Software AG (Australia) Pty Ltd v Racing & Wagering Western Australia

Federal Court of Australia (Full Court)|2009-03-20|Before: Siopis JJ

BACKGROUND 1 The following account of the background to the parties' dispute is taken from the reasons of the primary judge, and is not in issue. 2 The respondent (RWWA) is the regulatory body and betting totalisator for the racing and wagering industry in Western Australia. The appellant (SAG) is in the business of licensing proprietary software systems. Since 1980 software licence agreements have been in place between SAG and RWWA and its predecessors. The current agreement was made on 16 June 2005. By that agreement SAG granted to RWWA a perpetual licence to use the software system described in the System Attachment to the agreement (the System). 3 Although the licence agreement is dated 16 June 2005, the parties are agreed that it had force and effect as at January 2005 when RWWA made the copy of the System the subject of the dispute that has given rise to this litigation. 4 On 3 September 2004 RWWA entered into an agreement with KAZ Technology Services Pty Ltd (KAZ) by which KAZ agreed to provide a disaster recovery site for RWWA at KAZ's premises in East Perth (the DR Site). The purpose of the DR Site and its contents was to enable RWWA to have an emergency recovery system in place to deal with any disaster. KAZ also agreed to assist in the conduct of disaster recovery tests at the DR Site. 5 Soon after the agreement with KAZ, RWWA made a copy of the System as it was installed and configured on the mainframe at its head office at Osborne Park (the DR Copy). This was done by a process of disk mirroring. By this process material generated at head office is instantaneously replicated at the DR Site, but until further steps are taken is not in an active form which would enable its use there. 6 Prior to the events described at [5], RWWA had kept backup copies of the System on tapes held at a location away from head office. The use of these tapes for disaster recovery of the System in the case of an emergency would have taken much longer than the use of the DR Site and the DR Copy. 7 The DR Copy is kept at the DR Site under the agreement with KAZ. It is stored on a disk that is part of the mainframe environment at the DR Site. Unless actually used in a real emergency restart, or when it has been used in the course of specific tests which have been conducted, the DR Copy is not loaded into the DR Site mainframe. This is because there is a partitioning between the DR Site mainframe and the DR Copy. The partitioning on the DR Site mainframe is not activated until an emergency requires that to occur or until testing is conducted. In order for the DR Copy to be used in an emergency or on a test, RWWA must activate the partition and load the DR Copy into the DR Site mainframe. 8 Compared with personal computers, there are relatively few (about 60) mainframe computers in Australia. A mainframe computer is expected to be available 99.999% of the time. The level of reliability expected of mainframe computers is consistent with the volume and value of the business carried out by enterprises which use them. The reliability of mainframe computers is commensurate with their cost. 9 For those, such as SAG, who create sophisticated and valuable software for such a small market, protection of the right to use the software is jealously guarded. 10 Failure of a mainframe computer is extremely rare. The consequences of such a failure, or a failure caused by external disaster, would be very significant. Accordingly, substantial resources are applied to providing a backup system which can be resorted to in a timeframe which would be much quicker than re‑establishing the whole system.

THE LICENCE AGREEMENT 11 The licence agreement recites that SAG is the Australian distributor of the System. The agreement does not claim (nor does SAG) that SAG is the owner of copyright in the System. 12 Clause 1 deals with the grant of the licence, and is in part as follows: 1.1 In consideration of the Licence fee(s) set out in the System Attachment(s) attached to and incorporated into this Agreement, Software AG grants to the Licensee a non-transferable and non-exclusive licence to use the System(s) specified on the System Attachment(s), together with the data carrier containing the same and the system manuals and other documentation provided from time to time by Software AG ("the Documentation") for the duration specified in the System Attachment(s) solely in the conduct of the Licensee's internal business as defined in Clause 1.3 and not further or otherwise. The Licensee is licensed to use the System(s): (a) only at the designated location(s) and on one single machine of the designated Hardware Make and Model within the designated Software AG Hardware Class indicated (if any) on the System Attachment(s)("the Designated Installation"); and (b) only by a maximum number of concurrent users equal to the number indicated … in the System Attachment(s) …; and (c) only by the maximum number of users equal to the number indicated … in the System Attachment(s) …; and (d) only on a single machine at the designated location(s) which contains no more than the number of processors indicated … on System Attachment …; and (e) only upon the operating system indicated (if any) on the System Attachment(s). 13 Clause 1.2 provides in part: The Licensee shall not be entitled to use the System(s) on any other or upgraded machine(s) or operating system without the prior written consent of Software AG and the issue of an additional or amended System Attachment together with payment of all additional Licence fees due under the then current Software AG price list…. 14 Clause 1.3 provides that the licensee's use of the System is solely for the purposes of its internal administration of its own business or the processing of its own data.

15 Clause 1.4 provides: The Licensee shall not permanently or temporarily move the System(s) to, or install the System(s) at, any location which is not the designated location without the prior written consent of Software AG. Such consent may be granted for alternative locations operated by the Licensee within Australia at Software AG's absolute discretion upon issue of an additional or amended System Attachment and payment of any additional Licence fees due under the then current Software AG price list. 16 By clause 1.5 the licensee agrees, amongst other things, not to allow any third party to operate the System(s) on its behalf as part of any outsourcing, facilities management, application service provision or similar type of arrangement. 17 Clause 1.6 provides that the licensee obtains only the right to use the System and does not acquire any rights of ownership in the System. It agrees that it is not entitled to use the System in any manner or for any purpose not expressly permitted by the agreement. 18 Clause 12 is headed "Confidentiality". By clause 12.1 the licensee agrees that copyright and other intellectual property rights in the System, the documentation provided by SAG and the data carrier remain the property of the licensor or the relevant owner thereof. As indicated at [11], SAG does not claim to be the owner of such copyright or other intellectual property rights. 19 By clause 12.2(b) the licensee undertakes that it will save as permitted by Clause 12.3, not copy (whether in the course of running a copy of the System(s) for the purposes for which the System(s) were designed or otherwise), reproduce, adapt, modify or interface the whole or any part of the System(s), the Documentation or the Confidential Information or combine or incorporate the System(s) in any other software…. 20 Clause 12.3 provides: Software AG hereby expressly authorises the Licensee to copy the System(s) (in object code only) and the Documentation for archival or emergency restart purposes PROVIDED THAT no more than (3) three copies made by the Licensee of the then current system version shall exist at any time and all old versions shall be destroyed. 21 The System Attachment gives the designated location of the System as RWWA's Osborne Park address and describes the licence as "perpetual". It also provides: The Licence to use the System(s) set out in this System Attachment only permits the use of the System(s) at the Designated Location on the Designated Hardware Make and Model and Operating System…. The Attachment then lists the Hardware Make and Model and various Operating Systems. It also specifies the applicable licensee fee and maintenance fees.

