HT-2021-000363 - [2025] EWHC 532 (TCC)

In July 2017 LzLabs opened DR-2581, requesting Winsopia to process customer applications on its mainframe. As recorded on the DR, initially, Winsopia encountered difficulties because the data supplied was incomplete but subsequently, it used CPX to scrub and package the load modules and sent them to LzLabs.

On 26 July 2017 LzLabs opened DR-2625, identifying an IBM CSECT, IGZCBSN, that had not been scrubbed from the load modules and asking Winsopia to rescrub those libraries to remove it.

Mr Palmer and Mr Bowler discovered that the CSECT was not specified on the CPX scrub list, as recorded in Mr Palmer’s email dated 2 August 2017. By further email dated 14 August 2017, Mr Bowler stated:

“Chris Palmer sent me the attached "scrub list" of csects which Winsopia remove from load modules and replace by dummy csects. Chris has asked Lzlabs to review the list and report back additions or deletions.

To my mind the list appears at first sight somewhat sparse. I would prefer to see a blanket exclusion of everything beginning with IGZ, CEE, etc. with specific exceptions like CEESTART, CEEUOPT. This would require a modification to the Winsopia scrub utility but Chris indicated he is willing to make that enhancement.”

On 4 September 2017 DR-2747 was opened, in which Mr Bowler stated that the load library delivered in response to DR-2625 to LzLabs was found to contain 43 listed CSECTs, which were then added to the CPX scrub list. Yet further unscrubbed CSECTs were discovered in this load library as recorded by Mr Palmer in Bugzilla Ticket 347-A on 5 September 2017.

The defendants’ submission is that none of the relevant materials originated from Winsopia’s mainframe; they came from versions of IBM products that were not licensed to Winsopia, and were not provided by IBM to Winsopia. That is an oversimplification of the process; Winsopia did not just act as a post-box for customer applications. The CPX process involved loading the application and calling the CPX LZMPDSE program, which in turn would call the z/OS binder to read the load module, break it into CSECTs and perform the scrubbing exercise. The question in respect of this allegation is the extent to which, if at all, the relevant load modules were in fact subject to CPX processing.

The experts agree that a number of the unscrubbed CSECTS related to historic versions of COBOL and PL/I that could not have emanated from Winsopia’s mainframe. However, others are still supplied by IBM with z/OS and are available to Winsopia on its mainframe. Both Mr Swanson and Mr Stephens examined the load modules on the zPDT machine. They identified that a number of the unscrubbed CSECTs were not contained in the z/OS library and therefore unlikely to have been available on Winsopia’s mainframe but they also identified a number of the unscrubbed CSECTs that are available in z/OS and therefore available on Winsopia’s mainframe. There was not complete agreement between the experts. Mr Swanson and Mr Stephens agreed that 19 of the unscrubbed CSECTs are part of the SCEELKED dataset forming part of z/OS Base. They disagreed on a further 4 CSECTs, with Mr Stephens identifying them as CSECTs present in a different version to those available to Winsopia.

DR-2625 suggests that Winsopia might have re-compiled, assembled and/or link-edited some of the applications on the mainframe, thus indicating that at least some of these unscrubbed CSECTs could have been inserted into the load modules at that time. Mr Stephens agreed in cross-examination that it was plausible that Winsopia re-bound the modules but he stated that he had seen no evidence to that effect.

Drawing together the strands of evidence on this issue, despite the best efforts of the experts, it is not clear what was done by Winsopia when sending these load modules to LzLabs. The contemporaneous documents demonstrate that CPX did not remove CSECTs effectively from these load modules. However, there is inadequate evidence as to whether the versions of the CSECTs which Winsopia could access under the ICA contained the same code as the older versions in the load modules supplied by the customer. Therefore, it is unclear whether Winsopia transferred out of its enterprise any CSECTs that were subject to the terms and conditions of the ICA.

It follows that IBM have not established any breach of the ICA in respect of these items.