Hulu Files Amicus Brief Over Source Code Review Concerns in TCL Patent Case

Hulu has filed an amicus curiae brief in a case involving a motion to quash a subpoena in a patent case between Canon and TCL Electronics Holdings. Canon filed a subpoena to review Roku’s source code as it pertained to TCL’s Roku-compatible televisions. Roku objected to the subpoena, due to security risks posed by the remote review of source code resulting from the COVID-19 pandemic. Hulu’s amicus brief joins Roku in arguing that the longstanding practice of using secured computers not attached to a network should not be abandoned.

Even though Hulu’s code is not subject to the underlying patent dispute, “the potential exposure of Roku’s source code to malicious actors poses a threat to Hulu’s own efforts to secure its streaming content and services.” Hulu stated that it is concerned that requiring Roku to make its source code available could set a precedent requiring others to make source code available for review, which Hulu fears could “[diminish source code] security.”

Hulu stated that “Roku’s Motion, and the risk to Hulu’s source code that Roku’s Motion seeks to avoid, has direct ramifications for Hulu” because Hulu’s content can be viewed on Roku, thus this could potentially expose Hulu’s content. Hulu noted that hackers often attempt to reach its code. While the company is able to thwart these attempts, “Hulu…expends significant efforts to ensure that all of its device manufacturing partners’ systems, including Roku’s contain the strongest security measures possible to protect its services’ content from being improperly downloaded and pirated.” Hulu asserted that remote review of the source code at issue would not provide the same protections and hackers could potentially gain access to the code.

Hulu alleged that Canon has sought to “modify the protective order under which Roku’s source code was originally produced.” As a result, “Hulu, as well as other technology companies subject to discovery in the legal process, may similarly be forced to forego the time-tested practice of source code review on secured standalone computers for the inherently more vulnerable risks associated with connecting that source code and transmitting it on the Internet.”

Hulu claimed that requiring the remote review of source code in this patent case is “inherently and incurably insecure.” Hulu relied on the “industry standard of permitting source code review only on standalone non-Internet connected computers [which] is based on the established understanding that source code made available for inspection on a computer connected to the Internet is more vulnerable to malicious access or hacking by unauthorized third parties.”

The brief noted that the “risk posed by the exposure of its highly sensitive and valuable source code is so great that Hulu imposes restrictions on its own engineers’ access to that code.” Hulu added that these protections cannot be made during a remote review of the code.

Canon is represented by Paul Hastings; Roku and TCL are represented by Ropes & Gray, and Hulu is represented by O’Melveny & Myers.