Berne provides copyright protection without requiring that any formalities, e.g., prerequisites to bringing infringement suits, be observed. Berne does n o t prevent a c o u n t r y from providing evidentiary benefits as an incentive to registration such as in the United States. Some commentators interpret Berne as prohibiting the waiver or assignment of the 'moral rights' of the author.As a practical matter, however, national law appears to govern w h e t h e r 'moral rights' may be totally waived, transferred or are applicable to a particular type of work such as software. I n March 1989, the US b e c a m e a m e m b e r of the Berne Convention, the w o r l d ' s most widely observed copyright

treaty. The US became a m e m b e r of Berne o n 1 March 1989. Until then, US authors could indirectly obtain protection u n d e r this treaty if first publication took place in a m e m b e r c o u n t r y or simultaneously in a m e m b e r and a n o n - m e m b e r cotmtry. 'First publication' has different meanings, both strict and liberal, among countries. While the US ratified the most recent version of Berne, some other countries have ratified earlier versions only. With respect to retroactivity, unless otherwise agreed by special convention, a work whose ' c o u n t r y of origin' is the US will receive Berne protection from other m e m b e r countries if that work had n o t fallen into the public domain u n d e r US domestic copyright law as of 1 March 1989. Similarly, unless otherwise agreed b y special convention, the US is required to extend Berne-level p r o t e c t i o n to any work

30

Practical Variations Among the countries w h e r e subject matter protection exists for software, there are substantial differences in the laws and regulations governing protection. For example, the author of a 'US origin' work w h o desires to file suit for copyright infringement in the US must first register the work with the US Copyright Office. Most other countries do not require that their nationals take such action prior to filing copyright infringement actions. In some countries, registration provides certain evidentiary benefits. In Japan, for example, the legal effect of one type of optional registration is to create a rebuttable p r e s u m p t i o n that the program was created o n the date declared in the application, but a program must be registered within six months of its creation. In Venezuela, unless a US author has already registered its software in the US Copyright Office, w h e n the author seeks to register its copyright in Venezuela (which one might do to prove originality for purposes of possible litigation inVenezuela), the author must also file assignments from each person w h o worked on the software.

TRADEMARK PROTECTION The protection of trademarks via registration has long b e e n accepted internationally. In most countries, rights are initially secured by registration and maintained by later use in the country. Generally speaking, use without registration does not provide trademark protection. Only the US and a few other nations require use of the mark before registration (e.g. Canada and the Philippines) or give some priority of rights based solely o n use (e.g. in addition to the US, c o m m o n law countries such as Australia, Canada and the UK). Companies may file trademark applications in the US based o n an 'intent to use' the mark. Since 16 November 1989, applicants have b e e n able to file for trademark registrations in the US on the basis of 'intent to use', but actual use of the mark must occur before the registration is issued.The sole exception to this actual use requirem e n t is that a foreign applicant relying on Paris Convention

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

1998

Update:

rights may obtain a registration w i t h o u t actual use of the mark. With few exceptions, the three most notable of w h i c h are the European Community Trademark, the Madrid Agreement and the Madrid Protocol, discussed below, trademarks may be p r o t e c t e d on a country-by-country basis only. The lead time from application to registration varies b y jurisdiction from a few months to several years. While some countries examine the existing registry for potentially conflicting p r i o r registrations (e.g. the US), others do n o t (e.g. Germany, France and Switzerland), leaving it to the registrants to identify and resolve such conflicts.

