Business and Technology Law

In an earlier post, we examined “copyright trolling,” an unsettling trend in intellectual property enforcement. So far, the primary culprit is the Las Vegas Review-Journal (LVRJ) by way of Righthaven LLC, a copyright litigation specialist possibly created to work exclusively on LVRJ cases, which searches for websites that have reposted articles from the LVRJ without explicit permission to do so. When Righthaven finds a website that has reposted portions of or entire articles, its strategy has been to proceed directly to filing suit instead of engaging in the typical procedure of attempting to resolve the issue first without involving the courts. The more cynical among you may contemplate that Righthaven’s strategy may be designed to extract settlements from unsophisticated bloggers intent on avoiding costly legal battles.

Whatever the thought process behind the sue-first-ask-questions-later strategy, some of the targeted organizations are fighting back. In October, U.S. District Judge Larry Hicks ruled for defendant Realty One Group, Inc. when it dismissed a Righthaven infringement suit finding that the defendant’s posting of the first eight sentences of a 30-sentence LVRJ article to be “fair use” of another’s copyright. While this decision is not necessarily binding precedent on other courts, Judge Hicks reasoning has not gone unnoticed. Then, in early November, in another Righthaven case, the court entered an order for Righthaven to “show cause” why its infringement claim in this case should not also be dismissed on “fair use” grounds. Interestingly, the judge raised this issue without the defendant in the case first doing so. The rulings appear to have had an effect on Righthaven’s strategy. In a motion filed in the Realty One lawsuit on November 15, 2010, Righthaven announced that it “does not anticipate filing any future lawsuits founded upon infringements of less than 75% of a copyrighted work.”

With holdings against it on the fair use issue, it is understandable that Righthaven would want to focus its efforts on businesses that copy its content in full, rather than in excerpts. However, businesses should not rely on these results in assuming they are safe from the kinds of tactics employed by Righthaven, but instead should work with counsel to ensure their compliance with laws affecting their potential liability for published content, such as the Digital Millennium Copyright Act (DMCA).

The Chinese government and software stakeholders in China appear to be strengthening their attention to the problem of unlicensed software use.

On November 30, 2010, the Chinese government announced that it would be inspecting all central and local government computers during 2010 and 2011 to ensure that all departments are using only properly licensed software. That announcement followed a six-month national campaign by the Chinese government to crack down on the production and distribution of pirated content. In addition, Microsoft recently announced that it had filed a lawsuit against 10 companies in China for selling computers with unlicensed versions of Windows and other products pre-installed, which came on the heels of the software giant’s recent victory in a lawsuit it filed against a chain of Internet cafe businesses in China that used pirated software.

Finally, in a series of meetings on December 1, 2010, the Business Software Alliance (BSA) and many of its members met with Obama administration officials to outline proposals for a new trade strategy with China intended to open up that market to software publishers whose efforts there have been crippled by widespread piracy. Those proposals include:

• Working to increase U.S. software exports to China by 50 percent in two years;
• Requiring the development and implementation of a system to ensure that stakeholders meet their commitments for legalization; and
• Requiring the development and implementation of legal tools to curb piracy;
• Dispensing with certain Chinese polices that often require foreign firms wanting to conduct business in China to transfer intellectual property to Chinese companies.

In a highly publicized case, SAP has been ordered to pay Oracle $1.3 billion for a SAP subsidiary’s theft of customer-support documents and software in an attempt to hijack Oracle’s customers. This is one of the largest amounts – if not the largest amount – ever awarded by a U.S. court for software copyright infringement. The U.S. District Court for the Northern District of California agreed that the value of the stolen intellectual property was vast and that the damages award was appropriate due to the vital importance of copyrights in the software industry. SAP had admitted liability, but it claimed that it should only pay for money it made from the 358 customers it gained with the stolen data.

Oracle’s complaint indicated that SAP swept vast amounts of Oracle software products and proprietary information onto SAP’s servers. The claims against SAP recited in the complaint included violations of the Federal Computer Fraud and Abuse Act and California Computer Data Access and Fraud Act, intentional and negligent interference with prospective economic advantage, unfair competition, and other civil claims.

