Business and Technology Law

Software is a business asset.

That statement may be so obvious to you that my writing it seems a waste of bandwidth. However, many businesses nevertheless have been “late to the dance” when it comes to effective management of that business asset. While they may rigorously record and catalog the details of their IT hardware and infrastructure, they often fail to pay anything close to the same level of attention to the programs powering those assets.

To a certain extent, that is perhaps unsurprising, since software is a very different kind of asset. Where businesses usually own their network hardware outright, most software use is dependent on the details of a license agreement with the software publisher. Where hardware is relatively easy to safeguard from external dangers, the threats to software are constantly evolving and require similarly constantly evolving strategies to thwart them. Where there is no appreciable risk that a business’ employees are going to bring stolen network switches to work for their personal use, it can be very difficult to keep employees from installing and using pirated or otherwise unlicensed software on company computers.

However, just because software asset management (“SAM”) is a challenge does not mean that business may be (or should want to be) excused from rising to it. Considering the high costs associated not only with software licensing but also with the effort that must be spent to “fix” software-related problems when they occur, businesses simply cannot afford to have ineffective (not to mention missing) SAM tools at their disposal.

With that fact in mind, the International Organization for Standardization (“ISO”) and the International Electrotechnical Commission (“IEC”) released International Standard 19770-1 on May 1, 2006. Standard 19770-1 “establishes a baseline for an integrated set of processes for [SAM].” The standard divides the processes into three main categories – Organizational Processes, Core SAM Processes, and Primary Process Interfaces.

The ISO 19770-1 Organizational Management Processes for SAM are divided into two process subsets: (1) those regarding the SAM Control Environment, which include processes specific to corporate governance as well as organizational roles and responsibilities, policies and procedures, and assurance of competence with regard to SAM; and (2) those regarding SAM Planning and Implementation, which, predictably, include processes specific to planning, implementation, monitoring and continual improvement of SAM.

The key “message” of the Control Environment processes is that effective SAM is impossible without input and support from an organization’s corporate officers, who ultimately are the ones responsible for clearly defining the organizational roles, responsibilities, policies and procedures regarding planning and implementation of SAM. Officers are uniquely situated within an organization not only to oversee the big-picture implementation of effective SAM, but also to objectively assess the risks of incomplete or uninitiated SAM. Therefore, naturally, it must be the officers who select the individuals to execute SAM within the organization, and it must be the officers who approve the initiatives those executives undertake. ISO 19770-1 makes clear that, unless the officers become interested stakeholders, the SAM process will go nowhere.

Once the “captains” for an organization’s SAM efforts place themselves in charge of those efforts, they must make sure that the organization has a useful and standardized “playbook” to guide the SAM process and to prevent the need for micro-management. The SAM Planning and Implementation processes in ISO 19770-1 let the captains know what needs to go in that playbook. As with many ISO standards, one of the goals of ISO 19770-1 is to promote a set of processes that to a large extent implement themselves. While the ISO 19770-1 standard speaks in terms of “SAM owners” – those responsible for the management of one or a set of discrete SAM processes – the processes that an organization implements under ISO 19770-1 are standardized, cross-linked with other SAM processes, and tied by cross-reference to the ISO standard itself. Once implemented correctly, SAM under ISO 19770-1 should exhibit a cost-benefit ratio much lower than might be expected.

In my last entry, I gave an overview of the ISO 19770-1 Organizational Management Processes for SAM. Next in line are what the standard terms its “Core SAM Processes.”

The ISO 19770-1 Core SAM Processes are divided into three process subsets: (1) those pertaining to SAM Inventory Processes, which include processes specific to software asset verification, inventory management, and control; (2) those pertaining to SAM Verification and Compliance Processes, which include processes specific to software asset record verification and security compliance, software licensing compliance, and conformance verification; and (3) those pertaining to Operations Management and Interfaces for SAM, which include processes specific to the management of third-party relationships and contracts, finances, service levels, and IT security.

The Inventory and Verification and Compliance processes together constitute the “meat” of ISO 19770-1 – those most directly related to assessment of an organization’s ownership and proper use of software assets. Unsurprisingly, the SAM Inventory Processes are those that allow an organization to know what software assets it owns and how efficiently it is using those assets. This is an obvious early step to SAM implementation under ISO 19770-1 or any other relevant standard. Without an appreciation for and up-to-date records regarding the assets to be managed and any changes to those assets, the management process is going to be a valueless one for the organization. Closely aligned with core SAM inventory processes are those related to Verification and Compliance. These processes ensure that the assets inventoried under ISO 19770-1 are used within the bounds of applicable organizational policies and contractual obligations, and also according to the ISO 19770-1 standard itself.

The Operations Management Processes and Interfaces of ISO 19770-1 consist of management functions that help an organization to efficiently and effectively implement the core Inventory and Verification and Compliance processes. This subset ensures that everyone influencing the SAM process – vendors, suppliers, budget managers, and responsible staff – provide their respective inputs in a manner that is standardized, reportable, and secure. This allows those ultimately responsible for effective SAM implementation to maintain a clear view of the organization’s current SAM status and opportunities for improvement.

In my last entry, I gave an overview of the ISO 19770-1 Organizational Management Processes for SAM. Next in line are what the standard terms its “Core SAM Processes.”

The ISO 19770-1 Core SAM Processes are divided into three process subsets: (1) those pertaining to SAM Inventory Processes, which include processes specific to software asset verification, inventory management, and control; (2) those pertaining to SAM Verification and Compliance Processes, which include processes specific to software asset record verification and security compliance, software licensing compliance, and conformance verification; and (3) those pertaining to Operations Management and Interfaces for SAM, which include processes specific to the management of third-party relationships and contracts, finances, service levels, and IT security.

The Inventory and Verification and Compliance processes together constitute the “meat” of ISO 19770-1 – those most directly related to assessment of an organization’s ownership and proper use of software assets. Unsurprisingly, the SAM Inventory Processes are those that allow an organization to know what software assets it owns and how efficiently it is using those assets. This is an obvious early step to SAM implementation under ISO 19770-1 or any other relevant standard. Without an appreciation for and up-to-date records regarding the assets to be managed and any changes to those assets, the management process is going to be a valueless one for the organization. Closely aligned with core SAM inventory processes are those related to Verification and Compliance. These processes ensure that the assets inventoried under ISO 19770-1 are used within the bounds of applicable organizational policies and contractual obligations, and also according to the ISO 19770-1 standard itself.

The Operations Management Processes and Interfaces of ISO 19770-1 consist of management functions that help an organization to efficiently and effectively implement the core Inventory and Verification and Compliance processes. This subset ensures that everyone influencing the SAM process – vendors, suppliers, budget managers, and responsible staff – provide their respective inputs in a manner that is standardized, reportable, and secure. This allows those ultimately responsible for effective SAM implementation to maintain a clear view of the organization’s current SAM status and opportunities for improvement.

My last two entries discussed, respectively, the ISO 19770-1 Organizational Management Processes and Core Processes for SAM. Last in the series is the “Primary Process Interfaces for SAM” subset, which consists of processes specifically related to management and review of the software lifecycle itself. As such, it is designed to align SAM requirements with lifecycle processes specified in ISO 12207 (defining tasks required for developing and maintaining software) and ISO 20000 (defining tasks required for effective service management).

The lifecycle processes specified in ISO 19770-1 are designed to allow an organization first to identify and manage software changes at a fairly high level and then to specify the details of each “waypoint” in the software lifecycle identified in the standard. Those waypoints progress fairly logically from acquisition and development, to release and deployment, to incident and problem management, and finally to retirement.

As with all of the other processes specified by ISO 19770-1, it is important to keep in mind that the word “specified,” when it comes to this standard, is somewhat of a term of art. ISO 19770-1 lists out the process that an organization should implement and the goals that the organization should have in mind in doing so. However, it leaves the specifics of implementing those processes up to the organization seeking to achieve compliance. There are no ISO 19770-1-approved checklists or schedules included with the standard itself, leaving each organization more or less free to tailor the processes to its own unique set of demands and resources.

You can obtain a copy of the standard here. As I write this, the price is CHF 108.00, which translates into about $90 USD.

Increasingly, generally-accepted industry standards and best practices seem to be saving our legislators much of the detail work when it comes to enacting laws pertaining to technical or otherwise complex fields. For instance, we know that the internal control framework disseminated by the Committee of Sponsoring Organizations of the Treadway Commission (thankfully, generally shortened to “COSO”) is identified by name by the U.S. Securities and Exchange Commission as a standard that businesses may use to achieve compliance with the rigorous internal control evaluation and disclosure requirements contained in the Sarbanes-Oxley Act of 2002 and related regulations.

Now, legislation proposed in Texas goes one step further and stops just shy of naming an industry standard by name in the text of a bill designed to ensure the security of personal data stored in portable “access devices,” such as credit cards. Texas House Bill No. 3222 contains the following provisions:

A business that, in the regular course of business, collects, maintains, or stores sensitive personal information in connection with an access device must comply with payment card industry [“PCI”] data security standards [“DSS”].

…[and]…

A financial institution may bring an action against a business that is subject to a breach of system security if, at the time of the breach, the business is [not in compliance with PCI DSS].

