“Over the last four decades, as the U.S. economy has evolved from a manufacturing-based economy to an informationbased economy, corporate value has shifted from tangible to intangible assets. In 1975, 83.2 percent of the value of the S&P 500 companies resided in tangible assets and 16.8 percent resided in intangible assets. By 2009, tangible assets comprised a mere 19 percent of the S&P’s value while intangible assets comprised 81 percent of the S&P’s value. Most of the intangible asset component of corporate value is comprised of intellectual property.”1
Patents, copyrights, trademarks, and nondisclosure contracts for trade secrets are all designed to hopefully protect your IP, but are they really doing enough? This paper focuses on intellectual property in the software and technology industries and discusses the risks of relying solely on the traditional methods of IP protection without additional proactive reinforcement steps. We’ll also present three legal cases where technology companies went to trial and incurred large costs and delays due to lack of sufficient IP protection or the lack of an effective management system to capture, track, and protect their software development. To conclude, we’ll discuss a unique type of protection — Intellectual Property Escrow (IP Escrow) — and how this type of escrow service is needed to supplement your existing IP practices and defenses.
Intellectual property rights give the owners of IP the right to prevent others from using their inventions, designs, or other creations, and the right to require payment in return for others using them. The intellectual property rights system is designed to provide incentives to innovators to produce new inventions and creations. And yet, theft and illegal use of intellectual property results in unrecovered economic, social, and developmental costs. These out-ofpocket costs are much broader than profit losses to a single company or sector, and are more damaging to economic growth than may be currently understood.2
But still, intellectual property is frequently stolen or lost. Some cases involve foreign corporate espionage, while others involve employees downloading confidential files or sending them to a home email address — with the intent of using that information for personal gain.
A survey of 200 information technology and security professionals in February 2011 revealed that 65 percent do not know what files and data leave their enterprises.3 And estimates on losses from economic espionage vary widely — from $2 billion to $400 billion or more a year — reflecting the scarcity of data and the variety of methods used to calculate losses.4
Broadly speaking, any confidential business information which provides an enterprise a competitive edge may be considered a trade secret.
Economic espionage is a very real problem today. In a recent case, a Goldman Sachs programmer was charged with stealing trade secrets from his employer. Russian programmer Sergey Aleynikov came to the United States in 1990 and was hired by Goldman Sachs in May 2007 with an annual salary of $400,000 to write code for Goldman’s high-frequency trading business. After two years at Goldman, Aleynikov was lured away by a new firm, Teza Technologies, which offered Aleynikov about triple his salary. Before leaving Goldman, Aleynikov transferred the bank’s secret source code to an offshore storage site, his home computer, his laptop, and a memory device. After noticing a surge of data leaving its servers, Goldman caught Aleynikov and reported the violation to criminal authorities.5
However, three years after his arrest, and after serving one year of an eight-year sentence, Aleynikov’s conviction was reversed by the appellate court in February 2012 due to a constitutional challenge regarding the clarity of the federal criminal statute. (The facts of the coder’s secret software snatching were not in question). The Aleynikov case has tested the boundaries of the Economic Espionage Act of 1996, which makes it a crime to steal trade secrets.
Commercial enterprises can’t rely on criminal enforcement or government resources to protect their software IP because prosecutors are often constrained by assigned priorities and limited budgets, or face a difficult situation when new technologies and business processes have to be fit into older statutes that might contain gaps.6
Patents, copyrights, trade secrets, and trademarks are all forms of intellectual property that are relevant to the technology industry. And although these types of protection can be effective, it’s evident they aren’t always enough. Let’s take a look at the intellectual property rights afforded by each of these methods.
A patent is an intellectual property right granted to an inventor to exclude others from making, using, offering for sale, or selling the invention for a limited time in exchange for public disclosure of the invention when the patent is granted.7
Legal experts specializing in intellectual property state that in the area of software patents, litigation often revolves around the issue of when an idea is conceptualized. This means that a person whose patent is challenged may have to show when his idea was conceived and, in some cases, when it was put into use.
Copyright is a form of protection provided to the authors of “original works of authorship,” including literary, dramatic, musical, artistic, and certain other intellectual works. This protection is available to both published and unpublished works.8
One of the ongoing key copyright law controversies in the software industry is how the technology was created. Were the building blocks of the software in question recycled or borrowed from one or more pre-existing programs? Or were they original creations that did not use the proprietary knowledge of a prior author or owner? To own a valid copyright to a software program, a developer must be able to demonstrate that the source code was independently developed. And the best way to do this is to document the progress achieved along the way.
