‘Remote forensics’ in software copyright infringement cases

In disputes involving pirated software, the key for the copyright holder to win the case is to prove that the infringer has installed and used the pirated software in a commercial operation. However, because the software is often installed on a server or computer-controlled by the infringer, inside their business premises, it can be very challenging for the right holder to enter the property in order to gather evidence. The main way for the right holder to obtain the key evidence is to apply to the court to go to the infringer’s premises for evidence preservation.

The Guide to Trial of Copyright Infringement Cases, issued by the Beijing High People’s Court, which came into effect on 20 April 2018, provides that “remote forensics can also be adopted in end-user cases”, and that “the evidence obtained by remote forensics should comply with the provisions of the Civil Procedure Law”.

The recently promulgated Guidelines for Evidence Rules in Civil Litigation of Intellectual Property Rights of Beijing High People’s Court, which came into effect on 22 April 2021, regarding the evidence collection for software copyright infringement also reiterated that “when investigating and collecting evidence … remote forensics can be adopted according to specific circumstances”. This shows that the court approves the method of remote forensics.

So, how is remote forensics used in current practice, and can it help the right holder to obtain evidence of infringement more conveniently?

Looking at past cases, the authors note that for a specific type of software, remote forensics in front of notaries may form evidence of infringement accepted by the court. This specific type of software mainly refers to software that can realise remote access in function design, such as “mail server software on the server-side” and file transfer protocol (FTP) software. This software can connect a computer with other servers running FTP protocol through to conveniently access the programs and information on such servers.

Because of the particularity of the functions of the above software, people can remotely detect its installation by a website server through a very common computer command-telnet command. Specifically, to input characters such as relevant commands and web addresses on a computer connected to the internet. If relevant software is installed on the website, its website server may automatically feedback a piece of information with the name of the software. If the website owner can’t prove that the commercial use of the software is authorized by the right holder, it may be deemed that pirated software is installed on the website.

But of course, this forensics method by telnet still has technical limitations. The information fed back can only reflect the name and version number of the software, but can’t display the program code of the software and can’t be directly used to judge whether the software fed back is the same as or substantially similar to the software requesting protection. Furthermore, on the technical level, the owner and controller of the server may modify the relevant settings of the software by technical means, so that the information fed back is inconsistent with the software installed on the server.

Because of the above reasons, the court’s attitude towards the admissibility of the evidence obtained by remote forensics through telnet command has also been changing. For example, in the case of Shenzhen Netac v Rhino Software over the infringement on the computer software copyright, the Guangdong High People’s Court decided that, in respect of remote forensics by telnet command for FTP software, the reply obtained was not deterministic and unique, and that the reply alone could not confirm whether the defendant installed or used the plaintiff’s FTP software.

Even if it is determined that the defendant installed and used the plaintiff’s software, it cannot be confirmed that the defendant’s software is pirated software of the plaintiff’s copyrighted software without comparing the software with the plaintiff’s copyrighted software. Accordingly, the court did not support the plaintiff’s claim.

However, a few years later, the Guangdong High People’s Court revised its previous view in the retrial of the Alt-N Technologies v Shenzhen Greem case over infringement of computer software copyright, pointing out that although there was no determinacy and uniqueness between the information fed back after detection by telnet command and the facts to be proved, if there was a high possibility between the information fed back and the facts to be proved, the plaintiff who bears the burden of proof should still be deemed to have completed the burden of proof. Because the defendant could not prove that it used the genuine software legally, the court supported the plaintiff’s request that the defendant infringed its software copyright.

More and more courts have adopted the evidence form of “remote forensics” by telnet command in recent years. The authors also observe that the information of pirated software obtained by the right holder may be obtained through the information feedback function of the equipment the software is installed on. The relevant software will automatically feedback the information of the equipment where the software is installed to help the right holder track the location of pirated software.

This function is actually a “back door” set on the software so that the right holder can access the user’s system. Superficially, the “back door” of the software seems to help the right holder get the information of pirated software users easily. However, because users are not aware of the existence of the “back door”, the legality of this method of obtaining evidence remains to be discussed.

With the continual development of technology and practice, there may be more models for remote forensics for pirated software. We must wait and see.

Wang Xiong and Wang Yaxi are partners at Yuanhe Partners