Control information by law

02 July 2004

Simon Chalton

What is “Information”?

It is commonplace that we live in an information society, that information is a commodity of growing importance and value, and that modern communications make it readily transmissible and accessible globally.

Information is slippery stuff.

The Concise Oxford Dictionary (tenth edition, revised 2002) defines information as “facts or knowledge provided or learned as a result of research or study”, and secondarily as “what is conveyed or represented by a particular sequence of symbols, impulses etc”. These definitions limit the concept of information to that which is told, conveyed or known, or which is the subject of knowledge. Telling and knowing are human activities or attributes, so that information which is not known, or not yet known, would not fall within the Dictionary’s definition until some human being tells or comes to know it.

In modern conditions information which is defined or fixed, but which is not yet known, can be of great value. Information which is the product of or which controls machine-processing, information which is discoverable from physical conditions as for example by machine analysis or exploration, and information capable of being derived from processing of other information, sometimes called meta-information, is of these kinds. Substantial investment may have to be expended to obtain such information, to convert it into knowledge, to make it accessible, and to render it useful and capable of yielding commercial advantage.

For these reasons, a better definition of information may be “that which is capable of being known”, so including elements which are not yet known to any human being or which have been lost or forgotten.

Information, in the sense of that which is capable of being known, may have other characteristics or qualities: it may be novel, or conversely already widely known; it may be valuable, in a commercial sense, as being capable of exploitation or it may be commonplace or uninteresting; it may be expensive to generate or discover, though it does not necessarily follow that the cost of obtaining or discovering it will be a measure of its market value. Where information has a market value, and particularly where substantial investment has been made in the making, obtaining, verification, or other processing of that information, those who have made the investment will wish to protect it from being taken, disclosed or used by others without recompense to the original investor.

Because information is so inchoate and capable of being metamorphosed into or expressed in different or derived forms, the concept of property is difficult to apply to information. Property requires ownership, but ownership implies the ability to take and carry away, depriving the owner of his property[1]. To take information takes something which may be valuable, but it does not deprive the person from whom the information is taken of that which he formerly had: the retained information may be of less value, because it is no longer uniquely held, but there has been no removal. Protection, if it is to be provided by the law, should be in the form of rights recognised in or over the use of information and those rights may themselves be the subject of property and regulated as such. An example, considered below, is the grant of a patent controlling the use of a process disclosed and protected by the patent.

How may the law protect information?

If established concepts of property do not conveniently apply to information, the law must find other methods of protection. This can be achieved through the ownership of intellectual property, a generic term for rights recognised by law as capable of being controlled and transferred in ways which reflect more traditional concepts of property. In land law, what is owned is not the land itself but an estate in the land which typically may be freehold or leasehold and which may be sold, transferred, gifted, mortgaged or leased: it is this estate, not the land, which is dealt with as property. Thus the law imposes on land a juridical concept which itself becomes transferable property.

The same scheme is applied, but more simply, to chattels. In that case it is generally the chattel itself which is owned or transferred, though chattel mortgages and chattel leases create interests which are less than absolute ownership.

With information, there are other problems. Land can be surveyed and defined, chattels can be boxed, weighed, measured and delivered, but information defies packaging and definition in these ways: yet information may be costly, can have value and so should be protected. How is that protection to be achieved?

The answer is through a more complex set of legal constructs than is possible for the legal control of interests in land and chattels. These constructs fasten upon recognisable characteristics of information, rather than on the information itself. So, an invention may be expressed in the text of written patent claims. Protecting the text will not necessarily protect the invention. The claims disclose the invention and teach how it is to be applied: but it is the invention, and not the disclosure or teaching, which is protected.

Conversely, in copyright it is the expression of information which is protected and not the underlying information itself. In practice the underlying information may not be accessible without an intermediate step which infringes copyright, as for example creating a transient copy of the expression of information on a computer screen in order to read the expression.

In the same way the sui generis right in databases may protect information contained in a database through the restricted acts of extraction and re-utilisation of substantial parts of a protected database.

The most direct and obvious way in which the law can protect information is through the laws of contract and confidentiality, which latter operates on the conscience of a person who receives information under an impress of confidence. The law operates in these cases on the person who is subject to the contractual or confidence obligation; so not upon the information itself.

If information becomes generally known, it falls into the public domain and there is nothing left for the law to protect. A person who causes information to become generally known or who misuses information in breach of contract or in breach of confidence may have a liability for doing so, but control over the information itself is lost in the sense that the law can no longer protect the information.

Copyright and the database sui generis right

Copyright protects the expression of information and ideas, but not the underlying information. If an idea or principle expressed can only be expressed in one way, the US doctrine of merger will not allow the expression to be protected so that, on that construction, copyright cannot protect an underlying idea or principle. EU Directive 91/250 on the legal protection of computer programs expressly provides that ideas and principles which underlie any element of a computer program, including those which underlie its interfaces, are not protected by copyright under the Directive.

