Reverse engineering of competitor’s software cost company big

Companies developing software to mimic the functionality of competitors’ products should beware the broad scope of what may constitute reverse engineering. A recent federal case from the Fourth Circuit underscores this idea.

Background – the Development Process

Plaintiff SAS and defendant WPL are competitors in the market for software used to manage and analyze large and complex sets of data. Plaintiff for many years has distributed its proprietary software applications (the SAS System) that run programs written in the eponymous language SAS. WPL sought to create an application to compete with the SAS System, namely, an application it could take to market that would run programs written in SAS. It successfully developed such an application (called the WPS), and customers began dropping the SAS System in favor of the WPS.

As part of its efforts to develop the WPS, defendant obtained a license to use the “Learning Edition” provided by plaintiff – an environment designed for programmers to learn how to code in SAS. Among the provisions in the software license agreement for the Learning Edition was a restriction against reverse engineering the software.

In developing the WPS, defendant did not try to decompile the Learning Edition, or otherwise “tear it down” or “look under the hood.” Instead, it would run SAS code through both the Learning Edition and the WPS, evaluate the outputs from both systems, and tweak the C++ code comprising the WPS to get the outputs to match.

Trial Court Litigation

Plaintiff sued defendant in both U.S. federal court and the U.K. alleging a number of claims, including copyright infringement, breach of contract, deceptive trade practices, and fraud. Of particular importance was the breach of contract claim – plaintiff claimed that defendant’s method of developing the WPS, through adjusting the WPS code based on output compared with Learning Edition output – was reverse engineering prohibited under the terms of the Learning Edition license agreement.

The lower court agreed with plaintiff, and found defendant liable for breach of contract due to reverse engineering, at the summary judgment stage. The case proceeded to trial on other issues where, along with the damages for breach of contract and for deceptive trade practices, the court awarded almost $80 million in damages to plaintiff. Defendant sought review with the Fourth Circuit. On appeal, the court affirmed the lower court’s decision on the reverse engineering issue.

Appellate Court: This Was Reverse Engineering

More specifically, defendant had argued on appeal that the lower court’s summary judgment on the breach of contract/reverse engineering claim was improper because the term “reverse engineering” in the license agreement was ambiguous. Plaintiff and defendant offered competing definitions for what they thought reverse engineering ought to mean. Defendant proposed a narrow definition – essentially, that reverse engineering must have as its objective the re-creation of source code. Plaintiff, however, offered a broader definition, encompassing other efforts to “analyze a product to learn the details of its design, construction, or production in order to produce a copy or improved version.”

The differences in definitions were important – defendant had not sought to, nor did, access or copy the source code of the Learning Edition. If the definition of reverse engineering were limited to the re-creating of source code, then the development of the WPS should be okay.

But the court did not agree with defendant. Finding the language in the software license agreement to be unambiguous, the court observed that “nontechnical words are to be given a meaning consistent with the sense in which they are used in ordinary speech, unless the context clearly requires otherwise.” The court then consulted dictionary definitions for the term “reverse engineer” and also evaluated the broad vs. narrow definitions proposed by the parties in light of other prohibitions (e.g., against “reverse assembly” and “decompilation”) in the same provision of the license agreement. Simply stated, the court found that the agreement was clear on what conduct constitutes reverse engineering, and defendant’s actions fit within that scope.

SAS Institute, Inc. v. World Programming Ltd., — F.3d —, 2017 WL 4781380 (4th Cir. October 24, 2017)

See also:

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

On avoiding anxiety-inducing words in online terms of service

2507666021_6ba47b7d74_z

Are “worldwide” “perpetual” rights really necessary?

Designer/developer Robert Nealan wrote a post questioning whether self-hosted blogging is dead. The piece is interesting as a commentary on the current state of blogging in general — a state that has changed a lot in the past decade or more, primarily due to the influences of outside social platforms, namely, Twitter, and more recently, as Robert notes and critiques, Medium.

The piece is a refreshing singing of praise for self-hosted blogs (like the one you’re reading). But another, no less important element of the post is an undercurrent shaped by a not-unjustified freak out of sorts over what third party platforms’ online terms of service say about their claim of rights in the users’ intellectual property. When we look to the terms of service for some of these platforms (and even more so if we actually think about what those terms say), we recognize that platforms quite often over-aggressively grab onto rights to do things with the content the user posts. So much depends on how these terms of service are written.

Lawyers can learn a lot from the commentary like that Robert Nealan has posted. As an object lesson and example, he takes issue with Svbtle’s terms, particularly the following:

Marketing. As a paid customer, you give Svbtle a perpetual world-wide license to use your company’s assets and logos, unless Svbtle agrees in writing otherwise. These assets and logos will be used purely for marketing and sales efforts, such as being displayed on the home page.

Good practice here would might consider adopting the ethos of certain “by design” concepts we see in the privacy and data security world. Think of “privacy by design” or “security by design” — the idea that a technology developer (e.g., someone building an app) should build the system in a way that it does not keep data around for longer than what is needed, and certainly for no longer than what the developer promises its users it will.

The same could be applied here — and it seems even simpler — for platforms to adopt principles establishing they will only exercise rights in relation to users’ intellectual property for only as long as they meaningfully need to do so. Let’s call it “Appropriate Rights by Design“. Words like “perpetual” and “world-wide” can be frightening. A platform hosting users’ content probably doesn’t need such extensive rights. If that’s the case, then the platform shouldn’t grab those rights. Those terms can be a red-herring. Robert Nealan took comfort in his piece in Medium’s terms which say that users of Medium “own the rights to the content [they] post on Medium,” and that Medium “[doesn’t claim ownership over any of it.” Funny thing is, a platform that grabs a world-wide, perpetual license could truthfully say the very same thing. So by not grabbing more rights than necessary, i.e., applying principles of Appropriate Rights by Design,  platforms will avoid having users latch on to scary words unnecessarily. For as long as this happens, it’s likely users will continue to have anxiety about moving to a third-party hosted platform, and in the same way, keep a light shining on what’s good about self-hosted blogs and other platforms.

Evan Brown is a Chicago attorney advising enterprises on important aspects of technology law, including software development, technology and content licensing, and general privacy issues.

Photo courtesy Flickr user fady habib under this Creative Commons license.

When the “entire agreement” isn’t the entire agreement

EULASoftware licenses are often complex documents comprised of multiple exhibits, schedules, and terms and conditions, co-authored by lawyers, sales people and engineers. And when disputes over the use of software arise, it is, accordingly, often not simple to sort out what the agreement says. I have written a post over at my law firm’s blog about a recent software copyright infringement case where although software’s end user license agreement (“EULA”) said it was the entire agreement, the court held that it could consider evidence outside the agreement about the term of the license (how long it was for). It’s a noteworthy read to remind us that clear drafting in software and technology agreements (and any kind of agreement for that matter) is crucial.

Read the post here.

And while you’re at it, follow me on Twitter, and follow my law firm InfoLawGroup as well.