Skip to Main Content

Find Case LawBeta

Judgments and decisions from 2001 onwards

Volkswagen Aktiengesellschaft v Garcia & Ors

[2013] EWHC 1832 (Ch)

Case No. HC13C02168
Neutral Citation Number: [2013] EWHC 1832 (Ch)
IN THE HIGH COURT OF JUSTICE
CHANCERY DIVISION

Royal Courts of Justice

Rolls Building

Tuesday, 25 th June 2013

Before:

MR. JUSTICE BIRSS

B E T W E E N :

VOLKSWAGEN AKTIENGESELLSCHAFT Claimant

- and -

(1) FLAVIO D. GARCIA

(2) UNIVERSITY OF BIRMINGHAM

(3) ROEL VERDULT

(4) BARIS EGE

(5) STICHTING KATHOLIEKE UNIVERSITEIT Defendants

Transcribed by BEVERLEY F NUNNERY & CO

Official Shorthand Writers and Audio Transcribers

Quality House, Quality Court, Chancery Lane, London WC2A 1HP

Tel: 020 7831 5627 Fax: 020 7831 7737

info@beverleynunnery.com

A P P E A R A N C E S

MR. C. HOLLANDER QC and MR. R. ONSLOW (instructed by Addleshaw Goddard) appeared on behalf of the Claimant.

MR. G. TRITTON and MISS C. SCOTT (instructed by Pinsent Masons) appeared on behalf of the 1st and 2nd Defendants.

MR. H. TOMLINSON QC (instructed by Olswang) appeared on behalf of the 3rd to 5th Defendants.

J U D G M E N T

MR. JUSTICE BIRSS:

1 This in an application for an interim injunction pending trial. The claimants seek an order preventing the publication in an unedited form of an academic paper by the defendants. The defendants resist that order. They contend the paper should be published unedited. They offer, very much as a fall-back, a deletion from the paper. The deletion is not acceptable to the claimants.

THE FACTS:

2 The first claimant, Volkswagen, is a major car manufacturer. Millions of Volkswagen cars use an immobilizer based on a chip called the Megamos Crypto. The immobilizer is one of the ways in which unauthorised persons cannot start the engine. It prevents theft. Volkswagen is not the only car maker who uses the Megamos Crypto chip. A number of car makers use it. In Volkswagen’s case, as well as mass market cars, Volkswagen use it on a number of their high value cars, including people carriers, as well as well known luxury brands in the group, such as Porsche, Audi, Bentley and Lamborghini.

3 It works this way: the car key has a transponder chip inside which can communicate with the car by short range radio waves. The car has a computer with an immobilizer. When the key is put in the ignition the computer in the car sends a radio message to the transponder in the car key. The two computers talk to each other. The purpose of the electronic conversation is to verify identity. If the key is genuine, the immobilizer will switch off and the engine will start.

4 In detail the way this works is as follows: both the car computer and the transponder know a secret number. The number is unique to that car. It is called the “secret key”. Both the car computer and the transponder also know a secret algorithm. That is a complex mathematical formula. Given two numbers it will produce a third number. The algorithm is the same for all cars which use the Megamos Crypto chip. Carrying out that calculation is what the Megamos Crypto chip does.

5 When the process starts the car generates a random number. It is sent to the transponder. Now both computers perform the complex mathematical operation using two numbers they both should know, the random number and the secret key. They each produce a third number. The number is split into two parts called F and G. Both computers now know F and G. The car sends its F to the transponder. The transponder can check that the car has correctly calculated F. That proves to the transponder that the car knows both the secret key and the Megamos Crypto algorithm. The transponder can now be satisfied that the car is genuinely the car it is supposed to be. If the transponder is happy, the transponder sends G to the car. The car checks that G is correct. If it is correct then the car is happy that the transponder also knows the secret key and the Megamos Crypto algorithm. Thus the car can be satisfied that the transponder is genuine. So both devices have confirmed the identity of the other without actually revealing the secret key or the secret algorithm. The car can safely start. The verification of identity in this process depends on the shared secret knowledge. For the process to be secure, both pieces of information need to remain secret - the key and the algorithm.

6 I am satisfied that the Megamos Crypto algorithm was devised by the second claimant, Thales. I refer to Thales as the second claimant, but to be precise Thales only becomes a party if and when I make an order that they should be joined. I will do so. In my judgment, they are a proper and necessary party, and it is likely, in the sense of Cream Holdings , that the confidentiality in the Megamos Crypto algorithm belongs ultimately to them.

