Most Popular Resources

Technology Breakfast Seminar: From Seed to Series B: Funding for Growth

Technology Breakfast Seminar: From Seed to Series B: Funding for Growth

6 February 2019 8.30-11am

SMAB offices 87-91 Newman Street W1T 3EY. To register please email [email protected]

Technology Breakfast Seminar: Should Blockchain be tarnished by the same brush as Crypto

Technology Breakfast Seminar: Should Blockchain be tarnished by the same brush as Crypto?

22nd January 2019 8.30-11am

SMAB offices 87-91 Newman Street W1T 3EY. To register please email [email protected]


Ok, now that we have got your attention, let us turn to more mundane technological issues.

Do you know the difference between a ‘Bayda’ (Morocco) and ’Amarrabola’ (Peru)? Or even a ‘Palomita’ (Argentina) and ‘Hjólhestaspyrna’ (Iceland)? (Tom Williams, Do You Speak Football?: A Glossary of Football Words and Phrases from Around the World (Bloomsbury Sport) 3 May 2018). The World Cup is back and everyone, everywhere is talking about it.

For the first time ever, this tournament will make use of Video Assisted Referees. This technological development is nothing however compared to the organisers’ plans in Tokyo for the 2020 Olympics. One initiative is to use new analytical capabilities to detect the speed of swimmers and display it real time on TV broadcasts. Other plans include using cameras to determine the heart rate of athletes.

Over the past few years, sport’s reliance on ‘smart’ technologies has increased. From scoring and judging systems to retail transactions and the home viewer experience, many aspects of major sporting events are totally digital. Along with such new technology comes great opportunity – but also great risk.

Cyber threats to International Sporting Events

Cyber threats are nothing new. During the 2014 World Cup, Brazilian officials faced an onslaught of phishing attacks from ‘hacktivists’, who successfully infiltrated email accounts of Ministry of Foreign Affairs employees, who were helping to organise the Cup. Most recently, in the 2018 Winter Olympics, a cyberattack took place during the event’s opening ceremonies in Pyeongchang which affected internet and television access.

Traditionally there have been four categories of cyberattacks on major sporting events:

  1. infiltration of sporting websites and IT systems;
  2. ticket related scams;
  3. the hacking and release of sensitive athlete data; and
  4. the risk of fans’ devices being hacked while attending an event.

The proliferation of the Internet of Things is changing the face of the cybersecurity of sports, adding digital dimensions where there were none before. Digital technologies are now focal to almost every facet of the sporting experience, from scoring systems to athlete care, from ‘smart’ stadiums to device-enhanced viewing experiences for fans. Current trends include: video reviews incorporating technology designed to aid in officials’ decisions; increased interest in data collection on athlete performance; growth in wearable devices; and increased viewer immersion in sports through technology, including virtual reality and drones.

According to a report released by the UC Berkeley Center for Long-Term Cybersecurity (CLTC), “The Cybersecurity of Olympic Sports: New Opportunities, New Risks”, the increasing use of technology in sport (whilst bringing lots of opportunities) could potentially damage the integrity of sport and add to spectator, sponsor and safety concerns relating to the players/athletes.

Managing the risk

Everyone faces potential cyber risks: from the spectators to the players, and even the ticketing officers.

We have set out some cyber safety tips to keep in mind before, during and after the World Cup:

  1. Avoid using public Wi-Fi networks and public charging stations. Using public Wi-Fi networks could compromise your security and public chargers may have been tampered with to infect your device with malicious software.
  2. Be wary of scams of phishing emails. As enticing as the prospect of a “Free Ticket” to the World Cup may be, do not click on any links in emails marketing or referencing the event.
  3. Be vigilant when using ATMs. Look out for evidence of machine tampering: some skimming devices can be spotted by a quick wiggle of the card reader or through visible marks on the PIN code area. To help lessen the impact of Point of Sale malware and ATM skimming, alternative forms of payment like chip and pin, pre-paid and pre-capped cards should be considered.

For further information please contact Anne Rose, associate in the technology law team at Simons Muirhead & Burton LLP [email protected] or Simon Halberstam,  head of the technology law team at [email protected],.