Broadly speaking, any confidential business information which provides an enterprise a competitive edge, has been created via investment, and has been reasonably protected may be considered a trade secret. Trade secrets encompass manufacturing or industrial secrets and commercial secrets. The unauthorized use of such information by persons other than the holder can be regarded as an unfair practice and a violation of the trade secret.9
Trade secrets are protected by nondisclosure agreements and employment law which prevent reverse engineering and information leaks such as breaches of confidentiality and corporate espionage. In trade secret cases, plaintiffs must first meet a burden of proof and show, in the best case from pre-existing records, that they did, indeed, treat the technology as confidential and proprietary.
A statistical study of trade secret litigation by five attorneys at O’Melveny & Meyers LLP confirms that in over 90 percent of trade secret cases, the alleged misappropriator was either a former or current employee or business partner of the trade secret owner. A surprising result of the study was that the misappropriators (the defendants) won on appeal more often than the trade secret owners (the plaintiffs).10 One of the core elements that trade secret owners must prove in order to prevail in a trade secret misappropriation case is whether they engaged in internal and external “reasonable measures” to maintain the secrecy of the alleged trade secret.
Regrettably, a safe business container of intellectual property is not created as easily as your IP is developed. You can’t just lock up your IP in a glass case to preserve it in the Smithsonian museum.
But what if you could? What if you could capture everything that is included in your source code management (SCM) system — not just your source code, but everything needed to create, build, and compile your software product? SCM tools help developers track the complete development history of the software, including the exact content, timing, and placement of the changes which have occurred between releases and who made those changes. SCM tools also enable collaboration, can generate version-specific release notes, and may manage technical documentation, test suites, and change notifications. Having and properly deploying a robust SCM system is a minimal standard of a mature, prudent software vendor.
The statistics on, and litigation pleadings evidencing the frequency, cost, uncertainty, and often painful outcomes of, IP theft demonstrate that better services, more rigorously deployed and managed, are needed to help strengthen and protect IP. Intellectual property owners need to create a safe business container for IP with a strategic, disciplined process, both to safeguard the IP as well as to chronicle its development.
By recording the IP development process and storing those files with an independent, long-established, and secure third party (in secure vaults instead of glass cases), you can (and should) create a better protection system for your IP. When you store this expensive-asset information with a trusted third party, the chronicle and content of its development can be preserved, available, and well managed.
Before we get into the details of how this works, let’s look at what happens when software intellectual property (too frequently) isn’t adequately protected.
Litigations are commercial autopsies. The evidence revealed in court pleadings, including internal product plans, emails, and even source code itself, regularly shows ailing, and perhaps dying, software vendors.
In this section, we’ll outline three different legal cases where the intellectual property protections initially implemented by a presumably well-meaning software developer were not enough. Insufficient IP protection or sloppy management of the software development process resulted in unsatisfactory outcomes, costs, and pace in legal battles. By reviewing these real-world cases, we can learn valuable, “portable” — from their prior pain to your later gain — lessons on both the proper protection and management of software source code and how up-front measures can help save your company from legal and financial problems down the road.
NEON Enterprise Software filed a lawsuit against IBM in 2009 over a mainframe-related product called zPrime. In its suit, NEON claimed IBM had been making erroneous statements about NEON’s software in order to shield IBM’s mainframe revenue. IBM later counter sued, saying NEON’s product amounted to an “attempted hijacking” of IBM’s intellectual property and that NEON’s business model relied on “inducing IBM’s customers to violate their agreements with IBM.” As a result of the settlement, which was announced in May 2011, NEON was permanently barred from marketing or selling zPrime. NEON was also forced to ask current users to uninstall and destroy any copies of the software. In June 2011, BMC Software acquired a range of information management system database software and related customers from NEON, in what appeared to be a distress sale by a former vendor caught in bad software IP practices.11
Here’s the behind-the-scenes look at how source code was a factor.
In NEON Enterprise Software v. International Business Machines, IBM initially was hindered in an important commercial challenge because the competitor’s source code apparently wasn’t available. At first, IBM was unable to obtain from its competitor and plaintiff NEON evidence to prove IBM’s assertion of reverse engineering of its product by NEON. Customers later suffered: the lawsuit’s sudden settlement, five days after the spoliation motion hearing, required the start-up to terminate its licenses to its customers.