Paris Convention Under the Paris Convention, w h i c h has b e e n signed b y m o r e than 80 countries, a trademark o w n e r may have trademark rights 'backdated' in a foreign c o u n t r y to the date of initial filing in its h o m e c o u n t r y if application is m a d e in another treaty c o u n t r y within six m o n t h s of filing in the h o m e country. Since the US is a signatory to this agreement, timely Paris Convention filings may help p r o t e c t n e w US trademarks from pirates w h o register trademarks abroad and then a t t e m p t to sell t h e m back to the true owners. As of 1 January 1998, Paris Convention m e m b e r countries n o t listed on the chart were:Albania, Algeria,Arn]enia,Aruba, Azerbaijan, Bahamas, Bahrain, Bangladesh, Barbados, Benin, Bolivia, Burkina Faso, Burundi, Cameroon, Central African Republic, Chad, Congo, Cuba, Cyprus, E1 Salvador, Equatorial Guinea, Gabon, Gambia, Georgia, Ghana, Guinea, GuineaBissau, Guyana, Haiti, Holy See, Honduras, Iceland, Iran, Iraq, Ivory Coast, Jordan, Kazakhstan, Kenya, Kyrgyzstan, Lebanon, Lesotho, Liberia, Libya, Liechtenstein, Macedonia, Madagascar, Malawi, Mall, Malta, Mauritania, Mauritius, Moldova, Monaco, Mongolia, Morocco, Netherlands Antilles, Niger, North Korea, Paraguay, Rwanda, Saint Kitts and Nevis, Saint V~mcent and the Grenadines, San Marino, Santa Lucia, Senegal, Sierra Leone, Sri Lanka, Sudan, Suriname, Swaziland, Syria,Tadjikistan,Tanzania, Togo, Trinidad and Tobago, Tunisia, Turkmenistan, Uganda, Uzbekistan, Zaire, Zambia and Zimbabwe.

European Community Trademark (CTM)

International

legal Protection

for Software

party, o n c e a national of a m e m b e r c o u n t r y has registered a trademark in its h o m e country, the trademark may be registered in all m e m b e r countries b y depositing its certificate of registration w i t h the Central Registration Bureau in Berne, Switzerland. Nationals of countries that are not m e m b e r s of this convention may not obtain such "international registrations" unless t h e y have a "real and effective industrial or commercial" p r e s e n c e in a m e m b e r c o u n t r y through w h i c h t h e y can obtain the necessary h o m e c o u n t r y registration. M e m b e r countries of the Madrid Agreement, as of 1 J a n u a r y 1998, w e r e : Albania, Algeria, Armenia, Austria, Azerbaijan, Belarus, Belgium, Bosnia a n d Herzegovina, Bulgaria, China, Croatia, Cuba, Czech Republic, Denmark, Egypt, Finland, France, Germany, Htmgary, Italy, Kazakhstan, Kyrgyzstan, Latvia, Liberia, Liechtenstein, L u x e m b o u r g , Macedonia, Moldova, Monaco, Mongolia, M o r o c c o , Netherlands, North Korea, Norway, Poland, Portugal, Romania, Russia, San Marino, Sierra Leone, Slovak Republic, Slovenia, Spain, Sudan, Sweden, Switzerland, Tadjikistan, Ukraine, United Kingdom, UzbekistanlVietnam andYugoslavia.

Madrid Protocol The Madrid Protocol, w h i c h ultimately will replace the Madrid Agreement and is e x p e c t e d to provide a truly international centralized trademark application system, b e c a m e effective 1 April 1996: Members of the Madrid Protocol, as of 1 January 1998 ( e x c e p t as n o t e d below), were:Belgium (effective 1 April 1998), China, Cuba, Czech Republic, Denmark, Finland, France, Germany, Hungry, Iceland, Liechtenstein (effective 17 March 1998), Lithuania, L u x e m b o u r g (effective 1 April 1998), Moldova, Monaco, Netherlands (effective 1 April 1998), North Korea, Norway, Poland, Portugal, Russia, Slovak Republic, Slovenia (effective 1 March 1998), Spain, Sweden, Switzerland, United Kingdom and Yugoslavia (effective 17 February, 1998). The US, Japan, Canada and other key jurisdictions have indicated that they will not join until a disagreement over procedure - - v o t i n g rights for intergovernmental organizations, such as the EC - - is resolved. Because of this dispute, nationals of the US and o t h e r n o n - m e m b e r countries essentially are excluded from taking advantage of the Madrid Protocol's centralized filing option.

