Source Code Escrow

Introduction and Scope of This Paper

This paper will deal with two concepts that may not be familiar to the reader: escrow and source code.

What is Escrow?

In order to understand source code escrow, we will start with an understanding of escrow generally. Escrow is often used in the context of real estate or other property transactions. Essentially, escrow refers to placing some sort of property (property in this sense may include money) in the custody or possession of a trusted third party for delivery to another party only upon the fulfillment of certain specified conditions. Typically, there are two parties to a contract who arrange to place the property in question in escrow until certain conditions are fulfilled, at which point the property may be released to the party entitled to it under the contract.

The person who holds the property in escrow is typically referred to as an escrow agent, although they may be considered a trustee or have another title. Often they will be a party to the contract in addition to the two primary parties to the transaction.

An example would be a transaction involving the sale of a house. The buyer does not want to give the seller the purchase price until the buyer has registered title to the house with the applicable land registry. On the other hand, the seller certainly does not want to have the buyer obtain title to the home until the seller has the money. The means by which this dilemma is resolved is to have a trusted third party, the escrow agent, hold the purchase price in escrow until the defined condition of the buyer having received title is fulfilled, at which point the escrow agent pays the purchase price over to the Seller. The seller does not provide the paper work and documents to give title to the buyer until the seller knows the purchase price is in escrow. The buyer feels safe paying the purchase price to the escrow agent, knowing that the money will stay in escrow until the title to the house has been transferred to the buyer.

This is essentially the means by which real estate is transferred in Alberta, although we generally use lawyers as escrow agents, or more accurately, trustees, of the funds pending processing the documentation and change of title.

What is Source Code?

Computers do not speak the same language as humans, as I am sure many of you will agree. However, I am not referring to the difficulties we all tend to experience when our machines do not bend to our whims or perform as expected. I am referring to the fact that the programs that computers execute are, at their most fundamental level, not readable or understandable by humans. What a computer needs to run an application is essentially just a very long series of zero’s and one’s, known as binary code. Generally, humans do not write programs in the language of the machine. Other approaches have been developed.

When computer programmers create a new program, or modify an existing one, they generally do so using a programming language, which can be read and understood by humans. This is nothing particularly new. During the 1960’s and 1970’s a huge number of such languages were developed. Most of those are no longer in wide use but there are still many such programming languages in use. New ones, or variations on old ones, are still appearing from time to time.

Examples of well-known programming languages include C, C++, Pascal, BASIC, Visual Basic, COBOL, FORTRAN, Java, and so on. You may have also have heard the term “object oriented” languages, which allow the programmer to define new data types and associated procedures with them, making them easier to use to develop more complex programs and applications.

The result of a human working with a programming language is human readable code intended to be transformed into software that the computer will use to carry out the instructions given and (hopefully) reach the intended result. We call the code that results from a human using a programming language “source code.” Computers do not read or understand source code; it is basically a human convenience to allow humans to develop complex sets of instructions in a form and manner that is understandable (relatively speaking) and efficient.

In order to make a computer run an application or software, it is necessary to somehow convert the source code into computer readable code, which is generally called “object code”, a program written in machine instructions recognizable to the CPU (central processing unit) of the computer, the chip that lies at the heart of modern computing. The conversion into object code is often accomplished by using a compiler, a computer program that translates the source code from C or BASIC into object code.

There are other means for accomplishing this. For example, one could use a program called an interpreter, which can store the source code and execute it statement by statement without ever creating object code. In fact, I recall that my first computer worked in that fashion, running directly from statements I programmed in BASIC and saved to a tape drive (I’m dating myself here).

Compilers have many advantages over other methods. The compiled object code can run on any computer (with a compatible operating system) without the need to install the compiler. Compiled object code will run far faster – as much as a thousand times so.

Object code, being not readable by humans, will help protect the programmer’s methods from disclosure as well. The source code is generally considered confidential or secret – the programmers do not want the end user to be able to discern exactly how the software works. You may even have noticed that many software licenses forbid de-compiling or reverse engineering to try and get back to the original source code.

You may also hear the term assembly language, which is closer to pure machine language and is used generally for short routines where it is not too cumbersome to get closer to what the CPU needs to run an application.

Source Code Escrow

When software is purchased off the shelf, the purchaser generally receives only the object code on a CD or other medium (including downloading from the Internet), and a license to use the object code. The license is a contract, which gives the end user permission to do something that would otherwise be illegal – to make a copy of the program on their computer (and sometimes a back-up copy) and run it, etc. The end user will not have the right to modify the object code unless the license and the technology in question somehow permit it, and will certainly in most cases have no access to the source code.