The bill goes on to provide that a business may avoid a lawsuit brought under the statute if the business was certified by a “[PCI]-approved auditor” as being in compliance with PCI DSS at least 90 days before the date of a security breach. However, if the business was not in compliance, and if the lawsuit moves forward, the business may end up having to pay the financial institution’s “actual damages” – including costs incurred in connection with “cancellation or reissuance of an access device affected by the breach,” “closing of a deposit, transaction, share draft, or other account affected by the breach and any action to stop payment or block a transaction with respect to the account,” “opening or reopening of a deposit, transaction, share draft, or other account affected by the breach,” “refund or credit made to an account holder to cover the cost of any unauthorized transaction related to the breach,” and “notification of account holders affected by the breach” – in addition to the financial institution’s attorney’s fees. Obviously, for even a moderately large breach of, for example, credit card account information, the potential penalties flowing from this legislation for noncompliance with PCI DSS could be staggering.

The interesting part of this for me, though, is the bill’s almost express naming (but for the initial capital letters) of a specific industry standard – the Data Security Standard published by the Payment Card Industry Security Standards Council – to substitute for a detailed description of the actions a business must take to be in compliance with the law. Businesses should expect to see ever more numerous examples of this sort of legislation in coming years, making familiarity with and early adoption of generally-accepted business standards all the more advisable.

You can read the full text of HB 3222 here.

In addition, you can download a free copy of the PCI DSS here.

JP Morgan Chase recently received an unwanted reminder that information security demands attention to more than just the data residing on network hard drives and digital media. “Protestors” from the Service Employees International Union (“SEIU”) filmed themselves sifting through trash in dumpsters outside several New York City Chase Bank branch locations and apparently finding numerous, un-shredded customer financial statements in trash bags awaiting pickup. (The SEIU has been in a dispute with Chase regarding the bank’s use of non-union security employees.) The video quickly achieved notoriety after being posted on YouTube.com here.

While the video might have been more clearly damning if it had included footage of Chase employees actually dumping the bags, regardless of its weight, it serves as a valuable reminder to all businesses maintaining sensitive customer records that information security does not begin and end with electronic data. Clearly, no IS policy is complete unless it includes provisions for the proper collection, handling, storage and disposal of paper records containing private information. Chase has stated that it has reached out to the SEIU for information regarding the records appearing in the video and that it is investigating whether and/or the extent to which its employees may have violated its internal IS policies.

The consequences for failing to adequately protect against loss or theft of personal customer data are becoming increasingly severe. Expenses associated with information security breaches can and often do include the costs to notify and assist affected persons, loss of customers, litigation and consulting costs, regulatory fines, and diminution of stockholder share value. In Chase’s case, if the video footage does in fact end up being evidence of a failure on the company’s part to effectively enforce the paper record disposal policies it says it has, then it is not difficult to imagine that the number of affected customers – and Chase’s potential loss exposure – could be quite high indeed.

For more information regarding the consequences of data breaches, you can obtain a copy of a recent national survey on that subject commissioned by Scott & Scott, LLP and independently conducted by the Ponemon Institute by clicking here.

Currently, businesses responding to a breach of their customers’ personal information must consult a patchwork of state laws to determine what steps they are required take to mitigate the damage, including whether and to what extent they must notify those customers that their information may have been compromised. There is not yet a federal privacy statute applicable to such situations. (More information regarding the present state of the law on this issue can be found here.)

However, since all of the alternative legislation now pending in Congress would preempt state laws to one degree or another, it makes sense for companies to begin to familiarize themselves with the direction that Congress might be heading in this regard in order to ensure early and full compliance with whatever rules Washington ends up enacting. The various privacy bills still pending in the House and Senate described in the article referenced above are a good place to start. In addition, though, on April 30, 2007, Congress received a report on a study conducted by the U.S. Government Accountability Office (“GAO”) in order to assess the government’s own response to data breaches. While the stated aim of the study was to help federal agencies improve their ability to respond to such incidents, the basic framework of the GAO’s policy recommendations incorporates many concepts found in pending federal and enacted state legislation, and it is therefore easy enough to translate to a business context. To the extent that the report will return congressional attention to the issue of data security, it should be a useful resource for businesses wanting to begin early implementation of internal procedures that likely will not be too far from the mark, once a final federal rule is enacted and becomes effective.

Many of the GAO’s policy recommendations will sound familiar to those who have some experience with existing data security regulations and best practices. Among other measures, the report recommends: a “two-tiered” approach to incident reporting, where all incidents are reported to a designated, responsible government office, with only those entailing a risk of identity theft being reported to the affected individuals; the designation of a “core management group” to be responsible for quickly responding to incidents; the implementation of mechanisms to allow for the efficient retrieval of addresses of potentially-affected individuals for notification purposes; and taking steps to ensure awareness and training on data security issues. both among internal staff as well as among contractors.

The full report may be obtained here.

On May 14, 2007, the office of the U.S. Attorney General transmitted a legislative proposal to U.S. House Speaker Nancy Pelosi that would represent one of the most significant overhauls of federal copyright law in recent years. Most of the proposal’s provisions work to expand the scope of the statute and include more tools to combat criminal copyright violations. However, one provision in particular would represent a significant new weapon for those who target businesses for copyright litigation based on software use. The proposed modification to 17 U.S.C. § 503(a) is underlined below:

At any time while an action under this title is pending, the court may order the impounding, on such terms as it may deem reasonable, of all copies or phonorecords claimed to have been made or used in violation of the copyright owner’s exclusive rights, and of all plates, molds, matrices, masters, tapes, film negatives, or other articles by means of which such copies or phonorecords may be reproduced, and records documenting the manufacture, sale, or receipt of things involved in such violation. The court shall enter an appropriate protective order with respect to discovery by the applicant of any records that have been seized. The protective order shall provide for appropriate procedures to assure that confidential information contained in such records is not improperly disclosed to the applicant.

The potential for this or similar legislative proposals to affect the operations of your business makes it even more important to ensure that all records regarding software license purchases and installations are readily available, or at least easy to retrieve. Such pro-active organization on your part not only makes good business sense, it also greatly facilitates the software audit process for those destined to receive letters from the Business Software Alliance or the Software & Information Industry Association (as are an ever-increasing number of U.S. businesses)…and it might help to avoid some of the harsher remedies that the future may hold under the Copyright Act.

A copy of the legislative proposal may be found here.

Most protections afforded to intellectual property (IP) are available only after the property is in the public realm. For instance, trademarks must be used in commerce to identify products and services offered to consumers. Creators of original works generally must publish or register those works before they may enjoy any meaningful copyright protections. More significantly, prospective patent holders must not only submit their inventions to the scrutiny of the patent process, ultimately resulting in a publicly accessible record of every last detail concerning that invention's construction and use, they also must be willing to see their exclusive rights in that invention vanish upon the expiration of the patent. While patent holders do obtain a large measure of predicable certainty regarding the remedies they have available to protect their inventions, in many cases, the high cost (both substantive and procedural) of obtaining those protections may represent a poor investment, depending on the type of IP to be protected. In those cases, owners might find a more appropriate IP regime under trade secrets law.

In effect, a trade secret operates as a kind perpetual patent; the owner potentially can use the secret for his or her own commercial benefit forever. Moreover, almost anything can be a trade secret, while the availability of trademark, copyright or patent protection may be limited based on the nature of the IP at issue. However, "forever," with respect to trade secrets, may be roughly translated as: "for as long as you can keep it." Unlike with patents, where a fairly complex, federal statutory regime usually provides most of the protection afforded to patent holders, those who intend to protect their inventions as trade secrets must be willing to do more of the heavy lifting themselves, using, in the United States, two primary tools: state law and contracts.

Most states have enacted trade secrets legislation - usually modeled on the Uniform Trade Secrets Act - under which an owner of a trade secret may obtain injunctive relief to prevent another from misappropriating that secret by acquiring or using it without the owner's consent. The Trade Secrets Act also gives the owner the opportunity to seek civil damages arising out of such misappropriation, as well as attorney's fees. However, in many cases, an owner's resort to such statutory protection will represent a failure of the owner's front-line trade secrets defenses: his contracts and internal policies.

The key to effective trade secrets protection lies in addressing those secrets with a holistic set of internal policies regarding their use and with a well-crafted set of contractual agreements designed to restrict the ability of a third party to misappropriate them. Internally, access to the existence or details of a trade secret should be clearly limited by internal policies to only those employees who need to have such access, and those policies themselves must be crafted in such a way as not to attract unnecessary (or, sometimes, any) attention to the secrets they should be designed to protect. Moreover, a trade secrets owner must always be mindful of the extent to which any vendors or contractors or even customers are allowed to access those secrets, and it should include enforceable provisions in contracts with such parties to protect its interests. Finally, a trade secrets owner needs to include a comprehensive set of protections in its employment agreements, which should provide, within the bounds of what is permitted in the owner's jurisdiction, that work completed by employees in the course of their employment constitutes property of the employer and that those employees will remain bound to the terms of specified non-disclosure agreements and non-compete covenants during the course of, and for a period of time following, the term of their employment. What is and is not legally permissible with respect to such clauses usually varies from state to state.

It is worth noting that most of these same protections are good ideas for patent holders as much as they are for trade secrets owners. With trade secrets, though, while the owner must devote more vigilance to the implementation and enforcement of such protections, it need not necessarily undertake the considerable initial expense to obtain the protection in the first place.

Whether it makes sense to construct a comprehensive trade secrets protection regime for your IP will depend on your willingness to commit to full implementation and enforcement, and that willingness may itself depend on the type of property at issue. If that property likely will become obsolete within the patent term (generally, 20 years) just by virtue of the market in which it competes, then it may make more sense to seek protection from other sources. If that is not the case, though, trade secrets protection could be the most appropriate means of protecting your IP.