THE LITIGATION 22 In its Application RWWA sought declarations and injunctions "consequent upon [SAG's] demand for the payment … of an additional licence fee … to which [SAG] is not entitled" under the licence agreement. The declarations sought were that: (a) SAG is not entitled to the payment of any additional licence fees or upgrade maintenance service fees in respect of the installation of the DR Copy on the DR Site mainframe; and (b) RWWA has not breached the licence agreement by making the DR Copy. 23 SAG cross‑claimed for damages for breach of clauses 1.1(d), 1.4 and 1.5 of the licence agreement. It claimed damages of $2,150,209 for a one off licence fee and $725,712 and $322,538 as maintenance fees. At trial SAG put its damages claim on an alternative basis whereby the licence and service fees originally claimed were discounted, based on what it claimed was its past practice in negotiating fees with other customers. It is not necessary to describe the cross‑claim in any greater detail, because the parties have agreed that if the appeal succeeds, the matter should be returned to the primary judge for the assessment of damages on the cross‑claim.

AT FIRST INSTANCE 24 The primary judge gave judgment for RWWA and granted declarations that: (i) [SAG] is not entitled to the payment of any additional licence fees or upgrade maintenance service fees pursuant to the Licence Agreement in respect of the installation of the copy of the System, the licence of which is the subject of the agreement, on [RWWA's] off‑site disaster recovery mainframe. (ii) [RWWA] has not by making and storing the disaster recovery copy of the System at a third party site operated by KAZ …, breached the Licence Agreement. (iii) [RWWA] is entitled to test the disaster recovery copy pursuant to the terms of the Licence Agreement and in any event pursuant to s 47F of the Copyright Act 1968 (Cth) in accordance with its testing process. The cross‑claim was dismissed. This appeal is from the making of declarations (i) and (iii) and the dismissal of the cross‑claim. 25 A number of findings made by the primary judge are not challenged on the appeal. They are that: (a) the System is the system as installed and configured, and not merely the unconfigured and uninstalled software on the distribution tapes and cartridges; (b) RWWA was entitled to copy the System described in (a) for the purposes set out in clause 12.3; (c) to confine the permission in clause 12.3 to copying tapes or cartridges of the unconfigured and uninstalled software would be unreasonable, inconvenient and unjust; (d) the making and storing of the DR Copy at the DR Site was not a "use" of the System within the meaning of the licence agreement, where it means a use for business purposes; what RWWA did at the DR Site was not such a use; (e) RWWA made the DR Copy for emergency restart purposes; (f) the storing of the DR Copy at the DR Site came within emergency restart purposes; (g) the sole apparent purpose of the DR Site was for emergency restart within the meaning of clause 12.3; (h) the "whole and sole purpose" of the DR Site was to be able to activate the system in the case of an emergency; "to avoid loss of data and the risk of a delay of about a week in [RWWA] being able to recommence its operation"; (i) "disaster recovery" (an expression used by some of the expert witnesses) and "emergency restart" (clause 12.3) are synonymous; (j) the purpose of "emergency restart" imports time criticality or urgency; and (k) an urgent response is one which can be achieved within a matter of hours; the entire purpose for establishing the DR Site was to avoid the huge financial cost which would be occasioned in the event of a disaster if RWWA's business were inoperable for a week or so. 26 As to the "finding" in [25(i)], we should say that this was the opinion of RWWA's two experts, Mr Fink and Mr Adams, whose evidence the primary judge generally accepted in preference to that of SAG's expert, Mr McKemmish. The latter's opinion was that disaster recovery is a form of emergency restart. In this connection his Honour noted that Mr McKemmish agreed with the other experts that the sole purpose of the DR Site was for emergency restart. See [25(g) and (h)]. 27 The primary judge appears to have accepted Mr Fink's evidence that emergency restart, in the common use of the term in the mainframe computer environment, only ever occurs at a disaster recovery site (ie away from the production site). The experts gave oral evidence as a group. Immediately after Mr Fink had expressed the above opinion, the primary judge asked Mr McKemmish whether he would like to add anything. Mr McKemmish took issue with something else Mr Fink had said, but not with the opinion in question. This tends to confirm that his Honour made a finding that emergency restart only occurs at a disaster recovery site. 28 The parties agreed on a list of issues to be resolved by the primary judge. The issue of most relevance to the appeal is whether "clause 12.3 permits RWWA to copy or reproduce the System for the purpose of testing the DR Copy by the testing process set out in the statement of claim". His Honour dealt with that issue as follows: In my view the entitlement which cl 12.3 of the Licence Agreement is designed to protect, must be given a beneficial construction which accords with commercial common sense. On any view of the evidence, to have an emergency restart recovery site or a disaster recovery site without having the opportunity to test the functionality of that site would be a pointless exception to the other prohibitive or restrictive provisions of the Licence Agreement. Such a construction would provide very little scope for achieving the obvious purpose to which it was directed. Indeed, in the internal documents produced very late in the piece during the course of the trial in support of the amended cross-claim advanced by SAG, it was clear that SAG's own approach to clients being permitted to test to a limited degree was consistent with this view. It was content that no licence was required when testing was limited to no more than five times each year. 29 The internal documents referred to in the last paragraph of the passage set out at [28] included SAG's business operations manual that came into effect on 1 October 2007. In par 7.1 of the manual, under the heading "Cold Standby", appears this passage: Customers are also granted the right to install the software on a backup system for disaster recovery testing (non‑production) purposes up to 5 days per year at no cost. If a more intensive disaster recovery testing (more than 5 days per year) is required, customers can acquire this additional right at a rate of 10% of the licence list price (no maintenance upcharge due).

