- Email: [email protected]
Contract solutions in software protection
THE COMPUTER LAW A N D S E C U R I T Y
REPORT
CONTRACT CONTRACT SOLUTIONS IN SOFTWARE PROTECTION John Borking, Senior Legal Counsel, Rank Xerox Ltd. Trade and industry in Europe are particularly sceptical about the protection provided by patent and copyright law for their software and firmware products. Therefore protection is needed by means of a contract which makes up for deficiencies and uncertainties arising in other areas of the law. The contract solution is not ideal; it does not for instance provide for recourse against third party infringers who are not party to the contract. The role of the lawyer is to draft clauses in such a way that piracy and illicit copying are prevented as much as possible and to support the technical protective measures with the legal language of the contract.
Problem Areas Companies in the field of software and firmware are confronted with piracy and illicit copying of source codes and object codes of computer programs. One can recognise the following phenomena: , Piracy. which is unauthorised copying and exploitation of software content. This is either in the written expression of that software i.e. the source code, or in machine readable language i.e. the object code fixed on rigid or floppy discs, or by unloading ROM's or other computer memories. • Companies are also confronted by counterfeiting. This is piracy combined with elements of visual deception in the presentation. Examples include the reproduction of any trade mark and packaging of the legitimate software product, or when somebody takes a program, makes some changes, (sometimes just a few lines of codes or renumbers some addresses of the program) and then sells it on the market as his own original software. These types of piracy are practised on quite a large commercial scale especially in the Far East where Taiwan is the pirates' paradise. * As well as the above categories of piracy the following variations occur. The pirate can buy a ficence to sell the software from a company that has no right to sell that licence to him and, provided that the company has in turn bought the licence from another company, the pirate has created a legal barrier that is almost impenetrable due to our Western legal system of protecting property.
* Furthermore, companies are sometimes confronted by the pirate who combines his hardware sales with giving free software which will be described by him as back-up or demonstration copies of software instead of giving discounts on the hardware. * From a company point of view we treat stealing algorithms on which the computer software is based as piracy, although at the moment this is not the state of art of the legal doctrine in intellectual property law. * Another problem is that of illicit copying. We do not look upon illicit copying in the same way as that which is allowed under fair use regulations. But aside from this fact, illicit copying often occurs and much of it between friends. This happens particularly in computer user groups where, as users of a certain brand of microcomputers, they help each other either to find out exactly how the particular software works or they pool their joint software budget. It also happens in educational institutes and is triggered off mainly by the fact that there is insufficient money to spend on software. This leads to the situation where teachers organise themselves into buying special software packages which are copied and circulated around other colleagues or other schools. , Last but not least is the group of amateur software thieves. This group loves to unravel software locks because it is so challenging. These people, sometimes called technological locksmiths, become well known in user groups of micros and attract many other users in order to break the locks in their computer software.
Protective Measures Naturally companies try to protect their software by technical and commercial means. I want to mention a few protective measures.
Price strategies On the marketing side the protective measures are based on the position of the software vendor in the market. Generally speaking the all-over strategy is to penetrate deeper into the market. If this is not possible then the vendor tries to develop the market he is in or tries to find new markets by exploiting his software product. In order to protect himself against the risks of illicit copying and piracy the bona fide software vendor is forced to develop price strategies which can either be the strategy of price skimming or more likely he will try to use strategies of stay-out or push-out pricing.
THE COMPUTER LAW A N D S E C U R I T Y
REPORT
'= CLSR
Releases
Time bomb
This technique involves issuing new releases of marketed software at frequent intervals i.e. three or six months. These releases are used not only to remedy bugs which have been discovered and/or to improve the quality of the software but also to provide protection of software. It works as follows:
The time bomb method renders software useless to a user if that user is not receiving the authorised service or the official updates (releases) which have been suggested or delivered by the vendor of that software. An "internal clock" into the software feeds signals into the register of the computer. As long as a positive signal has been fed into the register there will be no destruction of that software. When the time period of the clock has elapsed, for example, after a period of six months and a customer has not received an update in time because of non-payment of the ticence fee, then destruction of that software will occur.
The user pays a licence fee for the software product and will therefore benefit from the after-sales support of the vendor. He is registered as a user of that software. Now if someone obtains an unauthorised copy of a software product, he will not be registered and will not get updates, enhancements or the latest release of that software. Further, if the possessor of the unauthorised copy of that software has problems when using the software and requests assistance from the original vendor in order to solve the problems, the software vendor can refuse such assistance because he had not been listed as a registered user. It also helps to discover the source of piracy of illicit copying. The service routine is that when requesting assistance the name and address of the customer is asked for as well as the release or version number. If this number does not correspond with the latest release, then the customer is invited to explain how he got his version. Some technical protective measures include:
Bebugging The technique of bebugging is a method used to deliberately insert errors into a program. These errors become obvious if the program is used in an unauthorised manner. The bugs can be easily cured by the vendor of the software but not by the one who possesses such software illegally. This technique can also be used to give proof of piracy.