The facts in the complaint indicate a systematic attack on Oracle’s systems in which thousands of documents and programs appear to have been stolen. It also appears that SAP did little to conceal its activities. While the legal issues involved in the case were not particularly novel or complex, this ruling could have a significant effect on the software industry. In a world where it is becoming increasingly important for different vendors’ products to work together, having two players of Oracle’s and SAP’s size embroiled in a contentious and ongoing feud could spell trouble for businesses using their products.

On December 2, 2010, criminal charges were dismissed against a defendant in California who was facing up to 10 years in prison for running a business circumventing security measures for Xbox gaming systems. Matthew Crippen had been charged with two counts of breaching anti-circumvention provisions in the Digital Millennium Copyright Act (DMCA) by modifying gaming consoles to play pirated games.

The DMCA contains prohibitions against circumventing software security protocols designed to prevent the use of unlicensed software. A person may defend against copyright infringement claims by asserting the “fair use” defense, which allows the unauthorized use of copyrighted materials under certain limited circumstances, such as writing a news article or parody, or reverse engineering computer technology. However, the judge ruled Crippen could not use the “fair use” defense in the criminal trial.

This might have been a landmark case for DMCA criminal charges having been brought against a person accused of modifying a gaming console to play pirated games. If the court had found Crippen guilty, he faced up to five years for each violation of the DMCA. However, the judge noted serious flaws with the case, and prosecutors ultimately withdrew the charges.

This case nevertheless could impact the way the government deals with all software piracy and alleged copyright infringement. Many such allegations currently come in the form of civil claims from the Business Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”) on behalf of software publishers. It will be interesting to see if the government begins to pursue criminal charges more frequently in cases where the BSA or the SIIA might otherwise have been the main protagonist.

With the intense scrutiny and speculation swirling around WikiLeaks’ most recent posting of confidential U.S. State Department documents, it should not come as a surprise that Amazon, WikiLeaks’ hosting provider, found itself under informal investigation by Congress. Facing this type of inquiry, it did not take long for Amazon to terminate its cloud agreement with WikiLeaks, leaving the whistle-blowing site temporarily without an online presence as it searched for a new cloud provider to host its materials.

While this action by Amazon is arguably the right decision from a national security perspective, it raises some general concerns regarding cloud computing, specifically: How much power do cloud providers wield over your company’s business continuity? Cloud contracts generally include language allowing for the provider to terminate the agreement for cause, citing illegal or improper use of its platform. However, problems arise for cloud customers when these contracts give the cloud provider complete and sole discretion over what constitutes improper use. Based on the Acceptable Use Policy incorporated into Amazon’s Web Services agreement, this provision is likely what Amazon pointed to in justifying its action to terminate its agreement with WikiLeaks.

Such unfettered control by the cloud provider is a risk that companies working in the cloud clearly should not accept, if at all possible. Most companies do not engage in the types of activities at issue in the WikiLeaks affair, but less egregious activity easily can be justified by the provider under these broad termination provisions, leaving the cloud customer scrambling to keep its business operational while it seeks alternatives. Companies should carefully review and negotiate the acceptable use policies attached to contracts to retain some control over the termination provisions before moving business-critical activities to the cloud.

On November 15, 2010, Dow Jones & Company, Inc. settled a lawsuit it had filed against Briefing.com for Briefing.com’s systematic republishing of more than 100 time-sensitive Dow Jones articles. Dow Jones had alleged that Briefing.com’s actions constituted both “traditional” copyright infringement as well as an infringement of Dow Jones’ rights under the so-called “hot news” doctrine. That doctrine originally was formulated by the Supreme Court in 1918 to address a competitor’s re-distribution of briefly valuable, time-sensitive “facts” that otherwise might not be copyrightable. A copy of Dow Jones’ complaint is available here.

