24 June 1999. Thanks to DS.
C8600520
Case Name:
Court:
Ch.D (Jacob J) 11/6/99
Subject:
INFORMATION TECHNOLOGY - INTELLECTUAL PROPERTY - EUROPEAN
Descriptors:
COPYRIGHT : BREACH OF CONFIDENCE : DATABASES : COMPUTER PROGRAMS : COIN RECEIVING AND CHANGING MECHANISMS : DISCRIMINATOR : REVERSE ENGINEERING : ENCRYPTION : SPARE PARTS DEFENCE : COPYRIGHT DESIGNS AND PATENTS ACT 1988 : PUBLIC POLICY DEFENCE : RIGHT-THINKING MEMBER OF SOCIETY
Summary:
No "spare parts" defence to infringement of copyright in computer programs and database rights in case of reverse engineering. The mere fact of encryption did not make that which was encrypted confidential where there was no other relationship between the source and the de-encryptor.
Text:
Claim for damages for breach of copyright and breach of confidence. The claimants were leaders in the design and manufacture of coin receiving and changing mechanisms, which included discriminators whose function was to determine the authenticity and denomination of a coin fed into the machine. The defendants had successfully reverse engineered the claimants' most sophisticated discriminator, the Cashflow, which included an encryption system, and freely admitted doing so. The defendants' conceded that they had infringed the claimants' copyright and database right in various aspects of the Cashflow but asserted that they had a defence of a common law right to repair along the lines of that found by the House of Lords in British Leyland Motor Corp Ltd v Armstrong Patents Co Ltd (1986) AC 577, and denied breach of confidence as a matter of law rather than fact.
The issues in the case were therefore identified as follows. (i) Whether there was a common law defence to the otherwise conceded claims for copyright infringement and misuse of the data. Leyland (supra) recognised a "spare parts" defence to copyright infringement and Canon v Green Cartridge (1997) 3 WLR 13 held that any such defence should not be extended and in particular should not be extended to "consumables" such as copier cartridges. Both cases were however decided under the Copyright Act 1956, whereas the present case was concerned with the law under Copyright, Designs and Patents Act 1988. (ii) Whether the defendant's activities by way of reverse engineering amounted to a breach of confidence in law. (iii) Whether, if so, the common law defence applicable to (i) also applied to breach of confidence.
HELD: (1) The 1988 Act abolished industrial copyright and therefore there was no longer any need for a spare part exception in relation to that right. It introduced unregistered design right with, in s.213(3)(b), the "must fit, must match" exception, which would cover some spare parts but not others, depending on how necessary it was to copy. Parliament had therefore recently, specifically considered the problem of spares and, in relation to design right, it would clearly be wrong for the courts to invent any spare parts exception. (2) There was no room for a spare parts or like exception in relation to computer programs and database rights because Parliament and the European Community had clearly considered the position as to defences and had provided a complete statutory code. (Computer programs: ss.50A-C of the 1988 Act, as amended, implementing Council Directive 91/250/EEC on the legal protection of computer programs. Database rights: 1988 Act and Council Directive 96/9/EEC on the legal protection of databases.) (3) Even if this were wrong, the re-calibration activities would not be within the scope of any such defence. The Privy Council had held in Canon (supra) that the spare parts exception was an expression of overriding public policy to prevent a manufacturer from using copyright to control the after-sales market of spare parts. The test of a general public policy defence to copyright claims that, "the court should be reasonably certain that no right-thinking member of society would quarrel with the result" was not satisfied here (see Hyde Park Residence Ltd v Yelland & Ors (1999) TLR 26/4/99). The reasoning in British Leyland (supra) could be distinguished.
Those who bought sophisticated computer-controlled devices normally looked to the original manufacturer for repair and maintenance, and updating of the programs involved. Altering the machine so that it would respond to different coins was even further from the concept of repair than the supply of consumables such as the cartridges considered in Canon (supra). There was thus no common law defence available in this case. (4) The encrypted information in the Cashflow did not have the necessary quality of confidence, as the owner had the full right of ownership, including an entitlement "to dismantle the machine to find out how it works and tell anyone he pleases" (Alfa Laval Cheese Systems Ltd v Wincanton Engineering Ltd (1990) FSR 583). The mere fact of encryption did not make that which was encrypted confidential where there was no other relationship between the source and the de-encryptor. There was nothing surreptitious in taking a thing apart to find out how it was made. The recipient (the customer) was an intended recipient of the article containing the information (Attorney-General v Guardian Newspapers (1988) 3 WLR 776 distinguished). The claim based on breach of confidence was rejected.