GROUNDS OF APPEAL 30 As we have said at [24], SAG does not challenge the primary judge's second declaration. Further, it attacks the first declaration only to the extent that it covers the installation of the copy of the System on the offsite mainframe for the purpose of testing. Thus the issue arising on the appeal in relation to the licence agreement is confined to whether RWWA was entitled to install the DR Copy onto the memory of the mainframe computer at the DR Site in order to conduct disaster recovery testing.

Grounds 1 to 4.1 31 These grounds cover much the same territory. Ground 1 takes issue with the primary judge's conclusion that RWWA's right under clause 12.3 to make a copy of the System for emergency restart purposes entitled it to install the DR Copy onto the memory of the KAZ mainframe computer at the DR Site in order to conduct disaster recovery testing. It is said that such testing is not with respect to an emergency restart of the System but for the purpose of testing and verifying the emergency operation of RWWA's business systems from the DR Site. Ground 2 asserts what the primary judge should have done, namely to limit RWWA's right under clause 12.3 to an entitlement to make the DR Copy for use in lieu of the System installed at the designated site in the event that an emergency restart was required, but not to install the DR Copy onto the mainframe computer at the DR Site in order to conduct disaster recovery testing. Ground 3 attacks the primary judge's conclusion that installation of the DR Copy at the DR Site in order to conduct disaster recovery testing did not amount to a breach of the licence agreement, and ground 4 claims that his Honour should have held that that installation did not fall within the permitted emergency restart purpose under clause 12.3. 32 The parties did not differ as to the principles applicable to the construction of commercial contracts. The primary judge set out passages from a number of recent cases at [152] to [155] of his reasons. We cite two passages only. First, the observations of Gleeson CJ in International Air Transport Association v Ansett Australia Holdings Ltd (2008) 234 CLR 151 at [8]: In giving a commercial contract a business like interpretation, it is necessary to consider the language used by the parties, the circumstances addressed by the contract, and the objects which it is intended to secure. An appreciation of the commercial purpose of a contract calls for an understanding of the genesis of the transaction, the background, and the market. 33 The other passage is from the judgment of Gibbs J in Australian Broadcasting Commission v Australasian Performing Right Association Ltd (1973) 129 CLR 99 at 109: [T]he primary duty of a court in construing a written contract is to endeavour to discover the intention of the parties from the words of the instrument in which the contract is embodied. Of course the whole of the instrument has to be considered, since the meaning of any one part of it may be revealed by other parts, and the words of every clause must if possible be construed so as to render them all harmonious one with another. If the words used are unambiguous the court must give effect to them, notwithstanding that the result may appear capricious or unreasonable, and notwithstanding that it may be guessed or suspected that the parties intended something different. The court has no power to remake or amend a contract for the purpose of avoiding a result which is considered to be inconvenient or unjust. On the other hand, if the language is open to two constructions, that will be preferred which will avoid consequences which appear to be capricious, unreasonable, inconvenient or unjust, "even though the construction adopted is not the most obvious, or the most grammatically accurate"…. 34 The phrase "for … emergency restart purposes" is more ample than, for example, "in order to restart the System in an emergency". A penumbra surrounds "emergency restart". It is a natural reading of the composite phrase to include within its coverage testing whether the copied System will restart should an emergency occur. 35 If one were to regard the phrase "for … emergency restart purposes" as open to two constructions, SAG's construction, in our view, results in a meaning that would be unreasonable or inconvenient. The purpose behind clause 12.3 is to protect RWWA from serious loss in an emergency, whether caused by a breakdown of its mainframe or some external event putting it out of action. It would be an unreasonable and inconvenient result if RWWA were to be unable to take sensible steps to make it more likely that the purpose behind clause 12.3 would be achieved, by testing the copied system in order to maximise the chance of the restart occurring in the event of an emergency arising. 36 Further, we agree with the primary judge's observation quoted at [28] that SAG's interpretation would make clause 12.3 a pointless exception to the other prohibitive or restrictive provisions of the agreement, and that such a construction would provide very little scope for achieving the purpose of clause 12.3 described above. 37 RWWA's construction is supported by the expert evidence. As the primary judge said at [208], the notion of emergency restart has some specialist meaning within the mainframe industry. The experts were agreed that the whole and sole purpose of the DR Site was so that RWWA would be able to reactivate the System in the case of an emergency. Because the court seeks to give a commercial contract a business‑like interpretation, and to further the commercial purpose of a contract by understanding the market in which it is placed, the view of the experts in that market as to the purpose of the DR Site is helpful in understanding the ambit of the expression "for … emergency restart purposes". The construction we favour advances the purpose identified by the experts in a way that SAG's does not. 38 Further, the evidence of Mr McKemmish was that it was reasonable and best practice for an entity to test its disaster recovery strategy. He said he would expect testing to happen and would be surprised if it did not. 39 Finally, the passage from SAG's October 2007 manual quoted at [29] that its clients are permitted to test to a limited degree supports the preferred construction.

