Archive for the ‘Internet Law’ Category

Be Afraid. Be Very Afraid.1

Saturday, June 28th, 2014

A cyber security firm called Norse maintains what it claims to be a dynamic, real-time map of cyber attacks as they happen, showing cities of origin and targets.¬† The first thing you’ll do after viewing this constantly-changing map is update your security software.¬† The second is to clean the cobwebs out of your filing cabinet.

1. ‘The Fly,’ 1986, Jeff Goldblum and Geena Davis.

– Robert Yarbrough, Esq.

New gTLD’s … New Burdens

Sunday, March 30th, 2014

domains You may recall that we reported about “one of the biggest changes in the Domain Name System” was about to be implemented by ICANN, which was introducing hundreds of new top level domains that could “end with almost any word in any language.”¬† So, instead of such dependable and familiar domains like “nike.com” and “nikon.com”, you could have “nike.shoes” or “nikon.camera.”¬† Pretty cool, right?¬† Well, maybe not so much for trademark owners.

The roll out of the new domains has been slow-paced, however, as registrars come on line with the new domains (after paying hefty application and registration fees) some trademark experts worry that the explosion of top level domains places too much burden on brand owners to police their marks and purchase unwanted domains for the sole purpose of keeping them out of the hands of would-be cyber squatters and infringers.¬† Francis Gurry, the head of the World Intellectual Property Organization (WIPO), is on record of stating that the impact upon trademark protection is “likely to be significant and disruptive.”¬†¬† SecurityWeek.com quoted Gurry:

‘The opportunity for misuse of trademarks expands exponentially,’ said Gurry, noting that registering a domain name is a cheap, automatic procedure that takes a matter of seconds and does not have a filter to examine whether there is a trademark conflict.

According to the same SecurityWeek.com article, in 2013, 2,585 cases involving 6,191 domains were were filed with WIPO, which is one of the arbiters in charge of domain disputes.¬† It is currently hearing its first case concerning a new gTLD in which a German company, Canyon Bicycles GmbH, is objecting to a Dutch registrant of canyon.bike.¬† The German company is a worldwide distributor of bicycle products and is involved in numerous international cycling events.¬† The registrant of the domain is an individual based in the Netherlands who states that he is a cyclist and web designer in the cycling industry. The disputed domain name points to a website parking page provided by the Registrar which, according to the screenshot provided by the Center, features sponsored listings including one entitled “Mountainbikes”.¬† To learn more about the case visit WIPO’s website.

This case may foreshadow many more similar disputes.¬† We’ll keep you posted.

– Adam G. Garson, Esq.

Terms of Service Didn’t Read

Thursday, February 28th, 2013

Terms of Service If you thought reading privacy policies was a was a waste of time you were right. The Carnegie Mellon Institute calculated that it would take 10 minutes to read the privacy policies of the 75 most popular websites at the standard reading rate of 250 words per minute. The medium length of privacy policies from top websites was calculated to be 2514 words.¬† If you can do the math, it takes about 10 minutes to read each privacy policy. The Carnegie Mellon Institute estimated, based upon several sources, that the average American visits between 1354 and 1518 websites per year.¬† Assuming that you are an average Internet user, if you were to read every privacy policy on each website you visit, you would spend 25 days out of the year just reading privacy policies.¬† Carnegie Mellon “put a dollar amount on this massive time suck” and came up with an astonishing hypothetical cost of $781 billion per year!¬† According to the Atlantic, that’s more than the GDP of Florida.

It’s no wonder, that nobody reads web site privacy policies or terms of service. In fact, it’s a standard joke. Of course, because nobody reads them doesn’t mean that they aren’t important.¬† When you agree to a web site’s privacy policy you can be handing the web site owner your credit cards, personal information and other matters that you don’t wish to share with the public.¬† It’s really imperative that you insure that the web site owner protects your information. To make it easier to understand what rights you are giving up by visiting popular websites a new online project called Terms of Service Didn’t Read tries to make the process simpler. The project provides easy-to-read summaries of the privacy policies and terms of service of most popular websites. Although not all sites are rated yet, a quick visit provides some interesting observations:

Facebook

Thumbs Down: Very broad copyright license on your content.

Thumbs Up: You can give your feedback before changes: Facebook will solicit your feedback during the 3 or 7 days minimum preceding changes to their terms. However, the results are not binding unless 30% of the active users voted.

Wikipedia

All Thumbs Up – very good user policies.

Yahoo

Thumbs Down: Terms may be changed any time at their discretion, without notice to the user.