7 Thales do not make the Megamos Crypto chip. They license use of the algorithm to another company, EM. In turn, EM and another company, Delphi, produce the immobilizers with the Megamos Crypto chip and supply immobilizers to Volkswagen and others in the car industry.

8 The defendants are academics. They are experts in cryptography. The first defendant is at the University of Birmingham. The third and fourth defendants are at a University in Netherlands. They have conducted the following academic research. They acquired an item of software from the internet called Tango Programmer. Tango Programmer is produced by an organisation called Scorpio in Bulgaria. The Tango Programmer software contains the Megamos Crypto algorithm. However, the algorithm cannot be read from the program. It does not make the details available. What the Tango Programmer will do is perform the calculation defined by the algorithm.

9 The defendants have used their considerable skills in cryptography to find out the Megamos Crypto algorithm from using Tango Programmer. They wish to publish a paper at a USENIX Security Conference in August. USENIX is a reputable academic conference. To publish it, the defendants need to submit the paper tonight, Tuesday, 25 th June. The paper contains discussion of car security with the Megamos Crypto. It is entitled “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer”.

10 The paper describes what the defendants did. It sets out the whole of the Megamos Crypto algorithm. It explains that the work they have done has identified three vulnerabilities in the car security system. These vulnerabilities are called “attacks” in the jargon of cryptography. The attacks are not, themselves, trivial things to do. However, they allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car.

11 One attack relies on weaknesses in the secret keys that are used in certain cars. That “weak key” weakness arises because certain car makers have used weak secret keys which are easier to guess than they need to be. In effect, it is a bit like using the word “password” for a password. Another is concerned with key updates. The details do not matter. The claimants do not wish to restrain publication of these two attacks.

12 The third attack relates to weaknesses in the Megamos Crypto algorithm itself. The academics explain this attack in the paper, and, as I say, the paper also sets out the whole of the algorithm. It is these two elements that the claimants seek to prevent publication of. The claimants wish to remove the Megamos Crypto algorithm and information about the attack based on the weakness in it from the paper.

13 The defendants contend that this work is part of a long line of work in the security field exposing security weaknesses. They point out that some computer companies welcome exposure of weaknesses so that the problems can be fixed.

14 The work the defendants did to find out the Megamos Crypto algorithm was done in late 2012. The defendants work in accordance with ethical academic principles and recognise a principle in these circumstances of “responsible disclosure”. Responsible disclosure means telling the manufacturer in advance about the information that they have discovered which compromises security. This is to give the manufacturer some time to react. The defendants are prepared to attend meetings with the manufacturer to discuss things.

15 In this case the defendants identified the manufacturer as EM and approached them in November 2012. EM responded in February 2013 and discussions progressed slowly. A meeting was set up for 6 th June. At the meeting EM and Delphi asked the defendants to remove a specific part from the paper called “Definition 3.8”. This is part of the Megamos Crypto algorithm. If it is absent, then the description of the algorithm will be incomplete. EM and Delphi said it was a key part of the algorithm. The defendants said they would consider it. Before me the defendants’ position is that they should not be required to remove Definition 3.8, but, very much as a fall-back, they contend that that is the most they should be required to do.

16 In the meantime, Volkswagen heard about all this on 23 rd May. They went before Newey J without notice and obtained an urgent injunction. It came before me on 13 th June. I heard submissions from all parties, and on the basis of the short term nature of the order, following Cream Holdings , I made an order over to today to allow the parties to complete their evidence. The significance of today, as I have said, is that it is the deadline for submission of the paper.

REPRESENTATION:

17 Mr. Hollander QC leading Mr. Onslow appears for the claimant instructed by Addleshaw Goddard. Mr. Tritton leading Miss Charlotte Scott for the first and second defendants is instructed by Pinsent Masons, and Mr. Tomlinson QC, instructed by Olswang, is for the third to fifth defendants.

THE CLAIMANTS’ CASE:

18 The claimants’ case is as follows:

(i) The Megamos Crypto algorithm is confidential information. It has the necessary quality of confidence.

(ii) Whoever created Tango Programmer is likely to have acquired that confidential information in breach of confidence.

(iii) It is obvious to anyone going to the Scorpio website and acquiring the Tango Programmer that it is not legitimate software.