Judgment accordingly.
Full text available online. [Copy below]
Appearances:
Michael Silverleaf QC and Richard Arnold instructed by Clifford Chance for the claimants. Mark Vanhegan instructed by Blakesley Rice MacDonald (Chesterfield) for the defendant.
References:
LTL 11/6/99 : TLR 23/6/99
Judgment:
Approved - 16 pages
CHANCERY DIVISION
JACOB J
11 June 1999
[1999] All ER (D) 600
Copyright - Infringement - Copyright in computer program and database - Defendant admitting infringement - Whether 'spare parts' defence available - Whether reverse engineering of encrypted information amounted to breach of confidence.
The claimant was a leader in the design and manufacture of coin receiving and changing mechanisms, which included discriminators whose function was to determine the authenticity and denomination of a coin fed into the machine.
The claimant had designed a new discriminator called the Cashflow, and wished for commercial reasons to reserve to itself and its approved agents the recalibration of Cashflow machines to take new kinds of coin or new variants of existing coins. It had therefore developed a data layout, a serial communications protocol and an encryption system. The defendant had succeeded in reverse engineering the Cashflow, and the claimant commenced proceedings against it claiming, inter alia, infringement of copyright and database right, and breach of confidence in relation to the encryption system. The defendant admitted acts which would amount to infringement, but, in relation to the copyright and data claims, put forward a common law 'right to repair' or 'spare parts' defence. Further, it denied breach of confidence as a matter of law rather than fact. The following points, inter alia, arose for the court's decision: (i) whether there was a common law defence to the otherwise conceded claims for copyright infringement and misuse of data; and (ii) whether the defendant's activities by way of reverse engineering amounted to a breach of confidence in law.
The court ruled:
(1) Section 19(9) of the Copyright Designs and Patents Act 1988 had the effect of retaining the common law 'right to repair' or 'spare parts' defence with respect to industrial designs, but not in relation to computer programs and database rights. The code in relation to computer programs was contained in s 50A-C of the Act, inserted by the Copyright (Computer Programs) Regulations 1992 to implement Council Directive (EEC) 91/250 on the Legal Protection of Computer Programs, and nothing in either the Directive or the Act provided for any 'repair' or update exception. In relation to the database right added to the Act pursuant to Council Directive (EEC) 96/9 on the Legal Protection of Databases, although the Directive itself admitted of a defence 'where other exceptions to copyright which are traditionally authorised under national law are involved', that provision was an option for member states to adopt by way of limitation of database rights, and s 173(2) of the Act could not be regarded as adopting such an option. Moreover, it was far from certain that the use of copyright in databases was 'traditionally authorised' in this country. There was, accordingly, no 'spare parts' or analogous defence in relation to the rights relied upon in the instant case and, in any event, the defendant's recalibration activities would not have come within the scope of such a defence. The 'spare parts' exception was founded on public policy, and there was no overwhelming public policy reason entitling those who purchased machines with discriminators to use the claimants' copyright and database rights to convert those machines for new coins; British Leyland Motor Corp Ltd v Armstrong Patents Co Ltd [1986] 1 All ER 850 </wbs/NETbos.dll?OpenRef?sk=AAELBNKA&rt=1986%7C1%3AVOLUME+850%3ACASE>, Canon Kabushiki Kaisha v Green Cartridge Co (Hong Kong) Ltd [1997] AC 728 and Hyde Park Residence Ltd v Yelland [1999] All ER (D) 272 </wbs/NETbos.dll?OpenRef?sk=AAELBNKA&rt=99D272%3ACASE> considered.
(2) In order to establish a breach of confidence the information itself had to have the necessary quality of confidence about it, and had to have been imparted in circumstances importing an obligation of confidence. In the instant case, the encrypted information in the Cashflow did not have the necessary quality of confidence, since anyone could buy the Cashflow, and anyone with the skills to de-encrypt had access to the information. Further, the encrypted information had not been imparted in circumstances importing an obligation of confidence. The mere fact of encryption did not make the encrypted information confidential, nor should anyone who de-encrypted something which was in code necessarily be taken to be receiving information in confidence; Coco v Clark [1969] RPC 41 and A-G v Guardian Newspapers Ltd (No 2) [1988] 3 All ER 545 </wbs/NETbos.dll?OpenRef?sk=AAELBNKA&rt=1988%7C3%3AVOLUME+545%3ACASE> considered.