Dropbox

All Thumbs Up: Transparency on law enforcement requests and  Promise to inform about data requests.

Microsoft

Big X: Lawsuit and class action waiver. Arbitration for dispute resolution in the United States: a binding arbitration clause and class action waiver that affects how disputes with Microsoft will be resolved in the United States. This clause governs many of Microsoft’s online services – including your Microsoft account and many of their online products and services for consumers, such as Hotmail, SkyDrive, Bing, MSN, Office.com, Windows Live Messenger, Windows Photo Gallery, Windows Movie Maker, Windows Mail Desktop, and Windows Writer.

Evernote

Big X:  You cannot delete your account.

Terms of Service Didn’t Read should be required reading for anybody that uses the Internet.

–Adam G. Garson, Esq.

But I Already Paid for That!

Thursday, January 31st, 2013

We are anonymousThe United States Federal Government does a lot with tax dollars. One of those things is that it funds research in many areas that lead to published papers in basic science, medicine, engineering, and many more fields. Another is that it runs the Federal Court system, which publishes orders, rules, opinions, and the like. What do all of these publications have in common?¬† It’s that even though your tax dollars paid to create them in the first place, you will almost certainly have to pay again if you want to read them. You may pay a journal publisher thousands of dollars per year for a subscription, or pay $20-$45 for a copy of a single article. ¬†You may pay 10¬Ę per page to PACER, the online court system operated by the government, but you’ll pay.

Some argue that if tax dollars are used to create a document, then taxpayers should not have to pay to read it.  Certainly, this was the argument of young Aaron Swartz, when he downloaded a significant slice of the PACER database and put it online for free. He also argued that the JSTOR database of articles was largely the result of publicly funded work, and should be freely available. JSTOR, a nonprofit organization, is a database of scholarly publications, including thousands journals that cost thousands of dollars each per year in subscription fees Рand that publish taxpayer-funded research.

According to the famous “hacker ethic”, information wants to be free. ¬†This ideal, often in conflict with the proprietary rights regimes of patent and copyright, sets in motion a conflict that, in the case of Mr. Swartz, led to his prosecution and the threat of crushing legal fees, heavy fines, and a potential prison sentence far longer than if he had killed someone while driving under the influence of alcohol. In the face of these penalties, Mr. Swartz, age 26, took his own life.

The hacktivist group “Anonymous” has expressed its collective disgust with this situation using its recognizable Guy Fawkes masked persona, by inserting a message onto the website of the Federal Sentencing Commission.¬†Their message, hacked into the website stated, in part,

There must be reform of outdated and poorly-envisioned legislation, written to be so broadly applied as to make a felony crime out of violation of terms of service, creating in effect vast swathes of crimes, and allowing for selective punishment. There must be reform of mandatory minimum sentencing. There must be a return to proportionality of punishment with respect to actual harm caused, and consideration of motive and mens rea. The inalienable right to a presumption of innocence and the recourse to trial and possibility of exoneration must be returned to its sacred status, and not gambled away by pre-trial bargaining in the face of overwhelming sentences, unaffordable justice and disfavorable odds. Laws must be upheld unselectively, and not used as a weapon of government to make examples of those it deems threatening to its power.

This crie de coeur goes beyond making information free, and the delivery method, hacking a website, is, itself, criminal, but the message rings true to those who remember the social activism of the 1960s and who lived through the Pentagon Papers, Watergate and Iran Contra. Even some intellectual property attorneys (but not many) have come to recognize that our present laws punish what used to be considered artistic creativity, and thus impoverish our culture and our civil discourse.

Perhaps the young Congressional staffer who suggested that we rebalance the interests of publishers and the public they used to serve was on the right track after all – just before he was fired for suggesting that copyrights ought to be a bit shorter than a century!

Lawrence A. Husick Esq.

Check Those Employee Handbooks!

Thursday, January 31st, 2013

nlrb

There have been a spate of reporting about the National Labor Relations Board’s (NLRB) recent decisions about the use of social media by employees.¬† You may think that an employer should have absolute control over its employees’ right to talk about the employer or its customers on the Internet, but that is not the case.¬† In fact, if an employee’s online speech can be even broadly interpreted to be protected under Sections 7 and 8 of the National Labor Relations Act (NLRA),¬† such speech is permissible.¬† Sections 7 and 8 of the NLRA protect a worker’s “right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection….”

