The legal one was looked at by lawyers earlier this year. There were two points to consider:
- copyright infringement via reverse engineering
- "hacking" statutes, e.g. Computer Misuse Act 1990
They concluded that there are no concerns in terms of copyright infringement, we have devised many non-infringing techniques for reverse-engineering and use them wherever possible, not least because they are easier to work with. When it is not possible to use such a technique this is where the exemption kicks in for creating inter-operable systems. FYI "infringement" occurs when transforming a low level language, e.g. machine code, into a high level representation. Computer programs are considered literary works, and their authors enjoy the full protection afforded as such.
The hacking statutes are very broad and technically if you used my laptop to access your own email while I was away in the bathroom you would fall foul of computer hacking laws in the UK. They said action via this angle said is a low risk (despite lawyers being conservative by nature). Teller isn't actually liable anyway, as it does not "cause" the access, the user does. Can a user accessing their own bank account ever be considered unauthorized? Would a bank prosecute their own customers for doing so? Unlikely, given Yodlee has been able to operate without legal challenge for decades now.
In terms of breakage, bank APIs rarely change. Most do not ever. The most aggressively defensive and technically competent bank IMO is Barclays and it takes them months to ship something to mess with me. They also can't just simply break something there is a window where both versions are supported where they advise users to upgrade before forcing the matter some releases down the line.
Thanks for taking the time to answer all that in so much detail, the legal aspect in particular is really interesting. Users staying on old versions is also a good point, and something I didn't consider.
Best of luck with the future of Teller, you're doing something that I personally think consumer banks should've been offering for years and it's great to see someone filling that gap. I'm hoping Monzo and others end up pushing "legacy" banks into opening up API access but I guess the realist in me finds this unlikely.
The legal one was looked at by lawyers earlier this year. There were two points to consider:
- copyright infringement via reverse engineering
- "hacking" statutes, e.g. Computer Misuse Act 1990
They concluded that there are no concerns in terms of copyright infringement, we have devised many non-infringing techniques for reverse-engineering and use them wherever possible, not least because they are easier to work with. When it is not possible to use such a technique this is where the exemption kicks in for creating inter-operable systems. FYI "infringement" occurs when transforming a low level language, e.g. machine code, into a high level representation. Computer programs are considered literary works, and their authors enjoy the full protection afforded as such.
The hacking statutes are very broad and technically if you used my laptop to access your own email while I was away in the bathroom you would fall foul of computer hacking laws in the UK. They said action via this angle said is a low risk (despite lawyers being conservative by nature). Teller isn't actually liable anyway, as it does not "cause" the access, the user does. Can a user accessing their own bank account ever be considered unauthorized? Would a bank prosecute their own customers for doing so? Unlikely, given Yodlee has been able to operate without legal challenge for decades now.
In terms of breakage, bank APIs rarely change. Most do not ever. The most aggressively defensive and technically competent bank IMO is Barclays and it takes them months to ship something to mess with me. They also can't just simply break something there is a window where both versions are supported where they advise users to upgrade before forcing the matter some releases down the line.