Ground 4.2 40 This ground is that the primary judge should have found that RWWA's installation of the DR Copy in order to conduct disaster recovery testing was unauthorised and in breach of clause 1.4 of the licence agreement. It is common ground that the testing of the DR Copy involved the installation of the DR Copy. If clause 1.4 stood alone, RWWA may well be said to have installed the System at a location other than the designated location. However, as the passage from Australian Broadcasting Commission (1973) 129 CLR 99 quoted at [33] makes clear, the words of every clause of an agreement must if possible be construed so as to render them all harmonious one with another. In the present connection, clauses 1.4 and 12.3 must, if possible, be brought into harmony. 41 SAG does not dispute that the installation of the DR Copy for use in the event of an actual emergency restart is permitted by clause 12.3. It follows that the installation is not in breach of clause 1.4. In other words, the prohibition in clause 1.4 does not apply to an installation that is permitted by clause 12.3. All therefore depends on the ambit of clause 12.3. As appears from [34] to [39], in our view clause 12.3 is not limited to the installation of the DR Copy for use in the event of an actual emergency restart. It extends to an installation for the purpose of conducting disaster recovery testing. That which is permitted by clause 12.3 is not prohibited by clause 1.4. The clauses are to be read, as far as possible, so as to operate in harmony. The construction we favour does not deprive clause 1.4 of operational scope. The qualification of the extent of its coverage is brought about by the need, endorsed by the authorities, to accommodate clause 12.3, and thereby to instil harmony between the two clauses. This ground of appeal must be rejected.

Ground 4.3 42 This ground is that the primary judge should have found that RWWA's installation of the DR Copy in order to conduct disaster recovery testing was in breach of clause 1.2 of the licence agreement. What we have said at [41] about clause 1.4 is applicable to the "use" of the System prohibited by clause 1.2. For the reasons we have given in connection with clause 1.4, that which is permitted by clause 12.3 is also outside the prohibition of clause 1.2. 43 The primary judge held that the word "use" in clause 1.2 means use of the System in RWWA's ordinary business or some other business, and does not extend to occasional testing for one DR Site. As appears from [25(d)], SAG does not challenge that holding. At [203] to [204] his Honour reached this conclusion on the basis of the ordinary meaning of "use" in the context of the licence agreement. That conclusion was, as he noted, supported by the opinions of the experts, Messrs Fink and Adams, that in the relevant industry "use" relates to the carrying on of one's ordinary business, and that the installation of the DR Copy at the DR Site for testing purposes was not a use in any sense in which that expression would generally be understood in the industry: at [202] of the primary judge's reasons. This ground of appeal must fail.

