Category Archives: Technology Media & Telecoms

Privacy vs Security

In-house counsel and IT directors at tech companies are facing tough challenges in balancing data protection compliance and responding to increasing pressure from law enforcement agencies for access to data without compromising security or consumer confidence.

One of the reasons for this is the introduction of new data protection regulation in 2016, including the Privacy Shield agreement following the dissolution of Safe Harbor and the confirmation of the forthcoming EU General Data Protection Regulation (GDPR).

GDPR has been anticipated for the past three years. However, the Regulation was only finalised in 2016, giving companies just two years until the GDPR is enforced in May 2018.

The main points of interest are:

  • Increased fines for breaches of the GDPR, up to 4% of the annual global turnover
  • A “Privacy by design” provision requires that data protection is designed into business services. Measures to protect data must be taken from the start of client engagement with clients.
  • Explicit consent must be obtained for the collection and processing of data. Contracts with clients should include a section on consent.
  • Multinational companies working across the EU will be required to appoint an independent Data Protection Office. This will be a challenging role to fulfil given the breadth of knowledge required to manage both IT systems and be familiar with the legal aspects of the GDPR.
  • International companies based outside the EU, but which hold data inside the EU, will be subject to these regulations.
  • “Right to erasure”. A client has the right to request the erasing of personal data. Organisations need to take steps to understand how easily and cost-effectively they can comply with these requests.

In addition to this, companies transferring data between the United States and the EU will now be subject to the recently-agreed Privacy Shield arrangement.  The basis for the agreement is centred on the following 7 privacy principles[i]:

  • Notice
  • Choice
  • Accountability for Onward Transfer
  • Security
  • Data Integrity and Purpose Limitation
  • Access
  • Recourse Enforcement and Liability

In addition to these principles, the EU-US Privacy Shield will:

  • Introduce an Ombudsman to investigate any complaints regarding access to data by US Intelligence agencies
  • Conduct a joint annual review by the European Union and Department of Commerce of the program

Although many of the changes in data protection law have been in response to technological developments such as social media, the European Commission has also taken a consumerist focus, commenting that privacy is a key concern for its citizens and as such, legislation such as the GDPR takes this into account.

Equally, Safe Harbor was dissolved due to action by a Maximilian Schrems, a private citizen, who had concerns over the way data belonging to EU citizens was being handled. This background, as well as the need for regulatory compliance perhaps explains why companies have been resistant to comply with growing pressure from law enforcement.

The FBI v Tech providers

In 2015 and 2016, Apple received and challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789. Most of these sought to compel Apple to assist with extracting data from locked iPhones in order to assist in criminal investigations and prosecutions. A few requests, however, involved devices with more extensive security protections that would require Apple to write ‘back door’ software to allow the government to directly access data.

Many commentators have been sceptical that the FBI needed to take Apple to court and that they have the technical know-how to extract data from these devices without assistance. Some privacy advocacy groups believe these court cases are not about technology but establishing a legal precedence for wider access/surveillance.

A number of organisations such as Whatsapp, the online messaging service, have responded to this climate by introducing end-to-end encryption to increase users’ privacy and security. With end-to-end encryption in place, not even WhatsApp’s employees can read the data that’s sent across its network.

In other words, WhatsApp has no way of complying with a court order demanding access to the content of any message, phone call, photo or video travelling through its network. Like Apple, WhatsApp is, potentially, blocking law enforcement agencies, but is doing so on a larger scale than Apple, as WhatsApp is used on one billion devices including iPhones, Android, Windows, and even older Nokia phones.

Although third party forensic specialists can now decrypt Whatsapp messages, it is likely that this will result in Whatsapp retaliating with further security updates. This effectively creates a vicious cycle of encryption and decryption.

This places in-house counsel in a difficult position, caught in the middle of these conflicting demands On the one hand, they must ensure that their business practices meet the privacy requirements of regulators such as the European Commission and the standards demanded by their consumers. But equally, agencies such as the FBI have been putting increased pressure on companies to comply with their demands.

Companies with a low risk from law enforcement cases may opt to focus on ensuring they comply with all relevant data protection legislation. If a company does operate within a sphere that could attract the attention of the FBI and other enforcement agencies, (e.g. communications, social media), then this is a delicate subject and one on which the company should seek expert legal advice. However, one potential resolution is cooperating with the enforcement agency to provide the information they seek via other channels and techniques.

As devices become more connected, it can be possible to access the required data from another device. For example, rather than examining a phone, an investigator could look at a computer (which might feature backups) or the Cloud.

Many people backup their phones on a computer. Investigators are then able to recover this data via taking an imprint of the computer’s hard drive and using forensics methods to search within the back up. This approach can often yield the following data types:

  • Emails
  • Photographs
  • Chat transcripts from apps such as Whatsapp
  • Notes

If a case requires emails or other kinds of unstructured data such as chat records, a wider net can be cast by including correspondents in the search for data.  Ediscovery technology can sift through huge sets of unstructured data such as emails, instant messenger and techniques such as predictive coding mean what could be a time consuming exercise can be completely relatively efficiently.

By looking at the iPhone owner’s network of contacts, any incriminating evidence could be gained from data owned by the receiver rather than the original custodian. Ediscovery technology is especially suited to this kind of exercise as trained users can run searches for keywords and suspected code words which may be missed if someone simply reads the emails sequentially.

For suspected fraud, it may be possible to isolate patterns from available financial data using data visualisation tools. Data analytics specialists can take large sets of structured data (e.g. spreadsheets, data held in relational data bases) and find previously unseen abnormalities that can be pinpointed to specific individuals. This evidence can then be used alongside other data to build a case.


2017 is unlikely to see a dilution in the tension between security and data privacy. The UK’s decision to leave the EU and the Prime Minister’s announcement that Article 50 will be invoked in March may even have the effect of complicating the situation still further. However, from a lawyer’s point of view, the ability to identify and report on a wide range of data sources using intelligent technology will only become more important across the board.


Five Cool Tools Every Legal Marketing Rock Star Needs to Understand

The legal industry faces a number of marketing challenges. Setting your firm apart, doing something interesting or innovative, or finding ways to engage current and potential clients is tough in the law business. But, legal marketing doesn’t have to be “boring” or uninteresting, and there are a number of nifty marketing tools that will not only make your legal practice stand out for the right reasons, it will make the marketing of your firm faster, simpler and far more effective.

At leading legal marketing firm, The Eisen Agency, we thrive on being successful leaders in today’s fast moving global marketplace, and have the time, energy and expertise to focus on individual industries and great marketing tools to marry those strategically and tactically to the benefit of our clientele. Each of our executive’s knowledge and expertise span across a wide variety of industries – from travel to accounting – so our team’s expertise is our client’s advantage. Here are five cool tools every legal marketing rock star needs to understand in 2016.

  1. Buffer

This simple analytics platform is the best way to decrease social media time, increase engagement and drive traffic to your organization’s website. This interface allows you to share content across multiple social media platforms and accounts. Buffer uses data specific to the legal industry to analyze and distribute your published post during the best times of the day. The platform also allows you to add photos and videos or use their new tool, Pablo to visualize your post. Pablo creates social media images, allowing users to choose different templates and fonts. So, save yourself a few hours each week and purchase Buffer.

bufferBuffer saves legal marketers time by housing their social media accounts.
  1. allows businesses and professionals to discover, curate and publish a wide array of content to increase visibility and drive visitors to their website. This platform not only allows you to collect articles on specific content, but search millions of users and topic boards related to the legal industry. And, this tool integrates with Facebook and Twitter, sharing
your curated content with the click of your mouse.

scoop-itWith legal marketers can share and create curated content.
  1. Klear

Klear is a social intelligence platform that serves as a sophisticated influencer search engine. This platform can connect you to the right people around the world and become a very successful networking tool. It will also analyze your engagement, performance, benchmark your landscape and provide insight so you can stay ahead of the curve.

Klear connects legal marketers to influential leaders.
  1. Canva

Producing engaging content and producing it consistently are two large obstacles when it comes to implementing a marketing plan effectively. If you are looking for an easy-to-use tool, loaded with features to create visually engaging content to share with your audience, you have found it. From magazine covers to social media ads, Canva has you covered.

Canva allows legal marketers to produce visually engaging content.
  1. Lexicata
Lexicata allows legal marketers to analyze customer’s data.

This platform serves as a hybrid between a customer relationship management and client intake software. It allows legal marketers to capture and intake lead information, sign and create documents, and track your progress until the deal is closed. Lexicata also integrates with the favored cloud-based software for lawyers, Clio, making this platform a valuable asset to your organization.

And, while this is by no means an exhaustive list of every “cool” tool out there, it’s a good sampling of some of the whiz bang tools our team uses to the advantage of our clientele. As in in house marketing executive or small business owner, having an outside agency that is dedicated to constantly finding better ways to share your message and grow your business efficiently is a tremendous competitive advantage. Just like having your law firm, our team can comprise a specific strategy and tactical plan to assist in your growth.

The Evidence of hackers

Most law firms believe the challenges they face set them apart from the industry at large – and this is largely correct.

The phrase ‘time is money’ perhaps doesn’t ring as true for other businesses as it does for the legal sector.  When every minute is clocked, it is important that business processes run smoothly and therefore, security controls in legal organisations need to be effective, yet lightweight as not to adversely impact the day to day running of the practice.

A further element is that often law firms are asked by key clients and prospects (particularly in finance) to implement specific security controls to achieve assurance or compliance. Rather than being helpful, this presents a significant problem, as the required controls are procured with no understanding of the specific attack paths and threat actor methodologies covered. At best, this is a budget spent to enable a firm to win business. At worst, it gives a false sense of security.

While the challenges may be different the reality is the same. In the world of information security, compromises are inevitable.

Effective detection controls

Legal firms need to face the fact that determined attackers will eventually get in.

It may be because of a vulnerability in the network perimeter, maybe a zero-day exploit, or a combination of phishing emails carrying custom malware and social engineering or maybe even through gaining physical access.

However, a single compromise doesn’t equate to game over for the organisation. With an understanding of the motivation and capability of the probable threat actors (as detailed in the first article in this series) effective detection controls can be chosen and deployed.

Here are five common compromise indicators and controls:

Phishing: Filtering email content may provide clues of an attack against the firm. For example, Sender ID or Sender Policy Framework (SPF) can be used to check for spoofed emails. Email content can also be inspected to look for typical phishing patterns and, in particular, for links and attachments. Such links and attachments can be automatically analysed within sandboxes to see if they expose suspicious behaviour and can be stopped before reaching the end user.

Anomaly analysis: In an organisation the majority of endpoints will have similar programs starting at boot time. By looking across the organisation to find the one or two computers that are starting something in addition to what all the others are starting, organisations might be able to spot malware for which no signatures exist.

Suspicious patterns: Look for connections to, or even from, odd places or at odd times; also be aware of any unusual user-agents in the proxy logs. A large number of failed logins to a server may indicate a brute force attempt.

Lateral movement: Behaviour to watch for includes suspicious Windows logon events, new services being installed, tasks being scheduled, and remote execution with legitimate Windows tools. All of these will be recorded in typical Windows event logs.

Data Exfiltration: There are several options an attacker might employ to exfiltrate data, from the basic (uploading files to webmail), to the advanced (DNS tunnelling), depending on the security controls in place. As part of this, volume based analysis can be particularly powerful as well. For example large unexpected transfers of data between hosts may indicate aggregation of files prior to an exfiltration.

Early detection is key

The ability to detect an attack largely depends upon two critical factors; first, having the right data available, and second, actually looking at it. Most organisations that fall victim to network intrusions have the evidence of compromise sitting in their logs all along, but the problem is that often nobody reviews logs until an incident occurs.

There is a choice when it comes to the output from a security control. It could be an unfiltered list of log events that require further manual investigation by in-house staff; or it could first be filtered to remove false positives, so that the only output is a confirmed security incident needing an immediate response. Law firms tend to prefer the latter category unless they have a large and hands-on security team, and that needs to change.

The application of prevention and hardening measures combined with effective intrusion detection and incident response can slow attackers down, forcing them down known paths and essentially making them ‘noisy’ and more easily caught.

Data exfiltration detection is too late

However, if you rely on the detection of data exfiltration alone, then you have already lost.

It is too late in the process to instigate an effective response and the costs of cleanup will be exponentially greater than if the initial compromise is detected as it occurs.

Furthermore, an advanced attacker will employ a stealthy exfiltration method to bypass security controls during this phase. Detection controls should be focused as early in the process as possible.

The best way to combat cyber threats is through 24/7 attack detection and response, which is capable of revealing the initial compromise early enough in the breach process and before any kind of control channel is opened to the attacker. Harking back to the motivations of attackers, it’s also imperative for legal firms to choose effective detection controls with an understanding of the motivation and capability of the probable threat actors.

The earlier the detection, the better chance the company has at making a full recovery and saving itself a lot of time, money and reputational damage in the process.


Countercept has written a whitepaper detailing how cyber security in law firms is misunderstood – and what can be done about it. This can be downloaded from:

Legal firms in the Hackers Crosshairs

Despite a media backdrop of breaches and compromises, Legal organisations are not automatically a target for hackers. That does not mean they are exempt, just there needs to be sufficient motivation to threat actors enticing them to launch a virtual raid.

This first article, of a two-part series, looks at why some Legal firms may become a target and the hackers M.O. (modus operandi.)

What is the specific security challenge faced?

A law firm will only be targeted if there is sufficient motivation for attack. As, without motivation, there is no targeted threat.

As for any organisation, the nature of the firm’s business will determine which threat(s) it is at risk from. A large multi-national organisation that deals with the corporate interests of international businesses may find itself at risk from state-sponsored attack; in addition, firms specialising in M&A, IPO, High Net Worth Individuals or Intellectual Property may find themselves coveted by those seeking financial gain; a human rights lawyer or even those practicing criminal law may find hacktivists wishing to cause disruption.

Just as clients come and go so too does the hackers attention. If the firm acquires a new client or moves into a new area of interest, the threats facing the law firm can radically change in tandem, meaning the security strategy needs to evolve alongside the business strategy.

The key question the firm needs to ask itself is, ‘Is there any activity that my firm is involved in now, or planning for the future, that provides the necessary motivation for threat actors to attack?’

The Hackers M.O.

Recognising that they’re a target in the first place is a struggle for many organisations, not just those in the Legal sector. This is often accompanied by the misperception that threat actors need to utilise fully customised, expensively researched exploits to successfully target the infrastructure.

The evidence is that, rather than a ‘sophisticated’ attack, most firms are generally breached with a combination of reconnaissance, widely available commodity malware, and well known ex-filtration techniques.

That said, there are those more sophisticated threat actors who might deploy advanced techniques to facilitate their objectives either more ‘quietly’, or in a way that carries more impact.

The initial attack path

How a criminal may strike is the first stage to understanding, and mitigating, the attack path that the threat actor will aim to leverage.

The majority of the effort spent in a targeted attack is in early reconnaissance. There is nothing particularly advanced about this, other than the need for time, logic and discipline. Indeed, law firms tend to make it rather more straightforward than other industries by publishing the contact details of individual lawyers online, along with their practice area. This openness, combined with the constant clamour for publicity from marketing departments issuing articles and press statements, enables threat actors to determine three key pieces of information to assist in the attack:

1) To whom should I deliver my initial payload, and how can I make sure they open it?

This could be as straightforward as sending an HR administrator malware embedded in a CV (phishing). However, in an advanced case of reconnaissance, it’s more likely to take the form of a document sent to a lawyer, ‘spoofed’ to come from a known client or perhaps from a journalist, attaching a list of questions regarding a sensitive case.

Whichever the approach, thorough reconnaissance can all but guarantee an initial payload is opened somewhere within the infrastructure.

2) Who are the organisation’s System Administrators or security personnel?

IT staff are the highest-value target in law firms; if compromised, their credentials can be used to accomplish anything from standard data exfiltration, to hard drive wiping, to setting up legitimate remote access for a threat actor to come and go undetected.

Armed with the knowledge of their identities, an attacker will either target these staff from the outset (and in increasingly sophisticated ways), or make IT staff their first target when landing elsewhere on the network.

3) Who in the organisation has the credentials to access the information I want to steal?

This phase of reconnaissance is usually the trickiest requiring an initial foothold within a network to enable the further internal reconnaissance of such assets as the company intranet, which could well contain staff lists, groups and roles.

However, law firms tend to make this easier than most firms; once again, the company website, press releases and resources such as The Legal 500 enable attackers to map individual lawyers to practice areas and key accounts. This means that attackers can target law firms with both eyes open and a clear plan, rather than taking the usual ‘sit and observe’ approach that tends to be necessary once an initial foothold has been established.

Effective Security Controls

Once an attacker gains an initial foothold on one system inside a victim network he needs to work to expand his influence. This will typically involve gaining credentials and privileges which will enable him to move to other systems.

