Mars and Bars on Software Protection

August 31, 1999

William Cook is a solicitor in the Intellectual Property andCommunications Groups at Simmons & Simmons, with particular experience inpatent litigation and advice relating to copyright and other forms of protectionof computer software.

The recent decision in Mars UK Ltd v Teknowledge (11 June 1999) raisesimportant issues for companies making goods containing computer software, inparticular concerning whether those companies can keep that softwareconfidential. The Financial Times for example reported that the decisionrepresented ‘a potentially very dangerous erosion in the rights’ of suchcompanies. Whilst it is true that the judgment will require manufacturers makingarticles embodying non-application software to take careful precautions if theywish to maintain the confidentiality of such software in the future, whetherrights have been ‘eroded’ by the judgment depends upon whether companies hadthose rights in the first place: that is, whether they took sufficientprecautions against dissemination of the software. The judgment highlights andclarifies this area of the law, and by applying fundamental principles ofcontractual and confidentiality law, companies with an interest in this areawill be able to refine their operating practices to maximise the chances ofkeeping their software confidential.

The Facts in Mars

Mars is a leading company in the design and manufacture of vending machines,which include discriminators to determine the authenticity and denomination ofcoins fed into the machine. These discriminators work by using sensors whichtake a series of electrical measurements of a coin fed into the machine,measuring various dimensions and properties of the coin. Using software writtenby Mars and contained within each vending machine, these measurements are thencompared with pre-determined sets of data for valid coins, which are held onmemory chips within the machine.

In particular, the discrimination process includes the use of algorithmswhich combine the output of the sensors in the discriminators to ensure thateach valid coin gives a set of outputs which can be distinguished from non-validcoins and discs (termed ‘slugs’ in the trade). Mars expended a great deal oftime and effort in developing these particular algorithms for use in theirmachines, as well as the software which puts them into practice. In particular,they factored in the possibility that there may be variants arising from thesame mint of the same (valid) coin, and the possibility that there is either asimilar size coin in circulation in a neighbouring country or a common form ofslug which is close to a particular (valid) coin.

It was commercially necessary for Mars to be able to re-programme theirvending machines so that, from time to time, they could take new kinds of coinor new variants of existing coins. For commercial reasons Mars wanted to reserveto themselves and their agents the ability to carry out this ‘re-programing’(or, more colloquially, ‘re-calibration’). Therefore, Mars developed a datalayout, serial communications protocol and encryption system for its machines,none of which it published directly. The purpose of the encryption system was tomake it very difficult for any third party to work out how to communicate withthe memory chip within the vending machine so as to ‘reverse engineer’ theproduct to ascertain the algorithms and other software held within the machine.When necessary, Mars and its authorised agents could then re-programdiscriminators within the machines, for a fee. However, Mars recognised that itcould not (without unreasonable cost) make it impossible for third parties toreverse-engineer the machines in order to re-calibrate them.

Teknowledge successfully reverse-engineered Mars’ vending machines,circumventing the encryption, in order to re-calibrate them. Mars objected tothese activities, claiming (amongst other things) that Teknowledge infringed itscopyright and misused its confidential information in the software embeddedwithin the vending machines.

Can Software Owners Keep Software Confidential by Encryption?

An interesting question presents itself: is it possible to imposeconfidentiality upon someone who receives information by purchasing an articlein the open market? Mars argued in Mars UK Ltd v Teknowledge thatpurchasers of their vending machines received Mars’ confidential informationin the form of the software and algorithms contained within those machines.Anyone attempting to reverse engineer the vending machine (and the software)would discover that Mars had put in encryption to protect the software, andwould then be put on notice that the maker regards what is encrypted asconfidential. Mars argued that the encrypted information should therefore beregarded in law as a trade secret and treated as such, and that it is a breachof confidence for anyone to decipher the code without consent.

At first glance, this argument is attractive: if a manufacturer usesconfidential information in the form of software within its products, and thepurchaser of the machine does not need to know about or understand the softwarein order to use that product, it seems unjust that the purchaser can use theconfidential information freely without further consent from the manufacturer.However, to analyse the legal position further, it is useful to consider thethree requirements of breach of confidence cases.

