Open Source Software – A Double-edged Sword

Posted on August 26th, 2015 by



As a lawyer with experience in software licensing, I am often asked to advise on issues arising out of ‘open source’ licences. Over the last few years, it has become clear that the software development community are generally aware of the benefits of open source software, but not always the risks. On the other hand, business leaders are often very conscious of the risks, which can lead to a fear of using open source software at all – missing out on the substantial benefits it can offer. By striking the correct balance, businesses can obtain the benefits that open source software has to offer, without unduly increasing their exposure to risk.

Open source licensing was born out of ethics and politics in the 1970s but has since become a part of the establishment, and is based on a number of criteria establishing the principle that anyone should be free to use, modify, and share open source software. Open source software licences are therefore designed to protect the freedom:

–  to run the software for any purpose;

–  to study how the software works and adapt it;

–  to redistribute copies of the software; and

–  to improve the software and allow others to use those improvements.

Whilst ensuring that anyone can use the open source code, the way these criteria are implemented can sometimes be a limiting factor in what can ultimately be done with products containing or derived from such code. Recognising those limitations is important if the software is to be used in a compliant way. When the implications of non-compliance can include costly court battles, it is certainly worth getting it right from the outset.

Benefits:

Open source software has many benefits associated with its use. Ready access to the source code means that open source software is often highly adaptable and customisable. Because it can be adapted to work on new hardware as and when it becomes available, it will not generally become obsolete merely because the hardware for which it was originally designed becomes outdated – as can happen with proprietary software when the developer decides that support is no longer commercially viable. Open source products can also be customised as necessary to further meet the users’ own particular needs, and the software tools needed to do this tend to be freely available online.

Many open source projects are peer-reviewed, which can result in products of equal standard to commercially-produced software. As the source code is made available to the public, bug-fixes and enhancements can readily be made by the end user community and shared with all users.

The use of freely-available tools and pre-written code elements can significantly shorten the development phase for new software, allowing the developer to make resources available to focus on enhancing its product’s functionality or aesthetics, adding value to its commercial offering. The resulting software can therefore often be made at lower cost to the end user whilst still growing profitability for the commercial developer. For those corporate end users that develop software for their own internal use a substantial benefit is the ability to eliminate scale-costs, as open source software doesn’t require additional licences for a greater number of users.

Risks:

Conversely, open source software products are often made available without any warranties or guarantees, and some instances may infringe upon third party intellectual property rights. This can be a major issue, although there are often legal solutions available.

Lack of knowledge within software development and procurement functions can sometimes mean that businesses will use open source software without full awareness of the consequences, saving up potentially serious issues for later. For example, if a developer wishes to create software containing or derived from code distributed under open source terms, care must be taken as to the precise licence terms upon which the open source code is obtained. Under certain licences, a ‘copyleft’ effect may mean that the distribution of the resulting product may require the developer’s own source code to be made public – often known as ‘contamination’, ‘tainting’, or ‘freeing’. Even where this effect does not occur, businesses may accidentally breach the terms of the open source licence if they are not fully aware of its terms.

Safeguards:

Before using open source software products, organisations should conduct a legal review of the relevant licence in conjunction with a technical review of the product and its proposed use to determine:

– how the open source code will interact with any closed source code;

– whether the open source licence requires redistribution of any closed source code that is to interact with the open source code; and therefore

– whether the organisation can comply with the licence terms imposed by the open source licence and still do what it needs to do with the software.

It is still the case that many businesses do not have processes in place to monitor and govern their use of open source software, and clients are increasingly asking us to recommend appropriate safeguards. Just because software is available for free or gratis, doesn’t mean it has no cost or can be used without restriction. We generally recommend that organisations maintain a policy for procuring and using open source software, deciding which applications will be supported by open source software, and identifying the intellectual property or supportability risk associated with using open source software.

The purpose of effective open source software governance should be to establish a practical mechanism which enables an organisation to make sensible decisions on the use of open source software within its operations, provides answers to common open source related questions that arise, and allows the business to reap the significant rewards that open source software can offer, whilst minimising legal risk.

For further information on how you can safeguard your business against open source risks, feel free to get in touch.

 

.............................................................................................................................

