Software Intellectual Property & Source Code Disputes

Forensic code review in IP disputes involves the structured examination of source code, compiled binaries, version control history, and associated development artefacts to address specific questions put by the instructing party or the court. In my experience, the core questions in these matters tend to concern authorship (who wrote the code), originality (whether the code was independently developed or derived from another work), and compliance (whether the software meets the terms of its licence or specification). The methodology must be systematic, reproducible, and clearly documented so that it can withstand scrutiny from an opposing expert and cross-examination at trial.

A typical examination may involve line-by-line comparison of source files, analysis of version control metadata (including commit timestamps, author records, and branch histories), review of build systems and dependency configurations, and assessment of coding patterns and conventions. Where source code is not directly available, I have experience with reverse engineering and decompilation of compiled software and embedded firmware to recover functional logic for comparison. The tools and techniques used vary depending on the programming languages, platforms, and repositories involved, and I set out the methodology in detail within my expert report.

Database rights disputes raise distinct technical questions. The sui generis database right under the Copyright and Rights in Databases Regulations 1997 protects databases in which there has been a substantial investment in obtaining, verifying, or presenting the contents. The technical analysis in these matters often focuses on how a database was populated: whether its contents were obtained by collecting existing independent materials (which may attract protection) or whether the data was created as a by-product of another activity (which, following the distinction drawn in cases such as British Horseracing Board v William Hill, may not). I examine database architectures, data ingestion pipelines, ETL (extract, transform, load) processes, and the technical mechanisms by which data is collected, verified, and structured. Where infringement is alleged, the analysis addresses whether a substantial part of the database contents was extracted or re-utilised, which requires both quantitative and qualitative assessment of the data at issue.

In matters involving allegations of trade secret misappropriation or AI model theft, the analysis often extends beyond the source code itself to encompass training data pipelines, model architectures, hyperparameter configurations, and deployment artefacts. In each case, the objective is to provide the court or tribunal with a clear, technically grounded opinion on the specific questions at issue, acknowledging the limitations of the available evidence and the boundaries of what the analysis can and cannot determine.