The New York Times recently reported the trend in NLRB decisions under the headline, “Even if It Enrages Your Boss, Social Net Speech is Protected.”¬† Similarly, the PBS network just aired a report on NLRB decisions entitled “Can Facebook Posts Get You Fired?”¬† The message presented by these reports is clear: employers must give careful consideration before firing an employee for what he or she says on the Internet.¬† We strongly recommend that employers review these reports and also consider the implications of the rulings for employee handbooks.

A recent decision this month involving DirectTV provides an object lesson.¬† In that case, DirectTV’s employee handbook contained several rules that the NLRB found objectionable because they imposed blanket prohibitions against employees from contacting the media and law enforcement about the employer or its employees.¬† The “Confidentiality” section of the handbook broadly prohibited employees from contacting the media about the company, its business and customers or from talking with law enforcement without pre-authorization and to “never discuss details about your job, company business or work projects with anyone outside the company” and to “never give out information about customers or DirectTV employees.” The rule provided detailed instructions about where employees should not discuss DirectTV business, including “public venues, such as seminars and conferences, or via online posting or information data sharing forums, such as mailing lists, websites, blogs, and chat rooms.”

According to the NLRB, such prohibitions could reasonably be understood by employees to restrict discussion of their wages and other terms and conditions of employment. That the handbook’s rules suggested that the confidentiality prohibitions applied to discussions about customers, company business and other items did not save the rules from the Board’s “condemnation.” The Board held that the confidentiality rule violated section 8 (a)(1) of the NLRA. What’s the lesson?¬† Avoid the cost of litigation, review your employee handbooks now.

–Adam G. Garson, Esq.

Privacy in the Age of Apps

Monday, December 31st, 2012

Anonymous

If you use or develop online software or smartphone “apps” then you need to know about CalOPPA. ¬†No, that’s not some form of steam-driven musical device from an old-time carousel. It’s the¬†California Online Privacy Protection Act, and it has very real consequences for any company that does business online. This month, the State of California sued Delta Airlines for failure to comply with CalOPPA, and the suit seeks $2.500 for EACH TIME the Fly Delta mobile app was downloaded!

To comply with CalOPPA, you need to figure out if your online system or app collects any personally identifiable information (“PII”) such as a name, email address, physical address, telephone number, IP address, current location, or sensitive information such as a social security number. ¬†Next, you have to know the target age range for your web page or app. If it’s under 13, you need to talk to an attorney ASAP. There are special rules that apply.

Next you need a list of every party that will have access to the PII that you collect. ¬†You then need to specify how the user can control that PII. ¬†Can they view what you’ve collected, edit it, and delete it from your database? You then need a written policy that you will display to anyone from whom you collect PII that explains what you collect, how you intend to use it, with whom you may share it, and what the user can do to view, change or delete his own PII in your systems. You may want to review the sample policies available from the Center for Democracy and Technology, which has a very complete template, and then have your attorney review your policy after you’re done drafting it.¬† Finally, you may wish to get certified by a third party like TrustE so that you tell your users that you’re trustworthy with their PII.

Compliance with privacy regulations also varies in other countries, but these basic steps are the minimum necessary for any developer. If you need a hand, the attorneys at Lipton, Weinberger & Husick can help to draft these kinds of policies, and others. Give them a call.

–Lawrence A. Husick, Esq.

Internet Trends: Linking is not Copying (In the 7th Circuit, anyway)

Thursday, August 30th, 2012

Upload video icon

Here’s another Internet copyright conundrum.¬† Assume you have a social networking web site where you let users post links or bookmarks to their favorite videos from all over the Internet.¬† To view the videos, a visitor clicks on a link and the video is streamed into a video frame much like you see on YouTube.¬† Many of your users post links to legitimate videos but some also post links to videos that were copied without the permission of their owners.¬† Remember, your web site and your servers contain only links to the videos, not copies of the videos themselves.¬† Are you liable for contributory copyright infringement by permitting users to post links to infringing videos?

The answer to this question is not obvious.¬† Is a streaming video an infringing copy of the work?¬† Is either posting the link or streaming the video a prohibited public performance?¬† In a recent appellate opinion, Judge Posner of the Federal Circuit Court for the Seventh Circuit has offered a solution.¬† In Flava Works, Inc. v. myVidster.com (7th Cir. 2012), the plaintiff sued myVidster for contributory infringement. myVidster operates a website similar to our hypothetical video sharing site.¬† Flava Works contended that myVidster contributed to copyright infringement by permitting users to post links to illegal copies of pornographic movies.¬† Ordinarily, such films are available only in Flava Works’ web site and only if the viewer paid to see them.¬† The lower court granted Flava Works a preliminary injunction, concluding that it was likely that it would prevail in proving that myVidster was a contributory copyright infringer.¬† Judge Posner disagreed and vacated the order.