As an attack progresses, more systems are compromised and more credentials are gained along the way. Eventually the attacker will gain access to a high value, high privilege account and the victim network is now effectively ‘owned’ by the attacker.

So, what factors will hinder the progress of an attacker on his way to becoming domain admin and stealing all of the firm’s secrets? Here are five steps to consider:

  • The privilege level of the attacker when the first system is compromised. For this reason it is highly advisable to configure all users to run with the minimum level of privilege required to perform their job, and no more.
  • The design of the network itself. An attacker can only compromise those systems which he is able to communicate with over the network, so network segmentation will be a big factor in preventing lateral movement.
  • Attackers will use whatever tools are available to them to achieve their objective. If they discover network enumeration tools, port scanners or password cracking utilities on a system then they will likely use them against you. Many system administration tools (especially Sysinternals) can also be abused in this way, so best practice would be to remove such software if it is not required.
  • Implementing Software Restriction Policies or AppLocker will also cause a potential headache for any attacker trying to move around the network.
  • Multi-factor authentication for systems/applications of high value could prevent an attacker from reaching the firm’s crown-jewels if he is unable to authenticate.

Covering relevant attack paths is only half the equation. At some point an attacker may be successful in moving around the network, gaining access to sensitive data and ex-filtrating that data. In this event, the ability to detect and respond to the malicious activity is paramount.

The next article, in this two-part series, discusses effective detection controls focused around typical attack paths and will look at ways to achieve best practice in light of the legal sector’s specific challenges.


Why legal firms must embrace technology

The legal sector is currently in a state of flux. Research[1] has shown law firms are aware technology must be embraced to meet their full growth potential but very few have taken the plunge and tackled this issue head on.

It’s worrying there are legal firms which haven’t realised the benefit of embracing the latest technological advances, especially when 24 per cent of legal professionals cite enhancing operational efficiencies as a main priority. Due to the vast amount of rules and regulations in place within the sector, lawyers can spend days at a time completing admin, rather than adding value to their clients and the company as a whole. Updating the technology used to complete these tasks is now becoming critical to the future success of the business.

Recent statistics show 74 per cent of legal firms plan on investing in new technology to address business and IT challenges over the next two years. Such investment has the potential to turn the hard work already in place within the sector into increased business growth. However, to do so law firms must implement technology with these growth goals in mind to ensure they achieve the greatest return possible.

Building a legacy

The first step is to take stock of the technology used within a law firm and ask if it is truly fit for purpose. Systems that only meet the bare minimum requirements to carry out a task may seem perfectly viable, but legal professionals may be doing themselves and their clients a disservice due to time wasted using inefficient systems. This is shown by a staggering 42 per cent of law firms stating their business growth plans are hampered by the legacy IT systems they have in place. Clearly, investment must be made to remedy this issue, even by firms aiming to keep expenditure low to increase profit margins.

When looking at investment, it’s clear there is a fine line between smart financial planning and removing funding from key arms of the business. Investing in new technology is the perfect example – many budget holders will be more interested in spending on recruitment to facilitate new business goals, which in turn can drive growth. However, if the technology used is hampering productivity, the business is setting itself up for failure as clients may look elsewhere for firms which offer more competitive service level agreements.

Legacy hardware will be slow running, while legacy software will fail to integrate to any new industry services or applications; from free digital storage to the latest database management tools. The time dedicated to research ahead of trials, communication with clients and even powering up hardware is exacerbated. Additional minutes spent on individual tasks quickly add up and equate to time wasted, which could be spent adding value to the business.

Every Cloud has a silver lining

Legacy hardware is relatively easy to replace but for law firms to remain competitive, they must update their technology to ensure their services continue to evolve. Lawyer’s today may need to access trial-critical documents on the move, rather than just from the office. This is why it’s so important law firms securely embrace Cloud computing and mobile devices to ensure the workforce is working as smartly as possible. If lawyers are spending tens of hours every week out of the office, accessibility to an office server becomes an essential part of their armoury.

Growing a firm with a Cloud-based infrastructure ensures lawyers can easily work on upcoming cases securely while travelling. If technology is utilised well, the ability to work from any location with an internet connection will see law firm productivity increase noticeably.

The law firm’s IT team will also have a clearer view over the entire system, as updates can be efficiently deployed over a Cloud infrastructure, rather than tackling devices separately. There is absolute peace of mind that each and every corporate device, whether it be a desktop, laptop, tablet or smartphone, will be secure and users have access to business critical files and applications. The IT team can then invest its time in adding value to the business, rather than constantly fighting against issues caused by legacy systems.

Embracing new technology

Once a law firm has embraced the Cloud, it is in a position to build on its competitive advantage. Productivity gains will be clear once a remote server is available, but applying emerging technology on top of this will further increase business efficiency.

An example of this is the AI technology which is revolutionising the way lawyers research into previous cases and legal precedents ahead of trials. Traditionally this saw lawyers spending hours pouring over text books and journals with very little steer as to where the information they need is located. New technology enables lawyers to simply type a question into an app and the required information will be available in a matter of seconds. Reducing the research process from days to hours or potentially even minutes is having a vast impact on legal firms which have already adopted this technology, enabling them to take on more cases and increase the scale of their growth plans. The competitive advantage which can be gained through technology will then become apparent.

The UK’s legal firms are at a pivotal fork in the road, down one path are mediocrity and a continued reliance on legacy IT and age-old processes, while the other path increases productivity and facilitates business growth. Clearly, the time has come to invest in technology and revolutionise the legal sector for the better. Those who fail to do so will be left behind by their competitors and quite simply won’t survive to tell the tale.

[1] Legal sector & IT challenges – is it time for strategic change? (2016)

Brexit and its affect on Intellectual Property

The Brexit outcome to the UK’s referendum on EU membership has no immediate effect on intellectual property in the UK – EU laws remain (pun not intended) in effect until such time as Article 50 notification is made by the UK and the consequent 2 year negotiation period ends (unless extended by agreement of the other 27 member states).

During the negotiation process, the UK will remain part of the EU. To ensure an orderly transfer to a post-Brexit regime, transitional provisions will likely be put in place to ensure no loss of IP rights once Brexit takes effect. It is clear however that preparation, portfolio reviews and establishing appropriate strategies in the coming months and during the run-up to Brexit will be key to a successful IP transition. The preliminary analysis below, written by Abida Chaudri, Solicitor at Arc IP, and Dr Julian M Potter, Partner & Stuart Forrest, Senior Associate, at WP Thompson Intellectual Property, sets out some of the issues at this early stage.

Trade Marks – No Immediate Changes

UK trade mark registrations, whether obtained via the national route or by means of the Madrid Protocol International Registration system, will not be affected by Brexit.

Post-Brexit and if the UK does not become a member of the EEA, European Union trade marks (EUTMs) will not cover the UK and national UK applications (or International Registrations designating the UK) will be necessary.

EUTMs in force as at the date of Brexit will inevitably be affected, again assuming the UK does not become a member of the EEA. Currently, EUTMs cover the 28 EU member states as a single unitary right. On Brexit, EUTMs will no longer cover the UK but will continue to subsist in the remaining 27 member states and be governed by EU law. Transitional provisions will very likely be enacted by the UK government allowing EUTMs to take effect as national rights in the UK. The mechanism by which this would occur has not yet been identified but could be one of the following:

  1. a) Conversion of EUTMs into national registrations

It is already possible to convert EUTMs into national applications in any of the EU member states but this arises by virtue of EU legislation. Converted applications retain the original filing and priority dates and seniority claims of the EUTMs from which they derive. Fees are payable both to the EU intellectual Property Office (EUIPO) and, for UK conversions, to the UK IP Office (UKIPO). EU legislation states that converted marks are not to be subject to any additional or different requirements of national law – which means that, in the UK certainly, converted EUTMs are treated in the same way as national applications and (re-)examined, published and open to opposition. On the plus side, registration in the UK then results in a new 5 year grace period to commence genuine use.

Conversion of EUTMs into national UK marks to address Brexit will require new UK legislation and need to consider, for example : whether a conversion fee will be payable to the UKIPO; if re-examination and opposition periods will occur; if the current requirement for all UK applications (including converted EUTMs) to declare that the mark is in use or there is a genuine intention to use in the UK should be maintained – especially for converted EUTMs over 5 years old that have not been used in the UK; whether use of converted EUTMs pre-conversion in any of the remaining EU countries will count as use in the UK especially where they are over 5 years old and so would otherwise be vulnerable to non-use revocation in the UK.

