Legal update on information and communication technology - July 2012
- Download the article 318 kB PDF
Telecom's XT network and Aldous - the crucial importance of software escrow
According to media reports, the failure of a small IT company may jeopardise Telecom's XT network. Aldous Software is a small UK software producer that is in receivership. Aldous had licensed software to Telecom that underpins Telecom's XT network. The receiver for Aldous wants to sell Aldous' assets, including the relevant software. Apparently Telecom had entered into a source code escrow agreement with Aldous but it is alleged Aldous did not comply with its obligations to lodge up to date copies of the source code with the relevant escrow agent. Telecom has sought an injunction to prevent the sale of Aldous' IP assets.
We only know what has been reported in the media, but the case does appear to reinforce just how crucial it is to (a) put source code escrow arrangements in place to protect software licensees from the failure of licensors AND (b) monitor those arrangements regularly to ensure they are being complied with. Source code deposited with escrow agents should ideally be inspected and tested from time to time to ensure it is current and complete. Telecom might well deal with this problem by simply buying Aldous' IP assets from the receiver. Of course, not every licensee has the means to do that.
Do you "like" those odds? Running promotions on social media platforms
Nearly every sales promotion or competition seems to have a social media angle to it these days. Getting customers to enter a prize draw simply by 'liking' a brand's Facebook page, following them on Twitter, or uploading a video to YouTube may be effective, inexpensive and easily-administered, but also may fall foul of the platform owners' terms and conditions, with which the promotion must comply.
Facebook's current terms, available here, state that businesses wishing to run a promotion on Facebook must not use any Facebook features or functionality (such as liking a brand's page) as the promotion's "entry mechanism" or "voting mechanism". A promotion may require an entrant to like a page, check into a place or connect to a Facebook app as a condition of entry, but these can't be the "sole" or automatic condition of entry. In addition, Facebook prohibits notification of winners through Facebook channels (such as private messaging or wall posts).
Facebook's terms do allow promotions to be administered within "Apps on Facebook.com", meaning that businesses can replicate Facebook features and functionality within specifically developed apps that sit on a brand's Facebook page – though this requires a level of investment that may be off-putting to some would-be promoters.
Facebook also requires that businesses set out terms and conditions, that must include:
- A complete release of Facebook by each entrant or participant
- Acknowledgment that the promotion is in no way sponsored, endorsed or administered by, or associated with, Facebook
- Disclosure that the participant is providing information to [disclose recipient(s) of information] and not to Facebook.
YouTube also has a comprehensive set of policies and guidelines for running promotions via their service, see here. Some of the more onerous rules are:
- You may not utilize channel functions, such as video likes or view counts, to conduct the promotion
- You cannot ask the user to give all rights for, or transfer the ownership of, their entry to you
- Your contest must be a game of skill (i.e. it may not be run as a "draw" or lottery) where the winner is determined by a set of clear judging criteria
- YouTube has the right to remove your contest for any reason
- Your rules must clearly state that YouTube is not a sponsor of your contest and ask users to release YouTube from all liability related to your contest.
Finally, Twitter's terms allow businesses to run promotions over Twitter, so long as they do not contravene the Twitter Rules or applicable laws. Twitter also publishes a set of "Guidelines for Contests on Twitter", available here.
As can be seen from the above, the rules imposed (especially by Facebook and YouTube) may be both restrictive and onerous. Social media sites also tend to alter and update their terms and conditions quite regularly, so the rules can change at any time without notice.
At any given time thousands of competitions are running on social media sites in apparent breach of the relevant terms. This suggests that most social media providers take a fairly relaxed approach to enforcing these rules. However, all it takes is a few high profile complaints or a change in approach from management before pages or accounts start getting shut down without warning.
With this in mind, businesses should be sure to check the relevant social media provider's terms and conditions carefully before running a promotion via their service, and make sure their promotion meets all the relevant requirements. Otherwise, they risk their promotion being cancelled, and their brand "trending" for all the wrong reasons.
IITP launches New Zealand Cloud Computing Code of Practice
In May the Institute of IT Professionals (IITP) (formerly the New Zealand Computer Society) published its "New Zealand Cloud Computing Code of Practice".