Judge Posner concluded that posting a link was not the same as posting a “copy” of the infringing work.¬† The video, Judge Posner reasoned, is being transmitted from a third-party’s server to the viewer’s computer.¬†¬† myVidster, according to the court, was not hosting videos and never touched the video streams. The court wrote that the infringer is the individual who uploaded it to the third-party’s server, not myVidster, and not MyVidster’s visitor:

As long as the visitor makes no copy of the copyrighted video that he is watching, he is not violating the copyright owner’s exclusive right, conferred by the Copyright Act … Someone who uses one of those [links] to bypass Flava’s pay wall and watch a copyrighted video for free is no more a copyright infringer than if he had snuck into a movie theater and watched a copyrighted movie without buying a ticket. The facilitator of conduct that doesn’t infringe copyright is not a contributory infringer.

The question of whether myVidster is contributorily liable for an infringing “public performance” was not as clear to the judge, particularly as to whether the process of making the videos available to the public by uploading them could be interpreted under the Copyright Act as a public performance.¬† On that score, Judge Posner, concluded that the law was ambiguous.¬† On the other hand, it was clear to the court that myVidster could not be construed as offering a public performance by providing lists of links for viewing videos.¬† Judge Posner wrote that myVidster is no more liable than the New Yorker is for providing theater listings:

By listing plays and giving the name and address of the theaters where they are being performed, the New Yorker is not performing them. It is not “transmitting or¬† communicating” them.

For now myVidster gets off the hook but If you’re interested in this topic, Judge Posner’s reasoning is as entertaining as it is interesting.¬† Learn more about copyright law from the opinion, which can be downloaded from this link.

– Adam G. Garson, Esq.

Ask Dr. Copyright . . .

Monday, April 30th, 2012

copyright question Dear Doc:

I hear a lot about storing files on “the cloud” these days. From your perspective, do I lose any rights when I use such a service?¬† They sure are convenient!

Signed,

Will Robinson

DANGER, WILL ROBINSON!!! DANGER!!!

The “Doc” has reviewed the terms and conditions of the license agreements of a few “cloud” storage services, and here is what he found…

DROPBOX: “By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.”

MICROSOFT SKYDRIVE: “Except for material that we license to you, we don’t claim ownership of the content you provide on the service. Your content remains your content. We also don’t control, verify, or endorse the content that you and others make available on the service.”

APPLE iCLOUD: “Apple does not claim ownership of the materials and/or Content you submit or make available on the Service. However, by submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you.”

GOOGLE DRIVE: “When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”

For comparison, here are the terms for Google’s incredibly popular GMail service:

GMAIL: “Google claims no ownership or control over any Content submitted, posted or displayed by you on or through Google services. You or a third party licensor, as appropriate, retain all patent, trademark and copyright to any Content you submit, post or display on or through Google services and you are responsible for protecting those rights, as appropriate. By submitting, posting or displaying Content on or through Google services which are intended to be available to the members of the public, you grant Google a worldwide, non-exclusive, royalty-free license to reproduce, adapt, modify, publish and distribute such Content on Google services for the purpose of displaying, distributing and promoting Google services. Google reserves the right to syndicate Content submitted, posted or displayed by you on or through Google services and use that Content in connection with any service offered by Google.”

So, Will, of all of these services, the new Google Drive service is the one to avoid (for now) because anything you put on that service may be used by Google in any way (public performance?) whether you intend to make it public or not.¬† The “Doc” uses some of these services, but NEVER puts anything confidential on them without first encrypting the information using a very strong public key encryption program (GPG) using a 2048 bit key.¬† By the way, if you’re a lawyer, accountant or medical doctor, you have other professional rules that may limit your use of cloud services.¬† Be careful of those, too. The “Doc” may be paranoid, but remember the old saying, “Just because you’re paranoid, it doesn’t mean that they’re NOT out to get you!”¬† You’ve been warned.¬† Now remember to turn on the force field before you go to bed.

The “Doc”

– Lawrence A Husick, Esq.

A Book By Any Other Name

Thursday, March 29th, 2012

bookReaders of this newsletter will recall that trademark rights in the United States are established by use, not by registration. There are benefits to registration, of course, but rights arise by the actual use of a mark in commerce in conjunction with a product or service. Often, the assertion of a trademark use is indicated by the placement of the letters TM adjacent the mark. These letters let the public know that the user is claiming trademark rights.