(iv) Therefore, whilst it may be legitimate to use reverse engineering techniques to find out secrets encrypted inside a product you have bought (per Jacob in Mars v. Teknowledge ), that is not what the defendants did. They acquired the Megamos Crypto algorithm in circumstances in which their conscience is affected. It is obviously confidential, and obviously something which they have a duty not to misuse.

(v) To publish to the world the algorithm and an attack based on its intrinsic properties, would be a misuse of that confidence.

(vi) Moreover, such publication would be highly damaging. It would facilitate theft of cars and many millions of Volkswagen cars use the Megamos Crypto algorithm.

(vii) The claimants will consent to a speedy trial of this action, which can be heard in a matter of months.

(viii) Section 12(3) of the Human Rights Act plainly applies and the principles in Cream Holdings also apply. If, the claimants submit, I apply that principle in this case then the claimants submit that they are likely to establish that publication should not be allowed and the court should grant an interim injunction over to trial.

THE DEFENDANTS’ CASE:

19 The defendants’ case is as follows:

(i) In fact, Volkswagen have no right to sue at all. They are not the owners of the confidential information and have no legitimate interest in bringing this case.

(ii) Contrary to the claimants’ case, they are not likely to succeed at all. The defendants are responsible, legitimate academics doing responsible legitimate academic work. Tango Programmer is publicly available software. It seems to have been available since 2009, at least in the sense that the Megamos Crypto algorithm seems to have been part of it since then.

(iii) In fact, it is likely that Tango Programmer is an entirely legitimate piece of software produced by legitimate reverse engineering processes, in particular one called “chip slicing”. Chip slicing involves analysing the chip under a microscope and taking it to pieces. It reveals the algorithm in the case of the Megamos Crypto chip because the hardware - that is to say the logic gates of the chip itself - embody the algorithm. The algorithm is not stored in software, it is built into the physical nature of the chip. That physical nature can be discovered by legitimate means.

(iv) So there is no basis to say that the defendants’ conscience is affected by reverse engineering Tango Programmer.

(v) If not, in any case, there is no basis to say that the claimants have any claim to misuse of confidential information.

(vi) There is clear evidence that the Megamos Crypto chip has indeed been chip sliced. Slices of the chip are visible on the internet. They show the logic gates of the chip, albeit not the complete algorithm.

(vii) Even if Tango Programmer is not legitimate, the information relating to the algorithm has lost the necessary quality of confidence because it could be found by legitimate reverse engineering - that is to say chip slicing.

(viii) Moreover, there is a strong public interest in the security field in the idea of academics exposing security flaws. This has a long history. It is part of legitimate research. The public have a right to see weaknesses in security on which they rely exposed. Otherwise industry and criminals know security is weak but the public do not. By exposing problems this process facilitates improvements in security.

(ix) The defendants have acted entirely responsibly in accordance with responsible disclosure principles. They told EM about this six months ago. It is not the defendants’ fault if Volkswagen only found out recently.

(x) Publication is an exercise of the defendants’ Article 10 rights of free speech. From the point of view of what is necessary in democratic society, this is high value speech. It is principled academic research.

(xi) The paper has been peer reviewed and is ready to be published at a legitimate conference. These academics are entitled to enhance their reputations in this field in this way.

(xii) The redactions sought by the claimants would mean the paper had to be re-reviewed in the peer review process. Therefore, the defendants will lose their ability to publish at USENIX.

(xiii) The redaction of Definition 3.8 should not be ordered, but it, at least, would not require a new peer review. The paper could still go to USENIX. The defendants point out that the claimants’ evidence is that without Definition 3.8 it would take about a year for criminals to reverse the rest of the algorithm from the information in the paper. So, albeit very much as a fall-back, if the court was minded to require redactions, that is the most that should be required.

(xiv) The idea that the paper will facilitate crime is overblown. The claimants’ evidence of an increase in the level of car crime when a previous security chip was hacked and details published in 2011 is not convincing. The attack based on the Megamos Crypto algorithm still requires the criminals to have a car, plus a key, plus two days to use a computer program which tries out a lot of possibilities. There are many easier ways of stealing a car, and so the risks are not real.

20 The claimants make the following retorts:

(i) In relation to title, the claimants submit that Volkswagen must have a legitimate interest in this case given that its customers are vulnerable and in any event Thales are now a party.

(ii) The claimants accept for this hearing that chip slicing the Megamos Crypto chip would produce the algorithm in circumstances in which the claimants have no claim, but that is not what the defendants have done.