The “hot news” doctrine has seen a resurgence in interest in recent years due to the ever-expanding volume of reported facts on the Internet. However, with so-called copyright “trolls” now starting to aggressively pursue alleged infringers, the doctrine has the potential to be abused by those in search of a windfall, and it will be interesting to see if the courts or Congress takes action to curb its applicability.

While Briefing.com’s liability appears to have been the results of actions taken by the company, rather than by the company’s online users, Internet content providers nevertheless should work with counsel to address any areas of doubt regarding compliance with laws that may affect their liability for published content. For example, the safe harbor provisions of the Digital Millennium Copyright Act (DMCA) allow providers to escape liability for contributory copyright infringement based on information posted by the providers’ users, but only if the providers meet certain statutory requirements under the Act. One of those requirements is registration of a designated agent for copyright claims. That registration must be made with the U.S. Copyright Office and must be accompanied by a $105 fee, which is a small price to pay for a measure of security from copyright “trolls.” More information regarding the registration process – including the registration application – is available here.

Earlier this year, Mississippi passed legislation requiring organizations to notify individuals whose personal information is compromised by a data breach. With only Alabama, Kentucky, New Mexico and South Dakota as the remaining states without data breach notification laws, Mississippi joins the vast majority of states to have passed such legislation. House Bill 583 will not go into effect until July 1, 2011, but its form and structure tracks many other states’ notice requirements in the event of a data breach.

Based on California’s original definition of personally identifying information (PII), for a breach to trigger the Mississippi notification requirement, the leaked PII must include a name along with a social security number or driver’s license or an account number in combination with any required security or access code. In the event of a triggering breach, notification must be made to individuals only, not to government regulators or any credit reporting agencies. However, in cases where the breaching organization reasonably determines that the breach is not likely to result in harm to the affected individuals, the notification requirement is waived. The law also includes a safe harbor for organizations that secure PII by encryption or other technologies rendering the PII “unreadable or unusable.”

Although there are many similarities between Mississippi’s breach requirement and other state breach notification requirements, significant differences exist with respect to acceptable time to notify, criminal and civil penalties, safe harbors and exemptions. For the vast majority of businesses handling personal information, a careful review of PII handling policies as well as an implementation of a breach notification procedure is recommended. For an outline of the major requirements under each state’s breach notification law, please see our State Data Breach Notification Laws chart.

The United States government has earmarked money for intellectual property enforcement education and training for many foreign nations. Countries including China, Brazil and several located in sub-Saharan Africa as well as Interpol will work with U.S. officials to collaborate in the delivery of IP rights-protection training.

The projects being funded have diverse aims. One Latin-American program will focus on training judges from Peru, Chile, Brazil, Argentina, Paraguay and Uruguay regarding digital copyright piracy crimes, while another in that region will be directed at combating the sale of counterfeit pharmaceuticals. China – which has been devoting increasing effort to IP enforcement in response to rampant piracy and counterfeit-goods problems within its borders – will be participating in three different, regional programs providing training for judges, prosecutors and other enforcement officials and also aiming to strengthen regional cooperation. In another project, U.S. Department of Homeland Security officials will be working with Interpol to deliver training workshops for developing countries.

The U.S. government continues to fund initiatives to protect intellectual property abroad and to pressure foreign governments to actively prevent copyright infringement and software piracy. With IP rights-infringement issues generally much more prevalent in Asia, Latin America and developing countries, it is hoped that such programs will help to thwart copyright infringement and to reduce the availability and production of counterfeit goods.

On December 14, 2010, in the case of MDY Industries v. Blizzard Entertainment, the Ninth Circuit emphasized an important point for online service providers and legal practitioners to keep in mind when drafting software end user license agreements. MDY Industries, maker of software program – “Glider” – that automatically plays Blizzard Entertainment’s popular World of Warcraft game, filed a declaratory judgment action against Blizzard to determine whether MDY’s program infringes any of Blizzard’s rights. The Ninth Circuit addressed, among other issues, whether Glider violates Blizzard’s copyrights.