Supply Chain Transparency – New Legal Obligations

Posted on August 18th, 2015 by



Over the past few years there has been an increased focus by enterprises large and small on corporate social responsibility, and there has been a substantial growth in social enterprise. It is clear that the impact of business on human society (at the macro level) and community (on a smaller scale) is becoming increasingly important to businesses which need to be seen as ethical to satisfy their customers, as well as to satisfy their own ‘corporate consciences’.

This shift towards ethical commercial practices has also been reflected in legislation. It is now just over five years since the introduction of the Bribery Act 2010, which required businesses to put in place adequate procedures to prevent themselves and their suppliers from acting in an improper manner. This is not just a point of interest for compliance functions, but for anyone dealing with contract negotiations. The impact of this legislation will not have escaped your notice as customers seek contractual assurances from suppliers (and vice versa) that they act in accordance with the law, and ethical business practices more generally.

Earlier this year, the government passed the Modern Slavery Act 2015, which makes provision regarding slavery, servitude and forced/compulsory labour, as well as human trafficking. Whilst at first glance many organisations may be tempted to assume that the new law will have no real relevance to their business, this may prove to be an unsafe assumption.

Section 54 of the new Act will apply to any commercial organisation that supplies goods or services and has a total turnover meeting the threshold set by government, and will require such organisations to prepare a ‘slavery and human trafficking statement’ for each financial year. ‘Commercial organisation’ in this context refers to any corporate body or partnership which carries out business in the United Kingdom, whether or not it is registered there. There is no requirement for a minimum footprint, so any commercial organisations doing business in the UK will be affected if they meet the threshold.

On 29th July, the government published its response to consultation stating its intent to set the threshold at £36m, and to bring the provision into force in October this year. The government determined that businesses with this level of turnover would have the influence (e.g., purchasing power) to drive change in supply chains, and it is also the figure used in the Companies Act 2006 to define large businesses. There is no requirement for this turnover to derive from the UK element of the business, and it can therefore be taken to refer to global turnover of the commercial organisation.

Therefore, from October 2015, it will be a requirement on all commercial organisations doing business in the United Kingdom and having a turnover of not less than £36m to prepare an annual report describing what steps they have taken to eliminate modern slavery from their supply chains and their own businesses. It is worth noting that it remains open for the Secretary of State to adjust this threshold, and it may be reduced in the future.

According to the new Act, a slavery and human trafficking statement may (and arguably should) include information about the organisation’s:

(a) structure, business and supply chains;

(b) policies in relation to slavery and human trafficking;

(c) due diligence processes in relation to slavery and human trafficking in its business and supply chains; and

(d) effectiveness in ensuring that slavery and human trafficking is not taking place in its business or supply chains, measured against such performance indicators as it considers appropriate.

The statement may also include information about the parts of its business and supply chains where there is a risk of slavery and human trafficking taking place, and the steps the business has taken to assess and manage that risk. The training available to its staff may also be described.

If your business falls within the scope of Section 54, you must publish your slavery and human trafficking statement on your website and include a link to the statement in a prominent place on your homepage.

Given that the statements must be approved by the board and signed by a director (or designated member for LLPs), it would not now be surprising to see obligations appearing on suppliers in supply and service contracts to enable customers falling within the scope of Section 54 to be able to demonstrate that they are taking steps to ensure that their supply chains are free from slavery and human trafficking.

 

For information on how Fieldfisher can help, this link contains further information.

 

 

Follow me on Twitter: @ChrisEastham1

First published at: http://www.fieldfisher.com/publications/2015/08/supply-chain-transparency-new-legal-obligations#sthash.WMBwiLxl.dpuf

.............................................................................................................................

Copyright Done Right? The Copyright Hub Goes Live

Posted on August 4th, 2015 by



The Copyright Hub was officially launched at an event in London last week. Intellectual Property Minister, Baroness Neville-Rolfe, became the first public user of the hub.

The Copyright Hub is a web platform, developed and supported by the Digital Catapult, which is designed to make it as simple as possible for people to track down and license content over the web.

The Copyright Hub can be accessed by downloading a plug-in to your web browser. If you right-click on an image on the web, and it’s an image that The Copyright Hub knows about, you’ll be instantly connected to the copyright owner.

The Copyright Hub also gives copyright owners an opportunity to control how their content is used by others. This is done by allowing copyright owners to select options for licensing content (e.g. no licence, licence for a fee or licence for an acknowledgement only).