Recently, the Coalition Against Counterfeiting and Piracy (CACP), a group consisting of heavy-hitting IP stakeholders, such as the Recording Industry Association of America, the Business Software Alliance (BSA), the Software and Information Industry Association (SIIA), and the U.S. Chamber of Commerce, announced its intent to push for rapid improvements in what it perceives to be universally lax enforcement of U.S. laws protecting IP rights. At a news conference on Thursday, June 14, the CACP, through its Chairman, NBC Universal general counsel Rick Cotton, announced that under this "aggressive, comprehensive" effort, the CACP would seek to increase resources for governmental investigation and enforcement of criminal IP laws, to "reform civil and judicial process" (whatever that means), and to educate consumers.

Generally speaking, few would quarrel with the notion that intellectual property is a valuable and important property interest, fully deserving of strong protection. However, in announcing this new, altruistically-titled "Campaign to Protect America," Mr. Cotton verbally expressed a degree of fanaticism that is, in practice, characteristic of many industry organizations that cite to the public interest to justify their sometimes indiscriminate targeting of alleged IP infringers. Mr. Cotton said:

Our law enforcement resources are seriously misaligned...If you add up all the various kinds of property crimes in this country, everything from theft, to fraud, to burglary, bank-robbing, all of it, it costs the country $16 billion a year. But intellectual property crime runs to hundreds of billions a year.

At least Mr. Cotton was kind enough to limit his generalization to "property crimes."

Statements like these should make clear to any business targeted and accused of "piracy" by organizations such as the BSA or the SIIA that the IP "defenders" are more likely to be interested in making examples of their targets, rather than reaching a solution that truly accounts for all the facts (not the least of which is the usually confusing and even deceptive way that software publishers in particular undertake to license and market their content). If your business has been accused of "pirating" software, it is immensely important that you know whom you are dealing with before you divulge any information or sign any agreement.

A copy of the CACP’s press release can be found here.

Businesses accused of software “piracy” by publishers or trade associations usually are most concerned about their potential exposure in copyright fines, should their dispute proceed to litigation. A recent Sixth Circuit case suggests that statutory damages awards in such cases legally can reach levels that may represent windfalls for prevailing plaintiffs, far outstripping the amount of their actual damages.

In Zomba Enterprises, Inc. v. Panorama Records, Inc., 2007 WL 1814319 (June 26, 2007), the Circuit Court reviewed a trial court’s decision to award a total of $804,000 in statutory damages for what it found to be the defendant’s willful infringement of twenty six copyrights. (In copyright cases, plaintiffs may elect to ask the court either for their actual damages, for which they must present evidence to support the amount claimed, or statutory damages, which is an amount set in the trial court’s discretion between $750 and $30,000 for non-willful infringement and up to $150,000 for willful infringement, per copyright infringed). The defendant in the case was a manufacturer of karaoke discs who had published some karaoke tracks without the consent of the original songs’ copyright holder. On appeal, the defendant argued that the amount was unconstitutionally high, in violation of its substantive due process rights, because the plaintiff’s estimated actual damages totaled only approximately $18,457.92 in lost licensing fees, or about 2.27% of the statutory damages award. The Circuit Court rejected this argument, in part relying on the 1919 Supreme Court case of St. Louis, I.M. & S. Ry. Co. v. Williams, 251 U.S. 63. The Williams case involved a claim by two sisters who were awarded $75 apiece against a railroad under a state statute providing statutory damages for ticketing overcharges. The Supreme Court there held that even though the amount awarded to the sisters was about 113 times the amounts they were overcharged, this did not constitute a violation of the railroad’s due process rights. Disregarding the substantial dissimilarity between the fiscal significance of $75 to a railroad in 1919, on the one hand, and nearly $1 million (including attorney’s fees and costs), to a medium-sized business today, the Sixth Circuit held that the case represented persuasive precedent that the statutory damages award in Zomba should stand.

The facts of Zomba differ considerably from those of many cases involving allegations of software “piracy.” The Zomba defendant was familiar with the entertainment industry and, though it claimed to have been unaware of the need to obtain permission to re-record songs for karaoke discs (even going so far as to claim, amusingly, that such use had an “educational” purpose, thus constituting fair use), it also apparently continued to infringe the copyrights at issue after having received both a cease-and-desist letter from the plaintiff as well as an injunction from the trial court. However, there is always a risk that what seems like a less egregious case of infringement will be read by a trial court much more harshly than initially expected, resulting in substantial costs to a losing defendant. The Zomba case suggests that it makes good sense for a business accused of “piracy” to at least be mindful of the worst-case scenario, and let an experienced attorney work to close the gap between disaster and a more reasonable resolution.

A recent Government Accountability Office report has provided some interesting new statistics regarding the effects of data breaches on victims. The gist of the report (available here) is helpfully summarized in its title: “Data Breaches are Frequent, but Evidence of Resulting Identity Theft is Limited; However the Full Extent is Unknown.” The GAO found that there have been what would seem to be a distressingly high total number of reported breaches in recent years, including 570 breaches reported in the public media from 2005 to 2006, 788 breaches involving 17 different federal agencies 2003 to 2006, and 225 reported breaches in New York State alone in the ten months from December 2005 to October 2006. However, despite such figures, the number of known cases of identity theft resulting from data breach has been relatively low. As an example, the report states:

“…our review of the 24 largest breaches that appeared in the news media from January 2000 through June 2005 found that 3 breaches appeared to have resulted in fraud on existing accounts, and 1 breach appeared to have resulted in the unauthorized creation of new accounts. For 18 of the breaches, no clear evidence had been uncovered linking them to identity theft; and for the remaining 2, we did not have sufficient information to make a determination.”

However, the report also reminds its audience of the challenge involved in measuring the effects of data breach on victims, since those victims often are unaware that the security of their personally-identifiable information has been compromised and since many criminally-inclined recipients of lost or stolen data often wait for a year or more before attempting to make any use of the information.

The report makes no official recommendations, though it does emphasize the need for Congress, in considering the various potential federal data breach notification bills before it, to weigh the benefit of any such legislation against the cost of compliance, both in terms of the financial impact to business as well as the risk that consumers might begin to disregard breach notices if they become too numerous.

None of this should sound terribly shocking to anyone who follows this issue, although the release of the GAO report likely will make lawmakers feel more justified in taking even more time to make a decision with regard to a federal data breach law. That may be a good thing, to the extent that further deliberations might help Congress to formulate a risk-based approach that is not unnecessarily onerous for the businesses that would have to comply with the statute. However, the longer the issue is left unresolved, the longer those same businesses will be left scratching their heads trying to follow the patchwork quilt of state data breach laws or risking their necks being early adopters of umbrella rules or perceived trends in best practices.

No doubt much to its chagrin, Google has found itself at the receiving end of a number of lawsuits internationally in recent years alleging that the search engine behemoth should bear some level of liability when companies use its AdSense pay-per-click advertising system to infringe other businesses' trademarks or otherwise allegedly mislead consumers.
Now, no doubt to its even greater chagrin, Google is for the first time having to defend itself against somewhat similar charges brought by at least one government regulatory agency.

On July 12, the Australian Competition and Consumer Commission (ACCC) announced that it instituted legal proceedings against Google as well as an Australian company that used two competitors' business names in pay-per-click ads published through AdSense in 2005. The ACCC specifically has alleged that Google violated Title 52 of the Australian Trade Practices Act of 1974 by "causing the [allegedly deceptive] links to be published on its website" and by "failing to adequately distinguish sponsored links from 'organic' search results." While the suit does not seek any monetary penalty, the ACCC is asking the Sydney Federal Court, among other things, to enjoin Google "from publishing sponsored links of advertisers representing an association, sponsorship or affiliation where one does not exist" and also "from publishing search results that do not expressly distinguish advertisements from organic search results."

While I make no predictions as to whether this lawsuit might prove to be a catalyst that leads to similar actions being instituted in other countries, I think that this should be a interesting case to watch, especially for those interested in search engine optimization. If those in charge at Mountain View decide that the risk of future legal proceedings outweighs the cost of re-tooling their advertising machine, we might see a different-looking Google in years to come.

You can read the ACCC's press release regarding the lawsuit here.

Late in the day on July 19, the U.S. Senate Judiciary Committee gave its approval to an amended version of the Patent Reform Act of 2007. The Senate action came a day after the U.S. House Judiciary Committee approved a substantively similar bill. While some differences between the House and Senate bills will need to be resolved in conference, passage and enactment of the legislation at this point seems to be much more likely than in years past when similarly extensive overhauls to the nation’s patent laws have been proposed.

Both versions of the Act attempt to curb the frequency of patent lawsuits both by replacing the current “first to invent” standard with a “first to file” patent system, as well as by establishing a “post-grant opposition” authority within the Patent & Trademark Office itself to address and resolve challenges to newly awarded patents. The bills also would restrict permissible venue options for patent litigants to avoid forum-shopping, would increase the factual showing required of claimants in order to prove a case of willful infringement and, thus, treble damages, and would allow courts to award damages based on a patent’s “contribution” to an infringing product’s market demand (which, as an aside, might address the scope of damages for patent infringement, but also would raise an astoundingly complex fact issue).

Recent Congressional action notwithstanding, support for the legislation, as with all attempts at patent reform, remains mixed. Those who invest heavily in research & design, such as pharmaceutical companies and technology licensors such as Qualcomm, have opposed the reforms as an attempt to weaken their ability to protect their intellectual property. On the other hand, technology manufacturers like Apple and most software publishers have supported the reforms as welcome relief from the high volume of patent litigation that tends to flow from products that incorporate a high volume of technological concepts or components.