Michael Silverleaf QC and Richard Arnold (instructed by Clifford Chance) for the claimant. Mark Vanhegan (instructed by Blakesley Rice MacDonald) for the defendant.
Kate O'Hanlon Barrister.
Judgment
IN THE HIGH COURT OF JUSTICE
CHANCERY DIVISION
11 JUNE 1999
MR. JUSTICE JACOB
This is the official judgement of the court and I direct that no further note or transcript be made
JACOB J
1. Mars are leaders in the design and manufacture of coin receiving and changing mechanisms. Such machines include discriminators whose function is to determine the authenticity and denomination of a coin fed in to the machine. Once upon a time discriminators of this general sort operated purely mechanically. They now work by using sensors consisting of coils which take a series of electrical measurements of a coin as it passes through the discriminator. There are sensors which measure the thickness, diameter, electrical resistivity and, most recently, inductance. The signals from the coils are compared with pre-determined sets of data for valid coins. This data is recorded in an electronic memory on a chip. Such a chip may be a PROM ("programmable read only memory") or an EEPROM ("electronically erasable programmable read only memory"). A PROM once programmed cannot be reprogrammed. An EEPROM can be reprogrammed to contain new data.
2. The discrimination process includes the use of algorithms (mathematical recipes) which combine the outputs of the sensors in an effective manner to ensure that each valid coin gives an ultimate set of outputs which can be distinguished from duds, foreign coins or other non-valid discs (collectively called "slugs" in the trade). Coins, even of a particular denomination, are not of course all identical. There may be variants arising from the mint (e.g. minor differences between different sorts of £1 coin or arising from a change of alloy by a mint). And coins, of course, wear. Each parameter measured therefore has to have a "window" of acceptable values. If two coins of a particular set of coinage have similar parameters then the window for each will have to be narrow. So also if there is a common form of slug which is close to a particular genuine coin. A very great deal of experimental work as well as skill and judgment is involved in determining appropriate windows for each coin of a given coinage. Mars have a vast collection of sets of coins for many countries of the world and have to keep under constant review the windows for the coins of any particular set.
3. Until about 1992 the Mars electronic coin discriminator, known as the Classic, used a PROM. So if a change of coinage were to occur and it was desired that the device should accept a new coin it was necessary to replace the PROM with a new PROM containing the data for the new coin, and perhaps new data for old coins (for instance when a narrower window was needed). This could also be done by writing to previously unused areas of an existing PROM.
4. In 1990 Mars set about designing a new discriminator which has become known as the Cashflow. The Cashflow has the ability to be reprogrammed for new coin data. It also can do other things with which I am not concerned. It uses an EEPROM. It is necessary to be able to communicate i.e. to read from and write to the EEPROM. This was not necessary or possible with a PROM. It was commercially necessary to make access difficult. For one thing, if it were possible easily to change what coins or slugs would pass the machine as genuine, that would be an open invitation to fraud. In addition to quality control considerations (which of course could affect the reputation of the Cashflow generally) Mars for commercial reasons also wanted to reserve to themselves and their approved agents the re-programming of Cashflow machines to take new kinds of coin or new variants of existing coins. I use the word "re-programming" but in the trade this activity is called "re-calibration".
5. Mars, for the Cashflow, therefore developed a data layout, a serial communications protocol and an encryption system. None of these are published directly by Mars. Mars recognised and intended that what they had done would be difficult but not impossible to "crack", i.e. that it would be difficult for some third party to work out how to communicate with the EEPROM of a Cashflow or to find out what windows were used by Mars for particular coins. Similarly the precise algorithms used by Mars are unpublished and are held within the microprocessor used in the discriminator. Mars would have liked to make it impossible for third parties to find out by reverse engineering how to re-calibrate their Cashflow discriminators, but this could not be done within a reasonable cost.
6. Mars have arranged for the alteration of discriminators in the field to be updated by a number of authorised service companies. These are independent of Mars. What they do is to hire from Mars a tool (at an ultimate cost of £99) which provides access to the EEPROMs of Cashflow machines. There is a fee of £9.50 per discriminator reprogrammed, though in some cases other amounts of about the same order are changed. A new discriminator costs about £30.00 The operators are not given all the unpublished information contained in the Cashflow machines.
