Does trade secret protection cover reverse engineered products/services?

質問

Hi! If company A has valuable tech or information protected as a trade secret, could A sue company B if B reverse engineers the technology or publishes or uses the information, assuming that B never actually had access to the protected tech/information?

When a startup chooses to protect its IP as a trade secret, -- and I have heard that this can be a financially sensible alternative to patents/trademarks etc. -- does that not constitute rather weak protection, if any competitor can just use the same product as long as they can more or less figure out the underlying technology? In a lot of cases, it should not be that hard to catch up with first-movers. Should startups then even consider trade secret protection?

or

回答: 2 public & 0 非公開

F56b616a4f
弁護士

The question you ask seems to concern, especially - at least that's what I understand - the protection of parts of the source code of a computer program which are not disclosed to the public and therefore secret, whose user needs to make it work - for example, for purposes of implementation of interfaces, read files formats, share files between different architectures, correct errors ("debugging") etc ... - in the light of that it is called the "reverse engineering" (or the "disassembly").

We know that the object code, which is accessible to the user, is usually enough to use and run software on a computer. However, only certain information that is contained in the source codes that are not accessible via the GUI of the computer program - and therefore secret - are absolutely essential and must necessarily be analyzed to be « recovered » and then « migrate » from a software to another and allow what is called « interoperability ».

While it is always possible to get such information from the object code without the need to transform it (e.g. using analysis methods as tracing line consisting of examining tep by step the results of the running of the software), to reconstruct the source code. But in reality, we must conduct a comprehensive analysis of relevant software to achieve this result, which presupposes a « decompiling » (reverse ingineering).

The question then arises - and is a constant source of controversy among specialists – is how far the reverse engineering can go without affecting hidden information the source code that is only protected by trade secret and without becoming illegal. And what are the parades.

The laws, as you know, depend on countries that enact them. But I think I can say that the principle of the matter is the same everywhere: only decompilation information necessary to create interoperable software ("fair use") that are not available by the duly authorized user to use the software (through a particular license) is allowed or tolerated. And the use and disclosure of interfaces obtained by decompilation are only permitted for the development, maintenance and use of other interoperable computer programs created independently. In this case, one can venture to say that the decompilation, which would be made by "B" without permission of "A" remains lawful because it allows only ensure data exchange with competing software. That principle is clear from the French and Swiss laws for example.

The reasoning is similar if the software itself is included in a process or product that is patented and the patent does not disclose the information source code, partly because it is part of the know-how unpatented accompaniment. Reverse engineering of the said process or product will allow "B" to find the information needed to run the software and it will be lawful only if it allows "B" to ensure data exchange with competitors.

Although the patent discloses the information object of the source code and "B" has access to it through reverse engineering, you should know that certain patent laws such as the French and German patent laws for example provide for an exception to the patentee's monopoly as regards the acts done for experimental purposes relating to the subject matter of the patented invention. It follows tha the choice of the patent that you promote as opposed to the trade secret is not necessarily the right solution.

The answer is more difficult to make if reverse engineering made by "B" goes beyond the creation of interoperable software, for example because it aims to find security gaps, correct flaws or check hacking suspicions.

In any case, we can say that the transmission of data to third parties and the restoration of the functioning of a computer, for commercial purposes, obtained by decompilation and which are not necessary for the use of software, without the authorization of the regular owner of the sofware, are perfectly illegal in that they go beyond the single product analysis. And thus the commercial exploitation of these data and similar software on these bases is necessarily objectionable in that it discloses a secret illegally obtained.

Several routes are then offered to "A", depending on the applicable law and the opportunities that present themselves to him:

• Tort way:

• a copyright infringement action (the software is protected by copyright in Latin countries like France and most European countries) and/or patent infringement action (in the US, software protection through the patent stems from the law, it is not necessary that they be included in a broader package to be protected by patent) against "B" , regardless of good or bad faith. These actions may, however, be difficult because it is not always easy to identify the parts of the source code that are really protected by copyright or that are claimed by the patent,

• an action for unfair and/or parasitic competition against "B" provided to establish its civil wrong, the reality of the damage and the existence of a link between the fault and the damage.

• Criminal proceedings: criminal responsibility commitment to "B" (in some countries like France for example, the disclosure of a trade secret is criminally punishable), subject to establish its fraudulent intention (intention of "B" to harm "A").

So you can see that, as the case, legal actions are possible to try to protect the information in the source codes that was kept secret and is disclosed by "B" without the authorization of "A", even if the software in question is not patented or or independently of patent protection.

Technical parades are also possible as the use of cryptographic techniques to make reverse engineering more difficult, but they are not infallible …

Could you tell me a little more to continue this discussion and determine the most appropriate solution ? ...

Sincerely yours,
Simon

最近の質問