By simplifying and reducing the costs associated with licensing, The Copyright Hub should lead to more content licensing and, as a result, higher revenue for copyright owners.

The Copyright Hub will continue to evolve over the coming months, with nearly 100 Hub Applications planned. Hub Applications are proposals by individuals and organisations on ways to use The Copyright Hub’s technology. There are 10 Hub Applications under active development, including the Mary Evans picture library and Pixelrights’ image protection.

The Copyright Hub is open source and is designed for easy use by anyone, anywhere, at no cost.

The creation of a digital licensing platform, such as The Copyright Hub, was a key recommendation of the Hargreaves Review in 2011.

The Copyright Hub’s press release is available at www.copyrighthub.co.uk/Documents/Hub-Launch-Press-Release-300715.pdf.

.............................................................................................................................

Payment method “Sofort” under attack in Germany

Posted on July 27th, 2015 by



The Regional Court of Frankfurt recently decided that using “Sofortüberweisung” (www.sofort.com) as the only free payment service on a website does not constitute a reasonable free payment method for consumers and therefore infringes German consumer protection law, which requires at least one “reasonable free payment method” (Sec. 312a Para 4 No. 1 German Civil Code).

Even though the defendant announced to appeal the decision, the judgement created quite some legal uncertainty with regard to the use of payment methods on ecommerce websites:

  • Does using “Sofortüberweisung” now pose a legal risk in Germany?
  • What payment methods are “reasonable” and therefore in accordance with consumer protection law?

The Case

In the present case the Central German Consumer Protection Agency (Bundesverband der Verbraucherzentralen) demanded a cease-and-desist declaration from the German travelling portal start.de, which is part of Deutsche Bahn AG. The portal offered its customers payment by credit card (charging an extra amount of EUR 12.90) and “Sofortüberweisung” as the only free form of payment.

The Regional Court of Frankfurt ruled that “Sofortüberweisung” cannot be regarded as reasonable free payment method because by using it the consumer would have to disclose bank account access details to a third party and agree to the retrieval of account data. Further, the court held that as “Sofort Banking” requires the consumer to enter a PIN or TAN there is a significant data security risk and an increased possibility of abuse.

The court concluded that taking these risks cannot be reasonably expected of the consumer to avoid extra charges.

Consequences

The reasoning comes a bit as a surprise. “Sofortüberweisung” already questioned the judgement by saying that after more than 100 million transactions there has not been a single PIN/TAN abuse case. Nevertheless, for now there is some risk involved when using “Sofortüberweisung” as the only free payment method.

On the upside “Sofortüberweisung” may still be used. The court expressly held that “Sofortüberweisung” still is a permissible payment method – as long as there is another “reasonable” free option for the consumer to pay: especially cash payment, EC card, or payment through transfer to a bank account.

.............................................................................................................................

Source code escrow – does it work?

Posted on July 22nd, 2015 by



Source code escrow cases are as instructive as they are rare. In the recent Filmflex v Piksel decision, Filmflex sought an injunction for delivery up of software for a video on demand platform they licensed from Piksel.

The case is amusing for the arguments Piksel threw up in an attempt to stop release of the code. It is also somewhat heartening for commercial technology lawyers as the courts were pragmatic about source code escrow release and allowed it on analysis of the contract and the facts.

Ultimately, the case provides a valuable step-through of the typical complexities around escrow arrangements and the implications when it comes to seeking deliver of source code.

Laura Witherspoon and I published an article on this in Ecommerce Law Reports, linked below with kind permission.

ECLR Vol 15 Issue 3 pg 21-23

.............................................................................................................................

Outsourcing is the answer… but what’s the question?

Posted on July 22nd, 2015 by



I have just finished reading an excellent short paper revisiting SIAM . Not unfortunately historical Thailand, but rather more prosaically “Service Integration and Management.”

The paper, “Injecting life back into SIAM” by my colleagues Rob Shooter and James Buckingham examines projects deploying a service integrator to manage other suppliers. Rob and James shed light on why some projects succeed where others fail and propose a new SIAM 2.0 model based on our experience. Do have a look at our website if you’re interested in their conclusions.

Reading the paper made be dip into the archives for a article I published in Spring on Global Business Services. For many years I have been writing about the rationale for outsourcing which is to often seen as a panacea.

