- SAS Institute v World Programming: When does copying not breach copyright?
In the case of SAS Institute v World Programming Limited, the Court of Justice of the European Union (the "CJEU") has considered the limited extent to which certain elements of a computer program enjoy copyright protection.
SAS Institute developed software which enabled users to write and run their own application programs, using a language proprietary to the SAS System (the "SAS Language"). WPL perceived that there was a market demand for alternative software capable of executing application programs written in the SAS Language, and produced the 'World Programming System' ("WPS"), designed to enable users of the SAS System to run the scripts which they have developed for use with the SAS System on WPS. To write WPS, WPL purchased a licence to the SAS System, which included the SAS manual and systematically used and observed the software in order to replicate its functionality. At no time did WPS have access to the source code of the SAS software components, either directly or through decompilation.
SAS sued WPL for infringement of copyright:
- in the manuals to the SAS System (both through writing the WPS code and also by writing the WPS manual); and
- in the source code of the SAS System by WPL indirectly copying the SAS components by reference to the SAS manual. SAS also claimed that by making such use of its program during development of the WPS, WPL had breached the terms of its licence.
The case was referred by the English High Court to the CJEU regarding the interpretation of the Software Directive and the extent of copyright protection in computer programs.
The CJEU decision
The CJEU published its judgment in the case, finding that:
- Copyright would protect only the expression of the idea behind the computer program, and that this expression was only to be found in the source or object code of the program, or in the choice, sequence and combination of words, figures and mathematical concepts embodied within it.
- Neither the functionality of a computer program, the programming language itself, nor the format of the program's data files, were sufficient expressions of an idea to attract copyright protection. If the functionality of a computer program were protected, then it would amount to making it possible to monopolise ideas, to the detriment of technological progress and industrial development.
- It was legitimate for the purchaser of a software licence to observe, study and test the operation of the licensed software to deduce the ideas and principles behind it (so they could be copied). Any contractual terms, for example in a licence agreement, which seek to prevent such studying and observing, are automatically unenforceable.
- However, there could be copyright infringement of a user manual to the extent that the new program and its accompanying manual copy elements of the original program's manual which are the 'intellectual creation' of the author. The Court did not consider that "keywords, syntax, commands and combinations of commands, options, defaults and iterations consisting of words, figures or mathematical concepts", on their own would be sufficient "intellectual creations" to attract copyright, but the "choice, sequence and combination of those words, figures or mathematical concepts" could be protectable. It would be for the national courts to decide whether this was the case on the particular facts.
This is an important case for the software industry. Software developers and rights holders will be concerned that the judgment clearly limits the extent to which they are able to protect their computer programs and bring claims for copyright infringement. It is now clear that copyright owners cannot prevent a licensee from observing, studying and testing their computer program in order to produce a program which has similar functionality. An infringement of copyright will only occur when a substantial part of the source code or object code has been copied.
Software developers may therefore wish to consider whether other forms of intellectual property could apply to their software. For example, in some circumstances patent protection could be available.
Further clarification on the issue of copyright in program manuals will be gained once the English High Court gives its judgment on that issue.
- Cookie law enforcement: Coming soon to a website near you!
At its simplest, a cookie is a string of data (usually letters and numbers) which, by being stored on a particular device accessing a website, functions as a unique identifier for it. Cookies are responsible for much of the website functionality that is both popular and taken for granted. For example, cookies can save users the time and trouble of re-entering site preferences or delivery addresses every time they access a favourite site.
Cookies can be used for various (and sometimes multiple) purposes, but they can broadly be categorised as:
- Targeting or advertising cookies – these might be used to deliver targeted advertising to users based on their previous browsing habits
- Functionality cookies – these might be used to recognise a user when he or she returns to a website
- Performance cookies – these might be used to monitor traffic across different pages of a website to report on visitor numbers and popular pages
- Strictly necessary cookies – these include cookies that enable users to log into secure areas of a website or use a shopping cart
The amendments to the Privacy and Electronic Communications (EC Directive) Regulations 2003 came into force in the UK on 26 May 2011. However, as mentioned above, at the time, the UK Information Commissioner granted a one year moratorium on enforcement of these new rules in order to allow organisations the opportunity to develop compliance strategies to address this challenging change. During this "grace period", the Information Commissioner's Office (the "ICO") has been encouraging organisations to: (i) check which cookies and similar technologies are being used and how; (ii) assess how intrusive the use is and prioritise compliance efforts, starting with the most intrusive; and (iii) decide which solution for providing clear and comprehensive information and obtaining consent will be best in the circumstances.
The moratorium on enforcement expires on 26 May 2012. From that date, the ICO may exercise a range of regulatory powers at its disposal in relation to breaches of the new rules, including Enforcement Notices, Information Notices, and fines (Monetary Penalty Notices) of up to £500,000.
Every website is unique and standard solutions are therefore unlikely to exist. To assist, the ICO has committed to updating its formal guidance with practical illustrations as it becomes aware of more examples of compliance solutions. However, UK organisations with a website using cookies or similar technologies should be considering their compliance strategy now. In addition, the new requirement originates from an EU Directive and so organisations with a European web presence will also need to have a compliance strategy covering the EU, where the rules are being implemented on a country by country basis. So far only a small number of Member States have implemented the rules, including France and the Netherlands.
Click here for a copy of our recent PLC article on the Cookie Rules.