  • Firstly, the information itself must have the necessary quality of confidence about it. This means that the information must not be publicly known or available to the public, and should have been kept confidential by the owner of the information, or the previous recipients of the information under conditions of confidentiality.
  • The information must be disclosed in circumstances which import an obligation of confidence. This means that, before and at the time of disclosure, the disclosing party must make it clear that the information is confidential and that the recipient should not disclose it to anyone or use it other than as permitted by the disclosing party.
  • There must be an unauthorised use of that information to the detriment of the disclosing party. This use can include either an unpermitted further disclosure to a third party, or an unpermitted use of the information.

This three-part test was initially formulated in 1969 in Coco v Clark[1969] RPC 41, and has more recently received approval in the House of Lords inthe Spycatcher case, AG v Guardian [1990] 1 AC 109).

As to the first requirement, the judge in Mars considered that thesoftware in Mars’ vending machines did not have the necessary quality ofconfidence, as the products were available to the public on the open market.Crucially, as each purchaser of such machines has a full right of ownership, thejudge found that each such purchaser has an entitlement to dismantle the machineto find out how it works and tell anyone he pleases. The judge found itimpossible to hold that that information was then confidential.

On the particular facts in Mars, it followed that the confidentialinformation case could not get off the ground as this first requirement was notsatisfied. However, it could easily be satisfied in certain circumstances: themanufacturer could make it clear before and at the time of sale of each machinethat it contains confidential information of that manufacturer, that theinformation is encrypted and that it is a condition of sale that should anypurchaser break such encryption they are prohibited from further disclosing theinformation or using it for any purpose whatsoever. Such terms could also beincorporated in a contract, provided that means could be found for giving thebenefit of the contract where the manufacturer is not a party to the supplytransaction. In particular if the Contracts (Rights of Third Parties) Bill,which is currently before Parliament, becomes law in its current form, anon-party will have the right to enforce a term in a contract as long as thecontract provides that he may and confers the benefit upon him.

In relation to the second requirement, Mars argued that the circumstancesimporting an obligation of confidence are to be inferred from the fact that anyreverse engineer of the vending machines finds encryption. They said that thefact of encryption amounts to a notice saying ‘confidential – you may notde-encrypt’. However, the judge was not impressed by this argument: he saidthat all the reverse engineer would take from the fact of encryption was thatthe source of information did not want him to have access, not that he receivesthe information in confidence. If the reverse engineer cracks the code, there isno obligation in confidence. In doing so, the judge rejected Mars’ argumentsbased on the Spycatcher case that it is settled law that a duty ofconfidence may arise where an obviously confidential document is dropped in apublic place and is picked up by a passer-by. The judge distinguished Spycatcheras relating to an obviously confidential document fortuitously coming into thehands of a non-intended recipient, whereas on the Mars facts therecipient (being the customer) is in fact an intended recipient.

In doing so, the judge relied on the fact that there is no marking on themachine itself that the contents are ‘confidential’, and no indication ofencryption. By the time a purchaser finds out about the encryption, the machinehas been purchased and this is, in the judge’s view, far too late to impose aduty of confidence. So how should a manufacturer in Mars’ position impose theobligation of confidence? If the machine itself is clearly marked confidential(in relation to software included) and indicates that the confidentialinformation is encrypted, and if the salesmen of the machine andmarketing/promotional literature also make it clear that the machine containsconfidential information which can be neither used nor disclosed for anypurpose, this second requirement may be satisfied: the necessary conditions ofconfidentiality may be present.

However, the judge in Mars went on to say that he did not think thateven an express statement would override the buyer’s entitlement to find outhow his machine worked, and this must be correct. However, the judge went on tosay that the buyer should also be able to tell anyone he chooses, and he reliedon Alfa Laval v Wincanton [1990] FSR 583 to support this statement. Thismay have been true on the facts of the Mars case, but in Alfa LavalMorritt J held that the buyer has the right to tell anyone he chooses only inthe absence of specific contractual provision (or any applicable intellectualproperty right). Therefore it is important that the warnings aboutconfidentiality made before and at the time of sale must be sufficient to form acontractual obligation binding the buyer.

