what's in the news

Courtesy of Thames Valley Business Magazine February 2012

The start of a new year is an opportunity to reflect on possible developments over the next year.  The legal environment of the technology sector is unlikely to see any drastic changes in the next twelve months and we expect the issues below to form the basis of much of the discussions in the next year.  Hopefully, we will see many Thames Valley firms exploiting the commercial opportunities these issues throw up.

Software Development: A 2011 judgment from the European Court is likely to give food for thought to software developers who assumed that user interfaces in computer programs cannot be protected by copyright, thereby reducing the cost of developing applications able to link with other, copyright-protected applications.  The Advocate General’s opinion in SAS v WPL suggests that there may be elements or expressions of a computer program other than object code or source code (traditionally regarded as protectable by copyright) which can also be protected-provided they form a substantial portion of the source program.

ISP and intermediaries: The injunction on BT in the Newzbin2 case showed that courts are willing to force ISPs to put reasonable measures in place to prevent access to websites which contain copyright-infringing material. The judgment in Scarlet v SABAM also shows that ISPs are unlikely to be asked to put in place blanket measures that affect all its users. Neither judgment clarifies the cost implications of these measures and intermediaries will be keeping an eye out for further developments in this space.

Data Protection: Early this year, the European Commission will publish its proposals to reform data protection law in the EU. From the draft published in late 2011, we know that some of the changes will make it easier for businesses to comply with data protection law, while others will give data subjects greater rights in relation to their personal data, as well as impose a higher monetary penalty for serious breaches. The balance struck will be vital for those businesses at the frontline of data protection, e.g. those active in developing behavioural advertising applications.

Cloud Computing: An increasingly mature technology, this is likely to see greater use by small and medium sized businesses and individuals – especially in relation to online storage of music and other data (subject to the relevant copyright licences). However, important questions such as compliance with data protection law (in particular, transfer of data outside the EU) and data portability will continue to be of relevance, with smaller businesses and individuals unlikely to have the bargaining power to negotiate material changes in a supplier’s terms of business.

Apart from the specific issues above, the current economic climate will continue to force technology businesses to get the most out of their technology and intellectual property assets and their clients to get the most out of any money spent on new technology. Appropriate licensing and purchase strategies, with an element of flexibility, will continue to be at the core of legal work in this sector.

Rustam Roy
Senior Solicitor, Technology
T: 0118 957 0180
E: rroy@pitmans.com

Pitmans hosted an evening seminar on 1 February, sponsored by Prolinx, a specialist IT security solutions provider, at which delegates were stimulated by a panel of experts who highlighted some of the current threats and challenges posed by cyber risk.

The key note presentation was made by Professor Sadie Creese of Cybersecurity at the University of Oxford. Professor Creese kicked off with the scale which faced today’s society, highlighting that by 2020, there will be 31 billion connected devices and 50 trillion gigabytes of data created. This, in turn, will result in an increasingly vast ‘attack surface’ which presents those seeking to protect cyber assets with an enormous challenge. Professor Creese, amongst other things, pointed out the scarcity of meaningful metrics in relation to data security as well as the importance of preparing to ‘respond and recover’. As part of current research, it was clear that much needed to be done to develop invaluable analytics to measure security. And that, above all, the ability to attribute an identity to hackers or intruders remained a perennial vulnerability.

Philip James, a Partner who leads Pitmans’ Data Privacy & Information Law team, explained that the World Economic Forum’s recent Risk Report now lists cyber threats as one of the top 5 most risks threatening society in terms of likelihood. Philip highlighted the risks this poses to the current intellectual property enforcement regime: in the absence of identifying culprits, it remains difficult to take criminal action against those responsible and that all that will be left will be a dispute between the victim and its suppliers as to who is to blame. In addition, investors and companies will be increasingly reluctant to invest in R&D if valuable intangible assets cannot be protected from extraction. Philip also summarised the EU’s recent draft Data Protection Regulation which seeks to introduce a much stricter regime for serious breaches of data security (calculated as a percentage of global turnover) and a concept of accountability so that data controllers are encouraged to take responsibility for the protection of personal data.

Simon Milner, Head of Cyber Risk at JLT Speciality Limited, then provided a realistic explanation of the insurance landscape and what solutions are available to customers on today’s insurance market. Simon picked up on some of the themes touched on by previous speakers including the need to develop better analytics to assist risk grading and assessment. In particular, it was clear that many in industry were not necessarily aware of the variety of products currently available in this space, e.g. to cover reputation management, legal costs and re-constitution of lost data.

Finally, Nick Baskett, Chairman of Matta Consulting, a penetration and vulnerability consultancy, provided an invaluable insight into the gaps and strengths in existing data security systems, including:

• an amusing, if scary, expose on how effective intrusion detection systems can be when they are not correctly implemented; and
• how a software house subsequently discovered (after passing on the opportunity to carry out a security audit on a number of previous occasions) that a trojan was residing in its primary code repository.

Nick then stressed the distinction between carrying out a forensic investigation following an incident dependent on whether it was necessary to collect evidence or not (and the related costs involved). 

A copy of the WEF Global Risks Report is available here.

Following the session, McAfee have also released their 2012 Threats Predictions – click here for further details.

For further discussion of this seminar or other issues, please contact:

Pitmans’ Data Privacy & Information Law team

Pitmans’ Cyber Risk Management team

Philip James
Partner, Head of Data Privacy & Cyber Risk Management
T: +44 (0) 207 634 4655
E: pjames@pitmans.com