THE C O M P U T E R LAW AND SECURITY REPORT 2 CLSR

Loc" systems are exportable from the United States. Additional information on "Secur-Disk" and "Drive-Loc" can be obtained from: Ms. Kathleen A. Cara, Vice President - Sales/Marketing, Systems Management Corporation, 3135 Windjammer Drive, Colorado Springs, Colorado, 80918, Phone: (303) 594-6314 or from: Media Security Incorporated, 7222 Commerce Center Drive - Suite 240, Colorado Springs, Colorado, 80919, Phone: (303) 531-9411. But what about printouts? Screen Displays? Or even employees divulging information verbally? All the electronics in the world are not going to stop the latter! One solution is to execute confidentiality agreements with your employees, which, in addition to binding them contractually to protect your data, "sensitizes" them to the fact that the subject matter IS confidential information. In addition, it gives the company some legal alternatives should problems develop.

Game playing in the office Epyx Inc., a computer game manufacturer, recently polled 750 executives and found that 66 percent admitted that they use their office computer for something other than work; any where from 15 minutes to two hours a day. This could be playing games, writing letters, or writing resum6s --- which some 20 percent admitted doing.

Ex-ATM repairman beats bank ATM machines The Wall Street Journal recently reported that an ex-ATM repairman using a $1~00 machine recently was able to create his own ATM cards and beat several bank machines. The repairman, who is currently being sought by the U.S. Marshals for jumping bail, would watch a customer use an ATM machine to see if he could see the user enter his or her PIN (Personal Identification Number) code. Then if the customer threw out the transaction receipt (which generally contains the user's account number), he would retrieve it. Now he now had an account number and a valid PIN. Using his knowledge gained as a repairman and the machine he would encode a blank bank card with the account number and PIN. In essence, duplicating the card. Everything was fine except the "new" cards all seemed to have a flaw: while good enough to have the machines dispense money, they also caused the machines to alert the bank that something wasn't quite right with the cards. Alerted to a potential problem, the bank promptly changed the programming to have the ATM's retrieve the flawed cards. Once a flawed card was in hand, the bank had concrete evidence that a fraud was underway. The bank then changed the programming again. This time, instead of keeping the card, the machine would immediately notify them where the card was in use and monitor the ATM machine in real-time. The next time a flawed card was used, the bank dispatched its security personnel to that location and the ex-repairman was arrested.

More Trojan Horse programs Finally, there has been a Trojan Horse program floating around US bulletin boards that will alter the partition record of a hard disk preventing rebooting until you physically reformat your hard disk (FDISK not FORMAT)! The program ARC 513 COM is supposed to be a new release of an archive program. This again points out that you have to be very careful with "free" software. You should DEBUG any new program downloaded from a bulletin board, decompile it, and look for any disk write interrupts, especially if the program isn't suppose to write to diskf

Because of the growing problem of computer viruses you should be extremely cautious in putting unchecked downloaded software on company PC's. Computer viruses are programs that "infect" other programs with a series of commands that can crash systems or install back doors so unauthorised users can get in at a later date. These programs sit dormant for sometime, infecting other programs and operating systems: after sometime, all the backup discs contain the virus. If these discs are used on another system - that system too is infected. In light of these problems, maybe the old warning "Caveat Emptor" should be updated to "Caveat Downloader" for the 80's.

Bernard P. Zajac Jr, Editorial Panelist Opinions expressed herein are those of the author and do not necessarily reflect those of ABEX Corporation.

LAW REPORTS UPDATE - R E C E N T L E G I S L A T I V E A N D DEVELOPMENTS IN THE US

J U D I C I A L

"Look and feel" of Lotus 1-2-3

While Lotus continue their legal actions against Paperback and Mosaic Software, alleging copying of the "user interface" in 1-2-3, Lotus itself is now being sued by SAPC, who allege that 1-2-3's look and feel infringes the copyrights in "Visicalc." SAPC were the original developers of the Visicalc spreadsheet, the rights to which were sold to Lotus in June 1985. The present action relates to alleged infringements prior to the Lotus acquisition. The complaint also alleges that Lotus's founder, Mitchell D. Kapor, misappropriated "copyrighted and confidential" aspects of the Visicalc program, when he was an employee of a corporation which had exclusive marketing rights of Visicalc. SAPC are claiming a modest $100 million. Watch this space?

