Skip to main content
SpringerLink
Log in

Google, APIs and the Law. Use, Reuse and Lock-In

  • Chapter
  • First Online:
Google and the Law

Part of the book series: Information Technology and Law Series ((ITLS,volume 22))

Abstract

Google’s business exists primarily of cloud services. Access to a cloud service is governed both by the functionality of the technical interface presented by the provider (the API—or application programming interface), and the terms of service which surround access. This chapter considers how cloud service providers such as Google implement terms and conditions for access to their cloud services, and the threats posed by closed APIs (computer—“West Coast”—code), and what legal regulation may exist to counter those threats.

The author would like to acknowledge the assistance of Rashi Nagpal (research) and Kate Bray (editorial support).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Both “code”, in Lawrence Lessig’s terminology, see Lessig 2006.

  2. 2.

    If an official API does not exist, programmers will occasionally resort to programmatically emulating a user in order to use the user interface as an API. Spammers frequently use this technique to post on bulletin boards, hence the increasing use of CAPTCHAs in an attempt to foil them.

  3. 3.

    Sometimes, an interface straddles the two definitions. For example, the Simple Mail Transport Protocol does involve a “conversation” between the sender and recipient of email using English words like “send”. The recipient is always a program. The sender is almost always a program as well, but may occasionally be a die-hard human hacker. Similarly, SQL queries are constructed in an English-based language, but are frequently generated programmatically behind the scenes.

  4. 4.

    http://code.google.com/apis/maps/terms.html (last accessed 24 August 2011).

  5. 5.

    Clause 9.1 of the terms.

  6. 6.

    Taken from the BBC API licence, available at http://backstage.bbc.co.uk/archives/2005/05/api_licence.html (last accessed 1 September 2011).

  7. 7.

    A bare licence, therefore, cannot impose any restrictions on the user.

  8. 8.

    See http://crossborder.practicallaw.com/2-200-2685?source=relatedcontent#sect1pos1res1 (paywall) (last accessed 1 September 2011).

  9. 9.

    It is disturbing that lawyers are effectively capable of creating law where there was previously none, by allowing these behavioural norms to develop. This appears to be more prevalent in the sphere of intellectual property than anywhere else, and Cory Doctorow has written eloquently on his concern at being asked permission by people who want to make use of his works within the permissions clearly granted by a Creative Commons Licence, even if they are just doing it to “be polite”. Available at http://craphound.com/?p=3063 (last accessed 1 September 2011) (although there’s no harm in saying “I made use of your work—thanks for making it available”).

  10. 10.

    Transformation (or adaptation) is another primary right granted to copyright holders, but is not relevant to this discussion.

  11. 11.

    It would be possible to design an API which only functions when a token is passed. The token itself may be a literary work which is designed to attract copyright protection.

  12. 12.

    Directive 2009/24/EC on the legal protection of computer programs (OJ L 111, 5 May 2009). See, also, recital 11 which excludes protection of interfaces from this directive (although not necessarily from copyright generally): “For the avoidance of doubt, it has to be made clear that only the expression of a computer program is protected and that ideas and principles which underlie any element of a program, including those which underlie its interfaces, are not protected by copyright under this Directive”;.

  13. 13.

    “The exclusion of functional features from copyright protection grows out of the tension between copyright and patent laws. Functional features are generally within the domain of the patent laws…. [A]n item may be entirely original, but if the novel elements are functional, the item cannot be copyrighted: although it might be eligible for patent protection….”. “Incredible Technologies, Inc. v. Virtual Technologies, Inc,” 400 F.3d 1007, 1012 (7th Cir. 2005) (citing “Pivot Point Intl., Inc. v. Charlene Prods., Inc.”, 372F.3d 913, 980 (7th Cir. 2004)) (emphasis omitted).

  14. 14.

    Nintendo Company Ltd & Anor v Playables Ltd & Anor” [2010] EWHC 1932 (Ch) (28 July 2010), available at http://www.bailii.org/ew/cases/EWHC/Ch/2010/1932.html (last accessed 24 August 2011).

  15. 15.

    Gilham v R”, [2009] EWCA Crim 2293 (09 November 2009) http://www.bailii.org/ew/cases/EWCA/Crim/2009/2293.html (last accessed 24 August 2011).

  16. 16.

