Archive for the 'IT Law' Category

Windows close on Comet

Published January 10, 2012 In the Media , Intellectual Property , IT Law , IT Security Leave a Comment

Surrounded by Apple Macs, iPods, and iPhones, I sit in my iVory (sic) tower, happily proclaiming that Apple devices don’t get viruses

I’m therefore not entirely familiar with the concept of Microsoft Windows recovery CDs, but it seems that they are for use when your Windows, er, closes. That is, you use the recovery CD to load back up the Windows operating system if your PC or laptop crashes.

All Windows PCs and laptops used to come packaged with a recovery CD. However that practice stopped in 2008, with customers being encouraged to create their own CDs. Not all customers found this arrangement convenient however, or didn’t think about making a recovery CD until after their PC had crashed and it was too late.

Comet therefore decided to help out by manufacturing around 94,000 of the recovery CDs somewhere in a field (factory) in Hampshire.  Comet sold these CDs and generated an estimated profit of over £1m.

Microsoft’s claim
Microsoft has taken a dim view of Comet’s actions, and has decided to sue for the manufacture and sale of what it calls “counterfeit CDs”.

Comet claim that it has not infringed Microsoft’s IP. It will be interesting to see what defences it offers.

On the one hand, each copy of Windows is still only licensed for a single user. Under section 50A(1) of the Copyright, Designs and Patents Act 1988 it’s not an infringement of copyright for a “lawful user” of a copy of a computer program to make any back-up copy of it, which is necessary for it to have for the purpose of its lawful use.

On the other hand Comet isn’t the “lawful user” (the customer is), and the £14.99 they were charging looks fairly steep for simply burning a CD to help out a customer. Given that the CDs were made by Comet in advance (probably before the customer had even bought their new computer), it’s difficult to see how Comet could argue that it was acting as an agent or on the instructions of the lawful user in making the back-up CD.

Microsoft’s loss?

Under the Copyright, Designs and Patents Act 1988, if Microsoft’s claim is successful it will entitled to damages for the infringement. 

It may however difficult to quantify what loss Microsoft has suffered. Whilst apparently excessive for the the few seconds that it would take to burn a CD, the £14.99 perhaps represents the price consumers are willing to pay for someone to do the techie stuff for them. Microsoft has not lost any sales (and as far as I’m aware was not offering this service itself).

That said, this ”counterfeit CDs” action is likely to do little for the “recovery” of the precarious finances of the Comet group.

e-update on government’s response to ICB recommendations on banking reform

Published December 22, 2011 Contract Law , IT Law , Outsourcing Leave a Comment

We have today published an e-update on the government’s response to the ICB’s recommendations on structural reform of the banking sector.

The government stated on Monday that it will adopt the recommendations in full. As John mentioned in a previous blog, the proposals to ring fence retail banks will have an impact on the way in which banks structure their key IT and outsourcing contracts to ensure that the ring fenced bank’s access to key infrastructure is protected.

You can read the e-update in full here.

If you’d like to discuss the impact of the recommendations and how you might be able to structure your key IT and outsourcing contracts, then please contact Grant Campbell or John Mcgonagle, or your usual TIO Group contact.

Techblogger article on digital participation in Scotland in new Scottish policy magazine

Published December 8, 2011 Disability discrimination , In the Media , IT Law Leave a Comment

For those of you not on Twitter, I have an article in the launch edition of a new online magazine called Scottish Policy Now.

The magazine aims to provide regular news and analysis of changing government policies; regulation; initiatives and legislation and the impact of all of these on Scotland and people living in Scotland. The first issue looks at digital participation in Scotland, and follows up last month’s GovCamp Scotland conference.

You can read my thoughts on some of the policy and legislative changes that I think need to be implemented in Scotland in order to increase digital participation in Scotland by following this link. I look at the effective use of IT in the public sector, broadband infrastructure, e-accessibility and the need to effectively lobby the Westminster government and Europe on future legislation and policy.