All I want for Christmas is a CryptoKitty

What is crypto? What is blockchain? What is Bitcoin? As Wittgenstein might have put it, many of these terms are only familiar to those who are involved in this “language game”. Now, these arcane digital concepts are going mainstream. Why?! CryptoKitties.

CryptoKitties are digital cats. Each one has different attributes and users can breed, buy and sell these kitties on Ethereum. The most expensive kitten was Founder Cat 18, a bug-eyed orange animal with purple spots. This CryptoKitty was sold for $122,095 on December 6.

If you have developed an affinity for Ethereum, you could ask for ERC-721 tokens for Christmas to buy your CryptoKitty. Better still, ask for Bitcoin but it won’t come cheap.

So what do CryptoKitties show us?

1. Application of blockchain

CryptoKitties is the first mainstream recreational decentralised application (“Dapp”). If you don’t know what a Dapp is, it consists of: (1) a frontend, written in HTML; and (2) a backend (think of it as the ‘database’ for your frontend). The fact that the first mainstream Dapp is a game and is about cats shows that practical applications of the blockchain can extend well beyond Initial Coin Offerings (“ICOs”).

2. Cats, Digital Assets or Securities?

You will be delighted to hear that CryptoKitties are probably not securities. Just like Bitcoins or Ether, CryptoKitties are peer-to-peer tradeable, provably scarce digital items that are accounted for by an open blockchain network.

Rather than finance itself through an ICO), it is using its own revenue model: The CryptoKitties team releases a new “Gen 0” CryptoKitty every fifteen minutes (up until November 2018). The starting price of “Gen 0” CryptoKitties is determined by the average price of the last five CryptoKitties that were sold, plus 50%.

There are arguments as to whether some ICOs might be unregistered securities issuance. In the United States an offer and sale of “tokens” or “coins” may qualify as “securities” and be subject to the U.S. securities laws and the jurisdiction of the U.S. Securities and Exchange Commission (“SEC”). It all comes down to the “Howey” test. If an investment of money is made with an expectation of profits arising from a common enterprise that depends solely on the efforts of others (i.e. a promoter or third party) SEC v. W.J. Howey Co., 328 U.S. 293 (1946).

In a similar fashion, the Financial Conduct Authority (“FCA”) in the United Kingdom has issued a consumer warning about the risks of ICOs. It says “ICOs are very high-risk, speculative investments.” It adds that whether an ICO falls within the FCA’s regulatory boundaries or not can only be decided case by case and states: “Businesses involved in an ICO should carefully consider if their activities could mean they are arranging, dealing or advising on regulated financial investments.”

If we apply the Howey test, CryptoKitties are not being marketed as profit making investments, and ownership of a CryptoKitty doesn’t give you a right to dividends or revenue streams from the CryptoKitty team or anyone else for that matter.

Takeaway. I have had several clients asking us to review their ICO Whitepapers to determine, amongst other things, whether they would be likely to fail the “Howey” test. The utmost care should be taken when drafting documentation and promotional materials. If your offering is not a security then your materials should faithfully reflect that.

3. Capacity and labour pains

The interest CryptoKitties generated across the Ethereum network almost brought the network to a halt. At one point, its smart contracts accounted for up to 25% of the entire network’s transactions. As traffic increases, transactions become more expensive to execute quickly. CryptoKitties responded by issuing a tweet: Due to network congestion, we are increasing the birthing fee from 0.001 ETH to 0.002 ETH. This will ensure your kittens are born on time! The extra is needed to incentivize miners to add birthing txs to the chain. Long-term solution will be explored very soon!

Takeaway. This isn’t the first time the Etherum network has come under strain. CryptoKitties shows how scalability should be (and is) a top priority for the Ethereum development team. For blockchains to become fully mainstream, solutions will need to be found that can overcome the threat posed by digital cats. Ethereum is making progress on developments such as ‘Proof of Stake’, ‘sharding’, and second layer technologies that will support its ability to scale.

4. Cybersecurity and data protection

From a cybersecurity perspective, the immutability, encryption, and cryptographic elements inherent in cryptocurrency transactions on a blockchain lend themselves well to a secure environment.