Locks and serialisation Another useful technique is that of using locks and serialisation. Some hardware manufacturers build in hardware locks in order to protect the software, These locks give a unique set of signals by which the software is individualised. The user of that software will and can be restricted only to this specific piece of hardware. Serialisation is used because most of the time the software vendor wants to track the number of copies made for discovery methods and/or for calculating the royalty or licence fee. Each disc produced containing licensed software is given a unique serial number. The moment the licensee copies the agreed number, say 10,000, the master disc cannot be reproduced further and the client has to license a new disc on which the software is stored.
Need for Protection In order to prevent piracy and illicit copying, software/firmware companies need the following legal protection: ,
protection against unauthorised use of software;
*
protection of algorithms on which the software is based;
,
protection of source code and other documentation of software;
,
protection of object code (binary).
Type of Contract Again as long as there continues to be no worldwide accepted legal system of software protection, (such as by already existing or adapted patent or copyright laws,) pragmatically speaking protection can only be achieved by licence agreements and confidential disclosure agreements, The contract should be in the form of a licence agreement and not a sales agreement. The principal reasons are to recoup and profit from the investment in the program. The program developer wants to grant to the right to use the program in return for payment of a fee to more than one user. Therefore the program developer wants to keep the ownership of the program and to specifically prohibit the user from granting a licence to use the program to third parties. In order to protect the algorithms, the source code and object code of his program and to prevent the unauthorised use of the program, the software vendor will put contractual conditions on the user such as non-disclosure and restrictions on program copies and the marketing of modified versions of the program. He can also protect the content of his program by bringing it under a trade secret protection. I do not consider this kind of protection to be effective in the microcomputer software market as the software is mass marketed here and the secret would therefore become public knowledge. Although there are several types of contract, like time-sharing agreements, program
M A Y - JUNE
development agreements and other service agreements, I will now discuss licence agreements between supplier and end user.
Nature of contracted terms When licensing the software to customers everything depends on the distribution strategy of the vendor or owner of software. If the vendor of software is smaller than the party who is buying the software it of course depends on the negotiation power of the buyer. I do not recommend the shrinkwrap contract approach, (i.e. on opening the wrapping that the software comes in, you are deemed bound by the licence terms printed on the packet), whatever the terms and conditions may be.
General remarks with regard to licence agreement For software protection reasons a licence agreement is far safer than a sales agreement.
What is a licence agreement?. The licence is a contract to grant rights in industrial property, e.g. patents, trade marks or confidential know-how. I want to point out that although this is the basic position, I realise that restrictions of freedom of parties or competition in the agreement might give rise to problems under anti-trust provisions like Articles 85 and 86 of the EEC Treaty of Rome or the anti-trust legislation of the United States. Even if you are in a country which has no strong anti-competition legislation you will be likely to find the shadow of the United States and EEC anti-trust law hanging over your contract in international transactions or transactions with local subsidiaries of EEC or US based multinationals. I therefore advise you to be careful when using clauses with regard to exclusivity, export bans (United States export control), territoria~ or after-sales restrictions, field of use restrictions, tie-in practices, or price fixing.
THE COMPUTER L A W A N D S E C U R I T Y
REPORT
Eastern Europe In Eastern Europe licence agreements are enforceable; it is of course a matter of trust but contracts are really adhered to. One particular obstacle one will often encounter is the request to have the right to export licensed products. A caveat is necessary. In Bulgaria special (sui generis) legislation for the protection of computer programs exists (patent and copyright protection are not applicable on software there).
Common Clauses As stated earlier, I will focus only on the most frequent licensing transactions; namely that between the supplier and the end-user. As this is not a sales agreement it means that you will find as a basic clause that the vendor grants to the client a non-transferable and non-exclusive licence to use the software in a specific country or part of the world. Other common clauses which you will find are parties and definitions, licence grants and software product descriptions, program support services, the term of the agreement, payment and price adjustments, delivery, installation, acceptance, warranty of performance and disclaimers, property rights, proprietary and trade secret protection, confidentiality clauses, liability and default clauses and general provisions like entire agreement clauses and escape clauses. I intend to restrict myself only to those clauses in the licence agreement which help to protect software. However, I want to point out that I consider three clauses to be of major importance; namely the acceptance test clause, the software product description clause and the warranty clause. These three clauses together are as important for the vendor as well as for the buyer of software as they prevent a pig-in-the-poke effect for the buyer and will balance the liability of the vendor. I will deal with these aspects in the next issue of The Report.