    Under UK Law, the Computer Misuse Act 1990 creates only criminal offences. Therefore, it is not clear that someone would immediately have a civil claim for unlawful access to their computer system in the UK. However, it may be possible to construct an argument in trespass to goods, by analogy with the similar US tort of trespass to chattels, referred to in Register.com v. Verio, Inc (see below).

  17. 17.

    A difficulty in raising a claim of unauthorised access in modchip cases is that the console is likely to be owned by the person seeking access, meaning that the access would not be unauthorised.

  18. 18.

    In the United Kingdom. Other jurisdictions have similar legislation.

  19. 19.

    See http://code.google.com/apis/maps/terms.html, retrieved 24 August 2011.

  20. 20.

    356 F.3d 393 (2d Cir. 2004).

  21. 21.

    Presented, incidentally, by William Patry, now counsel at Google.

  22. 22.

    Restatement (Second) of Torts § 217(b) (1965), cited in the judgment with approval.

  23. 23.

    ibid § 218(b).

  24. 24.

    Judge Parker drafted the initial opinion of the court, but died before his opinion could be presented. The remainder of the panel disagreed with certain aspects of the opinion, but recognised its value nonetheless, and it is (unusually) appended to the judgment for reference.

  25. 25.

    Footnote 54 to Judge Parker’s opinion gives a useful summary of other cases on the point of extension of trespass to chattels to cover access to computer systems.

  26. 26.

    At the time of writing, Oracle has initiated a claim against Google against Google’s alleged mis-appropriation of certain Java code, in particular its APIs. Unfortunately, the case has not yet produced any relevant case law, However, arguments of the parties are of interest, and Oracle, in particular, seems to be asserting that Google’s own assertion of rights in relation to its own APIs is hypocritical. It is worth noting that Google’s terms of use typically restrict the use of its own systems, and that therefore the trespass to chattels argument is relevant; Java, and any (allegedly) related APIs generated by Google (e.g. Dalvik), will in the overwhelming majority of cases be running on equipment not in the ownership of Oracle (for example, mobile consumer devices), and the trespass to chattels argument is therefore not relevant.

  27. 27.

    Linux, Apache, MySQL, PHP/Perl. See http://en.wikipedia.org/wiki/LAMP_%28software_bundle%29 (last accessed 2 September 2011).

  28. 28.

    File Transfer Protocol, see http://en.wikipedia.org/wiki/File_Transfer_Protocol (last accessed 2 September 2011).

  29. 29.

    A reminder: we earlier in the chapter identified the host as the system providing the service which is made accessible by the API, and the guest as the system making use of that service.

  30. 30.

    Assuming that the stack is a distribution of standard components. If, however, the stack contains elements released under a copyleft licence like GPL2, and those elements are modified, or, arguably, linked to other components of which the source code is not readily available, then this could, potentially, cause significant GPL violation issues. See Chap. 9.

  31. 31.

    This example is not fanciful: the port used by the FTP service is frequently changed from the default as a form of security by obscurity.

  32. 32.

    If the cloud provider is offering IIS hosting, then the user will clearly be unable to tinker with Microsoft’s APIs. However, if the user is able to remove the whole of the IIS infrastructure, and replace it with, for example, a LAMP stack, then the boundary lies more deeply within the service. If the user is unable to do that, then the boundary must lie on the outside of IIS.

  33. 33.

    The Data Protection Act 1998, in UK law, does not adequately address whether the operator of a cloud service in the deeper levels of a multi-level relationship would be regarded as a Data Processor.

  34. 34.

    Talk at Law 2.0: Openness, Web 2.0 and the Ethic of Sharing, available at http://blog.okfn.org/2007/09/18/talk-at-law-20-openness-web-20-and-the-ethic-of-sharing/ (last accessed 2 September 2011).

  35. 35.

    And, in contrast to the seventeenth and eighteenth centuries, it is no longer for an option to sail west, hoping to find an uninhabited island on which one can establish a new independent community. Current technology means that there are no habitable planets within reach of Earth at all, let alone to intrepid bands of private adventurers.

  36. 36.

    This effect does apply to a certain extent in the real world: large corporations, which are in a sense virtual creatures of law and regulation anyway, can relatively easy to move to more fiscally amenable jurisdictions. So can wealthy people. The poor are more tightly locked into their home jurisdiction, which may be a factor behind the otherwise apparently bizarre decisions of some governments who espouse progressive taxation one the one hand, and then make it easier for corporations and the super-rich to avoid tax on the other.

  37. 37.

    See http://openstack.org/ (last accessed 2 September 2011).