  1. b) Re-registration of EUTMs in the UK

This is distinct from conversion but will, again, require UK legislation. EUTMs could potentially be re-registered as UK registrations in the same straightforward way that UK registrations can be re-registered in Jersey. Or there could be a system similar to that adopted on the breakup of Yugoslavia – so for example, Serbian trade marks were automatically extended to Montenegro in May 2008 without re-registation or payment of additional fees up until their renewal dates but new trade mark laws in 2010 required re-registration within 12 months. A similar scenario for EUTMs in the UK post-Brexit is possible, perhaps with some method of easily denoting the re-registered marks.

The position of UK registrations which were used to claim seniority for EUTMs but were then allowed to lapse may be challenging.  Seniority claims based on UK registrations will lapse on Brexit but it is debatable whether the UK would enact legislation allowing those national registrations to be restored so as to prevent loss of rights once EUTMs no longer extend to the UK.

Brexit will also lead to the loss of the UK’s EU Trade Mark Courts and the UK will not then be able to grant (or be subject to) EU-wide injunctions. Whether EU-wide injunctions granted by UK-based EU Trade Mark Courts would remain enforceable post-Brexit is not clear.

Since the UK would no longer be bound by decisions of the EU’s General Court, UK trade mark law (albeit EU-based unless amended) could well diverge over time, especially given its common law roots.

Designs – No Immediate Changes

Registered Community Designs (RCDs) are unitary rights covering all 28 EU member states and, like EUTMs, will no longer cover the UK post-Brexit. As for EUTMs in force on Brexit, a conversion or re-registration system for the UK is anticipated. The UK has its own design registration system (and UKIPO fees have recently reduced) but there may perhaps be increased interest in the Hague International Design System which operates similarly to the Madrid International Trade Mark regime, providing national registrations in multiple countries through a centralised application process.

Unregistered Community Design Rights may not be protected in the UK post-Brexit since the UK has its own system for unregistered designs.

Patents – No Change to Current Arrangements

The mechanisms for obtaining patent protection in both the UK and Europe will not be affected by Brexit. It will still be possible to apply for patents via the national route and at the European Patent Organisation (EPO).

The EPO is not an EU institution, and the European Patent Convention (EPC) is a separate international agreement that sets up the European Patent Organisation and the EPO.

The member states of the EPO already include several countries that are not member states of the EU, such as Switzerland, Iceland, Norway and Turkey. It is for this reason that Brexit will not have any impact on the UK’s membership of the EPO, and the ability of applicants to obtain European patents via the EPO that are effective in the UK.

UK Patents and pending European patent applications

UK Patents will not be affected by Brexit, whether they have been obtained via the national route or from validation of a European patent granted by the EPO.

European patent applications that are pending at the EPO will continue to designate the UK. Once granted, the European patent can then be validated in the UK regardless of Brexit.

What about the Unitary Patent and the Unified Patent Court?

The patent landscape in Europe is due to change in the future with the introduction of European patents with unitary effect (“Unitary Patents”), which will present a further route by which applicants can obtain patent protection in Europe when (and indeed if) it is brought into effect. The predicted implementation date of the Unitary Patent was sometime in 2017, but that is likely to be delayed since the UK is currently one of the three states that needs to ratify the treaty.

Unitary effect of a European patent, which leads to a Unitary Patent, can be requested following grant of the European patent. A Unitary Patent will have effect in the participating member states of the EU, i.e. not necessarily all the member states of the EU (for example, Croatia, Poland and Spain are not participating at the time of writing). If the UK leaves the EU, then it may not be able to participate in the Unitary Patent, and the associated Unified Patent Court. Several proposals have, however, been discussed that would enable the UK to do so following Brexit.

If the UK does not participate in the Unitary Patent following Brexit, then a Unitary Patent will not extend to the UK. Protection in the UK will have to be obtained through the routes that currently exist, i.e. the national route or from validation of a European patent granted by the EPO.

The Unified Patent Court (UPC) is a proposed common patent court open for participation of all member states of the European Union. The UK has been allocated one of the divisions of the UPC central court and it is expected that this will be lost to an EU member state in light of Brexit. If the UK is not able to participate in the Unified Patent Court, then the Court will not have jurisdiction over European patents validated in the UK. However, only 13 member states of the EU need to ratify the Unified Patent Court agreement in order for it to come into force, so the Court might not have jurisdiction over more than half of the member states of the EU anyway – possibly not such a significant jurisdiction regardless of the UK’s participation or not.

It might be the case that businesses in the UK, or businesses who are contemplating setting up in the UK, think that it would be desirable for the UK not to be within the jurisdiction of the Unified Patent Court. For example, UK based business might derive benefit from the knowledge that they will not be at risk of being the subject of an injunction that has effect in all of the member states participating in the Unified Patent Court agreement, i.e. potentially a pan-EU injunction.

To reiterate, the Unified Patent Court will not have any jurisdiction over national patents. This remains the case, even for states that are participating in the Unitary Patent and the associated Unified Patent Court.

Patent term extensions – Supplementary Protection Certificates (SPCs)

A rather niche practice in Europe has developed around SPCs, which are available for various regulated, biologically active agents, namely human or veterinary medicaments and plant protection products.

SPCs are currently granted under an EU regulation, which will no longer apply after Brexit. Similarly, extensions of the term of SPCs (following paediatric studies) are also granted under an EU regulation. There will, therefore, need to be new legislation in the UK in order to create rights that are equivalent to SPCs.


There is no system for registration of copyright either on an EU-wide basis or nationally in the UK. Accordingly, UK laws will continue to apply, as will the UK’s membership of the Berne Convention, the Universal Copyright Convention and the WIPO Copyright treaty.

Geographical Indications and Designations of Origin

These are protected by an EU-wide regime – examples are Yorkshire Wensleydale cheese (geographical indication) and Stilton blue cheese (designation of origin). A national system of protection is anticipated post-Brexit, with the mechanism for achieving this to be established. There may also be a bilateral agreement with the EU for reciprocal protection.

Trade Secrets

The UK may not implement the EU Trade Secrets Directive of 5 July 2016 – EU member states have 2 years from this date to incorporate its terms into national law but if Brexit occurs before the 5 July 2018 deadline, then this will not be necessary. The UK may enact its own trade secrets legislation, perhaps based on the Directive, but since the UK has indicated that its law is already compliant with the Directive no change is likely.

Database Rights

These came into being in the UK on 1 January 1988 by virtue of EU legislation – The Copyright and Databases Regulations 1997. Post-Brexit, databases created in the UK would not be protected unless the UK were to become a member of the EEA.

.eu Domains

These can only be registered by businesses established in or individuals who are residents of EEA countries – so if the UK does not become an EEA member, UK-based businesses and UK residents will need to look at registering, and using, alternative domains.


Where “Europe” is the territory covered by agreements such as licences of IP rights or co-existence agreements, this may be stated in a number of ways – for example: Europe, or the EU, or the EU as constituted at the date of the agreement or as constituted from time to time. Terms within agreements may also reference “Europe” in various ways. Whether or not the UK is included in each of these definitions of Europe will be a matter for assessment on a case by case basis, with appropriate variations even if the intention was clearly to cover the UK.

Exhaustion of Rights

Currently, IP rights attaching to goods in circulation in the EEA (EU, Norway, Leichtenstein and Iceland) by or with the consent of the IP rights holder are “exhausted” and further free movement within the EEA cannot be prevented (subject to limited exceptions such as changes to the condition of the goods). If the UK does not become a member of the EEA post-Brexit, it could be that exhaustion of rights will apply to the UK only so that goods entering from the remaining EU countries would infringe UK rights.

What should businesses do to prepare for Brexit?

Whilst not directly related to Brexit but important for EUTMs and converted / re-registered UK trade marks pre and post-Brexit : For EUTMS filed before 22 June 2012, review and if appropriate file Declarations at the EUIPO before the 24th September 2016 deadline stating that the intention on filing was to seek protection for goods / services beyond those falling within the literal meaning of any class headings covered by the EUTM. The scope for filing such declarations is greater, and more complicated, than appears at first sight and whilst there are qualifications, declarations that are accepted by the EUIPO will essentially extend the goods / services beyond those originally registered.

Review your current IP portfolio, decide which EUTMs and RCDs you will wish to convert to or re-register as national UK rights and budget for conversion / re-registration and subsequent renewal costs.

Review your filing strategy for EUTMs going forward and consider filing UK trade mark and design applications alongside EUTMs and RCDs if the UK is a key market.

