This issue has a lot of angles and typically two or more sides to each story. On the one hand you have the enforcer, or anyone who owns original IP. An example of the stereotypical enforcer includes Microsoft, who put a complete stop to the independent development of a Command and Conquer “HaloGen” mod that employed Halo’s intellectual property, developed by a small studio called Slipstream. MS subsequently went on to have Ensemble develop Halo Wars, which is, you guessed it, a Halo RTS. Another philosophically controversial “enforcer” example is Apple, who has worked continuously to enforce its EULA against the owners of jailbroken iPhones.

At the other side of this debate is the alleged infringer, which could be an indie like Slipstream or, more problematically, the crackers and black hats who hack DRM and pirate games in a manner that damages the entire industry. This is, in fact, one of the biggest problems arising from jailbroken iPhones; it has rapidly become a problem that creates constant strain in the application and casual game markets.

Regardless of your personal philosophy concerning the identity of the enforcer or the infringer, IP enforcement is an important aspect of protecting what you create. It’s as important in commercial works as it is in open source projects even though the ideals behind enforcement may differ. The issue here is control and access, and who has that control and access. Without this article will explain intellectual property enforcement methodology without touching on personal philosophy or the identity of the infringer or enforcer. It is my belief that it is just as important for independent developers to protect their IP as it is for the majors, and as such the tools for enforcement should be available to all.

Getting it in Writing

Contracts such as EULAs, licenses, and employment agreements are the first line of defense in IP enforcement. The more clearly your contracts set out your intellectual property rights and your remedies in the event of infringement or breach, the more likely the people you contract with are to comply. This is particularly true with regard to proprietary technology, trade secrets, and ideas you want to keep confidential.

Identifying Intellectual Property. The first step in protecting your IP is identifying what you consider protected under the shield of the contract. In the case of employment agreements and NDAs you need to be as specific as possible with regard to trade secrets and proprietary technology. With regard to EULAs you need to identify all components of what you want to protect, including content you’ve licensed from third parties. One example of how this can be done* is demonstrated in the World of Warcraft EULA, which identifies IP in two places: it sets out the game, patches, and manuals in the introduction, and expounds on those basics in the “Ownership” section further down.

Identifying Permissible Use of Intellectual Property. The next step in protecting your IP via contract is clearly stating what the licensor/end user/employee CAN do. Explain what is permissible: in the case of your game’s EULA, explain what users can do with your software; in the case of your employee agreements, explain how and when employees may access or use information; in the case of non-disclosures and confidentiality agreements, explain who information may be disclosed to or when confidentiality may be waived.

Identifying Impermissible/Infringing Use of Intellectual Property. Once you’ve explained what people CAN do with your IP, you need to explain what they can’t do. For example, in the case of games, computer programs, and hardware, one major issue of contention is reverse engineering. Under the Copyright Act reverse engineering is generally (but be careful, because this is a devilishly tricky area of the law) permissible if it is done exclusively for the purpose of interoperability. However, you may not want your game or software to work on jailbroken iPhones or other gaming devices that you plan on porting to down the road. This is something that may arguably (although this is by no means settled law) be limited by the EULA. Most major content owners seem to think so. If it’s something you deem necessary to protect your future interests, you should consider including it.

Identify Remedies and Damages. This is where you let the people you’re contracting with know what they risk if they infringe or impermissibly use your IP. You should include all available equitable remedies (remedies not grounded in monetary damages), including injunctions and restraining orders, as well as statutory and actual damages or profits resulting from infringement.

DRM and Keeping Secrets. If you’re using DRM technology, you need to let people know that you’re using it. You also need to explain that the disruption or removal of that DRM will expose them to additional Copyright Act liability if they choose to crack it. In the case of employment agreements, if you’re trying to protect trade secrets you must take steps to keep information secret. This includes DRM, password protection, encryption, and making it clear to employees that disclosing that information to anyone outside of their department is a big No No.

Cracking Skulls

There’s always a possibility that someone will breach your contractual provisions, or your game will be cracked and pirated, or you’ll find an inferior clone that passes itself off as the original. You will be angry and you will want to do everything you can to stop this from happening. First, calm down. Immediately calling a lawyer and filing a complaint or otherwise throwing a fit is expensive and probably bad for your health and peace of mind. Next, evaluate the validity of your claim. Do you have a claim? Is it really infringement? Would you know if it weren’t? For example, if the product is similar or identical to your own but released prior to or very shortly after your own, there’s a strong presumption of independent creation (which isn’t infringement under Copyright Law). You may want to talk to an attorney before going further. Take a deep breath and review the suggestions below, from most cost efficient to least. In some cases you may want to skip the first option, but as you’re an independent developer you may garner more sympathy from other small collectives, pirates, or studios who are (perhaps unwittingly) infringing on your rights.

Contact the people directly. A polite phone call or casual e-mail as a first step can go a long way in preventing future ill will or the need to lawyer up. If the infringer isn’t aware that the material is infringing or if they don’t understand the basics of IP law, they may comply with a friendly request without any further cost to you. This isn’t always the case, but as I said above, you’re an indie. There’s camaraderie among your fellow compatriots and there’s nothing wrong with taking advantage of that good will to protect your IP.

Send a Cease & Desist. If the first approach is unrealistic or ineffective the next option is a more formal C&D. This should typically come from a lawyer, but if you’re still trying to avoid the need to lawyer up you will want to at least include the following:

• An introduction that sets out your name, your product, and where your product can be found;
• A description of the rights you hold in the work, including any music, artwork, engines or code you’ve exclusively licensed;
• A description of their work, and how it is infringing;
• A citation of the laws being infringed, including Copyright law, Copyright Circumvention laws, trademark and unfair competition;
• A list of actions that they must cease and desist;
• A request for damages, if relevant;
• A “respond to by” date;
• Your preferred contact method.

Before you go any further. Have you registered your work/trademark? Under U.S. law you can’t bring an action for copyright infringement against anyone until you’ve filed your application, paid your fee and submitted your deposit. In the case of trademark, monetary damages including profits aren’t available unless your mark is registered and you’ve included the ® symbol or some other notice of registration. The sooner you register the better. Under Copyright law you’re entitled to statutory damages so long as the infringement occurred after you’ve fully completed your application and submitted your fee/deposit, or within three months of the infringement. Since the minimum statutory award is $750 for each infringement registration really shouldn’t be put off. In fact you should make it a policy to register as soon as you complete a project and have something to submit to the copyright office.

Send Takedown Notices. Send takedown notices wherever you find your infringed work. Bear in mind that the DMCA safe harbor only applies to those sites with a registered DMCA agent. If the site or service provider doesn’t have an agent you may want to instead send another C&D explaining why they are also infringers.

File a Complaint. This is certainly the point of no return. If you haven’t lawyered up yet, do so now. If your C&Ds have gone ignored or the infringer has sent a put back up notice in response to your take down, the only way to get that infringing material taken down again is to file a complaint and send a copy of that complaint with a second take down notice. Most websites with DMCA provisions will explain that process in their EULA. You will likely be filing your complaint in federal court and you will want to include every possible cause of action available, including all possible state claims.

At this point the conflict could take a few turns. If this catches the infringer’s attention, you can try to achieve settlement quickly or use some of the mediation or arbitration techniques described previously. It’s typically at this point that enforcement gets pricy and time consuming, but it may be a necessary step to protect your rights.

*  Direct copying from any document including EULAs and other contracts without permission from the original drafter or document owner is typically considered copyright infringement. Draft your own or hire an attorney to draft it for you.