Copyright Act, Division 4A 44 In view of his conclusion that there had been no breach of the licence agreement, it was unnecessary for the primary judge to determine whether the making of the DR Copy was also authorised by Division 4A of Pt III of the Copyright Act 1968 (Cth) (the Act). Nevertheless he went on to hold that it was. Division 4A was introduced by the Copyright Amendment (Computer Programs) Act 1999 (Cth). It is headed "Acts not constituting infringements of copyright in computer programs" and consists of ss 47AB to 47H. Section 47C(1), which deals with "Back‑up copy of computer programs", is in part as follows: [T]he copyright in a literary work that is a computer program is not infringed by the making of a reproduction of the work if: (a) the reproduction is made by, or on behalf of, the owner or licensee of the copy (the original copy) from which the reproduction is made; and (b) the reproduction is made for use only by, or on behalf of, the owner or licensee of the original copy; and (c) the reproduction is made for any of the following purposes: (i) … (ii) to enable the owner or licensee of the original copy to store the reproduction for use in lieu of the original copy if the original copy is lost, destroyed or rendered unusable; (iii) to enable the owner or licensee of the original copy to use the reproduction in lieu of the original copy, or of another reproduction made under this subsection, if the original copy, or the other reproduction, is lost, destroyed or rendered unusable. 45 Section 47C(2) provides in part: [T]he copyright in a literary work that is a computer program, and in any work or other subject‑matter held together with the program on the same computer system, is not infringed by the making of a reproduction of the program, or of such a work or other subject‑matter if: (a) the reproduction is made by, or on behalf of, the owner or licensee of the copy (the original copy) from which the reproduction is made; and (b) the making of the reproduction is part of the normal back‑up copying of data for security purposes. 46 The primary judge expressed the view that the elements of pars (a), (b) and (c)(ii) and (iii) of s 47C(1) were made out, and that the testing of the DR Copy that RWWA had carried out was thereby authorised. His Honour was also of the view that the requirements of s 47C(2) were made out, on the ground that the reproduction had been made by a licensee as part of the normal back‑up copying of data for security purposes. 47 The primary judge made no orders consequent upon his observations about s 47C, and having regard to our conclusion that RWWA was entitled to test the DR Copy under the licence agreement, we do not need to determine whether he was correct in concluding that s 47C led to the same result. However, his Honour's third declaration states that RWWA is entitled to test the DR Copy pursuant to s 47F as well as pursuant to the licence agreement. Accordingly we need to consider whether the declaration was properly granted under s 47F. 48 Section 47F(1) provides: Subject to this Division, the copyright in a literary work that is a computer program is not infringed by the making of a reproduction or adaptation of the work if: (a) the reproduction or adaptation is made by, or on behalf of, the owner or licensee of the copy of the program (the original copy) used for making the reproduction or adaptation; and (b) the reproduction or adaptation is made for the purpose of: (i) testing in good faith the security of the original copy, or of a computer system or network of which the original copy is a part; or (ii) investigating, or correcting, in good faith a security flaw in, or the vulnerability to unauthorised access of, the original copy, or of a computer system or network of which the original copy is a part; and (c) the reproduction or adaptation is made only to the extent reasonably necessary to achieve a purpose referred to in paragraph (b); and (d) the information resulting from the making of the reproduction or adaptation is not readily available to the owner or licensee from another source when the reproduction or adaptation is made. 49 The primary judge was of the view that all elements of s 47F(1) were established. His Honour said at [234]: From s 47F…, it follows in my view that the process of reproduction for the DR Copy is authorised as … the reproduction is made for the purpose of testing in good faith the security of the original copy … In other words, the testing is necessary in order to be sure that if the System at the main premises at Osborne Park is destroyed, the security of the original copy of the System is tested. 50 His Honour then observed (at [235]) that while "testing in good faith the security of the original copy" in par (b)(i) might on one view be given a more restrictive meaning, that does not appear to be the legislative purpose having regard to its context, together with a passage in par 10.18 of the Copyright Law Review Committee's Report, Computer Software Protection (1994) which indicates that "security" in the expression "security purposes" includes security against disasters such as fire, earthquake and terrorist attack. He concluded at [236] that s 47F "applies to protect the testing process carried out by RWWA". He added at [237]: 'Security testing' is directed towards the possible failure of a system or network 'of which the original copy is a part'. Testing as to possible failure of a system (namely, the DR Copy) is the purpose of testing at the DR Site. Accordingly s 47F … also applies to protect RWWA. 51 The primary judge's reference to a possibly "more restrictive meaning" of "testing in good faith the security of the original copy" would appear to be to treat it as limited to "security against electronic or other invasion of a system" (at [232]). 52 His Honour's resort to par 10.18 of the Committee's Report is attended by some difficulty. At [232] he observed that the amendments to the Act in 1999 "use 'security' at s 47F in a broader sense than security against electronic or other invasion of a system". However, par 10.18 deals with what became s 47C and is directed to the expression "security purposes" in s 47C(2)(b). Section 47F did not derive from the Committee's Report. There is no doubt that "security purposes" in s 47C has the wider meaning his Honour had in mind. If that is not apparent from the provision itself - "back up copying of data for security purposes" - it is made clear by the reference in the Explanatory Memorandum to "security against the possibility of damage to or destruction of the computer or system", and by par 10.18 of the Report. 53 It is probable that the primary judge meant in [232] to refer to s 47C rather than s 47F. The context supports that theory. Paragraphs [221] to [231] all concern s 47C. His Honour did not turn to s 47F until [233]. Given that context and the fact that par 10.18 is concerned with what became s 47C, [232] should be treated as dealing with s 47C. However, on that view his Honour would appear to have used par 10.18, dealing with "security" in the expression "security purposes" in s 47C(2)(b), as elucidating the meaning of "the security of the original copy" in s 47F(1)(b)(i). 54 SAG submitted that RWWA's testing process is not "testing … the security of the original copy". The original copy is the installed copy at the Osborne Park site. Thus the testing that is permitted is of that copy and not another copy such as that installed at the DR Site. It is said that resort to the second limb of s 47F(1)(b)(i) does not assist RWWA because it too is directed to the computer system or network at Osborne Park - "of which the original copy is a part". Paragraph (b)(ii) is similarly limited to the "original copy" or a system or network of which it forms part. SAG took issue with the primary judge's reasoning, quoted at [49], that RWWA is ensuring the security of the licensed installation at Osborne Park by testing whether the back‑up site at KAZ's premises is going to work. RWWA did not grapple with this submission. 55 What s 47F(1) permits is the reproduction of the original copy for the purpose of testing the security of that copy. The original copy is the copy RWWA is licensed to use. The permitted testing is of the security of that copy. The passages from the primary judge's reasons quoted at [49] appear to us to be saying that the testing of the functionality of the DR Copy at the DR Site is the testing of the security of the original copy at Osborne Park. That, in our view, is not what s 47F(1) authorises. On the facts of this case, what it permits is the making of a copy of the installed copy at Osborne Park for the purpose of testing the security of the installed copy. As it seems to us, the primary judge's construction of the provision enables the DR Copy at the DR Site to be tested so as to determine its efficacy should the installed copy at Osborne Park for some reason be no longer available. 56 SAG propounded a further reason why RWWA's testing process is not "testing … the security of the original copy" in s 47F(1)(b)(i). It relied on Mr McKemmish's opinion at pars 6.6 and 6.7 of his report. Mr McKemmish's letter of instructions asked him to answer the following questions (amongst others): 15.6 what is the industry standard meaning of the expression 'security testing'; 15.7 whether the Testing Process as set out above comes within the industry standard meaning of the expression 'security testing' … The background information in the letter of instructions, and its summary of RWWA's and SAG's claims, is concerned mainly with issues under the licence agreement. The letter did not direct Mr McKemmish to s 47F or any other provision of the Act, although the language of RWWA's s 47C claims were incorporated into the summary in the letter. The agreement does not employ the words "security testing". The operative part of s 47F speaks of "testing … the security of the original copy". However, s 47F is headed "Reproducing computer programs for security testing" and the two questions set out about were probably asked with that expression in mind. 57 In any event, Mr McKemmish responded to the first question as follows: 6.6.2 The Oxford dictionary of computing defines 'security evaluation' as "the examination of a system to determine its degree of compliance with a stated security model, security standard, or specification. The evaluation may be conducted (a) by analysing the detailed design, especially of software, often using verification and validation, (b) by observing the functional behaviour of the system, or (c) by attempting to penetrate the system using techniques available to an 'attacker' ". Security testing is, in my opinion, a subset of the security evaluation process. Namely security testing can be considered the actual physical or tangible assessment or probing of a computer system's security. 