Do not surrender any UK trade mark registrations which form the basis of seniority claims for EUTMs and ensure that the former are maintained since they will have earlier filing dates than EUTMs which are converted / re-registered as UK trade marks on Brexit.

Where current EUTMs have not been used in the UK (but are used in other EU countries) and where it is commercially appropriate to do so, take steps to establish genuine use (for the purpose of creating a market) in the UK pre-Brexit; also bear this in mind for EUTM and UK trade mark applications going forward.

Review agreements relating to IP and establish if they apply to the EU as at the date the agreements came into force or to the EU as constituted from time to time; either way, it may be necessary to vary the agreements so they apply specifically to the UK, even if the intention was clearly to cover the UK. Post-Brexit, the UK should be referenced separately to the EU.

Be aware of your, and legal representatives’, rights of representation for EUTMs and RCDs. Currently, representatives (for EUTMs) must be based in the EEA, be legal practitioners qualified to act as representatives in one of the EEA countries and have a place of business within the EEA. If the UK is an EEA member post-Brexit, then all well and good but if not, it is highly likely that representatives will maintain their rights of representation at the EUIPO by other possible means.

Monitor developments on Brexit so that all necessary actions can be taken, and appropriate resources devoted, in a timely manner.

Remember that there are no immediate changes and there will be a 2 year period to transition IP before Brexit actually takes effect.  Forward planning however is key.

Authors: Abida Chaudri, Solicitor, Registered Trade Mark & Design Attorney (UK & EU) and Director, ARC IP; Dr Julian M Potter, Partner & Stuart Forrest, Senior Associate, WP Thompson Intellectual Property

Abida Chaudri is an experienced solicitor and registered UK and European trade mark & design attorney with a background in both private practice and industry. She has broad experience and handles all aspects of trade marks, designs and soft IP, contested, non-contentious, and advisory with particular emphasis on strategy. She is a widely published author of numerous articles on IP issues and chair of the International Trademark Associations Indigenous Rights Policy & Analysis Sub-Committee.

Dr Julian M Potter is a Chambers recognised tier one UK & European Patent Attorney and Intellectual Property litigator. His practice encompasses all physics based disciplines and he has wide experience of drafting and prosecuting patents for the UKIPO, the EPO and patent offices throughout the world. Julian also represents clients in contentious matters such as oppositions and appeals and in advisory work including infringement, validity opinions and freedom to operate opinions, due diligence investigations, IP strategy, and product clearances. He holds a Higher Courts Litigation Certificate entitling him to conduct IP litigation in the High Court and has been involved in both Patents Court and Intellectual Property Enterprise Court litigation covering a wide range of technologies.

Stuart Forrest is a UK and European Patent Attorney and a member of WP Thompsons Chemistry and Life Sciences team. His practice covers all aspects of chemistry and he has a particular interest in lifecycle management and obtaining supplementary protection certificates. He is a CIPA delegate to the UKIPOs Patent Practice Working Group.

This article was first published in Lawyer Monthly Magazine in July 2016 and is reproduced here with the kind permission of Parity Media Limited

The Importance of Innovation: Why Law Firms Need to Evolve

As technology has become embedded in our daily lives and society has become more fast paced, our expectations on service and responsiveness have changed dramatically. In a world where customers now expect businesses to respond to their emails in just one hour[1], it’s essential that companies are evolving their offer to stay relevant, gain competitive advantage and survive in the ever-changing marketplace.

For businesses to stay in touch with with customers and clients, they should be innovative and always be on the search for ways to revolutionise. However, not all industries have the same experience with change, and innovation may not come quite as naturally to some as it does to others: unfortunately, the legal sector is one of those industries.

For a long time, legal firms have had a set way of working. Believe it or not, there are still many practices with mainly paper-based filing systems. Working to the adage, ‘if it ain’t broke, don’t fix it’, many in our sector have remained profitable and successful without a focus on change or innovation.

The winds of change

But the pace of technological change in our society has never been so dramatic. At the same time, seismic regulatory shifts in the legal sector are also forcing decades of the ‘business as usual’ approach to be torn up. Now, we have reached a point where it’s critical, if not acutely necessary, that our industry sits up and takes notice.

As changes such as the Jackson reforms make the reliance on claims marketing firms to deliver new leads much more difficult and fixed fees cause firms to balance efficiencies and quality of service, the legal sector is being forced to adopt a more business-minded mentality. In line with this movement, leading lawyers are looking to digital technology as a means to improve processes and practices, be more commercially focused and give clients the customer experience that is expected from an established service based industry.

The case for improved case management

In the main, the legal sector has continued to cling on to increasingly out-dated systems to conduct key day-to-day activities. However, by improving working methods in these areas, and especially those that account for the lion’s share of a lawyer’s time, firms will see a major difference in their efficiencies and capacity. Case management is one prime example.

Historically, a lot of time was absorbed by lawyers manually searching through endless piles of paperwork or waiting for members of staff to come back into the office to get an update on a case. And while computerised case management systems have taken the place of these antiquated practices, many of the programs currently adopted by firms still aren’t fit for purpose or reflective of today’s needs.

With these ‘off-the-peg’ solutions, instead of rifling through paperwork, lawyers now trawl through complicated menus to find documents or follow complex workflow processes to action even simple tasks. Ultimately, by implementing programs that aren’t bespoke to their needs, many firms are becoming slaves to the technology designed to set them free.

But when you think about the slick and intuitive technology we use in our everyday lives, it doesn’t have to be that way. The solutions our industry wants and needs are already out there, it’s just that at present, they aren’t available in a tailored format for our businesses.

Day-in day-out most of us use voice recognition and touch screen technology, whether its asking “Siri” to search Google, put a reminder in our calendar or bring up a map with directions to a chosen destination. Therefore, it’s easy to see how this technology can be applied to legal practice case management allowing lawyers to ask their computer to bring up the case they want, swipe between documents quickly on the screen, or even dictate an email using voice recognition software.

Intuitive systems have the power to reduce the time spent on case management, freeing up capacity to do core legal work and provide the best quality service to clients. In fact, so clear are the benefits to the legal sector that, in the absence of widely available tailored options, more progressive firms are taking the need into their own hands.

By creating their own bespoke systems that are more aligned with the new-model legal practice, these firms are using technology to improve efficiency while providing the exact service their clients need. As well as enabling these businesses to get what they need now, this bespoke route opens the door to future innovation and adaptations so firms can easily incorporate new ideas or changes that occur further down the line.

A more (artificial) intelligent approach

Another emerging technology making inroads into the legal sector is Artificial Intelligence (AI). Having cut its teeth in medical diagnosis and financial services, AI is becoming a more recognised way to reduce human input in favour of greater efficiency and improved accuracy in business analytics and decision making.

Looking outside of our sector, Santander and HSBC for example, recently announced plans to use voice recognition technology in their banking services to improve security. Similarly, wealth management firm Charles Schwab has developed an algorithm that decides where best to invest money according to market changes. AI applications are also being utilised in healthcare systems in both the USA and the UK to assist clinicians with Cancer diagnosis and the predictive analysis of degenerative conditions such as Alzheimers.

Drawing from these learnings and innovative applications, forwarding thinking law firms are now exploring how AI can be used in the legal profession, in particular, looking at its role in reducing time consuming data analysis.

Although still in its infancy, AI could be extremely valuable in assisting lawyers to review large volumes of current and past case work much faster than any human could do alone. By drawing on the vast reserves of legal data available inside law firms and in external databases to find specific precedents or existing case law, such programs could slash research timescales and help lawyers to make quicker, more accurate decisions in the daily course of their work. By removing these laborious elements, lawyers could then instead focus their time on tasks like core legal analysis.

In fact, this approach is being pioneered by a number of US law firms through technology such as ROSS, ‘the world’s first artificially intelligent lawyer’. Developed by IBM and powered by its WATSON AI platform, ROSS enables lawyers to ask questions and be signposted to citations and topical articles from a variety of sources. Going beyond a simple knowledge database, technology such as ROSS uses machine learning to understand legal language, search and collate all available information on cases and provide increasingly sophisticated hypotheses for possible courses of action.

As this technology is still in the early stages of development, only a limited number of UK firms have begun to exploit the vast potential of these AI solutions. However, over the next 12-36 months, it is likely that AI will make waves in the UK legal industry, automating time consuming data analysis and making intelligent legal decisions to assist lawyers.