Beginning 1 April 1996, it b e c a m e possible for anyone to obtain p r o t e c t i o n in all m e m b e r countries of the EU (currently 15) w i t h a single application filed w i t h the CTM office in Alicante, Spain. It is anticipated the costs of obtaining a CTM are generally less than half the cost of otherwise seeking registration in each individual m e m b e r country. However, should the application e n c o t m t e r difficulties during examination or be o p p o s e d b y a successful challenger and the applicant c h o o s e the o p t i o n of converting the CTM application to individual c o u n t r y applications, the costs likely w o u l d be significantly higher than t h e y otherwise w o u l d have b e e n had the applicant directly a p p l i e d in the individual countries initially.

While tile basic laws offering trademark p r o t e c t i o n have b e e n in effect for many years, many countries are only n o w arriving in the c o m p u t e r age. Until recently, even a d e v e l o p e d c o u n t r y such as Switzerland w o u l d n o t register a trademark for a software p r o d u c t as such, b u t only for the media on w h i c h the software was stored (i.e.'data earriers').Today,Taiwan will n o t register a mark f o r ' c o m p u t e r software.' Electronic delivery of software via the Internet raises a host of conceptual issues for trademark authorities w h o are used to thinking of trademarks only in c o n n e c t i o n w i t h the transfer of tangible goods.

Madrid Agreement

T h e w o r l d w i d e t r e n d is t o treat software like any o t h e r produ c t f o r p u r p o s e s o f trademark protection.

The Madrid Agreement is the s e c o n d major e x c e p t i o n to the n e e d for registration on a country-by-country basis. Under this increasingly p o p u l a r convention, to w h i c h the US is not a

Even t h o u g h registration is available for trademarks (product names), registration of service marks is not yet available in all countries. That imbalance is changing: The w o r l d w i d e

Practical Variations

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

31

1998

Update:

International

legal Protection

for Software

trend is to remove these restrictions in favour of complete protection. Notably, Singapore b e g a n protecting service marks in 1991. Japan, Hong Kong and Thailand enacted service mark protection laws effective in 1992, and Switzerland, Greece and Venezuela enacted service mark protection laws effective in 1993. Following adoption of the EU Trademark Harmonization Directive, each m e m b e r state is required to protect service marks.

PATENT PROTECTION There is a worldwide t r e n d in favour of adopting patent protection for software-related Inventions. More than 65 of the 176 countries in the world that grant patents permit the patenting of software-related inventions, at least to some degree. There is a worldwide trend in favour of adopting patent protection for software-related inventions. This trend has accelerated following the adoption of the Trade-Related Aspects of Intellectual Property (TRIPS) portion of the GATT, w h i c h mandates m e m b e r countries to provide p a t e n t p r o t e c t i o n for i n v e n t i o n s i n . all fields of technology. Developing countries have b e e n given u p to 11 years to a m e n d their laws, if necessary, to meet this requirement. The most widely followed doctrine governing the scope of patent protection for software-related inventions is the 'technical effects' doctrine that has b e e n promulgated by the European Patent Office (EPO). This doctrine generally holds that software is patentable if the application of the software has a 'technical effect?Thus, for example, software that controis the timing of an electronic engine is patentable u n d e r this doctrine, whereas software that detects and corrects contextual h o m o p h o n e errors (e.g., "there" to "their") is not. The EPO law regarding patentability of software is generally more liberal than the individual laws of EPO m e m b e r countries Spain and Switzerland.Thus, one desiring to patent a software-related invention in Europe should generally file an EPO application designating the European countries in which protection is sought, rather than filing separate patent applications in EPO countries, Spain or Switzerland. For each country, the exact nature of software patentability is a complicated question. Even in countries that are liberal in granting patents o n c o m p u t e r software, certain limitations apply. For example, in the US, software that affects a physical process may be patentable. If the software preempts a mathematical algorithm, however, it is not patentable. The situation in Japan is similar to that in Europe and the US. In Japan, a c o m p u t e r program that simply performs a mathematical calculation is n o t patentable. However, if the software is used as a means for materializing a law of nature and is linked to appropriate hardware elements, it may be patentable. For example, software claimed as part of a microc o m p u t e r e m b e d d e d in a fishing rod to control the operation of the reel can be patented. Obtaining patent protection for any invention, including software, is relatively expensive. For each c o u n t r y in w h i c h protection is sought, the cost is typically several thousands of dollars in attorney fees, patent draftsman charges and governmental fees.Why t h e n w o u l d one patent software rather than rely o n copyright protection? First, a patent is valid against everyone in that c o u n t r y w h o makes, uses or sells the patent-