It remains to be seen whether Congress will be able to work out the differences between the two versions and send a final bill to the White House that the President will be willing to sign. However, the mere fact that the legislation has made it this far means that this is a reform attempt well worth watching.

The Senate version of the Act is available here, the House version here.

A recent U.S. Second Circuit Court of Appeals opinion should give contract drafters pause when including what they may consider to be mere boilerplate forum selection clauses in contracts implicating intellectual property rights. In Phillips v. Audio Active Ltd., 2007 WL 2090202 (2nd Cir.(N.Y.) Jul 24, 2007), Plaintiff-Appellant Peter Phillips (a/k/a Pete Rock, an influential hip-hop DJ, producer and rapper) appealed the decision of the New York Southern District Court to dismiss his contract, copyright and state law claims against defendant music companies based on a forum selection clause in the contract between the parties. The clause at issue read: "[t]he validity[,] construction[,] and effect of this agreement and any or all modifications hereof shall be governed by English Law and any legal proceedings that may arise out of it are to be brought in England." The Second Circuit affirmed the trial court’s decision to dismiss the contract claims as clearly falling within the scope of the forum selection clause, but it reversed the decision to dismiss the state law claims (asserting unjust enrichment and unfair competition) and copyright claims based on its determination that those claims did not, as the clause states, “arise out of” the contract.

The defendant music companies argued in the District Court that the copyright claims in particular did “arise out of” the contract provisions giving them the right to distribute an unspecified number of songs to be recorded by Phillips. The Second Circuit disagreed. While it did not give any weight to Phillips’ argument that a claim implicating a law of the United States may never be subject to contractual provisions governing disputes between parties, the court nevertheless found that, on the facts of the case before it and based on the language used in the contract, the forum selection clause had no bearing on Phillips’ right to pursue his copyright claims in any appropriate forum. The songs alleged to have been infringed by the music companies were authored and recorded by Phillips, making him, absent a valid assignment to another party, the owner of the copyright therein, regardless of anything contained in the contract. The defendants clearly could raise the contract terms as a defense against Phillips’ copyright claims, but the source of those claims – where it is that they “arise out of” – is the Copyright Act, not the contract.

The case serves as a useful reminder that a contract drafter who treats any “ordinary” or “boilerplate” provision as a given does so at his or her peril. While the opinion did not specify which party was responsible for drafting the contract, it was likely one or more of the defendant music companies (since it was Phillips who was objecting to litigating his claims in England). Those companies (or their lawyer) likely could have avoided the outcome of the case either by including some measure of specificity in the choice of law or by simply rewording it to include Copyright claims.

You can read the Phillips opinion here.

Many companies who comply with a demand by a software publisher or industry association (such as the BSA or the SIIA) for an internal software audit end up facing significant settlement demands after forwarding their audit materials to the other side. One of the reasons the settlement demands often are so high is the fact that the auditing entities frequently base their demands, in part, on the “unbundled” price of software suites. Thus, where a company may expect to pay a fine based on the MSRP of, for example, one undocumented installation Microsoft Office Professional 2007 ($679), it likely will end up receiving a settlement demand based on the combined MSRPs of each of the components of that undocumented suite: Word ($229), Excel ($229), PowerPoint ($229), Outlook ($110), Publisher ($169), and Access ($229), all totaling $1195. In a typical case these difference add tens of thousands of dollars to the amount in controversy.

Another way in which publishers or auditing entities raise the amount in controversy in software audits is the attempt to assess separate “fines” for each allegedly infringing installation of a software product. Thus, a company reporting just ten undocumented installations of Office Professional 2007, with no other licensing shortfalls, may receive a settlement offer based on the combined, “unbundled” MSRPs of the component products totaling just shy of $12,000. Moreover, that is before the auditing entity applies any multipliers to that figure (yet another common tactic) or makes any assessments for their claimed legal fees, both of which factors may drive the opening settlement offer in the above example to $40,000 or more.

It is not difficult to see how owners of small to medium businesses who think that they have a handle on their financial exposure in a software audit matter often end up with truly unpleasant surprises after submitting audit materials to the BSA or SIIA that they may have believed would be negotiating on a more equitable basis.

If your business has been accused of software “piracy” and is responding to a software audit demand either from a software publisher like Autodesk or from the BSA or the SIIA, an experienced attorney can give you visibility into the process and help you avoid unpleasant surprises.

Since Google acquired YouTube for $1.65 billion in November 2006, it has been forced to defend itself and its new acquisition against claims of copyright infringement made by swarms of angry copyright owners. Such cases include Viacom, which has claimed over $1 billion in damages, and the class action matter The Football Association Premier League Limited, et al. v. YouTube, Inc., et al.. Both cases are currently pending in the U.S. District Court for the Southern District of New York. (The current class action complaint is available at the web site set up by the plaintiffs’ attorneys here.)

Central to YouTube’s and Google’s defense in these cases is their claim that, though the YouTube.com site may be hosting audio and video works copyrighted by third parties, that action does not constitute actionable copyright infringement, thanks to Section 512(c) of the Digital Millennium Copyright Act (DMCA), which provides:

A service provider shall not be liable for monetary relief, or, [with some exceptions], for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider:

(A) (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;

(ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; OR

(iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;

(B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; AND

(C) upon notification [as specified elsewhere in the statute] of claimed infringement…responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.

Thus, YouTube and Google claim that, though they are working on technological countermeasures to filter copyrighted material, the YouTube.com site has such a large volume of users that they cannot effectively monitor all of the site’s content for infringing copies. Therefore, until given notice by copyright owners of the presence of infringing works on the site, they cannot be held liable for copyright infringement.

In response, the class action plaintiffs offer a number of arguments attempting to distinguish YouTube and Google’s actions from those of the average, theoretical, safe-harbor-eligible service provider: the defendants do not just “store” information at the direction of users, but rather provide functions to actively assist users disseminate copyrighted materials; the defendants have no policy in place to terminate the accounts of “repeat” copyright infringers; the defendants have failed in the past to timely respond to Section 512 takedown notices; the defendants “have failed to police” the site for the presence of infringing materials; and defendants have failed to employ existing, readily-available techniques to monitor the site and remove copyrighted works. (You can read the complaint here.)

It remains to be seen what success any of the parties will have with any of the above arguments. Perhaps the Supreme Court will consider the issues, at which point we hopefully will receive some much-needed clarification regarding the scope and implementation of the DMCA’s safe harbor provisions. However any of those cases may conclude, expect the pressure on Congress to modify the DMCA – pressure coming from copyright holders, on the one hand, and Internet service providers and content hosts, on the other – to only increase in coming months and years. And rightfully so. Whichever side you may fall on regarding the intent of the DMCA, in light of the fracas surrounding YouTube.com, few would dispute that it is a statute in need of extensive revision or elaboration.

Recently, a Danish pop band from the 1980s gave Sony BMG an uncomfortable reminder that business officers who neglect to review their contracts in light of changes in technology and commercial objectives may find themselves having to play a costly game of catch-up when the terms of those contracts no longer reflect the current state-of-the-art technology.

Dodo and the Dodos apparently are one of Denmark’s all-time best-selling pop bands, famous (in certain regions along the eastern shore of the Atlantic Ocean, anyway) for several hits, including their biggest, “Vågner i natten’ (‘Waking in the Night’).” More than five years ago, Sony BMG sent out notices to approximately 400 composers of songs for which the company held distribution rights, including the Dodos, informing them that their compositions were slated to begin distribution via Internet download. The Dodos were the only recipients to object to and challenge their notice, based both on their belief that their current royalty deal was inadequate to fully compensate them for Internet distribution as well as, more importantly, on the fact that their existing contract with Sony did not explicitly allow for that method of distribution. Apparently, when the Sony-Dodos deal was inked, there was no reason to mention music downloads, as they were not then a technologically viable option for distribution.

After losing the case against it at the trial level, Sony appealed the decision to the Eastern High Court of Denmark, which upheld the trial court’s decision in a ruling issued on August 9. The case is believed to be the first of its kind involving electronic distribution of copyrighted content under dated distribution agreements. While the final decision is not necessarily controlling on courts in other jurisdictions, it is likely that it will be important ammunition for other similarly situated copyright owners who want to challenge Internet distribution of their works under terms of aging contracts that they may believe fail to provide adequate compensation.

As important as the case may prove to be for the music industry and other businesses handling electronic distribution of copyrighted materials, it serves as an important lesson for any company that enters into contracts affected by technological issues. Contract drafters sometimes make the mistake of failing to write agreements that are flexible enough to adapt to changes in technology over the life of those agreements. In other situations, contract managers fail to regularly review the terms of existing contracts to determine whether technological changes and advances have occurred since execution that will impact the interpretation of those contracts. Being behind the ball with respect to either consideration can prove to be an expensive mistake.

You can read a brief, English-language description of the case at The Copenhagen Post here.

Hot on the heels of uncharacteristic agreement in Congress concerning pending legislation to enact a number of tech manufacturer- and publisher-friendly reforms to the nation’s patent laws (more on that here), Seagate Technology has secured a victory in the Federal Circuit Court of Appeals that likely will give those same industry groups even more reason to celebrate. In re Seagate Technology, LLC, --- F.3d ----, 2007 WL 2358677 (C.A. Fed. (N.Y.), August 20, 2007), originated with Seagate’s petition for writ of mandamus to reverse the N.Y. Southern District trial court’s order compelling Seagate to submit to discovery of that part of its trial counsel’s work product, as well as communications with its trial counsel, related to the work of Seagate’s opinion counsel. Seagate had independently retained and designated opinion counsel both to refute the claims of willful patent infringement by plaintiffs Convolve, Inc. and the Massachusetts Institute of Technology as well as to support Seagate’s asserted advise of counsel defense. Following oral argument and the Federal Circuit’s review of the nearly two dozen party and amicus briefs that were submitted for and against the petition, the court, sitting en banc of its own accord, not only reversed the discovery order, but also fundamentally changed the controlling standard for a finding of willful patent infringement.