However, this does not prevent copyright from providing indirect protection for information as such if the information is held in a copyright protected work in electronic form and if accessing the information necessarily requires the creation of a transient copy of the copyright protected work which carries the information. The EU Information Society Copyright Directive[2] has now added a new “making available” right to protect copyright works and productions protected by related rights. To create a copy and to make a work or a copy available for access by the public are copyright restricted acts and, unless by the consent or licence of the copyright owner or by exercise of some other right recognised by the law, will be infringement of copyright.

There are exceptions to this general rule. In Sega Enterprises v Accolade[3] a US court held that creation of copies by decompilation was fair use under US copyright law when the purpose of the decompilation was to obtain interface information about a computer program. In UK law decompilation of a computer program is expressly excluded from being infringement of copyright when the decompilation is carried out for the permitted purpose of interoperability as allowed by, and in accordance with conditions imposed under, Article 6 of Directive 91/250[4]. The European Convention on Human Rights, under its Article 10, recognises the right to receive and impart information but subject to exceptions which include preventing the disclosure of information received in confidence.

A form of protection for database content is available under EU Directive 96/9 on the legal protection of databases. When the maker of a database can show that a substantial investment has been made in the obtaining, verification or presentation of the contents of a database the maker may prevent the extraction and re-utilisation of the whole or a substantial part of those contents. Under the Directive extraction means the permanent or temporary transfer of all or a substantial part of the contents of a database to another medium by any means or in any form, so that a restriction is available under the sui generis right which has broadly the same effect as the transient reproduction right in copyright.

In British Horseracing Board and Others v William Hill Limited[5] Laddie J held at first instance that this right extended to information extracted from a protected database even after that information had become accessible by the public from the information’s publication in newspapers and otherwise, so that the protection continued to follow the information into the public domain. This decision is subject to appeal to the Court of Appeal and a pending reference by that Court to the European Court of Justice: it remains to be seen whether the first instance judgment will stand. If it does so, it is a precedent for the protection in the UK of information as such when that information is extracted directly or indirectly from a database protected by the sui generis right even after the information has become publicly available.

A recent US Court of Appeals decision has reached a broadly contrary conclusion under current US federal copyright law, namely that the compiler of a database has no right to restrict publicly-accessible data stored in a privately controlled database[6], but a Bill to Prohibit the Misappropriation of Certain Databases has recently passed the Judiciary Committee of the House of Representatives[7]. If this Bill becomes federal law it will create new rights over information contained in US databases.

Protection of inventions under the patent system

Unlike copyright, patents protect against unauthorised use of information about an invention. A patent is limited by its claims, which comprise information, and where the claims teach a novel method of achieving a technical effect it is that method, and so use of that information, which is protected.

Patents could thus be said to protect that which is capable of being known about a patented method, and so to protect the use of information disclosing or teaching the method. This comes nearer than does copyright to protecting information as such: any unauthorised use of the method will infringe the patent if the use takes the information disclosing the invention.

The requirements of novelty and technical effect in relation to patents are pre-conditions to the availability of protection, not elements of the information protected. Information may disclose or teach an already known method, but in that case the method and the information disclosing it will not be protected. Equally, the method may not yield a technical effect and so will be disqualified from protection. In either case the information is valid, but lacks protection. It follows that, where both novelty and technical effect are present, they enable the information disclosing the invention to be protected. Protection of the invention is by protection of the information which discloses or teaches it. The protection is against unauthorised use of the information, not against its disclosure or re-disclosure: this protection of information is provided in the form of an exclusionary right to prevent unauthorised exercise of the invention.

A patent, once granted, may be attacked for lack of novelty. Generally, if an invention the subject of a patent is shown to have been discovered and applied elsewhere before the patent’s grant the patent will be invalid for lack of novelty. This principle does not assert that the information disclosing the invention on which the patent was granted was not viable information but rather that, because the information was already known and exercised, the patent was granted in error for a claimed invention which lacked novelty and so was already in the public domain.

Information and reputation

When we buy goods or services marketed under a well-known brand we deduce value judgments about the product from the reputation of the brand.

The reputation of a brand is a form of information, not precisely defined but nevertheless of commercial value. It may be equated to goodwill and is based on information about quality. The value of such information to the brand owner lies in the business it attracts, and the protection accorded by the law is against unfair attraction of business and unfair competition by misuse of information which wrongly indicates source and associated reputation.

This protection can be provided in a variety of ways: through the system of registered trade marks and by the laws against passing off and unfair competition. The protection restricts against the unauthorised use of information indicating the source of products and services. This is in contrast to the patent system which protects information about inventions from unauthorised use of the invention, so protecting information disclosing the invention.

A further form of protection associated with goodwill and marketing is the protection of marketing lists and lists of customers. These may be protected under the laws of confidence, as well as by copyright and by the sui generis right in databases. It is the information comprised in, or disclosed by, such lists which is protected against unauthorised use: the effect of the protection of that information is to protect goodwill or trade connections.