When you buy a product made by a mega-corporation out of Redmond or Silicon Valley, you may not give any thought to what might happen should the maker of the software go out of business or otherwise cease making or supporting the product. There is not that much money at stake and there may be other alternatives, or you may simply have no choice in the matter.

However, what if you have paid a small (and not as well known) company a lot of money to custom develop or modify software for your entire business? Perhaps it is a mission critical application. Now there will be a significant concern with respect to whether or not the supplier of the software can support what you have bought with an ongoing supply of enhancements and upgrades, customization, bug-fixes, technical support, and so on. What if they cease to do so? What if they go bankrupt?

If the supplier, for whatever reason, ceases to support software in this type of situation, the buyer may end up with a large investment which can become basically worthless. The buyer would prefer to have the source code so that the buyer can carry on should the seller fail to do so, using the software and finding new sources of talent to provide upgrades and support. On the other hand, the supplier definitely does not want to give the buyer the source code.

The solution to this dilemma is to create a contract between the buyer, the seller and a trusted third party providing that the buyer will put the source code into escrow with the trusted third party, known generally as an escrow agent, and the third party will not provide or disclose the source code to anyone, including the buyer, unless certain things happen. This is the essence of source code escrow.

The larger the investment and the greater the reliance on the software, the more likely it is to be to the advantage of the buyer of the software to have a properly documented source code escrow arrangement with a trusted agent and the seller. This would be primarily a business decision. If the loss of support for the software would exceed the costs of an escrow arrangement, then any buyer would likely be well advised to insist on escrow. Escrow arrangements are generally far less expensive than the possible losses should the supplier disappear or otherwise stop supporting the product.

There are other situations in which source code escrow may be used. The most notable example would be where it is used as security for loaning money. The lender or investor may wish to have the source code in escrow so that it can readily seize it for resale or other use upon default on the loan or investment.

In any case, as with any contractual arrangement, there should be a clear written agreement governing the rights of the parties. The seller will want to limit what must occur before release of the source code can occur. The buyer will want to have as many opportunities as possible to obtain the source code, not only for things like the seller’s bankruptcy, but also for other events that may be simply more of an inconvenience, although there may be costs attached.

Any good source code agreement will therefore define in detail what must occur before the source code can be, or must be, released. Typically, such agreements talk about “events of default”. The more clearly defined those can be, the better. Anyone entering into such an agreement would be well advised to negotiate defined events of default so that they are suitable to the circumstances of that party, and clearly defined so that any doubt as to whether the source code should be released is unlikely. Most source code escrow agents will generally require a provision in the agreement allowing them to refer the matter to court or put the source code (usually on some media like a CD) into the custody of the court for the buyer and the seller to fight over it.

Many source code escrow arrangements will also involve one seller and multiple buyers, with the agreement providing that buyers can be added and removed as changes occur.

Events of default can include things like bankruptcy and insolvency of the seller, failure to support the product for more than a certain period of time, perhaps after demand(s) to do so, or cessation of carrying on business.

There are a number of issues that should be considered in negotiating a proper escrow arrangement, including, for example:

• A clear definition of the software and the source code;
• The media on which it must be kept;
• How many copies must be deposited;
• When and how often copies must be deposited;
• The location where copies of the source code must be kept, including the conditions under which it must be stored;
• A clear definition of the obligations of the supplier and the escrow agent;
• If there are to be multiple licensees or beneficiaries (i.e. buyers), the manner in which they are defined, added, removed, etc.;
• How source code is certified to be complete, accurate, up to date, etc.;
• The events of default, or the events triggering release;
• Events that trigger the return to the supplier;
• Dispute resolution, for example, will mediation or arbitration be available or required;
• Duties of the escrow agent or trustee;
• Obligations to inform parties of defaults or other activities of other parties;
• Payment of the agent and the consequences of non-payment;
• The rights, if any, of the licensee(s) to inspect or verify; and,
• Other typical contractual provisions such as governing law, jurisdiction, forum, enurement and so on.

In addition, any buyer should be dealing with proper licensing, being sure they are otherwise getting what they paid for. Does the seller actually own the intellectual property interests in question? What warranties, if any, are given? What is the actual effect of the disclaimers and limitations in the licensing agreement? The full scope of those issues is well beyond this paper.

Conclusion

Source code escrow arrange can provide a means for protecting the investments of buyers, licensees or investors in software based products. Properly negotiated and drafted with a knowledgeable and trustworthy escrow agent, this protection can be accomplished at reasonable cost and on a basis that is truly effective in granting appropriate rights and protection. The alternative is for the buyer or investor to be essentially unprotected except by the possibility of court action, which would likely be far more expensive and could take years and have no guarantee of success.