IT upgrades and the Christmas change freeze

Published December 2, 2011 Contract Law , In the Media , IT Law Comments

The BBC is today reporting that a number of glitches with the Royal Mail’s website are causing disruption to customers in the run up to the pre-Christmas posting cut-off dates.

The problems are affecting apps on the website that allow customers to calculate the prices of letters and packages. The problems also appear to be affecting services that allow customers to pay for postage online and print out smart stamps.

Here’s what the Royal Mail says about it:

A Royal Mail spokesman said that the shutdown had been caused by a shift of online services to a new server – a process that had been ongoing for 18 months…He said the migration problems had not been anticipated before Christmas.

I can imagine the Royal Mail has a lot of unhappy customers at the moment. It seems that online retailers and mail order businesses are being particularly hit, as they use the systems when fulfilling orders. They are presumably having to use the Royal Mail’s compeititors to fulfil those orders, which won’t be good for the Royal Mail’s business.

It is for this reason that most businesses operate a “change freeze” on their IT systems around their busiest times of the year (for example the run up to Christmas for any retailer, Valentines Day for online florists etc, bank holidays for banks providing ATMs and transaction processing). No matter how much planning is done, IT projects often encounter unanticipated problems, and once the damage is done it is very difficult to pedal back to the previous release.

It is therefore just sensible practice to ensure that no system upgrades or modifications take place during or in the run up to those key periods.

Note that this doesn’t just apply to your internal IT systems, but also those of your key contractors and suppliers. Do your contracts make sure that your contractors don’t implement major changes at the time when you are most reliant upon them?

Independent Commission on Banking – contractual consequences of the ICB’s recommendations

Published November 29, 2011 Contract Law , In the Media , IT Law , Outsourcing Comment

This is an abridged version of an article that I have written for the Society for Computers and Law.

The Independent Commission on Banking (“ICB”) published its Final Report on 12 September, setting out recommendations on structural and non-structural reforms to improve stability and competition in UK banking. 

The recommendations broadly suggest that:

  • Banks need to improve their loss absorbency, by achieving more equity relative to their assets;
  • Competition needs to be encouraged; and
  • Retail banks should be ring-fenced from any wider corporate group and/or financial organisation of which they form part.

Earlier this month my Banking colleague Derek Arnott and I delivered presentations in Brodies’ Glasgow, Edinburgh and Aberdeen offices discussing the recommendations. 

Derek (a lawyer of formidable experience in this field, and a former Head of Group Legal Services at The Royal Bank of Scotland Group) discussed the recommendations from the perspective of a banking solicitor, while I focused on the implications of the retail ring-fence from the perspective of an IT/outsourcing/commercial contracts lawyer.

Recommendations of most significance to the IT/outsourcing/commercial contracts lawyer

I believe that the retail ring-fencing recommendations will have a direct impact on any lawyer who advises on corporate governance or commercial contracts.

The particular recommendations which are of most direct significance to the IT/IP/commercial contracts lawyer are broadly summarised in the following list:

  • Ring-fenced banks should be separate legal entities.
  • Ring-fenced banks should be prohibited from offering certain services and/or carrying out certain activities.
  • Any financial organisation owned or partly owned by a ring-fenced bank should conduct only activities permitted within a ring-fenced bank. Such a financial organisation’s balance sheet should also contain only assets and liabilities arising from these services and activities.
  • The wider corporate group should be required to put in place arrangements to ensure that the ring-fenced bank has continuous access to the entire infrastructure required to continue provision of its services and activities, irrespective of the financial health of the rest of the group.
  • All transactions (including secured lending and asset sales) between a ring-fenced bank and all other entities forming part of a wider corporate group should be conducted on a commercial arm’s-length basis.

Far-reaching consequences

These recommendations, and the overall concept of a ring-fence, are directly at odds with the present day corporate structures of many large banks and financial institutions.

Most financial institutions operate some form of shared service model, with one group entity contracting with suppliers on a basis that allows other group members to benefit from that contract.