Despite the added security benefits of cryptocurrencies’ underlying blockchain technology, it is not without risk. Notably the mechanism by which digital currencies are stored (e.g. in digital wallets) introduce penetration points that can be used to exploit the blockchain’s irreversibility, meaning that pilfered digital tokens and coins cannot be returned, and victims can be left without much recourse (unless issuers and users are properly insured or indemnified). Similarly, the use of private and public key authentication on a distributed network can create risk with respect to users’ private keys that, if lost or compromised, can result in serious losses. Further, many users are not actually holding their private keys (and therefore their Bitcoin) and instead entrust them to third parties.

No article nowadays would be without a discussion on data protection. The General Data Protection Regulation (GDPR) brings in a new data subject right, the “right to be forgotten/right to erasure”. This does not sit well with the decentralised and immutable components of blockchain technology which by its very nature does not enable the permanent deletion of data. Data subjects may however be less concerned if their data is pseudonymised. Regardless, further security features may need to be built on top of the existing framework to ensure compliance.

Takeaway. Issuers and users of cryptocurrencies should consider the need for adequate insurance solutions to account for these risks.

CryptoKitties may be as cool as cats but they are of the feral not the domesticated variety.
For further information please contact Anne Rose, associate in the technology law team at Simons Muirhead & Burton LLP [email protected] or Simon Halberstam at [email protected], head of the technology law team.


Love Data, Hate Data – John Anderton! You could use a Guinness right about now!

Yesterday, the iconic lights in London’s Piccadilly Circus were switched back on after nine months of renovation. The patchwork, which has become one of London’s most famous sights, has now been replaced by Landsec with a single 4K LED screen with in-built facial recognition technology that will feature six advertisers.

Today, we are closer than ever to the advertising ecosystem that Minority Report predicted in which billboards scanned the retinas of passers-by to show them personalised adverts. According to Landsec’s press report, the digital screen will be able to “react to certain external factors, such as the weather or temperature”. The facial recognition technology could also be used to deduce the age, gender and even mood of passers-by, as well as the make and model of cars; using that info to deliver targeted ads.

How this might work in practice was explained by Tim Bleakley, chief executive of Ocean Outdoor, the company that runs the board’s advertising. “Coca-Cola, for example, can log on at any given moment, see a large group of Spanish tourists and change the copy of the ad from ‘hello,’ to ‘buenos dias’.” Combine this data with all the data users of the billboard’s free WiFi hand over, could result in marketeers being able “to monitor and capture your every online move” warns Douglas Crawford, editor of independent online security and VPN advice service Landsec has tried to allay these concerns and has stated that the technology “does not collect or store any personal data and is unable to record images or audio.”

The advances in digital technology has given marketeers the ability to target individual consumers directly. According to an article in The Guardian last year, facial recognition technology is now used by an approximately 59% of UK fashion retailers. This is not set to go away; Apple’s new iPhone X incorporates Face ID technology – allowing you to pay with a smile! Other technologies being used by retailers are beacons. Harrods, for example, has a network of more than 500 beacons which connects to a user’s iPhone through Bluetooth and highlights consumers’ location on a map. This technology can also be used to send consumers location specific deals and recommendations to their phones while they browse in store.

While these tools may be a marketer’s dream, businesses should ensure that they are transparent at the way in which they use such data. There are strict rules in place regarding what businesses can and can’t do with data they have collected from consumers. In May 2018, with the advent of the General Data Protection Regulation, failure to comply could result in fines of up to €20 million or 4 per cent of turnover (whichever is greater).

If anonymised data is being used to change the layout of a store or to provide a consumer with an enriched customer experience, then that is from a legal perspective far less controversial than the use of facial-recognition technology to track an individual and then send unsolicited, personalised marketing materials based on that data.

Video Games and the Jurassic future – the legal issues

Confession is good for the soul so let’s start with my admission that I am a scrabble addict. Whilst that idea may not set your pulses racing, it points to an obsession with words and that, as you will see below, is a fundamental requirement in the context of video game legals. The multi-dimensional world of video games entails myriad, inter-linking legal issues. This is anticipated to reach a new zenith next year with the launch of Jurassic World Evolution. Who would have thought that dinosaurs would be shaping the legal agenda in 2018?