7. The defendant is a small company based in Leicester which had its beginnings in the early 90s. Its moving spirits are Mr Hogan and Mr Rawding. The have developed great skills in the field of discriminators, as is clearly demonstrated by their history. They are they are approved agents for a number of companies, including Coin Controls who are also industry leaders. Last year they were given an award by BT for their work in discriminator re-programming.
8. Some time ago Teknowledge, by reverse engineering, learnt how to write to new PROMS or to write to new channels of old PROMs for updating the Mars Classic discriminators so that they can accept changes in the coinage. No complaint is made of that activity. It is also done by other companies. It is Teknowledge's activities in relation to the Cashflow which gives rise to this litigation. Only Teknowledge have, thus far, succeeded in reverse engineering the Cashflow.
9. Originally Mars claimed infringement of copyright, database right as well as breach of confidence and infringement of the rights conferred by s.296 of the Copyright Designs and Patents Act 1988. When the matter commenced before me I enquired whether it was really necessary to go in to the details of all these causes of action and the detailed technical facts relating to each one. As it seemed to me, reading their witness statements and their supplementary witness statements, neither Mr Hogan and Mr Rawding were in any way trying to hide what they had done. Mars hinted that they were "coy" but I could see no real basis for that. There is a difference between being deliberately incomplete and simply not covering everything which one's opponent would wish had been covered. More importantly it seemed clear from the witness statements (and Mr Vanhegan's excellent skeleton argument) that the real defences were not a denial of acts which would amount to infringement but a defence in relation to the copyright and data protection claims of a common law right to repair along the lines of that found by the House of Lords in British Leyland v Armstrong1, and a denial of breach of confidence as a matter of law rather than fact. s.296 seemed to add nothing to the case. I asked whether sensible concessions could be made on both sides. These were indeed made and it is much to the credit of all concerned that they were. The concessions by Teknowledge were that, subject to a British Leyland defence, it has infringed:
1. Mars' copyright and database right in the Coin Set Data by (a) reproducing lower limits and window widths in the course of developing its reprogramming software and (b) reproducing window widths in its reprogramming software and in customers' mechanisms which it has reprogrammed.2. Mars' copyright in the Discrimination Algorithms and in the Program Code which implements the Discrimination Algorithms by reproducing the Discrimination Algorithms in its reprogramming software.
3. Mars' copyright in the Program Code which implements the HII serial communications protocol by reproducing the HII message structures and contents in its reprogramming software.
4. Mars' copyright in the Program Code by making transient copies of the Code during the course of developing and operating its reprogramming software.
On that basis Mars no longer advance a case under s.296. Nor do any issues arise as to whether Teknowledge's work results in inferior re-calibration. More generally, however, Teknowledge accept that if some-one were to make a poor job of reverse engineering that could, in principle, lead to badly re-programmed discriminators and hence to security problems of the sort whereby machines would pass slugs. This point was said to be relevant to Mars' attack on the applicability of the British Leyland defence but in the end I think it is not.
10. Teknowledge also were prepared to admit for the purposes of this action that:
"it knew and understood that the Claimant had included encryption within the Cashflow device and that by so introducing such encryption the Claimant was seeking to restrict persons from assessing and analysing how the Cashflow mechanism operated, but nothwithstanding such encryption the Defendant believed at all material times that it was entitled to assess and analyse the Cashflows the subject of this action."
For some reason I could not understand, Mars were not satisfied with this admission and so Messrs Rawding and, particularly Mr Hogan, were cross-examined on the point. Their evidence merely confirmed the admission.
11. In the result, I have to decide the following points:
1. Whether there is a common law defence to the otherwise conceded claims for copyright infringement and mis-use of data.2. Whether the defendant's activities by way of reverse engineering amount to a breach of confidence in law.
3. Whether, if so, the common law defence applicable to (1) also applies to breach of confidence.
The British Leyland defence - is "re-calibration " within it?
12. The only activity of Teknowledge of which complaint is made is the "re-calibration" of Cashflow discriminators so that they will accept new, or new versions of old, coins. Complaint is not made of re-calibration done where, for some reason, a machine will no longer accept a coin it should accept and once did accept - where, for instance, somehow something has "drifted" from its intended and originally set value. I mention this because at one point a bit of Mr Vanhegan's cross-examination seemed to relate to this latter sort of "re-calibration" and Mr Silverleaf was minded to ask for leave to adduce further evidence relating to the point. On the agreed basis that the case was confined to the issue I have such stated, the further proposed evidence was unnecessary and it was not admitted.