32

ed invention, even if the infringer invented it independently. Second, while copyright law protects only the expression of an idea, patent law protects the underlying idea.This is true as long as the idea is not so fundamental that it constitutes a law of nature. Thus, for example, u n d e r US patent law a mathematical algorithm is not patentable ff the patent claim preempts the entire algorithm, but may be patentable if it applies the algorithm to accomplish a specific technical purpose. Finally, because more software is mass-marketed without a signed license agreement, the strong protection provided by patent laws is increasingly important.

Paris Convention Most of the industrialized nations of the world adhere to the Paris Convention for the Protection of Industrial Property. Notable exceptions are India and Taiwan.This treaty provides that one w h o files a patent application in any of the m e m b e r countries has u p to one year to file subsequent applications in other m e m b e r countries and be able to backdate the effective filing dates of the subsequent applications to that of the first-filed patent application. For example, one could file a patent application in the US o n June 1, 1997, then file corresponding applications in the UK,Japan and Canada up until 1 June 1998, and be able to backdate the filing dates in the UK, Japan and Canada to 1 June 1997. Backdating is important because public disclosures of an invention (whether by the inventor or by somebody else) that occur b e t w e e n 1 June 1997, and 1 June 1998, will not have an adverse effect u p o n the UK, Japanese and Canadian applications. Such public disclosures would bar applications in these countries ff the provisions of the Paris Convention could not be invoked. In addition, backdating provides an earlier filing date for priority purposes w h e n the first to file is the critical timing factor, as it is in most countries, in determining w h i c h of two or more competing applicants will be awarded the patent. Nationals of countries that are not m e m b e r s of the Paris Convention might n o t be allowed to file patent applications in certain countries.

European Patent Convention The European Patent Convention is the treaty that established the EPO. Approximately 20 countries can be designated via the EPO. In each of these countries, one can apply for a patent via either the national route or the EPO. The EPO grants patents that are valid in those European countries designated in the EPO application and subsequently perfected in those countries. Enforcement of the EPO p a t e n t is obtained through the national courts of the various countries.

Patent Cooperation Treaty The Patent Cooperation Treaty provides a means for filing patent applications simultaneously in over 96 countries. The major value of the P e T is to enable one to defer normal filing and translation deadlines and costs in PCT countries beyond the c o u n t r y in w h i c h the first patent application is filed for u p to an additional 18 m o n t h s beyond the 12 months provided by the Paris Convention. This extra time can be critical, because it may be what is n e e d e d to evaluate the results of

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see front matter © 1999 Elsevier Science Ltd. All rights reserved

1 998

Update:

the patent prosecution in a first-filed country, ff the prosecution does not go well or the p r o d u c t in w h i c h the invention is e m b o d i e d is not commercially viable, the subsequent foreign patent applications can be stopped, thereby avoiding additional expenses.

CONTRACTUAL PROTECTION Contractual p r o t e c t i o n is available for software i n most countries if required approvals, registrations and other actions are completed. Contractual protection (in contrast to statutory protection) is available in most countries if any required governmental registrations, approvals and other actions are taken to assure enforceability. Even then, the scope of available remedies may be restricted and their application will generally be limited to the other party to the agreement. Confidentiality requirements are i m p l e m e n t e d by specific agreement both w i t h licensees and in employer-employee relationships. Unless expressly provided for in the agreement, injunctive relief is usually n o t available for breach of contract in most nations other than the US.