(iii) On Tango Programmer the claimants maintain their case that it is obviously not legitimate. The source of Tango Programmer is plainly not a legitimate enterprise. Why infer that they have acted lawfully at all? Chip slicing is a expensive process - a price of about €50,000 per chip is in evidence. The claimants submit that it is not realistic to think that that is what Scorpio has done. One can infer that Scorpio has simply stolen the information, who knows how.

(iv) There are other legitimate conferences apart from USENIX. There is one in Munich in early 2014. The delay caused by this injunction will only mean that the defendants could, if they win at trial, publish at that conference.

(v) The fact that the attack in question involves two days, the car and the key does not make it at all unrealistic. As an example, in high value car crime, one recognised approach is to steal hire cars. You use a fake ID, hire the car, break the security, in this case spending the two days referred to in the attack, then put a GPS tracker in the car and return the car. The car itself can then be stolen later and this theft is untraceable.

21 I should also mention that reference was made to certain You Tube videos. The claimants said it showed the reckless nature of the defendants’ activities. I will not decide this case based on those videos. I have not watched them.

THE LAW: CONFIDENTIAL INFORMATION:

22 The law is clear. There are three elements to be established in a claim for misuse of confidential information:

(i) The information must have the necessary quality of confidence.

(ii) It must be imparted in circumstances which import an obligation of confidence.

(iii) There must be some unauthorised use (see Coco v. Clark [1969] RPC 41)

23 In Mars v. Teknowledge , [2000] FSR 138 Jacob J (as he then was) held that reverse engineering a product you had bought, including reverse engineering information encrypted for security, was not a misuse of confidential information. Although at the hearing before me two weeks ago, the claimants’ case included an argument that that decision was not right, before me the claimants accepted Mars v. Teknowledge . I do not have to consider if Mars v. Teknowledge is right. The case has been argued on the basis that it is. Mr. Hollander’s submission is that it does not apply in this case because of the particular circumstance that the Tango Programmer is obviously not legitimate software.

24 In relation to the injunction, it is plain, in my judgment, that Article 10 of the European Convention on Human Rights is engaged, and it is also plain that s.12(3) of the Human Rights Act applies. It says as follows:

“No relief [which might affect the exercise of the Convention right to freedom of expression] is to be granted so as to restrain publication before trial unless the court is satisfied that the applicant is likely to establish that publication should not be allowed.”

25 In Cream Holdings v. Banerjee [2004] UKHL 44 Lord Nicholls considered the test of “likely to establish that publication should not be allowed”. The whole passage in his judgment is relevant, and I was taken through it in the course of argument (that is to say paras.12 to 23). It is clear that the familiar American Cyanamid test is not the right test in these circumstances. The key passage is Lord Nicholls’ judgment is para.22, as follows:

In my view section 12(3) calls for a similar approach. Section 12(3) makes the likelihood of success at the trial an essential element in the court’s consideration of whether to make an interim order. But in order to achieve the necessary flexibility the degree of likelihood of success at the trial needed to satisfy section 12(3) must depend on the circumstances. There can be no single, rigid standard governing all applications for interim restraint orders. Rather, on its proper construction the effect of section 12(3) is that the court is not to make an interim restraint order unless satisfied the applicant’s prospects of success at the trial are sufficiently favourable to justify such an order being made in the particular circumstances of the case. As to what degree of likelihood makes the prospects of success ‘sufficiently favourable’, the general approach should be that courts will be exceedingly slow to make interim restraint orders where the applicant has not satisfied the court he will probably (‘more likely than not’) succeed at the trial. In general, that should be the threshold an applicant must cross before the court embarks on exercising its discretion, duly taking into account the relevant jurisprudence on article 10 and any countervailing Convention rights. But there will be cases where it is necessary for a court to depart from this general approach and a lesser degree of likelihood will suffice as a prerequisite. Circumstances where this may be so include those mentioned above: where the potential adverse consequences of disclosure are particularly grave, or where a short-lived injunction is needed to enable the court to hear and give proper consideration to an application for interim relief pending the trial or any relevant appeal.”

26 I emphasise two matters: first, the standard is a flexible one; but second, the court should be exceedingly slow to make interim orders if the court is not satisfied that the claimant will probably succeed at trial.