Used and positioned correctly, this technology will be extremely disruptive to the legal market and for the early adopters who are wise and bold enough to recognise the benefits – plus, have the appropriate company culture to integrate it – AI could be a substantial accelerator for growth.

Focusing on service

New technology such as AI and bespoke case management software have the ability to reduce or remove many needlessly time consuming tasks; time that can be better spent on servicing and supporting clients. But as well as freeing up hours, technology is also an enabler in improving this customer experience and communication between lawyer and client.

The legal process can be overwhelming for clients, so anything that alleviates this stress and improves communication will increase client satisfaction as well as be a key differentiator.

Although many law firms ‘went digital’ years ago, currently very few legal services are actually available online or merely comprise external links to communication services such as Skype or online forms. Similarly, a limited number of legal firms offer end-to-end fully integrated online services. As a result, the legal sector is severely lagging behind industries like insurance and financial services where such online offers are commonplace.

While digital services are sparse within the legal sector, some pioneering firms are already making headway. Specialist workflow systems and processes, such as mobile interface platforms, are being created by these businesses, enabling clients to submit details and receive information about their case from anywhere and on any device. As well as allowing clients to have greater contact with the team handling their case, ensuring they are always informed at all stages, these platforms also make it easier for lawyers to obtain important information about the case. By simplifying processes, such systems improve the client experience but also have a commercial benefit as lawyers can start working on claims within minutes of information being received.

Keeping up with the pace

When it comes to innovation, law firms have, for many years, rested on their laurels. However, in a fast-paced society and with ever-more resourceful, knowledgeable and discerning clients, the sector must evolve to ensure the legal expertise that has been the preserve of our sector remains valuable and relevant, and critically, commercially viable.

As businesses in all sectors evolve to become more service-led, legal firms must too find ways to differentiate their offer and appeal to customers. Undoubtedly, innovation will be key in creating this stand out, building an operational infrastructure and providing a service that’s reflective and befitting of the 21st century.

For more information, please visit

[1] Toister Performance Solutions, 2015


Valuing a Component Technology of an Integrated Manufacturing Process

Valuing a technology that is part of a bundle of integrated technologies used in a manufacturing process presents additional challenges beyond those encountered when appraising a stand-alone technology. This additional complexity requires significant experience and judgment to properly apply current valuation best practices and conclude an appropriate and supportable value.


The valuation of developing and recently-developed technology can be challenging even when it is the only technology underlying a manufacturing process. Appraising a single component technology used in an integrated process that combines multiple technologies is even more complex. This incremental complexity arises because the benefits are derived from the total technology “bundle” and are realized from the inter-relatedness of the various pieces. In other words, the whole technology bundle provides more utility, and is therefore more valuable, than the sum of the individual component technologies.

To place this issue in context, technology often has a direct, measurable benefit, such as cost savings. These savings can be in the form of requiring less raw material or allowing cheaper inputs. The cost savings can also manifest itself by automating or otherwise reducing the “human capital” required. The technology can also reduce fixed capital costs, for example, by reducing or eliminating certain undesirable byproducts like wastes that require treatment to comply with environmental, safety, or other regulatory constraints. In these circumstances, the value of the future benefits over the economic life of the technology can be quantified and reduced to present value by discounting the benefits using an appropriate rate of return.

In other instances, the technology may yield benefits in a product, rather than the process used to manufacture the product. For example, in the realm of sporting goods, there have been technology cycles in golf and tennis where the equipment has incorporated new, advanced technology that resulted in lighter weight, better accuracy, or greater power. This gave rise to the perception that the average player could improve virtually overnight with this equipment. The economic benefits of

such technology can be quantified based on unit price premiums or incremental market share.

The Excess Earnings Method

In circumstances where such direct economic benefits are not present, or cannot be readily quantified, one must resort to alternative means of valuing the technology. One such technique is the so-called “excess earnings” method, where the income stream associated with the technology is allocated to account for the contribution of all other assets that support the income stream. These contributory assets are often primarily working capital, machinery and equipment, and real property, but can include intangible assets such as trademarks or copyrights. Any earnings in excess of the fair rate of return on all contributory assets are deemed to be due to the technology. This method presents three fundamental issues:

  • Identifying all categories of contributory assets, which, in the case of new technology, typically comprise working capital and tangible assets. Overlooking the economic “rent” on such assets would otherwise overstate the benefit from, and the value of, the technology;
  • Estimating the values and appropriate rates of return for each contributory asset that are commensurate with the asset’s risk. Incorrectly estimating the portion of the total benefits allocable to the contributory assets results in a corresponding miss-measurement of the portion allocable to the subject technology; and
  • Estimating an appropriate rate of return for the subject technology, as that rate is used to discount any excess earnings to present value after accounting for the contributory assets.

Risk Assessment

The second issue can be particularly problematic, as the required risk assessment analysis poses its own set of challenges. For example, the risk analysis for property, plant and equipment entails an evaluation of possible alternative uses. The more alternative uses and the more active the secondary, or resale market, the lower the risk of the assets. Highly-specialized property with limited alternative use, or that cannot easily be sold, is inherently risky because if the technology fails, the entire investment in that asset may be lost. General use property can more easily be re-purposed.

Once these first two issues are resolved and the appraiser has estimated the portion  of the aggregate earnings stream that represents a fair return on each contributory asset, the third issue presents its own challenges. Some of the questions that must be answered include:

  • What alternative technologies are available, if any?
  • What are the strengths and weaknesses of the alternatives compared to the subject technology? This analysis should consider such factors as initial fixed capital cost, physical footprint of the plant; environmental “ footprint”; conversion efficiency/yields; energy efficiency; flexibility in terms of use of alternative raw materials; permitting and regulatory requirements; and ramp-up and deployment time.
  • What is the regulatory environment, currently and prospectively? Environmental concerns must be considered for virtually any type of process technology.
  • In what stage of development is the subject technology? Has it been patented and, if so, how extensive are the patent claims?
  • Has the technology been tested on a bench-top or pilot plant basis? All else equal, the closer the technology is to commercial scale deployment, the lower its risk profile.

When the subject technology is not the only technology employed in the manufacturing process, another step is required. Having allocated the earnings between contributory assets and the total technology bundle, the appraiser must now allocate the excess earnings between the subject technology and any other process technology used in the manufacturing process.

Royalty Rates

In certain situations, this issue can be circumvented. In some circumstances, the output could be sold on the open market, rather than serving its intended purpose as the raw material input for other “downstream” processes. If this notional approach is relevant, then a hybrid market-income method such as the “relief-from-royalty” method may be feasible. Unit prices for the products of the manufacturing process are projected based on market data, and a notional revenue stream is developed. This revenue is then converted into a value estimate using market based royalty rates observed in arm’s-length licensing transactions for comparable or “guideline” technologies. Value is based on these royalty payments that are avoided by owning the asset or technology. The concept is similar to valuing a house by determining the rent that is avoided by owning the house.

The royalty rates indicated by such arm’s-length licensing transactions must be evaluated based on a comparison of the associated technologies and the subject technology. Terms of the licensing agreements are analyzed, such as exclusivity of use, the scope of the geographic markets, the duration of the agreement, and whether an up-front payment is required in addition to the ongoing, or “running”, royalties. All else equal, exclusive rights, wide geographic scope, longer term, and no up-front payment generally correspond with higher running royalties.

The running royalty payments are typically structured as a percentage of top line revenue, either gross or net sales. However, it is not uncommon for such royalties to be applied to a different base such as gross profit, operating profit, or pretax profit. Royalty payments based on profit mitigate risk to the licensee, as royalties are only payable if profits are actually realized.

Royalty rates typically are lower when based on top-line revenue, and progressively higher based on the extent to which the licensee’s costs are captured in a measure of profit. That is, royalties are typically stated as a lower percentage of revenue and a higher percentage of gross profit, and an even higher percentage of pretax profit.

Once an appropriate royalty rate and base are established, the notional royalty payments are then computed using projections for the relevant royalty base (revenue or profit). These projected notional royalties must   then   be   discounted   to   their   present   value

equivalents using a discount rate commensurate with the risk of these payments. For unproven technologies, discount rates are usually much higher than for proven technologies with demonstrated commercial success.

If such a hybrid market-income approach is not practical, an alternate method of allocating the total “excess” earnings between the subject technology and other technologies in the manufacturing process must be identified. The appropriate method depends on the facts and circumstances of the particular technology and situation. One possible option is to use the relative fixed capital costs associated with each technology as a proxy for the relative contribution of each technology to the total “excess” earnings.