13. Thus the question is whether the common law can override statutory rights by way of copyright and database rights to enable ultimate "consumers" and hence agents appointed by them or their behalf to adjust the discriminators to take new coins. The leading authorities on this area of law are British Leyland and Canon v Green Cartridge2 both decided under the Copyright Act 1956. In broad terms, Leyland recognised a "spare parts" defence to copyright infringement and Canon held that any such defence should not be extended and in particular should not be extended to "consumables" such as copier cartridges.
14. Before considering the point in more detail I must deal with Mars' contention that the Leyland defence has not survived the passing of the Copyright Designs and Patents Act 1988 or the amendments to that Act arising from Community Directives. It is first necessary to identify what the 1988 Act actually did in relation to copyright and industrial articles. It set out the position for the future in s.51 - essentially abolishing industrial copyright as it had become recognised under the 1956 Act. Accordingly, for the future, in relation to industrial designs there is no need for a spare part exception - there is no right from which exception is needed. The Act also introduced, by Part III, unregistered design right. In relation to that s.213(3)(b) excludes from protection:
"features of shape or configuration of an article which-(i) enable the article to be connected to, or placed in, around or against another article so that either article may perform its function, or(ii) are dependent upon the appearance of another article of which the article is intended by the designer to form an integral part."
This "must fit or must match" exception will cover some spare parts but not others, depending on how necessary it is to copy. It seems to me clear that in those circumstances Parliament has recently specifically considered the problem of spares - whereas under the 1911 and 1956 Acts it was really a legislative and judicial accident that they were covered and indeed no-one even so suggested until the 1970s. So, in relation to design right, it would clearly be wrong for the courts to invent any spare part exception. That would be to legislate.
15. As regards pre-Act works, there are transitional provisions. Schedule 1 paragraph 19, in dealing with designs (in addition to preserving the old law for 10 years only, subject to licences of right for the last 5 years) specifically provided by paragraph 19(9):
"Nothing in this paragraph affects the operation of any rule of law preventing or restricting the enforcement of copyright in relation to a design"
That has the effect of retaining the Leyland defence, which of course remained necessary in respect of pre-Act drawings for a period of 10 years. Were this not done, Armstrong and others would have had to stop making spares.
16. Thus in relation to industrial designs Parliament has specifically catered for the position in the Act. But this case is not concerned with industrial designs. The rights relied upon are computer programs, database rights and literary copyright (in the algorithms, copyright in which was not contested). Mr Vanhegan said that the common law defence extended to these too, the defence having been preserved by s. 171(3):
"Nothing in this Part affects any rule of law preventing or restricting the enforcement of copyright, on grounds of public interest or otherwise."
17. Mr Silverleaf QC for Mars contended that there was no room for a spare parts or like exception in relation to computer programs and database rights because Parliament and the European Community had clearly considered the position as to defences and had provided a complete statutory code.
18. That code in relation to computer programs is contained in ss.50A-C of the Act. These provisions were inserted by the Copyright (Computer Programs) Regulations 1992. Those Regulations were made to implement Council Directive on the Legal Protection of Computer Programs3. Nothing in the Directive, and consequently in ss.50A-C, provides for any "repair" or update exception, although a whole variety of detailed acts are permitted. Mr Silverleaf must, I think, be right about this. It is not for national judge-made laws (which may vary from country to country) to override or add to what are clearly intended to be Community wide rules. Were that not so, then there would be little point in having Directives requiring Member-States to align their laws in a specific area.
19. The same point applies, but rather differently, in relation to the database right added to the Act pursuant to the Directive on the Legal Protection of Databases.4 I say "rather differently" because the Directive itself admits of a defence "where other exceptions to copyright which are traditionally authorised under national law are involved".5 But that provision is an option for Member States to adopt by way of limitation of database rights. It can hardly be for the judges of a particular Member State of their own to act as though they are exercising the option on behalf of that State. If Parliament had wanted to adopt an option in relation to the use of database rights for updating equipment, that is a matter for it, not the judges. I cannot regard s.173 (2) as adopting such an option.
Moreover it is far from certainly the case that the use of copyright in databases (which, before the Directive, were generally protected in the UK as literary works in form of compilations) was "traditionally authorised" in this country.
20. Accordingly I conclude that in relation to the rights relied upon here, there is no spare-parts or analogous defence. Even if that were wrong, however, I further conclude that the re-calibration activities here are not within the scope of any such defence. I turn to explain why.