APPLICATION TO THIS CASE:

27 Title to sue: as I have said, I find that Thales will probably succeed at trial in showing that they own the confidential information of the Megamos Crypto algorithm. But I go further. In my judgment, Volkswagen has a legitimate interest in being a co-claimant. Clearly Thales need to be joined, but in this case, assuming the rest in the claimant’s favour, it is plainly right, in my judgment, for Volkswagen to be here. Their products depend on the secrecy of the Megamos Crypto algorithm. If Thales told Volkswagen that Thales were going to publish the algorithm, Volkswagen would have a legitimate interest in knowing that, and in seeking to prevent it (if they wished) by relying on the chain of contracts between them and Thales. The damage which would be caused by this secret being published would be suffered to a significant and substantial extent by Volkswagen. The title point, in my judgment, does not help the defendants.

28 Second, the balance of public interests and the existence of a public interest defence. I take this point next because I find the position to be clear. I recognise the enormous significance of freedom of expression and academic freedom. This has given me real concern in this case, but, assuming for this purpose that the claimants have a right to prevent publication of the algorithm, I think the balance of interests is against publication. Although it is possible to overstate the risks of car thefts, in my judgment, it is undeniable that car crime will be facilitated by the publication of the Megamos Crypto algorithm. A new way of stealing millions of cars will be put into the public domain for criminals to use. I reject the idea that this theft is sufficiently difficult as to be irrelevant. For one thing, the tenor of the paper itself is that these are real risks and real problems. I refer to the following paragraph from the paper.

“8 Practical considers and mitigation:

Our attacks require wireless communication with both the car and the transponder. It is not hard to imagine real life situations like valet parking or car rental where an adversary has access to both for a period of time. It is also possible to foresee a set up with two perpetrators, one interacting with the car, and one wirelessly pickpocketing the car key from the victim’s pocket.”

Then in the paper there are two paragraphs in which mitigations relative to the two other attacks are mentioned, and then the paper says the following:

“Unfortunately, our first attack is hard to mitigate. It seems unfeasible to prevent an adversary from gathering two authentication traces. Furthermore, this attack exploits weaknesses in the course of the cipher’s design - e.g. the size of the internal state. It would require a complete re-design of the cipher to fix these weaknesses. To that purpose, lightweight ciphers, like grain, and so on, have been proposed in the literature and could be considered as suitable replacements for the Megamos Crypto. On the positive side, our first attack is more computationally intensive than the attacks in section 6 and 7, which makes it important to take the aforementioned mitigating measures in order to prevent the more inexpensive attacks.”

29 The first attack referred to in the passage I have just quoted is the one based on knowledge of the Megamos Crypto algorithm. Given the sophisticated nature of organised gangs I do not see why it is unreal that this method could be used. If there was evidence that criminals were already using this technique then that would be different, but there is not. In my judgment, if the claimants have a cause of action against the defendants then the balance of interests is against publication.

30 Three, do the claimants have a cause of action at all? This is the key issue. The claimants say that the circumstances surrounding Tango Programmer are sufficient to show that the Megamos Crypto algorithm inside it has not been obtained legitimately. The way it is described on the website shows that it is being sold by people who know that. Although one can conceive of legitimate purposes for its use, it is plainly useful to facilitate criminal activity. That, they say, is sufficient to fix the defendants with a duty not to disclose the algorithm and the attack based on it. The defendants say that the Tango Programmer is in the public domain as a piece of software. Just because it comes from Bulgaria does not mean it is illegitimate.

31 At one stage Mr. Hollander relied on the broken English text on the website. I agree with the defendants that that is no basis at all for the inference the claimants seek to draw.

32 Mr. Garcia, at para.61 of his witness statement, says that he has little doubt how the Tango Programmer was done. He says it was done by chip slicing. Also, he says, if the Tango Programmer people were criminals, why did they make it hard to extract the algorithm from the software? I reject the latter point. Sellers of the Tango Programmer sell it from €1,000. Even a vendor of illegitimate software has a commercial interest in not letting its competitors copy the software.

33 As I have said, the claimants accept that chip slicing could not be complained about, but maintains that chip slicing is expensive and not likely to be what the Tango Programmer makers did.

34 I do not know how Tango Programmer was created, but I accept the claimants’ analysis that if the Tango Programmer was produced in breach of confidence and if the circumstances by which the defendants came to it are sufficient to mean that in good conscience that they cannot say they are free of a duty of confidence then that would make good the claimants’ claim.