Another generally established principal of trademark law is that one can not, by asserting a trademark right in a word, remove that word from its common language use. In other words, one can not extract from the language the common use of a word by claiming trademark rights in it. However, it is possible to assert a trademark right to a word in the limited context of a particular association or use.

Facebook has been very proactive in trying to establish trademark rights to words it uses in association with its social networking site. For instance as of March 26, 2012, the United State Patent and Trademark Office has granted trademark registrations for FACEBOOK and WALL. Pending applications include: LIKE and FB among others. The use of FACE as a trademark has also been approved by the USPTO.  Registration is awaiting proof from Facebook that it actually has used the mark in commerce.

To establish trademark rights to a word, it is useful to demonstrate that the public associates the use of the word with a product or service. Which brings us to the present interesting attempt by Facebook to begin to establish rights to the word “BOOK.” The recently proposed Facebook user agreement open for public comment states: “You will not use our copyrights or trademarks (including Facebook, the Faceboo, and F Logos, FB, Face, Poke, Book and Wall) or any confusingly similar marks, except as expressly permitted by our Brand Usage Guidelines or with our prior written permission.” So, following these guidelines, use of your Facebook account mandates that you recognize BOOK as a trademark belonging to Facebook. This may be an end run by Facebook to bolster future argument against other users of the word BOOK that Facebook has already established in the public’s mind an association between the word BOOK with Facebook. What do you think of this strategy?

– Laurence Weinberger, Esq.

Is Facebook Your Friend?

Wednesday, February 29th, 2012

facebookDo you have a Facebook Account?¬† Do you realize that every time you click the “Like” button for a product, service or website,¬† Facebook may distribute a paid advertisement (“a sponsored story”) using your name to all of your “Friends” suggesting that you are recommending the product or service?¬† While Facebook is described in the popular media as a social networking site, it is, in reality, an advertising business generating its revenue¬† through the sale of advertising. Zuckerberg (CEO of Facebook) has said: “…nothing influences people more than a recommendation from a trusted friend. A trusted referral influences people more than the best broadcaster message. A trusted referral is the Holy Grail of advertising.” Facebook’s COO has said: “…making your customers your marketers”…”is the illusive goal we’ve been searching for.” Consequently, Facebook is able to charge a higher rate for the “sponsored stories.”

Now¬†Facebook has been sued¬†in Federal Court in California over its “sponsored story” advertising practice under statutory provisions governing the right of publicity, unfair competition and fraudulent and deceptive practices. California has a law on the books that says everyone has the right to control how their name, photo, likeness, and identity is used for commercial purposes, and such use may not be done without their consent and a minimum ($750) payment. The complaint makes several interesting points, not the least of which is that Facebook employs a unique lexicon of doublespeak by intentionally distorting the everyday meaning of words and misleading members.¬† Terms such as “friends,” “like,” “stories,” and “sponsor” may not mean the same to us as they do to Facebook. On Facebook, “friends” are not really limited to close or intimate associates; “like” does not necessarily imply an affinity for the site/item; “sponsors” are really advertisers paying for the ads; and “stories” are not written tales but are either items of friends doings, or in the case of¬† “sponsored stories” the advertisements generated from members clicking the “Like” button. In addition, plaintiffs allege that Facebook provides no avenue for opting out of the sponsored stories.

An interesting side light to the case is that minors are allowed to become members and have their names and images used in the advertisements without requiring the consent of their parents or guardians. Needless to say, Facebook has mounted a vigorous legal challenge on both procedural and legal grounds to the accusations, asserting a laundry list of defenses including: consent upon registering under Facebook’s terms;¬† protection under the Federal Communications Decency Act; First Amendment legitimate interest protection under the Constitution; and protection under the “newsworthy exception” for reporting on the activities of famous people.¬† (Would you believe that Facebook asserts that that members are famous to their friends?)

On December 16, 2011, ruling on Facebook’s motion to dismiss the lawsuit, the Court refused to accept most of Facebook’s arguments, finding that plaintiffs had asserted valid causes of action under the law. The Court reserved the question of whether members consented to Facebook’s practices¬†¬† The case is now in its discovery phase.

In an interesting twist, just last week, two of the plaintiffs asked to drop out of the case after Facebook’s lawyers demanded discovery depositions that threatened the plaintiffs with even more loss of privacy. As of this writing, the Court has not ruled on their request.

– Laurence Weinberger, Esq.