A Master’s thesis under the supervision of Tilburg University in Tilburg (Netherlands) for the partial fulfilment of the LL.M. in Law and Technology.

How supportive is the current European IP-regime for End-Users?

An assessment when rooting or modifying (embedded) software.

by I.C. Adiyaman Supervisor: dr. M.H.M. Schellekens Second reader: dr. I.E. Bayamlıoğlu

Abstract: The primary purpose of this study is to determine what legal and regulatory challenges end-users face when they want to root or modify their (embedded) software. Data for this research was obtained from several research articles, legislation, and other literature that was found both online (e.g. SSRN & Westlaw) and in the Tilburg University library.

On the basis of the results of this research, it can be concluded that from a legal perspective, the scope of modifying or rooting software is very limited. The overlapping legal dogmas, the fragmentation in different European intellectual property laws and contractual obligations makes it nearly impossible to modify software in the end-users’ preferred way. Instead of clarifying the exceptions, the European legislation made it blurrier for end-users who would like to know when they could analyse, modify or root their software.

The possible exemptions for rooting activities, provided by the different intellectual property laws in Europe are too strict and not sufficiently clear in order to determine their scope. Even if there is a small legal possibility to tinker software, the possibility is often controlled by a proprietary license or has overlap with other legal dogmas. The safest option for end-users, remains to be modifying open source software under an open source license. The variety of such licenses makes it possible to choose the most preferred license. Although negotiation of these licenses is not possible, the source code is always available for modification or rooting purposes. These limited options for end-users raises the question of whether rights-holders enjoy too much protection under or as prescribed for in European IP-laws. A public debate should be a good starting point about what these technologies are capable of and should map out how powerful these right-holders have become. Although this process is known to be slow, this will be the best option in order to map out all the stakes and draw a possible road map which will lead to the best remedy.

2 Table of content ABSTRACT: ...... 2 1 INTRODUCTION ...... 5 1.1 PROBLEM DESCRIPTION ...... 5 1.2 RESEARCH QUESTION ...... 5 1.3 METHODOLOGY ...... 6 1.4 THESIS STRUCTURE ...... 6 2 WHAT ARE THE TECHNICAL OBSTACLES WHICH END-USERS FACE WHEN ROOTING SOFTWARE? 7 2.1 MOTIVES FOR ROOTING SOFTWARE ...... 7 2.2 THE IMPORTANCE OF ROOTING...... 7 2.3 THE PROCESS OF ROOTING SOFTWARE ...... 8 2.3.1 Circumvention of Technical Protection Measures ...... 9 2.3.2 Tinkering within the digital environment ...... 9 2.3.3 Reverse engineering the source code ...... 10 3 WHAT ARE THE LEGAL OBSTACLES WHICH END-USERS FACE WHEN ROOTING SOFTWARE? ... 13 3.1 COPYRIGHT LAW ...... 13 3.1.1 Software Directive 2009/24/EC ...... 13 3.1.2 Exclusive rights in the Software Directive ...... 14 3.2 PARACOPYRIGHT ...... 18 3.2.1 Digital Rights Management ...... 18 3.2.2 End User License Agreements ...... 20 3.3 PATENT LAW ...... 23 3.3.1 European Patent Convention ...... 23 3.3.2 Exclusive rights in patent law ...... 23 3.3.3 Contributory patent infringement ...... 24 3.3.4 Difference with copyright protection ...... 26 3.4 TRADE SECRET LAW ...... 27 3.4.1 European Trade Secret Directive 2016/943/EC ...... 27 3.4.2 Article 4 European Trade Secret Directive ...... 28 3.4.3 The effects of adapting the Directive ...... 29 4 WHAT ARE THE LEGAL POSSIBILITIES FOR END-USERS WHEN ROOTING SOFTWARE? ...... 31 4.1 COPYRIGHT LAW EXCEPTIONS ...... 31 4.1.1 Exhaustion ...... 31 4.1.2 Intended purpose ...... 32 4.1.3 Line-monitoring and decompilation ...... 33 4.1.4 Back-up copy ...... 35 4.1.5 Adaptation ...... 35 4.1.6 Does the Software Directive create opportunities for end-users? ...... 37 4.2 PARACOPYRIGHT ...... 39 4.2.1 Digital Rights Management ...... 39 4.2.2 Does article 7(c) Software Directive, create opportunities for end-users? ...... 41 4.2.3 Open Source Licensing ...... 43 4.2.4 Does Open Source Licensing create opportunities for end-users? ...... 47 4.3 PATENT LAW EXCEPTIONS ...... 48 4.3.1 Article 27 Unified Patent Court agreement ...... 48 4.3.2 Article 28 Unified Patent Court agreement ...... 48 4.3.3 Article 29 Unified Patent Court agreement: Exhaustion ...... 49 4.3.4 Does the Unified Patent Court agreement create opportunities for end-users? ...... 50

3 4.4 TRADE SECRET LAW EXCEPTIONS ...... 52 4.4.1 Article 5(a) and (b) European Trade Secret Directive ...... 52 4.4.2 Article 5(c) and (d) European Trade Secret Directive ...... 53 4.4.3 Does the European Trade Secret Directive create opportunities for end-users? ...... 53 5 CONCLUSION ...... 55 6 LITERATURE ...... 59 6.1 PRIMARY SOURCES ...... 59 6.1.1 Legislation ...... 59 6.1.2 Case law ...... 61 6.2 SECONDARY SOURCES ...... 63 6.2.1 Books: ...... 63 6.2.2 (Online) journals/articles: ...... 65 6.2.3 Other sources (internet sources, opinions, reports, explanatory notes, guides, etc.) .... 68

4 1 Introduction Compared to a personal computer, mobile phones and tablets are rather closed devices. Rooting and jailbreaking can be considered ways of bypassing their limitations and doing things that the manufacturers and developers don not want you to do.1 Manufacturers of mobile devices do not like their products being rooted, jailbroken or tinkered with, because they lose control over the ecosystem the end-users are working in. They argue that products with a third-party operating system might have a shorter life, security vulnerabilities, may break some of the important features, and can allow users to install pirated or unauthorized software.

Rooting is known as the Android comparable of jailbreaking, but is also used as an umbrella term for multiple acts of bypassing restrictions in software. Rooting is a way of unlocking the operating system installed by the actual manufacturer. By this process the end-user can delete unwanted bloatware2, replace it with other firmware, install unapproved apps or overclock the processor.3 For many individuals the act of rooting is considered to be a scary process. One mistake could lead to your mobile device becoming a useless as a brick. Nonetheless, more and more end-users would prefer to modify their mobile device operating systems to suit their own needs.

In essence, changing the software of your hardware is not illegal. In fact, it may be desirable that end- users can do this. The reasons being that, although for a long time it was thought that it was better to not have access into these complicated systems because either it could harm or even make your product not usable any longer, this way of thinking is slowly changing, as seen again after the recent Volkswagen ‘Dieselgate’ case. In the past, consumers and authorities trusted the manufacturers of products with (embedded) software. Now, we slowly see a shift in thinking. It is becoming ever more apparent that end-users and researchers need the opportunity to legally circumvent the traditional restrictions against rooting, in order to look further ‘under the hood’ and make changes if they wish to do so.

However, software, and hardware, companies use several instruments (technical, contractual, IP) to forbid and discourage the rooting, jailbreaking or modifying by end-users. As a consequence, an essentially legal activity at prima facie, has been turned into something that is impossible or unlawful in most cases.

1.1 Problem description The end-user is not permitted to extensively analyse his product and change the software if he wishes. Developers of the software retain control, even though the product is not legally their property any longer. This is possible by different instruments governing the software. However, there are limits. The law regulates contracts and limits the freedom of contract in certain conditions. Additionally, IP rights does also have statutory limitations and exceptions. All these limitations could create some possibilities for rooting or jailbreaking activities. However, finding out in what circumstances jailbreaking, rooting or modifying is allowed, is not an easy task. Therefore, this research intends to clarify when there are possibilities for end-users to root or modify the software of their device.

1.2 Research question Obstacles to rooting and modifying are the result of ‘private’ interventions by manufacturers. End-users, being the weaker party, are, or may, not be able to fight these interventions, if left to deal with them on their own. End-users need support from the law. This thesis researches what support they get and

1 How-to-Geek, “What’s the Difference Between Jailbreaking, Rooting, and Unlocking?”, (n.d.). 2 Bloatware is unwanted pre-installed software. 3 Overclocking is a popular technique for eking out a little more performance from a system.

5 will attempt to address whether or not the law provides ‘enough’ support. In order to show how ‘supportive’ the European legislator is, the following sub-questions are addressed:

(1) What are the technical obstacles which end-users face when rooting software? (2) What are the legal obstacles which end-users face when rooting software? (3) What are the legal possibilities for end-users when rooting software?4

The thesis intends to answer these questions based on European law. In addition, this research will occasionally make a comparative analysis with US law. This will consist of assessing and comparing primary and secondary sources. This should facilitate a deeper understanding of the problem and possible solutions to it.

1.3 Methodology The thesis applies the methodology of traditional (doctrinal) legal research along with elements of comparative research. It is not a full comparative research. Where useful, a comparison with US law will be made as an inspiration for alternative solutions and in order to place EU law in perspective. The conclusion will provide a table mapping out what obstacles there are when rooting (embedded) software according to European legislation. In addition, some follow up steps will be shown.

The core problem of rooting software will be approached by an explanatory and descriptive method. The possible outcomes and findings will eventually provide greater insight towards making an assessment on whether there should be a clear possibility to root software, and, moreover, to what extent this exception needs to reach. The method used in order to answer the main, and sub, questions comprises a desk study examination of primary and secondary sources. The European primary sources include: Software Directive, InfoSoc Directive, European Patent Convention, Unified Patent Court Agreement, Dutch Patent Act, European Trade Secret Directive. The secondary sources include: legal scholarly books, research papers and websites relevant to this research.

1.4 Thesis structure The focus of this thesis is threefold. Chapter two will seek to examine if there should be an actual possibility to root the software of your device from a non-legal perspective and will show the technical process of rooting. This chapter will shortly explain the importance of having the possibility to root software. Technology has become an essential part of our daily lives. However, the power to control this technology is often missing. By demonstrating the technical process involved in rooting software, this research will try to give a greater insight into the importance of software rooting. Chapter three will seek to examine those opportunities afforded to rights-holders under the law in order to discourage end-users from rooting activities. This part of the research concentrates on the regulatory challenge faced by the European legislator, who employ various regimes in order to protect the rights of the right- holders. This aspect of the thesis focuses on the use and interpretation of various instruments rights- holders can use against end-users. This will be analysed through a legal point of view. The fourth chapter will address these same legal instruments, but will show the possibilities for end-users when rooting software. In the description of the instruments chapter 4 mirrors the structure of chapter 3. At the end of every legal instrument a table will summarize how far the law ‘stretches’ in regards to software rooting. The fifth chapter will be a brief conclusion which shortly sums up all the findings in this research. In addition, it will provide follow-up steps that could be taken in order to come to a viable remedy for the ongoing tension between end-users and right-holders.

4 Sub-question 1 will be discussed in chapter 2, sub-question 2 in chapter 3 and sub-question 3 in chapter 4.

6 2 What are the technical obstacles which end- users face when rooting software? Chapter two will clarify what technical obstacles end-users face when rooting software. First, the importance of having a rooting possibility will be explained. Second, the technical process of rooting will be explained.

2.1 Motives for rooting software Before starting with the content of the thesis, there should be clarification about the possible motives (behind) rooting software. End-users are often labelled as hackers or whistle blowers when they adjust or change the digital environment of their devices. In order to avoid confusion, this thesis will divide end-users into four groups. The reason for this being that as the research continues it makes it easier to follow which exceptions are relevant for which group of end-users.

G1: Group G1 are end-users whose sole purpose is just to open and see how a certain software works in order to determine the ideas and principles behind the software. G2: Group G2 are end-users whose purpose is not only to watch how a certain software works, but also to implement certain modifications. G3: Group G3 are end users whose purpose is to watch and examine a certain software, make modifications and then distribute the software through various channels. G4: Group G4 are end users whose sole purpose is not changing the software, but rather discover malicious errors and flaws while rooting the software. In order to find these malicious flaws, the end- user needs to open up the software and its source code and reveal its findings. This group also includes whistle-blowers.

2.2 The importance of rooting. The tension between end-users and rights-holders has been a constant over the years. End-users want to learn how the digital software of their mobile device works and want to be able to modify certain parts of the product in order to improve or build new functions. According to Edward Felten, the biggest enemy of modifying is the fact we live in a “permission culture.”5 Felten states that every modification requires permission, often, from big tech companies or powerful entities. In the same article, he states that this same permission culture penalises end-users for acting without permission, instead of punishing them for causing damage or crossing legal boundaries.6

The biggest reason for end-users in deciding to modify their software is the way technology is nowadays embedded in our lives. Technology shapes the way we live our lives. It is important to understand, and have the possibility to influence the shaping process of new technologies. Civil Rights organizations like EFF (Electronic Frontier Foundation) are a constant reminder about how technology has infiltrated our life. According to the EFF:”

People entrust their health, safety, and privacy to such devices every day, as with medical implants, vehicles, or devices with microphones you keep in your pocket or cameras in smart TVs aimed at your living room. There are good reasons to

5 Edward Felten is the director of the Princeton Center for Information Technology Policy and also the owner/ founder of ‘Freedom to Tinker’ blog. 6 E. Felten, “The New Freedom to Tinker Movement”, (13 March 2013).

7 outsource decisions about your devices' software to knowledgeable, trustworthy sources, but you should always have the ultimate say in who deserves your trust.”7

As technology is becoming increasingly embedded in our daily lives, the safety of people depends and relies upon software that runs the technology. Researchers and end-users are the avenues through which possible weaknesses and flaws can be exposed.8 By circumventing security controls they are able to report flaws to make the software safer sooner. HackerOne’s Chief Policy Officer Katie Moussouris held that: “

It falls to us to ensure that the ability for security research and reverse engineering of technology in cars and other critical components of The Internet of Everything become accepted as the norm in the overall fabric of defence.”

Furthermore, a poll by Influencers shows that 64% of the readers would like to see a change in copyright laws so that end-users can change the software, however, the other 36% are afraid that allowing such a freedom is not always a good way to solve problems.9 Co-founder of security company Sqrrl, Ely Kahn, argues that it should be restricted to researchers: “Opening up ‘tinkering’ generally may result in people bypassing environmental laws, as EPA has mentioned (among various other issues).”

Steve Weber, professor at the School of Information at the University of California, states that copyright law should not be changed for the sake of research for similar reasons. “No question that copyright laws around software are dysfunctional and need fixing for lots of reasons, but not so that people can ‘tinker’ with the software that runs their cars. Do you want to be driving 65 miles an hour behind a ‘hobbyist’ who has done that?.”10 Chris Finan, Chief Executive of Manifold Security, said that changing the law is not the best way to start solving this problem. Rather, “A better approach would be to incentivize open sourcing of software components with vehicle safety implications.”11

2.3 The process of rooting software Rooting and jailbreaking are often accomplished by installing malicious software onto the device that circumvents restrictions. For Apple products, jailbreaking entails installing a series of software called “kernel patches.” These “kernel patches” can be considered as strings of code that supervise and support the operating system. If the ‘kernel’ of the Apple device is circumvented, the end-user can attach his own code, which eventually leads to a typical jailbreak. Modifying Android software is also

7"Digital Freedom Depends On The Right To Tinker". Electronic Frontier Foundation, (n.d.). 8M. Carollo, “Influencers: Revise copyright law so researchers can tinker with car software”, (n.d.). 9 Picture of the poll by Influencers, to be found in the article mentioned in the bibliography 10M. Carollo, “Influencers: Revise copyright law so researchers can tinker with car software”, (n.d.). 11 Ibid.

8 referred to as rooting. Rooting is the process of allowing yourself root-level-access. The end-user gives himself prominent administrative rights that are typically reserved for software developers.12

Rooting, jailbreaking, and modifying software has nowadays become easier. You can download software which will do all the necessary steps, without the user of that software having knowledge about what is happening. The process of jailbreaking or rooting the software of your mobile device is actually a step-by- step process. First, the end-user needs to circumvent a Technical Protection Measure (TPM). After this step, the end-user has access to the kernel of the operating system, after which they could start reverse engineering the object code in order to arrive at something what looks like the source code.

2.3.1 Circumvention of Technical Protection Measures There has been a long struggle between the software developers and the end-users who develop cracking software. The term “circumvention” can be used as an umbrella term for many acts of bypassing restrictions. In this research, the act of circumventing means bypassing protection put in place by the rights-holder in order to safeguard their software. These restrictions are primarily put in place to prevent copying or accessing of the software. In order to root the software, you first need to circumvent the TPM, this can be achieved by cracking software, also known as a ‘crack’.

Software cracking, or “breaking” as it was called in the 1980s, is the act of modifying software in order to remove or hinder qualities which are considered adverse by the developers of the software.13 Mostly, the crack removes qualities of the software such as copy protection, manipulates serial numbers or deletes irritations such as adverts. Cracks can roughly be divided into three categories: (a) loaders, (b) key generators, (c) patches. A loader changes the usual start-up process of a software but does not remove anything, it only circumvents the protection measure.14 A key generator, as the name suggests, manipulates the license key. It is often a product license generator which is capable of generating a license on your own name. A patch can be considered as a small piece of software that changes the machine code of the subjected software. The advantage of a patch is that it does not need to include a large executable15 when only a few bytes are changed.16 The distribution of cracked copies of software is illegal in Europe and other parts of the world. Several tech companies have sued end-users for disseminating cracked software.17

2.3.2 Tinkering within the digital environment Once the end-user has circumvented the TPM, it can access the kernel of the software with little effort. The kernel connects the application software to the hardware and can be considered a computer program which is the central core of the operating system. Other applications run on top of the kernel, which gives the kernel total control over everything that is happening within the system.18 Therefore, the kernel is the first software which is loaded after starting up, together with the ‘in and output’ requests of other software. After the request,

12 D. Breston,” Is it illegal to Jailbreak or unlock your cell phone”, (3 June 2015) 13 Morton (1985) quotes: “The origin of the term probably lies in the activity burglars perform in the still of the night”, p. 71-73. 14Nigurrath (2006) quotes: “A loader is a program able to load in memory and running another program.” 15 Executable. (5 December 2016). In Merriam-Webster’s online dictionary (11th ed.). 16 Craig/Ron (2005), p. 75–76. 17 J. Cheng, "Microsoft files lawsuit over DRM crack", (27 September 2006). 18 Linfo, “Kernel definition”, (24 May 2005).

9 the kernel translates them into machine instructions, which are sent to the Central Processing Unit (CPU).19

Once you have accessed the kernel, the actual infringing rooting and jailbreaking acts take place. Some of the rooting activities such as changing the Graphical User Interface (GUI) take place in the kernel itself. However, the rooting of the software or adjusting some functions of the operating system require more effort, namely the gaining of access to the source code. This critical code, the source code, is often the most important feature of the software. The source code is often written in a language that is referred to as a “high-level language.” The computer does not understand this high-level programming language and, therefore, needs to be compiled (by a compiler) into machine understandable commands. These understandable commands for the computer are called ”object-code.” These strings of 0’s and 1’s is the only command that a computer understands. The table below shows the difference between a source code and object code.20

Source code Object code • Source code is written in high-level or • Object code is written in machine human readable language, in the form of language through compilers, it is in the text. form of binary numbers • Source code is easy to understand for • Object code is difficult to understand for humans, generated by a human and humans and is generated and output by input for a compiler a compiler • Source code is easy to modify once • Object code is difficult to modify. accessed. • Source code contains fewer statements • Object code contains more statements than object code. than source code.

With commercial software, an end-user does not have access to the source code. In order to run a program, it is enough to have the object code version (which is what is provided to the end-user). The source code is withheld by the software company and is usually a trade-secret.

2.3.3 Reverse engineering the source code One of the most commonly used ways of modification is through reverse engineering. This is the process whereby end-users or firms buy the product just like normal consumers but afterwards disassemble the product. They thoroughly study all of the components and use their own ideas to test the product in different ways to hunt down those techniques which show them how certain things work. When it comes to software this process is a little different. A person is reverse engineering software when they attempt to figure out the logic, basic ideas, interface specifications and programming principles behind that specific software. There are various reasons why someone would like to retrieve the source of a program: the inaccessibility of the source code, to check the performance, to improve the performance, to fix errors or to find any malware (virus).21 Although reverse engineering is allowed under certain circumstances, if the purpose of this act is making a reproduction, it could be a violation under copyright.