- HRH communicates plans for a Communications Data Bill
The Government's Draft Communications Data Bill was introduced in the recent Queen's speech as "measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public, subject to the scrutiny of draft clauses".
The purpose of the draft bill would, according to the speech, be to protect the public by ensuring that law enforcement agencies and others continue to have access to communications data so that they can bring offenders to justice.
Key elements from the draft bill include:
- Communications data is information about a communication, not the communication itself (i.e. not the content of the communication).
- Communications data includes the time and duration of the communication, the telephone number or email address which has been contacted and sometimes the location of the originator of the communication.
- The legislation would establish an updated framework for the collection and retention of communications data by communications service providers to ensure communications data remains available to law enforcement and other authorised public authorities.
- The legislation would establish an updated framework to facilitate the lawful, efficient and effective obtaining of communications data by authorised public authorities including law enforcement and intelligence agencies.
- The legislation would establish strict safeguards including a 12 month limit on the length of time for which communications data may be retained by communications service providers, and measures to protect the data from unauthorised access or disclosure.
The finer details of the bill are still to be clarified, such as the circumstances under which the authorities will be able to access such data. However, the proposals have been the subject of criticism and scrutiny due to their potential scope and data protection/privacy issues.
A statement from the Information Commissioner's Office stated:
"We are waiting to see the detail of what is proposed, including any role envisaged for the Information Commissioner. It remains our position that the case for this proposal still has to be made, and we shall expect to see strong and convincing safeguards and limitations to accompany the Bill".
Click here for a copy of the Queen's Speech Briefing Notes.
- Oracle v UsedSoft: Exhausting the sale of second-hand software licences?
The European Advocate-General Yves Bot has given his opinion on a case between Oracle and UsedSoft in relation to the resale of computer software licences.
In the case, UsedSoft resold Oracle software licences. Oracle brought proceedings against the company, arguing that its resale of these pre-owned licences for downloadable Oracle software amounted to a breach of Oracle's copyright.
Under Article 4(1) of the Software Directive (2009/24/EC), the owner of copyright in a computer program has an exclusive right over distribution to the public, although this protection is 'exhausted' following the first authorised sale of the program within the EU. UsedSoft argued in its defence that this principle of exhaustion meant that its practices of reselling second-hand software licences did not amount to a breach of Oracle's copyright. In response, Oracle maintained that the principle of exhaustion did not apply, because Oracle's customers had only been granted a right to download its software from the internet, rather than being sold a tangible object.
In his opinion, Advocate-General Bot concluded that the grant of a licence to download software is sufficient to exhaust the exclusive right to redistribution of that software. As such, the resale of a copy of computer software would be permissible, regardless of whether the software was first sold on a CD-ROM or was downloaded from the internet.
However, he also noted that the principle of exhaustion does not extend to the right to reproduce a computer program. This means that the resale of a user licence, which essentially gives the right to create further copies of the software by downloading it from the internet, could still amount to a breach of copyright.
Although the Advocate-General's opinion is not legally binding on the European Court of Justice, such opinions are generally followed by that court. If the European court adopts the Advocate-General's opinion in its judgment (due later this year), the result could have serious implications for the market in used software licences, as well as restricting the ability of software developers to prevent the onward sale of copies of their software.
Click here for a copy of the Advocate General's opinion.
- Pillage No More: Pirate Bay shark bait for Arnold J's locker
In the case of Dramatico Entertainment Ltd and others v British Sky Broadcasting Ltd and others, High Court judge Arnold J has granted injunctions ordering five of the UK's six largest internet service providers ("ISPs") to block access to the Pirate Bay website.
In July 2011, the British Recorded Music Industry ("BPI") asked Pirate Bay, a website that enables users to search for and download copyrighted films, music and software from each other, to remove content that infringed its members' copyright. The Pirate Bay did not respond. The BPI then asked the ISPs to voluntarily block access to the Pirate Bay website. The ISPs refused such a request.
Subsequently, BPI brought an action in the High Court claiming that the copyright of its members had been infringed by the Pirate Bay. The Pirate Bay's defenders argued that, like Google, the Pirate Bay did not actually host the copyrighted material. However, in that case, Arnold J found that the Pirate Bay was nonetheless guilty of copyright infringement because it actively encouraged illegal file-sharing.
In its latest action, the BPI has successfully sought an injunction under the Copyright, Designs and Patents Act 1988 ("CDPA") forcing ISPs to block access to the Pirate Bay website. To get an injunction under the CDPA, BPI had to show that the ISPs had actual knowledge of the Pirate Bay's copyright infringements. Arnold J determined that the ISPs had such knowledge because of the notifications they had received from BPI.
As part of his decision, Arnold J also considered whether or not the injunction was "proportionate." He felt that the order was necessary to protect the rights of BPI's members and that those rights outweighed the Article 10 (Freedom of Expression) rights of the users and operators of the Pirate Bay website.
Representatives of the music and film industries have welcomed Arnold J's judgement as a victory for rights holders against online copyright infringement. By contrast, the Open Rights Group has voiced its fears that blocking the website will lead to calls for further and more drastic internet censorship. However, it will interesting to see what impact, if any, this type of judgment will have on the revised "Initial Obligations Code" under the Digital Economy Act, which the Government has recently announced is expected to be published in June.
Click here for a copy of the judgment.