In Mars v Teknowledge, the judge ‘unhesitatingly’ rejected Mars’claim based on breach of confidence. Unless relevant companies give appropriatewarnings at the right time (to impose contractual obligations ofconfidentiality), the judgment does cause concern. In the absence of aprotection of contractual or confidentiality law, the software owner will haveto rely on its rights in the copyright of the software, and (possibly) patentrights. Copyright law may be insufficient in some cases because it protects thesource and object code of software, as well as (to some extent) the structure,sequence and organisation, rather than the concept behind it. Patent protectionis more suitable for this, although under the present law it is not possible topatent computer programs as such in Europe or the UK.

Patenting Software in Europe and the UK

Both the European Patent Convention and the English legislation prohibits thepatenting of computer software as such. But only ‘as such’. It has been thepractice of the European Patent Office (EPO) to grant patent applicationsreferring to and utilising computer software as long as there is a ‘technicaleffect’: that is, the patent has an effect other than within the particularprogram with which it is concerned. For example, a claim may be allowed by theEPO for a manufacturing machine programmed to function in a certain way bysoftware, even where the software itself is the only novel aspect of theinvention. The UK Patent Office follows the same practice (although it processesand grants far fewer applications than the EPO), a fact confirmed by a practicedirection issued on 19 April 1999 relating to the form of claims allowable forsoftware patents.

As such, software patents are generally available in Europe and have been foryears, just as they have been available in the USA (for example, when claimed ina form which incorporates a permanent storage medium). Software patents in theUS however are much more widespread, and as a result US industry expects them tobe available elsewhere. This is the reason that a large proportion of softwarepatents applied for in the EPO are applied for by US companies – it isinstilled in their corporate consciousness that such patents are available.European companies should take note and review their own filing strategies.

Further, there are legislative changes in the pipeline which may rendersoftware patents much easier to obtain in Europe. The European Commission’sproposals for harmonising the law and practice concerning software patents wereexpected to be published in May/June this year: other crises have overtaken theCommission this year, and their proposals are now expected in September or soonthereafter.

Claims for Infringement of Copyright in Software

Copyright exists in computer programs as literary works, and it is aninfringement of copyright where lines of programming language (either source orobject code) are directly copied and reproduced. Conversely, the general idea orconcept behind a program is not protectable by copyright where the idea orconcept is too vague or general to be a literary work. In English law, it isless settled whether the intermediate stages between idea and language, being(1) the creation of the structure, sequence and organisation of the program, and(2) the ‘look and feel’ of the program, are protectable by copyright. Putsimply, the better view, based on John Richardson Computers v Flanders[1993] FSR 497 and IBCOS Computers v Barclays [1994] FSR 275, is thatdepending on the specific nature of the program in each case there may well becopyright infringement by copying such ‘intermediate stages’.

Of course, in the non-application software field, where companies makinggoods embed computer software within those goods in order for them to operate,the issue of subsistence of copyright in the ‘look and feel’ of programs,and screen displays, does not arise. Either the software works to control themachine correctly or it does not. If companies are unable to rely on the laws ofconfidentiality or contract to protect their computer program in suchsituations, and assuming they have no patent rights in such programs, they willhave to rely on copyright law.

Reprogramming a Competitor’s Product: Permitted ‘Repair’?

The dividing line between acceptable competition and copyright infringementwhere the structure and organisation of a program is copied is not easy to fix:it depends on the facts of each case. However, the facts in Mars indicatethat there was direct copying of both the program code and algorithmsused in Mars’ software. Teknowledge admitted this, but defended the action onthe basis that their programs, written to re-calibrate the machines, would becovered by a common-law defence that a person has the right to repair a product(using designs and products which would otherwise amount to copyrightinfringement) if necessary. This ‘right to repair’ defence to copyrightinfringement was created by the House of Lords in British Leyland v Armstrong[1986] AC 577 in relation to spare parts for cars and other industrial articles.

The question the court in Mars had to consider was whether the‘spare parts’ defence to copyright infringement in British Leylandextended to alleged infringement in computer programs (a question which theHouse of Lords did not need to consider in British Leyland). Inparticular, the two questions it considered were:

  • Can the British Leyland defence be applied to computer programs?
  • If so, did the British Leyland defence cover the re-calibration activities of Teknowledge?