Rather than bore you with extensive legalities, I will briefly highlight some of the key legal issues and leave you to ponder and contact me should any alarm bells start to sound.

Intellectual Property Rights (IPR)
• You need to protect your work and/or investment. This is mainly about copyright and database rights. Make sure you get assignments from anyone from whom you have bought or commissioned any code, graphics, sound effects or any other creative input.
• Patents may be relevant but the originality barrier is high and will require specialist assessment to determine if you have any qualifying ideas or concepts.
• Trademarks and domain names are generally more straightforward as they protect/reflect brands and names rather than underlying code and concepts. However, you will need to consider not only what you can protect but also whether what you have in mind might infringe third party rights. For that reason, it is advisable to run some clearance searches before you invest in your brand/developing your game; running a search on Google is a start.
• If you are planning to depict any people in a game, you will typically need to procure releases from the rights holders and failure to do so may result in “passing off” or other actions against you.
• Where there are in-game purchases, there may be further IPR ownership, licensing and infringement issues where the purchases of virtual goods/accessories are branded by the IPR owners or used without the owner’s permission.
• Another important area of IPR relates to design rights which may offer a route to protection of GUI and multiple visual elements.
• The use of open source in the creation process may undermine any claim to IPR protection by the game’s developers. Careful attention needs to be paid to governing open source licences such as the GNU family to see what impact the use of open source code might entail.
• Where the developers incorporate existing music or other audio or visual rights, permission or clearance will need to be sought/negotiated to clear any rights in the sounds recording and the musical composition (i.e. music and lyrics). Clearance will need to be sought from the record label and the publisher or collective right management organisation such as the PRS in the UK.

Terms and Conditions (T&C) and Data Protection
Not only do you need T&C which regulate use of your game and distribution agreements with your channel but also other sets of terms covering your use of gamers’ personal data and the cookies you or third parties place on their systems as well as an Acceptable Use Policy for in-game messaging. The privacy issue becomes exponentially more crucial next May when the new general data protection regulation (GDPR) enters force. Maximum fines for data breaches will rise from £500k to the higher of 4% of worldwide turnover or E20m. This means that it is paramount that you have in place appropriate, state of the art technology to prevent compromise or hacking of your subscribers’ personal details.

Gambling and Social Gaming
There has been considerable coverage of failures by gambling operators properly to demarcate between social gaming and gambling. The Sunday Times recently reported that some of Britain’s biggest gambling operators are targeting children with their favourite cartoon and storybook characters in online betting games, and that gambling operators are exploiting a legal loophole to promote games that appeal to children without breaching Gambling Commission rules. By way of example, they cited 888 website’s Jack and the Beanstalk game, which had a minimum bet of 20p and a maximum of £200, and Paddy Power’s Peter Pan game. Everyone involved in the gaming sector needs to be very careful not to overstep this mark.

The video games industry has its own system of formal self-regulation to keep children safer offline and online: the PEGI (Pan-European Game Information) age rating system. In particular, publishers are required to follow PEGI’s Labelling and Advertising Guide (“the Guidelines”) to ensure the age rating icons and descriptors are displayed to consumers prior to purchase of both disc-based and online games. Game advertising is also subject to the CAP Guidance on advertisements for Video Games and Films as well as the CAP and BCAP Codes. When developing your game it is important to consider (if necessary) both age verification services and parental controls.

For further information please contact Simon Halberstam at [email protected], head of the technology law team at Simons Muirhead & Burton or Anne Rose, associate in the technology law team at [email protected]

Do what the F*** You Want? Not quite…

One of the myths surrounding open-source software (“OSS”) is that you can do whatever you like with it; there is even an OSS licence called Do What the F*** You Want To Public Licence (“WTFPL”). This could not be further from the truth.

In this article we explore some of the issues that companies should consider when using OSS.

What is OSS?