2.3.3.1 Objectives for reverse engineering Reverse engineering can be undertaken with many differing objectives. Currently, there are roughly 9 objectives for reverse engineering:

19 Wulf (1974), p.337–345. 20 R. Ameen, “Define Source code and Object code”, (28 June 2011). 21 A. Crawford, “TechTarget Magazine: Definition Reverse Engineering”, (January 2007).

10 1. Reverse engineering aimed at getting to know the structure, methodology and organization of the software (e.g. at a university): reverse engineering as a teaching tool 2. Reverse engineering for the purpose of learning the structure, methodology and to learn the organization of the software for writing a manual for that software. 3. Reverse engineering for the purpose of developing add-on software/plug-ins and other software products (e.g. virus scanners) that can interact with the tested software. 4. Reverse engineering with the aim of developing cracking software, that is, software that allows technical safeguards to be broken, removed or bypassed in the analysed program. 5. Reverse engineering in order to develop software that can understand the file structure and/or commands of another software. For instance, developing a software that can work with data from another database. 6. Reverse engineering in order to produce a documentation system that allows the user to customize or modify the software for their own needs and desires: reverse engineering for the purpose of customization of existing software. 7. Reverse engineering aimed at the development of another, but similar, software that, in a greater or lesser extent, is functionally interchangeable with the examined program: reverse engineering for the purpose of the development of a competitive (compatible) product 8. Reverse engineering as part of the re-engineering of a software in such a way that the restructuring does not affect the functional properties of the program. This is used to get access to outdated, inflexible and difficult to maintain software (legacy software) to create more flexible ones. 9. Reverse engineering of a functioning software X in order to circumvent or remove insoluble problems into an interoperable working software Y: reverse engineering for fault recovery.22

In all of these types of applications, the method of reverse engineering is accompanied by the making of copies. Therefore, these acts are reserved to the rights-holder (right of reproduction), unless the end- user can rely on one of the statutory exceptions or on a contractual clause. In the enumeration above, numbers 3, 4 and 5 are cases which involve translating the code form of the program with the ultimate goal of having interoperable software. Add-ons, cracks and software that understands the file structure of another program must by their very nature have a certain degree of interoperability. The strength of this software is often the ability to work properly with other software or control other software (such as virus checkers) or to change it by circumventing technological measures.23

2.3.3.2 Methods for reverse engineering There are different ways to reverse engineer software. The two most popular forms are the ‘white box’ method and the ‘black box’ method.24 White box reverse engineering, when applied to software, involves decompiling the binary. Through this process the end-user can view the underlying assembly or even see the source code. This method therefore is only used for research activities. The reason behind this is that the results of white box methods are considered to be ‘dirty’ and are therefore

22 Struik/van Schelven/Hoorneman (2010), p.218-219; Struik/Leether (1999), p.40. 23 Struik/van Schelven/Hoorneman (2010), p.219. 24 Jones (2005).

11 restricted in use to commercial products.25 Using the white box method could give rise to a copyright violation, since you unintentionally could copy the original code.26 However, if the goal is to develop interoperable software, this method is still allowed under certain circumstances.27

The black box method is an alternative to the white box method. Instead of having or being able to see the code the white box panel creates a description with instructions. The black box panel tries to create that code by only having the list of instructions.28 This black box method is also given as an example in the picture, which is also known as the “Chinese Wall” method.

25 Lindberg (2008), p. 246. 26 J. Pryor, “Reverse Engineering”, (31 January 2006). 27 To be discussed in the next chapter 28 Lindberg (2008), p. 246.

12 3 What are the legal obstacles which end- users face when rooting software? The European IP legislation provides sufficient instruments for the right-holders to hinder end-users from rooting or modifying the software of their hardware. This chapter will show these legal obstacles which hinder the end-users. The instruments which will be covered in this chapter are: copyright law, paracopyright, patent law and trade secret law.

3.1 Copyright law For a long time, copyright was not considered to be relevant to the sale of products that did not have a creative element in them. Copyright was only seen as being relevant for paintings, books and musical records, for example. This perspective has changed. Copyright has become a key element in preventing piracy, averting the copying of computer software, and blocking end-users who want to modify software.29 The scope of copyright is nowadays much broader and includes protection against piracy. Although copyright has many different goals (f.i. creating instruments to control ownership and distribution of expressive works, because this results in the creation of many more expressive works, which is benefit to all of society.)30 It can be argued that preventing piracy of computer programs is also a goal of copyright. However, this goes outside the scope of this thesis.31

In Europe, there are two directives that could be applicable to copyright protection of software. First, the InfoSoc Directive, which concerns the legal protection of copyright and related rights in the framework of the internal market, with particular emphasis on the information society.32 The second of these directives, which is most relevant for the purpose of this thesis, is the Software Directive (hereinafter: SW Directive).33 This directive aims to use copyright to protect computer programs as literary works within the meaning of the Berne Convention for the Protection of Literary and Artistic Works. For the purposes of this Directive, the term ‘computer programs’ shall also include the preparatory design materials.34 The Court of Justice of the European Union (CJEU) has previously held that the SW Directive needs to be considered as a lex specialis relative to the InfoSoc Directive, which has to be considered a lex generalis.35

3.1.1 Software Directive 2009/24/EC The SW Directive is a result of the rapid technological developments experienced these last decades, including the emergence of digital storage media such as CD-ROM, DVD, as well as the emergence of the Internet as a medium for the rapid transfer of digital information.36 The Directive attempts to harmonise key aspects of copyright amongst Member States. By providing broadly defined exclusive rights, it tries to harmonise the copyright laws within the Community relating to computer programs.37

29 Samuelson (2015), p.1-12. 30 University of Minnesota Libraries, “Copyright’s purpose: Economics and the public interest”, (n.d.). 31 Samuelson (2015), p.13. 32 Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, article 1. 33 Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs. 34 Software Directive, article 1(1). 35 C-128/11 (UsedSoft v. Oracle) and C-355/12 (Nintendo Co. Ltd and Others v PC Box Srl), para. 23. 36 Hoeth/Gielen (2014), p. 549. 37 Ibid, p. 550.

13 3.1.2 Exclusive rights in the Software Directive Software enjoys copyright protection where the individual intellectual creation by the programmer/author is visible and complies with the ‘’originality’’ requirement.38 There is no need to register at an office in order to get copyright protection; the copyright comes into existence by itself. Software could therefore get copyright protection, but not for everything that is related to that software. The rights-holder will only get protection for the source code and the object code (e.g. “firmware”). In addition, copyright provides protection for compilations of programs, data structures (e.g. databases) and individual programs.39 The programming language itself, the functionality, the formats used to exploit different functionalities, do not amount to a form of expression eligible for copyright protection.40 This was the case in SAS Institute Inc. v. Word Programming Ltd.41 The dispute here involved whether WPL had infringed the rights of SAS manuals and products, and more importantly if the reverse engineering of a SAS software is in violation with its terms of usage. An important note is that WPL did not have any access to the source code of the SAS program (black box reverse engineering). The result of this was that the court was only possible to judge on the infringement based on the functionality, or said differently, judging by only observing the functionality. The CJEU ruled that neither the functionality of the software is eligible for copyright protection, nor the language used for programming or the format of data files. Moreover, the Court stated that there is no copyright infringement when a company studies, observes and tests a program, without having access to the source code, to create a different software with similar functionality in order to achieve interoperability.42

The core provision of the SW Directive regarding exclusive rights is article 4(1). This article lists the exclusive rights granted to the copyright holder. The provision shows what rights you get as a copyright holder to protect your software. Article 4 paragraph 1 of the Directive defines three categories of restricted acts:

sub (a): the rights-holder gets the exclusive right to reproduce his computer program in whole or in parts, permanently or temporarily. This right includes acts of reproduction, which are necessary for loading, the image (displaying), execution, transmission or storage of a computer.

Sub (b): the copyright holder has the exclusive right of translation, adaptation, arrangement and any other alteration made by his computer programme and the right to reproduce the results of these actions.

Sub (c): the copyright holder has the exclusive right to distribute the software in any form. This right includes the exclusive right of rental.

3.1.2.1 Reproduction right The rights enumerated in the Directive have an exclusive nature. This means the copyright holder is free to decide whether, and if so, to what extent, and under what conditions, he allows others to perform restricted acts. That freedom however is not absolute. Permission of the copyright holder is in fact not necessary if the end-user of a computer program can invoke any of the exceptions in article 5 or 6 of the SW Directive.

Subparagraph (a) of article 4(1) SW Directive recognizes the rights-holder to decide on the total or partial reproduction of his computer program. Apart from the exceptions referred to in articles 5 and 6,

38 Software Directive, article 1. 39 H.S. Obhi, “Computer Programs: Infringement of Copyright”, p.2, (n.d.). 40 European IPR Helpdesk, “How can computer software be protected”, 2nd paragraph, (n.d.). 41 Case C‑406/10 (SAS Institute Inc. v. World Programming Ltd). 42 Case C‑406/10 (SAS Institute Inc. v. World Programming Ltd), par. 61, 62.

14 consent is needed from the rights-holder for a permanent or temporary reproduction of a computer program. Reproduction is one of the rights-holder’s reserved acts regardless of the manner and form in which reproduction is performed. The right to oppose against unauthorized reproduction is of great significance for the protection of copyright. This also applies for temporary reproductions. The general exception in article 5(1) InfoSoc Directive, regarding temporary reproductions does not apply to software.43

The reproduction right is enumerated in five acts reserved to the copyright holder, at least, 'to the extent' such acts necessitate a reproduction. The specified acts are: loading, displaying, running, transmission and storage of a computer program.44 It is generally accepted that the use of software on a computer usually implies (often temporary) reproductions. Therefore, use of the software by other persons needs permission from the copyright holder.45 On the other hand, the SW Directive provides that, if the exploitation by an end-user does not require reproduction of the software, the act does not fall under copyright control according to the second sentence of article 4, paragraph 1 under (a).46

3.1.2.2 Translation, adaptation, arrangement right The right-holder can translate, edit, alter, arrange or change his software. Under article 4, paragraph 1(b) SW Directive all these acts are covered under the exclusive rights of the copyright holder. In addition, it can be concluded from the scheme of article 4, paragraph 1, that the European legislator did not consider translations, adaptations, modifications as reproductions of the software.

Control over adapting or modifying software basically comes down to the rights-holder. Unless further modification rights are assigned in an agreement, the user can only modify or change within the limits of article 5 SW Directive. The rights entitled to the rights-holder has a far-reaching effect. It includes any change to the software, which also includes modifications for purely internal use.47 The modification right in article 4 paragraph 1(b) SW Directive gives the rights-holder the ability to resist numerous changes and adjustments, for instance: the intervention in the functionality, facilitating the use, removing protections, adjusting the structure and organization of the program, using parts of a program to create a slavish imitation of the software, etc.48

In addition to the above described, article 4 paragraph 1(b) gives two more indications. First, it indicates that the control of the copyright holder also extends to the results of the above-mentioned translations, adaptations and modifications. Secondly, contrarily, article 4 paragraph 1(b) confirms the outcome of 'editing-work' could, at the same time, be subject to rights of the editor.49 However, the editor may not distribute or reproduce the "edited work" without permission from the rights-holder of the original work. If the editor chooses to reproduce and distribute the edited work anyway, the rights-holder has to prove two conditions in order block these acts: The reproduced/distributed work has his:

(i) copyrighted “expression”; (ii) this expression must (in appropriate extent) have been incorporated into the work of that editor.50

43 Nimmer (1990), § 4.2. 44 Visser (1997), p. 63-64. 45 WCT 1996, Trb. 1998, 247, Agreed Statement by Article 1 paragraph 4: '' It is understood that the storage in a digital format of a protected work in any electronic medium constitutes a reproduction within the meaning of Article 9 of the Berne Convention.”, and, Proposal Software Directive, comments on Article 4 sub a. 46 Struik/van Schelven/Hoorneman (2010), p. 110-117. 47 Gunther (1994), p.321-328. 48 Struik/van Schelven/Hoorneman (2010), p. 118. 49 Ibid, p. 117-120. 50 Spoor/Verkade/Visser (2005), §4.7, p. 157-158.

15 This principle applies even if a small portion of the work from the original developer is taken. The CJEU has in such cases used the Infopaq decision as a measuring tool, whereby infringement exists if the acquired portion of ''the expression of the intellectual creation of its author” is reproduced.51 The “expression” of the creator criterion is determined based on the “protection criterion”. If the claimant proves that, the same “expression” can be found in the product of the defendant, it is in principle for the defendant to prove that he has not copied from the protected work. If the defendant does not succeed, then its operation is considered as infringing.52 In the assessment, it is basically irrelevant how big the share of the acquired protected “expression” within the product of the defendant is. Even if this product contains an amount of “own expression” material, or if the operation itself delivers an original whole new complete product, the product still infringes the rights of the rights-holder.53 What is important for the infringement question is whether the portion taken exhibits the originality of the work of the claimant.

3.1.2.3 Any form of distribution The SW Directive gives the rights-holder a broad control about distribution of the work. Article 4 paragraph 1(c) grants control over any form of distribution, including the rental of the computer program or copies thereof to the public. This includes both the distribution of copies in tangible form, but also in other (intangible) forms, for example by online distribution. For end-users, this means that the act of distributing software, or parts of that software, which includes copyright protected works is only privileged to the rights-holder. Acts like communicating works through a website, or uploading works (f.i. on a P2P server) are considered as providing access and therefore seen as a form of distributing and therefore prohibited.54

The wording “any form of distribution” shows that the Directive is intended to confer a broad control over disclosure of the computer program. The use of the word “distribution” might raise the question whether this right only refers to the distribution of physical copies. The InfoSoc Directive makes a clear distinction between the right of distribution of physical copies and communicating to the public.55 This is not the case with the SW Directive, the legislative history of the SW Directive provides no grounds for such a restricted interpretation.56 The copyright holder reserves its distribution right in article 4 paragraph 1(c), which is independent of article 4 paragraph 1 sub (a) and (b) reserved procedures. In addition, until recent, the SW Directive did not give rules about distribution of software where no hard copies are put into circulation, the so-called “intangible disclosure.” In the UsedSoft case the main question was whether the exhaustion principle can apply to online distribution models, such as downloads complemented by a license.57 The CJEU answered this question by applying the principle of “offline-online equivalence.” This principle demands the exhaustion principle to apply for intangible software copies, just like it does to tangible copies.58

First, exhaustion has some requirements according to article 4(2) of the SW Directive. The rights-holder must have given permission for the downloading of the copy by the first acquirer, the rights-holder must have discussed a right to use that particular copy for an infinite period of time, and must have received an economic compensation for that copy. These requirements also apply to the usage right of the second acquirer.59 Concluding from these requirements there is no exhaustion when the software is

51 C-5/08 (Infopaq International A/S v Danske Dagblades Forening), par 47-51. 52 HR 29 November 2002(Una Voce Particolare). 53 Spoor/Verkade/Visser, §4.8, p.161; they give as an example the inclusion of one copied photo or one page of copied written text in a book of 200 pages will almost certainly infringe. 54 De Cock Bunning/Ringnalda (2010), p.1-11. 55 Struik/van Schelven/Hoorneman (2010), p. 130 56 Struik/van Schelven/Hoorneman (2010), p.84. 57 Case C-128/11 (UsedSoft v. Oracle). 58 Schellekens (2006) and Tjong Tjin Tai (2003). 59 Article 5(1) Software Directive.

16 used online, such as SaaS or ASP, because in these cases there is no act of downloading. Other ‘non- material communications’ such as non-UsedSoft downloads are not distributions according to this judgment. However, they may still be subject to national exclusive rights.

Second, the CJEU set further requirements which must be met by the first acquirer before the resale. The CJEU made clear that the downloading of the software copy and the conclusion of an EULA (End User License Agreement) for that copy, form an inseparable whole.60 Therefore, the CJEU stated that the first acquirer is not allowed to split the license and resell parts of a license or licenses without the relevant copy or the copy without licenses.61

Third, the CJEU stated that the first acquirer must make his own copy unusable at the time of the resale, otherwise he would still infringe the reproduction right of the rights-holder.62 However, the CJEU does not say whether this requirement is necessary for the validity of a sale. The rights-holder is allowed to use TPMs in order to make sure the first acquirer does not continue using the software.63

Conclusively, the CJEU ruled that Service Level Agreements (SLAs) or Software Maintenance Agreements (SMAs) are outside the scope of exhaustion.64 Though, the exhaustion does extend to the copy of the software as updated through maintenance. Therefore, the second acquirer does not have the right to use further updates. He or she must enter into an additional maintenance agreement.65

60 Case C-128/11 (UsedSoft v. Oracle), par. 44-84. 61 Ibid, par. 69-86 and Savič (2015), p.415-416. 62 Ibid, par. 70-78. 63 Ibid, par. 79-87. 64 Ibid, par. 66. 65 T.J. Heyden, “The ECJ Judgment Oracle vs. Used-Soft of 3 July 2012", (7 November 2012).

17 3.2 Paracopyright Paracopyright is often known as “metacopyright” or “pseudocopyright.” It includes the legal protection “above and beyond” traditionally known copyright protection. The most familiar example of paracopyright is the protection for TPMs. In paracopyright, the scope or term of copyright is not important. It is used as a term for different sets of techniques that could be used by copyright holders. These technical measures are set in place to enforce license agreements upon end-users ensuring compliance with copyright rules. These subchapters will intend to give more insight about what obstacles TPMs and EULAs (End User License Agreements) could create for end-users.

3.2.1 Digital Rights Management As discussed in chapter 2.3, many producers and operators equip their software with some form of technical protection. Through these technical measures the copyright owner or operator seeks to prevent the undesirable access to the software to third parties or restrict or prevent usage. The combination of TPMs together with Rights Management Information (RMI) is often called Digital Rights Management (DRM).66

3.2.1.1 Technical Protection Measures: legal regime The resulting conflicts between right-holders and end-users of copyrighted works has become subject to regulation. The World Intellectual Property Organisation (WIPO) has in its WIPO Copyright Treaty introduced a globally operating facility for the protection of TPMs. This treaty has opened a global debate, and prompted the European legislator to take a step in the legal protection of TPMs in the InfoSoc Directive. Article 6 of the InfoSoc Directive provides an agreement on the protection of TPMs.

Article 6 of the InfoSoc Directive provides a harmonized regime of rules on the circumvention of TPMs. Paragraph 1 prohibits the making, distribution, exploitation of means that could make circumvention possible. Paragraph 2 adds more rules about the offering of services relating to the circumvention of TPMs. Paragraph 3 defines which TPMs should benefit from this legal protection. The last paragraph, paragraph 4, regulates the relationship between technical protection and user rights. This is of great importance because technical protection can often stand in the way of an act which is normal and not infringing any work. However, relating to the topic at hand, the SW Directive is the prevailing document.

The SW Directive also pays attention to the protection of TPMs. This was the first Directive amongst other copyright related Directives that specified anti-circumvention provisions in the context of software. Article 7(1)(c) is the article which forbids:

“any acts of putting into circulation, or the possession for commercial purposes of, any means the sole intended purpose of which is to facilitate the unauthorized removal or circumvention of any technical device which may have been applied to protect a computer program.”

This article has great importance in several aspects. First, it was the first copyright related Directive which imposed the obligation on Member States to put domestic prohibitions relating to the circumvention of TPMs. Furthermore, the brief and concise construction of the article raised many new challenges in interpreting the text for Member States. Article 7(1)(c) is often said to be an article which is too broad and open-ended in describing TPMs as “any technical means” without clarifying what it actually means. Neither the article, nor the preamble provides a sufficient answer on what “any technical means” could mean. The only requirement it gives is that the TPM “could be applied to protect

66 RMI is information that identifies content protected by copyright or related rights, the rights owners in such content and the terms and conditions of use associated with it. For instance an electronic watermark.

18 a computer program.”67 The Software Directive states that the trafficking in such “means” and the possession can both be considered as unlawful, if it is for commercial purposes.68

3.2.1.2 Types of TPMs and interests In general, TPMs which are developed for software are separated into two types: “access control” and “use control.”69 A particular form of “use control” is copy protection (‘’also known as copy control‘’) it seeks to prevent or control the unauthorized copying of software. With TPMs the rights-holder can prevent attempts of unlawful acts by third parties. TPMs contribute to the legal protection of software and the chances of a successful operation of the product. The security-software industry has expanded enormously as a result of the great importance attached to TPMs.70 Next to having different types TPMs, rights-holders also have different interests when it concerns the use of TPMs. The interests of right- holders and operators of software can broadly be divided into three categories:

(i) protection against the circumvention of a TPM, (ii) protection against the placing of means on the market that can circumvent a TPM (cracking software, cracks), (iii) protection from the professional parties who offer services that specialize in the circumvention of TPMs.71

Contrary to this, end-users have other interests. For example, the end-user frequently stands for the importance of the unimpeded and unrestricted use of software. The functioning of a TPM can extend to such a degree that even permitted use under law could be blocked/restricted. The relationship between user rights on the one hand and the regular constraints of copyright law on the other hand, are continuously under pressure.72

67 Efroni (2010), p. 297. 68 Bently (2004) quotes:“The term ‘any means is clearly intended to be broad and would cover ‘devices, products, or components... but would cover the provision of services”, p.235. 69 Struik/van Schelven/Hoorneman (2010), p. 283. 70 IFPI, The WIPO treaties (2003): Technical Measures, p.2, 71 Struik/van Schelven/Hoorneman (2010), p. 284. 72 Loren (2002), p.133-148.