The trial court relied on the Federal Circuit’s prior precedent, which held: (1) that a potential patent infringer with actual notice of another’s patent rights had an affirmative duty to exercise due care to determine whether he is infringing those rights, and that failure to exercise such due care would give rise to a claim of willful infringement (and, thus, enhanced monetary damages), and (2) that assertion of an advice of counsel defense (under which the accused infringer raises advice received from his attorneys that he was not infringing as evidence of due care taken), in most cases functioned as a waiver of both the attorney-client privilege and the work product privilege, so that the validity of the defense could be tested. In interpreting the latter holding, trial courts had adopted differing approaches regarding the scope of that waiver, with some courts holding that it extended to all communications and work product of trial counsel, other courts holding that it extended to no such communications or work product, and still others holding that it extended only to such communications or work product that contradicted or cast doubt on the opinions used to support the advice of counsel defense.

In Seagate, the Federal Circuit attempted to eliminate that confusion. Before it did so, however, it first did away with the “affirmative duty” standard, which the court stated set a threshold for willful infringement that amounted to mere negligence, thereby placing an improper burden on the numerous attorney-client relationships affected by assertion of the advice of counsel defense. In its place, the court held that for claims of willful infringement, a recklessness standard would now control, under which patentees “must show by clear and convincing evidence that the infringer acted despite an objectively high likelihood that its actions constituted infringement of a valid patent.” Thus, the court shifted the burden from defendants to claimants to prove the existence, rather than the absence, of willful infringement, thereby eliminating much of the need for the advice of counsel defense in the first place. In addition, though, the court explicitly limited the scope of the privilege waiver, absent extraordinary circumstances, to communications with or work product of trial counsel.

It will be interesting in coming weeks and months to see the extent to which this very important opinion informs the congressional debate over proposed patent reforms.

You can read the Federal Circuit’s Seagate opinion here.

Late Friday, the U.S. House passed, by a 220 to 175 margin, significant reforms to the nation’s patent laws. Those who have been paying attention to this issue already know that recent Congressional activity regarding patent reform has been moving forward at a pace that has been uncharacteristically steady, considering past attempts to enact changes to U.S. patent law. The passage of the House bill on Friday follows approval by the Senate Judiciary Committee in July of its own set of largely similar reforms. The full Senate has yet to vote on its own bill, though, and differences between the two bills of course will need to be dealt with before final legislation can be approved and sent to the President for signing.

The Washington Post reports that the spokesman for Senate Majority Leader Harry Reid predicts that a Senate vote may be forthcoming within a couple weeks. However, the Bush Administration, while generally expressing agreement with proposed patent reforms, also has expressed its concern with some proposals, most notably those involving damages in patent lawsuits. It will be very interesting in coming weeks to see whether and to what extent the House and Senate can agree on a set of reforms that meet with the President’s approval.

Section 512 of the Digital Millennium Copyright Act (DMCA) gives providers of online content “safe harbor” from liability for copyright-infringing material stored on their web domains by third parties. In most cases, however, the shield provided by Section 512 is used as a sword by copyright owners, who are able to send “DMCA takedown notices” to content providers in order to force those providers to remove infringing content. Regardless of whether your business is on the sending or receiving end of such a notice, it is important to be aware of the requirements that the notice must satisfy in order for it to carry legal weight.

While Section 512 contains other liability-limiting provisions applicable to other types of service providers, the part of the act that most associate with “safe harbor” requires that a takedown notice contain:

A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.

Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material.

Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.

A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.

A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

A notice that does not substantially comply with all of the above requirements is not effective to give a content service provider notice that infringing material is present on their domain.

Although most of the requirements are straightforward, a person sending a notice should pay special attention to the second and third elements, especially in light of the fact that the notice must be signed by a responsible person under penalty of perjury. A sloppy description of the copyrighted material and/or a sloppy description of the content alleged to infringe that copyright, or transmission of a purported takedown notice that does not fall within the scope of the protections afforded under the Copyright Act, could result in an inference that there was no good faith basis for the takedown requested under the notice. A separate subpart of Section 512 provides that a “knowing,” “material” misrepresentation that online content is infringing could result in liability for damages, costs and attorney’s fees to the alleged infringer, the content service provider, or both. For example, in the case of Online Policy Group v. Diebold, Inc., 337 F.Supp.2d 1195, (N.D.Cal. 2004), Diebold sent a takedown notice to the Internet service provider for two college students, who had published on their web site, in an effort to draw critical attention to voting machines manufactured by Diebold, internal e-mails exchanged among Diebold employees. In its opinion, the court found that Diebold had violated Section 512, holding:

No reasonable copyright holder could have believed that the portions of the email archive discussing possible technical problems with Diebold's voting machines were protected by copyright, and there is no genuine issue of fact that Diebold knew-and indeed that it specifically intended-that its letters…would result in prevention of publication of that content.

Diebold eventually agreed to a settlement in which it paid the plaintiffs $125,000 in damages and fees.

These issues are receiving renewed attention in the wake of news regarding notice sent by the Science Fiction and Fantasy Writers of America (SFWA) to Scribd.com, a site allowing users to upload and share text files. The SFWA’s notice apparently included material – such as a schoolteacher’s bibliography for students – that could not reasonably be argued as infringing any copyright. (The SFWA has since issued a statement regarding the flaws in its notice and suspended the committee that was responsible for sending the notice.) It remains to be seen whether any legal liability will flow from the incident, but it should serve as a reminder to anyone dealing with either end of a takedown notice that it pays to be aware of just what the DMCA does – and does not – allow.

Many companies have started to experience the consequences of non-existent, insufficient or poorly implemented data security plans in the form of enforcement lawsuits filed by state attorneys general for violations of state data privacy and data security laws. However, in an interesting twist on this usual variety of state-initiated litigation arising out of poor data breach planning, the State of Connecticut is suing IT consultant Accenture for alleged negligence in losing electronic files containing information on bank accounts for almost all Connecticut state agencies as well as several hundred state purchasing cards and a handful of Connecticut taxpayers. Connecticut’s lawsuit also alleges unauthorized use of state information and breach of contract.

Connecticut hired Accenture to develop network systems that would allow it to consolidate payroll, accounting, personnel and other functions. Information related to Connecticut’s employees was contained on a data tape stolen from the car of an Accenture intern working on an unrelated, though similar project for the State of Ohio. (The tape also contained personal information on about 1.3 million Ohio residents.) The intern apparently had been using the Connecticut program as a template for the Ohio project. You can read more about the incident and subsequent lawsuit here and here.

The Accenture case underscores the business necessity of having a thorough data security program that employees actually follow, because breaches can be very costly and weak link in the security chain are prevalent. An effective plan should provide for contingencies affecting sensitive data, especially financial or health information. Plans should also ensure either that all of the business’ employees are aware of the data security policies and procedures, or, better yet, provide for physical, electronic, or procedural barriers to prevent data from being used for any unnecessary or non-business-critical purposes. Companies implementing security plans should consider reducing the risks identified in the Accenture matter by prohibiting interns from having access to sensitive information and restricting the presence of sensitive information on portable devices.

With the increasing number of lawsuits focused on data breach and security incidents, it is crucial that all businesses take steps to develop comprehensive security policies and also to ensure that their assets will be protected in the event that those policies fail.

Last month, the Software & Information Industry Association (SIIA) announced the first major settlement reached by its Corporate Content Anti-Piracy Program (CCAPP). (You can read the SIIA’s press release here.) The settlement was reached with Knowledge Networks, Inc. (KNI), a market research firm based in Menlo Park, California, with fewer than 500 employees nationwide. The SIIA accused KNI of copyright infringement arising out of KNI’s internal distribution to its employees of written content authored by SIIA members, such as the Associated Press, Reed Elsevier, and United Press International, without securing licenses to copy the content. The SIIA learned about the content distribution through a confidential tip from an informant who later received a $6,000 reward from the SIIA. In order to resolve the matter, KNI eventually agreed to pay the SIIA $300,000 and to send its employees to an SIIA-approved “Certified Content Rights Manager” course.

This chain of events – anonymous tip, followed by allegations, negotiation, and, eventually, settlement for money damages – is very similar to what typically occurs in software audit cases initiated by the SIIA, the Business Software Alliance, and some software publishers. What is perhaps more troubling about the SIIA’s new focus on “corporate content” is how small-to-medium businesses, many of whom are completely unaware that any of their actions might constitute copyright infringement, nevertheless could find themselves the targets of SIIA-initiated “content audits.” These companies may be subject to substantial settlements, and become the subject of a widely disseminated press release regarding corporate “piracy.” It appears that a company could targeted if an employee copied and pasted copyrighted text and then hit the “Send” button on an internal e-mail.

It is certainly important to develop and maintain awareness of the content that your employees are distributing internally within your organization. However, if your business has been accused of corporate content “piracy” by any industry association like the SIIA, it is equally important that you consult with an attorney who can provide some insight into the legal arguments and strategies typically employed in similar matters.