In the last decade, a lot of thinking has gone into the strategy of sourcing core services resulting in mature models for outsourcing. Within these models multi-sourcing, right-sourcing or, indeed, SIAM are all options. Without some thought at the start, larger organizations risk tactical decisions on outsourcing which may not maximise benefits or may even cause barriers to smarter sourcing in the future.

Global Business Services represents a new stage in maturity of the sourcing model, mapping the core service requirements of an organization and then deciding whether options from outsourcing or shared services to resource rationalisation might best serve transformation and management of the core service.

Unlike traditional outsourcing , the approach is to ensure an overall Global Business Services framework within which sourcing options are each seen as integrated projects or services. Within this more integrated approach, organisations need a mature approach to internal governance to monitor progress towards the desired model and to continue to adapt to change and disruption.

I am perhaps a little too prone to define things by pointing out what they are not, but to me outsourcing is not a strategy. It is a tool for implementing a strategy. If outsourcing is the answer, then surely the question is “how does my organization best deliver the services it needs to in the future?”

If you want to explore these themes further, my article on Global Business Services is on my LinkedIn profile (https://www.linkedin.com/pulse/global-business-services-aligning-outcomes-strategy-simon-briskman?trk=prof-post).

.............................................................................................................................

Acceptance by conduct – Execution isn’t everything

Posted on July 7th, 2015 by



The Commercial Court in Reveille Independent LLC v Anotech International (UK) Ltd [2015] EWHC 726 (Comm) has found that a party accepted a contract by its conduct, even though the contract specifically stated that it was not binding on that party until it was signed. The decision highlights the potential risks involved in commencing work prior to contract execution.

Background

The claimant, a US television company, brought a claim for damages for breach of contract against the defendant, a UK cookware distributor. According to the claimant, it had entered into a binding contract with the defendant, under which the claimant agreed to licence certain intellectual property rights to the defendant and agreed to integrate and promote the defendant’s cooking products into episodes of the MasterChef television series. In exchange for the claimant providing such services, the defendant agreed to pay the claimant certain amounts.

The alleged binding contract was in the form of a “deal memo”. Following negotiations, the defendant returned a signed version of the deal memo to the claimant, but with the words “Branding conflict with Gordon Ramsay to be concluded and with other minor amendments” written on it (“Brand Conflict Term“). The deal memo stated that it was not binding on the claimant until signed by both parties (“Signature Term“).

The deal memo was intended to be replaced by long form agreements, but negotiations between the parties broke down. The claimant subsequently wrote to the defendant treating the deal memo as repudiated.

The claimant alleged that the deal memo constituted a binding contract and that it was entitled to damages for breach of contract as the defendant had failed to pay for the services provided by the claimant under the contract.

The defendant alleged that there was no binding contract as the deal memo had not been signed by the claimant nor had it been accepted by the claimant’s conduct. The defendant further argued that, even if there had been a binding contract, the Brand Conflict Term was a condition precedent, which required the claimant to stop Gordon Ramsay selling his own range of cookware products in the US, and that such condition precedent had not been fulfilled.

Decision

The Court held that the deal memo was a binding contract. Although the claimant failed to establish that it had signed the deal memo, the Court found that the claimant had accepted the contract by its conduct and, as a result, had effectively waived the Signature Term (which had been incorporated for the claimant’s benefit).

In reaching its decision, the Court emphasized the fact that the claimant had clearly performed the services contemplated by the deal memo. The claimant had provided integration and promotional services to the defendant and had allowed the defendant to use its intellectual property rights. The Court stated that such evidence went a long way in establishing acceptance by conduct.

The Court also strongly emphasized the fact that the defendant had agreed to pay invoices issued by the claimant on the basis of the deal memo. According to the Court, this was an acknowledgement of the existence of a binding commitment between the parties. The Court considered that agreeing to pay the invoices was “powerful evidence” of the fact that the defendant had received notice of the claimant’s acceptance of the contract (and had therefore waived the Special Term).

The Court dismissed the defendant’s argument that the parties’ actions were simply done in anticipation of an agreement being reached. The Court acknowledged that, in some circumstances, work may be done without parties entering into a contract. However, in these circumstances, the parties’ conduct suggested that a deal was already in place.