Shrink-wrap licences Following the ruling in Vault Corp. v Quaid Software (see (1987-88) 1 CLSR 35), in which the Louisiana shrink-wrap licence law was held to be pre-empted by the Federal Copyright Act, 1976, the only other State to have enacted similar legislation is now expected to fall in line. A Bill is to be introduced shortly in Illinois to repeal that State's 1985 shrink-wrap licence law.

Warranties Readers of The Report may recall the Molina Bill introduced in California in 1985 which proposed to give users the right to reject software if it failed to meet advertised claims within the warranty period ((1985-86) 6 CLSR 6). This Bill was eventually withdrawn, but now a very similar Bill has been introduced in Massachussets. This would allow dissatisfied users to obtain a refund of the purchase price and to recover damages incurred during the period of use. The Molina Bill was dropped partly as a result of an undertaking given by the ADAPSO (Association of Data Processing Service Organisations) to encourage industry to adopt a 90 day warranty giving users the right to return or exchange software products which failed to perform according to advertised claims. The Microsoftware Customer Advisory Board of ADAPSO recently issued guidelines designed to encourage software developers to offer more realistic warranties. Four reasons were given for the proposals: - "As is" warranties might be found by a court to provide

no meaningful remedies, and a customer might therefore

25

JULY - AUGUST THE COMPUTER LAW AND SECURITY REPORT

be able to recover the type of damages that would not be available were the warranty to provide reasonable redress.

- The business practice of many software companies was to provide error correction and refunds despite the fact that this went beyond their obligations under the warranty.

- Effective action taken by industry might prevent more punitive and diverse measures being introduced by US state legislatures.

- ADAPSO intends to commence an awareness programme in which users will be advised to compare warranties before purchasing micro software.

ADAPSO recommends that vendors should offer a 90 day warranty that the software will perform substantially in accordance with an easily readable specification statement (to be included with all such products), product documentation and any advertising material. Furthermore, if significant errors are discovered during the warranty period, vendors should either correct such errors, provide functionally equivalent software or a refund. The guidelines are eminently reasonable and very much in line with the practices of more organisations operating in this field. It is submitted that a similar set of proposals would not go amiss in the UK.

Software rentals In yet another legislative development, a Bill has been introduced in the House of Representatives that would require anyone renting copyrighted software to first obtain permission from the copyright owner. The purpose of the Bill is to crack down on the alleged practice of companies who induce illegal copying by letting out software at about a quarter of its list price, for the customer to copy and then subsequently return. If the Bill becomes law, then the rental organisations would find it very difficult to continue in business. It should be noted however, that this will be the third time in three years that a Bill of this nature has been introduced.

Bankruptcy issues In re: Logical Software Inc, (66 Bankr, 683) Logical Software (Logical) had, in 1984, granted to lnfosystems Technology Inc. (ITI), the exclusive distribution rights in its LOGIX software. Logical, a debtor in reorganisation proceedings under Chapter 11 of the US Bankruptcy Code, sought in this action to reject its agreement with ITI, and succeeded. LOGIX was Logical's principal asset and major source of funds available for reorganisation. At the time of the action, Logical were engaged in discussions with third parties who were also seeking to acquire distribution rights to LOGIX. The relationship between Logical and ITI had, however, been fraught with difficulties, resulting in "numerous disputes and protracted and costly fitigiation, the burdens of which were a precipitating cause of the instant case." In various disputes about distribution rights and royalty payments, Logical had recovered $5.5 million and ITI had recovered $17 million, although both cases were at the time being appealed. In view of this troublesome relationship, and the inability to agree a compromise, Logical moved for authority to reject the executory contract, specifically stating that ITl's exclusive rights were hindering negotiations with third parties for rights in LOGIX on more favourable terms. It should be noted that ITI derived its whole business revenue from LOGIX and had paid Logical a total of $450,000 in prepaid licence fees under the Agreement. The US Bankruptcy Code provides that the trustee may

