Technology

Overview

As an important component of the Canadian economy, the booming technology industry is changing the way we do business. The major impact of technological innovations and their use by companies creates new challenges for both the companies that design and develop them and those that benefit from their implementation. The legal issues surrounding technological innovations and the business models and processes they give rise to are sometimes difficult to identify in the short term, but it is important for companies to consider them carefully to protect their rights and achieve their objectives. 

  1. A False Sense of Cybersecurity?

    Ransomware has wreaked so much havoc in recent years that many people forget about other cybersecurity risks. For some, not storing personal information makes them feeling immune to hackers and cyber incidents. For others, as long as their computers are working, they do not feel exposed to no malware. Unfortunately, the reality is quite different. A new trend is emerging: malware is being released to collect confidential information, including trade secrets, and then such information is being sold to third parties or released to the public.1 The Pegasus software used to spy on journalists and political opponents around the world has been widely discussed in the media, to the point that U.S. authorities decided to include it on their trade blacklist.2 However, the use of spyware is not limited to the political sphere. Recently, a California court ordered a U.S. corporation, 24[7].ai, to pay $30 million to one of its competitors, Liveperson.3 This is because 24[7].ai installed competing technology on mutual client websites where LivePerson’s technology already is installed. Liveperson alleged in its lawsuit that 24[7].ai installed spyware that gathered confidential and proprietary information and data regarding Liveperson’s technology and client relationships. In addition, the software which 24[7].ai allegedly installed removed some features of Liveperson’s technology, including the “chat” button. In doing so, 24[7].ai interfered in the relationship between Liveperson and its clients. This legal saga is ongoing, as another trial is scheduled to take place regarding trade secrets related to a Liveperson client.4 This legal dispute illustrates that cybersecurity is not only about personal information, but also about trade secrets and even the proper functioning of business software. A number of precautions can be taken to reduce the risk of cybersecurity incidents. Robust internal policies at all levels of the business help maintain a safe framework for business operations. Combined with employee awareness of the legal and business issues surrounding cybersecurity, these policies can be important additions to IT best practices. In addition, employee awareness facilitates the adoption of best practices, including systematic investigations of performance anomalies and the use of programming methods that protect trade secrets. Moreover, it may be advisable to ensure that contracts with clients provide IT suppliers with sufficient access to conduct  the necessary monitoring for the security of both parties. Ultimately, it is important to remember that the board of directors must exercise its duty with care, diligence and skill while looking out for the best interests of the business. Directors could be held personally liable if they fail to meet their obligation to ensure that adequate measures are implemented to prevent cyber incidents or if they ignore the risks and are wilfully blind. Thus, board members must be vigilant, be trained in and aware of cybersecurity in order to integrate it into their risk management approach. In an era in which intellectual property has become a corporation’s most important asset, it goes without saying that it is essential to put in place not only the technological tools, but also the procedures and policies required to adequately protect it! Contact Lavery for advice on the legal aspects of cybersecurity. See Page, Carly, “This new Android spyware masquerades as legitimate apps,” Techcrunch, November 10, 2021. https://techcrunch.com/2021/11/10/android-spyware-legitimate-apps; Page, Carly, “FBI says ransomware groups are using private financial information to further extort victims,” Techcrunch, November 2, 2021. https://techcrunch.com/2021/11/02/fbi-ransomware-private-financial-extort. Gardner, Frank, “NSO Group: Israeli spyware company added to US trade blacklist,” BBC News, November 3, 2021. https://www.bbc.com/news/technology-59149651. Claburn, Thomas, “Spyware, trade-secret theft, and $30m in damages: How two online support partners spectacularly fell out,” The Register,June 18, 2021. https://www.theregister.com/2021/06/18/liveperson_wins_30m_trade_secret. Brittain, Blake, “LivePerson wins $30 million from [24]7.ai in trade-secret verdict,”Reuters, June 17, 2021. https://www.reuters.com/legal/transactional/liveperson-wins-30-million-247ai-trade-secret-verdict-2021-06-17.

