Reverse engineering of software – legal boundaries?

Reverse engineering of software can be defined as ‘to copy the function of a program, without having access to the original source code’.  In Australia copyright subsists in original works including computer programs as defined in section 10 of the Copyright Act 1968 (Cth) (Act).  The term ‘computer program’ is defined in section 10 of the Act as as a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result.  The Act and its interpretation by Australian courts provides some protection against reverse engineering of software, but only to a point, beyond which it is necessary to have end users agree to specific terms in order to protect the intellectual property contained within the program.

Infringing vs non-infringing reverse engineering

In the late 1990’s, a company called PowerFlex Services Pty Ltd developed a program that would be compatible with another program, in which the copyright was owned by another company – Data Access Corporation (Data Access). Data Access initiated proceedings against Powerflex on the basis that it had infringed its copyright on several grounds – Data Access Corporation v Powerflex Services Pty Ltd (1999) 202 CLR 1 (Powerflex).  The case was appealed to the High Court, and the judgment serves as authority to distinguish between “infringing reverse engineering” and “non-copyright infringing reverse engineering”.

Infringing reverse engineering

One of the alleged infringements by Powerflex involved a compression table which Powerflex’s program used to decompress Data Access files.  PowerFlex did not have access to Data Access’s original compression table, but instead used an “ingenious method” (explained at paragraph [117] of Powerflex) to reverse engineer a table which performed the same function.  Powerflex’s development of that reverse engineered compression table was found to infringe Data Access’ copyright in its original table as the table was held to be a “literary work” as defined in section 10 of the Act.  It was not necessary for the table to be in a visible form as provided by Gleeson CJ, McHugh, Gummow and Hayne JJ at 121.

Non-infringing reverse engineering

Another alleged infringement in Powerflex involved macros which Powerflex had written.  Again, Powerflex did not have access to Data Access’ original code, but this time wrote a program which performed the exact functions as Data Access’ macros.  Powerflex’s source code was not identical to Data Access’ source code, but this fact was not disputed as the High Court could have determined that it was an ‘adaptation’ within the meaning of section 10 of the Act.  The legal issue which distinguished this non-infringing reverse engineering from the infringing reverse engineering is that Powerflex copied the function of the program, and not the code.  This is known in copyright law as the ideas/expressions dichotomy, a concept professional internet lawyers will understand and be able to litigate on.

Reverse engineering “ideas” vs reverse engineering “expressions”

Generally, where a computer program is reverse engineered by copying the idea of the function presented in the program code, the original computer programmer’s copyright is not infringed.  Where a computer program’s expressions in code are reproduced or adapted (including into a different computer programming language), the original computer program’s copyright is likely to be infringed.  This means that where reverse engineering occurs by “clean room” design, Australian courts are unlikely to find that there has been an infringement of the original author’s copyright.

Using licence agreements to protect against reverse engineering

In the 2012 case CA, Inc. v ISI Pty Limited [2012] FCA 35, a software company called CA Inc claimed copyright infringement and breach of confidence when another company, ISI, created rival software.  Those that had developed the rival software for ISI had had access to CA’s software and user manuals as contractors for third party companies who were licensees of CA’s software.   Licensees of CA’s original software were required to sign confidentiality clauses which included a clause that specifically prohibited reverse engineering the software.  The prohibition on reverse engineering required licence holders not to:

“… change, disassemble, decompile or otherwise reverse engineer the Licensed Program in order to create or attempt to create a corresponding source code …” (clause reproduced in full at [388])

Additionally, each of the user manuals contained a warning which put readers on notice that the information contained within them was confidential and subject to licence.  The court determined that in this case, CA’s copyright had been infringed in only two (2) instances, in ISI’s copying of its macros.  However as a result of its licence agreement and warnings on its manuals, the court found that CA’s confidence had been breached by the misuse of its confidential information by ISI in six (6) instances. Four (4) instances related to misusing CA’s confidential information contained within its macros source code by ISI in the creation of its macros.  Two (2) further cases however related to instances of misusing the confidential information in CA’s user manuals to create the programs. The case highlights the need for care in drafting the terms of Licence Agreements to ensure that confidential information can be identified with sufficient precision, so as to protect the function, and not merely the coded expression of the source code from reverse engineering.

Links and further references about reverse engineering of software

Cases on reverse engineering

Autodesk Inc v Dyason (“AutoCAD case”) (1992) 173 CLR 330

CA, Inc. v ISI Pty Limited [2012] FCA 35

Data Access Corporation v Powerflex Services Pty Ltd (1999) 202 CLR 1

Need a technology lawyer to advise on reverse engineering of software?

If you need advice on protecting your intellectual property against reverse engineering, including advice on licensing or copyright, contact us for a confidential and obligation-free discussion:

Disclaimer

This article contains general commentary only. You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstance.

---

Related insights about reverse engineering

---