Protection of privacy and personal information

Here the object of protection is the private life of an individual. The protection is achieved by limiting or regulating the circumstances in which such information may be used or, as the laws of data protection put it, processed.

Because the protection of privacy does not necessarily require breach of confidentiality, the unfair use of information relating to living individuals where the information is publicly available may be in contravention of data protection or privacy laws. It is not the information as such which is protected: that information may be essentially unprotectable. It is the way the information is used which is controlled, as the privacy concept of the right to be let alone implies. “Mind your own business” is well understood and is coming to be respected by the law.

As data protection develops enforceable rights, it brings with it problems of definition, new rights and obligations, and new regulatory powers. The common law in England (but not necessarily in Scotland) does not recognise any free-standing right to privacy as such[8], though there is an established jurisprudence and enforceable rights in relation to personal information when that information is under an express or implied obligation of confidence.

Confidence, breach of contract and TRIPs

The broadest and most direct form of legal control over the use of information, outside the criminal law, is through the equitable principle of confidence and the common law of contract.

Confidence protects against unauthorised use of any information which is under an express or implied obligation of confidence. It applies equally to commercial secrets as to personal information. It binds a person receiving information under an impress of confidence but it also binds a person who receives such information in circumstances indicating that the information is confidential, even though there may have been no opportunity for the person claiming the confidence to impose the obligation on the confidant. A common example is the photograph taken secretly and without consent in a place where privacy may usually be expected[9].

Confidence cannot protect information which is generally known, but this limitation does not apply to contracts expressly prohibiting or restricting the use of information which is already in the public domain. Here what is protected is not the information as such: it is the contractual rights and obligations of the parties to the contract in relation to information. The effect may be to protect information as such, but the mechanism used is not by restriction of that information but by restriction of the otherwise free right of a party to use that information. A restriction of this kind may prove unenforceable for competition law reasons or for being unreasonably in restraint of trade, but that limitation can apply to many forms of contract which have no reference to the use of information as such.

The public interest requires that private controls over information do not result in unjustified monopolies and do not extend to restrict the exercise of personal skills which have been fairly obtained or developed without wrongful use of confidential information or breach of contract.

Article 39 of TRIPs (protection of undisclosed information) conflates concepts of confidentiality and unfair competition. It requires that natural and legal persons shall have the possibility of preventing information lawfully within their control from being disclosed to, acquired, or used by others without consent in a manner contrary to honest commercial practices so long as the information is secret. “Secret” is to be read in the sense that the information is not, as a body or in the precise configuration and assembly of its components, generally known amongst or readily accessible to persons within the circles that normally deal with the kind of information in question. The information must have commercial value because it is secret and must have been subject to reasonable steps under the circumstances, taken by the person lawfully in control of the information, to keep it secret. The Article centres on enforceable rights of confidence over secret information: once the information has become generally known it will cease to be a secret. The right is to prevent disclosure, acquisition and use of secret information by unauthorised third parties “in a manner contrary to honest commercial practices”: it is therefore directed at controlling use, rather than controlling the information itself.

Conclusions

Information is expensive to acquire and can be of great commercial value. That value may not be realisable without use and resulting disclosure of the information. Once disclosed, the information may become readily accessible and available for unauthorised use without recompense to, or control by, the person who invested in its acquisition.

In modern conditions, investment in, dependance upon and exploitation of information are of growing importance. Unless it is possible to protect such investment by law, two consequences may result:

· those who invest will limit the use and disclosures which they make of the information they acquire in order to retain confidentiality and control of its commercial value; or

· they will cease to make investments in the obtaining of such information.

Neither of these consequences is in the public interest.

Most legal controls over information operate indirectly by restricting its use: examples are patents restricting the use of information disclosing inventions, data protection restricting the use of personal data, the sui generis right in databases and the laws of confidence.

Broadly, the law recognises a variety of rights and obligations which in different ways can circumscribe the use of information but there is no common or internationally recognised form of control or right of property in information as such. The challenge is to develop a code of rights and obligations which can control the use of information in a practical, enforceable and justiciable way without creating restrictions on generally free access to publicly available information, or conflicting with the principles of competition law, freedom of expression or freedom to exercise personal skills fairly developed.

This goes further than separate harmonisation of copyright, patents, trade marks, privacy and unfair competition: it requires a globally recognised and harmonised statement of legal protection for information as such, perhaps as a development or extension of the TRIPs agreement.

First published in Computer Law and Security Report Vol. 20 no. 4 2004.



[1] Oxford v Moss [1979] 68 Cr App R183

[2] Directive 2001/29, Article 3

[3] [1992] 977 F2d 1510

[4] Copyright, Designs and Patents Act 1988 Section 50B

[5] [2001] EWCA Civ 1268

[6] Assessment Technologies v Wiredata Inc 350F.3d 640 (7th Cir 2003)

[7] H.R. 3261

[8] Wainwright and Another v Home Office [2003] UKHL 53

[9] See Douglas and Zeta-Jones v Hello! Limited and Others [2001] All ER 289 and

[2003] EWHC 786 (Ch)