1. My name is JON BING, and I live in Oslo, Norway. If called upon to do so, I would competently testify to the following facts:
2. I am a partner in the law firm Bing & Partners. I am also a full professor at the Norwegian Research Center for Computers and Law, a Department of the Faculty of Law, University of Oslo a department he co-funded in 1970. I am a dr juris (Oslo) and doctor honoris causa (Stockholm and Copenhagen), and currently Visiting Professor at King's College, London. I have been working with intellectual property and information technology for many years, authoring as member of the Royal Commission the report basic to the revision of the copyright act of the Nordic countries with respect to information technology in the 1980s, also drafting the bills to the parliament in this respect. Currently, I am a member of the Intellectual Property Task Force of the Legal Advisory Board to the Directorate General Information Society (formerly DGXII) of the European Commission.
3. I have followed this case from Norway and am generally aware of its issues. The statements below only pertain to the issues on which they explicitly comment, and not on the California case or dispute as such.
Criminality of Act Legal Theory Without Supporting Precedent
4. There is no legal precedent or court decision in Norway to support a claim that reverse engineering is a violation of Norwegian criminal law. No Norwegian court has issued any such ruling.
5. The Norwegian Sect 145(2) was introduced in the criminal code 1987, clarifying an amendment from 1979. The current wording reads:
"Section 145, Any person who unlawfully opens a letter or other closed document or in a similar manner gains access to its contents, or who breaks into another person's locked repository shall be liable to fines or imprisonment for a term not exceeding 6 months.
The same penalty shall apply to any person who by breaking a protective device or in a similar way unlawfully obtains access to data or software which are stored or transferred by electronic or other technical means.
If damage is caused by the acquisition or use of such unauthorised knowledge, or if the felony is committed for the purpose of obtaining for any person an unlawful gain, imprisonment for a term not exceeding 2 years may be imposed.
Accomplices shall be liable to the same penalty.
A public prosecution will only be instituted when the public interest so requires."
The Norwegian wording is:
"Avdeling 145. Den som uberettiget bryter brev eller annet lukket skrift eller på liknende måte skaffer seg adgang til innholdet, eller baner seg adgang til en annens låste gjemmer, straffes med bøter eller med fengsel inntil 6 måneder.
Det samme gjelder den som ved å bryte en beskyttelse eller på lignende måte uberettiget skaffer seg adgang til data eller programutrustning som er lagret eller som overføres ved elektroniske eller andre tekniske midler.
Voldes skade ved erverv eller bruk av slik uberettiget kunnskap, eller er forbrytelsen forøvet i hensikt å skaffe noen en uberettiget vinning, kan fengsel inntil 2 år anvendes.
Medvirkning straffes på samme måte.
Offentlig påtale finner bare sted når allmenne hensyn krever det."
6. This law was introduced before the introduction of World-Wide Web. It is a "classic" hacker provision, directed originally in 1979 towards time-shared computers and computer bureaux. It has, however, general terms which easily adapt themselves to the current Internet environment.
7. A principle of Norwegian constitutional law is known as the "principle of legality", which has its strongest presence within the area of criminal law. This implies that priority should be given to legal certainty for the citizens with respect to criminal provisions. It is taken to prohibit interpreting the criminal code analogous or let the terms apply outside their clear area of application. Norwegian courts are therefore reluctant to apply the criminal code to new circumstances not clearly falling within the scope of the natural understanding of the terms. This is, to some extent, demonstrated by the decisions briefly discussed below.
8. It is important to note that this provision relates only to "data or software". The Norwegian Supreme Court has interpreted this code section in an important case from 1994. The case related to a person producing pirate decoders to enable viewers to enjoy encrypted pay-TV without consent from the right-holders. The Norwegian Supreme Court held that the television programs did not constitute "data" in the ambit of Sect. 145(2). Although this decision has received criticism, including from myself, as interpreting the term "data" too narrowly, the Norwegian Supreme Court has subsequently upheld this decision in a later ruling and there can be no doubt that it does not protect television programs. There have been no other rulings or indications of what other material the court would consider excluded from the term "data".
9. One unlitigated issue under Norwegian law with respect to Sect 145(2), is the breaking of a code to access material embedded in an object which is the property of the person in question. This would typically be a situation where a data base or computer program is sold on a compact disk or similar device, but protected from screening by some arrangement, a password, encryption etc. If the owner of the disk gained access by "breaking a protective device", it could be argued that this would fall within the scope of the provision, however this is only a theory and there is no supporting Norwegian precedent.