Is the defence available for computer programs?

The British Leyland case in 1986 recognised the ‘spare parts’defence to copyright infringement – copyright infringement as such having beenrecognised for decades in case law, the Copyright Act 1911 and in particular theCopyright Act 1956. The rationale behind the defence was that it was important,as a matter of public policy, that consumers could repair articles which theybuy without the need for reverting to the original manufacturer. Put simply, itwas against public policy in 1986 that sellers could have a monopoly in theafter-sales market by virtue of their copyright in the original article.

However, copyright in computer programs exists by virtue of the Copyright,Designs and Patents Act 1988, enacted after the British Leyland case. Thejudge in Mars had to consider whether the British Leyland defencesurvived the passing of that Act.

In relation to copyright for post-1988 industrial articles (that is, designswhich led to the manufacture of articles), the 1988 Act provides that, as aformal matter, copyright is replaced by ‘unregistered design right’. Forsuch industrial articles, the Act sets out specifically the circumstances whenspare parts are excluded from protection – basically where they ‘must fit ormust match’ the original article. These statutory provisions therefore providefor a British Leyland defence for unregistered design right, although ona different legal basis.

In relation to all pre-1988 Act copyright works (including industrialarticles), the 1988 Act provided in its transitional provisions that thecommon-law rule of British Leyland (a ‘rule of law preventing orrestricting the enforcement of copyright’) continues to apply.

Therefore, in relation to industrial designs created both before and afterthe 1988 Act, Parliament specifically catered for the retention of the BritishLeyland defence or something similar. However, in the case of computerprograms and database rights, the 1988 Act is intended to provide a completestatutory code, with ss 50A to 50C of the Act (enacted to comply with a EuropeanCouncil Directive on the legal protection of computer programs (91/250/EEC))setting out a number of permitted acts in relation to software. None of thesesections (or any provision of the Directive) provides for repair, and the judgeheld that it is not for any national judge-made laws to override or add to thosesections, as the intention of the Directive was to bring conformity to the lawacross the European Community. The judge was not willing to develop English lawout of line with Community law. He concluded that there is no ‘right ofrepair’ defence to software copyright infringement claims.

As Tecknowledge had admitted that they had otherwise copied Mars’ software,the judge held that Teknowledge infringed Mars’ copyright.

If the defence were available, would re-calibration be within it?

In case the judge was overruled on appeal on this legal point, he alsoconsidered the particular facts of the Mars case.

The British Leyland defence was created because the exercise by theoriginal manufacturer of monopoly power in the after-market in spare parts wouldbe against consumers’ interests. The defence is clearly founded on publicpolicy, and in the subsequent case of Canon v Green Cartridge [1997] AC728, the Privy Council held that such a defence should not be extended to‘consumables’ such as copier cartridges, as these are not sufficientlyanalogous to ‘repair’ to avail themselves of the defence. In doing so, thecourt in Canon held that ‘the prospect of any extension of the BritishLeyland exception should be treated with some caution’.

In the Mars case there was insufficient evidence that it was in thepublic interest for re-calibration of vending machines to be carried out byanyone other than the original manufacturer. Further, the judge held thatpurchasers of discriminators for vending machines are not ‘ordinary’consumers – he thought that those who buy sophisticated devices operated andcontrolled by computer programs normally look to the original manufacturer forrepair, maintenance and updating of the programs involved. Also, re-calibratingthe vending machine so that it responds to different coins is even further fromthe concept of ‘repair’ than the supply of consumables such as thecartridges considered in Canon. The judge thought that, on those facts,there was no reason why the manufacturer’s intellectual property should befreely used by anyone wishing to re-calibrate the machine.

The Right to Repair Patented Goods

If a manufacturer has patented his software, the ‘right to repair’defence should of course be considered under patent law. It is settled law thata purchaser of a patented article has the right to prolong the life of thatarticle, but cannot make a new article under cover of repair. The key question(from Solar Engineering v Barton [1997] RPC 537) is whether what has beendone can be fairly termed as a repair, having regard to the nature of thepatented article. This must be equally applicable to software patents as tomechanical or other patents: the position is not complicated by the statutoryhistory in the same way as is the case for the copyright analysis.