The Court began its analysis by identifying the two types of provisions in licenses:

We refer to contractual terms that limit a license’s scope as “conditions,” the breach of which constitute copyright infringement. We refer to all other license terms as “covenants,” the breach of which is actionable only under contract law. To establish copyright infringement, then, Blizzard must demonstrate that the violated term... is a condition rather than a covenant.

The Court then determined that nothing in the license agreement conditioned Blizzard’s limited license grant on a player’s compliance with the terms that were breached.

The point is an important one. Without that standard, a software copyright holder could identify any disfavored conduct associated with the use of its software as copyright infringement by purporting to condition the license on the player’s abstention from the disfavored conduct. The Copyright Act does not contemplate such wide protection. Only when a license term is grounded in one of the exclusive rights protected by the Copyright Act may breach of a term lead to copyright infringement liability.

Software developers should carefully craft their license agreements to leverage all of their rights under the Copyright Act and should expect that only certain license terms, if violated, could lead to copyright infringement liability.

Many trademarks – among them, ‘escalator,’ ‘pilates,’ and ‘netbook’, to name a few – have suffered the fate of being deemed “generic,” often in the context of trademark disputes. In those cases, what may have once been words or phrases capable of identifying the source of a product or otherwise uniquely identifying the product in the marketplace have been found to describe an entire category of products, such that competitors would be harmed by one company’s continued monopolization of the term. Ironically, in many cases, such “genericide” follows on the heels of significant commercial success for the products or services associated with the mark, making the loss of branding rights particularly troublesome for long-term business goals.

However, on November 30, 2010, the Trademark Trial and Appeal Board ruled that the THUMBDRIVE® trademark was not generic, leaving it eligible for registration with the U.S. Patent and Trademark Office. In reviewing the application filed by Trek 2000 International, Ltd., a USPTO examining attorney earlier had determined that “thumb drive” had come to describe an entire category of computer-related hardware devices, making it ineligible for registration with the USPTO. However, after Trek disputed that decision, the TTAB disagreed, finding that Trek had actively policed its mark and had taken steps to ensure that third parties recognized the mark as a Trek brand, rather than as a common term.

THUMBDRIVE® easily could have gone the way of other trademarks that eventually became “genericized” through inadequate or non-existent policing efforts. Especially in the Internet Age, language tends to evolve at a faster rate than it did in the past, meaning that trademark owners must be more vigilant against unauthorized or inaccurate uses of their marks, in order for those marks to maintain their value. Businesses working to develop brand awareness for their products and to protect their trademarks against unauthorized uses should work closely with knowledgeable IP counsel to implement a holistic policing and enforcement program. The more a trademark owner is able to demonstrate its exclusive use of a mark, the better its chances will be of defending that mark, either in the context of administrative registration efforts or in the context of third-party disputes.

Copyright registration is a necessary step for any owner of original content, but it is important to be vigilant when completing the application to the U.S. Copyright Office – inaccurate information on the application can lead to significant copyright enforcement obstacles.

In Shirokov v. Dunlap, Grubb & Weaver et al., a federal lawsuit recently filed in the U.S. District Court for the District of Massachusetts, the plaintiff alleged that he received a demand letter from a law firm representing a German movie studio. The letter accused the plaintiff of illegally downloading the studio’s film “Far Cry” and demanded that he pay damages for the infringement. However, according to the complaint, the studio’s law firm lied on a copyright application in stating that November 24, 2009 was the film’s publication date. According to the plaintiff, this was the date of the film's U.S. DVD release, but the film was released in Germany October 2, 2008, in U.S. theaters December 17, 2008, and on DVD in the Netherlands April 14, 2009. The plaintiff therefore argued that the studio should be barred from filing suit to recover damages for any infringement as a result of the statute-of-limitations and registration-period requirements provided in the Copyright Act.

