Focus: Communications, Media & Technology – February 2008
Federal court ruling reiterates basic steps needed to protect computer programs
In brief: In a
recent Federal Court case, a software owner was unsuccessful in taking action
against a company that was clearly making unauthorised use of its software. The
plaintiff lost, even though the software had been obtained by a former employee
who had signed a confidentiality undertaking to protect the company's
'confidential information'. Partner Michael Pattison
- Background
- Did copyright subsist in a file forming part of a CMS?
- Did copying the files infringe copyright?
- Were the JavaScript files a substantial part of the CMS?
- Was the use of the files a breach of confidence?
- What steps should be taken to protect source code?
How does it affect you?
If your business develops software then you should:
- ensure all program files contain a comprehensive copyright notice;
- make sure that software is expressly referred to in the terms of any confidentiality agreements;
- retain copies of your version releases so that they can be relied on if one of several sub-versions has been reproduced; and
- if a program's source code has to be available on the Internet for the program to operate, take whatever steps are possible to make that access as difficult as possible.
Background
Dais Studio Pty Ltd in 1999 began developing a content management system (CMS) known as 'WebStable' (the WebStable CMS). The CMS enabled a user to undertake online editing of the content and appearance of a website. Mr Petro was employed by Dais as a web developer. After leaving Dais, Mr Petro copied and made commercial use of two JavaScript files that formed part of the CMS (the table file and the editor file).
Did copyright subsist in a file forming part of a CMS?
In Dais Studio Pty Ltd v Bullet Creative Pty Ltd [2007] FCA 2054, Dais argued that each of the JavaScript files was in itself a computer program. It was acknowledged that neither of the files could perform a function in isolation; a result could only be achieved when the files were incorporated into a CMS.
Justice Jessup held that the current definition of computer program, which focuses upon bringing about a result rather than performing a particular function, does not require the program to have a set of instructions to bring about a certain result unaided or by its own doing. Each file was considered a discrete entity that added functionality to the CMS and was therefore considered a computer program subject to copyright.
Did copying the files infringe copyright?
The issue of infringement was complicated by the fact that the WebStable CMS was continuously evolving. Dais's case was conducted on the basis that Mr Petro had infringed copyright in a particular version of the CMS, as implemented in a particular client website. Dais was therefore required to show that Mr Petro had copied the files from that particular version of the software. While Mr Petro admitted that he had copied the files from a Dais website, it could not be shown from which website, and therefore which version of the CMS. As such, no infringement of copyright was found.
If Dais had been able to point to a master version of the software from which subsequent copies of the software were derived, then it may have succeeded, by showing there had been indirect copying of this master version by way of copying from a derivative version. However, indirect copying could not be shown in the case of so-called 'sibling' versions, neither of which was derived from the other.
Were the JavaScript files a substantial part of the CMS?
Substantiality is generally a question of qualitative substantiality. The court considered the degree of skill, labour, judgment and expense involved in creating the files. Quantitative substantiality was also considered. It was held by Justice Jessup that the only way to take a quantitative measure of source code is by reference to the proportion of lines of code in the whole work constituted by the part reproduced. Ultimately, the table and editor files were not a substantial part of the CMS as a whole.
Was the use of the files a breach of confidence?
The source code was found not to be confidential. In making this finding, significance was placed upon the fact that many similar files are freely available online and that an identical file could be created from scratch with relative ease. Justice Jessup also noted that no copyright or other proprietary notices had been included in the source code. This lack of copyright notices was said to show that Dais had taken no serious steps to protect the confidentiality of the files, despite the inclusion of confidentiality clauses in contracts with clients.
What steps should be taken to protect source code?
All source code files should include a comprehensive copyright notice
It will be difficult to show that source code is confidential information if no copyright notices are included within the code. Dais had failed to include any such notices in its code and the court held that this demonstrated that Dais had failed to take reasonable steps to protect its information. As such, the information was not protected by confidentiality, despite Dais ensuring that its client licences included confidentiality agreements. Appropriate notices could include details such as a synopsis of any licence under which code is distributed, a copyright notice and a list of modifications.
All confidentiality obligations should be specific
In this case, the defendant was party to a confidentiality agreement which, it was argued, extended to cover the source code. However, the court interpreted the confidentiality agreement quite narrowly and held that it did not protect the software. That was important because it is possible to obtain broader protection for software through contract than just relying on the general action for breach of confidence. The use of a generic term such as 'confidential information' in a contract is unlikely to be sufficiently specific to attract the broader protection.
A static master copy of software should be maintained
Separate copyright subsists in each version of software. In order to establish copyright infringement, a plaintiff must identify the specific work from which the defendant has copied. However, at times, the plaintiff may not know precisely which version was copied, although it was clear that the defendant did copy from one of the versions produced by the plaintiff. In such cases, it is very important to have retained an earlier (or master) version of the work from which the subsequent versions were derived. That will then allow the action to succeed based on an indirect copying of that earlier work, even if it is not possible to prove precisely which subsequent version was copied.
Avoid the use of generic file names for files used on the Internet
Many programs used to manipulate websites are written in programming languages (such as JavaScript or Perl) that are executed in their source code form rather than being compiled into an executable object code form. That means that the source code is potentially available to anyone able to locate the file containing the program on the software owner's website. This jeopardises any subsequent action for breach of confidence, since the program is potentially available to anyone who can access it from the Internet.
To maximise the prospects of protecting the software as confidential information, the files should be rendered as inaccessible to the public as possible.
The most effective method would be to ensure that all source code files are
encrypted. However, this will often be impractical. A simpler step that should
be taken is to ensure that source code files on a website are hidden and use
names that will be hard to guess. Using non-standard naming conventions will
make it more difficult for potential infringers to access files by purely
guessing the directory and file names. The use of generic and formulaic
filenames by Dais led the court to find that someone not otherwise privy to the
file names could guess them and gain access to the code via the Internet. This
in turn led to the files being considered publicly available and not
confidential.
For further information, please contact:
- Michael PattisonPartner,
Melbourne
Ph: +61 3 9613 8839
Michael.Pattison@aar.com.au - Niranjan ArasaratnamPartner,
Melbourne
Ph: +61 3 9613 8324
Niranjan.Arasaratnam@aar.com.au - Fred ChiltonPartner,
Sydney
Ph: +61 2 9230 4871
Fred.Chilton@aar.com.au - Peter JamesPartner,
Brisbane
Ph: +61 7 3334 3360
Peter.James@aar.com.au - Darren MurphyPartner,
Perth
Ph: +61 8 9488 3768
Darren.Murphy@aar.com.au - Donald HessPartner,
Hong Kong
Ph: +852 2903 6201
Don.Hess@aar.com.au
|
||||||||||||||||||||||||||||||