The basic concept common to all OSS licence agreements is that they seek to ensure that all downstream users have the freedom to use, modify and distribute the licensed OSS. “Permissive” OSS licence agreements such as MIT and Apache 2.0 impose minimal obligations on the licensee, such as obligations to maintain attribution and legal notices. Importantly, these licences often permit modifications of the OSS and allow such modification to be distributed under any licence (proprietary or open source) of the licensee’s choosing. On the other hand, “restrictive” OSS licence agreements (also referred to as “copyright” or “viral” licence agreements) impose obligations not only with respect to the licensed OSS but also with respect to any works derived from or combined with OSS. Failure to understand which type of licence you are subject to and the associated terms of use can entail huge risks for your business.

The risk involved with derivative works

Making available your source-code

Where proprietary software code is “mixed” with OSS, you may be creating a derivative work. If that OSS is subject to a restrictive licence, then when you license such software, you will have to make the sensitive source code you have created available to end users free of charge with the ability to modify and redistribute.

Copyright infringement

Many OSS licences are subject to United States copyright law, under which a derivative work is defined as:

“a work based upon one or more pre-existing works, such as…any other form in which a work may be recast, transformed or adapted. A work consisting of editorial revisions, annotations, elaborations, or other modifications which, as a whole, represent an original work of authorship, is a ‘derivative work’.”

Therefore, when dealing with OSS licences that rely on copyright law principles, a thorough investigation of how much and what part of the OSS code is copied or modified and/or how the OSS is used needs to be made in order to anticipate or predict how a court might rule on the legal implications for a “derivative work”. A key issue is understanding and knowing what may be classified as a “derivative” work, especially as many restrictive licences don’t even define the concept (e.g. Eclipse Public License, Version 1.0). In some cases, there is not necessarily an answer, particularly as there is little case law surrounding the issue. For example, what happens where you are linking to OSS or using Plug-ins?


Some OSS available is released as a library. Instead of incorporating it into your proprietary software you may want to create a link between your software and these (unmodified) libraries and to distribute them along with your software, either by compiling them together (“static linking”) or not (“dynamic linking”). There are instances where dynamic linking to OSS libraries is allowed while static linking is not. Much of this will depend on the terms of the OSS licence you use and so a case by case analysis is necessary.


Plug-ins such as Adobe Flash Player are commonly used in web browsers to add video player functionality. Where your software application is configured with a programming interface to support the use of such plug in, a derivative work may be created when either the application or the plug-in is governed by a restrictive OSS licence.

In both these cases, it may well be difficult to determine whether the form of use envisaged might lead to a copyright infringement.

Warranties and limitations of liability

Generally speaking, OSS licences include a broad disclaimer of all representations and warranties or indemnities that might otherwise be expressly or impliedly provided by a commercial software licensor. Further, as there is often more than one contributor to OSS projects, it is impracticable to determine whether any contributor has contributed infringing code (knowingly or otherwise).

Unchecked use of OSS could have significant consequences and result in the need for time consuming remedial action. In a corporate transaction if in the course of due diligence, the prospective investor or purchaser alights upon an intellectual property ownership issue or other problem arising from the use of OSS and the issue cannot be remedied prior to closing, then the investor or acquirer may decide not to proceed or, more probably, seek additional contractual protection such as indemnities, or a cash escrow to cover the cost of any remediation efforts that may be necessary after closing.

How to manage the risk?

As a company, there are several things you can do to manage your risk:
• Establish a policy regarding the management and use of OSS.
• Carry out an OSS audit using a company such as ‘Black Duck’ and find out what OSS licence(s) your organisation is using/has used.
• Appoint someone within the organisation to be responsible for use of OSS.
• Create training programmes for employees.

For further information please contact:

Anne Rogers, Associate, Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2727

Simon Halberstam, Partner and Head of the Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2781

Technology Breakfast Seminar : How Tech Companies can ride the Autonomous Vehicle and Smart City Wave

Simons Muirhead & Burton LLP look at driverless cars and smart cities; and threats and opportunities for the tech industry. Click here to register for this event on 27 June 2017.

Click Here for more details.

