Secrets on wheels: two automotive confidentiality actions

The Courts in England and Wales have recently addressed confidentiality issues in two cases, each of which coincidentally involves cars. By way of contrast, the first case deals with ways of making cars go faster, while the second concerns ways of preventing them from going at all.

In the first case, yesterday, the Court of Appeal marked out what is probably the end of the road for Force India Formula One Team Ltd v Aerolab Srl & Another [2013] EWCA Civ 780, an appeal that has been trundling along in the middle lane for 15 months since Mr Justice Arnold gave judgment at [2012] EWHC 616 (Ch). At trial, Arnold J found that the defendants had misused Force India's confidential information but awarded just €25,000 instead of the £13-15 million the claimants were hoping for. All three Court of Appeal judges (Lords Justices Lewison and Briggs and Sir Stanley Burnton) agreed that Force India's appeal should be dismissed.

According to a very excited press release from the defendants' solicitors Withers, in relevant part:
Proceedings between the parties ... began in 2010 when FondTech (formerly known as Aerolab), an Italian aerodynamic engineering company and specialist in providing wind tunnel services to Formula 1 racing teams, brought a claim against Force India for over €800,000 in unpaid fees. In return, Force India commenced a claim for misuse of confidential information and design right infringement against FondTech and Team Lotus (now known as Caterham F1) whom Fondtech had begun to provide services to following the breakdown of its relationship with Force India.

At trial, Force India’s claim was put on the basis that FondTech and Caterham F1 had conspired to misuse Force India’s confidential information in the aerodynamic system of its 2009 Formula 1 car. In his judgment, however, Mr Justice Arnold said that Force India had not ‘come close’ to establishing a conspiracy and that the instances of misuse of confidential information by FondTech’s employees amounted to no more than opportunistic short-cut taking.

Force India pursued an appeal on the grounds that the Judge had misapplied the law to his findings of fact and that FondTech should have been required to compensate Force India for access to its complete body of confidential information relating to its 2009 car, which they valued at several million pounds.

The Court of Appeal rejected this approach. In delivering the leading judgment, Lord Justice Lewison found that having heard the evidence of multiple witnesses on behalf of FondTech, and Force India having had complete access to FondTech’s documents, the Judge was entitled to make the findings he had at the trial on the basis of the case which was argued before him. It was not open to the Court of Appeal, in the circumstances, to disturb those findings or to make findings in relation to an alternative case which had not been argued before the trial Judge or put to witnesses during the course of cross examination [whether the Court of Appeal can ignore, vary or generally improvise upon the findings of the trial judge is a bit of a hot topic at the moment: see earlier Katposts on Lumos here and Fine & Country here. Neither of those decisions was mentioned in this case. A clear and intelligible expression of what the Court of Appeal is obliged to do, allowed to do or prohibited from doing to an IP judge's findings of fact would be very much welcomed].

Tim Bamford, partner in the Intellectual Property team at Withers LLP comments:
“... The facts surrounding these issues in this case are a good illustration of how the legal formalities can easily be overridden by actions taken by business people in often stressful and pressurised circumstances. The decision is also a useful reminder that in the context of rights in confidential information and trade secrets, just because a piece of information can be easily memorised does not mean that it either ceases to be confidential or automatically is transformed into an employee’s general skill or experience which can then be used for the benefit of another employer ...".
Other Kats may be having their say on this decision too ...

The second case, Volkwagen Aktiengesellschaft and Thales v Garcia and others, involves a rather different situation and a very different species of car. This is a Chancery Division, England and Wales, decision of newly-promoted Mr Justice Birss and it doesn't seem to have reached BAILII yet though, from the helpful note published on the Lawtel subscription-only service, it seems that judgment was given on 25 June.

The various defendants in this action were academic experts in the exciting field of cryptography [the science of coding and decoding information and, says Merpel, deciphering the IPKat's handwriting] together with the academic institutions for which they worked. Volkswagen was, and still is, a manufacturer of popular and very nippy motor cars, and Thales, a company that developed, made and sold security communications systems, applied to be allowed to join these proceedings as a second claimant.

The IPKat and Merpel had no problem
cracking that safety algorithm ...
So what was the problem? The academics had obtained a software program from the internet that contained, in encrypted form, an algorithm that Thales had devised and which was used in car immobilisers fitted in Volkswagen cars. Having cleverly identified a weakness in the algorithm, they intended to publish their findings and the algorithm itself in a paper which was to be presented at a forthcoming conference. Suing for breach of confidence and seeking interim injunctive relief, Volkswagen and Thales sought redaction [says Merpel, that's a polite word for 'censorship'] of certain parts of the paper concerning the algorithm on the basis that it was confidential information; whoever created the software program was likely to have obtained it in breach of confidence and, while it might have been legitimate to use reverse engineering in order to get to the heart of it, that was not what the academics had done.

According to Volkswagen and Thales, since the boffins had acquired the algorithm in circumstances in which their conscience was (or presumably ought to have been) affected, its publication would be a misuse of the confidential information and this would be highly damaging; also, they were likely to succeed at trial.

Unsurprisingly the defendants disagreed. In the first place, Volkswagen had no right to sue as it did not own the confidential information in the first place; the claim was not likely to succeed; the program was publicly available and, whether their use of it was legitimate or not, the information regarding the algorithm had lost the necessary confidentiality.  Further, there was a strong public interest in the security field in academics exposing security flaws and the public had a right to know about the weakness; they had acted responsibly in accordance with responsible disclosure procedures. Moreover, publication of their findings together with the algorithm was an exercise of their rights to freedom of speech under the European Convention on Human Rights 1950 Article10. In any event, the redactions which the claimants sought would mean that the paper would have to be peer-reviewed all over again and would not be available for the forthcoming conference. Finally, the idea that the paper would facilitate crime was unreal, as a criminal would still need a car, a key and two days to run a computer program to be able to defeat a immobiliser operating on the basis of Thales' algorithm and steal the car.

Birss J granted the claimants' applications and allowed all but one of the claimants' requests for redaction. In his view:

  • Thales would probably succeed in showing that it owned the algorithm and it should therefore be joined as a party. It was plainly right for Volkswagen to be claimants too since their products depended on the secrecy of the information contained in the algorithm.
  • The effect of the Human Rights Act 1998 s.12(3), which implemented the  European Convention on Human Rights in UK law, was that the court should be slow to make an interim order unless it was satisfied that the claimant would probably succeed at trial, following Cream Holdings Ltd v Banerjee [2004] UKHL 44 [noted by the IPKat here] rather than the usual "balance of convenience" test in American Cyanamid.
  • In this case, both Volkswagen and Thales had much more than a merely arguable case which, if not actually overwhelming, was sufficient to justify an interference with the defendants freedom of speech.  What's more, the balance of public interest was in favour of an interim injunction: while it was possible to overstate the risk of car theft if the information were published, a new way of stealing cars would be put into the public domain and, given the sophisticated nature of criminal gangs, there was no reason why they would not use it.
  • On the evidence, the software program had not been derived from a legitimate source and the defendants had been on notice that its origins were, at best, murky. The defendants had not attempted to show that the program was legitimate and indeed had taken a reckless approach with regard to its probity.
  • When told of Volkswagen's concerns, a responsible academic would have delayed publication [says the IPKat, in an era of "publish or perish", where tenure and one's entire career may be at stake, the concept of the "responsible academic" is an attractive one for the court room but may not be recognised in many a fine university common room ...]. 

The original Thales here
Secret car here
How to unlock your car with a shoe-lace in only ten seconds here
Secrets on wheels: two automotive confidentiality actions Secrets on wheels: two automotive confidentiality actions Reviewed by Jeremy on Thursday, July 04, 2013 Rating: 5

No comments:

All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.

It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.

Learn more here:

Powered by Blogger.