It is increasingly common for products to use security techniques such as encryption and other cryptographic methods in order to secure access to physical objects, copyrighted works, or data. In order to evaluate these systems, it is essential to have a good understanding of the tools that are available and how they should be deployed. Nigel Jones has been involved with a number of cases in which security has been the central issue.
Point 4 Data Corporation et al v. Tri-State Surgical Supply & Equipment Ltd., et al
Plaintiffs Point 4 Corporation and Dynamic Concepts sued Tri-State Surgical for tens of millions of dollars, alleging that Tri-State had circumvented the copy protection of an accounting software package. Nigel Jones was retained by the defendants to help them understand and respond to the plaintiffs’ technical claims.
At the heart of the case was a security dongle that plaintiffs supplied with their software in order to impose license restrictions. The defendants had continual problems with the dongle malfunctioning, resulting in their accounting and order taking system being inaccessible. After a particularly long outage, Tri-State paid a third-party to modify the binary image of the underlying software such that the dongle was no longer operative. When the plaintiffs became aware of this modification, they sued under various statutes, including claiming statutory damages under the DMCA for every time a Tri-State employee logged on to the software.
After examining the dongle and the relevant software, Nigel Jones was able to show a number of key things, including:
- That the dongle was being operated outside its design envelope and thus random startup failures were to be expected, consistent with the defendants’ experience. Since the DMCA has a specific exclusion for malfunctioning dongles, this was a very important finding.
- That despite the dongle no longer being operative, Tri-State’s computer configuration was such that Tri-State was still abiding by the terms of the license agreement in terms of the number of users. This finding effectively eliminated the plaintiffs’ claims that Tri-State should be forced to pay for an unlimited user license.
- That the actual security used by the plaintiffs was obsolete and easily circumvented, thus undercutting the plaintiffs’ claims for damages necessary to re-engineer their security systems.
After a multi-year litigation, the trial court ultimately entered judgement in Tri-State’s favor. Tri-State is now seeking an award of fees incurred in defending themselves against this action.
DISH Network v. NDS
Nigel Jones was a key expert witness for the victorious defendant in a case described by media as the largest corporate espionage case in U.S. history. Mr. Jones was retained by News Corporation’s NDS Group (now known as Cisco Videoscape) in a $1.6B piracy lawsuit brought by DISH Network (formerly EchoStar) in the U.S. District Court for the Central District of California. Mr. Jones analyzed the source code in the smart card at issue, and investigated the hacks that were promulgated on the Internet, allegedly by the defendant. He demonstrated to the jury both errors in the opposing experts’ analysis and also that the hack did not emanate from the defendant’s reverse engineering.
After a five-week trial and six hours of deliberations, jurors ruled in favor of NDS on most of the allegations. In denying many of the claims, the jury awarded actual damages of $45.69 (or statutory damages of $1,000), relating to a single incident involving a test card used by NDS. The Daily Journal called the victory one of the top 10 California defense verdicts of 2008.
The Ninth Circuit further awarded defendant NDS $18M in costs, stating in its decision that “There is no question that NDS successfully defended against all of EchoStar’s claims based on or related to its theory that NDS was responsible for the compromise of EchoStar’s satellite television programming security system.”
Subsequent to the Ninth Circuit’s decision, DISH Network retained Nigel Jones as an expert in a series of cases against vendors of Free to Air Satellite TV receivers.