Spoliation of evidence is the intentional or negligent withholding, hiding, altering, or destroying of evidence relevant to a legal proceeding. Document spoliation is the improper destruction or loss of documents potentially relevant to litigation before trial and before the opposing party has had an opportunity to review the requested information. Spoliation can include software code. To the surprise of some, NEON’s lead developer testified that he didn’t keep software development records at all. In a sworn deposition, he asserted he kept his innovative designs and coding techniques “in his noggin.” (Discovery efforts and pressures by IBM later yielded evidence of reverse engineering.)
In 2007, licensee Silicon Knights sued licensor Epic Games for alleged failure to support its video game software development engine, known as the Unreal Engine, during the plaintiff customer’s creation of the game product Too Human, supposedly causing “considerable losses.” The suit claims that Epic withheld a better version of the Unreal Engine and used licensing fees to fund the development of its own, competing game, Gears of War, rather than improve the Unreal Engine.
Epic also allegedly promised a dedicated support staff for the Unreal Engine. Silicon Knights claims that Epic promised they would split the teams into two groups: developers of Epic’s own games and an Unreal Engine support staff. Instead, various internal emails from Epic seem to imply that the development staff pulled double duty as licensee support staff.12
The lawsuit sought $58 million in damages related to the development and marketing of Too Human. While the case was proceeding to trial, Silicon Knights laid off half of its 90-person staff.13 (Epic won at trial. Large-dollar post-trial motions are now pending.)
Intellectual property owners need to create an embodiment of IP with a strategic, disciplined process for protection, both to safeguard your IP as well as to chronicle its development.
Here’s how source code management played a role. As time goes on, software design and development staffing, methods, and coding tools change in many technology companies. New bosses, business strategies, external technical standards, staffing, subcontracting, financing, and other forces can cause significant changes in software creation and records over time. And conversion from one to another SCM tool is one common scenario where supposedly internal software vendor decisions and actions can later impact external software customers.
In Silicon Knights v. Epic Games, the plaintiff game studio licensed code for internal use (i.e., in creating softwarebased products). The deliverable was a game “engine” from another such vendor. Months after the initial $750,000 software license transaction in May 2005, the customer became disappointed, claiming that the licensor misstated the quality and maturity of its code/tool.
Predictably, the litigation discovery process included detailed discovery (i.e., identification and structured disclosure to the plaintiff’s counsel and its technical expert witnesses of relevant portions of the defendant’s licensedout source code). But those years-later, down-the-road, expensive efforts by the licensor revealed problems in source code production due to an internal vendor transition from one to another SCM application.
This case about real-estate-related Web sites again shows that the failure to preserve source code can cause major complications.
Move, Inc., formerly known as Homestore.com, operated a network of real-estate-information Web sites that received 7.4 million visitors per month. A lawsuit filed by Kevin Keithley alleged that the defendants infringed on a patent for tracking customer demographic information. He claimed to have exclusive licensing rights to the patent and sought damages and a permanent injunction against Move, Inc., for using the technology.14
The court issued an order compelling that documents related to the production of source code for the defendants’ Web sites be produced. At first, the defendants said reports hadn’t been captured, but this turned out to be false. Fifteen months later, the defendants produced an estimated 480,000 hard-copy reports on a hard drive. The defendants had also claimed that a computer failure had destroyed source code information, only later to produce a CD with 220 megabytes of source code after Homestore. com’s chief information officer “had a resurgence of memory,” said the court. Another “massive quantity of source code” was located two weeks later in the drawer of a Move, Inc., engineer’s office.15
Interestingly, the defense moved for a summary judgment and won the case. Homestore.com’s attorney successfully argued that not only had no infringement occurred but also that the plaintiff’s patent was invalid based on indefiniteness.16
Expensive assertions of “the dog ate my source code” happen; patent lawsuit pleadings prove it. For example, in Keithley v. The Home Store.com, diligent digging in litigation discovery placed a focus on disclosure of inadequate software management in the defendant’s business.
NCC Group Software Resilience has acquired Iron Mountain’s Intellectual Property Management (IPM) business. For more information on the acquisition, please visit our dedicated information hub, or contact Iron Mountain IPM.