19 3.2.2 End User License Agreements Software is most often protected by copyright; the author of a computer program has to give permission to a third party before they are allowed to install or distribute the software. This happens through an EULA (End User License Agreement). There are barely any limitations on what can be agreed in a license. When a user is bound to the license, he is subject to those restrictions in it. Many licenses, especially licenses for commercially developed software, are quite restrictive regarding redistribution rights, modification rights, and reverse engineering. Even making a backup copy, a publication of a performance test, benchmarks, but also use on multiple computers is often restricted.

3.2.2.1 Proprietary software licenses When the rights-holder chooses to use a proprietary software license, it grants the end-user use of a copy of the actual software, without losing the ownership of the program. Rights-holders choose this license to reserve certain rights for themselves. Consequently, it is typical that these EULAs have terms which specifically define what the end-user is allowed to do, and more important, what not to do. If the end-user chooses not to accept these terms, he is not allowed to use the software, or he only gets access to some parts of the software. Perhaps the most popular example of a proprietary license is that of Microsoft Windows. It is common practice to include a list of activities that the end-user is not allowed to do. These terms are therefore very difficult to circumvent without breaching the license.

3.2.2.2 Exclusive rights The owner of the proprietary software has exclusive rights over the software. The owner can restrict the use of the software, restrict the inspection of the source code, prevent modification/tinkering of the source code, or restrict redistribution by putting specific provisions in the EULA.

3.2.2.2.1 Use of the software Software vendors often limit the number of computers on which the software can be installed. These restrictions are implemented by a technical measure such as copy protection or by using a hardware key.73 Another commonly used method is that vendors distribute different versions of the software. These versions do not include particular features of the software. Some of these versions of software are only for certain fields of endeavour, such as non-profit use, non-commercial use, or education.

An example in the EULA of Microsoft Windows XP states:

’You may install, use, access, display and run one copy of the Software on a single computer, such as a workstation, terminal or other device (“Workstation Computer”). The Software may not be used by more than two (2) processors at any one time on any single Workstation Computer. ... You may permit a maximum of ten (10) computers or other electronic devices (each a 'Device') to connect to the Workstation Computer to utilize one or more of the following services of the Software: File Services, Print Services, Internet Information Services, Internet Connection Sharing and telephony services.”74

3.2.2.2.2 Inspection, adaptation and modification of software Software which is subject to a proprietary license is often distributed in compiled form. The vendor retains the source code, or the human-readable version of the software.75 This is referred to as closed source software.76 By preventing disclosure, users are unable to understand how the software works

73 Copy protection, as the name suggests, is any effort designed to prevent the reproduction of software. 74 Microsoft, “End User License Agreement for Microsoft Windows XP Professional Edition Service Pack 2", p.1, (01 April 2005). 75 Heffan (1997) quotes: "Under the proprietary software model, most software developers withhold their source code from users." 76 Wheeler (2009), p. 25-33.

20 and are therefore not able to change the software. Due to this limitation, users are not able to study and root their software, and not able to look for possible security flaws or malicious features. Richard Stallman, who is the founder of the Free Software Foundation, says that proprietary software includes:” malicious features, such as spying on the users, restricting the users, back doors, and imposed upgrades…”77

There are further ways where end-users can be hindered. While most of the software which is distributed under a proprietary license is without the actual source code, some do make the source code available. An example is vBulletin, the internet forum software. Customers who agreed with a vBulletin license are allowed to change the source for their website. The downside is that they are not allowed to redistribute it. This is made possible because of a non-disclosure agreement or a license that only allows the customer to study and modify the software, but not redistribute it. Another method used by vendors, is the use of an obfuscated code to hamper possible end-users from reverse engineering the software.78

3.2.2.2.3 Redistribution Redistribution is the third exclusive right rights-holders/vendors have. They can prohibit users from redistributing the software to others. If another party wants to use the software an additional license is required.

What is often seen is that the vendor can prohibit the distribution of modified or adjusted software. The vendor can, through this limitation, prevent that the source code stays in it’s pure form as distributed in the first “sale”. Redistribution can also be used as a marketing tool to get your software distributed. Shareware is closed-source software whose developers encourage the redistribution of which. Users who download this software get a free trial, which is mostly for single computer or user. After this free trial period the ”shareware” software turns into “cripple-ware”, which means that some of the important features of the software are no longer usable.

3.2.2.3 Granted rights under different licenses Software licenses can roughly be divided into two groups, pertaining to the software which they apply to, namely, propriety software licenses and the so called open source license. The distinction between these software licenses is found in the rights that are granted with each license, especially in regards to the right to modify and re-use the software. With an open source software license you are allowed to modify the source code (‘’open source’’). Proprietary software does not allow you to modify the source code and is therefore hidden (‘’closed source’’). The American lawyer Mark Webbink made a table 79 clarifying those rights granted under different licenses, a copy of which can be found below.

Furthermore, next to granting rights and expressing the limitations of use, licenses often include provisions about liability and responsibilities between the two parties. In commercial agreements, for instance, these licenses also include warranties and indemnity provisions if the software (accidentally) infringes intellectual property rights of other rights-holders. Next to licensed software you also have unlicensed software which is out of the scope of copyright protection. This unlicensed software is either 80 software in the public domain or software which is handled as business trade secrets. The general thinking of unlicensed software is that it is part of the public domain. This is not true, unlicensed software is therefore still copyright protected. Only when the copyright term has expired it passes into the public domain.

77 GNU Project - Free Software Foundation, ‘’Why Open Source Misses the Point of Free Software “, (n.d.). 78 A. Binstock, "Obfuscation: Cloaking your Code from Prying Eyes", (20 April 2008). 79 L. Troan, "Open Source from a Proprietary Perspective", (2005). 80 T. Hancock, "What if copyright didn't apply to binary executables?", (28 August 2008).

21 Rights Public Non- Protective Freeware/ Proprietary Trade granted domain protective FOSS Shareware/ license secret FOSS license (e.g. Freemium license (e.g. GPL) BSD license Copyright No Yes Yes Yes Yes Yes retained Right to Yes Yes Yes Yes Yes No perform Right to Yes Yes Yes Yes Yes No display Right to Yes Yes Yes Often No No copy Right to Yes Yes Yes No No No modify Right to Yes Yes, under Yes, under Often No No distribute same same license license Right to Yes Yes No No No No sublicense Example SQLite, Apache Linux Irfanview, Windows, World of software ImageJ webserver, Kernel, Winamp Half-Life 2 Warcraft ToyBox GIMP Server side

22 3.3 Patent law Software is explicitly excluded from getting patent protection according to the European Patent Convention (EPC). According EPC law ‘’computer programs as such’’ are excluded from getting a patent. However, if a computer program is not ‘’as such’’, as in our case with embedded software, it is possible to get patent protection for your software. Article 64 (3) EPC states that: “Any infringement of a European patent shall be dealt with by national law”, therefore I will use the Dutch Patent Act in further examples.

3.3.1 European Patent Convention For years, the Member States of the European Union failed to establish a unitary right for patents within Europe. A reason for this could be that since 1973 the European Patent Convention has existed. The system introduced in this Convention is considered extremely efficient in obtaining patent protection within Member States and some non-EU states.81

The key to the EPC’s success is when applying for a patent at the EPO, there is no longer the necessity to apply in every European country you want protection. It is a single application, examination and registration procedure. When the EPO grants the patent, you get patent protection in the countries you designated during the application. However, it is not a unitary right, which is enforceable. You only get a bundle of rights for each designated country. In case someone infringes your patent in multiple countries, you still need to go to the national courts of each country.82 Another problem is the high costs of applying for a patent. If you choose six different countries to have patent protection, you need to translate your application also in six different languages for instance.

Because of these high costs and legal uncertainty created in the EPO applying procedure, there was a need to have a patent procedure with unitary rights. Therefore, the European legislator came up with the Unitary Patent Regulation (UPR)83 and the Unified Patent Court agreement(UPCa).84 Under the UPR, a patent would become a European Patent based on the EPC to which unitary effect is granted after the grant of the patent.85 In addition, a unified court will be established which will judge over infringement and invalidity claims filed with regard to the unitary patents as well as bundle patents (which originate from the EPO).

3.3.2 Exclusive rights in patent law Infringement of a patent occurs when a third party makes, uses, or sells the patented invention without being authorized by the rights-holder to do so. Patents within the EU are still enforced on nation-by- nation basis. This means that if you produce a product in China, which infringes a U.S. patent, this would not be considered as an infringement. If the same product would be exported to the US, then it would be an infringement.86

A patent gives the rights-holder an exclusive right to exploit his invention in the broadest sense. Article 64 EPC contains a link clause referring to the scope of the patent rights of the Member States. Hereinafter, I will base my findings on the Dutch Patent Act (DPA).87 Article 53 DPA makes a distinction between the invention described as a product, and the invention described as a method. The holder of a patent on a product has the exclusive right to manufacture the product in, or for, its business. He has the right to use, to enter it into service, to resell it, to lease it, to deliver or otherwise to trade this

81 Kur/Dreier (2013), p. 87. 82 Ibid. 83 Unitary Patent Regulation (EU) No 1257/2012. 84 Agreement on a Unified Patent Court. 85 Kur/Dreier (2013), p. 89. 86 Mallor (2012), p. 266. 87 Rijksoctrooiwet 1995.

23 product off. Additionally, for accomplishing one of these above-mentioned rights, he has the right to import or to have this product in stock. A patented method is usable by the rights holder in, or for, his business and, the product that is directly obtained by the patented method, can be exploited by the patentee in every above-mentioned way.88 Article 64, paragraph 2 has a provision of the substantive law that a European patent for a method also extends to the products that are taken directly obtained by such method.

3.3.2.1 Reserved acts: a product Article 53 DPA provides under paragraph (a) a list of the operations covered by the scope of a patent to a product. The definition of manufacturing also includes multiplying in the Netherlands or downloading a patented software under the concept of manufacturing. In addition to the manufacturing of the software, the rights-holder is exclusively entitled to use the software. This means the rights-holder has the right in the Netherlands to install the software on their computer and to use it. Then there is the option to sell the software or to put it into circulation. The term "putting into circulation" is widely interpreted in the Netherlands. The legislative history shows that every activity that puts the object in someone else’s disposal can be considered as “putting into circulation.”89

As already indicated, the offering of software creates particularly difficult questions, because these operations usually take place over the internet. In such cases, it is not always consistently clear whether this provision focuses on Dutch territory or not. It must be assumed that if the software in question is offered outside the Netherlands through a website, and this offer is also directed to a specific Member State, it can be considered as an act that is exclusively reserved to the patentee in that Member State. The person offering the software could then be sued in that Member State.90

3.3.2.2 Reserved acts: a method Paragraph (b) of Article 53 DPA lists actions that fall within the scope of a patent for a certain method. If the ‘software invention’ has been described as a method, the patentee will have the exclusive right to apply this method in his business or in an automated environment. In most cases, the process will consist of a method in which the computer is using the software to function in a better way. Loading such software on the computer of a business and using that computer are actions that fall under the control of the patentee.

It cannot be ruled out that, the software related invention, relates to a method of producing a product using that software application. According to Bakels, there are two types of software related method patents: (1) methods for the manufacturing of software, for example, for the testing of software or for localizing errors therein; (2) methods which describe what needs to be implemented to achieve a particular function.91 This also extends the rights of the patent holder into the product obtained directly by the application of the patented method. A condition for this is that the product is directly obtained by the application of the patented method; if, and in so far that the directly obtained product, in turn, is a tool for a different final product. Then, further commercialization of the final product will not fall under the scope of protection of the patent process.92

3.3.3 Contributory patent infringement According to the DPA, the patent holder can also enforce his patent against a third party or for the third party’s business –which is not entitled to use the invention- when the ‘means’ relating to an ‘essential element’ of the invention is being offered, or, assist others in violating the exclusive rights of the patent

88 Struik/van Schelven/Hoorneman (2010), p. 445. 89 Explanatory memorandum for ‘Wijzigingswet 1987’, article 30 ROW 1910; and HR 1 mei 1964 (Probel/Parke Davis). 90 Struik/van Schelven/Hoorneman (2010), p.449. 91 Bakels (2003), p. 428 and further. 92 Struik/van Schelven/Hoorneman (2010), p. 450-451.

24 owner.93 This is called indirect patent infringement or contributory infringement.94 A condition is that the offering, supplying, and the use of the invention takes place in the Member State itself. It does not matter whether it was offered from the Member State or from abroad. In both cases, there may be an infringing act in the State. Moreover, it is required that the third party knows that it is clear in light of the circumstances that those means are suitable and intended for the use of the patented invention.

The non-harmonised patent laws create differences within Member States. In the Dutch case of Sara Lee/Integro the Dutch Supreme Court contemplated whether supplying coffee pads, of an espresso machine which is patented, amounted an indirect infringement.95 The Dutch Supreme Court decided that the use of coffee pads in order to make the invention work does not make them an essential element of the espresso machine.96 Moreover, the Dutch Supreme Court stated that an element can only be considered as essential whereby it distinguishes the teaching over the prior art.97 The German approach is different. The German Court has held that the factor in deciding if it is an “essential element”, was whether the “means” can be considered as essential or in secondary rank/importance to the patent claim. The Court further stated that known (individual) parts could still be subject to contributory infringement when used in a patented combination.98

When applying this to software, the “essential element” of the new and non-obvious functionality of the embedded software could contributorily infringe a patent. Often end-users offer the technical facilities that others can use for modifying software, this in turn causes the act which is infringing of a patent. Contributory infringement could also exist, for example, in a method patent, when the third party does not apply the method, but rather provides a product that is essential for the application of that method. An example in software-related inventions would be if the invention is an embedded software device and the third party only provides the software on the market. This third party does not directly infringe the patent of the rights holder by putting it on the market. At most this could constitute indirect infringement of that embedded software equipment, if it entails the application of the patent.99

Article 73 DPA should ensure that the patentee is protected against indirect infringement. The patent holder may invoke its patent against a person in the Netherlands which offers or provides “means relating to an essential element of the invention” to third parties. The question arises as to what should be understood in this connection with “means relating to an essential element of the invention”. In a software related invention which, for example, has been patented in the form of a system claim, comprising a computer system having certain features and functionality that can be achieved by this embedded software, will quickly be considered as a means relating to an essential element of the invention, because it is clear that this embedded software leads to the function of the invention for which the patent is granted. This might also be possible when the invention is described in a method claim. The offering and supplying of embedded software on a computer that enables the method could therefore also be interpreted as a “means.”100 The legal text is unclear whether "means" are exclusively physical means (tangible assets) or also could involve, for example, certain documents on the basis of which the patent could be applied. Another example could be a particular development-tool that is used to develop specific software which, when combined with a computer, results in the application of the invention.101

93 Albert Jr. (1999), p. 414 94 Johnson (2010), p.517 95 Johnson (2010), p.518. 96 Ibid. 97 HR 31 Oktober 2003, NJ 2006/600 (Sara Lee/ Integro). 98 Bundesgericht Hof, 4 May 2004 (Flügelradzähler). 99 Struik/van Schelven/Hoorneman (2010), p. 516. 100 Ibid, p. 517. 101 Ibid, p. 516-519.

25 3.3.4 Difference with copyright protection The coexistence of copyright and patent protection for software, of course, raises the question why an inventor/developer needs to apply for a patent for a software-related invention, if it can already rely on copyright protection of the same software.

The answer is that copyright and patents protect different ‘right objects’, and the nature of their protection is different. A relevant comparison of copyright and patent protection of software requires a closer view of the ‘right object’ and the exclusive rights in both intellectual property rights. Copyright provides protection for a concrete work, while a patent protects an inventive idea for which various options are possible. Regarding software there would be roughly a distinction between the activity (the effective, functional aspect or functionality) of the software that may be subject to a patent, and also the concrete expression (the form, the way the software is written in source code, object code, or described in the preparatory material) of the software, which may be subject to copyright protection.102

To the extent that a patent relates to an aspect of specific software that is also protected as a copyrighted work, the copyright holder reserves rights of reproduction and distribution, which are fully covered by the rights granted to the patentee. But by itself, the wording of the patent law, namely, “manufacture, use, putting into circulation and offering or for any of these purposes, importing or having in stock” is so broad that any act of “reproduction” or “communicating to the public” falls within the scope of copyright law. In addition, the patent protection is not characterized by a long list of restrictions on the exclusive right which generally does apply to copyright. At the same time, however, the list with limitations for software is considerably shorter in copyright protection, namely what are specifically included limitations in the SW Directive.103 Therefore, it can be said that patent law generously allots the recipient with more reserved actions than copyright does, but is more limited in scope because it does not interfere with actions in the private sphere. However, for software, these differences are less marked. In many cases, the extent of the patent protection of a software shall be wider than copyright, because in patent protection each product can be addressed with corresponding functionality or operation, while for copyright protection, the requirement is that the form in which that functionality or operation was also copied.104 In addition, the process of comparing is also different. In patent law, there is no comparing of products but is has to be seen to what extent the allegedly infringing product falls within the scope of the claims of the patent. In contrast, in copyright law both software products (i.e., the program codes) are compared with each other.

To summarize, it is useful to examine if an innovative software solution, before the disclosure to third parties, is patentable and, if so, to apply for a patent. Certainly, if a software-related product contains an innovative solution which is durable for commercial purposes, it is important to take advantage of the extensive protection provided by patent law –next to the ‘automatic’ protection that copyright provides.105 Sadly, this same overlap between different IP laws makes the rooting possibilities for end- users even smaller.

102 Ibid, p.456. 103 Ibid, p.457. 104 Ibid, p.459. 105 Ibid.

26 3.4 Trade secret law Trade secrets are commonly known as information that has high value for a company and is therefore treated as confidential. These trade secrets often give companies a competitive advantage over other companies. European companies are increasingly exposed to the embezzlement of trade secrets. Therefore, the European Commission is working to harmonise the existing diverging national laws on the protection against the embezzlement of trade secrets so that companies can exploit and share their trade secrets with privileged business partners across the internal market, turning their innovative ideas into growth and jobs.106

Since copyright protection does not apply to ideas or algorithms, the traditional domain of patent law is often inaccessible to most of the software vendors because of the high standards of protection and the investment that is needed in advance when obtaining a patent107, trade secret protections need to fill the gap. There are several reasons why trade secret law could come in handy. First, the scope of protection is broad. A lot of things can be considered as a trade secret, particularly when fulfilling the criteria given below. This means that a software developer can protect a subroutine, an algorithm, or even the whole software. Secondly, trade secret law does not put up barriers against further development of the software industry by prohibiting independent creation, just like copyright law. Thirdly, the duration of protection could be infinite, as long as the subject matter is not generally known and kept secret. Finally, there is no need of an agency or an application procedure or even filing fees.108

3.4.1 European Trade Secret Directive 2016/943/EC Trade secrets play a crucial role for both small and large companies. Whereas big companies have the resources to build a large portfolio with intellectual property rights, small companies do not have these resources. Therefore, trade secrets are more important for smaller companies and act as an incentive to innovate. Smaller companies rely on trade secrecy law in order to keep their knowledge safe.109

During the making of this thesis the new European Trade Secret Directive (ETSD)came into force.110 This directive, for the first time, introduces a definition for a trade secret. A secret is considered to be a trade secret when it:

• is secret, • has commercial value because it is secret, • has been subject to reasonable steps (to keep it secret).111

This definition can be considered identical with the wording in the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS ) and the definition which the US gives to trade secrets.112 However, this does not mean that software as such is directly protected under trade secrecy law. Unlike patent protection there is no registration needed to enjoy protection under trade secret law. It totally depends on the actions of the developer and whether the software can be considered a trade secret is based exclusively upon their actions. The object code of the software isn’t of that importance; the actual trade secret is the source code. Unlike the object code, the source code can be used to modify and improve the software without much effort.113

106 European Commission, “Trade Secrets” introduction. 107 Dratler (1985), p.45. 108 Ibid, p.42-44. 109 ETSD (European Trade Secret Directive) Recital 1. 110 Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure 111 ETSD, article 2(1). 112 TRIPS Agreement article 39(2) and US Uniform Trade Secret Act. 113 Dratler (1985), p.30.