Using a reasonable basis for this allocation, the appraiser must then allocate the projected excess earnings between the subject and other technologies. Once this analysis is complete, the excess earnings allocated to the subject technology must then be discounted to their present value equivalents using an appropriate discount rate based on market participant assumptions.

Discounting to Present Value

One useful frame of reference for gauging appropriate discount rates is the venture capital market. Venture capital investments have a higher  level of risk for an investor than most other forms of investment. Venture capital investments are typically early-stage or developmental companies, and are privately owned with little or no collateral security or liquidity. To compensate for this higher risk, venture capitalists seek to achieve a higher rate of return than what is offered by more traditional and secure types of investments. This higher level of risk is similar to that of unproven technology. On an investment-by-investment basis, venture capitalists target high rates of return, with an expectation that certain investments will be unsuccessful and may result in a loss of some or all of the original investment amounts. Only by targeting high individual  rates of return can venture capitalists achieve an acceptable risk-adjusted return on an overall portfolio of investments.

The rates of return targeted by venture capitalists often range from 30 percent to 70 percent. The lower end is applicable to entities that generate revenue and are profitable. The higher end corresponds to start-ups, where market penetration potential is unclear and business plans lack refinement.


Given the complexities discussed herein, one gains an appreciation for the crucial role of judgment and experience. There is often a lack of explicit market data for such key inputs as contributory asset rates of return and technology rates of return. Isolating the excess earnings from the subject technology is particularly challenging. As has been aptly stated, “Valuation is an art, not a science.” This is particularly true when appraising technology that is one part of a bundle, requiring judgment at virtually every step of the analysis.

Appraisal Economics has over 25 years of experience appraising various technologies and the assets of technology firms. We have a seasoned staff of independent valuation experts, including engineers who have significant experience with technology and understand the unique valuation complexities.

If you are looking for an appraisal firm that has a deep understanding of your industry and need a valuation for accounting, tax, transaction, or litigation purposes, please give us a call at +1 201 265 3333.

Disclaimer: this article has content that is general and informational in nature. This document is not intended to be accounting, tax, legal, or investment advice. Data from third parties is believed to be reliable, but no assurance is made as to the accuracy or completeness.


Can the law adapt to driverless cars?

With technology advancing at an unrelenting rate, vehicles that were once confined to the sci-fi world are fast becoming a reality. Questions may then be asked as to whether the current legislation that governs this country adequately deals with the potential legal nuances that will inevitably develop once driverless cars are on the road.

Over recent years, we have seen the introduction of vehicles, such as the segway and hoverboard, that have provided an initial period of doubt as to their legality. This is followed by the utilisation of provisions from aged legislation, which were clearly produced with no consideration of these vehicles.

In the case of segways, this was the Highways Act 1835 that prevents the use of footpaths to “lead or drive any horse, ass, sheep, mule, swine, or cattle or carriage of any description”. I very much doubt that Parliament in 1835 was particularly mindful of segways and hoverboards, and yet we now interpret “carriage of any description” to include these modern vehicles.

As we move towards a future where the possibility of autonomous vehicles is becoming a reality, there are already cars on the road that can park themselves and react to the presence of cars or pedestrians around them. Many manufacturers are pushing this to the next step and images are conjured of a world akin to those seen in films like ‘I, Robot’ and ‘Minority Report’.

Defining what driving means

There are multiple Acts of Parliament governing drivers and how they can behave on the roads. Autonomous vehicles raise questions as to whether an occupant of such a vehicle would be considered a driver or a passenger.

Driving, in a legal context, is not easily classified and is usually subjectively considered. The primary test is whether a motorist is “in a substantial sense, controlling the movement and direction of the vehicle”. However, this test is not exhaustive as we must then consider whether the activity in question could fall within the ordinary meaning of the word ‘driving’ in the English language.

Given the subjective interpretations, it is not impossible to conceive that a person could be ‘driving’ simply by setting the navigation system and making the vehicle go because, in essence, you are controlling the movement and direction as required by law.

It would also be necessary to consider whether the ‘driver’ retains any secondary control over the vehicle. Arguably, if there is ever the possibility that a person can take over the controls should they need to, maybe switch it from automatic to manual mode, they would likely be considered at very least ‘in charge’ of the vehicle at any given time.

Can a driverless user be convicted?

If a person was to be considered ‘in charge’ then this could affect criminality in a number of ways. It would mean that a person may not be guilty of a driving offence unless it was one where, by its very nature, being in charge could make them culpable. An example of this would be alcohol and drug-related motoring offences. It is an offence to be drunk or under the influence of drugs in charge of a vehicle, so a person in an autonomous vehicle could still be guilty of this offence, despite the fact that they are not driving.

Practitioners in this area, such as myself, will often argue statutory defence to this particular allegation. This is where a person should not be convicted of an offence if the court accepts that they would not have driven the vehicle until such a time as they were no longer over the limit. This approach is often currently utilised in arguments for motorists who are sleeping in their car whilst intoxicated. The scope of this defence could arguably cover autonomous vehicles, but may be heavily influenced by political and social pressures.

For many, the attraction of an autonomous vehicle would be the possibility of a chauffeur-like service. People could go out with friends, have a drink and get home without the need for expensive taxis or public transport. The allure would disappear, however, if legislation was to be considered in a way that still perceives an occupant of an autonomous vehicle to be a driver or even ‘in charge’ of it. For many, technological advancements can only ever be a good thing but the reaction from a legal perspective, in considering the above examples, seems somewhat draconian.

In other motoring offences, such as speeding, careless driving and dangerous driving, it is pivotal to the offence that the individual is actually driving. If the person was not considered to be actively driving, then there would be arguments to say that they would not be guilty of the offence. This is of course assuming that they have not pre-set the vehicle to drive in a manner capable of amounting to such an offence. This again opens up an avenue to explore legally. If a motorist sets their vehicle to drive in excess of the speed limit, can they be said to be speeding?

Can the law cater for the future?

One suggestion would be to bring allegations for ‘causing’ or ‘aiding and abetting’, which is a substantive offence. This is only one way that could possibly be used to deal with that point, and it would undoubtedly take an already technical area of law to new extremes and overly burden the prosecution to prove positive acts by the individuals.

Another inevitable question may then emerge as to whether a person should remain in such a position to be able to take over and control an autonomous vehicle should it malfunction in any way. An example of a present legal position synonymous to this is where a driving instructor is on a lesson with a student. While it is common knowledge that it would be a criminal offence for the student to be using a mobile phone while driving, it is also an offence if the instructor, during the lesson were to use their mobile phone. This is because it the instructor is expected to pay sufficient attention while instructing and take over if necessary.

If we were then to propose that a malfunction should occur and cause a collision, there would then be questions as to where any fingers of blame should point. Arguably, if it is a technical malfunction, the manufacturer of the vehicle or indeed the relevant software engineer could be culpable. From a civil perspective, this could create duties of care and new insurable risks to such parties.

I, for one, look forward to the development of autonomous vehicles and I am as interested to see how the government propose that they should be regulated. However, it is my hope that a proactive approach is taken to developing legislation as the reactive approach evidenced in recent years could stifle the advancement of these vehicles, having negative impacts on the UK’s development when compared to other major countries.

Robotics Process Automation and Outsourcing


The use of robotics in existing IT delivery models is fast becoming a whole new sector within the IT services industry. Known as Robotic Process Automation or RPA, this new technology is being seen as the next wave of innovation and improvement across many existing IT service areas.

This has come to recent prominence in relation to application development, off shoring, outsourcing and systems integration whereby robotic processes (or digital workers) are being used to replace human involvement and full time equivalents or FTEs (the unit of measurement commonly used to calculate cost for the use of individuals in providing services).

The effect of this is that robotic processes are being seen as a new way within which cost can be driven out of some of these IT service delivery models. It makes sense that, given the removal of FTEs, costs should decrease and delivery change to be ‘product’ based rather than service based.

Indeed, in a study in 2013, McKinsey & Company estimated that if the use of robotic processes grows at the rate expected , then by 2025, as many as 110 to 140 million FTEs will be replaced by automated tools and software.[1]

This has obvious advantages for suppliers and customers alike – but the impact for the offshoring industry, where its growth has been underpinned by the wage arbitrage effect, could be vast. No longer cheaper, it will have to adapt.

This article will look at the impact that robotic processes will have on contracting models in outsourcing projects in the future.

What types of services will be affected and how?

Services which are most likely to reap the benefits that RPA promises to deliver are those that are based upon repetitive, rules-based processes which are high-frequency in nature.