assume or reject any executory contract of the debtor. As a result of the leading case of Lubrizol Enterprises Inc. v Richmond Metal Finishers Inc. 756 F.2d 1043 (reviewed by Alan Wenick in ((1986-87) 2 CLSR 4), the courts ascertain first whether the contract is executory (i.e. there are obligations flowing both ways), and if so, whether its rejection would be advantageous to the bankrupt. The court decided that the sound judgement rule required that deference be paid to the discretionary actions or decisions of corporate directors, unless such decisions were manifestly unreasonable or based on bad faith. In this case, rejection of the agreement with ITI was the only way for Logical "to extricate itself from a seemingly endless round of disputes and to obtain much needed revenues to fund a plan of reorganisation." The court in the 'Lubrizol' case recognised that rejection in such cases could "have a chilling effect upon the willingness of parties to contract with businesses in potential financial difficulty." Nevertheless, it was not prepared to indulge in "equitable considerations" as Congress had provided for the rejection of executory contracts, regardless of the obvious adverse consequences for the likes of ITI. This case underlines the special care required when negotiating licences or distribution rights from a US licensor.

Copyright issues Digital Communications Inc. v Softklone Distributing Corp. (ND GA Atlanta 86-128-A) In the latest of a fascinating series of software copyright cases, a federal judge in Atlanta has ruled that the status screen of a computer program is copyrightable. The case is particularly instructive because of its careful analysis of the previous decisions (Synercom Technology v University Computing; 452 F.Supp.1003 Kramer v Andrews 783 F.2d 421; Broderbund v Unison World; 648 F.Supp, 1127 Whelan v Jaslow 609 F.Supp, 1307), The main distinctive feature of DCI's "Crosstalk" communications program was a status screen display (also called its 'main menu') showing an arrangement of parameter terms and values, which could be amended by entering simple commands. In 1985, DCI had obtained copyright registration for its 'Crosstalk' program and manual, and shortly afterwards, a registration for its status screen as a "compilation of program terms." Also in 1985, Softktone obtained a legal copy of 'Crosstalk' and decided to develop a clone. They took legal advice on the matter and were advised that the source and object codes and the manual were copyrightable, but that use of a similar screen display to the 'Crosstalk' status screen would not constitute infringement as the screen was not copyrightable. The court first considered whether copyright protection of a computer program extended to screen displays generated by that program, The Whelan v Jaslow case had decided that copyright protection extended to a program's structure, sequence and organisation. It also found that copying actual screen displays could serve as indirect evidence of copying, but the court did not specifically state that copyright protection extended to screen displays. The court in 'Broderbund' however seems to have interpreted this as meaning that a computer program's copyright protection extends to its audiovisual screen displays. In the instant case, the judge found such a conclusion to be "overexpansive" and rejected the proposition by concluding that copyright in the 'Crosstalk' program was not infringed by the defendant's copying of the status screen. The plaintiff's second contention was that copying of the status

26

THE C O M P U T E R LAW AND SECURITY REPORT 2 CLSR

screen was an infringement of its copyright registration on the screen. The registration which DCI had obtained was prima facie evidence of the validity of the copyright, and the burden was therefore on Softklone to produce evidence which questioned this validity. They claimed that the status screen was not copyrightable because it was a necessary expression of the idea underlying the status screen. There is an established rule of law that if there is only one way of expressing an idea, then to grant copyright protection would be to prevent use of the idea by society (Baker v Selden 101 US 99 (1879)). However where there are a number of different means of achieving a desired purpose, then the particular means chosen is not necessary to that purpose, hence there is copyrightable expression. In the present case, the judge distinguished those parts of the program that were 'ideas', which could be legally copied; and those parts which were 'expression', i.e. unrelated to how the program operated. As the defendant had copied non-essential aspects of the status screen, the judge found that there was a copyright that had been infringed. In granting copyright, the court was careful to point out that the court was not granting the plaintiff "control