27

3.4.2 Article 4 European Trade Secret Directive Paragraph 1 of article 4 of the ETSD dictates Member States must safeguard trade secret holders who should apply for remedies, measures and procedures to prevent, or obtain redress for, the unlawful acquisition, use, and disclosure of their trade secret. The crucial question in this paragraph is: who can apply for protection in case of unlawful acquisition? It is unclear how this is going to be solved on national or European level. Next to this problem, the question arises how to determine the non-existing consent of the trade secret holder, which is essential for determining the unlawful acquisition. In theory, the trade secret holder should be able to show the lack of consent relying on the contract and the overview of persons who had access to the information. Encouragingly for trade secret holders, the European legislator added “under the circumstances”, which means the national courts could assess this on case-by-case.114

Article 4(2)(a) and (b) give two possible scenarios under which acquisition of a trade secret without consent of the trade secret holder is unlawful. The legislator added paragraph (b) comprising of any other conducts which do not fall under the conducts of paragraph (a), as unlawful, if it is considered contrary to honest commercial practice. In the initial Proposal, the Commission had proposed that when assessing unlawfulness, it first has to pass a level of gross negligence. This was rejected by the European Parliament which found it too subjective and replaced it with a more objective assessment. Adversely, the issue of what to consider “honest commercial practices” continues to spoil the optimistic effect of article 4(1) has on the calculation of national laws.115

Article 4, paragraph 3, specifies:” The use or disclosure of a trade secret shall be considered unlawful whenever carried out, without the consent of the trade secret holder, by a person who is found to meet...” one out of three criteria: (A) a person having acquired the trade secret unlawfully; (B) A person being in breach of a confidentiality agreement or any other duty not to disclose the trade secret; (C) a person being in breach of a contractual or any other duty to limit the use of the trade secret. Paragraph 3 is the main article for infringements in relation to third parties. It does not only include persons who have acquired a trade secret unlawfully, but also persons who are connected to the trade secret who are in breach of any duty.

The fourth paragraph of article 4 lays down the scope of third party liability. This provision states that secondary receivers of the trade secret, who were aware, or should been aware, that the person leaking the trade secret had acquired the trade secret unlawfully are also liable. By including the words “directly or indirectly” the scope is even further broadened, including possible agents or intermediaries. This means that third parties, under this new directive, need to exercise a high level of due diligence when acquiring useful information.116

The last paragraph, paragraph 5, is somewhat similar to paragraph 4. The difference with the latter paragraph is that this paragraph relates to infringing goods. According to paragraph 5, importing and exporting infringing goods are regarded as unlawful acts, which clashes with the freedom of movement. This would be logical if it would relate to third countries, but there is no convincing evidence this article should not relate to movement of goods within the Community. Additionally, the provision does not clarify whether consumers, who import or export infringing goods, could also be held liable. This is wrong, given that the sole use of goods that profit from trade secret embezzlement does not comprise a violation.117

114 Junge (2016), p. 64. 115 Torremans (2015), p. 33. 116 Junge (2016), p. 66. 117 Knaak/Kur/Hilty (2014), 960f.

28 Article 4 needs clarification concerning terms in provisions and the lack of definitions. This needs to be done very quickly by the legislator or by courts obstructing legal certainty. Terms like “honest commercial practice” need to be clarified in order to ensure a steady interpretation in Member States.

3.4.3 The effects of adapting the Directive The adaptation of a new Directive which should ensure the safety of secrets and know-how of companies sounds positive. Sadly, there are also downsides, especially for end-users who find malicious software.

3.4.3.1 A right to hide wrongdoing The adaptation of the Directive will cause Member States to broaden up the definition they gave to trade secrets before the adaptation. Member States could decide on their own what information is protected and what falls outside of the scope. Article 2 of the Directive does not exclude information about pending investigations, harmful, or illegal activities. Another problem is that the Directive provides a floor with minimum rules for trade secret protection, but it does not provide a ceiling. This means that Member States can decide to create criminal law provisions which could be further reaching than the Directive aimed. Criminal laws are surely to be updated in light of this new broad definition the Directive gives, while the exceptions in the Directive will not habitually affect these new criminal law provisions.118 For end-users this could mean that when they discover possible harmful or illegal code in software they would not be allowed to publish it, depending on what the national legislation sees as a trade secret.

3.4.3.2 A chilling effect on whistleblowing End-users are often called hackers, pirates and sometimes whistle blowers when they “hack” into software and make their findings public. Not all of them, but some end-users can be considered as whistle blowers. This Directive will give big companies who are caught red-handed the opportunity to sue whistle blowers. What happens here is that the burden of proof is shifting towards the whistle blower instead of the company.

If you add this disparity above to the power imbalance between the whistle blower, who is often just a regular employee, and the company which is capable of affording lawsuits and lawyers, this causes a chilling effect on disseminating harmful actions. Repeated demonstrations have shown the frustrations of people who have had enough of relying on insiders to expose malpractice that evades national law enforcement and democratic oversight.119 End-users play an important role in discovering and unveiling these possible harmful and illegal actions to the public. They are the only ones who are truly capable of understanding the code and are therefore really useful and indispensable for unveiling technical flaws and flawed design decisions. The European legislator should be doing the opposite and giving whistle blowers the space they need in order to find these malpractices.

3.4.3.3 Threats to public safety and oversight The Directive does not make any distinction as to the purpose for which secret information is disclosed, acquired or used. This way companies are enjoying the privilege of not having corporate espionage or unfair competition. A more important fact is that companies are also not obliged to give unknown information for legitimate needs. The most recent and well known example is ‘Dieselgate’ showcasing Volkswagen. TÜV, the German car safety testing entity was not able to inspect the embedded software in the car engine. TÜV said it could not look into the software, because Volkswagen claimed trade secrets protection. Volkswagen was able to prevent TUV from revealing any flaws to the public. The EFSA ( European Food Safety Authority) assessed that the Monsanto herbicide (glyphosate) is unlikely to cause

118 Julia Reda, ’’EU gears up to attack whistleblowers with new trade secret laws’’, par. 1, (April 2016). 119 Ibid, par. 2.

29 cancer, contrary to World Health Organisations (WHO) findings, and did so based on industry sponsored studies.120 The examination is unavailable to independent scientists due to trade secrets claims.121

120 Corporate Europe Observatory,” Key evidence withheld as 'trade secret' in EU's controversial risk assessment of glyphosate”, (17 February 2016). 121 J. Reda, “EU gears up to attack whistleblowers with new trade secret laws’’, par. 3 - 4, (April 2016).

30 4 What are the legal possibilities for end- users when rooting software? Chapter four will discuss the possible opportunities in copyright law, paracopyright, patent law, and trade secrecy law. At the end of every subchapter a table will shortly summarize how far the selected exceptions are willing to stretch for end-users.

4.1 Copyright law exceptions Despite the Software Directive imposes restrictions on end users who want to root the software of their hardware, it simultaneously creates possibilities. This subchapter will show how supportive the exceptions in the Software Directive are towards end-users.

4.1.1 Exhaustion A general principle of copyright is that the copyright holder has no control over the further distribution of copies of his work after that copy has been placed by himself or with his consent on the market. This principle is called exhaustion. The SW Directive expresses the exhaustion principle explicitly, but brings, in favor of the copyright holder, also some limitations; exhaustion occurs only after the first sale of a copy in the European Community, and even after selling; the copyright holder retains control over further distribution of the copy in case of rental (article 4 paragraph 2). Exhaustion only affects the distribution right of a copy; the reproduction right is in no way exhausted or restricted by placing the software on the market.122 The exhaustion of the right to control further spreading of works relates only to one or more specific copies of the software. Only the distribution of those copies that are marketed by the rights-holder, or with his consent by transfer of ownership, is no longer governed by him. Supply of software other than on a carrier, for example by making available online, could in some cases lead to exhaustion.123

Article 4 SW Directive sets out a three-part scheme: 1: any form of distribution, including hiring, is prohibited without permission from the copyright holder,2: however, further distribution of copies after their first sale, by or with consent of the right holder within the Community remains possible. (exhaustion), 3: unless there is further rental of such copies, which remains to be prohibited without permission of the copyright holder.124 However, what exactly is exhausted is not very obvious when we apply this to digital products. When exhaustion is applied to tangible products, it is obvious the seller has no control over the distribution rights after the first sale. This can be applied to software on DVD’s, just as to shoes for instance. The problem nowadays is that software is “sold” digitally, which means there is no transfer of an actual tangible product because you download a copy of the original copy. In the 21st century these intangible products are not sold, but licensed in which a user is allowed to access and use the software but not to own or copy it.

The rights-holder can legitimise this license procedure under Recital 29 of the InfoSoc Directive.125 The question is how far can we apply this after the CJEU’s decision in the UsedSoft case.126 As discussed in chapter 3.1.2.3, the CJEU had to answer the question whether the exclusive distribution right was exhausted in line with article 4(2) SW Directive, if the legitimate owner made a copy after downloading the software from the internet. The CJEU concluded that the distribution right of the rights-holder was exhausted, provided that, the rights-holder gave the buyer a right to use for an unlimited time.127 In

122 Struik/van Schelven/Hoorneman (2010), p.139. 123 C-128/11 (UsedSoft v. Oracle). 124 Struik/van Schelven/Hoorneman (2010), p. 142. 125 Recital 29 InfoSoc Directive states:” the question of exhaustion does not arise in the case of ...on-line services.” 126 C-128/11 (UsedSoft v. Oracle). 127 Kur/Dreier (2013), p.309.

31 such circumstances, as the CJEU stated, there is a possibility that the rights-holder may obtain a remuneration consistent with the economic value of the software, at that time. Nevertheless, as exhaustion requires that the copy of the software must be made unusable at the moment the buyer wants to resell it, the initial buyer (or the reseller at that moment) is not allowed to sell to others those user rights he does not need for himself without authorisation of the right holder.128 The CJEU limited this case only to the SW Directive, this means that this case does not apply to other Directives, like the InfoSoc Directive. A German Court already affirmed that the UsedSoft decision is only applicable to software and does not reach beyond software.129 The All-posters case130 , and the Nintendo case131 provide some indications, but it is expected that the VOB case132 will give a final answer in this ongoing dilemma relating to the exhaustion principle. For end-users it is therefore difficult to decide when the rights of the rights-holder are exhausted when dealing with a totally digital/intangible product and the way they are exhausted. The exhaustion principle, as such, is not that relevant for rooting software apart from having the possibility to get a cheap legal copy. However, the combination with other exceptions makes it interesting.

4.1.2 Intended purpose One of the most obscure parts within the definition of user rights in the SW Directive is the provision in article 5(1). This article states that the lawful acquirer -apart from any contractual clause – can perform every act provided in article 4 paragraph 1 sub (a) and (b) of the Directive when they “are necessary to be able to use the program for the intended purpose.” So this means: reproduce, translate, adapt, change, etc. In the directive the meaning of “intended purpose” is not specified.133

The question arises whether the “intended purpose” is always determined on functionality. For example, the purpose of the word-processing software, is word processing. Another example is, software used for financial administration or creating spreadsheets, is not allowed to make drawings with. Another interpretation may be in a quantitative sense, and could therefore be limitative. For example, the purpose of the software is to be used only on one CPU. The other way of approaching intended purpose looks at the subjective intentions of the parties. Intended use, by definition, by using the word “intended” itself, creates a subjective character. There is a person (subject), or more people who have something intended or wanted. When it comes to software provided by, or on behalf of, a copyright owner to a user, the purpose is often determined in an agreement.134 When there isn’t an agreement, the intentions of both parties need to be objectified. This means laying the intentions of similar parties relating to similar software next to each other and look what would be their intended purpose in a similar situation. This can largely be determined by examining the usual branch agreements between copyright owners and users to see whether the litigious use is the intended use. Even if a user has legitimately bought software from another party, and there is no contract or joint will, "intended purpose" of that particular software will also be determined by looking at similar or analogous cases. For end-users this subjective criterion of “what have the rights-holder and user wanted with the software”, is less preferable to the exclusive use of an objective criterion such as “the nature of the software.”135 If a dispute arises between a copyright holder and the user as to whether a particular action (which is not explicitly clear in the contract) or not covered by the “intended use”, it will be left to the user to prove that it is an act which is needed for the intended purpose. This vagueness of the term “intended use” could be useful for end-users (objective criteria). If the rights-holder of the software

128 Ibid. 129 Case No 4 O 191/11, Landgericht Bielefeld, 5 March 2013, concerning e-books. 130 Case C‑419/13 (All posters/Pictoright). 131 C-355/12 (Nintendo Co. Ltd and Others v. PC Box Srl), par. 23. 132 C-174/15 (VOB v. Stichting Leenrecht). 133 Struik/van Schelven/Hoorneman (2010), p. 168. 134 Spoor/Verkade/Visser (2005), p. 596. 135 Struik/van Schelven/Hoorneman (2010), p. 169.

32 had the intended purpose of making the battery last longer by using that software, and an end-user modifies the software, resulting in a longer battery life, it is still within the “intended purpose.”136

To sum up, the exhaustion and the intended purpose principles alone are not that useful when the end- user wants to root his software. However, when combined together they are. Once the rights of the first rights-holder are exhausted, the buyer becomes the lawful acquirer, which should make it possible for them to reproduce, translate, adapt, and change the software from its intended purpose.

4.1.3 Line-monitoring and decompilation The SW Directive affords the lawful acquirer with the opportunity to line monitor (also known as reverse engineering) copyright protected software. Article 6 of the SW Directive, creates the possibility that the user of software without consent of the owner decompiles the product and translates it into another code form to expose the specifications of the interfaces of the relevant software. The information obtained this way may only be used for the development of new, interoperable software. This provision constitutes a restriction on the exclusive right of the copyright holder.

Decompilation or translation of the code form of the software is covered by article 6 and shall be permitted only if it is done to retrieve information from the software with the aim of developing new interoperable software. Without such a provision, the development of the software industry and the making of 'compatible' equipment would be frustrated. Interoperability of software is defined in the recitals of the SW Directive as the ability of a program to exchange information and to use the information exchanged. Generally speaking, achieving interoperability requires a properly functioning software-to-software interface or a software-to-hardware interface. These interfaces are to allow the desired interaction and matching. Article 6 Software Directive focuses only on the interoperability of software on one another.

In the world of information technology, the term "interoperability", just as "reverse engineering" and "interface", has no fixed meaning.137 Hence, the understanding of the highly complex phenomenon of software also gives rise to substantial and difficult discussions in the legal sphere. The decision of the European Commission on March 24, 2004 Microsoft testifies to this.138 The vast majority of the more than three hundred page long constituent decision revolves around the interpretation of issues concerning interoperability. In its ruling on the action brought by Microsoft, the Court of First Instance of the EC addresses extensively the question of what is meant by interoperability and what interoperability relates to interoperability protocols.139 The SW Directive provides only a short definition in paragraph 10 of the preamble, which, moreover, must be understood in light of the preceding sentences in paragraph 10: "Such interoperability can be described as the ability to exchange information and in order to use this information exchanged with each other."

Interoperability is not a question of all or nothing. The ability within a computer system to exchange information and to use the information exchanged, is in practice, of varying degrees. For example, it can happen that one program A is supported by the functionality of the other program B, without which the reverse would occur. Such limited interoperability is also referred to as “one-way interoperability”. The words of the SW Directive seem to indicate that the exception of article 6 is limited in scope and only looks at the so-called “two-way interoperability” in respect of the term “mutually” found in paragraph 10 of the preamble. However, the European Commission takes the view that, in principle, it does not matter which program is analysed, as long as the investigation is aimed at achieving interoperability.

136 Ibid, p. 171. 137 Van Lier (2009) 138 Commission Decision of 24.03.2004 relating to a proceeding under Article 82 of the EC Treaty (Case COMP/C-3/37.792 Microsoft) 139 Struik/van Schelven/Hoorneman (2010), p. 222.

33 The text of the SW Directive seems to allow this. Article 6 of the Directive speaks of interoperability “of independently created computer program with other programs.”140 This idea is in line with recital 15 of the Directive, stating that the plea of interoperability “among other things aims at enabling all components of a computer system, including those of different manufacturers, to link to each other, so that they can work together.”141

Nonetheless, there are some restrictions. The Directive lays down a number of conditions for valid reverse engineering. Due to the accumulation of numerous conditions, the rules for software reverse engineering proved to be very difficult for users and producers in practice. First, the circle of persons entitled to do so is limited to licensees and other legitimate users and third parties engaged by them. The law does not require that the person entitled to reverse engineering needs to be the copyright owner itself in order to achieve interoperability.142 To give an example; if a person is the lawful acquirer of software A, he can reverse engineer the software with the purpose of interoperability with program B, irrespective of what legal relationship he has to the creator of program B.143

Some requirements of article 6 have a copyright slant. If these requirements are not fulfilled it results in an infringement. These requirements are that (1) the requested information is essential in order to achieve interoperability, (2) information is not readily available, (3) the reproduction should be limited to what is necessary for interoperability and (4) information obtained may not be used for a copy product. In addition to the requirements in paragraph 1, article 6 paragraph 2(a) sets out a number of rules that seek to limit the use of information obtained through reverse engineering. Information obtained shall not be used for any purpose other than interoperability and should only be provided to a third party who is involved in achieving interoperability.144

4.1.3.1 Difference between article 5(3) and article 6 of the Software Directive From a copyright point of view, the law stipulates that the owner of a copy of a program has the right to observe, study and test the effect of the program during use. For those actions there is no additional reproduction required, and thus already falls outside the field of copyright.145 The same too applies regarding testing, whereby the individual who was already entitled to use the program is also entitled to test it. Testing can be seen as running the software and running the software but with a testing purpose instead of an operational purpose. The question of what "observing and testing” exactly means is becoming increasingly important to the extent that determining when licensing would attempt to prohibit such actions is a key area.

In contrast to article 5(3), article 6(1) provides a narrower definition of discoverable ideas under the decompilation exception, however it also privileges reproduction and discovery aimed at discovering ideas when the conditions in subparagraph 1 and 2 are met. This is also evident in the text of both articles. Article 5(3) pardons any observation, study, or testing in order to find out the ideas underlying ‘’any element of the program’’. In contrast, article 6(1) only pardons ‘’parts of the original program which are necessary in order to achieve interoperability’’. On the plus side, article 6 allows the reproduction of a competitor’s source/machine code including the translation, when ‘’indispensable to obtain the information necessary to achieve interoperability of an independently created computer program with other programs.’’ Article 6 further stipulates that the obtained information cannot be used for making a program that is similar in its expression, or for any other act which infringes copyright.146

140 Ibid, p.223. 141 Ibid, p. 223. 142 Spoor/Verkade/Visser (2005), § 15.10, p. 606. 143 Struik/van Schelven/Hoorneman (2010), p. 223. 144 Ibid, p. 225. 145 Spoor/Verkade/Visser (2005), § 15.6, p. 600. 146 Goldstein (2001), p.388-389.

34

It is in this context noteworthy that article 6 of the SW Directive appears to facilitate the development of cracking software. For cracking software to function, after all, it must be interoperable with the product whose security is compromised, removed or circumvented; interoperability is a prerequisite to effectively break or circumvent protection measures. Although certain acts relating to cracking software are punishable (such as to distribute, store, import, export and transit) and this criminalization clearly suggests that the legislature looks very averse to cracking tools, the sentence for cracking software is not severe enough for it to be considered a criminal offence.

4.1.4 Back-up copy Article 5(2) of the SW Directive provides that the making of a copy (backup copy) by the lawful user cannot be prohibited by contract if it is necessary in the use of the program for its intended purpose. Article 5(2) apparently assumes that such a backup copy, in the absence of specific contractual provisions, is already allowed under article 5(1), but adds (which is repeated in article 8) that a contractual term which prohibits a necessary back up copy is null and void. This article does not add anything new, or create any opportunities for end-users who want to root the software of their device. The reason for this is because a back-up copy cannot be used for anything else other than back-up purposes. When a back-up copy is made for other purposes this constitutes an infringement.

4.1.5 Adaptation The SW Directive gives the copyright holder a strong position with respect to maintenance of software. As a starting point, article 4(1)(b) of the Directive expresses the idea that “the translation, adaptation, arrangement and any other alteration of a computer program and the reproduction of the results thereof 'are the exclusive rights of the copyright holder.” Adaptation typically involves performing operations and making changes in the software. In principle, these acts are therefore subject to the consent of the owner.