21. In Leyland, the House of Lords permitted the manufacture of spare exhaust systems for motor cars, notwithstanding the fact that by so doing the defendant's were indirectly copying the plaintiff s copyright drawings. It is unnecessary to go to the leading speeches in that case because they have been authoritatively analysed by Lord Hoffmann in Canon. In the latter case, the Privy Council held that the "spare parts exception" applied only where it was plain and obvious that the replacement was analogous to a repair which an ordinary purchaser of an article would assume he could do for himself without infringing the manufacturer's rights, or that the exercise of monopoly power by means of copyright would be against consumers' interests.
22. Lord Hoffmann held that the spare parts exception:
"Cannot be regarded as truly founded upon any principle of the law of contract or property. It is instead an expression of what the House perceived as overriding public policy, namely the need to prevent a manufacturer (as opposed to patents or design right) in order to control the after market in spare parts."
23. This is important. It means that the "spare parts" exception is founded on public policy and is yet another example of the general public policy defence to copyright claims which are recognised in my own judgment in Hyde Park Residence v Yelland.6 Mr Vanhegan boldly suggested that I should not follow the authoritative analysis in Canon of the speeches in Leyland. He had to so contend because such economic evidence as there is in this case (to which I refer more below) is far too sketchy to show that public policy considerations overwhelmingly override Mars' statutory rights. The test I suggested in Hyde Park, namely that "the court should be reasonably certain that no-right thinking member of society would quarrel with the result" is not satisfied, even though, as the evidence shows, some people in the trade of re-calibrating older machines think they ought to be able to do this in the case of new machines.
24. One advantage of Lord Hoffmann's analysis of the spare parts defence is that it leads to a more rational result even in the case of spares. No issues of quality arose in Leyland, but suppose the part concerned were of vital 'importance to safety - inferior brake pads for commercial aeroplanes for example (a real example, as I recall from my practice at the Bar). It is difficult to suppose that the result would have been the same, yet if one goes by property or contract concepts, one cannot distinguish between cases where it is in the public interest for the spare to be made available and where it definitely is not.
25. I therefore conclude that there is no overwhelming public policy reason entitling those who purchase machines with discriminators to use Mars copyright and database rights to convert those machines for new coins. In so holding I also bear in mind what Lord Hoffmann also said in Canon:
"It is of course a strong thing (not to say constitutionally questionable) for a judicially-declared head of public policy to be treated as overriding or qualifying an express statutory right. Their Lordships therefore think that the prospect of any extension of the British Leyland exception should be treated with some caution."
26. Lord Hoffmann pointed out that the kind of economic question involved is not really "one to be solved by broad generalisation and that the Courts are ill equipped to pronounce upon such matters". I mention that here because I heard some evidence about costs and prices. Teknowledge's prices are perhaps somewhat less than that of Mars, though it is not clear by how much in the case of Cashflow re-calibration, On the other hand, Mars have considerably greater overheads in creating and maintaining the various copyright works and databases concerned. None of these figures are precisely quantified, nor are any figures available for Mars' ongoing costs for research in to even better discriminators. Nor do I have any direct evidence from "consumers" (i.e. ultimate purchasers) as to their expectations concerning reprogramming for new coins and in particular as to whether, when buying, they "factor in" a need to go to Mars for such re-programming. Such consumers might know that earlier machines could be re-programmed by third parties, but it does not follow that they would expect this to be possible for any new machine - indeed it was not possible for some time.
27. What is clear is that the purchasers of discriminators are not the kind the ordinary consumer: they are not the ordinary man who bought an ordinary article. The example of repair by a blacksmith fastened on to by Lord Bridge in British Leyland has no compelling analogy with this case. This is so for two reasons. Firstly those who buy, or have, sophisticated devices operated and controlled by computer programs normally look to the original manufacturer for repair and maintenance, and updating of the programs involved. When they buy the article they have no expectation of a handy "computer blacksmith" for updating the program, rather they expect updates to come from the manufacturer. Secondly, altering the machine so that it will respond to different coins is, to my mind, even further from the concept of repair then the supply of consumables such as the cartridges considered in Canon. Consumables run out quickly and one expects to have to buy more. Changes in coinage have nothing to with the operation of the machine at all. One expects that something may have to be done about accepting new coins, but I see no reason why one should expect to be able freely to use the manufacturer's intellectual property rights if one wants one's machine altered.