The ring-fenced bank will either have to possess its own infrastructure or, if it is shared, then such infrastructure will have to be identified (which may be by no means a straightforward task) and then made available formally to the ring-fenced bank, via:

  • direct agreement with the supplier;
  • direct agreement with another member of the group; and/or
  • a member of the wider group, which contracts with suppliers, but is “bankruptcy-remote”.

Infrastructure separation of the type that is likely to be required by the ICB recommendations may feasibly involve:

  • drafting agreements to formalise supply of infrastructure services to the ring-fenced bank;
  • renegotiation of existing agreements to separate provision of infrastructure services;
  • novation or assignation of agreements to a well-capitalised, bankruptcy-remote shared service subsidiary (without assets or liabilities) to provide infrastructure services on behalf of the separated entities; and/or
  • partial or wholesale outsourcing of infrastructure provision.

Implementation

There are many questions still to be answered regarding the ICB recommendations.

The deadline that the ICB has set for implementation of its’ recommendations is 2019. George Osborne, the Chancellor of the Exchequer, has indicated that he intends to implement the recommendations and will “seek a legislative slot” in the 2012-13 parliamentary session.

What seems certain is that some sort of separation or segregation of retail banks is inevitable and, in this context, the deadline of 2019 is not that far away. Whether acting for financial institutions or their suppliers, from now on the IT/IP/commercial contracts lawyer should keep in mind what is on the horizon when negotiating or renegotiating agreements.

Legal responsibility for a robot’s actions

Published November 17, 2011 Geek Stuff , IT Law Comment

On Tuesday night I attended the launch of the Strathclyde Centre for Internet Law and Policy. The launch of the centre is in tandem with Strathclyde University’s rebranding of its renowned LLM in Information Technology Law and Telecoms (which yours truly completed in 2003), which is now known as the LLM in Internet Law and Policy.

Marking the launch was a lecture on “Regulating Robots: Re-Writing Asimov’s Three Laws in the Real World?” by Professor Alan Winfield, Director of the University of West of England Science Communication Unit, EPSRC Senior Media Fellow and Lilian Edwards, Professor of E-Governance at Strathclyde University.

The lecture sought to address legal responsibility for a robot’s actions, and whether, given the rapid advances in robotics, we need to legislate for Asimov’s Three Laws:
1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey orders given it by human beings except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

I found the topic particularly interesting because I had just read an article called “Towards new recognition of liability in the digital world: should we be more creative?” in the International Journal of Law and Information Technology, which discussed the attribution of liability for “intelligent software”. I felt that the article raised a lot of interesting issues, but its conclusion – that we need some collective form of liability taking into account the role every party plays in producing the liability in question – was perhaps impractical.

I was therefore hoping that Professor Winfield and Professor Edwards might reach a different conclusion, and they didn’t disappoint.

It’s impossible to neatly summarise an hour-long lecture, but I think they were proposing that liability for robots should arguably mirror liability for software. This would mean that the party best placed to manage risk assumes it (and insures against it), and if that a robot is subsequently hacked and causes damage, then the hacker should probably be liable for any damage caused.

As for Asimov’s three laws, the Professors acknowledged that the laws were instructive, but proposed that they should be replaced with a new five-part ethical code.

Alan Winfield was very effective at making everybody in the room think differently about “robots”. I appreciate you have probably read to this point and found the confident way I’m talking about “robots” a bit silly.  Well, it turns out that robots are already all around us!  Alan pointed out, quite rightly, that nobody speaks about the “dish washer robot” – it’s just the dishwasher! (Disappointingly the montage of sci-fi robots in Alan’s introductory powerpoint slide didn’t include Optimus Prime, but since Alan bears more than a passing resemblance to the stately Patrick Stewart, I lacked the courage to complain!) The serious point here is that as society increases its use of (and reliance upon) robots, liability for their actions is something that lawyers will increasingly need to consider.

Overall it was a very enjoyable and thought provoking lecture, and I look forward to hearing more from these speakers on this subject in the future.