Of course no permission is required from the copyright owner if articles 5 and 6 of the Directive are applicable, which, as an exception to the general rule, grant some user privileges like reverse engineering. Article 5(1) SW Directive states that the lawful acquirer may reproduce a program, or carry out a translation, adaptation, arrangement and any other alteration, as these acts “are needed to use the software for its intended purpose”. In such cases, no consent of the copyright holder is necessary. Expressly, the Directive adds to the provision that correcting errors is the responsibility of the lawful acquirer.147 This could be useful when applied to the battery life example mentioned in section 4.1.2. If the battery does not function properly because of the software, this could be considered as a software bug, which needs adaptation. An end-user could therefore examine the software and correct possible flaws without infringing any rights of the rights-holder. In order to adapt, we first need to know the definition of an error/bug.

4.1.5.1 Definition of ‘errors’ The SW Directive does not give a definition of errors. Suppliers and buyers rarely put this concept in their agreements. In general, errors can be considered primarily to be software bugs that need to be removed in order to guarantee the operational functioning of the system, such as viruses, initialization errors and deadlocks. Errors in software can also relate to the communication back and forth with hardware or some other software. Often errors are caused by incorrect or general specifications that are used in the development of software.

The adaptation of software with the aim to improve the quality or the functionality may, in general, not be seen as an adaption of the software. For example, where the software functions properly, but the

147 Struik/van Schelven/Hoorneman (2010), p.191-193.

35 end-user wants to improve certain functions. While such adjustments better facilitate the use of the software, they are not necessary in order to continue using the software. Examples of adjustments might include: improving response times, increasing operating convenience, adjusting the software (company) standards and installing passwords and other protections. It is possible that a particular element of a software will, after a certain lapse of time, develop an error. For example, it may be seen in a billing program that lists tax sales with correct percentages at the beginning, which, in a later scenario are no longer correct due to a subsequent amendment. Reasonably, it can be assumed that these obsolete percentages are errors in the sense of the SW Directive. The right to adapt by the user therefore extends thereto. It would be wrong to believe that a mistake, in copyright sense, only exists if an error occurs in the phase of manufacturing of the product; if an error manifests itself as a result of a subsequent external circumstance it does not in itself affect the classification of such as a mistake or an error.148

4.1.5.2 Contractual aspects of software ‘errors’ Article 5(1) of the SW Directive states that the right of the lawful acquirer to correct errors in the software is subject to the caveat "in the absence of specific contractual provisions." This provision should be read in conjunction with the preamble of the Directive.149 On that basis, it seems to be assumed that the reproduction that occurs in the course of correcting errors cannot be prohibited by contract, the correction right has binding legal character. This is often used to restrict the licensee in a maintenance agreement.

In practice, maintenance agreements often include the following provisions in the event of a breach which is outside the context of error correction. First, the agreed warranty rights, which are usually tantamount to repair defects in the software, are cancelled, just as are any further agreed maintenance obligations. The same applies to the provision which includes the obligation to safeguard the user against claims by third parties for infringement of intellectual property, or corrections made by the user himself or on his behalf. Furthermore, users are required to log every improvement made to the software and transfer the copyrights resting thereon to the supplier, or give the supplier the right of exploitation for those adjustments. Not least, it is possible to agree with the act of fixing errors by the user, that the effects of the fix will limit the liability of the supplier.150

4.1.5.3 Releasing the source code for maintenance Often the user will need the source code and other information for making adjustments in the software and correcting errors: what compilers have been used to create the software, the options of compilers, which help-software is used etc. Sometimes the source code is not required, for instance when using a debugger, a program that visualized the complete addressing of machine instructions, but for the use of a debugger you need have deep knowledge about the instructions and the architecture of the software. The user who has no access to the source code and other information for adapting the software will not be able to benefit from the law, which grants him the right to adapt.

Contrary to what the Confederation of European Computer Users Association (CECUA) has advocated in their Charter, the SW Directive imposes no obligation on the copyright holder to help if the user would wish to make changes to the software.151 Although the European Commission did state in its statement in the Proposal for a Software Directive that in some cases "it is virtually impossible that users can obtain the source code by negotiation". Literature also argues that the software users come off rather badly. There isn’t a proper guideline which outlines what the boundaries are in regards to the freedom of

148 Ibid, p. 195. 149 Preamble §13 Software Directive. 150 Struik/van Schelven/Hoorneman (2010), p. 198. 151 Vandenberghe (1988), p.118.

36 agreement with software maintenance issues.152 In practice, licenses often impose an obligation on the supplier to enter into a maintenance agreement for a certain period at the request of the customer. The writers Berkvens and Alkemade have also pointed out that refusal by the supplier could lead to an abuse of power and breach of competition law where the supplier refuses on reasonable terms to maintain the provided software.153

Whether a user of software is entitled to obtain the source code is determined by the content of the agreement and the reasonable interpretations thereof. The SW Directive, as indicated, gives neither rules nor an indication. Sometimes the agreement between supplier and buyer expressly denies such claims. Sometimes it explicitly obliges the release of the source code, which is often regulated in a source code license or an escrow agreement for deposit of the source code. In most other cases it comes down to contract interpretation to determine whether the user of the contract may derive an entitlement to obtain the source code. For end-users with these software, the reading of the fine print of the license remains the way to determine if rooting is allowed without infringing.

4.1.6 Does the Software Directive create opportunities for end-users? The exhaustion principle, the intended purpose, reverse engineering, decompilation and adaption. These are the possible exceptions in which there could be an opportunity for end-users to root or modify their software. Sadly, the European legislator does not leave much playing ground for end-users. Right holders enjoy protection granted by the Software Directive over functional parts of the software (interface, language etc.), minimized scope for reverse engineering, and reap benefits from any after- market aspects. This can be seen in the articles drafted by the legislator (e.g. article 4). Although the European legislation have given some exceptions, it is still vague what the scope of these exceptions is. Therefore, we have to rely on case law.

An important case is: SAS Institute Inc. v World Programming Ltd (C-406/10). The CJEU set out that article 1(2) of the SW Directive must be read as that neither the functionality, the programming language, nor the format of the data files used, constitute a form of expression of that program and, therefore, are not protected by copyright under the SW Directive.154 However, to take back the little space just created, the CJEU said that although not suitable for protection under the Software Directive, they might be eligible for protection as copyright works under the InfoSoc Directive if they amounted to the author’s own intellectual creation.155 The same case also shed some light on reverse engineering and interoperability of a licensed software program. The CJEU stated that under article 5(3), there is no need for authorisation from the rights holder when a person wants to reverse engineer a licensed software to determine the ideas and principles which underlie it.156 Authorisation for such acts, to the extent that these included loading and running the program, was not required were they were necessary for the use of the program by the lawful acquirer in accordance with its intended purpose, including for error correction.157 This means there are some vague opportunities for end-users within the regime of the Software Directive, but they are very narrow/very limited.

The law itself does not provide certainty regarding the possibilities to root the software of your mobile device. Consider ‘Dieselgate’, with the malicious Volkswagen software: could this software be considered as software with an error? If yes, this could grant the end-users enough space to correct these bugs under the adaptation right. Moreover, literature does not provide any indication as to this. The available literature approaches these issues from the side of the rights-holder, and makes it really

152 Thole (1992), p. 74-78. 153 Berkvens (1991), p.231-236. 154 Case C-406/10 (SAS Institute Inc. v. World Programing Ltd.), par 39. 155 Ibid, par. 45. 156 Ibid, par. 47-50. 157 Ibid, par. 57; and K. Berry,” EU - SAS v WPL: When can you copy software without infringing copyright?”, (12 November 2012).

37 hard to interpret what possibilities there are if approached through the eyes of an end-user. This results in the following table with possibilities for end-users under copyright law:158

Group G1 Group G2 Group G3 Group G4

SW Dir: Exhaustion Yes No No n.a.

SW Dir: Int. Yes, if art. 5(1) SW Yes, if art. 5(1) SW No n.a. purpose Directive Directive SW Dir: Rev. Yes Yes, if art. 6 SW No n.a. engine. Directive (Decompilation) SW Dir: Back-up No No No n.a. copy SW Dir: Adaptation Yes, if art. 5(1) SW Yes, if art. 5(1) SW No n.a. Directive Directive

158 The meaning of these groups are discussed in chapter 2.1

38 4.2 Paracopyright In order to preserve the strength of exceptions in copyright law within the EU, it would have been wiser to not require Member States to intervene.159 Off course, this intervention creates possibilities for end- users. It is questionable whether Member States have taken the actions “in terms of establishing mechanisms for meaningful negotiations, evaluating the efficacy of voluntary measures, and acting forcefully and quickly when technical measures fail to respect copyright limits and exceptions.”160

4.2.1 Digital Rights Management 4.2.1.1 Circumventing TPMs: Article 7(c) Software Directive In the Commission’s proposal of the SW Directive, legal protection would only be granted, if the TPM was designed to limit acts of copyright infringement. Article 7 SW Directive clearly states that TPMs may apply to protect a software program only when it leaves the exceptions in article 4,5 and 6 unharmed.

“Without prejudice to the provisions of Articles 4, 5 and 6, Member States shall provide, in accordance with their national legislation, appropriate remedies against a person committing any of the following acts:…(c) any act of putting into circulation, or the possession for commercial purposes of, any means the sole intended purpose of which is to facilitate the unauthorised removal or circumvention of any technical device which may have been applied to protect a computer program.”

This article, as subparagraph(c) states, only targets cracks which “the sole intended purpose of which is to facilitate the unauthorized removal or circumvention”. This means that the imperative character of the exemptions in the SW Directive would never allow, for instance, the putting into circulation of TPMs, which would enable users to exercise one of these exceptions. The making of a back-up copy, as an example, would therefore never fall within the scope of article 7.161 A deeper analysis of subparagraph (c) implies that both acts of making devices necessary to circumvent and acts of circumventing TPMs are lawful, if these acts are done in order to apply any of the exceptions.162 For example, article 7 implies that an end user is allowed to circumvent a TPM which protects a software. This is only if the end-user’s goal is to reverse engineer the source code to achieve interoperability, and a reproduction is necessary in order to achieve that interoperability for a self-created software.163 However, the same act could be unlawful if the same act is excluded in a contract. For instance, article 5 provides an exception for acts which are necessary for the use of that software by the lawful acquirer in accordance with its intended purpose, including error correction.164

4.2.1.2 Software Directive and InfoSoc Directive v. DMCA It is important to show the difference between the lex generalis, the InfoSoc Directive, and the lex specialis, the SW Directive. The SW Directive is completed by means of civil sanctions, which are embodied in article 9(1). This means the legal interface between copyright, contract and technical measures is completed by civil sanctions. In the InfoSoc directive there is no connection to copyright infringement. Article 6(2) of the InfoSoc Directive, which is known as the “catch all” provision, considerably restricts the development and/or putting into circulation of devices which enable circumvention for the exercise of copyright exceptions.165

159 Vinje (2000), p.557. 160 Ibid. 161 Mazziotti (2008), p.101. 162 Heide (2003), p.16. 163 Article 6 Software Directive. 164 Mazziotti (2008), p.102. 165 Ibid.

39 Art. 6 InfoSoc Directive Art. 7(1)(c) Software Directive

Prohibited acts: Prohibited acts: Circumventing Yes - - Offering “cracks” Yes Putting into circulation Yes Manufacturing Yes - - Importing Yes Importing Yes Distributing Yes Putting into circulation Yes Selling Yes Idem. Yes Renting Yes Idem. Yes Advertising Yes Idem Yes Owning for commercial purposes Yes Putting into circulation and possession for Yes commercial purposes - - Practising Yes - - Exporting Yes

The broad definition in article 6(2) of the InfoSoc Directive with regard to the manufacturing, designing and distribution of circumvention technologies runs contrary to the good intent expressed in the last part of Recital 48. According to Recital 48, the legal protection in respect of technological measures “should not hinder research into cryptography”. Unlike the American DMCA, it does not say, that end- users who research cryptography are exempt from liability under article 6.166

The DMCA introduced a specific exemption in the US Copyright Act relating to anti-circumvention articles under the section 1201.167 These articles include a list with some factors under which acts of circumvention of a TPM are allowed. The only relevant provision relating to the DMCA can be found in Recital 50 of the InfoSoc Directive. Recital 50 makes clear that the too broad protection of TPMs in article 6 should neither hinder nor prevent the development or use of anti-circumvention TPM measures, if they are necessary to enable acts to be undertaken in accordance with the terms of art. 5(3) and 6 of the Software Directive.168 These articles of the Software Directive create copyright exceptions to the advantage of the “person having a right to use a copy of a computer program..”.

4.2.1.3 Overprotection of Digital Rights Management The use of DRM does not, as the enthusiast’s advocate, return the protection of intellectual property rights. Rather, it extends and reinforces the rights of the owners. Using DRM as a remedy to the counterfeit problem suggests that all copyright producers demand as extensive protection of their rights as possible.169 However, what the right holders often neglect is the fact that producers of IP derive considerable reputational gain from unauthorised circulation.

Moreover, some cases in the US against end-users by DRM companies have not been aimed at protecting content, but rather have been focussed on end-users who modified, or “hacked”, as they call it, devices to use them in another way. The commotion is based on the interoperability with other devices, rather than on the distribution and duplication of the software. Sony sued end-users for circumventing TPMs in the games console market, Lexmark tried to halt the use of refillable cartridges (embedded with a chip).170 This displays the temptation to use a technical device, justified on the basis

166 Ibid. 167 U.S. Code, Title 17, §1201(g). 168 Mazziotti (2008), p.102. 169 May (2006), p. 128. 170 Burk (2005), p. 564-567.

40 of discussions of legitimated copyright protections as a tool for governing markets and limiting competition.171

4.2.2 Does article 7(c) Software Directive, create opportunities for end-users? TPMs are extremely over-regulated. Three directives apply regarding TPMs and anti-circumvention, namely, the InfoSoc directive, the Software Directive and the Conditional Access Directive (CAD). This also means that TPMs are safeguarded by 3 different clauses, namely, article 1(2) and Recital 50 InfoSoc directive, recital 16 SW Directive, recital 21 CAD. This also means they protect 3 different subject matters. The InfoSoc Directive protects the use and economic exploitation of copyrighted works. The SW Directive protects the use and economic exploitation of software, whereas the CAD protects the unauthorized reception of conditional services regardless of whether they contain works protected by copyright. Differences regarding the scope of protection of TPMs according to the protected subject matter affect matters like the limitations of copyright law. The InfoSoc Directive is the only one of the 3 which condemns the circumvention per se.172 All three directives target the making, and dealing, of devices that facilitate circumvention, although their scope differs.173 This leads to the next table:174

InfoSoc Directive Software Directive CAD Manufacture/import Condemned Not condemned Condemned for (cracks) commercial purposes Distribution/Sale/Rental Condemned Condemned Condemned for commercial purposes Advertisement Condemned Not condemned Condemned for commercial purposes Possession Condemned for Condemned for Condemned for commercial purposes commercial purposes commercial purposes

It is inevitable to see the InfoSoc Directive and the SW Directive as two different Directives. There is a certain overlap between the two directives. Copyrighted works are offered in electronic formats with the help of software that generate the display of copyrighted works (e.g. e-books, games). The same TPM that prevents unauthorized access or uses the code that generates the output of the work, also prevents access or use of the work itself.175

The act of circumventing a TPM is, again, legally very difficult. In order to root the software, the end- user inevitably needs to circumvent a TPM. Works in digital form often consist of two separate elements. (1) a software, embodied in a chip, and (2) an animated audio-visual display that the software projects on to the screen of a PC. The circumvented TPM protects both the code and the generated output, which could be copyright protected. This means that both provisions of the InfoSoc Directive and SW Directive apply.176 This makes it legally extremely difficult for end-users to circumvent a TPM. This regime gives the rights-holder the choice to base their claims in the norm most favourable to their interest and disregard norms of other regimes. However, at the same time, as we can see in the table above, there are some possibilities available for end-users. The SW Directive, being a lex specialis, does not forbid tinkerers in manufacturing or possessing TPMs.177 The SW Directive and InfoSoc Directive do not use the same wordings regarding TPMs, which should create possibilities for end-users. The SW

171 May (2006), p. 130. 172 InfoSoc Directive, article 6(1). 173 InfoSoc Directive, article 6(2); Software Directive, article 7(1)(c); CAD, article 4. 174 Vantsiouri (2012), p.9. 175Ibid, p.18. 176Ibid, p.22. 177Ibid, p.23.

41 Directive concerns the possession or distribution of “any means the sole intended purpose of which is to facilitate the unauthorised removal or circumvention of any technical device which may have been applied to protect a computer program” and does not mention anything about proportionality.178

178 SCL, ‘’Game Over for Excessive TPM? The Nintendo Ruling’’, (3 February 2014).

42 4.2.3 Open Source Licensing After having talked about the restrictiveness of the proprietary license in chapter 3, this chapter will discuss Open Source Licenses (OSL) and Open Source Software (OSS).

4.2.3.1 Open source software After a first step was taken in the 70s in the direction of a public oriented software exploitation model, it took 20 years until a global model was really born. The so called ‘open source movement’ is internationally supported by the Open Source Initiative (OSI), a private organization based in California.179 Well-known OSL examples are created in these Open Source communities, like Apache and MIT license180 These developer communities sometimes consists of thousands of people who live across the globe, who, via the Internet, work together on the development and improvement of open source products and licenses. An important feature of OSS is the distribution of the source code. In this way, developers can build on the source code of other people's software. The advent of internet has vigorously promoted the possibility of online software development by the global community of programmers. The OSS is created based on the principle of “peer production” and “peer review”.

Next to developers, open source attracts attention from scholars in the legal field.181 It is relevant to emphasize that OSS is basically no special kind of software. OSS may also be subject to copyright protection, just like non-OSS. The fact that OSS can be protected by copyright does not mean that each individual contribution is also protected by copyright. It is therefore necessary that such individual contribution of a person from the community meets the copyright criteria of a work.182 The OSI even recognizes the importance of copyright tools to increase the freedom of users and developers as much as possible. Copyright, according to OSI, is used as a means of creating freedoms.

In practice, open source licenses exist in numerous variations. OSS is also more than just a collective name of types of software whose source code is available for the customer. However, the mere fact that the source code is available to the customer does not make the software open source software. It can be said that the core of the OSS model is that everyone may freely make use of relevant software and its source code, with or without the aim of further developing the product and improving it in favour of himself and the community, with due respect to the rules and conditions of the OSS license.183

4.2.3.2 Variety of open source licenses OSI is a well-known OSL organisation which took stock of several dozen licenses.184 The latter include licenses of well-known and internationally operating software companies.185 Software can be licensed under an open source software license, which first has to be approved by OSI. These requirements are only minimum requirements and in practice numerous OSS licenses contain different conditions. The minimum requirements are:

1. Free distribution 2. Open Source Code 3. Derived works 4. Integrity of the Author’s Source Code 5. No Discrimination against persons or groups 6. No Discrimination against fields of Endeavour 7. Distribution of License

179 "About The Open Source Initiative | Open Source Initiative". Opensource.org. 180 Van Wendel de Joode (2005), p. 82. 181Koelman (2002), p. 21-29. 182 Struik/van Schelven/Hoorneman (2010), p. 60. 183 Ibid, p. 61. 184 “Licenses by Name | Open Source Initiative". Opensource.org 185 "The License Review Process | Open Source Initiative". Opensource.org.

43 8. License must Not Be Specific to a product 9. License must not restrict Other software 10. License must be technology neutral186

Other examples of worldwide used licenses are the "GNU General Public License" (GPL), the "Lesser General Public License" (LGPL) and the "Apache License". These licenses include the conditions under which the licensor provides the software. Many of these OSL’s have the character of a so-called "click- wrap license" or "mouse click-licenses". The licenses are not intended primarily to protect the licensor but to protect the community of users and developers. The licenses, however, are primarily aimed at contributing to the freedom to copy software, change it, and distribute it in a modified or unmodified form. The substantive differences between all these licenses can sometimes be large. Some licenses impose restrictions on further commercial use. The legal quality and enforceability of certain obligations and restrictions is therefore questionable in some licenses.187

4.2.3.3 The copyleft effect Within the OSL one can distinguish between licenses with and those without the so-called copyleft effect. This effect means that the licensee enters into either more or less stringent obligations when they adjust the resulting OSS and then spread the software to third parties. The end-user has to spread the OSS in the OSL including the same obligation to the other party. A further distinction can be made among these copyleft licenses between licenses with a strong copyleft effect and those with a weak one.