6.6.3 Such testing would include, but not be limited to, testing the user authentication process, firewall and router configurations, intrusion detection system operations, system logging, open and closed ports, user account auditing and access control rules. 58 The dictionary quoted at 6.6.2 is the Oxford Dictionary of Computing (5th ed, Oxford University Press, 2004). 59 Mr McKemmish answered the second question, which he headed "Security testing and the disaster recovery testing", as follows: 6.7.2 In my view the Testing process as described in the material provided to me is not 'security testing'. There is no evidence to suggest that the logical system security of the RWWA system is assessed during the testing process. Rather the testing process is in fact a disaster recovery and business continuity test, the purpose of which differs from security testing. 60 Earlier in his report Mr McKemmish had described RWWA's testing process, based in part on information supplied to him by RWWA. The description is too lengthy to quote in full. Its essentials are these: (a) The KAZ disaster recovery facility operates an IBM mainframe environment compatible with the RWWA IBM mainframe environment. (b) RWWA employs volume mirroring as the primary form of replication, the net effect of which is to create an exact copy of RWWA's working production system on the KAZ mainframe. (c) Where a disaster is declared, as simulated by the disaster recovery exercises, there are a number of steps that must be taken in order to make the KAZ system operational: · KAZ readies its disaster recovery facilities · the disaster recovery canisters are recalled · external organisations are notified · mirroring between RWWA mainframe and KAZ mainframe is cut (set to simplex state) · the RWWA partition on the KAZ mainframe is powered up · the mirrored copy of the production system is activated · mainframe internet settings are changed to reflect the new disaster recovery site settings · software keys are updated · mirroring of distributed systems is cut · the distributed systems' addresses are configured to the disaster recovery site · firewall is activated · business systems are activated, and · synchronisation of current race data is performed. 61 Mr McKemmish states the effect of the steps described in [60(c)] as follows: The net effect of this process [is] to make operational the mirrored copy of the production system. Given that it is a mirrored copy, the disaster recovery copy does not require installation of the object code files from the original distribution tapes. Additionally the mirroring process also eliminates the need for all of the compilation and linking processes typically required during the system installation, to be replicated. 62 Mr McKemmish was briefly cross‑examined about the security testing part of his report. It was put to him that while the primary meaning of "security testing" involves protecting the integrity of data from outside influences, an acceptable use of "security" in the industry is security against the possibility of damage to or destruction of a computer or computer system. He did not agree that "security" is used in the latter sense. He was then asked whether he had heard of testing the security of a system against unforseen disaster such as fire, earthquake or terrorist attack. He said he had not, and that he would not "put the two together in that context". 63 In his supplementary report of 19 May 2008, in response to a request for his comments on Mr McKemmish's opinions on "security testing", Mr Adams said nothing of present utility. In his further supplementary report, in response to another request for his opinion about the meaning of "security testing", he appears to have misunderstood the enquiry. In commenting on s 47C(2)(b) he said the expression "security testing" does not appear in the Act, and that Mr McKemmish's comments on the terms "security evaluation" and "security testing" "apply to a different context". He did not refer at all to what might be meant by "testing … the security of the original copy", the expression to which his attention had been drawn. However, in cross‑examination he was asked about Mr McKemmish's understanding of the concept. He agreed that security testing involved verifying the security of a program "in terms of hackability and firewalls and things like that, some sort of concept of integrity in the system itself". He added that it involved "[protecting] the integrity of the data from outside interference". He said it was a secondary and different sense of the word "security" when people talked about the security of a business overall - that was "business continuity rather than strict security testing". He then agreed that, based on everything he had seen and read thus far, he had not witnessed any security testing, in the first of these senses, conducted in relation to the DR Copy. 64 Mr Fink's supplementary report of 30 April 2008, in response to a request for his opinion on the meaning of "security testing", throws no light on the issues canvassed by Mr McKemmish. In his cross‑examination he said he was quite happy with what Mr Adams had said (recorded at [63]), though he added that security testing is not a term he had heard used in the mainframe environment, as opposed to the personal computer environment. 65 Mr McKemmish's evidence in relation to security testing, which was not seriously challenged and was agreed in by Mr Adams, and with the reservation referred to by Mr Fink, supports the view that RWWA's testing process at the DR Site was not "testing … the security of the original copy" within the meaning of s 47F(1)(b)(i). Their evidence also supports the view that the word "security" in the expression in s 47C(2)(b) - "the normal back‑up copying of data for security purposes" is not used in the same sense as "security" in the expression in s 47F(1)(b)(i) - "testing … the security of the original copy". The former would seem to contemplate the protection of a business and the latter the protection of a program. 66 Some support for SAG's contention that RWWA's testing process at the DR site is not "testing … the security of the original copy" is provided by Ricketson and Creswell's The Law of Intellectual Property: Copyright, Designs & Confidential Information (2nd ed, 2002) at 11.195. After observing that some of the language in s 47F is far from clear, and that the word "security" may not be used in the same sense in pars (i) and (ii) of s 47F(1)(b), the authors go on: In ordinary parlance, however, the word "security" alone would refer to the protection of something, whether it be a building, chattel or program, against the possibility of unauthorised access by third parties, and accordingly there seems to be a redundancy of language used here, unless the terms "security of the original copy" or "security flaw" are intended to refer to something else. Possibly, this "something else" could be the vetting of the program for bugs and viruses where this has not occurred as the result of unauthorised access by a third party, for example, where an authorised user of a computer system uses data or a program derived from a defective file or disc. At a more general level, however, it can be said that s 47F(1)(b) contemplates two distinct situations: subpara (i) is concerned with testing when the administrator does not know whether the system has a security flaw or is vulnerable to unauthorised access and wants to find out whether pre‑emptive action can be taken, while subpara (ii) is concerned with taking investigative and/or corrective action where the administrator has become aware that the program or system does in fact have such a flaw or vulnerability. 67 The Explanatory Memorandum to the Bill that became the Copyright Amendment (Computer Programs) Act 1999 (Cth) provides some assistance in discerning the intention behind the enactment of s 47F. It discloses that the copying predominantly envisaged by s 47F is that generated by, amongst others, decompilation or disassembly processes undertaken so as to test the security of the original copy or to investigate or correct security flaws in the original copy. See especially pars 1.1 and 19. In this connection we observe that the problem to which security testing in s 47F is directed is the need, without it constituting infringement, "to test [a computer program's] security to protect [it] against abuse (or 'hacking') and viruses": par 1.1. As there pointed out, testing can involve decompilation or making a temporary copy, which is an infringement if done without the copyright owner's permission. The section is not, by contrast, directed towards testing permanent back up or disaster recovery copies to ensure they will work if and when required. 68 For the above reasons we are unable to accept RWWA's contention, which the primary judge appears to have adopted, that "testing … the security of the original copy" extends to what was done at the DR Site, namely testing of the DR Copy to ensure that the System would be capable of being restarted and operated without the loss of data. In our view, "testing … the security of the original copy" should be confined to testing the original to ascertain its security from unauthorised access or against electronic or other invasion.