Courts differ on when a copyright registration may be invalidated due to mistakes in the application, but intentional fraud typically will void the registration. The Copyright Act provides in section 410(b) that the Register of Copyrightsmust refuse registrationto anyclaim that is invalid. Section 411 prevents an applicant from obtaining remedies for copyright infringement if inaccurate information was included in the application and it was a) included on the application with knowledge that it was inaccurate and b) the inaccuracy of the information, if known, would have caused the Register of Copyrights to refuse registration. Finally, section 506(e) states that any person who knowingly makes a false representation of a material fact in the application for copyright registration, or in any written statement filed with the application, shall be fined not more than $2,500.

Including accurate information in a copyright application is vital. Content owners should consult with counsel if there are any questions regarding how to complete a copyright application or to enforce copyrights against infringers.

Omega sued Costco for copyright infringement, alleging Costco purchased heavily discounted watches from unauthorized resellers in Europe. Costco defended against the copyright claims by invoking the First Sale Doctrine, which allows a reseller to sell a copyrighted work without the original copyright holder’s permission. Omega lost in the trial court, but won a reversal before the Ninth Circuit Court of Appeals, which ruled the First Sale Doctrine did not apply to copies of a work produced overseas.

In a rare, evenly split 4-4 decision, from which Justice Elena Kagan recused herself, the U.S. Supreme Court affirmed the Ninth Circuit’s ruling. The decision has the same effect as if the Supreme Court never agreed to hear the appeal from the Ninth Circuit’s decision, and it means that some resellers like Costco may be liable for copyright infringement for selling imported, copyrighted content without authorization from the copyright owner. (Interestingly, Omega began stamping a small copyrighted design on the back of its watches in 2003 for the specific purpose of allowing it to bring copyright suits in U.S. courts.)

This case represented an opportunity for the Supreme Court to interpret the range of the First Sale Doctrine, and it could have impacted copyright infringement lawsuits significantly if it had become binding. However, because the ruling was made by a split decision, it does not necessarily affect cases outside the Ninth Circuit. It also remains to be seen if subsequent lawsuits – especially those not presenting a conflict-of-interest problem for any of the justices – will reach the Supreme Court and result in an authoritative ruling on the First Sale Doctrine.

In the meantime, resellers of copyrighted content should work closely with counsel to explore the extent to which the Ninth Circuit’s ruling may apply to their activities.

On December 10, 2010, Microsoft announced that it was seeking to add an additional defendant to its pending federal lawsuit against RedOrbit.com, a news and information website intended for space, science, health, and technology enthusiasts. In its lawsuit, Microsoft has alleged that RedOrbit and, now, Vertro Inc. (a web advertising network business) engaged in a scheme to generate fraudulent “clicks” on advertisements placed on RedOrbit.com through Microsoft’s adCenter platform (now called pubCenter).

For the purposes of its lawsuit, Microsoft defines “click fraud,” essentially, as an instance where a person or computer program intentionally clicks on an ad (or otherwise generates an ad click) without having any real interest in the products or services being advertised. Microsoft has alleged that RedOrbit and Vertro committed click fraud as well as so-called “click laundering,” which it defines as a kind of click fraud involving technical measures to mask the origin of a click and to make invalid ad clicks appear to be legitimate. Microsoft alleges that more than a quarter of all ad clicks online likely are fraudulent and that such click fraud “hurts consumer choice and undermines the trustworthiness of the Internet as a safe place to do business – endangering the entire ecosystem of ad-supported online websites and services.”

Microsoft’s efforts to curb abuses of its advertising platform are understandable, and its case against RedOrbit and Vertro may be legitimate. However, the scope of its definition for “click fraud” is a little breathtaking, in that it seems to include instances where an individual user might click on an ad either because he or she is mad at the advertiser or because he or she favors the publisher of the site where an ad is placed, without having any interest in or expectation of monetary gain. “Fraud” allegations under those circumstances could implicate First Amendment concerns. It will be interesting to see whether the kinds of allegations included in Microsoft’s complaint find their way to other kinds of claims and whether state or federal policymakers make any changes to legal fraud definitions to encompass the sorts of activities potentially within the scope of Microsoft’s definition of “click fraud.”