28. Thus I conclude that there is no common law defence available in this case.
Breach of Confidence
29. Since this point was fully argued, I go on to decide it. It is a point of considerable significance to any activity involving reverse engineering - a process almost as old as man-made artefacts themselves. A reverse-engineer of any sort (whether one who intends just to copy or one who intends to learn how to make improvements) must start by examining the article, and if necessary, taking it apart to find out how it is made and works. This is true whether the article is mechanical or electrical. In the case of computer programs or chips with stored information the process may not involve physical de-construction: examination by electronic testing may do.
But it comes to the same thing. The proposition is this: that if the reverse engineer, working on an article which he has come by lawfully, discovers that the maker put in some form of encryption, then he is put on notice that the maker regards what is encrypted is confidential. So the encrypted information is to be regarded in law as a trade secret and treated as such. It is unlawful, being a breach of confidence, for anyone, without lawful excuse, to de-cipher the code. So far as I can see the contention must equally apply if the reverse engineer discovers a physical lock in the device and decides to pick that lock - anything which the maker obviously and deliberately put in the way of discovering how the thing works is enough to give rise to an obligation of confidence. Mere difficulty in doing the job is not enough - there must be some element of deliberate difficulty put in the way. Mars make no bones about the far-reaching nature of their case. In the words of their closing submissions "the issue is whether it is possible to impose confidentiality upon someone who receives information by purchasing an article in the open market."
30. I turn to examine whether the authorities support Mars' contentions. I begin with the well-known formulation of the case of action in breach of confidence by Megarry J in Coco v Clark:7
"First, the information itself, in the words of Lord Greene MR in the Saltman case on p.215, must 'have the necessary quality of confidence about it.' Secondly, that information must have been imparted in circumstances importing an obligation of confidence. Thirdly there must be an unauthorised use of that information to the detriment of the party communicating it."
This formulation has received high approval, e.g. through Lord Griffiths in Spycatcher (AG v Guardian.8).
31. So, starting with the first requirement, does the encrypted information in the Cashflow, have the "necessary quality of confidence"? I think the answer is clearly "no." The Cashflow is on the market. Anyone can buy it. And anyone with the skills to de-encrypt has access to the information. The fact that only a few have those skills is, as it seems to me, neither here nor there. Anyone can acquire the skills and anyway, a buyer is free to go to a man who has them. Mars suggest that the owner, although he owns the machine, does not own the information within it. That is too glib. What the owner has is the full right of ownership. With that goes an entitlement "to dismantle the machine to find out how it works and tell anyone he pleases" (a right recognised by Morritt J in Alfa Laval v Wincanton9).
32. In so holding, I am of course not saying that were anyone to steal the information direct from Mars, thus saving themselves reverse engineering and de-encryption, would not be liable for breach of confidence. The un-encrypted information remains confidential in the sense that in that form it has never been published. It is the sort of information which, if illegitimately taken, can give rise to the "springboard" (Roxburgh's graphic adjectival noun in Terrapin v Builders Supply10) type of the action for breach of confidence. The law of confidence merely prevents a party from taking a leap forwards by by-passing "special labours in respect of the product in order to discover its secret" (Francis Gurry, Breach of Confidence (1984)).
33. I turn to the second requirement, that of communication in circumstances importing an obligation of confidence. Mars say that such circumstances are to be inferred from the fact that the student of the Cashflow finds encryption. They say the fact of encryption is equivalent to a notice saying "confidential - you may not de-encrypt." And they go on to say that if such an express notice were given, the examiner of the machine would come under a duty of confidence. I think they are wrong on both counts. As pure matter of common sense I cannot see why the mere fact of encryption makes that which is encrypted confidential or why anyone who de-encrypts something in code, should necessarily be taken to be receiving information in confidence. He will appreciate that the source of the information did not want him to have access, but that is all. He has no other relationship with that source. Nor do the circumstances have an analogy with eavesdropping or secret long-lens photography (see Laws J in Hellewell v Chief Constable of Derbyshire11) or telephone tapping. In that sort of case the snooper not only knows he is prying into other people's business but he has used some surreptitious means to do so. There is nothing surreptitious in taking a thing apart to find out how it is made.
34. In so holding I am applying the "reasonable man" test suggested by Megarry J in Coco:
"It seems to me that if the circumstances are such that any reasonable man standing in the shoes of the recipient of the information would have realised that upon reasonable grounds the information was being given to him in confidence, then that should suffice to impose upon him the equitable obligation of confidence."