Indemnity costs 69 The primary judge's costs orders were that SAG pay RWWA's costs of the proceedings on a party and party basis until 11 May 2007 and thereafter on an indemnity basis. His Honour did so because of SAG's imprudent rejection of an offer of compromise and the making of exaggerated claims in its cross‑claim. 70 On 10 April 2007, some five months after the commencement of proceedings, RWWA made an offer of compromise containing the following elements: · the parties would enter into a new fixed term contract for a period of three years · the contract would be based on upgraded hardware that RWWA agreed to acquire in accordance with SAG's pricing, and · RWWA would pay SAG a fixed fee of $300,000 over a three year period for use of the DR Site. There was some confusion about the meaning of the offer. This was clarified by a later letter of 20 April 2007. The clarified offer is as summarised above. The offer was not accepted. 71 SAG recovered no damages at trial. Thus the offer of $300,000, had it been accepted, would have been more advantageous to SAG than the outcome of the trial. 72 The facts surrounding the exaggerated cross‑claim are as follows. By its original cross‑claim SAG alleged breaches by RWWA of clauses 1.1(d), 1.4 and 1.5 of the licence agreement. It claimed damages of $2,150,209 for a one off licence fee, and $725,712 and $322,538 as maintenance fees, a total of $3,198,459. By an alternative claim articulated during the trial, SAG claimed a discounted one off licence fee of $1,469,709 (a 30% discount) and reduced maintenance fees. As explained in the course of SAG's closing submissions at trial, the alternative claim was that if the full licence and service fees were not recoverable, the primary judge should arrive at a figure based on a course of dealings between SAG and other clients as to the likely price SAG would have been able to negotiate with RWWA, after discounting, which SAG said was approximately 30%. 73 During the cross‑examination of SAG's witness, Mr Beddoe, he produced for the first time a Deal Approval Form (DAF), internal to SAG, relating to the fee to be charged to RWWA for the DR Site in September 2006. This showed that the proposed or maximum permitted discount was 52.65%, and that SAG was in fact hoping to recover only $441,587 for a licence for the DR Site. In SAG's October 2006 offer to RWWA, the maintenance fee for the DR Site was not discounted at all. The primary judge said that these "sums stand in contrast with claims which now exceed $3 million". 74 The primary judge also referred to SAG's October 2007 manual (discussed at [29] above) disclosing that SAG's customers were granted the right to install software on a backup system for disaster recovery testing (non‑production) purposes up to five days per year. His Honour recorded Mr Beddoe's acceptance that based on the manual, SAG did not require an additional licence to be obtained to simply allow installation for the purpose of disaster recovery testing not more than "five times per year". (In fact Mr Beddoe's cross‑examination was conducted in relation to "five days per year".) 75 The primary judge concluded that SAG's evidence fell well short of demonstrating that the fee it would have recovered or would have attempted to recover from RWWA was anywhere near the sum claimed contemporaneously, by the original cross‑claim or by the claim as amended at trial. His Honour's impression from the evidence was that, had RWWA believed it was required to pay for a licence, the amount would have been far less than the lowest price SAG considered it could obtain. He explained why that was so at [147] to [148]. 76 Although the primary judge held that RWWA had not breached the licence agreement, he nevertheless considered whether SAG would have recovered damages had there been a breach. His Honour first referred to the matters recorded at [72] to [74], and said that of the 23 agreements and DAF's produced by SAG in support of the discounted claim, only three reflected any licence fees having been negotiated for additional DR use. There was no evidence of any such instance prior to 2006. His Honour said the evidence in support of the alleged practice was wholly inadequate to support a conclusion that SAG had lost the opportunity to negotiate an agreement with RWWA that would have given it a discount of 30% as against the "start" price for the establishment of a DR Site. Based on Mr Beddoe's cross‑examination, he concluded that it was most unlikely that such an agreement would have been negotiated. 77 After examining the various bases upon which SAG put its damages claim, the primary judge concluded that SAG had produced no evidence as to its net profit position (ie its expenses in producing the asserted contract price), and it was not open to him to speculate what those expenses may have been. He said that RWWA might have been prepared to pay a relatively nominal amount, say $100,000 to $150,000 to, in effect, get rid of SAG. However, to reach that conclusion in the absence of "any evidence whatsoever to support it would simply be plucking a figure out of the air or speculating". 78 In his judgment on costs ([2008] FCA 1526) the primary judge referred to many of the cases dealing with the situations in which indemnity costs may be awarded. The applicable principles were not in dispute. See, for example, Black v Lipovac (1998) 217 ALR 386 and Seven Network Ltd v News Ltd (2007) 244 ALR 374 at [59]‑[62]. 79 At [20] his Honour recorded the factors relied upon by SAG in support of its claim that its refusal of the offer of compromise was reasonable. However at [24] he concluded that while the offer was for substantially less than SAG sought, it was advanced as a commercial compromise to avoid the risks of irrecoverable costs that would be involved in a full trial, and a prudent course would have been to accept the offer or make a counter‑offer for reasonable yet more advantageous terms. 80 Turning to the exaggerated cross‑claim, the primary judge said that to counterclaim in sums which, on the findings in the main judgment, were plainly exaggerated was imprudent. He concluded: I propose making an order for indemnity costs on the basis of the imprudent rejection of the offer taken with the exaggerated claims pursued by [SAG]. 