New legislation introduced in the U.S. House of Representatives could result in amendments to the Digital Millennium Copyright Act (DMCA) in favor of relaxed usage rights for digital media. On February 27, Representatives Rick Boucher (D-VA) and John Doolittle (R-CA) introduced the Freedom and Innovation Revitalizing U.S. Entrepreneurship Act of 2007 (FAIR USE Act). Among a few other modifications, the Act would create a handful of specific exemptions from the DMCA’s prohibition on “unlocking” the rights management features of certain digital media. As a result, end users might be able to legally create, for example, backup copies of DVD and other purchased content. However, in a concession to opponents of previous, similar legislation, the Act would not create a fair use defense to a claim of circumvention in violation of the DMCA unless the conduct fell within one of the Act’s six enumerated exceptions:

(i) an act of circumvention that is carried out solely for the purpose of making a compilation of portions of audiovisual works in the collection of a library or archives for educational use in a classroom by an instructor;

(ii) an act of circumvention that is carried out solely for the purpose of enabling a person to skip past or to avoid commercial or personally objectionable content in an audiovisual work;

(iii) an act of circumvention that is carried out solely for the purpose of enabling a person to transmit a work over a home or personal network, except that this exemption does not apply to the circumvention of a technological measure to the extent that it prevents uploading of the work to the Internet for mass, indiscriminate redistribution;

(iv) an act of circumvention that is carried out solely for the purpose of gaining access to one or more works in the public domain that are included in a compilation consisting primarily of works in the public domain;

(v) an act of circumvention that is carried out to gain access to a work of substantial public interest solely for purposes of criticism, comment, news reporting, scholarship, or research; or

(vi) an act of circumvention that is carried out solely for the purpose of enabling a library or archives meeting the requirements of section 108(a)(2), with respect to works included in its collection, to preserve or secure a copy or to replace a copy that is damaged, deteriorating, lost, or stolen.

Significantly, the Act also would codify the Supreme Court’s “Betamax decision,” by eliminating any potential liability for copyright infringement “based on the design, manufacture, or distribution of a hardware device or of a component of the device if the device is capable of substantial, commercially significant noninfringing use.”

If enacted, the Act would represent a major re-working of some of the more complained-about aspects of the DMCA. While opposition from media producers and copyright owners is likely to pursue the bill, it will be interesting to see if the compromises its authors have included will be sufficient to see it through to passage.

On October 1, Microsoft announced a new licensing option for Windows XP Professional directed at businesses that have discovered that their computers are running allegedly unlicensed copies of the operating system. Dubbed the “Get Genuine Windows Agreement” (GGWA), the program offers interested companies the perhaps superficially attractive opportunity to purchase operating system licenses for their affected computers at a volume licensing discount. However, in order to be eligible for the discount, those companies must sign an agreement including an “acknowledgement of legalization,” a commitment to purchase legal software in the future, and a clause giving Microsoft the right to audit the company’s computers to ensure compliance with applicable license agreements. Moreover, the licenses acquired under the agreement apply only to the computers for which they were initially purchased and are non-transferable. More details on the program are available here.

While GGWA might present a cost-effective solution for some businesses that have discovered the presence of unlicensed Windows XP operating systems on their network, those savings should be weighed carefully against the costs inherent in the agreement’s terms. Interested businesses should take care to ensure that they have an effective software compliance initiative in place before giving Microsoft or any other software publisher the right to conduct a compliance audit in their environment. Businesses should also carefully consider the legal ramifications of signing a written admission that their computers have been running unlicensed software. For many, the incremental cost associated with purchasing licenses under other licensing frameworks may present a better long-term value.

The Business Software Alliance (BSA) recently lent its support to legislation pending in the U.S. Congress that would expand the scope and power of federal criminal law pertaining to IT security matters. Under the “Cyber-Security Enhancement Act of 2007” (CSEA), section 1030 of the federal criminal code would be amended to include new offenses of extortion based on threats to gain unauthorized access to a computer and of conspiracy to commit any of the IT-related crimes defined in section 1030. More significantly, the bill would create another new offense directed at anyone who:

…intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains a unique electronic identification number, address or routing code, or access device (as defined in section 1029(e)(1)), from a protected computer.

The term “exceeds authorized access” already is defined elsewhere to mean “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” In addition, the bill amends the previous definition of “protected computer” to include any computer “affecting interstate or foreign commerce or communication” (which would seem to include any computer that is publicly accessible through the Internet). Finally, the bill would include all of these offenses, along with the other section 1030 offenses, as predicates for prosecution (as well as civil liability) under the Racketeer Influenced and Corrupt Organizations Act (RICO).

It is undoubtedly important to give law enforcement all the tools that it needs to combat organized efforts to infiltrate secure computer networks and the sensitive personal information that many of them contain (an objective that CSEA also pursues through greater funding for federal investigations into cyber-crime). However, in pursuing this end, the CSEA and its supporters seem to be casting a very wide net indeed. Questions concerning what constitutes “authorized” access or information to which a user is or is not “entitled” on a web-accessible computer could mean that more than just hardened cyber-criminals end up getting caught in CSEA’s sweep. The surprisingly broad scope of the bill, coupled with the new link to RICO and the private civil suits that statute allows, may also mean that we could see an up-tick in IT-related litigation in coming years, should CSEA see its way through to passage. It will be interesting to watch this bills progress in coming weeks and months.

You can read the text of the bill here. Section 1030 as it currently exists is available here.

On October 5, Paul Holman and Lucy Rivello, both recent purchasers of Apple iPhones, filed suit against Apple and AT&T in the Northern District Court of California, alleging unfair and fraudulent business practices and anti-trust violations under California law, anti-trust violations under U.S. federal law, and trespass against personal property. The plaintiffs also are seeking to represent a nationwide class of similarly situated iPhone owners, dating from June 29, 2007, to the future date of judgment.

The plaintiffs’ allegations arise from their experience with the mobile network “locking” practices employed by Apple and AT&T with respect to the iPhone. Ordinarily, mobile network carriers can provide electronic codes to “unlock” a particular phone from their own network, thereby allowing the phone to access another carrier’s network that uses a compatible technical standard. While a carrier may charge an early termination fee before it allows a current customer to switch to another network, if that customer is under no pending contractual obligations with the carrier, the carrier usually will comply with the customer’s request and unlock the phone.

In the case of the iPhone, however, even though customers in most cases paid full retail price for their iPhones and may be under no contractual obligation to remain with AT&T, AT&T has refused to allow iPhone owners to unlock their phones and migrate to another compatible network. Moreover, according to the complaint, customers who have attempted to unlock their phones without assistance from AT&T have had their phones re-locked or even permanently disabled following a “mandatory” update to their devices’ operating systems from Apple. The complaint further alleges that when the affected customers have requested that Apple reactivate their disabled iPhones, Apple has refused, has told them that they are in violation of applicable iPhone user agreements, and has stated that the only recourse is to purchase a new iPhone.

As this case develops, it will be interesting to see how well the iPhone user agreement fares under scrutiny, as it is the document around which all of the claims and defenses in the case apparently will revolve. A negative result for Apple and AT&T could have important consequences for user agreements in other contexts.

You can download a copy of the complaint here

Owners of successful commercial websites increasingly find themselves faced with the challenge of protecting their Internet content against the misappropriation and copying of that content by others, including, most importantly, by competitors. Compounding this problem is the fact that those who would misappropriate and copy that website content may be able to avoid liability for copyright infringement by copying only the “look and feel” of another site, rather than the original words or images.

A recent case from the Southern District of California highlights the difficulty of proceeding with a copyright-based claim of website content infringement. In Allen v. Ghoulish Gallery, the plaintiff sued the defendant for infringing his asserted copyright in the website he had created for his business, which produced and sold antique photographs that were altered using “lenticular technology” to create a “spooky” alternative image, depending on the angle at which the photograph is viewed. These “changing portraits” are popular in the haunt industry and as novelties. The plaintiff’s and defendant’s businesses were in direct and, apparently, heated competition with one another.

In reviewing the plaintiff’s copyright infringement claims, the court noted that the individual elements displayed on the plaintiff’s site – fonts, navigation buttons, image frames, etc. – generally were not original or copyrightable. However, the court also noted that where “specific components of a compilation are not original or would not be protected by themselves, a party nonetheless may have protection in the selection, arrangement, and presentation of such components.” To obtain copyright protection under such a theory, a claimant must show: “(1) the collection and assembly of pre-existing material, facts or data; (2) the selection, coordination, or arrangement of those materials; and (3) the creation, by virtue of the particular selection, coordination, or arrangement, of an original work of authorship.” In this case, the court found that these elements were present in plaintiff’s web site and that the site was entitled to protection.

However, regardless of whether the content was entitled to protection, the court found that no infringement occurred. Where the work in question does not consist of original constituent elements, the inquiry involves a determination of whether there is a “substantial similarity” between the original work and the allegedly infringing work. That inquiry consists of an intrinsic analysis, based on “an ordinary person’s subjective impressions of the similarities between two works,” or an extrinsic analysis, which “focuses on specific criteria that can be listed and analyzed.” Here, the court used an extrinsic analysis and found that no substantial similarity existed between the two sites. The court noted that the two sites used the same fonts for the same purposes, the same configuration of tabbed links to different site sections, and “framed” examples of portraits, with either black oval “matting” or no “matting,” and substantially similar configurations of sample portraits. However, because the two sites used different colors within a predominantly black theme (which both also shared), different “framing” for the portraits, and different textual elements, the court ruled against the plaintiff’s copyright claim, and proceeded to take up the other claims of unfair competition and false claims that also had been raised.