If Mars had been a patentee for its machine (including software), it seemsinevitable that the judge would have still found that re-calibration could notbe described as repair of the patented machine. What could be a described as arepair remains an open question, but bearing in mind the comments on publicpolicy in British Leyland and Canon, the concept of repair islikely to be construed resrictively. At the very least, correction ofprogramming errors should be covered – by analogy to the fact that these arespecifically included as permitted acts in relation to copyright infringementunder s€50C of the CDPA 1988.

We therefore have the curious position that, as a matter of law, there is no‘right to repair’ defence to software copyright infringement actions, butthere is a ‘right to repair’ defence to software patent infringementactions. In practice, this anomaly is less than critical bearing in mind the(understandable) scarcity of software patent actions.

Competition Concerns

UK and EC competition law should not be ignored when considering placingrestrictions on goods to be sold on the open market in Europe and the UK. If thelimitation prevents, restricts or distorts competition and may affect trade inthe UK (or EC), it will be prohibited pursuant to Chapter I of the CompetitionAct 1998 (or Article 81 of the EC Treaty). Similarly, if the restrictionrepresents an abuse of a dominant position, it will be contrary to Chapter II ofthe 1998 Act (or Article 82 of the EC Treaty).

Where a reasonable manufacturer merely relies on and defends his intellectualproperty rights, he will not be found to be anti-competitive contrary to the1998 Act or the EC Treaty. But in the absence of intellectual property rights,the key question is whether restriction of trade secrets embedded in softwareaffects competition. This will depend on the exact restrictions included, thesize and nature of the market and the purpose for which the articles includingthe software were built.

Practical Effect of the Mars Judgment: Lessons to be Learned

Although in Mars the defendant admitted copyright infringement, thesituation where a defendant has not infringed copyright in the software is quitepossible. For example, where it reverse engineered software so as to re-writethe program to achieve a program with similar goals but sufficiently differentlanguage and structure from the original to avoid copyright infringement. Inthese circumstances (and in the absence of patent rights), manufacturers mightlook to contract or confidentiality law to protect their software. Clearly, animportant aspect of the Mars decision relating to confidentiality is thatmanufacturers should set up appropriate safeguards and warnings if they wish tomaximise their chances of restricting the use of confidential informationembedded within products sold to the public. The safest way is to take thefollowing precautions, making it clear that any purchase would be conditional onacceptance of terms of confidentiality, and that (subject to any competition lawconcerns) any onward sale should be subject to similar terms.

  • Warning notices on products saying that confidential information is included, which should not be used or disclosed.
  • Similar warnings on marketing and promotional literature.
  • At the time of concluding a sale, salesmen to provide a similar warning.

Such warnings may of course be commercially unattractive. Alternatively theymay have the additional commercial benefit of adding the exotic impression ofthe acquisition of state-of-the-art trade secrets along with the products.

In these circumstances, in the event of unauthorised use of software, themanufacturer could bring an action against its buyer for breach of contract andconfidentiality. However, if the second-hand market in the products is veryactive, as a practical matter it may be very difficult and unattractive for themanufacturer to trace the relevant first buyer. In any case it will have nocontract with, and so no right of action in contract against, all subsequentbuyers. The bigger the second-hand market, the less likely is a successfulconfidence action against subsequent buyers, leaving the only remedy as damagesfrom the original buyer. If however the second-hand market is fairly limited,then provided the above precautions are taken it is possible that a breach ofconfidence action could be brought against subsequent buyers, as long as thethree requirements of the action for breach of confidence are met in each case.

The bottom line is that in practice these proposals may well be useful wheremanufacturers are selling relatively few, high-value machines, for which theycan trace the owner and location relatively easily. If they are selling highvolume, low price goods then in reality their chances of limiting theunauthorised disclosure of the information is very small. In such cases, unlessthe manufacturer can rely on copyright or patent infringement, the manufacturerwill be best served by the use of either very strong encryption or physicalmeasures preventing access to the relevant devices.

Copyright Simmons & Simmons 1999