2. IT:AM Seminar Series
Agenda
• 08:30 – 09:30 The business of secrecy
• 09:30 – 09:45 Coffee break
• 09:45 – 10:05 UsedSoft GmbH v Oracle International Corp
• 10:05 – 10:25 Communications Data Bill
• 10:25 – Close Q&A and networking
4. The business of secrecy
Secrecy today – a modern business issue
• 80% of your corporate value is intangible
• The value of trade secrets is rising, why?
• eg: America Invents Act, technology driving more effective data
usage, IP is now firmly in the boardroom
• Are trade secrets underrated ………or even protected
• From Charlie and the Chocolate Factory to date – espionage is
alive and well in 2012
.....scene 1
5. The business of secrecy
How does confidence arise?
• The necessary quality of confidence
– not a precise concept, necessarily flexible
– (non public) formulae, algorithms – obviously yes
– matters in the public domain – obviously not
– encryption may not protect confidentiality if decryption is
possible and the encrypted version is published
and...
• Disclosure in circumstances of confidence
– under a NDA
– an obviously confidential exchange
– a confidential relationship, eg solicitor/client etc
6. The business of secrecy
Who owns confidential information?
• Distinguish ownership of physical materials and intangible rights
– both are important
• Confidential materials may also attract protection from
intellectual property rights eg copyright, database right
• Confidentiality is not an IP right so effective protection is via:
– controlling disclosure of physical materials
– establishing a contractual/tort based duty in your favour
• Trade secret transactions depend on this
7. The business of secrecy
Analysing NDAs – if you’re the discloser
• Ensure you have defined what you want to protect and consider
duration based on the commercial longevity of the information
• Make clear records of disclosure – make it clear that disclosures
made are subject to the NDA
• Reject residual clauses and consider the risk of a recipient
generating new IP based on the disclosed material
• Consider governing law and forum for enforcement
8. The business of secrecy
Analysing NDAs – if you’re the recipient
• Define what information is covered – reject broad clauses and
descriptions
• Ensure there is a duration to the obligations
• Consider risk of “taint” – is the disclosed information too close to
what you are doing?
• Consider a residuals clause
• Consider ownership of derivative analyses
9. The business of secrecy
Analysing NDAs – mutual disclosure
• Is it really a mutual disclosure, have you got the right
protections?
• Seek a fair middle ground
• Consider holding back key information
10. The business of secrecy
Escrow clauses – conventional position
• Material – software source code
• Release events – insolvency, material breach of support
• Scope of use – providing software support (by fixing) internally
11. The business of secrecy
Escrow clauses – consider other material
• Hardware – bill of materials
• Firmware
• Technical specifications
• Other materials
12. The business of secrecy
Escrow clauses – consider other release events
• Anticipatory insolvency/financial distress triggers
• Change of control
• Reputational risk – CSR
• Service level triggers
• General material breach/other breach
and any other situations where you would need the materials
13. The business of secrecy
Escrow clauses – consider scope of use
• Customer support
• Software distribution
• Hardware manufacture
• Subject to a reasonable royalty?
and assess these measures against your general business/product
continuity planning
14. The business of secrecy
Routes to enforcing trade secret protection
• Move quickly to limit damage and to increase prospects of
obtaining an injunction
• Gather evidence by:
– identifying links to party suspected of breach
– speaking to employees and ex-employees
– investigating IT systems and access to trade secrets
– obtaining a copy of the solution (reverse engineering or
carrying out a code comparison)
15. The business of secrecy
Routes to enforcing trade secret protection
• Consider whether an injunction and/or claim would be
appropriate and proportionate
• Consider whether a criminal offence has been committed
• Take steps to protect your secrets from the outset
16. The business of secrecy
Employees and confidential information
• Employer/employee duty based on mutual trust and confidence
• Includes an implied obligation to respect the employer’s
confidential information
• Most employers use express confidentiality obligations as well
17. The business of secrecy
Employees and confidential information – after
cessation of employment
• Trade secrets may not be used post termination
• Other “mere” confidential information is not protectable and the
employee can use this (but is this limited to “tools of the trade”
know how?)
• However, is this activity:
– genuine trade secret; or
– employee know-how and skill
18. The business of secrecy
Employees and confidential information – practical
measures
• Garden leave or other covenants
• Monitor IT activity
• Exit interview - reminder
• Review subsequent activity for suspicious similarity
20. UsedSoft GmbH v Oracle International Corp
Facts
• Oracle
– software owner and distributor
– software is downloaded by customers from the Oracle website
– customer enters into licence agreement with Oracle under
which the customer is granted a perpetual, non-exclusive,
non-transferable right to use the software
• UsedSoft
– seller of used software licences, including Oracle licences
21. UsedSoft GmbH v Oracle International Corp
Decision
• Article 4(2) of the Directive on the Legal Protection of computer
programs (2009/24) (“the Software Directive”) provides that the
first sale of a copy of a software program in the EU by the
copyright holder or with the copyright holder’s consent exhausts
the distribution right of that copy within the EU
• After the first authorised sale of a copy of a copyright-protected
work, the work may be freely distributed within the EU
• ECJ consideration: did the downloading of a copy of a software
program with the copyright holder’s consent fall within the scope
of Article 4(2) and constitute a first sale?