A license with strong copyleft effect places the licensee under the obligation to indicate that the adjusted or expanded OSS can only be released to the public in the form of an open source. This requirement has a twofold implication: the licensee, when spreading the software, will have to release the source code of their own work, and they should have to apply the same license conditions as they acquired the open source software with. The copyleft requirement here is a consideration for the acquisition of the right to use the OSS. A licensee is thereby generally not required to provide the part of software edited by him to third parties; he may also choose to use the software for his own usage. However, should the licensee choose to distribute the software, all the changes need to be in the same copyleft license. An example of a OSL with a strong copyleft effect is the GNU GPL license.

OSLs with a weak copyleft effect exist in many variants. These licenses also oblige the release of modifications and extensions in the same form, but the scope of the so-called "viral effect" is often severely limited under these licenses.188 The viral effect does not extend to all developments in the OSS, which makes the use of these OSS less risky for developers.189 OSS with a weak copyleft effect are often used for the creation of software libraries. Through this way software can be linked to the library and redistributed without having many legal complications. Mozilla Public License and the GNU Lesser GPL license are examples of OSL’s with a weak copyleft.

The copyleft license is the opposite to the open source license with so-called "non-copyleft", which means that the modifications do not necessarily have to be distributed as open source software. The licensee under a non-copyleft license is free to choose in which form to exploit the open source software and its own modifications and extensions thereof are in the form and under the conditions that he considers desirable. The end-user is not required to handle or give the source code of his own developed work. However, sometimes the exploitation is not unlimited. Some copyleft licenses oblige, for example,

186 "The Open Source Definition | Open Source Initiative". Opensource.org, (n.d.) 187 Struik/van Schelven/Hoorneman (2010), p. 63. 188 An open source license with copyleft effect can cause that the developer who uses the software, may be bound to make public the source code of which he himself did develop. That is the case as the result of its developed work constitutes one of the open source derivative works. 189 Struik/van Schelven/Hoorneman (2010), p. 62-63.

44 that the names of previous authors should be mentioned or liability is excluded for software defects towards customers/users. A copyleft license does not always prohibit that the relevant open source software and the works derived from this software are merged into one package and that the exploitation of the whole takes place as if it were a classical closed source software. The greater the flexibility that the non-copyleft licenses allows leads the licensee to distribute the relevant open source software in conjunction with other open source software, for instance by using a different type of open source license.190

4.2.3.4 Maintenance of open source software The choice to use open source software is often motivated by the desire not to be totally dependent on future maintenance of the product by one bad party. This is the exact reason end-users often choose for an OSS under a OSL. According to some, a certain dependency exists when the creator of a proprietary software has a maintenance policy that is based on periodic releases of the software. In this case, the user of the software, for the required fixes, will have to wait until the arrival of a later release, hoping that the errors in the software are repaired effectively. The dependence is clearly demonstrated when the creator dies or goes bankrupt and no other party can continue the upkeep. By choosing open source software such forms of "vendor lock-in’’ may be prevented. The idea is that the maker makes available the source code of the software to the user so that he can improve or let be improved, without limitations. This includes the detection and correction of design and development errors. Moreover, there appear to be many open source software programs that are maintained by a community of programmers. If the user cannot solve the problem by himself, he may submit his problem to the members of such open source communities.

As indicated earlier, there are many open source licenses. These licenses do not form any obstacle in the way of correcting errors in the software or recovering and taking the amended software in use. Correcting errors takes place on the provided source code, and is often part of a more comprehensive modification-right that is given in the license contract. The license contract often also imposes on the licensee certain obligations if they modify the software or let it be modified by someone else. The requirements usually include whether, and if so how, the licensee must also provide improvements to the licensor or otherwise how to make it publicly available.191 To give an example, take the GNU GPL version 3 license. GPL v3 specifies that the user is entitled to make changes to the software provided to him (this can be compared somewhat to the Public License of the European Union (EUPL version 1, 2007)). To this end, the error fixing in the context of "bug-fixing" should also be counted in. The user is entitled, in accordance with the license, to use the modified software itself, without having to pay a fee to the licensor. An obligation to publish the changes and improvements, or to provide them to the licensor, cannot be found in GPL v3. The user can then choose to keep the custom software entirely in- house. However, if the user does decide to distribute the software adapted by him, he is held to do the so under the GPL v3. Failure to use this license must be seen as a form of breach of contract under the license agreement. Another requirement under GPL v3 is, that distribution of the modified software must show the name of the party who made the changes in the software. This can be done in the form of a "copyright notice".192

4.2.3.5 Tivoisation Tivoisation is a term coined by Richard Stallman. He referred to TiVo’s use of the GPL licensed software on the TiVo brand digital video recorder which blocks users from running tinkered software on its

190 Ibid, p.64. 191 Ibid, p. 209. 192 Ibid, p. 210; and “The GNU General Public License V3.0- GNU Project - Free Software Foundation", Gnu.org.

45 hardware.193 According to Stallman this practice rejects some of the fundamental freedoms that the GPL license was intended to protect.194

Tivoisation is the act that certain machines have embedded software inside them which under the terms of a copyleft software license you cannot modify, because the machine shuts itself down if it detects other modified software. The motive that the hardware manufacturer has is that he knows certain features of the software will be changed by users, and seeks to stop people from changing the software. These hardware manufacturers benefit from the freedom open source software provides, but do not let you benefit in turn.195 The Free Software Foundation calls these hardware ‘tyrant devices’.196 Tivoised products are a large hurdle for end-users. The manufacturers are using the free and open source software in order to compile their software and once on the market they close it up from others to tinker with. As mentioned above, this goes against the principles of open source licensed software. The rule states that other end-users can modify the code to their own preferences. GPL v3 license addresses tivoisation, however, most OSS software are still licensed under the older GPL v2 license.

4.2.3.5.1 The GPLv3 anti-Tivoisation provisions In version 3 of the GPL license, GNU devoted considerable amount of attention against tivoisation. The GPL v3 first added new terms such as “Users Product” and “Installation Information.”197 These new terms are then used in the anti-Tivoisation provisions:

“If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterised), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM).”

In other words, if a GPL’d software is used in a domestic or consumer item, the distributor must provide the source code and the installation details for the User Product.198

4.2.3.5.2 Court cases regarding anti-Tivoisation The German open source activist Harald Welte sued several companies to draw attention to non- compliance with the GPL license terms. The first case was Welte v. Sitecom Germany GmbH, in which Sitecom distributed a netfilter open source networking software, which can be considered as a firewall that kept out unwanted traffic.199 The court in Munich agreed with Welte, who was also one the writers of the code, and granted the request for a preliminary injunction to stop the distribution of the netfilter for non -compliance with the license.200 The second European case was also in Germany, against Skype.201 Skype was selling mobile phones equipped with software under the GPL license without granting everyone access to the source code. Under the legal pressure Skype included a flyer in every

193 “Why Upgrade to Gplv3- GNU Project - Free Software Foundation", Gnu.org, (n.d.) and "Frequently Asked Questions About The GNU Licenses- GNU Project - Free Software Foundation". Gnu.org, (n.d.). 194 "[Info-Gplv3] Gplv3 Update #2", Gplv3.fsf.org, (8 February 2006). 195 “Why Upgrade to Gplv3- GNU Project - Free Software Foundation", Gnu.org, (n.d.) 196 "Proprietary Tyrants - GNU Project - Free Software Foundation". Gnu.org. (n.d.). 197 GPL v3 license, section 6 (conveying Non-Source Forms). 198 Bickerstaff/Runsten, “Tivoisation and the open source debate”, (2 June 2008). 199 Landgericht München I, 2004-05-19, Case No. 21 O 6123/04, “Welte./. Sitecom Deutschland GmbH “ 200 Bickerstaff/Runsten, “Tivoisation and the open source debate”, (2 June 2008). 201 Landgericht München I, 2007-07-12, Case No. 7 O 5245/07,” Welte./. Skype Technologies S.A.”

46 sold package with a link where the source code could be found. However, the court in Munich still found Skype violating the GPL license, because they were not including the GPL license itself. The court rulings made clear that companies cannot simply sign licenses without taking them seriously. The new GPL v3 and its new regime means that companies have to pay more attention to whether the open source material is included and which version applies. The latter one is because v2 still applies parallel to the new v3.202

4.2.4 Does Open Source Licensing create opportunities for end-users? In chapter 3 with proprietary licenses we saw that article 6 of the Software Directive says that only licensees and third parties acquainted by the licensors have the right (within a set of constraints) to accept the software reverse engineering with the goal of interoperability.203 This is an example of one of the many limitations that is possible with a proprietary license.

It is therefore understandable why the Open Source community is so big. After doing research into every possible intellectual property law, the open source license seems to provide the friendliest way for rooting software. To give some pro’s about OSL’s: First, OSS is most of the time free of charge and you can find a substitute of almost every software which is licensed under a proprietary license. Second, it is continuously evolving and developing because so many people have the source code, which leads to less bugs. Third, using OSS means you are not stuck to the vendor’s operating system, you can change whenever you like. Fourth, you can change the OSS to your own preferences, or even your own business requirements. This is not possible with a proprietary license. However, it also has some cons. First, OSS is not commercialised therefore it is hard to make money. OSS evolves in the way the developer wishes rather than in the needs of all the end-users. Second, connecting with the first con, it is less “user friendly” and more difficult to use because of its specificity. Third, although there are many people to fix bugs, at the same time it means that malicious users can exploit these vulnerabilities.204 After having weighed up all the pro’s and con’s it still remains the most favourable way for rooting purposes. There is no other platform which grants so many possibilities, with minimum limitations. Just like in the other subchapters, the table below shows the possibilities for end-users. The table shows the three most used OSLs, namely, MIT (28%), GNU GPL v2 (20%), Apache (16%).205

Group G1 Group G2 Group G3 Group G4 MIT license Yes Yes Yes n.a. GPL v2 Yes Yes, under the Yes, under the n.a. same license same license Apache license Yes Yes, under the Yes, under the n.a. same license same license

202 Bickerstaff/Runsten, “Tivoisation and the open source debate”, (2 June 2008). 203 Struik/van Schelven/Hoorneman (2010), p. 293. 204 R. Bridge, “Open Source Software – The Advantages and Disadvantages”, (4 November 2013). 205 Black Duck Software, "Top Open Source Licenses | Black Duck”, (n.d.)

47

4.3 Patent law exceptions The EPC is useful when considering the application of a patent. After the granting procedure it is up to Member States to take care for any disputes that may arise in a later stage. It is therefore more useful to switch to the legislation of the Unified Patent Court agreement (UPCa). The UPCa will largely consolidate EU patent litigation, a so called one-stop shop. The verdicts of the UPCa will have large effect in all participating EU Member States. This subchapter will analyse the exceptions in this agreement.

4.3.1 Article 27 Unified Patent Court agreement One of the general exceptions of the UPC Regulation can be found in article 27. In paragraph (a) the household exception can be found for acts which are done privately or for non-commercial purposes. Paragraph (b) provides an exemption for experimental purposes relating to the subject matter of the patented invention.206 These two exceptions are common in national laws, although their scope can vary per country. By saying ‘’purposes relating to the subject matter’’ the UPC openly tries to limit the scope of experimental purposes.207

The scope of the research exception is also of great importance for software-related patents. The question is whether a company which has access to a software package that is covered by a patent is free to observe the functioning of the program, study, and test it, in order to determine which ideas and principles are the important underlying elements of the program, or reverse engineer the patented software package in order to achieve compatibility with another software package, or for other purposes.208

Next to these exceptions, a new exception regarding interoperability is implemented in paragraph (k). This exception is not common practice in all Member States and could therefore be considered as limiting to some end-users. This exception introduces a new exception to patent infringement that reflects copyright exceptions in articles 5 and 6 of the SW Directive relating to interoperability and decompilation.209 At the same time, this new exception is also seen as a concern for ICT sectors and high-tech companies because the scope of this exception is very unclear. A strict understanding could mean that acts carried out within the scope of article 6 of the SW Directive will not constitute an infringement. A safeguard in this situation would be that the SW Directive only allows acts of decompilation when it is essential to achieve interoperability with other software. Another way to interpret the exception could be that paragraph (k) introduces a new exception only relating to interoperability information. Time will tell if the UPC will interpret this exception strictly or broadly.

4.3.2 Article 28 Unified Patent Court agreement Another limitation of the exclusive patent rights is the so-called right of prior use which can be found in Article 28 UPCa. The possibility exists that a person invents something without applying for a patent, after which someone else, independently invents the same invention and does apply for a patent. If the first inventor didn’t make the invention public, it will not form a hurdle for the applicant in requiring a valid patent.

With respect to software-related inventions, such situations could occur easily. The possibility exists that within the IT world well-known problems are solved by two IT companies independently and in the same way. When end-user A invented a software invention, and he used it, before IT company B for the

206 Nari (2015), p. 18. 207 Ibid. 208 Ibid, p.19 and Struik/van Schelven/Hoorneman (2010), p.468. 209 Ibid, p.19.

48 same solution applies for a patent on the same solution in the Netherlands, end-user A remains authorized to perform acts of exploitation in respect of his software-related solution. To appeal successfully on the prior-use exception, end-user A must not only demonstrate he invented the invention, but should also have actually used it in, or for, his business. The existence of an intention of end-user A to manufacture can even be sufficient, provided that he proves that for the date of the patent application by B, end-user A already made a start of execution or manufacturing the product that is subject to that patent application. Pre-user A is not allowed to derive the invention from B. If B for example made an advanced computer program, which is partly decompiled and integrated in the invention of end-user A, then there is no possibility for A to use the prior-use exception because his science is derived from the expertise of B.210

The prior-use exception will rarely be successful or used by end-users. This is probably due to the fact that it is difficult for the pre-user to prove his position as a pre-user, both where it concerns time and scope of the invention. Nowadays, it will be easier for software-related inventions as relevant dates are electronically recorded. The inventive end-user should also have used this invention for his “business”, which is almost never the case. Nevertheless, it would be useful to register the invention at an I-depot to at least have evidence.211

4.3.3 Article 29 Unified Patent Court agreement: Exhaustion The UsedSoft decision, as discussed in chapter 3.1.2.3, for the first time answered the question if downloaded software can be freely traded under the principle of exhaustion. The court answered with a clear yes, at least for copyright law. But as we know, software can also be protected under patent law. The UsedSoft case did not clarify whether the principle of exhaustion can also be applied the same way to other intellectual property rights such as patents on (embedded) software. Consequentially, UsedSoft can only be used in cases of copyright infringements as such, accordingly, it does not exclude that a particular software is burdened with a patent right.212 If there would be a possibility for national courts to apply the decision made in UsedSoft to patent rights, based on article 34 Treaty on the Functioning of the European Union (TFEU), you still have to be cautious and pay great attention to the details. The defendant faces the burden of proof as to whether the rights actually are exhausted in a specific software copy.213 In the German national circumstances underlying the UsedSoft decision, this burden was too high for the defendants.214 Furthermore, patents on computer related inventions are in many cases not just directed to the software, but also for the method patents or device patents. For method patents, there is no established principle of exhaustion.215

Moreover, many of the claims in patents are focused on the hardware device with software that is embedded which leads to an inventive functionality. The claims in these occasions often mention components that relate to hardware, for instance the monitor, the RAM, or the CPU. These hardware components are bought from other parties than from which the software was. This means that infringement takes place the moment the patented qualities are installed on a hardware device, because, by installing the software, the hardware gets the qualities and functionality of the patented invention. Would this mean that if the hardware mentioned in the claim is not bought from the rights holder the exhaustion principle was never applicable? To give an example, consider the US Supreme Court decision in the case of LG vs. Quanta.216 The US Supreme Court ruled that every authorised sale of components counting all necessary elements of the invention can lead to exhaustion, equal if extra

210 Struik/van Schelven/Hoorneman (2010), p. 469. 211 The Benelux Office for Intellectual Property for example, offers the opportunity to have some knowledge about filing documents, formats, ideas to obtain a date for evidence purposes. 212 D. Kamlah/ M. Hulseweg, “TaylorWessing: Exhaustion of ‘software’ patents”, par. 1, (n.d.) 213 Ibid, par. 2. 214 GRUR 2014, 264 – "UsedSoft II", Munich Court of Appeals, MMR 2008, 601. 215 e.g. German Federal Court of Justice, GRUR 1980, 38 – "Fullplastverfahren". 216 (Quanta Computer Inc. v. LG Electronics Inc.) 553 U.S. 617 (2008).

49 works mentioned in the claim are added later.217 Nevertheless, this doctrine has not been suggested in the European courts. Therefore, one still has to rely on a defence of exhaustion if, and only if, all relevant features mentioned in the claim are bought from the rights holder or third parties whom are authorised by the patentee.

The general principle of exhaustion is now implemented in both the UPCa218, as well as in the Unitary Patent Regulation (UPR)219. The UPR talks about exhaustion of a unitary patent, while the UPCA talks about exhaustion of a European patent. This means, as article 2(e) of the UPCa states: “a patent granted under the provisions of the EPC, which does not benefit from unitary effect by virtue of Regulation”. In turn, this means that a non-EU EPC patent, as well as opted out patents, would be all covered by the EU principle of exhaustion. In normal words: article 6 UPR and article 29 UPCa decide that all patents within Europe fall in the exhaustion regime of the Europe Union.220

4.3.4 Does the Unified Patent Court agreement create opportunities for end-users? Patent law seems to be a good method for the European legislator to control the exceptions of executing the functionality of software. This can be deduced from the broad patent claims and the extension of protectable subject matter to very abstract concepts. The arrival of the new UPCa and the UPR could create some new possibilities to end-users. Personally I think there is high likelihood the new UPCa and UPR is most likely to continue being supportive of firms. After the uncertainty created in the Bilski and Alice cases in the US, the EU will definitely boost EU software patent reforms in order to gain a market advantage above the US.221 With the failed EU Directive on the patentability of Computer Implemented Inventions of 2005 in the back of their mind, the UPCa and UPR will probably simplify the patent procedure regarding software. However, it is hard to predict what the final outcome will be for end- users. The reason for this being that European patents were always enforced at a national level, on a per-country basis. The Unified Patent Court is going to judge on a European scale, which is hopefully the beginning of uniform patent law within Europe.

With just the legal text of the UPCa the exceptions in articles 27, 28 and 29 UPCa are likely to be interpreted strictly. Article 27(K) could be useful for an end-user if his/her aim is interoperability with an another computer programme because of uncertainty of its scope. But again, uncertainty also means uncertainty for the end-user. Article 28 is also mostly unlikely to contribute much to end-users. The only possibility could be that an end-user found a solution, which is not published, and an IT company finds the same solution and applies for a patent. This would (only) allow the end-user to continue exploiting this functional solution. Even if the end-user decides to make his solution public, after the IT company applied for a patent, he has to prove that his solution was made before the application of that IT company. Article 29, the exhaustion principle, is the only real stand-alone opportunity for end-users. Regarding software, the patent exhaustion rule is broader than the copyright exhaustion rule laid down in Article 4 paragraph 2 SW Directive. Unlike "first sale", the UPCa talks about “putting into circulation”, which is somewhat broader than “first sale”, as the other forms of transfer of ownership are also included. ‘Putting into circulation’ of a product by, or with, the consent of the patent holder aims to exhaust the control over commercial use, sale, and offering for these purposes, importing or keeping in stock. “Manufacturing” is not included. Even after the patentee has brought a copy of the patented

217D. Kamlah/M. Hulseweg, TaylorWessing: ‘Exhaustion of "software" patents’, par. 5, (n.d.) 218 UPCa, article 29. 219 UPR, article 6. 220 Nari (2015), p. 16. 221 In the Bilski case the US Supreme Court forgot to comment whether a “machine apparatus” to cover a computer, which would make most of the computer programs not patentable and conflicting with elder cases. However, in 2010 the US Supreme Court reversed its decision slightly that the test used during the first case is just a useful and important clue, just an investigative tool.

50 software into circulation he could prohibit the transferee to “manufacture” that software. This raises a question for those cases where the patentee is also the copyright owner of the software. For instance, if copyright permits a “reproduction” by the lawful acquirer (e.g. use for the intended purpose), would this constitute the prohibited act of manufacturing according to patent law?222 Probably this would be a temporary copy and will necessarily occur with the use of that software. I therefore believe that such reproduction cannot be regarded as a prohibited act of 'manufacturing' of the patented product.

