Wednesday, April 26, 2017

Whatever happened to software source code agreements?

Back in the early 2000s, when instructed to draft agreements relating to the deployment of software, technology lawyers tended to deliver a cache of three documents: a software license agreement, a software maintenance agreement, and a software source code escrow agreement. Software source code escrow agreements had their genesis in days when small developers were sometimes here one day, gone the next. If a developer changed business, became insolvent, or lost key personnel, then the developer would possibly no longer be in a position to fix that software. This inability to fix a software failure could have a catastrophic effect upon a licensee’s software-supported business.
Fixing and maintaining software usually requires access to source code, which underpins software and is, unlike object code, capable of being understood by a human programmer. Original source code can involve tens of thousands of hours in creation, and so is regarded as the family jewels of software developers’ businesses. But if the developer went bust, then where would be source code be if something went critically wrong with the software?
The workaround for this was, and often still is, to place the source code into escrow with a third party. If a triggering event such as the insolvency of the developer occurred, then the source code would be released to the developer’s client. In the late 1990s and early 2000s, escrow agents included banks, law firms, and accounting firms, when it was naively assumed that whatever had been deposited into escrow was complete and would be helpful. However, source code escrow deposits were often incomplete (sometimes as a consequence of developers ultimately being unwilling to relinquish control over their main intellectual property asset), or were not periodically updated as the software morphed or improved thereby rendering the escrow deposit redundant. In addition, additional materials like programmers’ notes and lists of development tools were often not included, resulting in the task of understanding the source code, upon released from escrow, more difficult. The idea of a junior lawyer or graduate accountant/auditor looking at a list of deposited material and ticking a box once a year to confirm the material was still in the firm’s safe seems ludicrous, but this scenario occurred with surprising frequency. As a consequence of this, an industry of source code escrow agents with significant IT capability – the ability to meaningfully audit the escrow deposit – came into existence and flourished.
But all of that seems to have significantly receded. What happened?
First, in those dire circumstances where source code was released from escrow, a new developer picking up the pieces would much rather sell an entirely new platform than fix a broken one using strange source code. Subjectively, I can think of no occasion where released source code has been use to repair software. This is a commercial reality not envisaged by the prudence of lawyers recommending software source code escrow agreements.
Second, large and reputable escrow agents were (in my experience) not willing to compromise on the terms of their source code escrow agreements. Thick layers of disclaimers and indemnities made some of their potential customers wonder what they were actually getting by way of comfort.
Third, open source software code became very fashionable amongst developers. Open source software code does not need escrow arrangements by its very nature.
Finally, and most significantly, very large developers started providing esoteric solutions easily capable of extensive and bespoke modification by authorised resellers. This caused many small developers to stop using their own code, and instead work with very useful and flexible products from, for example, Microsoft, and using Microsoft’s code. Those developers might have a lot of valuable modifications to that code (especially around interoperability and GUIs, and more recently machine learning virtual assistants), but all of that is unlikely to require an escrow arrangement.
The concept of source code escrow now sounds a little old school. It still obviously happens (a Google search brings up plenty of escrow providers using AdWords to tout their services), especially for large companies with a conservative risk profile on key solutions, but not for the bulk of development projects.

 This article was originally published on lexology

Friday, April 14, 2017


On 3 February 2017, two well-known boxers, Danny Green and Anthony Mundine, had their second and, most likely, final grudge match. Television broadcaster Foxtel touted the fight to subscribers, charging $59.95 to watch the match through Foxtel’s subscription television service.
During the fight, Queensland mechanic Darren Sharpe held his smartphone up to his television screen and live-streamed the fight using the social media platform Facebook.
Facebook allows users to broadcast video live. This is often used by news outlets to cover events (notably, the extensive coverage of the Senate hearings for US President Trump’s cabinet nominees). But any user of Facebook has the same global broadcasting capability.
Mr Green’s live stream was immediately shared more than 13000 times. Many people began to follow Mr Green’s broadcast. Soon approximately 150000 people were watching the live-streaming broadcast.
Foxtel were plainly unhappy about this. During the broadcast, a Foxtel employee telephoned Mr Sharpe and asked him to cease broadcasting. This exchange was captured in the live-stream broadcast. Mr Sharpe refused to stop live-streaming and so his Foxtel account was suspended mid-broadcast. Mr Sharpe then noted on his Facebook page,
“Sorry I couldn’t play the last fight, from the bottom of my heart I really am… Foxtel’s obviously a bunch of [expletive], sorry about the language.”
Mr Sharpe realised he was in trouble very quickly the next day because of the significant media attention his actions drew. Mr Sharpe started a “GoFundMe” crowdfunding page to pay for his legal fees in the event of litigation, but as at 19 February 2017 it had only raised $3725 of a $10000 goal. (Mr Sharpe, perhaps, has no idea at least initially as to the cost of copyright litigation in Australia.)
On 13 February 2017 Foxtel announced that it would not take action against Mr Sharpe. This followed an apology published on 9 February 2017 by Mr Sharpe which appeared on his Facebook page:
“Last Friday I streamed Foxtel’s broadcast of Mundine v Green fight via my Facebook page to thousands of people. I know that this was illegal and the wrong thing to do. Foxtel and the event promoters invested hundreds of thousands of dollars to produce the fight and broadcast it. I unreservedly apologise to Anthony Mundine and Danny Green, to the boxing community, to Foxtel, to the event promoters and to everyone out there who did the right thing and paid to view the fight. It was wrong and I apologise.”
Something tells us this was not original drafting by Mr Sharpe. Mr Sharpe’s GoFundMe page now says the money he has raised will go to charity.
Mr Sharpe was lucky. Certain media reports said that Mr Sharpe would be liable for a $60000 fine and five years in jail. The truth is that the Australian Federal Police have more important things to do. In civil proceedings, Foxtel would have claimed a loss of $59.95 for each of the people who had watched Mr Sharpe’s live-streaming of the fight. If that was indeed 150000 people, then the starting point would have been damages of $9 million for lost sales. In addition, there is the case of Paramount Pictures v Hasluck [2006] FCA 1431. This is a trade mark case but is arguably good authority for additional, nominal damages for product devaluation.
Further, s115 of the Copyright Act 1968 permits “additional damages” for flagrant infringement. Mr Sharpe’s refusal to cease live-streaming the event and questioned what Foxtel’s employee and Foxtel were “going to do about it”. Mr Sharpe’s strong language on Facebook directed towards Foxtel upon his service being terminated would not have assisted him. Deterrence of similar infringements of copyright is also a factor for the award of additional damages. Additional damages is a discretionary award but in this scenario could have been very significant. In Nominet UK v Diverse Internet (No. 2) (2005) 68 IPR 131, to look at only one case, an award of damages of $810953 against the respondents was accompanied by an additional damages award of $500000 arising from flagrant infringement of copyright.
We think Mr Sharpe might have had to swallow his pride in publishing the apology on his Facebook page, but if that was the full extent of the ramifications for him, then he got off very lightly indeed.
(this article was originally published on Lexology)