The Court also found that the Brand Conflict Term was not a condition precedent and did not require the claimant to stop Gordon Ramsay selling his own range of cookware products in the US. The evidence suggested that both parties knew that the claimant could not comply with this obligation.   As a result, the Court found that the Brand Conflict Term simply required the claimant to take reasonable steps to stop the QVC website from using the MasterChef brand to promote Gordon Ramsay’s own range of cookware. According to the Court, the claimant would not have assumed an obligation that it could not meet and especially would not have made such an obligation a condition precedent.

Take-away thoughts

The Court’s decision highlights the importance of ensuring that a contract is properly executed before commencing substantive work. While it may be commercially necessary to take preparatory steps prior to execution, a party should be careful not to engage in conduct which clearly evidences an intention to be bound by the contract. In particular, a party should consider the consequences of agreeing to pay for work, in accordance with the provisions of the contract, prior to its execution. In these circumstances, a party may be bound by the contract (and therefore exposed to claims under the contract), even though it has not been executed and/or contains specific execution requirements.

.............................................................................................................................

New Law on the re-use of Public Sector Information (“PSI”)

Posted on July 3rd, 2015 by



This week saw the publication of the new Re-Use of Public Sector Information Regulations which will come into force on 18 July 2015. There are some significant new changes in the 2015 Regulations which public sector bodies, certain cultural sector bodies and those interested in re-using PSI need to be aware of.

The new Regulations implement an EU Directive (Council Directive 2013/37/EU) on the re-use of PSI.

A legislative framework covering the re-use of public sector information is not in itself new, there being a previous 2003 EU Directive which had been implemented in the UK by the Re-Use of Public Sector Information Regulations 2005.

However, the legislative framework has now been updated to take into account the increased amount of data available and the technological changes that have taken place since the 2003 Directive.

It is recognised that core benefits like stimulating economic activity and increasing the efficiency and transparency of public functions are at the heart of permitting re-use of PSI. Consequently, the new law increases the rights of re-users by making re-use mandatory for most pubic authorities, setting a default charging mechanism of marginal cost recovery in most circumstances and bringing public sector museums, libraries (including university libraries) and archives within the regime for the first time.

So what’s new ?

The information below summarises the key changes that are introduced by the 2015 Regulations.

2005 Regulations 2015 Regulations
Regulations apply to public sector bodies, including local government

 

Application has been extended to include cultural sector: libraries (including university libraries), museums and archives

Only accessible information is re-usable

 

Information produced, held or disseminated within a public sector body’s public task must be re-usable (unless restricted or excluded)

Make information available

 

Make information available through open licences and machine-readable and electronic formats whenever possible

No obligation to allow re-use

 

Obligation to allow re-use of information unless restricted or excluded, or from a cultural sector body

Standard licences encouraged

 

Open, non-restrictive licences encouraged

Permits charging for re-use

 

Marginal cost pricing is the default, in most cases this will be nil for online or digital information.

Certain public sector bodies such as information providers/traders, and libraries, museums and archives may charge higher than marginal cost

Prohibits exclusive licences

 

Some cultural and other public sector bodies can use exclusive licensing

Complaints process established

 

Complaint may be escalated to the ICO who can make binding decisions on most issues, with appeal to the First-Tier Tribunal

 

So what does this mean in practice ?

Public Sector bodies

Accessible information which is produced, held or disseminated by the public sector body must be made available for re-use (unless it is otherwise restricted or excluded).

A marginal cost pricing model should be used. For many public sector bodies this will mean they are unable to raise a charge for making information available for re-use. Such bodies will be required to justify any charges in excess for marginal cost pricing.

Public Sector bodies should clearly identify what is there public task as this determines what information falls within the scope of the 2015 Regulations.

Public Sector bodies are under no obligation to release information for re-use if intellectual property rights within the relevant documents are owned by others.

Libraries, Museums & Archives

Many of the UK’s cultural sector bodies are in practice already complying with the 2015 Regulations as the approach they have adopted in relation to the production, holding or dissemination of their information is consistent with the approach required under the 2015 Regulations. For those that are not they now need to make their information re-useable.

Libraries, museums and archives will be able to charge re-users to cover the costs of collection, production, reproduction, dissemination, preservation and rights clearance of their material, and include an amount to cover a reasonable return on their investment.