US BORDER ENFORCEMENT Customs is authorized to detain imported software that is merely believed to infringe the right of a US copyright owner. US Customs is authorized to make its o w n i n d e p e n d e n t infringement determinations in the areas of copyrights, trademarks and trade names.With respect to copyrights, Customs is authorized to detain imports that are merely believed to infringe the rights of a US copyright owner. Customs ordinarily makes such detentions based o n allegations by US copyright owners of possible infringement. Imports may be detained at the port until after Customs makes a decision concerning the validity of the infringement claim. Significantly, such imports are detained before Customs makes a decision c o n c e r n i n g infringement and may remain in Customs' custody for many m o n t h s p e n d i n g a final infringement decision. Customs' copyright regulations have b e e n used extensively to prevent allegedly infringing inlports of B I t S software from entering the United States. Customs also has authority to detain imports that are merely alleged to infringe US trademarks or trade names before there has b e e n any formal infringement finding. Under existing regulations, however, Customs does not make its o w n i n d e p e n d e n t infringement determinations with respect to patents or semiconductor mask works. Because of the complexity of infringement issues relating to patents and mask works, Customs historically has deferred to the institutional expertise of the US International Trade Commission (ITC) and the courts to make patent and mask work infringem e n t findings. In the case of both patents and mask works, Customs simply enforces exclusion remedies that have b e e n issued by a court or the ITC at the conclusion of a formal infringement case. Customs has developed an online database that links each US port with the intellectual property records that are maintained at Customs' headquarters in Washington. Because each local Customs district director has authority to take action against imports that may infringe protected intellectual prop-

International

legal Protection

for Software

erty rights, this development provides a greater degree of national uniformity w i t h respect to overall US b o r d e r enforcement efforts. Such a policy is required to avoid a situation where a work would be 'cleared' at one port, but 'believed to be an infringing copy' at another. Also, because intellectual property rights b e c o m e eligible for Customs' protection only after they are registered with Customs headquarters in Washington (or an ITC or court order is issued at the close of an inflSngement case), there is a n e e d for uniform notification of the ports c o n c e r n i n g the status of works eligible for Customs' protection.

CONCLUSION The trend is toward multilateral agreements for strengthening protections for software. Although the availability of legal protection for software is increasing rapidly around the world, the scope and enforceability of that protection varies significantly by country. The use of the Special 301 provisions of the 1988 US Trade Act have resulted in greater protection for software, as well as other intellectual property, in several countries:The Business Software Alliance and Software Publishers Association have b e e n effective forces for monitoring software piracy around the world, promoting legislative and attitudinal changes and taking legal actions to enforce copyright protection. The accession of the US to the Berne Convention, the NAFTA provisions and the signing of GATT indicate that the trend is toward multilateral agreements for dealing with protection for software. These multilateral efforts are i n t e n d e d to promote adequate and effective protection of intellectual property rights while ensuring that national laws enforcing such rights do n o t themselves b e c o m e barriers to trade.

ABOUTTHE FIRM Fenwick & West LLP has offices in Palo Alto, California, San Francisco, California, and Washington, DC, and has a network of correspondent firms in many major cities of the world. Established in 1972, the firm has more than 190 attorneys providing comprehensive services to clients of national and international prominence, including many of the world's leading software suppliers and Internet companies. The firm's practice emphasizes intellectual property, I n t e m e t and other technology-related issues in a global context, with a primary focus o n seven major practice areas: (i) patent and other intellectual property protection, licensing and distribution of c o m p u t e r software and hardware, network technology, multimedia products, semiconductor technology, and biotechnology; (ii) international transactions; (iii) domestic and international tax planning; (iv) litigation and alternative dispute resolution techniques; (v) corporate law, including venture capital, public offerings, and mergers and acquisitions; (vi) e m p l o y m e n t and laboUr law; and (vii) medical devices and life sciences. Updates and questions c o n c e r n i n g this report should be directed to Fred Greguras ([email protected]), or Michael Egger ([email protected]) of our Pain Alto office, or Phyllis Andes ([email protected]) or JayWestermeier ([email protected]) of our Washington, DC office. Additional copies are available u p o n request.

Computer Law & Security Report Vol. 15 no. 1 1999 0267 3649/99/$- see fr0nt matter © 1999 Elsevier Science Ltd. All rights reserved

33