Thus, if Allen is any indication, while copyright may be an option for businesses facing infringement of their website content by competitors, it could prove to be unavailing in many cases.

The Allen opinion is reported at 2007 WL 4207923.

Owners of successful commercial websites increasingly find themselves faced with the challenge of protecting their Internet content against the misappropriation and copying of that content by others, including, most importantly, by competitors. Compounding this problem is the fact that those who would misappropriate and copy that website content may be able to avoid liability for copyright infringement by copying only the “look and feel” of another site, rather than the original words or images.

A recent case from the Southern District of California highlights the difficulty of proceeding with a copyright-based claim of website content infringement. In Allen v. Ghoulish Gallery, the plaintiff sued the defendant for infringing his asserted copyright in the website he had created for his business, which produced and sold antique photographs that were altered using “lenticular technology” to create a “spooky” alternative image, depending on the angle at which the photograph is viewed. These “changing portraits” are popular in the haunt industry and as novelties. The plaintiff’s and defendant’s businesses were in direct and, apparently, heated competition with one another.

In reviewing the plaintiff’s copyright infringement claims, the court noted that the individual elements displayed on the plaintiff’s site – fonts, navigation buttons, image frames, etc. – generally were not original or copyrightable. However, the court also noted that where “specific components of a compilation are not original or would not be protected by themselves, a party nonetheless may have protection in the selection, arrangement, and presentation of such components.” To obtain copyright protection under such a theory, a claimant must show: “(1) the collection and assembly of pre-existing material, facts or data; (2) the selection, coordination, or arrangement of those materials; and (3) the creation, by virtue of the particular selection, coordination, or arrangement, of an original work of authorship.” In this case, the court found that these elements were present in plaintiff’s web site and that the site was entitled to protection.

However, regardless of whether the content was entitled to protection, the court found that no infringement occurred. Where the work in question does not consist of original constituent elements, the inquiry involves a determination of whether there is a “substantial similarity” between the original work and the allegedly infringing work. That inquiry consists of an intrinsic analysis, based on “an ordinary person’s subjective impressions of the similarities between two works,” or an extrinsic analysis, which “focuses on specific criteria that can be listed and analyzed.” Here, the court used an extrinsic analysis and found that no substantial similarity existed between the two sites. The court noted that the two sites used the same fonts for the same purposes, the same configuration of tabbed links to different site sections, and “framed” examples of portraits, with either black oval “matting” or no “matting,” and substantially similar configurations of sample portraits. However, because the two sites used different colors within a predominantly black theme (which both also shared), different “framing” for the portraits, and different textual elements, the court ruled against the plaintiff’s copyright claim, and proceeded to take up the other claims of unfair competition and false claims that also had been raised.

Thus, if Allen is any indication, while copyright may be an option for businesses facing infringement of their website content by competitors, it could prove to be unavailing in many cases.

The Allen opinion is reported at 2007 WL 4207923.

Websites have, in the past, relied primarily on textual or photographic elements to convey their messages. This fact has made it historically difficult for a business to support a claim that a competitor’s uncomfortably close emulation of its Internet content constituted trade dress infringement, in violation of U.S. trademark law under the Lanham Act. But that may be changing as the sophistication and importance of websites increases.

Modern websites are considerably more complex and content-rich than they were even five years ago. Those who frequent sites such as eBay® and Amazon.com® likely have come to associate those sites’ well-developed user interfaces with those companies to the same degree that shoppers at a Barnes & Noble® or Target® store would associate those stores’ design elements and merchandising practices with those businesses. Even sites without that degree of commercial traffic may enjoy great success in associating a successful web site design with a particular line of business. To the extent that a business can prove such an association, a handful of recent cases indicate that trademark law may provide the protections that some businesses need after all.

In Blue Nile, Inc. v. Ice.com, Inc., a 2007 case from the Western District of Washington, the trial court denied the defendant’s motion to dismiss the plaintiff’s claim that the defendant infringed its trade dress rights by copying the “overall look and feel” of the plaintiff’s well-known diamond-marketing site. While the court did not expressly sanction the use of trademark law to protect the “look and feel” of a website, it did nevertheless note that the theory deserved factual development in that case in order to assess its applicability. The court further noted that trademark law might provide the only basis for such claims, since more than one commentator has recognized that copyright law likely is insufficiently broad to cover a website’s overall format. In their briefing, the Blue Nile plaintiffs cited two earlier, unreported cases to support their arguments. In one, Peri Hall & Associates, Inc. v. Elliot Institute for Social Sciences Research, a 2006 case from the Western District of Missouri, the trial court granted the plaintiff’s request for a preliminary injunction prohibiting the defendant’s continued publication of a website that “copied the look and feel” of the plaintiff’s site and that further incorporated the plaintiff’s trademarks into the metatags for the site. In the other case cited by the Blue Nile plaintiff, Faegre & Benson LLP v. Purdy, a 2004 case from the District of Minnesota, the trial court there similarly granted that plaintiff’s request for a preliminary injunction based, in part, on the fact that the defendant there had published web page that featured “[plaintiff’s] nonfunctional trade dress… the appearance of which is confusingly similar to the trade dress of [plaintiff’s] web site” as well as the plaintiff’s trademarks.”

For many businesses facing infringement of their website content, it may be time and money well spent consulting with an attorney regarding the availability of a potential “cyber trade dress” claim such as those discussed in the Blue Nile opinion.

The Blue Nile opinion is reported at 478 F.Supp.2d 1240. The Peri Hall and Faegre & Benson opinions are available on Westlaw®, respectively, at 2006 WL 742912 and 2004 WL 167570.

A trademark is the most valuable asset owned by many businesses. The design, features, source code, or formulation of a product or service may change regularly and even predictably. Without a concise representation of the source, history or reputation of that product or service, such changes would make it immeasurably difficult, if not impossible, for a business to maintain demand. Businesses with particularly successful products or services spend considerable amounts of time, effort and money establishing and protecting their associated trademarks, and for good reason. Business owners who fail to pay sufficient attention to the protection of their companies’ marks face a number of what should be unacceptable risks, including the inability to register or use those marks at a future date, the dilution of the market’s recognition of their products or services, and, in some cases, legal fees and penalties arising from trademark claims made against them by other businesses. It is therefore important for all business owners to have an understanding of several basic principles of trademark law, including registration with the U.S. Patent & Trademark Office (USPTO), what constitutes improper use, and what remedies are available for infringement.

A trademark, or “mark,” is any word, phrase or symbol used by a business to let potential customers know who makes a certain product or who offers a certain service. (There is an increasingly archaic distinction made for marks that specifically designate services rather than products. Such marks are often labeled “service marks,” but this term is less frequently used today, and there is no meaningful distinction in the U.S. between the law’s treatment of marks for products and marks for services.)

In the U.S., a business may register its lawfully owned or used marks by submitting an application to the USPTO. Registration is not free: there is an application fee, and many businesses would benefit from the services of a knowledgeable trademark attorney in securing the registration and monitoring the use of any registered marks. In addition, in order for the registration to remain valid, a mark’s owner must file an affidavit of continuing use during the fifth year of registration and must submit a fee and application for renewal prior to the statutory expiration of the registration, which occurs at the end of ten years following registration or prior renewal.

However, for most businesses the benefits of registration far exceed the costs. Owners of unregistered marks are not wholly without recourse in the event of perceived infringement, but their options are significantly limited. Most importantly, owners of registered marks have the ability to file lawsuits in federal court for trademark infringement under the Lanham Act, the U.S. federal law pertaining to trademark protection. Owners of unregistered marks also may resort to federal litigation, but they typically face more difficult burdens of proof and less extensive remedies for proven infringement (e.g., treble damages are available only for infringement of registered marks). In addition, a valid certificate of registration from the USPTO carries with it a number of important evidentiary advantages, including: a presumption that the registered mark is valid, a presumption that the owner of the registration owns the mark, a presumption that the owner of the registration has the exclusive right to use the mark in commerce, and a presumption that the mark is not confusingly similar to any other registered mark. For all of these and several other important reasons (some of which are described here), a business owner with an existing, unregistered mark or a mark intended for future use should not hesitate to speak with an attorney regarding registration.

A trademark is the most valuable asset owned by many businesses. The design, features, source code, or formulation of a product or service may change regularly and even predictably. Without a concise representation of the source, history or reputation of that product or service – as distilled to the mark used to brand it – such changes would make it immeasurably difficult, if not impossible, for a business to maintain demand. Businesses with particularly successful products or services spend considerable amounts of time, effort and money establishing and protecting their associated trademarks, and for good reason. Business owners who fail to pay sufficient attention to the protection of their companies’ marks face a number of what should be unacceptable risks, including the inability to register or use those marks at a future date, the dilution of the market’s recognition of their products or services, and, in some cases, legal fees and penalties arising from trademark claims made against them by other businesses. It is therefore important for all business owners to have an understanding of several basic principles of trademark law, including registration with the U.S. Patent & Trademark Office (USPTO), what constitutes improper use, and what remedies are available for infringement.

After an application for trademark registration is filed, it is assigned to an examining attorney at the USPTO for review. That examining attorney is under an obligation to approve the mark for registration on the USPTO’s “principal register” of trademarks unless it meets one of several disqualifying criteria. For many businesses, most of these criteria are not usually difficult to avoid, including the following:

- The mark “consists of or comprises immoral, deceptive, or scandalous matter.”
- The mark disparages, brings into contempt or disrepute, or falsely suggests a connection with other persons, institutions, beliefs or national symbols.
- Consists of or comprising the name, portrait or signature of a living person without that person’s consent or of any deceased U.S. President during the life and without the consent of that President’s spouse.