22. UsedSoft GmbH v Oracle International Corp
Decision...
• ECJ held that Article 4(2) was triggered if the copyright holder
authorises a download of a copy and a consequential right to use
the software perpetually in return for a payment of a fee
corresponding to the economic value of the copy
• It also found that there was no difference between an intangible
medium (such as a download) and a tangible medium (CD-ROM,
DVD etc) for the purposes of Article 4(2)
23. UsedSoft GmbH v Oracle International Corp
Decision...
• UsedSoft were therefore entitled to rely on the exhaustion of
distribution rights under Article 4(2) to continue to purchase and
resell Oracle licences
• Certain restrictions:
– not entitled to split out licences and resell part
– original acquirers of software must make own copy unusable
at the time of resale
– copyright holders are entitled to ensure that the original
acquirers copy of the software is made unusable
24. UsedSoft GmbH v Oracle International Corp
Decision...
• Maintenance agreements do not fall under Article 4(2) but Article
4(2) will extend to the resulting software updates and added
functionalities as they form an integral part of the software
downloaded
25. UsedSoft GmbH v Oracle International Corp
What are the implications for software owners?
• Undermines the ability of software owners to control the transfer
of software
• Non-transfer and non-assignment provisions in licensing
arrangements will have no effect if ‘licence’ is granted
perpetually, for a lump sum fee
• Under the principles applied by the ECJ, if these elements are
met, then will deemed to be a ‘first sale’
26. UsedSoft GmbH v Oracle International Corp
Avoiding the trigger!
• Time-limited licences
– annually renewable
– fixed short terms
– longer 15 years+ terms (Note: ‘sham’ terms)
• ‘Software as a Service’ model
• Pricing structures- avoid lump sum payments
• Employ technical methods so as to prevent the licensee’s copy of
the software remaining usable on transfer
27. UsedSoft GmbH v Oracle International Corp
Other considerations
• Provisions for early termination - how are these to be treated?
– breach
– change of control
– insolvency
• To what extent will a transferee be bound by the terms of the
original licence?
• Is any positive action required by the transferor? Supply of
dongle, disk, etc?
• Associated support and maintenance agreements
28. UsedSoft GmbH v Oracle International Corp
What are the implications for licensees?
• Opens up potential revenue streams- licensees will now have the
ability to resell software which is no longer required by them
• In order to do this, licensees must ensure that they
– obtain a supply copy of the software
– obtain a perpetual licence
– pay a lump sum licence fee
• Licensees should consider the commercial implications of a lump
sum fee
• May not be as beneficial for sophisticated software
30. Communications Data Bill
Background
• All businesses use communications data
• Existing laws governing the retention of data apply to public
communications providers
• Draft Communications Data Bill will permit ‘authorised body’ to
order a telecommunications provider to generate, collect, retain
and disclose data to authorities that may require it
31. Communications Data Bill
What does the Communications Data Bill provide for?
• Secretary of State has power to:
– ensure communications data is available from
telecommunications operators by public authorities; or
– otherwise facilitate availability of communications data
32. Communications Data Bill
Who is a telecommunications operator?
• Telecommunications operator
– person who controls or provides a telecommunication system
or provides a telecommunications service
• Telecommunications system
– ...for the purpose of facilitating the transmission of
communications by an means involving the use of electrical or
electro-magnetic energy
• Telecommunications service
– ...consists in the provision of access to, and of facilities for
making use of, a telecommunication system
33. Communications Data Bill
What is communications data?
• Subscriber data – information about those to whom a
telecommunications service is provided
• Traffic data – information identifying any person, apparatus or
location to or from which a communication is transmitted
• Use data – information about the use made by a person of a
telecommunications service or system
34. Communications Data Bill
What orders can the Secretary of State make?
• Broad powers e.g. collection and generation of data, processing
and destruction of data
• Require operators to enter into arrangements with Secretary of
State or other third parties on commercial or other basis to
enable operators to collect data
• Enforce compliance with requirements regarding specified
standards, specified equipment/systems and specified techniques
in relation to collection and retention of data
35. Communications Data Bill
Are there any protections as to how the Secretary of
State can exercise its powers?
• Few protections
• Secretary of State must consult with Ofcom and Technical
Advisory Board (established under RIPA) before issuing an
order
• However, no obligation for Secretary of State to heed any
concerns raised during the consultation process
36. Communications Data Bill
Best practice
• Businesses should prepare for the bill now
• Consider:
– change control procedures
– vendors’ technical resources to collect/retain data
– provisions to pass compliance responsibilities to outsourcing
providers
– termination rights for non-compliance or where a business
needs to change communications vendor to ensure
compliance
• Raise concerns with stakeholders and MPs