The Code applies to businesses that offer remotely hosted IT services of any type, either to New Zealand or within New Zealand, that meet the Code's definition of "Cloud Computing". Cloud Computing is defined as "On demand scalable resources which are provided as a service such as networks, servers and applications, that are accessible by the end user and can be rapidly provisioned and released with minimal effort or service provider interaction".
Compliance with the Code is voluntary and disclosure-based. This means that service providers apply for compliance with the Code by submitting the required disclosure information to the IITP. Participants complying with the Code can use a compliance logo to demonstrate their compliance with the Code to the public and will be recorded on a register managed by the IITP.
To comply with the Code, participants must disclose information about their cloud service, such as: who will own information supplied by the client to the service provider; where will hosted data be located; how can the client's data be accessed and used by the client, service provider or third parties; how often will the service provider run back-ups of the client's data; what are the service provider's standard hours of support; and what process will be used to notify the client of a data breach.
The IITP will officially launch the Code in August and will at the same time introduce the full guidelines and supporting procedures.
Joy Cottle noted at a recent IITP event that New Zealand was one of the first countries to develop such a Code and several countries had expressed an interest in using the Code as a model.
Read the Code here
No copyright protection for software functionality
The European Court of Justice recently confirmed, in a reference from the High Court for England and Wales, that the functionality of software is not protected by copyright (SAS Institute Inc v World Programming Ltd Case C-406/10 of 2011). The finding was based on the principle that copyright only protects how ideas are expressed, not the ideas themselves. The position is the same in New Zealand, where the so-called ideas/expression dichotomy is well recognised (see Bleiman v News Media (Auckland) Ltd  2 NZLR 673 (CA)). In addition, certain copying of software is expressly permitted under sections 80A-80C of the Copyright Act 1994.
However, the issue of the extent to which copyright should protect even "expressions" of ideas in relation to software is not free from controversy. A developing issue in this area is what happens when the particular expression of functionality (the expression being protected by copyright) is the only way to express the relevant functionality (which is not protected by copyright). In the United States, the "merger doctrine" says that there is no copyright protection for the expression if that expression is the only way to express the idea (Oracle America, Inc v. Google Inc, Case No. 10-03561 WHA). The merger doctrine has been expressly rejected in Australia, but the recent case IceTV v Nine Network ((2009) 239 CLR 458) may indicate a change in approach to the existence of copyright in Australia, at least for compilations like a TV programme guide. In IceTV, three of the Judges held that IceTV, in creating its own TV programme guide based on Channel Nine's schedule information did not infringe copyright because the "expression [of IceTV's guide] was essentially dictated by the nature of the information". The Court held that there was no copyright in the time and title information in Channel Nine's programme guide so IceTV could not infringe by copying that information. The Court also emphasised that there is no copyright in facts alone.
The New Zealand courts have not yet taken a position on the merger doctrine, but have in the past taken a sympathetic approach to the copyright protection of works that institute a commonplace idea (for example in Land Transport Safety Authority of New Zealand v Glogau  1 NZLR 261 (CA) taxi log books were held to attract copyright). In New Zealand the level of originality required for copyright to exist in a work has traditionally been quite low, or "not high" as the Court of Appeal once said. Against this background it is uncertain how a New Zealand court would decide the IceTV case. For example, a New Zealand court might hold that there was copyright in Nine's time and title information but hold that, as was indicated in Glogau, the low level of originality of the source material did not support an inference of copying. Alternatively, the court might hold that copying had taken place (and thus infringement) but take into account, in setting any remedy for infringement, the limited ways in which that information could realistically be expressed in a programme guide by IceTV.
If you wish to protect an idea or functionality of software, you would ideally register a patent. Of course, under the Patents Bill currently going through Parliament, patents for software will be prohibited. Therefore, the extent to which software attracts copyright protection under New Zealand law is likely to remain topical until such time as the New Zealand courts consider this further.
Employer uses monitoring software to collect personal information
In June, the Privacy Commissioner issued a case note about an employer who used key stroke log-in software as part of an investigation into an employee's conduct. The software enabled the employer to access emails from the employee's web-based personal email account, and some of which the employer viewed and copied.
The Privacy Commissioner found that, in principle, it was acceptable for the employer to collect information from the employee's work computer, as this was clearly spelt out in the employment agreement and employee manual. However, collecting key stroke information was going too far in this case, as this was not clearly provided for, so employees were not aware they might be monitored in this way.