35 I find that the Tango Programmer’s website is clear, that this is a product sold by someone who knows it is likely to facilitate crime. I also think it is clear that the defendants do not think the Tango Programmer comes from the legitimate automotive industry. I base myself on two paragraphs on p.6 of their paper as follows:

“More advanced car diagnostic tools like AVDI and Tango Programmer offer functionality that goes beyond ‘legitimate’ usage. These devices are able to [access?] the onboard computer memory, recover the dealer code and add a new blank transponder to the car. For this the tools do not require a genuine key to be present, but they do need physical access to the car […] The diagnostic tools use the Megamos Crypto authentication functionality to speed up the process of adding new transponders to the car. For this the tool needs the Megamos Crypto algorithm to compute valid authentication attempts.

We would like to emphasise that none of these tools is able to recover the secret key of a transponder or perform of crypto-analysis. In fact, within the legitimate auto industry Megamos Crypto is believed to be unclonable.”

36 I think it is obvious that Tango Programmer does not derive from a legitimate source in the automotive industry. I am struck by the evidence about chip slicing of the Megamos Crypto in this case. One example is Silicon Zoo in Germany. The evidence shows people who have chip sliced the Megamos Crypto chip, but crucially they have not published the algorithm. They are clearly concerned about maintaining security. But I should say there is no evidence of a link between them and Tango Programmer.

37 In my judgment, this shows that these defendants are, and have always been, on notice that the origin of Tango Programmer is at best murky. If the defendants had acquired Tango Programmer from a legitimate source then this case would be very different.

38 The claimants do not have an overwhelming case on the merits, not even a very strong one, but the Tango Programmer has a clearly murky origin, and that is obvious to the defendants. Despite this being obvious to them, the defendants have made no effort to make enquiries about the legitimacy of Tango Programmer. That is not to impose a unreasonable burden on them. They are the ones who obtained the information from Tango Programmer. Mr. Garcia simply asserts that it must have been chip sliced. I do not accept that. In my judgment, the defendants have taken a reckless attitude to the probity of the source of the information they wish to publish.

39 I think it is probable that the claimants will succeed in showing that Tango Programmer’s origin was not legitimate and that the defendants ought to have appreciated that.

CONSIDERING ALL THE FACTORS TOGETHER:

40 If I thought the purpose of this injunction was to save Volkswagen’s embarrassment I would not hesitate to refuse it. The paper in its redacted form will not prevent the defendants from saying that they have, in fact, derived the Megamos Crypto algorithm and that there is, in fact, an attack based on its weakness. Moreover, relevant people, Thales, EM, Delphi and Volkswagen, now know what the problem is. They have a chance to do something about it.

41 I sympathise with the defendants to some extent, in that they engaged in what they regarded as responsible disclosure when they told EM in November 2012. However, when Volkswagen raised the problem a few weeks ago, in my judgment, it was not consistent with the idea of responsible disclosure for the defendants to simply say, “We are going ahead anyway”. It may well not be the defendants’ fault that Volkswagen were not told earlier, but once the defendants were told about Volkswagen’s concern a responsible academic, concerned with responsible disclosure, would have realised that publication should be delayed, at least for a reasonable period, to allow for discussion with Volkswagen. Instead, the defendants have forced this interim injunction application to be dealt with in less than a month. A responsible approach would be to recognise the legitimacy of the interest in protecting the security of motor vehicles.

42 I also note that the defendants refuse, in fact, to even redact Definition 3.8, as asked for by EM and Delphi at a meeting in June. I think the defendants’ mantra of “responsible disclosure” is no such thing. It is a self-justification by defendants for the conduct they have already decided to undertake and it is not the action of responsible academics.

43 On material as it is, the claimants have much more than a merely arguable case. Albeit that the merits are not overwhelming, I find that the merits are sufficiently strong to justify interference with academic freedom and freedom of expression in this case pending trial.

44 I recognise the high value of academic free speech, but there is another high value, the security of millions of Volkswagen cars.

45 I will grant the injunction requiring the redaction sought by Volkswagen save on one point. The text on p.6 of the paper seems to me to be wrongly redacted. If the parties cannot agree the redactions I will decide.

46 Those are my reasons.

Volkswagen Aktiengesellschaft v Garcia & Ors

[2013] EWHC 1832 (Ch)

Download options

Download this judgment as a PDF (183.2 KB)

The original format of the judgment as handed down by the court, for printing and downloading.

Download this judgment as XML

The judgment in machine-readable LegalDocML format for developers, data scientists and researchers.