Refrigerators, cars, smartphones… Software is everywhere and is becoming more and more widespread. Not only Information, but data, know-how and interpersonal skills flow through this software. Software is the result of years of work and above all investment. Often a revenue generator and development lever in its own right, the software is exposed to a largely underestimated risk: the possibility of being copy or stolen. In this context, the protection of software intellectual property is a key issue in developing innovations. Let’s take a look at it.
Intellectual property attests that an entity has created innovation. It allows the company that created the innovation to take ownership of it and to prove who it belongs to. Thus, intellectual property provides an opportunity for companies to gain a competitive advantage and leverage their innovation as a source of revenue. It is a valuable asset for a company that need to be protected.
“Protecting innovations generally means protecting the revenues derived from them“
Matthieu Mandard, The Protection of Innovations (2020).
Intellectual property is divided into two areas:
Intellectual property concerns all sectors: tech, defense, mobile, video content, etc.
And all sizes of companies: large companies that process large volumes of data and whose innovations represent a colossal investment, start-ups whose development and growth may be based solely on innovation.
The digitalization of the economy has contributed to software development and its widespread use. As a result, the majority of companies today do business around software. As a result, failing to protect the intellectual property of software means taking the risk of jeopardizing the company’s core revenue.
Nowadays, all known attacks on software (malware, ransomware…) are just the tip of the iceberg. There is a type of attack that is often ignored: the theft or copy of programs. The objective is to analyze and understandthe software without the owners’ knowledge; hackers act in the shadows without the legitimate owner even knowing what is happening. However, this theft of intellectual property based on reverse engineering causes significant damage.
Applied to the defense sector, intellectual property protection covers major societal issues: politics, positioning, State of strength, (technological advance, superiority), security, etc. Imagine the tampering of electronic voting systems and its consequence if organized by a foreign state. Or what if a government could retrieve a missile or a drone of a foreign country in a military operation: by analyzing its code, the government could learn both about military technologies but also military targets, as a very valuable source of intelligence.
Protecting an innovation allows the company to stay ahead of the competition and retain the competitive advantage offered by the innovation. Moreover, a software theft is likely to harm the company’s brand image and lead to a loss of customers. Let’s take an example: a mobile application is the only one on the market that allows you to perform action A. A competitor manages to steal the software for this application. The competitor then releases a similar application that can also perform action A. The company behind the innovation is then no longer seen by users as particularly innovative, as other solutions can now achieve the same results. Furthermore, some of its users may switch to the second application. The company then loses its market share.
If an innovation represents 80% of a company’s business, that company potentially loses 80% of its business in the event of an attack. Protecting intellectual property can thus be a matter of life and death for innovators. The risk is to have all your ideas and customers stolen and overtaken by your competitors. Example, in the Game industry, some companies make a large percentage of their revenues in a few weeks when launching a new game. delay an attacker is necessary in this domain.
In short, not protecting your intellectual property means running the risk of having your software stolen. However, if a hacker manages to steal the intellectual property of innovation, it is tough to prove it and punish him.
This issue has arisen between Sega and Accolade. Accolade reverse engineered the Genesis video game console, manufactured by Sega. More concretely, Accolade disassembled the software of the Genesis video game console in order to publish games without Sega’s agreement. The objective? Not to have to go through Sega’s development kit, and thus avoid paying royalties. The US District Court of California ruled in favour of Sega: Accolade was then forced to recall all its Genesis games. Unhappy with the decision, Accolade appealed, claiming that the reverse engineering was fair. The district court’s order found that Accolade’s use of reverse engineering to publish Genesis titles was protected by fair use. The court thus held that the alleged infringement of the Sega trademarks was Sega’s fault. This case and the resulting court decision question the applicability of intellectual property of innovations.
Several legal solutions exist to protect :
Filing a patent or copyright is about providing and validating evidence that innovation belongs to an entity. Thus, filing a patent or copyright attests to the intellectual property of innovation, but it does not prevent its theft. Furthermore, the regulations do not allow for the patenting of code, only how certain operations are carried out in the software.
In the event of theft, victims have legal recourse: they can initiate legal proceedings. On average, legal proceedings of this kind last more than 3 years. The company that is the victim of theft spends money and energy for several years and falls behind in its innovation cycle.
Thus, it appears necessary to fill this regulatory gap and constraints. Companies can opt for a strategy that complements the regulations to do this.
As far as patents on softwares are concerned, they can prevent inter-operability and are therefore not really effective.
Companies can deploy a physical/logical or technological means of protection by equipping themselves with a (technological) solution to protect intellectual property from theft effectively. Some cybersecurity experts have developed software to safeguard the intellectual property of innovations.
How does it work? Several techniques are used to prevent hackers from stealing innovations. One of them is the obfuscation technique. When an application is published, some people can analyze it to understand everything about it: how it works, where are the data, how they are manipulated, how it interacts with other systems, etc. The protection strategy consists of delaying this analysis, making it hard if not impossible with misleading or inaccurate information in the application to hide the relevant information but without preventing the functioning of the software. It makes a mathematical formula or a line of code more complex: hackers cannot understand it, steal it or abuse the data it contains. It could have impact on the performance but “ Security is always seen as too much until the day it’s not enough.” William H. Webster
Obfuscation has a dual purpose: to protect the software and enable the cooperation necessary for business. Despite the complexity of the code, the output is always the same: the code produces the same results but is made unintelligible. This makes it possible to create partnerships and cooperation with other companies. Obfuscation thus makes it possible to lend the technology to another entity by building trust.
The circulation of ideas and the reuse of innovations is a fact: it is part of the innovation cycle. The challenge is to find the right balance between competition and cooperation, proprietary logic and open source. Therefore, it is essential to protect the intellectual property of one’s innovations: to avoid code theft/copy and competing reverse engineering, but above all, to remain in control of one’s innovation and be able to prohibit its exploitation.[FR1]
The protection of the intellectual property is a significant issue to avoid espionage, the reuse of code and the ability to reverse-engineer a competitor. There are two complementary ways to protect intellectual property: the regulatory solution to certify that the innovation belongs to the company and the technological solution to prevent theft. The latter should not be forgotten because is complementary to the other.
To address this issue of protecting intellectual property through technology, Quarkslab has created Quarks AppShield. This cybersecurity solution protects software applications deployed on computers, mobile phones and connected objects. Its application protection, white-box cryptography and digital vault features thwart would-be attackers who attempt to reverse engineer applications and steal intellectual property. Quarks AppShield protects your code, data and encryption keys by integrating the code to make it more complex and secure. Want to learn more about Quarks AppShield? Request a demo!
[FR1] Hyper crucial! That would be the conclusion and likely an uncommon position I would like to stand. Patents on ideas are bad and not really effective. It also prevent inter-operability to the extend we had to make laws to allow inter-operability (otherwise, companies would create totally closed systems, that only them can fix and manage – see what is going on lately in the automotive industry).
Webinar:
Why is it essential to protect the Intellectual Property of your newly developed software?
Webinar:
How to protect code and data confidentiality and integrity during the entire device lifecycle