    Read more
  2. Do you know your open-source licences?

    Do you have the right to copy source code written and developed by someone else? The answer to this question depends on the situation; however, even in the context of open innovation, intellectual property rights will be the starting point for any analysis required to obtain such an answer. In the software industry, open-source licences allow anyone to access the source code of corresponding software, free of charge and with few restrictions. The goal is generally to promote the improvement of this code by encouraging as many people as possible to use it. Linus Torval, the programmer of the Linux kernel (certainly one of the most well-known open-source projects) recently stated that without the open-source approach, his project would probably not have survived.1 However, this approach has legal consequences: Vizio was recently hit with a lawsuit alleging non-compliance with an open-sourceGPL licence used in the SmartCast OS software embedded in some of its televisions. It is being sued by Software Freedom Conservancy (“SFC”), an American non-profit promoting and defending open-source licences. As part of its lawsuit, SFC alleges, among other things, that Vizio was required to distribute the SmartCast OS source code under the above-mentioned open-source GPLlicence, which Vizio failed to do, thereby depriving consumers of their rights2. In Canadian law, section 3 of the Copyright Act3 gives the author the exclusive right to produce or reproduce all or any substantial part of an original work. This principle has been adopted by all signatories of the 1886 Berne Convention, i.e., almost every country in the world. A licence agreement, which may inter alia confer the right to reproduce the work of another person, can take different forms. It also establishes the extent of the rights conferred and the terms and conditions of any permitted use. However, not all open-source licences are equivalent. Many allow creators to attach various conditions to the right to use the code that has been made available. Under these licences, anyone may use the work or software, but subject to the following constraints, depending on the type of licence in effect: Obligation to display: An open-source licence may require disclosure of certain information in the software or in the source code itself, such as the following: The author’s name or pseudonym, or even maintaining the anonymity of the author, depending on their wishes, and/or a citation of the title of the work or software; The user licence of the redistributed open-source work or software; A modification note for each modified file; and A warranty disclaimer. Contribution obligations: Some licences require the sharing of any modifications made to the open-source code, with said modifications being under the same licence conditions. In some cases, this obligation extends to any software that incorporates the open-source code. In other words, code derived from open-source material can itself become open-source. This obligation to contribute can generally be categorized as follows: Any redistribution must be done under the original licence, making the result open-source as well; Any redistribution of the code, modified or not, must be done under the original licence, but other code may be associated or added without being subject to the open-source licence; or Any redistribution is done without any sharing constraints. Ban on commercialization: Some licences prohibit any use for commercial purposes. Apache v2 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, or with added components, must be done under the terms of the original licence. Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes BSD Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Copyright notice Warranty disclaimer Commercial use permittedYes CC BY-NC 4.0 Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedNo CC0 1.0 Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Commercial use permittedYes GPLv3 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, or with added components, must be done under the terms of the original licence Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes, but sub-licensing is not allowed LGPLv3 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, must be done under the terms of the original licence. New components can be added, but not integrated, under other non-open-source licences Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes MIT Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Copyright notice Warranty disclaimer Commercial use permittedYes It is important to make programming teams aware of the issues that can arise when using modules governed by what are known as “viral licences” (such as the CC BY-NC 4.0 licence) in the design of commercial software. Such software could lose significant value if such modules are incorporated, making it difficult or even impossible to commercialize said software. In the context of open innovation where developers want to share their code, in particular to encourage collaboration, it is important to understand the scope of these different licences. The choice of the appropriate licence must be made based on the project’s objectives. Also, keep in mind that it is not always possible to change the licence used for the distribution of the code once said distribution has commenced. That means the choice of licence can have long-term consequences for any project. David Cassel, Linus Torvalds on Community, Rust and Linux's Longevity, The NewStack, Oct. 1, 2021, online: https://thenewstack.io. See the SFC press release: https://sfconservancy.org/copyleft-compliance/vizio.html. RSC 1985, c. C-42.

    Read more