REPORT
CONTRACT CONTRACT SOLUTIONS IN SOFTWARE PROTECTION John Borking, Senior Legal Counsel, Rank Xerox Ltd. Trade and industry in Europe are particularly sceptical about the protection provided by patent and copyright law for their software and firmware products. Therefore protection is needed by means of a contract which makes up for deficiencies and uncertainties arising in other areas of the law. The contract solution is not ideal; it does not for instance provide for recourse against third party infringers who are not party to the contract. The role of the lawyer is to draft clauses in such a way that piracy and illicit copying are prevented as much as possible and to support the technical protective measures with the legal language of the contract.
Problem Areas Companies in the field of software and firmware are confronted with piracy and illicit copying of source codes and object codes of computer programs. One can recognise the following phenomena: , Piracy. which is unauthorised copying and exploitation of software content. This is either in the written expression of that software i.e. the source code, or in machine readable language i.e. the object code fixed on rigid or floppy discs, or by unloading ROM's or other computer memories. • Companies are also confronted by counterfeiting. This is piracy combined with elements of visual deception in the presentation. Examples include the reproduction of any trade mark and packaging of the legitimate software product, or when somebody takes a program, makes some changes, (sometimes just a few lines of codes or renumbers some addresses of the program) and then sells it on the market as his own original software. These types of piracy are practised on quite a large commercial scale especially in the Far East where Taiwan is the pirates' paradise. * As well as the above categories of piracy the following variations occur. The pirate can buy a ficence to sell the software from a company that has no right to sell that licence to him and, provided that the company has in turn bought the licence from another company, the pirate has created a legal barrier that is almost impenetrable due to our Western legal system of protecting property.
* Furthermore, companies are sometimes confronted by the pirate who combines his hardware sales with giving free software which will be described by him as back-up or demonstration copies of software instead of giving discounts on the hardware. * From a company point of view we treat stealing algorithms on which the computer software is based as piracy, although at the moment this is not the state of art of the legal doctrine in intellectual property law. * Another problem is that of illicit copying. We do not look upon illicit copying in the same way as that which is allowed under fair use regulations. But aside from this fact, illicit copying often occurs and much of it between friends. This happens particularly in computer user groups where, as users of a certain brand of microcomputers, they help each other either to find out exactly how the particular software works or they pool their joint software budget. It also happens in educational institutes and is triggered off mainly by the fact that there is insufficient money to spend on software. This leads to the situation where teachers organise themselves into buying special software packages which are copied and circulated around other colleagues or other schools. , Last but not least is the group of amateur software thieves. This group loves to unravel software locks because it is so challenging. These people, sometimes called technological locksmiths, become well known in user groups of micros and attract many other users in order to break the locks in their computer software.
Protective Measures Naturally companies try to protect their software by technical and commercial means. I want to mention a few protective measures.
Price strategies On the marketing side the protective measures are based on the position of the software vendor in the market. Generally speaking the all-over strategy is to penetrate deeper into the market. If this is not possible then the vendor tries to develop the market he is in or tries to find new markets by exploiting his software product. In order to protect himself against the risks of illicit copying and piracy the bona fide software vendor is forced to develop price strategies which can either be the strategy of price skimming or more likely he will try to use strategies of stay-out or push-out pricing.
THE COMPUTER LAW A N D S E C U R I T Y
REPORT
'= CLSR
Releases
Time bomb
This technique involves issuing new releases of marketed software at frequent intervals i.e. three or six months. These releases are used not only to remedy bugs which have been discovered and/or to improve the quality of the software but also to provide protection of software. It works as follows:
The time bomb method renders software useless to a user if that user is not receiving the authorised service or the official updates (releases) which have been suggested or delivered by the vendor of that software. An "internal clock" into the software feeds signals into the register of the computer. As long as a positive signal has been fed into the register there will be no destruction of that software. When the time period of the clock has elapsed, for example, after a period of six months and a customer has not received an update in time because of non-payment of the ticence fee, then destruction of that software will occur.
The user pays a licence fee for the software product and will therefore benefit from the after-sales support of the vendor. He is registered as a user of that software. Now if someone obtains an unauthorised copy of a software product, he will not be registered and will not get updates, enhancements or the latest release of that software. Further, if the possessor of the unauthorised copy of that software has problems when using the software and requests assistance from the original vendor in order to solve the problems, the software vendor can refuse such assistance because he had not been listed as a registered user. It also helps to discover the source of piracy of illicit copying. The service routine is that when requesting assistance the name and address of the customer is asked for as well as the release or version number. If this number does not correspond with the latest release, then the customer is invited to explain how he got his version. Some technical protective measures include:
Bebugging The technique of bebugging is a method used to deliberately insert errors into a program. These errors become obvious if the program is used in an unauthorised manner. The bugs can be easily cured by the vendor of the software but not by the one who possesses such software illegally. This technique can also be used to give proof of piracy.
