By Jake Grove
Your car now is filled with computer technology. It runs dozens of computer modules with sophisticated computer files including both software and data files. The computer modules control your automatic transmission shifting, fuel injection, air bag deployment, navigation and entertainment systems.
OEMs (Original Equipment Manufacturers) and their suppliers program the modules with computer files and protect these files with software “locks” to prevent tampering. But, often they create upgrades that are distributed to existing vehicles and pushed onto the modules through these locks to upgrade the functioning of the modules.
OEMs and suppliers need to protect these computer files against hacking, copying and other unauthorized use. As do device makers who have modules within medical devices, appliances, and other electro-mechanical devices that run computer files during their normal operation.
Following are several ways to protect the files and strategies to enforce those protections:
Protect the Files with Patents
Organizations and people protect software with patents all the time. Patents can provide broad coverage for software and the functionality it performs. But patents can be expensive to obtain and enforce, particularly in these days given the popularity of patentable subject matter challenges.
Protect the Files with Copyrights
Copyright protection is narrower than protection under patents, but is much less expensive and can be obtained quickly. Usually copyright protection is sufficient because the accused infringers are copying rather than rewriting.
Many don’t realize it, but under the law, copyright infringement can occur whenever someone loads a copy of a file from storage into RAM for typical use. This involves making an electronic copy, which is infringement if the copying is not authorized.
The copying is not authorized even when the person using the software has a license if the user exceeds the terms of the typical license by reverse-engineering, decompiling, or otherwise analyzing the files. This often trips-up competitors and infringers who don’t realize that they may be infringing in this way. They may obtain a lawful copy of computer files, but then breach the End User License Agreement (EULA) when they open the files for the purpose of reverse engineering.
One challenge with copyrights is that they must be registered with the Copyright Office as a precondition to filing a copyright infringement lawsuit in federal court. Sometimes this is tricky when there are many different versions of software, and many different software items to be protected. The copyright owner must decide on a strategy to register the copyrights it wants to enforce.
If the owner has many files or versions to copyright or if the software has multiple authors, then careful thought must be given to the registration strategy to save money and time. Normally, registrations can be obtained in six to nine months. Expedited registrations can be obtained in a week or two, but there is a hefty fee.
Also, applicants need to consider how much of the code to submit as the deposit copy. Applicants usually only submit a portion of the files and maintain the rest as a trade secret. If multiple people worked on the files, this may create ownership issues.
Finally, request that programmers add deliberate errors into the code to set a trap for infringers. Sometimes these are called “Easter eggs.” This is very helpful in court because infringers cannot explain why they copied a blatant error.
Protect the Files with Trademarks
If trademarks are on or in computer files and the infringer copies the files, this could result in a trademark infringement and unfair competition under the Lanham Act. If the trademarks are visible to end users (e.g. they appear on a screen image somewhere at some point during the operation of the software), then end users might think that the illegal copies are authorized by the trademark owner.
Protect the Files with Trade Secret Protection
Not all computer files can be protected with copyrights because they do not involve sufficient originality or creativity. But, if the files come from proprietary data collection, computation or analysis, they can qualify as trade secrets because they are useful, valuable and not readily available to the public. They can be protected as trade secrets if the owner takes some measures to protect them, such as encrypting them or storing in a secure place.
Protect the Files with Technological Measures
Technical people know various ways to protect the computer files with password schemes, handshake exchanges and the like. You should request they do this so the files cannot be accessed or activated unless an authorized user has the necessary password or key. Keep logs of exchanges with subscribers and other people accessing your computer files so you can keep track of who you are dealing with.
Protect the Files with Contracts
Often, manufacturers need to allow other parties and people to copy and use the software in an authorized way. This is common in the service environment where dealers and service technicians need to program the modules with computer files or upgrade the files on the modules.
They usually do this by purchasing a web-based subscription to computer files and upgrades from the manufacturer. In such a case, the customer accesses servers operated by the manufacturer after finalizing an agreement with detailed terms of use and making payment.
Bring Claims for Infringement
This is often the first set of claims to bring – and the core of a case: copyright infringement, patent infringement and trademark infringement.
Bring Claims for Illegal Circumvention
If you use technological means for protecting the computer files – password schemes, handshake exchanges and the like – and infringers break through or circumvent the protections to get at the files, this can constitute a violation under the Digital Millennium Copyright Act.
Bring Claims for Trade Secret Misappropriation
If your computer files are valuable and reasonably well-protected – with encryption, for example — you can bring claims for misappropriation under state statutes and now the new federal statute.
Bring Claims for Computer Fraud and Abuse
These claims can apply if the infringer is hacking into your systems to make copies or otherwise accessing your system without proper authorization. This could include posing as an authorized user or subscriber. If you include terms of use for the subscribers, this can help.
Overcome Personal Jurisdiction Challenges
Sometimes the infringers are well outside the jurisdiction — perhaps in China — and will try to evade a lawsuit in a given federal district with a motion to dismiss for lack of personal jurisdiction. You can defeat such a challenge in a variety of ways.
First, if the infringer is accessing your systems and the illegal activity (e.g. copying) happens where your system is located, then the infringer is reaching into that jurisdiction to commit a tort.
Second, make sure your End User License Agreement (EULA) has a jurisdiction term so that when the user clicks to accept the terms of the EULA, he or she agrees to jurisdiction in the place of your choice. If the infringer makes a copy of a computer file after clicking through a EULA, this can help persuade the court that jurisdiction over the infringer is proper.
Use Technical Experts Early – Even Before Filing a Complaint
Technical experts can assist you in drafting a powerful demand letter or complaint. They can also help you understand where and how the infringement is happening; develop the evidentiary basis of your case; and tap communications with the module to see what packets of information are being exchanged with the module.
In addition, technicians can provide assistance to:
-Evaluate the information to see whether it is encrypted and, in some cases, decrypt the information.
-Establish where the information may be coming from, for example a cloud server or some other specific IP address.
-Establish how the infringer is communicating with the module and whether it has a key, handshake, or other way to circumvent anti-tampering locks on the module.
If you end up in court, this kind of evidence can be very powerful. It’s especially helpful in the era of the Iqbal and Twombly cases from the Supreme Court, where plaintiffs must now plead facts establishing a plausible cause of action.
You can expect the infringer to challenge your complaint with a motion to dismiss for failure to state a claim. But if you plead facts with the assistance of an expert, you are more likely to avoid such a challenge.
Conclusion
With the advance of technology, we expect to see more devices using more embedded computers running more computer files for optimal operation in automobiles, medical devices, home security, appliances, and many other areas.
More and more, we also hear about “the internet of things” and this is it: interconnected computer-operated devices running software files. With the advances in communications technology, we expect to see increasing access to these embedded computers — wireless and otherwise.
If you don’t want to be the company whose product was hacked and driven into a ditch or whose computer files were copied and re-sold by someone else, the above considerations can provide some essential protections against copying, infringement and hacking.
(Grove concentrates his practice in patent, trademark, copyright and trade secret matters. He can be reached at jgrove@howardand howard.com.)