11 May 2021

Ever heard of software forensics?

The adjective “forensic” comes from the Latin word “forensis” which means “of the forum, public”. When something is denoted as “forensic”, this means that it has to do with finding evidence to solve a crime.

More broadly speaking, it could also refer to the courts or the legal system. Software forensics is the science of analysing software to determine whether intellectual property infringement has occurred.

Please note that the term “software forensics” is occasionally mixed up with the term “digital forensics” or “computer forensics” which, by contrast, deals with the recovery and investigation of material found in digital devices.

Software forensics methods can be applied in at least three fields, in the detection of a) copyright infringement, b) trade secret infringement and c) software patent infringement. Regarding a) copyright infringement, it is commonly known that source code is protected under copyright law and it is nowadays common practice to apply software tools that can detect correlations between source codes to detect plagiarism.

Similarly, regarding b), since software code can contain trade secrets, the same tools that are used for copyright infringement may also be used to detect theft of a trade secret. Yet, in my eyes, the most interesting field and that which evolved most rapidly in the last years is detection of c) software patent infringement. Patents on computer-implemented inventions may be valuable assets, especially if they protect (technical) standards. Such patents are referred to as “standard essential patents (SEP)”. If it is clear that e.g. a mobile phone operates according to a mobile communications standard and that this standard is protected by one or more patents, then hardly any effort is necessary to demonstrate that the mobile phone infringes the patent. An impressive example of valuable patents are Nokia’s standard essential patents that are currently litigated before German courts in infringement proceedings against Daimler.

Apart from these SEP cases, detecting software patent infringement is intrinsically difficult since the source code is often not available or the software is executed on a remote server. In the latter case, the only chance of obtaining knowledge about the functioning of the software in order to assess a potential patent infringement may be an input-output analysis. Nevertheless, it is difficult if not impossible by an input-output analysis to prove the infringement of a patent. In the US, a patentee may request in the course of discovery proceedings the disclosure of source code that may infringe its patent. However, a court will only accede to such a request, if it is convinced about the sufficient likelihood of a patent infringement.

Even if the source code is available, it is difficult to determine that the source code actually performs a function that falls under the patent claims. It goes without saying that a program that implements a patented invention can be written in many available programming languages, using different function names and variables.

This is the reason why copyright protection is often not enough to protect ideas implemented in software. Put differently, copyright protects the expression of an idea, but not the idea itself which means that copyright protection may be easily circumvented. Determining whether a software code infringes a patent still has to be performed by human experts using their knowledge and experience. Yet, in recent times, more and more experts in software forensics are trying to automate this process by using algorithms. If only a compiled program (object code) is available, then decompilation techniques have to be applied to determine the underlying source code. Incidentally, reverse engineering and decompilation techniques still seem to be technologies beyond the mainstream that are not in the curriculum of many universities.

A reason for this could be that reverse engineering and decompilation may be prohibited or restricted by the law under certain circumstance. For instance, while Art. 5 (3) of the EU Computer Programs Directive (Directive 2009/24/EC) allows the person having a right to use a copy of a computer program, without the authorisation of the rightholder, to do acts of reverse engineering, Art. 6 of the Directive forbids decompilation for reasons other than achieving interoperability with other programs.

The main motivation for this article is to raise awareness of the field of “software forensics” – a field that is probably still unknown to many. Moreover, it appears that recently an increasing number of engineering companies have opened up especially in the US that offer their technical expertise in software patent infringement proceedings. For all IP practitioners dealing with software-related patent or copyright infringement, it may be beneficial to have heard about “software forensics” and that there exist companies which offer services in this field.

While software forensics still appears to be a niche, it could be a lucrative business in view of the high amounts of money at stake in software patent infringement proceedings in the US.
If you wish to deepen your knowledge in this field, I would recommend the book “The Software IP Detective’s Handbook” by Robert Zeidman which has become the standard textbook for software forensics. The author of this book is the founder of Zeidman Consulting which provides consulting and expert witness services for IP litigation. Another company that is active in the field of software forensics is “Software Litigation Consulting” which was founded by Andrew Schulman.