10. This theory is, however, clearly outside the scope considered in Norwegian legal history. Indeed, the only examples that would clearly be applicable are of centralized or third-party computer systems into which the person gains access. However, the current situation is analogous to the traditional context of opening a letter. If that letter was the property of the person opening it (though that person not being the addressee), the provision clearly would not apply. Because the disk is owned by a person bypassing protective devices, the provision would likely not apply.
11. A claim that reverse engineering is criminal in Norway is an unsubstantiated legal theory subject to dispute. It has not been extensively addressed or analyzed in Norwegian legal literature, and there are no Norwegian court decisions to guide how Norwegian courts would rule on this issue.
Norwegian Copyright Law and the Right to Reverse Engineer
12. The Norwegian Copyright Act Sections 39 h and i contain provisions giving a qualified right of decompilation:
Section 39h. The lawful acquirer of a computer program may make copies of, alter and adapt the program insofar as is necessary for the use of the program in accordance with its intended purpose, including the correction of errors in the program.
Any person having a right to use a computer program may make a backup copy insofar as it is necessary for the use of the program.
Any person having a right to use a copy of a computer program may, in connection with such loading, displaying, running, transmission or storage of the program as the user is entitled to perform, observe, study or test the functioning of the program in order to determine the ideas and principles which underlie the various elements of the program.
No departures from the provisions of the second and third paragraphs may be made by agreement.
Section 39i. It is permissible to make a copy of the code of a computer program and translate the form of the code when this is indispensable in order to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs, if
The information obtained through the application of the provisions of the first paragraph shall not
No departures from the provisions of this section may be made by agreement.
In Norwegian, the same section reads:
Avdeling 39i. Det er tillatt å fremstille eksemplar av et datamaskinprograms kode og oversette kodens form når dette er en forutsetning for å skaffe til veie de opplysninger som er nødvendige for å oppnå funksjonelt samvirke mellom et selvstendig utviklet datamaskinprogram og andre programmer, dersom
De opplysninger som er innhentet ved anvendelse av bestemmelsen i første ledd, må ikke
Bestemmelsene i denne paragraf kan ikke fravikes ved avtale.
13. This law implements Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs (Official Journal L 122, 17/05/1991 p. 0042 - 0046) sect 6, as required by the agreement of the European Economic Area annex XVIII no 5. Commentaries on the provision in the directive, will also be relevant for an understanding of Norwegian law.
14. The provision in fine is made mandatory. This implies that the parties cannot in a contract restrict the rights given to a person "having the right to use a copy of a computer program" (cf Sect 39i(1)(a)) even if the contract concluded otherwise is valid.
Validity of Shrink-wrap and Click-wrap Agreements Questionable
15. The use of shrink-wrap licensing has been discussed with respect to computer programs. In the legal history (which under Norwegian law is relied upon to a greater extent than in most common law jurisdictions for interpreting the statutes), this was discussed preceding the amendments in the Copyright Act 1990 on information technology. The Committee preparing the report for the draft bill, stated that a unilateral condition restricting the rights flowing from the copyright legislation, could not be construed to represent a binding contract under Norwegian law. The Committee compared this to "private legislation easily displacing the balancing of interest on which the legislation in founded". The Ministry embraced this in its bill for the parliament, citing the Committee and adding that, "Normally, such unilateral restrictions will not be valid."
16. For click-wrap licensing, the situation is less clear and there are no court decisions on the issue to guide on how a Norwegian court would rule. There is no statement in legislative history for subsequent amendments to the copyright legislation addressed directly to click-wrap licensing. It is in the literature, however, argued that one cannot maintain an attitude as restrictive as the one indicated for shrink-wrap licensing due to the need of the industry for an efficient way of concluding contracts on the Net. If clearly indicated and easily understood prior to accepting the contracting terms, it is possible that a binding contract will be concluded. However, it is my opinion that Norwegian law is restrictive with respect to acknowledge unilateral restrictions (often referred to as "labeling" ("etikettering") as resulting in a binding contract. The issue is a matter of dispute in Norway and so far, no Norwegian courts have found click-wrap licenses enforceable as a matter of law and is debatable that any would.
I certify and declare under penalty of perjury under the laws of the State of California, U.S.A. that the foregoing is true and correct.
___ Jan. 18, 2000______ ____ [signature] _____
Date Jon Bing
Please send any questions or comments to firstname.lastname@example.org