Making information available under open licensing (through the Open Government Licence) is encouraged but some exclusive licensing will be permitted especially where the library, museum or archive is working with the partner on a digital access project, as this in itself increases the potential for the re-use of their information. Libraries, museums and archives have the right to decline requests for re-use although such decisions may be challenged.

Re-users of PSI

For re-users, the 2015 Regulations should make it easier to re-use public sector information. In general, any information that is accessible either because it has been published or because it has been released under UK information access legislation such as the Freedom of Information Act, should be available for re-users under an open licence.

For most re-use, charges should be at marginal cost which in many cases will equate to a nil charge.

There is no substitute for getting in to the detail of the new Regulations but do let me know if you require any assistance in assessing the impact of the new Regulations on your organisation.

Paul Barton

Partner, Public Sector Information specialist

Paul.Barton@fieldfisher.com

.............................................................................................................................

Competition and Markets Authority considering crackdown on fake online reviews and endorsements

Posted on June 30th, 2015 by



 

Back in 2013 the New York Attorney General set up a fake yoghurt shop in Brooklyn and paid reputation management firms to enhance the image of the business. The Sham yogurt shop rapidly gained accolades from reviews in far flung countries such as Bangladesh and the Philippines – despite never having existed. The problem however has never been one of American culture (apologies) and the UK needs to set its own house in order.

At the beginning of 2015, the Competition and Markets Authority (‘CMA’) called for information on online reviews and endorsements, particularly whether or not these online reviews matched up to consumers’ expectations. As a result of this, on 19 June 2015 the CMA published a report detailing its findings and announced that it is launching an investigation into a number of businesses in connection with the potential non-disclosure of paid endorsements and other concerns associated with unlawful practices. But what does this mean for businesses and consumers?  

 

CMA report – purpose and findings

The CMA call for information sought to fully understand not just how businesses collect and use consumer data, but also how data affects consumers, businesses, competition and the wider economy. Alex Chisholm (CMA Chief Executive) commented: “One of our priorities as a new authority is to take a closer look at developments and practices in growing areas such as this. We want to understand better the ways in which consumer data is used, as well as the consequences from this“.

Fast forward six months and the CMA has published its report which includes the following key findings:

  1. consumers that use online reviews find them valuable and these reviews appear to be an important source of information for consumers’ buying decisions;
  2. there have been developments in the reviews sector which have the potential to improve outcomes for customers including the development of systems which detect and verify fake reviews; identify reviews that are likely to be more helpful and enable users to flag suspicious-looking reviews themselves; and
  3. consumers that use blogs and vlogs before making a purchase find them valuable but these types of endorsements are often read by consumers for entertainment purposes.

 

What is the focus of the CMA’s investigation? 

The online review market is used by approximately more than 50% of UK adults[1] and is primarily the focus of the CMA’s investigation. In carrying out its research into this area, the CMA welcomed the pro-competitive effect of online reviews but found instances of potentially misleading practices in online reviews and endorsements including:

  1. fake positive/negative reviews posted on review sites;
  2. review sites ‘cherry-picking’ positive reviews or suppressing negative reviews;
  3. negative reviews not being posted; and
  4. businesses paying for endorsements in blogs and other online articles without this being made clear to consumers.

 

In order to combat these types of practices, the CMA will use its consumer enforcement powers to investigate a number of companies in connection with the potential non-disclosure of paid endorsements.  

At this stage, the CMA has not publicly named the businesses that are directly involved in its investigation. However, businesses that engage in this type of activity should ensure they are compliant with consumer protection law to avoid any potential action from the CMA.

 

So what should businesses do?

The CMA has published two advice notes for businesses on what they are required to do to ensure they comply with consumer protection law when publishing online reviews and endorsements. These notes relate to ‘Online reviews: giving consumers the full picture‘ and ‘Online endorsements: being open and honest with your audience‘.  

The key takeaways from these notes are:

  1. be clear with consumers about the sources of information and how they are verified; and
  2. if an endorsement/review is paid for, businesses must ensure this is made clear to consumers else they risk breaking the law.

 

If you would like to discuss how to ensure you are compliant with consumer protection law, how to ensure your competitors are not seeking an unfair advantage or the legal and commercial issues associated with the CMA’s investigation, please contact me.

[1] CMA Statistic 2015

.............................................................................................................................