Key IP Challenge: Protecting Vehicle Software

Computer files need to be protected against hacking, copying and other unauthorized use. Here are some ways to do that.

Jake Grove

April 6, 2017

7 Min Read
Key IP Challenge: Protecting Vehicle Software

Your car is filled with computer technology. It runs dozens of computer modules with sophisticated computer files including both software and data files.

The computer modules control your automatic transmission shifting, fuel injection, airbag deployment, navigation and entertainment systems.

OEMs and their suppliers program the modules with computer files and protect these files with software “locks” to prevent tampering.

But they often create upgrades that are distributed to existing vehicles and pushed onto the modules through these locks to upgrade the functioning of the modules. These computer files need to be protected against hacking, copying and other unauthorized use.

Following are several ways to protect the files and strategies to enforce those protections:

  • Patents. Patents can provide broad coverage for software and the functionality it performs, but they can be expensive to obtain and enforce, particularly in these days given the popularity of patentable subject matter challenges.

  • Copyrights. Copyright protection is narrower than protection under patents, but is much less expensive and can be obtained quickly. Usually copyright protection is sufficient because the accused infringers are copying rather than rewriting.

Many don’t realize it, but under the law, copyright infringement can occur whenever someone loads a copy of a file from storage into RAM for typical use. This involves making an electronic copy, which is infringement if the copying is not authorized.

The copying is not authorized even when the person using the software has a license if the user exceeds the terms of the typical license by reverse-engineering, decompiling or otherwise analyzing the files. This often trips up competitors and infringers who don’t realize they may be infringing in this way. They may obtain a lawful copy of computer files, but then breach the End User License Agreement when they open the files for the purpose of reverse engineering.

One challenge with copyrights is they must be registered with the Copyright Office as a precondition to filing a copyright-infringement lawsuit in federal court. Sometimes this is tricky when there are many different versions of software and many different software items to be protected. The copyright owner must decide on a strategy to register copyrights it wants to enforce.

If the owner has many files or versions to copyright or if the software has multiple authors, then careful thought must be given to the registration strategy to save money and time. Normally, registrations can be obtained in six to nine months. Expedited registrations can be obtained in a week or two, but there is a hefty fee.

Also, applicants need to consider how much of the code to submit as the deposit copy. Applicants usually only submit a portion of the files and maintain the rest as a trade secret. If multiple people worked on the files, this may create ownership issues.

Finally, request that programmers add deliberate errors into the code to set a trap for infringers. Sometimes these are called “Easter eggs.” This is helpful in court, because infringers cannot explain why they copied a blatant error.

  • Trademarks. If trademarks are on or in computer files and the infringer copies the files, this could result in a trademark infringement and unfair competition under the Lanham Act. If trademarks are visible to end users (e.g. they appear on a screen image somewhere at some point during the operation of the software), then end users might think the illegal copies are authorized by the trademark owner.

  • Trade Secret Protection. Not all computer files can be protected with copyrights, because some do not involve sufficient originality or creativity. But if the files come from proprietary data collection, computation or analysis, they can qualify as trade secrets because they are useful, valuable and not readily available to the public. They can be protected as trade secrets if the owner takes some measures to protect them, such as encrypting them or storing them in a secure place.

  • Technological Measures. Technical people know various ways to protect computer files with password schemes, handshake exchanges and the like. You should request they do this so the files cannot be accessed or activated unless an authorized user has the necessary password or key. Keep logs of exchanges with subscribers and other people accessing your computer files so you can keep track of who you are dealing with.

  • Contracts. Often, manufacturers need to allow other parties to copy and use the software in an authorized way. This is common in the service environment, where dealers and service technicians need to program the modules with computer files or upgrade the files on the modules. They usually do this by purchasing a web-based subscription to computer files and upgrades from the manufacturer. In such a case, the customer accesses servers operated by the manufacturer after finalizing an agreement with detailed terms of use and making payment.

  • Infringement Claims. This is often the first set of claims to bring – and the core of a case: copyright infringement, patent infringement and trademark infringement.

  • Illegal-Circumvention Claims. If you use technological means for protecting the computer files – password schemes, handshake exchanges and the like – and infringers break through or circumvent the protections to get at the files, this can constitute a violation under the Digital Millennium Copyright Act.

  • Trade Secret Misappropriation Claims. If your computer files are valuable and reasonably well-protected – with encryption, for example -- you can bring claims for misappropriation under state statutes and now the new federal statute.

  • Computer Fraud and Abuse Claims. These claims can apply if the infringer is hacking into your systems to make copies or otherwise accessing your system without proper authorization. This could include posing as an authorized user or subscriber. If you include terms of use for the subscribers, this can help.

  • Overcome Personal Jurisdiction Challenges. Sometimes the infringers are well outside the jurisdiction -- perhaps in China -- and will try to evade a lawsuit in a given federal district with a motion to dismiss for lack of personal jurisdiction. You can defeat such a challenge in a variety of ways.

First, if the infringer is accessing your systems and the illegal activity (e.g. copying) happens where your system is located, then the infringer is reaching into that jurisdiction to commit a tort.

Second, make sure your End User License Agreement has a jurisdiction term so that when the user clicks to accept the terms of the EULA, he or she agrees to jurisdiction in the place of your choice. If the infringer makes a copy of a computer file after clicking through a EULA, this can help persuade the court that jurisdiction over the infringer is proper.

  • Use Technical Experts Early – Even Before Filing a Complaint. Technical experts can assist you in drafting a powerful demand letter or complaint. They also can help you understand where and how the infringement is happening; develop the evidentiary basis of your case; and tap communications with the module to see what packets of information are being exchanged with the module.

In addition, technicians can provide assistance to:

  • Evaluate the information to see whether it is encrypted and, in some cases, decrypt the information.

  • Establish where the information may be coming from, for example a cloud server or some other specific IP address.

  • Establish how the infringer is communicating with the module and whether it has a key, handshake or other way to circumvent anti-tampering locks on the module.

If you end up in court, this kind of evidence can be very powerful. It’s especially helpful in the era of the Iqbal and Twombly cases from the Supreme Court, where plaintiffs must now plead facts establishing a plausible cause of action.

You can expect the infringer to challenge your complaint with a motion to dismiss for failure to state a claim.  But if you plead facts with the assistance of an expert, you are more likely to avoid such a challenge.

With the advance of technology, we expect to see more devices using more embedded computers running more computer files for optimal operation in automobiles, medical devices, home security, appliances and many other areas.

More and more, we also hear about “the internet of things” and this is it: interconnected computer-operated devices running software files. With the advances in communications technology, we expect to see increasing access to these embedded computers – wireless and otherwise.

If you don’t want to be the company whose product was hacked and driven into a ditch or whose computer files were copied and resold by someone else, the above considerations can provide some essential protections against copying, infringement and hacking.

Jake Grove concentrates his practice in patent, trademark, copyright and trade secret matters. He can be reached at [email protected] and 249-723-0343.

You May Also Like