Cloud Computing and the risk of Data Ransom

Published May 30, 2011 Cloud , Contract Law , Geek Stuff , IT Law Comments

There have been lots of articles about cloud computing by lawyers. Most of them: i) have a dodgy pun in the title; and ii) bang on about data protection and the risk that your data is outside Europe.

That is not what I am going to write about. Partly because it’s been done to death, and partly because I think DP law is dull (sorry Grant and other data law lovers).

I am going to talk about data ransom in a cloud or hosted environment. That is the risk that your supplier goes bust and you have to buy your data from an administrator/receiver, or that you get into a commercial dispute with your supplier and they either turn off your service or ransom your data.  Both are possible scenarios.

Remember that administrators are legally bound recover as much money as possible for the creditors. They are also not too bothered what your contract with the insolvent company says.  These facts can make them quite interesting to deal with!

On the commercial dispute side it is traditional for purchasers to manage suppliers by withholding payment on invoices or similar. But with cloud or hosted apps the power has shifted – if the purchaser withholds payment then the supplier can probably turn off the service. Gulp!  Worse imagine you have decided not to renew the contract, and your supplier starts being “sticky” about handing over your data to the new supplier. Remember “sticky” could include giving the new supplier all your data, but in an incomprehensible format.

So what do you do ?

Contractually

  • Have an obligation to get a weekly or daily back-up of your data delivered to you in a format you could decode.
  • In fact why not take advantage of virtualisation technology and get a virtual copy of “your environment” and related rights to run it on your servers. (I have been putting this in contract for about a year – so far I have not seen anyone else do this).
  • Have strong exit management provisions (preventing the supplier mucking you around on exit).
  • Have a source code escrow agreement.  Note from a “self-help” basis these are probably useless (partly) because you may not have the object code; but having the right to get the source code will give you bargaining position against an administrator/receiver *.

Practically

  • Actually Enforce any of the contractual rights described above (it is probably too late to start enforcing them once the “ransom” starts).
  • Make sure your lawyer really understands concepts such as cloud, source code and virtualisation (this is an undercover sales pitch).

Not one dodgy pun!

*  I find a lot of lawyers still ask for source code escrow in a hosted app environment (where the client doesn’t even have the object code) not because of the reasons I have outlined but simply because the turnkey contract they are using as a style has an escrow clause in it. This strikes me as fairly dumb. Rant over.

Bribery Act 2010 – have you reviewed your policies and procedures?

Published May 27, 2011 Contract Law , IT Law , Outsourcing Leave a Comment

When the Bribery Act finally comes into force on 1 July 2011 it will be the most substantial change to the UK’s corruption laws since 1916. The Bribery Act creates a new offence for commercial organisations. This is a key development for companies and other commercial organisations as an organisation will be guilty of an offence where a person “associated” with it bribes another person to obtain business or a business advantage.

Why is the new Act relevant to procurement?
The new Act is relevant not just to the “sales” side of businesses, but also to procurement, where those involved in tendering, purchasing, and procurement need to be aware of what might constitute the receipt of a bribe (and therefore an offence) under the new legislation.

Importantly, the commercial organisation will be presumed guilty if they do not have “adequate procedures” in place designed to prevent bribery.

What should we be doing?
Businesses should put in place “adequate procedures” now to minimise the risk of criminal prosecution when the Act comes into force. Your adequate procedures should set out clearly your company’s approach to, amongst other things, the giving and receiving of corporate hospitality and the rules governing your procurement processes (which may need to be updated to reflect the new laws).

How can Brodies help?
Our Regulatory Compliance team can help your organisation to plan for the Bribery Act, for example by assisting with the development of internal policies and providing training to help ensure your business is protected when the Act comes into force. If you would like to discuss this further then please send me an email or get in touch with your usual TIO Group contact.

For more information, see my colleague Susheela Math’s blog post over on Brodies’ PublicLawBlog, or our Regulatory Compliance team’s recent legal update.