There are many examples of these across a wide variety of industry sectors but most commentators believe that the banking and insurance industries, healthcare and logistics will be the areas where uptake is likely to be at its greatest.

Specific examples within the banking sector would include:

  • Account analysis;
  • Payment processing;
  • Credit checking;
  • New product marketing campaigns; and
  • Client detail updates.

For insurance, examples would include:

  • Payment protections claims;
  • Automation of administration;
  • Reinsurance processes; and
  • Data collection, cleansing and analysis.

For healthcare, one could look at:

  • Patient database changes;
  • Appointment changes;
  • Drug administration; and
  • Facilities management administration.

Every customer that adopts RPA as a new technology would look to obtain certain benefits from doing so. Cost savings would certainly be one – if not the most important – of the considerations but there are others.

As RPA integrates with existing legacy systems, one additional advantage would be the ability to obtain ‘better’ data and feed it into related applications. This would mean that the likelihood of data errors being compounded by human error would be reduced, allowing the enterprise to make better decisions.

Technology in this area is advancing rapidly and the use of cognitive computers and augmented systems (more commonly, and incorrectly in the author’s view, termed Artificial Intelligence or “AI”) allows for unstructured data to be collected and analysed far faster than humans are capable of. This is adding to the list of advantages that RPA is presenting organisations because they now have access to data within a time frame and in a form that is far more useful than previously imagined.

It is not all bad news for the FTE, however, as increased productivity; higher levels of customer satisfaction and removing repetitive tasks from the human workforce should increase levels of worker satisfaction as well as release them to perform higher value tasks.

What will be the impact on commercial contracts in the IT services industry and beyond?


As RPA is providing a different solution to end user customers and is delivered differently by suppliers, existing contract models may have to be adapted to provide for this change.

If we take the example of an insurance application and premium administration service, which is currently outsourced by a customer to an offshore based company, this service is normally provided by the supplier subject to the terms of a service agreement and priced, mainly, with reference to FTEs.

The software and support that sits behind the process is usually invisible to the customer but the scope of the services, the level of services and the cost of the same is transparent and is managed via the terms of the agreement between the parties. Therefore, any required interaction between applications will form part of the services scope and will be performed by FTEs and priced accordingly.

An RPA solution which adapts how a supplier provides its services to its customer  may not necessarily be required to be spelt out via a contract change because the customer still sees the same service being provided to it.

However, if there are specific reasons why a customer would need to understand how the service is provided, for example because of regulatory compliance reasons or because the customer has a risk/reward agreement with the supplier for any cost savings, then the nature of the RPA may need to be fully described and added as a variation to the existing agreement.

The implications, therefore, of systems automatically making decisions in regulated areas without human involvement may be quite serious and this may result in some of these RPA solutions attracting the interest of relevant regulators if, for example, these systems are providing financial advice to end users.

Intellectual Property:

There may be intellectual property (“IP”) considerations to be taken into account when looking at the nature of the delivery model. Suppliers tend to contract on the basis that they will own their own IP that is used to provide the services and any other IP is either licensed from a third party or provided by the customer. The ownership of any IP developed during the course of the agreement is usually the subject of debate between the parties but more often than not, if it is bespoke development for the customer, then the customer will own the IP in such development.

Such IP is usually created by the FTEs and assigned to the customer via an agreement – but what happens with any IP or database created by the robotic process software/hardware itself?

Most likely, such generated work will take the form of a software program and would therefore be copyrightable under English law and made subject to the terms of the Copyright, Designs and Patents Act 1988 (the “CDPA”).

The CDPA already makes provision for works created by machines and defines ‘computer generated’ works as works generated by a computer in circumstances such that there is no human author of the work.[2] It is not sufficient for a work to be carried out via a computer – that would not satisfy this definition – but rather the computer itself must create the work according to a programme without a human having been involved in the creation.

Regarding ownership of copyright, the normal rule is that the author who creates the work is the owner.[3]

Where a work is seen as being computer generated, the author is the person by whom the arrangements necessary for the creation of the work are undertaken.[4]

In Nova Productions v Mazooma Games[5], the question was who owned the individual frames that were shown on the screen when playing a computer game. Was it the player or someone else? The Court held that the player of the game was not the author of the copyrightable work because they had not contributed any artistic skill or labour. Rather, the author was the person who had devised the rules and the logic used to create the frames.

It should be noted, however, that between computer assisted creations (where the author uses a computer to assist the creation of the work, for example using a word processor application to write a book) and computer generated works (discussed above) there is a third category termed ‘intermediate works’ that may be applicable where a person becomes the author as a result of that person’s skill and effort using a computer.

For RPA generated works, it would seem that the Section 9(3) CDPA position, as more fully explained in the Nova Productions case, would appear to be the most likely position from which to start when determining who the author is – namely the author of the RPA algorithm software itself. However, as robotic software and hardware becomes more ‘cognitive’ and learns and adapts from data inputs, the works created may have no relationship to the original author’s software and so other factors may well come into play.

Contract Formation:

Robotic processes that feed into information loops – for example whereby the RPA will gather data from one application and apply its ‘learning’ to update inventory procurement from suppliers to an enterprise – create additional contractual issues to be dealt with.

Can a software program bind one company into an effective contractual relationship with another for the purchase of goods and/or services?

It is universally accepted that a robotic system does not have a legal personality and therefore is a ‘mere tool’ the legal responsibility for which lies with its human/corporate controller.[6] Further, in relation to products, it is the producer of the product who bears liability for it pursuant to the terms of the Product Liability Directive 85/374/EEC of July 1985.

However, this is a debate that may well change as RPA and the Internet of Things develop and cognitive computing becomes the norm. With machines talking to machines and learning from each other and the experiences shared across networks, the likelihood is that the contracting framework will need to be developed to take into account commercial dealings that take place without human involvement.

Inasmuch as the current law states that the ‘owner’ of computer programs (and in all likelihood the licensee who uses such programs in an automated procurement system) will be bound by the agreements that such systems enter into, it is when the machines themselves start to decide who to contract with rather than with pre-programmed suppliers, that such issues of robotic legal personalities will become more important.

Representations and Warranties:

When dealing with representations and warranties from customers and suppliers alike, do they take into account the activities of an RPA? Do suppliers really want to warrant that an RPA will use skill and care when performing the services – or is this merely a functionality issue that can be dealt with by warranting that software and RPA software in particular, will meet its level of functional specification and that is it?

Similarly, is a supplier happy to enter into agreements on the basis that the output of the RPA will meet a customer’s specific business purpose? If the process is sold as ‘being automatic, without the need for human intervention and thus it will increase productivity by 25%’ – is this something that customers will expect to see reflected in their bottom line price, or will suppliers point to the functionality point again and say that the software ‘just does this’ and no further warranties will be made?

The approach to be taken by suppliers is particularly interesting because while they may be trumpeting the advantages of new systems and processes, what will they actually take responsibility to provide?  Making fraudulent representations under English law relieves the supplier of the benefit of certain contractual exclusions that suppliers like to maintain and so salespeople will have to be careful when making exaggerated claims about benefits knowing that such benefits are not going to, or are very unlikely to, happen.

Summary and conclusion

The above represents an overview of the major contractual issues that RPA is creating at the present time and it does not purport to be a non-exhaustive list.

Certainly, RPA will have a large impact upon those areas of IT services performed by humans who are engaged in low-value, repetitive, high-frequency tasks and businesses that have grown up based upon such activities being performed by low paid workers may well see these being replacement by softbots or digital workers.

It is certainly not outside the realms of possibility to expect customers of this technology to be asking for contracts to be priced according to their own increases in profitability or revenue as a result of being sold ‘intelligent and cognitive’ systems that learn on the job and replace FTEs.

Price is but one element of the equation, however, and so increased efficiency, fewer (if any) mistakes, 24/7 availability, speed, data analysis and being part of an end-to-end IT system will undoubtedly also appeal to customers.

The above represents some of the intriguing questions which will have to be answered as the technology becomes more widespread and used within outsourcing and IT services, and contracting models will have to adapt in order to take these issues into account.

[1] McKinsey Global Institute. “Disruptive technologies: Advances that will transform life, business and the global economy.” May 2013. Print July 2014.

[2] Section 178 CDPA

[3] Section 9(1) CDPA

[4] Section 9(3) CDPA

[5] Nova Productions Ltd v Mazooma Games Ltd [2006] EWHC 24 (Ch)

[6] ‘Regulating Emerging Robotic Technologies in Europe: Robotics facing law and ethics’, Robolaw