Megarry J was contemplating a case of an actual transfer of information from one man to another: this case is just about finding out information from a product on the market. I do not think doing that would be regarded as anything other than fair game for competitors.
35. I should mention here part of the speech of Lord Goff in Spycatcher (Attorney General v Guardian Newspapers12) for it was heavily relied upon by Mars:
"I start with the broad general principle (which I do not intend in any way to be definitive) that a duty of confidence arises when confidential information comes to the knowledge of a person (the confidant) in circumstances where he has notice, or is held to have agreed, that the information is confidential, with the effect that it would be just in all the circumstances that he should be precluded from disclosing the information to others. I have used the word "notice" advisedly, in order to avoid the (here unnecessary) question of the extent to which actual knowledge is necessary; though I of course understand knowledge to include circumstances where the confidant has deliberately closed his eyes to the obvious. The existence of this broad principle reflects the fact that there is such a public interest in the maintenance of confidences, that the law will provide remedies for their protection.I realise that, in the vast majority of cases, in particular those concerned with trade secrets, the duty of confidence will arise from a transaction or relationship between the parties - often a contract, in which event the duty may arise by reason of either an express or an implied term of that contract. It is in such cases as these that the expressions "confider" and "confidant" are perhaps most aptly employed.. But it is well settled that a duty of confidence may arise in equity independently of such cases; and I have expressed the circumstances in which the duty arises in broad terms, not merely to embrace those cases where a third party receives information from a person who is under a duty of confidence in respect of it, knowing that it has been disclosed by that person to him in breach of his duty of confidence, but also to include certain situations, beloved of law teachers - where an obviously confidential document is wafted by an electric fan out of a window into a crowded street, or where an obviously confidential document, such as a private diary, is dropped in a public place, and is then picked up by a passer-by"
Mars rely upon Lord Goff s reference to an "obviously confidential document" fortuitously coming into the hands of a non-intended recipient. English and American Insurance v Herbert Smith13 is an actual example of that. But this case is in no way comparable.
The recipient (the customer) is an intended recipient of the article containing the information.. There is nothing obviously confidential about the machine he gets. There is no marking "confidential" and indeed there is not even any indication of encryption. By the time one gets to find out about the encryption it is, in my judgment, far too late to impose a duty of confidence. I do not think even an express statement would work to override the buyer's entitlement to find out how his machine worked.
36. Mars relied upon three other cases, namely Francome v Mirror,14 Creation Records v News Group,15 and Shelley films v Rex Features.16 None of them come near to assisting their case. Francome was a case of evesdropping by illegal phone tapping. No-one suggested that what was said in private was other than confidential or that the recipients of the information in the illegal phonetaps did not know this. The defence, such as it was, was iniquity. Creation was a case where, on the evidence, a photographer had got himself to a place where he should not have been (and knew he should not have been). The owner of a Cashflow is in no way in an analogous position. Shelley was much the same.
37. In the result I unhesitatingly reject Mars' claim based on breach of confidence. The suggestion that either Mr Rawding or Mr Hogan were acting unconscionably is completely rejected. It follows that the third question for my decision does not arise.
38. By way of conclusion I have to say that it seems a great pity this case has come to trial. Messrs Rawding and Hogan openly told Mars that they had reverse-engineered. It seems that the parties thereafter developed unwarranted suspicions, on Mars' side to the effect that TK did not want to be appointed agents for the Cashflow except on special terms and on Teknowledge's side that Mars had no genuine intention of considering them as agents. An amicable solution was not, I think, encouraged by the letter before action, which, to my mind, was, in the circumstances, too heavy handed, for instance by its references to potential criminal activities. I hope that now that things have come into the open, it will be possible for a sensible arrangement to be reached.
1 [1986] AC 577
2 [1997] AC 728
3 91/250/EEC
4 96/9/EC
5 Art.6(2)(d).
6 2nd Feb. 1999, unrep.
7 [1969] RPC 41 at p.46
8 [1990] 1 AC 109 at p.168
9 [1990] FSR 583.
10 [1960] RPC 128)
11 [1995] 1 WLR 804 at p. 807
12 [1990] 1 AC 109 at p.281
13 [1988] FSR 232
14 [ 1984] 1 WLR 892
15 [1997] EMLR 134
16 [ 1994] EMLR 444
[End]