Locks and serialisation Another useful technique is that of using locks and serialisation. Some hardware manufacturers build in hardware locks in order to protect the software, These locks give a unique set of signals by which the software is individualised. The user of that software will and can be restricted only to this specific piece of hardware. Serialisation is used because most of the time the software vendor wants to track the number of copies made for discovery methods and/or for calculating the royalty or licence fee. Each disc produced containing licensed software is given a unique serial number. The moment the licensee copies the agreed number, say 10,000, the master disc cannot be reproduced further and the client has to license a new disc on which the software is stored.
Need for Protection In order to prevent piracy and illicit copying, software/firmware companies need the following legal protection: ,
protection against unauthorised use of software;
*
protection of algorithms on which the software is based;
,
protection of source code and other documentation of software;
,
protection of object code (binary).
Type of Contract Again as long as there continues to be no worldwide accepted legal system of software protection, (such as by already existing or adapted patent or copyright laws,) pragmatically speaking protection can only be achieved by licence agreements and confidential disclosure agreements, The contract should be in the form of a licence agreement and not a sales agreement. The principal reasons are to recoup and profit from the investment in the program. The program developer wants to grant to the right to use the program in return for payment of a fee to more than one user. Therefore the program developer wants to keep the ownership of the program and to specifically prohibit the user from granting a licence to use the program to third parties. In order to protect the algorithms, the source code and object code of his program and to prevent the unauthorised use of the program, the software vendor will put contractual conditions on the user such as non-disclosure and restrictions on program copies and the marketing of modified versions of the program. He can also protect the content of his program by bringing it under a trade secret protection. I do not consider this kind of protection to be effective in the microcomputer software market as the software is mass marketed here and the secret would therefore become public knowledge. Although there are several types of contract, like time-sharing agreements, program
M A Y - JUNE
development agreements and other service agreements, I will now discuss licence agreements between supplier and end user.
Nature of contracted terms When licensing the software to customers everything depends on the distribution strategy of the vendor or owner of software. If the vendor of software is smaller than the party who is buying the software it of course depends on the negotiation power of the buyer. I do not recommend the shrinkwrap contract approach, (i.e. on opening the wrapping that the software comes in, you are deemed bound by the licence terms printed on the packet), whatever the terms and conditions may be.
General remarks with regard to licence agreement For software protection reasons a licence agreement is far safer than a sales agreement.
What is a licence agreement?. The licence is a contract to grant rights in industrial property, e.g. patents, trade marks or confidential know-how. I want to point out that although this is the basic position, I realise that restrictions of freedom of parties or competition in the agreement might give rise to problems under anti-trust provisions like Articles 85 and 86 of the EEC Treaty of Rome or the anti-trust legislation of the United States. Even if you are in a country which has no strong anti-competition legislation you will be likely to find the shadow of the United States and EEC anti-trust law hanging over your contract in international transactions or transactions with local subsidiaries of EEC or US based multinationals. I therefore advise you to be careful when using clauses with regard to exclusivity, export bans (United States export control), territoria~ or after-sales restrictions, field of use restrictions, tie-in practices, or price fixing.
THE COMPUTER L A W A N D S E C U R I T Y
REPORT
Eastern Europe In Eastern Europe licence agreements are enforceable; it is of course a matter of trust but contracts are really adhered to. One particular obstacle one will often encounter is the request to have the right to export licensed products. A caveat is necessary. In Bulgaria special (sui generis) legislation for the protection of computer programs exists (patent and copyright protection are not applicable on software there).
Common Clauses As stated earlier, I will focus only on the most frequent licensing transactions; namely that between the supplier and the end-user. As this is not a sales agreement it means that you will find as a basic clause that the vendor grants to the client a non-transferable and non-exclusive licence to use the software in a specific country or part of the world. Other common clauses which you will find are parties and definitions, licence grants and software product descriptions, program support services, the term of the agreement, payment and price adjustments, delivery, installation, acceptance, warranty of performance and disclaimers, property rights, proprietary and trade secret protection, confidentiality clauses, liability and default clauses and general provisions like entire agreement clauses and escape clauses. I intend to restrict myself only to those clauses in the licence agreement which help to protect software. However, I want to point out that I consider three clauses to be of major importance; namely the acceptance test clause, the software product description clause and the warranty clause. These three clauses together are as important for the vendor as well as for the buyer of software as they prevent a pig-in-the-poke effect for the buyer and will balance the liability of the vendor. I will deal with these aspects in the next issue of The Report.