81 In attacking the award of indemnity costs, SAG contended that the initial letter of offer merely set out a proposed commercial arrangement, and that the later clarification effectively superseded the initial offer. It maintained that the offer lacked sufficient certainty to be capable of acceptance. We do not agree. In our view the two letters, taken together, constituted a composite offer, the elements of which are described at [70] above. The offer was clear and was capable of acceptance. SAG made no complaints about the offer once its terms had been clarified. 82 The primary judge noted that the offer "contained no particularity as to the predicted outcome at trial". In Hazeldene's Chicken Farm Pty Ltd v Victorian Workcover Authority (No 2) (2005) 13 VR 435 at [26] to [27] the Court of Appeal said it was neither necessary nor desirable to lay down any fixed rule that the maker of a Calderbank offer should not be entitled to indemnity costs unless the offer sets out, with reasonable specificity, the basis for the offeror's contention that the offeree should accept the compromise. We agree with RWWA's submission that it did not claim indemnity costs on the basis that SAG's case was hopeless or bound to fail. As his Honour said at [21]: The arguments for [RWWA], however, expressly accept for purposes of their claim for indemnity costs, the reasonableness of [SAG's] legal argument. [RWWA's] submissions focus squarely on the unreasonableness of the behaviour in advancing an excessive claim in response to a reasonable offer of a commercial compromise. His Honour's reference to RWWA's acceptance of the "reasonableness of [SAG's] legal argument" was to SAG's contentions that: · no decided cases were clearly inconsistent with its arguments as to the construction of the contract · the contractual terms were fairly arguable; they were not hopeless, and · there were no cases on ss 47C or 47F of the Act that were inconsistent with its contentions. 83 SAG contended that the primary judge erred by imposing on it a requirement that it demonstrate the strength of the arguments it was raising. This claim is based on his Honour's observation answering SAG's complaint that the offer did not explain why its case was bound to fail. He said at [23]: [I]t seems to me … from the several exchanges which had occurred between the parties prior to the making of this offer, that it was [SAG] which was advancing an argument as to construction of the licence agreement and the Copyright Act. It was in reality [SAG] which was the initiator of the adversarial dispute between the parties as it was [SAG] contending that [RWWA] was in breach of both the licence agreement and the Copyright Act even though it was at all times [RWWA's] view that this was not even arguably so. That view prevailed. If anyone at the time of making the offers had an onus of demonstrating the strength of the argument being raised, that onus rested on [SAG]. 84 As indicated at [82], RWWA's case on costs was not based on the lack of strength of SAG's case, and the primary judge did not proceed on the basis that it was. That is clear from [21] of his reasons. The last sentence of the passage quoted at [83] above does not in terms impose an onus on anyone. His Honour was alert to the place of onus in connection with the award of indemnity costs. At [19] of his reasons, relying on the Full Court's decision in Black v Lipovac (1998) 217 ALR 386 at [217] to [218], he noted that the mere refusal of a Calderbank offer does not of itself warrant an order for indemnity costs; the offeror needs to show the conduct of the offeree was unreasonable. This approach was preferred to that taken in Multicon Engineering Pty Ltd v Federal Airports Corporation (1996) 138 ALR 425, that non‑acceptance of an offer more favourable to the offeree than the amount ultimately awarded prima facie demonstrated unreasonable conduct, and the offeree bore the onus of showing why indemnity costs should not be ordered. 85 Finally, SAG claimed that the amount sought in the cross‑claim was not exaggerated, and in any event, the making of an exaggerated claim is not an accepted ground for the award of indemnity costs. SAG is appealing from a discretionary decision. The Court's jurisdiction in awarding costs is unfettered. Indemnity costs may be awarded where there is some special or unusual feature in the case justifying the exercise of the discretion in that way: Re Wilcox; Ex parte Venture Industries Pty Ltd (No 2) (1996) 72 FCR 151. The categories in respect of which indemnity costs may be granted are not closed: Colgate‑Palmolive Co v Cussons Pty Ltd (1993) 46 FCR 225 at 233. Accordingly, the fact that making an exaggerated claim may not appear in any list of special or unusual features of a case is of no moment. In any event, the established categories include the wilful disregard of known facts: Colgate‑Palmolive at 233, which is apposite to this case: see [73]‑[75]. The primary judge's conclusion that SAG's rejection of the reasonable offer of $300,000 was imprudent, as was the making of a plainly exaggerated cross‑claim, was open to him on the evidence. No available ground of attack on the exercise of the discretion has been made out: cf House v The King (1936) 55 CLR 499 at 504‑505.

CONCLUSION 86 The third declaration was properly made by reference to the licence agreement but was not authorised by s 47F. It should be varied by deleting therefrom the words "and in any event pursuant to s 47F of the Copyright Act 1968 (Cth)". Otherwise the appeal must be dismissed. I certify that the preceding eighty-six (86) numbered paragraphs are a true copy of the Reasons for Judgment herein of the Honourable Justices Spender, Sundberg and Siopis.

Associate: Dated: 20 March 2009 Counsel for the Appellant: RJ Webb QC and T Coyle

Counsel for the Respondent: JD Allanson SC and MD Cuerden

Solicitors for the Respondent: Minter Ellison Lawyers

At a glance

Court

Decision date

Before

Source

Judgment (15 paragraphs)

Parties

Legislation Cited (2)

Cases Cited (10)