In summation, the European legislator didn’t leave much space in the exceptions regarding rooting activities. It is really hard to find a clear exception which forms a solid base for rooting activities. This has largely to do with the overlap of copyright law, and the uncertainty there is about the new UPCa and UPR. This results in the following table with possibilities for end-users under the UPC agreement: Group G1 Group G2 Group G3 Group G4

Art. 27 UPC Yes, if par. (a) or Yes, if par. (a), (b) Yes, if par. (b) or (k) n.a. (b) or (k) or (k)

Art. 28 UPC Yes, if end-user Yes, if end-users Yes, if end-user can n.a. can prove he can prove he prove he made the made the made the invention earlier invention earlier invention earlier than patent than patent than patent applicant applicant applicant Art. 29 UPC: Yes. Yes. Yes, unless there n.a. Exhaustion are legitimate grounds for the patent proprietor to oppose further commercialisation of the product.

222 Struik/van Schelven/Hoorneman (2010), p. 464.

51 4.4 Trade secret law exceptions The new Trade Secret Directive has, for the first time, tried to protect journalists and more important, whistle-blowers.223 This should mean that whistle-blowers can enjoy protection and reveal their findings without facing hurdles, but is this true? The exceptions in the Directive are harmonized under article 5 of the ETSD. This provision provides a harmonised list of actions which are considered as unlawful acquisitions, but are also ways in which trade secrets could be acquired lawfully. Moreover, recital 16 and article 3 give an extra exemption for independent development and reverse engineering. In the case of independent development, to foster competition, there is no unlawful acquisition. The same applies for reverse engineering of lawfully acquired products, which should be considered as a lawful means to acquire information.224

It is noteworthy that trade secret law has to be approached differently than other legal regimes. Whereas in copyright and patent law the focus was on the actual act of changing or modifying software, in trade secret law the focus is not particularly on the act of tinkering. The focus lies on the discovery of flaws and wrong (source)code and making it public, so called “whistle-blowing”. In order to find these possible flaws one has to “open up” the software, which is done by retrieving the code. This goes hand- in-hand with revealing the actual source code of the software, which causes the trouble. In many cases the source code itself is the trade secret. Although Recital 20 of the Directive states:” The measures, procedures and remedies provided for in this Directive should not restrict whistleblowing activity”, it adds in the last sentence “This should not be seen as preventing the competent judicial authorities from allowing an exception to the application of measures, procedures and remedies...”. Therefore, groups G1, G2 and G3 (as discussed in chapter 2.1) will not be seen as stakeholders in this chapter, chapter 4.4 will be dedicated to group G4.225

4.4.1 Article 5(a) and (b) European Trade Secret Directive The exception in paragraph (a) relates to the right of freedom of expression and information, including the freedom and pluralism of the media. The legislator, in line with article 1(2) and Recital 19, wanted to guarantee that the ETSD would not restrict fundamental rights. More precisely, the practise of (investigative) journalism and the protection of their sources. Balancing fundamental rights has always led to conflicts and will certainly continue to be the main topic of discussion. However, this paragraph must be welcomed in relation to the controversies of private information requests and large companies.226

Paragraph (b), together with Recital 20, embodies the protection of whistleblowing. Like the protection of investigative journalism, whistle-blower protection endured a lot of criticism during the negotiations of the new ETSD. The final text determines that if the acquisition, use, or disclosure, was done for revealing misconduct, illegal activity or wrongdoing, it shall be exempted, if its purpose was to protect the general public interest.227 Recital 20 states that the misconduct must be in direct relevance with the trade secret, while at the same time, allows authorities to extend the security of whistleblowing activities to cases, in which art. 5(b) is not fulfilled, but where the accused had acted in good faith believing that his actions could fall under this exception. The question remains what constitutes “public interest” and if this issue will be solved on national or EU level. Additionally, the ETSD also fails to give definitions for important terms like “misconduct” and “wrongdoing” resulting in uncertainty and ambiguity for whistle-blowers who want to make their findings public. Parallel the protection journalists enjoy from prosecution, whistle-blowers have lesser protection. This is due to the fact that their

223 ETSD: Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure (1). 224 ETSD, article 3(1)(a). 225 The definition of the groups can be found in chapter 2.1 226 Cook (2014), p. 56. 227 Junge (2016), p. 69.

52 protection does not arise on its own; they first need to fulfil the protection criteria. It has to be seen if the newly adopted versions are sufficient enough to encourage whistle-blowers to go the public with their findings.228

4.4.2 Article 5(c) and (d) European Trade Secret Directive Article 5(c) improves the protection for workers and their representatives. The provision specifies that “disclosure by workers to their representatives as part of the legitimate exercise by those representatives of their functions...” will be dismissed, given two conditions are fulfilled. First, the disclosure has to be in accordance with national or Union law. Secondly, the disclosure has to be necessary for performance of the workers’ function. What is to be considered necessary is not defined in the Directive. This is left to the Member States until the CJEU will give more clarification about the matter.

Finally, paragraph (d) integrates a seemingly ‘too broad’ “catch all” provision permitting an exemption to the protection of trade secrets, with the aim of protecting “…a legitimate interest recognized by Union or national law”. The provision does not give any clarification as to what to consider as possible legitimate interest, nor does it give indications as to what should be covered.

4.4.3 Does the European Trade Secret Directive create opportunities for end-users? Although the ETSD seems to provide exceptions for whistle-blowers, it is doubtful what the actual meaning will be of these exceptions. Article 5(a) and (b) state that acts of acquisition, use, or disclosure of a trade secret carried out in the exercise of freedom of expression, or for protecting the general interest, will be dismissed. It is up to Member States and courts to decide the scope of “freedom of expression” and what to consider “general public interest”, as the Directive gives no indications. Article 5(c) states that there is no infringement in the acquisition, use or disclosure, if the secret was disclosed by workers to their representatives as a part of the legitimate exercise of their representative functions, but adds “provided that this disclosure was necessary for that exercise”.229 Paragraph (d) states no further proceedings will be taken and measures will be dismissed in cause of protecting a legitimate interest recognised by Union or national law. What a possible legitimate interest is however is up to Member States to decide.

It is clear that the exceptions are made in a broad and open manner as to include as many situations as possible. The legislator granted Member States and their courts sufficient space to determine the scope of the exceptions, by not only referring to EU law but also national law. This could lead to discrepancy within Member States. By drafting the exceptions in such a broad and general manner, this allows Member States to either limit the scope of protection granted for trade secrets or limit the scope of the exceptions.230 Until these questions are solved the level of protection will vary within the EU, which is disadvantageous for whistle-blowers who want to go public with their findings.

This chapter looked only at the possibilities for group T4, resulting in the following table: Group G1 Group G2 Group G3 Group G4 Art. 5(a) + (b) n.a n.a. n.a. Yes, for exercising ETSD the right to freedom of expression and information, or for the purpose of

228 Ibid, p. 70. 229 The European Commission felt a need for this exception as a consequence of Directive 2002/14/EC. 230 Junge (2016), p. 71.

53 protecting the general public interest Art. 5(c) + (d) n.a. n.a. n.a. Yes, provided that ETSD such disclosure was necessary for that exercise, or, for the purpose of protecting a legitimate interest recognised by Union or national law

54 5 Conclusion This research showed how supportive the current European IP-regime is for end-users who want to root or modify the software of their hardware. After the introductory chapter the research started with a chapter which showed the importance of having the opportunity to root your software. From the 1980’s onwards, the technological developments mankind has made are incredible. This too applies for intangible products, like software, and partly intangible products, like embedded software. This same rapid development of intangible products has made the users of these software vulnerable to possible flaws and errors. It is no longer possible, like in an old Discman, to open and discover the potential flaw. Users are more increasingly dependent on the software that is pre-manufactured by big tech companies. Technology has become such a fundamental and decisive factor in daily life, that the law should provide certainty over the modification or tinkering of software. The third chapter intended to show the legal obstacles which are hindering end- users from rooting their software. The exclusive rights in the SW Directive grant copyright holders sufficient guarantees to block end-users. The paracopyright obstacles that are put in place merely protect what is protected under copyright. Relating this to software often means through TPMs which enforce license agreements on end-users complying to copyright rules. TPMs are the first hurdle faced when rooting software. The SW Directive has a specific provision regarding the circumvention of TPMs which intends to prohibit those means which facilitate the unauthorised removal or circumvention of any technical device which may have been applied to protect software. Contractual license agreements are the second analysed paracopyright obstacle. They seem to be the biggest hurdle for end-users. There are almost endless possibilities for the licensor to write down their wishes in a license agreement (if compliant with national contract laws). The licensee has often no option other than to accept these terms in order to fully use the software. The same applies for patent law, where patent holders are granted sufficient rights to block end-users. The possibility of having copyright protection and patent protection for the same software makes it almost impossible to root or modify (embedded) software. The new European Trade Secret Directive did not add much to the protection of the rights holder by granting them exclusive rights, but blocked the possibility of publicising possible flaws and errors, which goes hand in hand with exposing the source code of the software.231 The research ended with a chapter showing the possible opportunities for end-users, which followed the same order as in chapter three. The Software Directive grants some implicit exemptions. The exemptions are not that useful alone, but when combined they could provide for a certain legal base to root software under copyright law. The exceptions in articles 27, 28, 29 Unified Patent Court agreement does not seem to provide sufficient information for end-users. It is only a matter of time until the Unified Patent Court provide greater certainty about these exceptions. The overlap off different laws will make it very hard to root or modify software. There is a high chance that the act of purely rooting is not considered to infringe patent law, but the same act could be infringing in copyright law. In addition, the new ETSD tried to address, for the first time, the act of whistleblowing. Although the text of the final version seems to provide some space in article 5, the wording remains too broad in order to be certain.

231 Picture originating from Myska, M. (2010, fall). “Software Protection DRM & Law” [slide 12/25].

55 Therefore, Open Source Software licensed under the various Open Source License seems to be the best option for end-users. Despite that the OSL is no remedy for modifying popular software which is owned by big tech companies, many equal OSS exist which are almost identical to these popular software. You choose an OSL based on your own criteria or ethos, which makes it a very attractive choice for OSS. Concluding, this research has made clear the European IP-legislation is not very supportive when rooting or modifying software. The fragmented legislation that applies to the software sector makes it incredibly lucrative for big tech companies. The OSL is the best playground for users that want to modify their software. Changing laws would not solve any problems or create possibilities on short term, therefore, a better approach would be to incentivize open sourcing of software components, as per Chris Finan. However, we also need a solution on the long term. The situation we are in now is where on one side you have the overwhelming power right holders have, and on the other, the poor situation that end-users find themselves. It just took a few decades for technology to become such a crucial and important aspect of daily life and following this pace it will not be long before it totally controls our daily lives. Users have little choice other than to accept these technologies, because everything and everybody in their surroundings accept these technologies. End- users are losing more control and overview over these technologies which have come to shape our daily lives. This research showed why greater and clearer possibilities for rooting, jailbreaking, tinkering, and modifying software should be put into law. The big question is: how are we going to do this? Personally, I think we are in a too early stage to come up with final solutions for this problem. Public debate is a good starting point to boost possible reforms. Parties first need to monitor every aspect of these technologies in order to determine how intrusive and crucial these technologies have, and will, become. In order to accomplish this, again, we need to open up software. This demands a close collaboration between the developers/rights-holders, the end-users and every stakeholder in between. The question of how big of a role the government should play in this process is hard to answer. Although the European legislator tried to address these issues in various directives and regulations, making new legislation is a slow process, which allows developers of these technologies to always be two steps ahead. Therefore, self-regulation would be a better option. This type of regulation is already well known in the IT industry whereby organisations monitor its own legal and/or ethical behaviour. However, a possible conflict of interest within such an influential sector seems inevitable when they are asked to police themselves. Long term, this conflict of interest could lead to where we have started, negotiations. However, these debates should not directly mean that the exclusive rights of rights-holders are totally pushed aside. Rather, in order to come to a viable solution, right-holders must respect some general principles. First, the principle of (technological) self-determination. End-users should always be able to determine on their own the manner in which they will or will not take benefit from the technology. This principle goes hand in hand with the right to have equal access (and control) to information. The end- user should be the last person to decide which parts of the software he want to keep, modify or delete. In order to accomplish this, the end-users need to have software that could be repaired, as well as more important information about how to repair or modify the software without infringing any rights. These technologies have come here to stay, and would not be replaced soon or easily. Opening the public debate about these software technologies would be a good starting point. Although this process is known to be slow, this will be the best option in order to map out all the stakes involved and draw out a possible road map which will lead to the best remedy. Enumerated list of possible opportunities for end-users who would like to modify, root, tinker the software of their mobile device:

Group G1 Group G2 Group G3 Group G4

Copyright: Yes No No n.a. Exhaustion

56 Copyright: Yes, if art. 5(1) SW Yes, if art. 5(1) SW No n.a. intended Directive Directive purpose

Copyright: Rev. Yes Yes, if art. 6(1) SW No n.a. Eng. Directive (decompilation)

Copyright: Back- No No No n.a. up copy

Copyright: Yes, if art. 5(1) SW Yes, if art. 5(1) SW No n.a. Adaptation Directive Directive

Paracopyright: Yes Yes Yes n.a. OSL: MIT license

Paracopyright: Yes Yes, if under the Yes, if under the n.a. OSL: GNL GPU same license same license v.2

Paracopyright: Yes Yes, if under the Yes, if under the n.a. OSL: Apache same license same license license

Patents: art. 27 Yes, if par. (a) or Yes, if par. (a), (b) or Yes, if par. (b) or (k) n.a. UPCa (b) or (k) (k)

Patents: art. 28 Yes, if end-user Yes, if end-users can Yes, if end-user can n.a. UPCa can prove he prove he made the prove he made the made the invention earlier invention earlier invention earlier than patent than patent than patent applicant applicant applicant

Patents: art. 29 Yes. Yes. Yes, unless there n.a. UPCa: are legitimate Exhaustion grounds for the patent proprietor to oppose further commercialisation of the product. Trade Secret: n.a. n.a. n.a. Yes, for exercising art. 5(a)+(b) the right to freedom of expression and information, or for the purpose of protecting the general public interest

57 Trade Secret: n.a. n.a. n.a. Yes, provided that art. 5(c)+(d) such disclosure was necessary for that exercise, or, for the purpose of protecting a legitimate interest recognised by Union or national law

58 6 Literature 6.1 Primary sources 6.1.1 Legislation WCT 1996 WIPO Copyright Treaty (adopted in Geneva on December 20, 1996)

TRIPS Agreement 1994 Agreement on Trade-Related Aspects of Intellectual Property Rights. The TRIPS Agreement is Annex 1C of the Marrakesh Agreement Establishing the World Trade Organization, signed in Marrakesh, Morocco on 15 April 1994.

European Trade Secret Directive; ETSD: Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure

Software Directive; Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32009L0024

Conditional Access Directive: Directive 98/84/EC of the European Parliament and of the Council of 20 November 1998 on the legal protection of services based on, or consisting of, conditional access.

InfoSoc Directive: InfoSoc Directive; Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonization of certain aspects of copyright and related rights in the information society. http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32001L0029

Unitary Patent Regulation (UPR) Regulation (EU) No 1257/2012 of the European Parliament and of the Council of 17 December 2012 implementing enhanced cooperation in the area of the creation of unitary patent protection.

Agreement on a Unified Patent Court (UPCA) Agreement on a Unified Patent Court within the European Community. http://documents.epo.org/projects/babylon/eponet.nsf/0/A1080B83447CB9DDC1257B36005AAAB8/$File/upc_ agreement_en.pdf

European Patent Convention 2000 (EPC) The Convention on the Grant of European Patents of 5 October 1973 as amended by the act revising Article 63 EPC of 17 December 1991 and by decisions of the Administrative Council of the European Patent Organisation of 21 December 1978, 13 December 1994, 20 October 1995, 5 December 1996, 10 December 1998 and 27 October 2005 https://www.epo.org/law-practice/legal-texts/html/epc/2016/e/index.html

US Uniform Trade Secret Act 1985 US Uniform Trade Secret Act with 1985 Amendments http://www.uniformlaws.org/shared/docs/trade%20secrets/utsa_final_85.pdf

U.S. Code, Title 17, §1201(g): Title 17 – COPYRIGHTS, CHAPTER 12 - COPYRIGHT PROTECTION AND MANAGEMENT SYSTEMS Sec. 1201 - Circumvention of copyright protection systems https://www.gpo.gov/fdsys/granule/USCODE-2011-title17/USCODE-2011-title17-chap12-sec1201

59

60 6.1.2 Case law 6.1.2.1 European Courts Case C-174/15 (VOB v. Stichting Leenrecht). Judgment of the Court (Third Chamber) of 10 November 2016. Vereniging Openbare Bibliotheken v Stichting Leenrecht. Request for a preliminary ruling from the Rechtbank Den Haag

Case C‑419/13 (All posters/Pictoright) Judgment of the Court (Fourth Chamber) of 22 January 2015. Art & All posters International BV v Stichting Pictoright. Request for a preliminary ruling from the Hoge Raad der Nederlanden. Case C-419/13

C-355/12 (Nintendo Co. Ltd and Others v PC Box Srl) Judgment of the Court (Fourth Chamber) of 23 January 2014 (request for a preliminary ruling from the Tribunale di Milano (Italy)) — Nintendo Co. Ltd and Others v PC Box Srl, 9Net Srl (Case C-355/12)

Case C-128/11 (UsedSoft v. Oracle) Judgment of the Court (Grand Chamber) of 3 July 2012. UsedSoft GmbH v Oracle International Corp. Reference for a preliminary ruling: Bundesgerichtshof - Germany. Case C-128/11.

Case C-406/10 (SAS Institute Inc. v. World Programing Ltd.) Judgment of the Court (Grand Chamber) of 2 May 2012. SAS Institute Inc. v World Programming Ltd. Reference for a preliminary ruling: High Court of Justice (England & Wales), Chancery Division - United Kingdom. Case C- 406/10.

C-5/08 (Infopaq International A/S v Danske Dagblades Forening) Judgment of the Court (Fourth Chamber) of 16 July 2009. -- Infopaq International A/S v Danske Dagblades Forening. Reference for a preliminary ruling: Højesteret - Denmark.

ECJ T-201/04 (Microsoft/ European Commission) Judgment of the Court of First Instance (Grand Chamber) of 17 September 2007. Microsoft Corp. v Commission of the European Communities

ECJ GRUR 1982, 47 (48) – "Moduretik". ECJ GRUR 1982, 47 (48) – "Moduretik".

ECJ 1974, 454 – "Negram II" ECJ 1974, 454 – "Negram II"

6.1.2.2 German courts Bundesgerichtshof Hof 17 July 2013 (UsedSoft II) Bundesgerichtshof Hof 17 July 2013 (UsedSoft II), I ZR 129/08 GRUR 2014, 264 – (UsedSoft II)

Bundesgerichtshof Hof 4 May 2004 (Flügelradzähler) Bundesgerichtshof Ho 4 May 2004 Flügelradzähler –XZR48/03–Flügelradzähler

Bundesgerichtshof Hof 24 Sept. 1979 (Fullplastverfahren). Bundesgerichtshof Hof 24 Sept 1979 (Fullplastverfahren), GRUR 1980, 38, 39.

Landgericht Bielefeld, case No 4 O 191/11, 5 March 2013, (e-books and audiobooks) Case No 4 O 191/11, Landgericht (German Regional Court) Bielefeld, 5 March 2013

Landgericht München I, 2007-07-12, Case No. 7 O 5245/07; Welte v. Skype Technologies S.A. Link: http://www.ifross.de/Fremdartikel/LGMuenchenUrteil.pdf

61

Landgericht München I, 2004-05-19, Case No. 21 O 6123/04; Welte v. Sitecom Deutschland GmbH Link: http://www.jbb.de/fileadmin/download/urteil_lg_muenchen_gpl.pdf English translation: http://www.jbb.de/fileadmin/download/judgment_dc_munich_gpl.pdf

6.1.2.3 Dutch courts HR 31 oktober 2003 (Sara Lee/ Integro). HR 31 oktober 2003, NJ 2006/600 (Sara Lee/ Integro).

HR 29 November 2002, (Una Voce Particolare) HR 29 November 2002, NJ 2003/17 (Una Voce Particolare)

HR 1 mei 1964 (Probel/Parke Davis). HR 1 mei 1964, NJ1964/494 (Probel/Parke Davis).

6.1.2.4 US courts Quanta Computer, Inc. v. LG Electronics, Inc., 553 U.S. 617 (2008) (Quanta Computer, Inc. v. LG Electronics, Inc.) 553 U.S. 617 (2008)

62 6.2 Secondary sources 6.2.1 Books: Albert Jr. (1999): G. Peter Albert Jr and Laff, Whitesel & Saret Ltd.[1999], “Intellectual Property Law in Cyberspace”, The Bureau of National Affairs, Inc. 2nd printing, March 2000.