Goodwill payments to customers can be a direct loss

Published August 10, 2010 Contract Law , IT Law Leave a Comment

IT suppliers should be concerned at a recent court case involving Accenture and Centrica. Accenture supplied a faulty billing system to Centrica.  This disrupted Centrica’s business and caused hassle to its customers. In order to keep its customers sweet, and although it had no contractual obligation to do so, Centrica gave its customers payments to compensate them for their hassle. Those payments added up to 8m!

Centrica tried to recover those customer goodwill payments from Accenture. Accenture resisted because it thought those losses were covered by a clause in the IT supply contract that said that Accenture would not be liable for indirect or consequential losses. 

Lawyers love a good bun fight over whether a loss is direct or indirect.   Believe it or not (and you probably will), the landmark case on the subject was decided back in 1854.   

There is a lot of complex law behind the judgement – but the headline is that the Court found that the goodwill payments were not “indirect or consequential losses”, and thus were not excluded by the clause. 

It’s not the end of the line for Accenture as the court was only looking at points of principle. It is still to decide whether Centrica can actually recover these payments on the facts of the case.

So if you are an IT supplier working in the utility or banking (or similar) sectors you may want to specifically exclude or cap liability for goodwill payments (also known as “ex gratia” payments) made by your client to its customers. 

Although the article was mostly written by Fiona Murdoch – one of our professional support lawyers.

What is my company worth?

Published July 20, 2010 IT Law Comment

This is the question that crops up most when chatting to technology entrepreneurs. The answer is ”What someone is willing to pay”.  So how do investors or buyers work out how much to pay?

Firstly, investors will have in mind a rate of return on their money which substantially outperforms the stock market.  History shows that only 2 out of 10 companies which had serious potential will make it. So this will be factored into the investor’s expectations as to rates of return.  Your financial projections therefore need to show growth and returns which will exceed these minimum expectations.

All business plans I see have the usual graph showing the hockey-stick-shaped growth curve. However, it needs to be substantiated.

Most investors will assess a company’s potential by considering the market and working backwards from there – and so should you. The size of the overall market; market demand for the product; likely market share; timeframes before sales into the market; internal and external risks before having a robust market-ready product; barriers to entry for the competition following launch of your own product – all these will have a bearing on what an investor would be willing to pay for a slice of your company.

Whilst every investment proposal is different, I could probably predict, based on statistical evidence, what share of your company you are likely to have to give to investors on each funding round.  I could also predict the average timescales for securing your investment – which have progressively lengthened each year since the dotcom bubble burst (along with timeframes for likely exits).  Combine the statistical evidence on likely dilution on each funding round with the timeframes for raising money – you soon realise that you should be trying to raise as much money during the funding round as may be required to achieve your objectives.  You should certainly be ensuring that you are raising enough to fully fund your business plan or at least hit significant milestones, with some margin for error.  The most common problem is raising money to see your business through a minimum period without considering whether (at the end of that period) the value of the company will have been enhanced by the achievement of key objectives, either in terms of product-development or market penetration.

Coming back to valuations, it may be that your investor is sceptical about your ability to meet your business plan objectives – hence is suggesting a lower valuation than you believe your business plan justifies.  One way of bridging this valuation gap is to agree to disagree on the initial valuation. Give the investor his share of the company based on his valuation, on the understanding that (if your assumptions turn out to be correct) the shareholding will be re-balanced so as to give management a greater share of the overall pie.  This is a win-win situation where management are incentivised to perform and investors have the comfort of knowing that they have not overpaid at the outset.

Ultimately, no-one (be it management, investors, founders) will see any returns unless the team brings the company over the finishing line. This might be a sale of the company to a competitor or customer; floating the company on the financial markets; selling your key technologies. That will be the true test of whether the original valuation assumptions were correct.

Will McIntosh

Next Page »

Twitter: @BrodiesTechBlog feed

 

February 2012
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
272829  
Follow

Get every new post delivered to your Inbox.

Join 135 other followers