over the ideas of a command driven program, a status screen depicting the status of the program's operations, or the use of particular command terms or symbols." Finally, Softklone contended that DCA had not complied with statutory formalities in that they had not displayed a proper copyright notice on all copies distributed after the registration. Citing the leading work on copyright, the judge held that placement of a notice did not have to be in the most obvious place, providing that it was sufficient to apprise anyone seeking to copy the work of the existence of the copyright. DCA had placed their copyright notice on the sign-on screen, which preceded the status screen and this was held to be sufficient. Softklone and its parent company were therefore permanently enjoined from manufacturing and distributing versions of its software clone which infringed the status screen of "Crosstalk." David Greaves, Editorial Panelist

The Report acknowledges the assistance of the US publication - The Computer Industry Litigation Reporter in tracing these case reports.

PUBLICATIONS DATA

Intellectual property Intellectual Property Rights by Peggy A. Miller and Arthur J. Levene 1985 (Information Industry Association, 89pp. plus appendix) soft cover. This work was commissioned by the Information Industry Association to provide its members with guidance in developing individual company intellectual property policies. Its purpose is to enable information executives to gain a basic understanding of the intellectual property laws and associated contract issues necessary to create intelligent copyright policies within their companies. There are sections on copyright, trademark, trade secret and semi-conductor chip protection. Chapter 2 examines contract issues and Chapter 3 discusses techniques for understanding and resolving certain common business oriented problems. The appendix contains various Copyright Office forms and circulars and other information. Available from: The Information Industry Association, 555 New Jersey Avenue NW Suite 800, Washington DC 20001, USA.

Communications law 'Communications Law 1986 - Course Handbook' by James C. Goodale, Chairman (Practising Law Institute, 1064 pp. and 1096 pp.) $40 Library of Congress No. 79-643817. This course handbook is one of about 150 published each year by the Practising Law Institute. Its primary function is to serve as an educational supplement to each programme. It may also be used as a reference manual by attorneys and related professionals unable to attend the sessions. The communications law programme took place in New York in November 1986. Vol. 1 looks closely at the press and television, examining libel law, the regulation of cable television, the media and the communications revolution, access to government information and the licensing and taxation of news vendors. Vol. 2 looks at the torts concerned with intrusion, disclosure of private facts, false light claims and disputes concerning misappropriation and the right of publicity. Other sections deal with advertising and commercial

speech, prior restraints protecting publications, national security, business interests, etc.; anti-trust law and the media and the right of reporter's privilege. It contains articles, case notes, summaries and statutory references. Available from: Practising Law Institute, 810 7th Avenue, New York, NY 10019, USA.

Telecommunications There are several books currently on the market dealing with different aspects of telecommunications. The first - Modern Telecommunication by E. Bryan Came, 1984 (Plenum Publishing, 293pp. $29.50 ISBN 0-306-41841-X takes a broad look at contemporary telecommunications including information on the motives driving the telecommunications industry on new media and services and on advancing technologies including digital facilities and their integration into the environment of future businesses and households. The author is conscious that the field contains much specialised jargon which he attempts to limit or explain in the course of describing telecommunications developments. It is well written and recommended for the person who wants to understand more about the exact nature and impact of the telecommunications revolution. Available from: Plenum Publishing, 233 Spring Street, New York, NY 10013, USA.

The second book - Founda t ions in Business, Telecommunications Management by Kenneth C. Grover, 1986 (Plenum Publishing, 196pp). $18.95 ISBN 0-306-42249-2, examines the implications of the continuing and rapidly accelerat ing technical advance of telecommunications for management. It considers the opportunities and constraints resulting from recent regulatory changes in the United States and elsewhere. The author discusses telecommunications planning, operations management and regulation and provides basic information on telecommunications systems, terminals, networks, switching and standards of service. The book is written for the decision makers of major telecommunications users, compet ing networks and services providers and

27