On 24 April 2012 we posted a blog in relation to SAS Institute ( https://waterfront.law/blog/sas-institute-a-visionary-innovator-in-the-field-of-statistical-data-analysis/ ), since that time the Court of Justice of the European Union (CJEU) has given its decision ( https://www.bailii.org/eu/cases/EUECJ/2012/C40610.html ).
The purpose of the decision is to give authoritative interpretations of the various EU laws in the matter. The case will return to the High Court for determination on the facts. However, the decision largely confirmed the interpretation given by Justice Arnold in his decision and that of the Advocate General.
This decision has two main significant impacts for the software industry.
First, the CJEU ruled that neither the functionality of a computer program nor the programming language and/or the format of data files used in a computer program are protected by copyright in computer programs.
Second, one of the ways in which World Programming Limited (WPL) was able to learn about the SAS software and create its replica product was through use of the SAS “Learning Edition”. WPL ran queries and inputs to learn the ideas and principles which underlie the SAS software and the language in which to communicate them to get the appropriate responses from the SAS software. The Learning Edition was available via a “click-thru” licence. One of the terms of which was that the Learning Edition was only to be used in a “non-production” environment. The CJEU determined that it will not be a breach of a licence for a licensee (such as WPL) to “observe, study or test the functioning of that program so as to determine the ideas and principles which underlie any element of the program in the case where that person carries out acts covered by that licence and acts of loading and running necessary for the use of the computer program…”
The case has many similarities with the pending dispute between Oracle and Google in the United States of America. Oracle is alleging that Google stole it’s Java APIs to build the Android operating system as it has followed the “structure, sequence and organisation” of the APIs. This case is still in trial, but it will be interesting to see how our American cousins view the same subject matter. We will keep you posted on the developments!
What does this mean for Software Developers?
As a software developer and you suspect someone is copying your software, it will need to go beyond copying of the functionality, purpose, or even commands to amount to copyright infringement. The CJEU’s decision confirms that in many cases the most (and only) convincing way to establish an infringement is through showing that the copier had access to your source code.
The ruling goes further because previously it might have been thought possible to bring a breach of licence claim against users who were running software to discover the underlying ideas and principles so that they can create their own software which goes beyond copying the basic idea to copying functionality at a more detailed level this will now not be a way forward in most circumstances. It will be necessary to understand much more detail as to what acts the user has done in relation to the software to gain their insight.
Protection of your source code has therefore become even more vital than ever before. As mentioned in our previous blog, many suggest embedding deliberate errors or unnecessary code can be useful to show copying of code will be one way of doing this. Make sure if it is placed into the third party possession that is done under an agreement which guarantees its continued confidentiality save under specific circumstances. Feel free to contact the team at Waterfront if you have any queries as to how to achieve this!
Although most users of your website will not read your terms, this is an important part of your business. Having to argue in court is expensive, so a little investment to avert the risk is a pragmatic approach. This article highlights some of the most common points which your terms should cover so that the risks explained below do not crystallise.
If your business involves sending personal data outside the UK and EEA, you may be aware of the need for a transfer risk assessment (TRA) to demonstrate that you have properly considered and mitigated any associated risks.
When it comes to commercial negotiations, they often don’t turn out the way you had hoped and then there is no going back. Instead of struggling on your own, losing a lot of management time and still not being sure you have got the best deal, let us negotiate for you.
Get it in writing – Commercial Contracts