  38. 38.

    See http://blogs.vmware.com/console/2010/04/vmforce-and-vmwares-open-paas-strategy.html (last accessed 2 September 2011).

  39. 39.

    See http://www.readwriteweb.com/enterprise/2010/01/vint-cerf-its-like-1973-for-mo.php (last accessed 2 September 2011).

  40. 40.

    Which provides even more competitive pressure on providers, as it does not necessarily require a wholesale switch.

  41. 41.

    Article 6 Directive 2009/24. This right may not be excluded by contract (it is not clear whether it can be restricted by a condition in a non-contractual copyright licence: something which is not, in general, known to the majority civil-law jurisdictions in the European Economic Area). It is also worth noting that there is a restriction on using interoperability information to create a competing product. However, this restriction is easily sidestepped in practice, for example by reverse engineering the lock to make the key, and then having a third part re-reverse engineer the key to make a compatible lock.

  42. 42.

    See “Sega v. Accolade”, US Court of Appeals, Ninth Circuit, October 20, 1992, 977 F.2d 1510, 24 USPQ2d 1561, available at http://digital-law-online.info/cases/24PQ2D1561.htm (last accessed 2 September 2011), and the related news item at http://www.eetimes.com/electronics-news/4073992/Ruling-for-Green-Hills-clears-way-for-copying-of-APIs. (last accessed 2 September 2011).

  43. 43.

    See http://www.samba.org/ (last accessed 2 September 2011).

  44. 44.

    See related news item at http://www.zdnet.com/blog/microsoft/microsoft-and-samba-finally-come-to-terms-over-windows-protocols/1064 (last accessed 2 September 2011).

  45. 45.

    CFI Judgement of 17 September 2007, T-201/04, “Microsoft Corp. v. Commission of the European Communities”.

  46. 46.

    See her speech “Being open about standards” available at http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/08/317 (last accessed 2 September 2011).

  47. 47.

    See related news item at http://www.computerweekly.com/blogs/public-sector/2010/11/procurement-perversities-stifl.html (last accessed 2 September 2011).

  48. 48.

    See related news item at http://www.zdnet.com/blog/btl/googles-legal-victory-judge-stops-federal-agency-from-jumping-on-microsofts-cloud/43233 (last accessed 2 September 2011).

  49. 49.

    European Interoperability Framework for pan-European eGovernment services, available at http://ec.europa.eu/idabc/en/document/2319/5938.html (last accessed 2 September 2011).

  50. 50.

    Information available at http://ec.europa.eu/isa/strategy/index_en.htm (last accessed 24 August 2011).

  51. 51.

    http://ec.europa.eu/isa/strategy/doc/annex_ii_eif_en.pdf section 5.2.1 Retrieved 24th August 2011 (last accessed 2 September 2011).

  52. 52.

    G. Moody, European Interoperability Framework v2—The Great Defeat, available at http://blogs.computerworlduk.com/open-enterprise/2010/12/european-interoperability-framework-v2---the-great-defeat/ (last accessed 24 August 2011)-.

  53. 53.

    See an article by Iain Mitchell Q.C. in the International Free and Open Source Law Review (http://www.ifosslr.org) 5th edition (September 2011) not yet published at the time of writing.

  54. 54.

    In the US, a complaint was made the Federal Trade Commission in relation to Google’s cloud services. However, this was not competition law related, and raised questions about whether Google’s trade practices were deceptive, where they allegedly promised that their service was more secure than it was in practice. The complaint is available at http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf (last accessed 24 August 2011).

Reference

Download references

Author information

Authors and Affiliations

  1. Moorcrofts LLP, Marlow, UK

    Andrew Katz

Authors
  1. Andrew Katz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrew Katz .

Editor information

Editors and Affiliations

  1. , Filosofía del Derecho, Universidad de Alicante, Crta San Vicente del Raspeig, Alicante, 03690, Spain

    Aurelio Lopez-Tarruella

Rights and permissions

Reprints and permissions

Copyright information

© 2012 T.M.C. ASSER PRESS, The Hague, The Netherlands, and the authors/editors

About this chapter

Cite this chapter

Katz, A. (2012). Google, APIs and the Law. Use, Reuse and Lock-In. In: Lopez-Tarruella, A. (eds) Google and the Law. Information Technology and Law Series, vol 22. T.M.C. Asser Press. https://doi.org/10.1007/978-90-6704-846-0_10

Download citation

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation