Protect your software source code with the new Trade Secrets Directive!

Zoran Jovanovic | Software Unternehmer
Zoran Jovanovic | Software entrepreneur

Dear colleague founders, owners, and CEOs of software and technology companies!

Regardless of the purpose of the software developed by our companies, the protection of our property has been difficult or impossible. So far, we have had limited resources available to prevent our investment from becoming the common property of all individuals or companies involved in the development. Efficient protection of software was impossible and, in fact, once a dispute, the evidence was a Sisyphean task. Even the smartest terms in contracts with employees and business partners could not improve the situation!

Personally, I am taking very unorthodox protective measures. In some cases, I use illogical processing in order to be able to prove the theft in the event of a case by duplicating conflicting treatment processes. I protect the intellectual property of my company with intentional errors as a feature, but with no consequence on the actual functionality of the software application itself.

This drastic insight I gained from legal disputes is from the 90s in the US and Israel. If errors in a copy continue to duplicate, the infringer guarantees to lose any argument for his innocence. The whole story in a few sentences in my defense: Back in the golden days of the mainframe computer only “detective-sergeant Happenstance” helped us. A software bug did not reveal itself until months after important members left the development team and became a sudden competitor through a start-up. In order to avoid our allegations of unauthorized removal of a TK-50 tape, they made minor and major changes in the software and the documentation included. However, they overlooked the error in their copy, which we in the meantime had to fix for maintenance reasons. A potential major customer was about to make a major purchase and compared both products in a benchmark test. The result made us alert. Better and happier, no case can go out! But even more important is the remaining loyalty. No one from the remaining team has informed the defendant about the error in the source code. If this had been the case, we would not have been able to prove the immediate facts by a software bug. The competitor then just disappeared as fast as he had appeared!

Why do I trust my smartness more than the previous laws?

I do not want to waste too much time on the patentability of software. Computer programs are not considered inventions and therefore can not enjoy patent protection. However, if an invention is included in a software program, protection by a patent is very much in question. Well, with me and with 99.9% probability that's not the case with you, because our code is mostly based on standardized commands from different programming languages. The correct ordering of these commands does not give any patent protection.

Of course, in addition to my unconventional recognition features, I used copyright protection. I even did that outside the EU. For this purpose, I have handed over a data carrier and source code to a government agency. For a fee, I received a certificate with limited validity. One may think that if necessary this has more weight than a notarial custody and enjoys global copyright protection. In fact, it is not like that! The copyright protection is basically ineffective for the protection of software and more suitable for writing and language works, such as books, manuals, blog posts and scientific work to protect. My personal findings are very sobering:

  1. Copyright does not protect the idea in my source code!
  2. Any rewriting or translation by strangers automatically causes the re-emergence of independent copyright protection. Minor changes suddenly make them the author based on my code!
  3. The proof in practice is almost impossible. But think of my self-protection here!

How can I help you, as an affected colleague, to do better?

A strategy set by me in 2016 to accompany Directive (EU) 2016/943 adopted by the EU Parliament and European Council on 8 June 2016 through technological adjustments in my software ROBOTIC GRC|365 has been a direct hit proved and puts my company today in an almost unrivaled situation. Our service product has reached the technological market maturity at the right moment and is scalable beyond EU nation borders. Consequently, we take functional consideration of the degree of internationalization of EU software companies and offer nationwide protection. This EU directive forms the basis of the new Trade Secrets Directive (German local name is GeschGehG). The law came into force on 26th of April, 2019 in Germany. Only this law can better protect our companies and keep unfair competitors away. It can prevent the secret dissemination of the know-how that has been developed in our companies and thus also leads to a significant increase in the value of the company. We have to assume that in the future, financiers will want to know if their capital is in good hands. However, it will definitely help us to answer the awkward question of the patentability of our software. We can now answer with "No, but …". And that's a lot more than we could before! Although other sectors see the law as a further burden, it also brings the much-needed protection potential for the software industry. I ask you to get the general information about the law from the internet, but keep in mind that most sources do not have the necessary interface knowledge of technological, business and legal aspects and the wording of which leaves a lot of unanswered questions.

How can the Trade Secrets Directive be used in software and technology companies?

At this point, we ignore customer data, contracts and other information which, according to the new law, constitute a trade secret worth protecting. We want to dedicate ourselves to the protection of our technical know-how. Know-how leaves our company almost exclusively on insider knowledge. Lacking a certain logic, since only from this comes the knowledge of actual usability, its possible reuse, and monetary value. So we speak concretely about our employees and business partners (keyword: internal perpetrators). Secondly, we also consider freelance workers and outsourcing of development activities inside and outside the EU. To underline once again the difference: we will never be able to prevent someone from bothering to repetitively program or mimic a function in the sense of reverse engineering. This fear really does not concern a software pioneer! We live by the motto that whoever makes the effort, should also benefit! But we are well aware of the possibility of preventing a shortcut in the long development process via a secret copy of our source code. The Trade Secrets Directive can now keep unfair players away. What is promising about the Trade Secrets Directive is the freedom granted us to be able to define for ourselves which information represents an economic value for our company. It also challenges us to classify, map, and inventory them as insider knowledge. Based on the previous activities, we have to create a protection concept that enables us in court to enforce our right to protected know-how. The definition in the law is formulated so that it also allows a source code as a trade secret. That's exactly what we are doing now!

The Trade Secrets Directive implementation in software and technology companies

Regardless of the organization, there are decisive factors in software development that enable organizational implementation of the Trade Secrets Directive. The development of software is multi-layered and accessible only to a limited group of people. Regardless of whether they are high-level programming languages or machine languages are used, software solutions usually consist of many linked scripts, which are processed according to a defined process chain. Only together do they make a complete product. Nevertheless, individual program modules can represent a different value for our company. How is that possible? For example, the possibility of classification according to applied programming languages, lines of code or their compatibility on end devices. In order to fully meet the burden of proof when needed, we recommend a lot of information such as condition, property, logic, performance, compatibility, output, installation and uninstall process, manual, versioning, locations (cartography), authors, other roles of involved persons and companies, accesses and requests. The Trade Secrets Directive also requires regular maintenance of the entire protection concept. How often such an entire process must be repeated in a software and technology company depends on the product portfolio as well as the changes in human resources and the business partners involved. Our strong recommendation would be to take over or hand over a major release to productive operation.

How can I help you to protect your software according to the Trade Secrets Directive?

I have developed an audit procedure with my company so that all aspects of the law can be taken into consideration. This is accompanied by the software solution ROBOTIC GRC|365. The software brought with it massively increases the degree of automation and enables rapid and cost-effective protection of software as a trade secret. Regardless of whether your software is dedicated to a specific industry or purpose, we provide evidence that enables you to enforce injunctive relief and claims in court in accordance with the law. ROBOTIC GRC|365 helps classify your software as a trade secret and identify the trade secret carriers behind it. Subsequently, necessary protective measures are created and their correct implementation checked! All services can be provided cross-border and there is no need to license our technology! For a legal status you will receive from us the following documents in German and English language:

  1. A description of the project scope for the legally compliant implementation.
  2. Classification of your software as a trade secret according to the definitions.
  3. Catalog of measures for implementation as a protection concept.
  4. Test reports on the actual implementation of the protective measures.
  5. At least 1TB volume of forensic data on insider knowledge.
  6. Protocols on all contract adjustments with internal and external trade secret carriers.
  7. Material for employee training. On request, support in the implementation of training.
  8. Other purpose-based evidence as a submission to the court.