Reverse engineering, the CDPA 1988, third party liability and limitation in the case of IBM United Kingdom Ltd v LzLabs GmbH & Ors

The case concerned a platform known as the Software Defined Mainframe (SDM) which was developed by the First Defendant, Swiss company LzLabs GmBH (LzLabs), owned by US technology entrepreneur John Moores. The SDM was marketed as a substitute for mainframe software products offered by IBM, enabling users to run applications for IBM mainframe computers without having to buy IBM’s hardware or software.

In 2013, the Second Defendant, Winsopia Limited (Winsopia), purchased an IBM mainframe computer and entered into a licence agreement (the ICA) with IBM to use IBM mainframe software. Unknown to IBM, Winsopia was acquired shortly after its incorporation by LzLabs and was a subsidiary of the company, thereafter also beneficially owned by Mr Moores.

Mr Moores was named as a co-defendant in proceedings, as were Mr Cresswell (the former CEO of LzLabs and former director of Winsopia) and Mr Rockmann (the CEO of LzLabs and director of Winsopia). 

IBM brought a claim for breach of contract, procurement of breach and unlawful means conspiracy by way of reverse-engineering of IBM’s software to develop the SDM.

Mrs Justice O’Farrell, sitting in the Technology and Construction Court, ruled in IBM’s favour and made findings about several issues which are particularly worth highlighting: 1) Reverse engineering (and breach of the ICA); 2) Third party liability in relation to wrongful procurement and unlawful means conspiracy; and 3) Limitation.

1. Reverse engineering

• The court found that Winsopia was in breach of the ICA in that it carried out reverse engineering of the IBM mainframe software by disassembly, decompilation, translation and copying IBM source code, among other things.

• The court rejected Winsopia’s defence that they were entitled to rely on rights of “observation, studying and testing” of the licensed programs (with the court finding Winsopia’s analysis investigated the expression of the program, rather than its functioning) and/or that Winsopia’s analysis was necessary in order to achieve “interoperability” between those licensed programs and other programs, conferred by Articles 5(3) and 6 of Directive 2009/24/EC (the Software Directive), implemented by the Copyright, Designs and Patents Act 1988.

• Mrs Justice O’Farrell commented that “The breaches that have been established by IBM could not be described as isolated errors; their nature and extent, and the duration over which they occurred, are indicative of deliberate and systematic disregard of the terms of the ICA.”

2. Liability of third parties

Wrongful procurement of breach  

• The court found that the parent company, LzLabs and its ultimate beneficial owner, Mr Moores caused Winsopia to act in breach of the ICA and were liable for procuring those breaches.
• The court rejected the defendants’ case that they went to considerable lengths to maintain operational separation, finding that LzLabs and Winsopia “did not take any meaningful steps to ensure that the clean room procedures were effective in practice…[and] there was no effective separation between [them]”.
• The wrongful procurement case against Mr Cresswell and Mr Rockmann was limited to their role as directors of Winsopia. In relation to this the court found that they were entitled to rely on the principle in Said v Butt [1920] 3 KB 497 by way of defence  (i.e. that a director who causes his company to act in breach of contract cannot be found to have committed the tort of inducing a breach of contract to which the company is party, provided the director acted bona fide in the course of his duties as director [906]) and therefore were not liable for unlawfully procuring breaches of the ICA by Winsopia.

Unlawful means conspiracy

• The court commented that given its findings on the breach of the ICA and wrongful procurement, this additional claim was of limited relevance to the case’s outcome. However, it went on to consider the claim briefly and found that LzLabs, Winsopia and Mr Moores were liable for unlawful means conspiracy with the aim of developing and marketing the SDM by committing (and procuring) breaches of the ICA.

3. Limitation

• The defendants argued that IBM’s claims were contractually time-barred and statute-barred for limitation.
• IBM disputed this and raised a plea of deliberate or dishonest concealment on the part of the defendants.

• The court found that the actions by Winsopia, LzLabs and Mr Moores amounted to deliberate concealment, carried out behind closed doors, in circumstances where they were unlikely to be discovered for some time. And formed part of “a concerted strategy to disguise Winsopia’s involvement with the SDM from IBM”. Due to this deliberate concealment, the contractual limitation period did not apply and the statutory period of limitation was suspended under section 32(1)(b) of the Limitation Act 1980, which provides that where any fact relevant to the claimant’s right of action has been deliberately concealed by the defendant, the limitation period does not start to run until the concealment is discovered, or could with reasonable diligence have been discovered.

• Mrs Justice O’Farrell detailed the defendants’ behaviour as embarking upon “a series of steps and policies to conceal from IBM that Winsopia was a wholly-owned subsidiary of LzLabs, set up to acquire a mainframe and software licence, using what I have found to be breaches of the ICA, with the sole purpose of assisting and facilitating development of the SDM.”

• In addition, the court found that IBM could not, with reasonable diligence have discovered the concealment prior to August 2020 or prior to June 2023 regarding the unlawful conspiracy claim.

In summary, the key takeaways are as follows:

• It is important to assess risk by reference to any relevant licences or other terms which might expressly prohibit the acts intended, or may result in infringing intellectual property rights.

• Third parties can be liable for inducing or facilitating breaches of contract, even if they are not parties to the contract which is breached.

• The “observation, studying and/or testing” exemptions in the Software Directive are framed in general language; however this does not mean that these exemptions will act as a ‘catch all’ defence to acts which would otherwise infringe copyright, and the court will conduct a careful analysis of the technical and factual context in which the issue is to be determined.

• Where different entities in a corporate group are involved in an activity which may infringe a third party’s copyright, to avoid liability for procurement of breach of contract/unlawful means conspiracy, it is important to demonstrate that operational separation has been implemented.

• Deliberate concealment of wrongdoing can result in extended limitation periods for any potential claims.