The Privacy Commissioner also found that going into the employee's personal email account was unacceptable. Not only did the employer's manual not cover personal email accounts, but the information in the emails was not relevant to the employee's employment. The Privacy Commissioner acknowledged that there will sometimes be exceptional circumstances that justify going into an employee's personal email account, but this case was not one of them.
This case emphasises that an employer needs to be very clear in its policy about the type of information that it may collect, and the possible sources. It also confirms that an employer can only collect personal information about an employee where that is reasonable and necessary for reasons connected with the employee's employment
The receivers who never received: Service by email and the Electronic Transactions Act 2002
As Buddle Findlay reported in its recent Insolvency Law update, in Re Hurlstone Earthmoving Limited (in receivership and liquidation): Petterson v Gothard (No 3)  NZHC 666, the liquidator of Hurlstone Earthmoving Limited sought orders under section 37 of the Receiverships Act 1993 compelling the receivers to provide company documents and information about the company's affairs after they had failed to comply with a notice under section 261 of the Companies Act 1993.
The Court had to consider whether the notice of failure to comply with the liquidator's request had been validly served on the receivers. The liquidator sent the notice to the receivers by email. The receivers used an external provider to filter incoming email. However, due to technical problems, the email was received by the provider's email server but was not sent onto the receivers' email server and so did not arrive in the inboxes of the intended recipients. This meant that the receivers did not receive the notice until after the date for compliance had expired.
In relation to this issue, the Court held that section 11(a) of the Electronic Transactions Act 2002 had been triggered. Section 11(a) of the Act provides that an electronic communication is taken to be received "in the case of an addressee who has designated an information system for the purpose of receiving electronic communications, at the time the electronic communication enters that information system". Heath J likened the facts of the case to a situation where a paper-based letter is delivered to an office but lies unopened on the intended recipient's desk during a period of absence.
On this basis, the Court held that the notice had been validly served, therefore the notice had expired and it was open to the liquidator to apply to the Court to compel the receivers to provide the documents. However, despite the fact that the request was not oppressive and the notice had been validly served, the Court decided to exercise its wide powers regarding relief where there has been a failure to comply with a section 37 notice to extend the time period for the receivers to comply with the notice.
ICANN bares all on gTLD "reveal day"
We reported last August on the new generic top level domain names (gTLDs) being made available by ICANN (the body in charge of the internet domain regime), which would allow for additional internet domain names beyond the currently available range of suffixes, such as .com, .net, .org and so on. Instead, internet address names will be able to end with almost any word in any language (.sport, .music etc), including brand names (.apple, for example).
ICANN invited applications for new gTLD strings from 13 January until 30 May this year, culminating in 'Reveal Day' on 13 June, when ICANN revealed the list of 1,930 gTLD applications it had received (each accompanied by a US$185,000 application fee). The full list can be viewed here.
The hefty application fee – as well as ICANN's promises to operate a trademark clearing house to deal with allegations of trademark misappropriation – seem to have deterred would be cyber-squatters, with almost all the specific brand name gTLDs (such as .bmw and .gucci) being applied for by the relevant brand owner.
However, there have been multiple applicants for some less specific gTLD strings – like .shop, .flowers or .books. The successful applicants of those strings will be able to sell second level domain names for their string. So, for example, the owner of the .bank string will be able to sell www. bnz.bank or
www. westpac.bank to interested parties. Brand-owners therefore need to remain vigilant once the new gTLDs go live, by keeping an eye on second level domain allocations. Trademark owners can obtain a first right of refusal on second-level domain names using their marks by registering them on ICANN's Trademark Clearinghouse (due to launch in October 2012, and at a cost of approximately US$150 per mark).
ICANN is now embarking on a detailed evaluation process, during which it will consider the merits of each application received. Applications have been placed in "batches" of 400-500 applications, and ICANN has indicated that evaluation of each batch will take approximately five months to complete.
Where more than one applicant remains for any given gTLD string after the evaluation process, and if the applicants are unable to resolve the issue between themselves, an auction will determine the successful applicant, with some of the gTLDs expected to fetch millions of dollars.
Anyone wishing to submit comment on a proposed gTLD string may do so during a Public Comment Period, which runs until 12 August 2012. Formal objections – such as where a particular string is confusing to another gTLD, or where a string might infringe the objector's legal rights (such as their trademark) – need to be filed before January 2013.