Diving into the EC’s draft ePrivacy Regulation: steps for online gambling operators

Anne Rogers and Simon Halberstam dive into the EC’s draft e-Privacy Regulation and set out what it means for online gambling operators and crucially, what they need to do today in order to ensure that they comply. Click Here to read their latest article which first appeared in the March 2017 publication of the Online Gambling Lawyer magazine.

Contact Details: Anne Rogers, Associate, [email protected]; Simon Halberstam, Partner, [email protected]

Look, up in the sky! It’s a bird! It’s a plane! It’s a Drone!

From self-repairing cities to transforming cinematic and television experiences, drones are becoming increasingly prevalent. To ensure their safe and proper use in the UK, the Government launched its consultation on 21 December 2016, ‘Unlocking the UK’s high tech economy: consultation on the safe use of drones in the UK’ (Consultation). Those who wish to voice their opinion, should submit their response by 15 March 2017.

In this article, we explore some of the issues that drone users should consider when filming including: aviation law, copyright and privacy.

UK Aviation Regulations

In the UK, drones (otherwise known as “unmanned aircrafts”) are subject to a number of rules and regulations depending on their weight and proposed use. The principal piece of legislation governing drones is the Air Navigation Order 2016 (ANO) effected through the Civil Aviation Act 1982. The key points to note under ANO are as follows:

Overriding Principle. It is prohibited “to recklessly or negligently cause or permit an aircraft to endanger any person or property”.

Weight. To avoid falling within the remit of more extensive aviation regulations and be classified as a “small unmanned aircraft”, it is advisable not to exceed 20kg. Most aerial filming drones or camera drones weigh significantly less than 20kg.

Use. The most relevant Articles are 94 and 95 ANO. Article 94 ANO applies to all drones weighing less than 20kg. Article 95 ANO applies to drones weighing less than 20kg which are also used for surveillance (i.e. recording and filming).

There are two particular points of note:

1) If you wish to use a drone for “commercial operations” then you must apply to the Civil Aviation Authority (CAA) for permission. Unless you are using a drone for filming as a hobby, as Keith Bremner was when he caught Top Gear being filmed, then permission from the CAA will likely be required.

2) Drones may not fly: (a) over or within 150m of any congested area or open-air assembly of more than 1,000 people without permission from the CAA (e.g. over a major sports match); and (b) drones may not fly within 50m of any vehicle, building structure or person not under the control of the drone pilot without permission from the CAA.

Permission and Penalties. Applying for permission from the CAA can be rather complicated. Due to the complexities involved it may be advisable to seek a specialist contractor who has all the necessary insurance and CAA permissions to assist with any filming work, especially considering that failure to comply with the ANO is a criminal offence.


Photographs. Under UK copyright law, the first owner of the copyright will be the photographer, unless the photographer was an employee. In that case, the employer will own the copyright in the photograph.

Films.  What about moving pictures (i.e. films)? Under the Copyright Designs and Patents Act 1988, a film has two legal owners: the producer and the principal director. Again, if the film is made during the course of employment, the employer will own the copyright in the film. In the case of drones, the owner will probably be the person who programmed the drone to make the film (i.e. the producer); and the person who has “creative control” (i.e. the principal director who decides what to film and how to film it).

Data Protection and Privacy

In the UK, there is no specific data protection legislation on the use of drones. A breach of privacy is likely to be dealt with under the established law on breach of confidence through the Human Rights Act 1998. The Information Commissioner’s Office (ICO) has however said that drones “can be highly privacy intrusive” as they may capture images of individuals “unnecessarily”. In light of this, the ICO has released some guidance which should be followed: In the picture: A data protection code of practice for surveillance cameras and personal information. It is advisable for anyone considering using drones in their next film or TV production, for instance, to read this, particularly considering the penalties.

Penalties. The ICO has the power to impose a fine of up to £500,000 where a drone operator seriously contravenes UK data protection law and the “contravention is of a kind likely to cause substantial damage or substantial distress, and is deliberate or likely and should have been prevented”. As previously noted, this will become more significant in May 2018 when the General Data Protection Regulation comes into force.

For further information please contact:

Anne Rogers, Associate, Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2727

Simon Halberstam, Partner and Head of the Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2781