Bently (2004): Sherman & Bently, “Intellectual Property Law” (2004), (OUP 2004).

Burk (2005): D.L. Burk (2005), “Legal and Technical standards in digital rights management technology, (Pavel 4: Market Regulation and Innovation)”, Fordham Law Review, p. 564-567.

Efroni (2010): Zohar Efroni, “Access-right: The Future of Digital Copyright Law”. (OUP 2011)

Goldstein (2001): P. Goldstein, “International Copyright: Principles, Law and Practice”, (OUP 2001)

Hoeth/Gielen (2014): L. Wichers Hoeth, Ch. Gielen (red.), “Kort begrip van het intellectuele eigendomsrecht”, Deventer: Kluwer 2014.

Kur/Dreier (2013): Annette Kur and Thomas Dreier, “European Intellectual property law: Text, Cases and Materials”, (Edward Elgar 2013)

Lindberg (2008): Lindberg (van),”Intellectual Property and Open Source: A Practical Guide to Protecting Code”, Sebastopol, CA: O'Reilly Media, [2008]

Mallor (2012): Mallor, Jane, ‘’BUSINESS LAW: THE ETHICAL, GLOBAL, AND E-COMMERCE ENVIRONMENT’’, (15th ed.). McGrow- Hill/Irwin. p. 266. ISBN 978-0-07-352498-6.

Maziotti (2008): Giuseppe Mazziotti,” EU Digital Copyright Law and the End-User”, Berlin (2008).

Nimmer (2000): M.B. Nimmer, International Copyright Law, New York: Matthew Benden 1990.

Spoor/Verkade/Visser (2005): J.H. Spoor, D.W.F. Verkade and D.J.G. Visser, “Auteursrecht. Auteursrecht, naburige rechten en databankenrecht”, Deventer: Kluwer 2005.

Struik/van Schelven/Hoorneman (2010): Struik/Van Schelven/Hoorneman,”Softwarerecht”, Deventer (Kluwer) 2010

Struik/Leether (1999): Struik/Leether, “Beschouwingen over milleniumaansprakelijkheid”, uitg. Millenium Platform 1999

Van Wendel de Joode (2005): R. Van Wendel de Joode, “Understanding open source communities. An organizational perspective”, Delft 2005.

63 Visser (1997): D.J.G. Visser, “Auteursrecht op toegang”, (diss. Leiden), Den Haag 1997.

Wulf (1974): W. Wulf,” Hydra: The kernel of a multiprocessor operating system”, SPLINT 1974, 1974

64 6.2.2 (Online) journals/articles: Bakels (2003): R.B. Bakels, “Software: werkwijze of voortbrengsel?” BIE 2003,

Berkvens (1991): J.M.A. Berkvens, G.O.M. Alkemede, “Softwarebescherming: het leven na de Richtlijn”, BIE 1991, p.231-236

Cook (2014): Cook, Trevor,” The Proposal for a Directive on the Protection of Trade Secrets in EU Legislation”, Journal of Intellectual Property Rights, Vol 19, January 2014. http://nopr.niscair.res.in/bitstream/123456789/26513/4/JIPR%2019(1)%2054-58.pdf [accessed 4-10-2016]

Craig/Ron (2005): Craig, Paul; Ron, Mark (April 2005). "Chapter 4: Crackers". In Burnett, Mark. Software Piracy Exposed - Secrets from the Dark Side Revealed. Publisher: Andrew Williams, Page Layout and Art: Patricia Lupien, Acquisitions Editor: Jaime Quigley, Copy Editor: Judy Eby, Technical Editor: Mark Burnett, Indexer: Nara Wood, Cover Designer: Michael Kavish. United States of America: Syngress Publishing. pp. 75–76. http://www.sciencedirect.com/science/article/pii/B9781932266986500295 [accessed 4-10-2016]

De Cock Buning/Ringnalda (2010): M. de Cock Buning, “Maatregelen tegen auteursrechtinbreuk door P2P filesharing, wat leert het Umfeld ons?” (co- auteur A. Ringnalda), AMI Tijdschrift voor Auteurs-, Media- en Informatierecht 2010/1

Dratler (1985): Jay R. Dratler, “Trade Secret Law: An Impediment to Trade in Computer Software”, 1 Santa Clara High Tech. L.J. 27 (1985). http://digitalcommons.law.scu.edu/chtlj/vol1/iss1/1 [accessed last 4-10-2016]

Gunther (1994): A. Gunther, “Anderungsrechte des Softwarenutzers”, Computer und Recht 1994, p.321-328

Heide (2003): Heide, Thomas P., “Copyright, Contract and the Legal Protection of Technological Measures - Not 'the Old Fashioned Way': Providing a Rationale to the 'Copyright Exceptions Interface”, Journal of the Copyright Society of the U.S.A., Vol. 50, 2003. Available at SSRN: http://ssrn.com/abstract=418000 [accessed 4-10-2016]

Heffan (1997): Heffan, Ira V. (1997). "Copyleft: Licensing Collaborative Works in the Digital Age". Stanford Law Review 49: 1490.

Hugenholtz (1982): P.B. Hugenholtz, “Auterursrecht en de Unformation Retrieval”, Deventer 1982.

Johnson (2010): Philip Johnson, ’’Contributing to the wrong: the indirect infringement of patents’’, Journal of Intellectual Property Law & Practice, 2010, Vol. 5, No. 7,

Jones (2005): Pamela Jones, “Software, reverse engineering and the law”, 4 May 2005. https://lwn.net/Articles/134642/ [accessed last 9-9-2016]

65 Junge (2016): Junge, Fabian, “The Necessity of European Harmonization in the Area of Trade Secrets (September 16, 2016)”. Maastricht Faculty of Law European Private Law Institute Working Paper No. 2016/04. Available at SSRN: http://ssrn.com/abstract=2839693 or http://dx.doi.org/10.2139/ssrn.2839693 [accessed last 4-10-2016]

Knaak/Kur/ Hilty (2014) Knaak/Kur/Hilty,” Comments of the Max Planck Institute for Innovation and Competition”, 45 IIC -International Review of Intellectual Property and Competition Law 8 (2014).

Koelman (2002): K.J. Koelman, “Terug naar de bron: open source en copyleft”, Informatierecht/AMI 2000, p.149-155; M.M. Groeneboom,”Software licenties: van closed source tot open source”, Computerrecht 2002, p. 21-29.

Loren (2002): Lydia Pallas Loren, ‘’Technological Protection in Copyright Law: More Legal Protection Needed?’’, International Review of Law Computers & Technology 2002/2, p.133-148.

May (2006): Christopher May (2006), “Digital Rights Management: The problem of Expanding Ownership Rights”

Morton (1985): Kevelson, Morton (October 1985). "Isepic". Ahoy!. pp. 71–73. https://archive.org/stream/Ahoy_Issue_22_1985-10_Ion_International_US#page/n71/mode/2up [accessed last 17-10-2016]

Nari (2015): Lee, Nari, “Adding Fuel to Fire: A Complex Case of Unifying Patent Limitations and Exceptions Through the EU Patent Package (March 16, 2015). Transitions In European Patent Law Influences Of The Unitary Patent Package”, Rosa Maria Ballardini Marcus Norrgård Niklas Bruun (Eds), Kluwer Law International (2015 Forthcoming).. Available at SSRN: http://ssrn.com/abstract=2619113 [accessed last 9-9-2016]

Nigurrath (2006): Shub-Nigurrath [ARTeam]; ThunderPwr [ARTeam] (January 2006). "Cracking with Loaders: Theory, General Approach, and a Framework". CodeBreakers Magazine. Universitas-Virtualis Research Project. 1 (1). A loader is a program able to load in memory and running another program.

Samuelson (2015): Pamela Samuelson, “Freedom to tinker”, 11 May 2015. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2605195 [accessed last 9-9-2016]

Savic (2015): Maša Savič, “The Legality of Resale of Digital Content after UsedSoft in Subsequent German and CJEU Case Law”, Jul 2015 • European Intellectual Property review, 415-416.

Schellekens (2006): Maurice H.M. Schellekens, “What holds off-line, also holds on-line?” in Starting Points of ICT Regulation: Deconstructing Prevalent Policy One-Liners, Vol.9, IT & Law Series (The Hague: T.M.C. Asser Press, 2006)

Spoor (1983): J.H. Spoor, “Boekbespreking”, AMR 1983, nr. 2, p. 35

Struik (2001):

66 H. Struik (2001), “De Software Richtlijn geëvalueerd”, AMI 2001, p.84.

Tjong Tjin Tai (2003): Eric Tjong Tai, “Exhaustion and online delivery of digital works” [2003] E.I.P.R. 207.

Thole (1992): E.P.M. Thole,”Slag om nieuwe Softwarewet is nog gestreden”, Informatie & Informatiebeleid 1992.

Torremans (2015): Torremans, “The Road towards the Harmonisation of Trade Secrets Law in the EU”, 20 Revista la Propiedad Inmaterial (2015). 27-38

Vandenberghe (1988): G.P.V. Vandenberghe, “C ECU A-handvest van de softwaregebruiker en het wetsontwerp 19921”, Computerrecht, 1988, nr. 3.

Van Lier (2009): B. Van Lier,” Luhman ontmoet “The Matrix”; uitwisselen en delen van informatie in netcentrische omgeving”. Delft 2009

Vanstiouri (2012): Petroula Vantsiouri, ‘’Protecting TPM’s in the EU: A Regulation in Bits and Pieces’’, European Intellectual Property Review. http://hslib.sinica.edu.tw/sites/default/files/LW29_34-9.pdf [accessed last 9-9-2016]

Vinje (2000): Thomas C. Vinje, “Should We Begin Digging Copyright's Grave?”, EUROPEAN INTELLECTUAL PROPERTY REVIEW London. Vol. 22. No. 12. December 2000. p. 551-562

Wheeler (2009): David A. Wheeler, “F/LOSS is Commercial Software” Open Source Business Resource, February 2009, pp. 25-33. http://www.dwheeler.com/essays/commercial-floss.html [accessed last 9-9-2016]

67 6.2.3 Other sources (internet sources, opinions, reports, explanatory notes, guides, etc.) 6.2.3.1 Internet sources J. Reda,’’ EU gears up to attack whistleblowers with new trade secret laws’’. April 2016 Julia Reda,’’ EU gears up to attack whistleblowers with new trade secret laws’’ https://juliareda.eu/2016/04/trade- secrets-whistleblowers/ [accessed 9-9-2016]

Corporate Europe Observatory,” Key evidence withheld as 'trade secret' in EU's controversial risk assessment of glyphosate”, (17 February 2016). Corporate Europe Observatory,” Key evidence withheld as 'trade secret' in EU's controversial risk assessment of glyphosate”, 17 February 2016. http://corporateeurope.org/efsa/2016/02/key-evidence-withheld-trade-secret-eus-controversial-risk- assessment-glyphosate [accessed 9-9-2016]

D. Wetzel in ‘Die Welt’, “TÜV erhebt schwere Vorwürfe gegen Bundesregierung”, 23 november 2015. Daniel Wetzel , die Welt: TUV erhebt schwere Vorwurfe gegen Bundesregieriung, 23 november 2015. http://www.welt.de/wirtschaft/article149147139/TUeV-erhebt-schwere-Vorwuerfe-gegen- Bundesregierung.html [accessed 9-9-2016]

D. Breston,” Is it illegal to Jailbreak of Unlock your mobile phone”, (3 June 2015) D. Breston,” Is it illegal to Jailbreak of Unlock your mobile phone”, 3 June 2015 http://www.davidbreston.com/blog/2015/03/is-it-illegal-to-jailbreak-or-unlock-your-cell-phone/ [accessed 17-11-2016]

SCL, ‘’Game Over for Excessive TPM?: The Nintendo Ruling’’, 3 February 2014. SCL The IT law Community, ‘’Game Over for Excessive TPM?: The Nintendo Ruling’’ http://www.scl.org/site.aspx?i=ed35550 [accessed 9-9-2016]

E. Felten, The New Freedom to Tinker Movement, (13 March 2013): Edward Felten, The New Freedom to Tinker Movement, 13 March 2013. https://freedom-to-tinker.com/blog/felten/the-new-freedom-to-tinker-movement/ [accessed 9-9-2016]

Bridge,” Open Source Software – The Advantages and Disadvantages”, (4-11-2013) Rachel Bridge,” Open Source Software – The Advantages and Disadvantages”, 4-11-2013 http://entrepreneurhandbook.co.uk/open-source-software/ [accessed 4-10-2016]

K. Berry,” EU - SAS v WPL: When can you copy software without infringing copyright?”, 12 November 2012. Kathy Berry,” EU - SAS v WPL: When can you copy software without infringing copyright?”, http://www.linklaters.com/Insights/Publication1403Newsletter/TMT-News-November-2012/Pages/EU-SAS- WPL-copy-software-infringing-copyright.aspx [accessed 9-9-2016]

T.J. Heyden, “The ECJ Judgment Oracle vs. Used-Soft of 3 July 2012", (7 November 2012). Truiken J. Heyden, A comprehensive summary:“The ECJ Judgment Oracle vs. Used-Soft of 3 July 2012” http://www.tcilaw.de/en/newsroom/news/the-ecj-judgment-oracle-vs-usedsoft-of-3-july-2012/ [accessed 17-12-2016]

68 R. Ameen, “Define Source code and Object code”, (28-6-2011) R. Ameen, “Define Source code and Object code”, 28-6-2011 http://www.desktopclass.com/computer-it/define-source-code-and-object-code.html [accessed 2-12-2016]

T. Hancock, "What if copyright didn't apply to binary executables?", (28 august 2008). Hancock, Terry, "What if copyright didn't apply to binary executables?". 28 August 2008, Free Software Magazine. [accessed 9-9-2016]

Bickerstaff/Runsten, “Tivoisation and the open source debate”, (2 June 2008), Roger Bickerstaff and Jim Runsten, “Tivoisation and the open source debate” 2-6-2008, http://www.lexology.com/library/detail.aspx?g=af98fe0c-83ae-4710-9caa-4ab2688ca98a [accessed 4-10-2016]

A. Crawford, in TechTarget,” Definition Reverse Engineering”. January 2007 Arleigh Crawford, in TechTarget,” Definition Reverse Engineering”. January 2007 http://searchsoftwarequality.techtarget.com/definition/reverse-engineering [accessed 9-9-2016]

J. Cheng,"Microsoft files lawsuit over DRM crack", (27 September 2006) http://arstechnica.com/business/2006/09/7849/ [accessed 17-11-2016]

J. Pryor, “Reverse Engineering”, (13 January 2006) Reverse Engineering - Jonathan Pryor's web log, http://www.jprl.com/Blog/archive/development/2006/Jan-31.html [accessed 17-12-2016]

End-User License Agreement for Microsoft Software: Microsoft Windows XP Professional Edition Service Pack 2, (01 April 2005). Microsoft Corporation (2005-04-01). "End-User License Agreement for Microsoft Software: Microsoft Windows XP Professional Edition Service Pack 2". p.1 http://download.microsoft.com/documents/useterms/Windows%20XP%20SP2_Home_English_8e8f3fdb-6815- 4f50-b74c-e96b290209a8.pdf. [accessed 9-9-2016]

Linfo, “Kernel Definition”, (24 May 2005) Kernel". Linfo. Bellevue Linux Users Group. 24 may 2005 http://www.linfo.org/kernel.html [accessed 15-9-2016]

L. Troan. "Open Source from a Proprietary Perspective", (2005). Larry Troan (2005). "Open Source from a Proprietary Perspective" (pdf). Red Hat Summit 2006 Nashville. redhat.com. p. 10.

A. Binstock, "Obfuscation: Cloaking your Code from Prying Eyes", (20 April 2008). A. Binstock, "Obfuscation: Cloaking your Code from Prying Eyes". 20 April 2008 https://web.archive.org/web/20080420165109/http://www.devx.com/microsoftISV/Article/11351 [accessed 9-9-2016]

H.S. Obhi, “Computer Programs: Infringement of Copyright”, p.2, (n.d.). http://old.leginet.eu/articles/Computer%20Programs%20-%20Infringement%20of%20Copyright.pdf [accessed 9-9-2016]

69

Dietrich Kamlah/Matthias Hulseweg, TaylorWessing: ‘Exhaustion of "software" patents’, (n.d.) Dietrich Kamlah/Matthias Hulseweg, TaylorWessing: ‘Exhaustion of "software" patents’. http://united-kingdom.taylorwessing.com/download/article_software_patents.html [accessed 9-9-2016]

M. Carollo, “Influencers: Revise copyright law so researchers can tinker with car software”, (n.d.): Malena Carollo, “Influencers: Revise copyright law so researchers can tinker with car software“, (n.d.)http://passcode.csmonitor.com/influencers-copyright and https://atavist.com/data/files/organization/15021/image/derivative/scale~800x0~screenshot-1444758130- 91.png [accessed 9-9-2016]

Black Duck Software, "Top Open Source Licenses | Black Duck”, (n.d.) Black Duck Software, "Top Open Source Licenses | Black Duck”, (n.d.) https://www.blackducksoftware.com/top-open-source-licenses [accessed 9-12-16]

How-to-Geek. “What’s the difference between jailbreaking, Rooting and Unlocking”,(n.d.). How-to-Geek. “What’s the difference between jailbreaking, Rooting and Unlocking” http://www.howtogeek.com/135663/htg-explains-whats-the-difference-between-jailbreaking-rooting-and- unlocking/ [accessed 17-11-2016]

University of Minnesota Libraries, “Copyright’s purpose: Economics and the public interest”,(n.d.). University of Minnesota Libraries, “Copyright’s purpose: Ecnomics and the public interest”. https://www.lib.umn.edu/copyright/purpose#moral [accessed 2-12-2016]

70 6.2.3.2 (Private) institutions and Foundations European IPR Helpdesk, “How can computer software be protected”, European IPR Helpdesk, “How can computer software be protected”, 2nd paragraph. https://www.iprhelpdesk.eu/kb/1848-how-can-computer-software-be-protected-europe [accessed 9-9-2016]

European Commission, “Trade Secrets; introduction” http://ec.europa.eu/growth/industry/intellectual-property/trade-secrets/index_en.htm [accessed 9-9-2016]

IFPI, The WIPO treaties: Technical Measures IFPI, The WIPO treaties: Technical Measures, p.2, march 2003. http://www.ifpi.org/content/library/wipo-treaties-technical-measures.pdf [accessed 9-9-2016]

Explanatory memorandum for ‘Wijzigingswet 1987’, article 30 ROW 1910 Explanatory memorandum for ‘Wijzigingswet 1987’, article 30 ROW 1910, Tweede Kamerstukken 1984-1985, 19 131. Stb. 316

Commission Decision of 24.03.2004 relating to a proceeding under Article 82 of the EC Treaty (Case COMP/C-3/37.792 Microsoft) Commission Decision of 24.03.2004 relating to a proceeding under Article 82 of the EC Treaty (Case COMP/C- 3/37.792 Microsoft) http://ec.europa.eu/competition/antitrust/cases/dec_docs/37792/37792_4177_1.pdf

‘’Why Open Source Misses the Point of Free Software ‘’- GNU Project - Free Software Foundation. Gnu.org, (n.d.). ‘’Why Open Source Misses the Point of Free Software ‘’- GNU Project - Free Software Foundation. Gnu.org https://www.gnu.org/philosophy/open-source-misses-the-point.html [accessed 9-9-2016]

"Proprietary Tyrants - GNU Project - Free Software Foundation", Gnu.org. (n.d.). https://www.gnu.org/philosophy/proprietary-tyrants.html [accessed 9-9-2016]

"[Info-Gplv3] Gplv3 Update #2", Gplv3.fsf.org, (n.d.). Free Software Foundation, "[Info-gplv3] GPLv3 Update #2" http://gplv3.fsf.org/pipermail/info-gplv3/2006-February/000001.html [accessed 9-9-2016]

“Why Upgrade To Gplv3- GNU Project - Free Software Foundation". Gnu.org, (n.d.). https://www.gnu.org/licenses/rms-why-gplv3.en.html [accessed 9-9-2016]

"Frequently Asked Questions About The GNU Licenses- GNU Project - Free Software Foundation". Gnu.org, (n.d.). GNU.org Frequently Asked Questions about the GNU Licenses https://www.gnu.org/licenses/gpl-faq.html#Tivoization [accessed 9-9-2016]

"Digital Freedom Depends On The Right To Tinker", Electronic Frontier Foundation, (n.d.) https://www.eff.org/deeplinks/2016/01/why-owning-your-stuff-means-owning-your-digital-freedom [accessed 9-9-2016]

71