However, other criteria can present more of a challenge. These include the following requirements:

-The proposed mark must not be so similar to an already-registered mark that it would cause confusion, mistake or deception as to the origin of the product or service associated with the proposed mark.
- The proposed mark must not be “merely descriptive or deceptively misdescriptive” of the product or service with which it is associated.
- The proposed mark must not be “primarily merely a surname.”

A search of the USPTO’s records can yield a surprising number of existing and pending trademarks that may be similar to a mark a business wants to register and protect. In addition, it is not uncommon for a business to want to register a mark that either is in whole or that contains elements descriptive of associated products or services. While many such descriptive marks may not be eligible for registration on the principal register, if, through a business’ continuous and exclusive use, those marks have acquired “secondary meaning” and become distinctive of the business’ goods or services, a business may be able to secure registration with sufficient supporting documentation. In these cases especially, a knowledgeable trademark attorney can provide valuable assistance to help reduce the risk of delay or denial in applying for registration.

A trademark is the most valuable asset owned by many businesses. The design, features, source code, or formulation of a product or service may change regularly and even predictably. Without a concise representation of the source, history or reputation of that product or service – as distilled to the mark used to brand it – such changes would make it immeasurably difficult, if not impossible, for a business to maintain demand. Businesses with particularly successful products or services spend considerable amounts of time, effort and money establishing and protecting their associated trademarks, and for good reason. Business owners who fail to pay sufficient attention to the protection of their companies’ marks face a number of what should be unacceptable risks, including the inability to register or use those marks at a future date, the dilution of the market’s recognition of their products or services, and, in some cases, legal fees and penalties arising from trademark claims made against them by other businesses. It is therefore important for all business owners to have an understanding of several basic principles of trademark law, including registration with the U.S. Patent & Trademark Office (USPTO), what constitutes improper use, and what remedies are available for infringement.

In some cases where a business’ trademark is not eligible for registration on the USPTO’s principal register, it is often advisable for the business to register the mark on the supplemental register instead. Marks on the supplemental register do not enjoy all of the statutory protections afforded to marks on the principal register. However, their owners are eligible to file lawsuits for trademark infringement under U.S. federal law. In addition, by treaty, many foreign nations require registration of a mark in its owner’s home nation before they will allow registration in their own records. Therefore, registration on the supplemental register may be a necessary step to securing trademark rights outside the U.S., where many foreign states have less stringent requirements for full protection. Finally, continuous registration on the supplemental register can be helpful to a business seeking primary registration for a mark that is asserted to have acquired secondary meaning through continuous, exclusive use.

To be eligible for registration on the supplemental register, a mark must be currently in use and “must be capable of distinguishing the applicant’s goods or services,” but it need not have the inherent distinctiveness required in order to avoid being deemed “merely descriptive” and, thus, ineligible for principal registration. However, many of the disqualifying criteria for registration on the principal register still apply to the supplemental register, including, for example, the presence of any deceptive or fraudulent elements or the unauthorized use of a third person’s name or likeness. Registrations on the supplemental register also are subject to the same requirements pertaining to duration and renewal that apply to registrations on the principal register.

Whether and to what extent supplemental registration represents a good value proposition for your business is a question best explored with a knowledgeable trademark attorney.

A recent opinion from the U.S. Court of Federal Claims highlights some of the difficulties that creative professionals may face when pursuing claims of copyright infringement against the federal government. Admittedly, though, it is doubtful that most such claimants would find themselves in the situation of pursuing such claims from a jail cell.

Robert James Walton v. The United States (opinion released January 23, 2008) involved the case of an individual (Walton) who, while serving a 17.5 years sentence at the U.S. Penitentiary at Leavenworth, Kansas, following his conviction on charges of bank robbery, performed professional graphic design services in the creation of several calendars under work detail for the federal government. (Prior to his incarceration, Walton received substantial graphic design training and had taught classes on the subject.) Following the creation of the calendars, Walton voiced concerns to prison officials regarding what he believed to be the government’s misappropriation of what he claimed to be his intellectual property rights in the calendars he created. Perhaps predictably, prison officials dismissed Walton’s concerns and informed him that all rights in the calendars belonged to the government (specifically, to UNICOR/Federal Prison Industries, Inc. (FPI), the non-appropriated fund instrumentality in charge of the work detail to which Walton was assigned). In response, Walton eventually filed suit against the federal government, alleging that FPI and the General Services Administration (GSA) infringed his copyrights in the calendars. Following several venue transfers as well as a stay to give the U.S. Copyright Office time to make a decision with regard to Walton’s application for registration of his copyrights, Federal Claims Court heard the U.S. government’s motion to dismiss and for summary judgment.

The government’s motion sought dismissal of Walton’s claims on essentially two grounds: (1) dismissal based on the court’s alleged lack of subject matter jurisdiction, because Walton’s failed to register his copyrights prior to filing suit; and (2) dismissal for Walton’s alleged failure to state a claim upon which relief can be granted, because Walton allegedly was an employee of the FPI and/or the federal government when he created the calendars.

The court did not grant the relief sought by the government for any of the reasons advanced in the government’s motion. With respect to the jurisdictional issue, the court held that Walton’s amended complaint, which Walton filed after he registered his copyrights in the calendars and while the alleged infringing activity was ongoing, served “…as a de facto supplemental complaint…analogous to a separate complaint distinct from the initial, November 21, 2001 complaint.” Thus, that jurisdictional issue could not serve as a basis for dismissal.

However, the court sua sponte raised a separate jurisdictional issue based on a statutory proviso to the federal government’s waiver of sovereign immunity in copyright infringement cases. 28 U.S.C. § 1498(b) reads as follows:

[W]henever the copyright in any work protected under the copyright laws of the United States shall be infringed by the United States, ... the exclusive action which may be brought for such infringement shall be an action by the copyright owner against the United States in the Court of Federal Claims ...: Provided, however, That this subsection shall not confer a right of action on any copyright owner ... with respect to any copyrighted work prepared by a person while in the employment or service of the United States, where the copyrighted work was prepared as a part of the official functions of the employee, or in the preparation of which Government time, material, or facilities were used....

The court first held that everything after the word “Provided” in the above passage is jurisdictional in nature, and thus constitutes matters that a plaintiff must prove (or disprove) in order for copyright claims against the government to move forward. The court then addressed the substance of the proviso and Walton’s relationship with the federal government, and noted the “absurdity” of trying to apply traditional, common-law agency factors to determine whether a prison inmate is an “employee” of the government (thereby effectively denying the other basis of the government’s motion, though the rest of the court’s opinion rendered moot both of the issues raised by the government). However, the court went on to hold that, at the time he created the calendars, Walton was “in the…service of the United States…” and that in the preparation of the copyright works, “…Government time, material, [and] facilities were used…” Because of this, and in light of the court’s prior holding regarding the nature of the proviso, the court found that it lacked subject matter jurisdiction over Walton’s claims, which it therefore had no alternative but to dismiss.

Most individuals or businesses performing creative work for the federal government will never find themselves in the sort of situation that Mr. Walton faced. However, the Walton opinion serves as a reminder of certain protections that you can take to ensure that you will retain rights in the works that you create. First, it is important to make explicit in a written agreement with the government that all works under the agreement are to be created in the individual’s or business’ status as an independent contractor of the government and also that those works are not “works for hire,” in which the government would hold the copyright. Second, to the extent possible, it is advisable to avoid using any government resources in the creation of the works, because the Walton analysis seems to make clear that a person working “in the…service of the United States” still may bring a claim for copyright infringement as long as he or she did not use “…Government time, material, or facilities…” in the creation of the works. Finally, as is true for any creative work, it is always very important to register that work as soon as possible following its creation, in order to avoid any potential jurisdictional problems.

In addition to the words or logos accompanying a product or service, the physical structure and/or packaging of a product or the distinctive locations where a service is offered also can serve as powerful mechanisms to identify and differentiate the product or service in the marketplace. The shape of a Coca Cola® bottle or the seven vertical slots in the front grill of a Jeep® or the red and white color scheme of a Target® store all serve the same essential functions for their associated brands as do the names of those brands. In light of this, protection of such “trade dress” can be one of the most important parts of many business’ intellectual property enforcement initiatives.

As with trademarks, practical trade dress protection begins with registration. In order to be eligible for the protections that registration provides, trade dress first must satisfy the same basic, initial test as trademarks – that is, does the dress primarily serve to identify or distinguish associated goods or services in the marketplace? The important part of that question to keep in mind especially when considering trade dress is the word primarily.

Most trade dress serves – or originally served – some other purpose. A Coca Cola® bottle holds liquid. The slots in a Jeep® grill allow air to pass to the engine compartment. A Target® store houses merchandise and store operations. However, over time the designs of these items have become more important as indicia of the associated brands than as functional packages or structures. It is at the point where the design of a product becomes primarily non-functional that its eligibility for trademark registration and strong protections begins.

There is a long history of business disputes being waged in and out of court over the question of where on the primary purpose spectrum a product design falls. Most recently, we have seen high-profile disputes involving Louis Vuitton® purses as well as a contentious battle between Jeep® and Hummer® over the protectability of that famous grill. Many businesses would do well to consult with counsel in the establishment of a strong trade dress registration, monitoring, and enforcement program to protect their distinctive designs.

In determining the degree to which a trademark is entitled to protection against infringement, one of the factors that a court will consider is the strength of the mark. In making this determination, a court typically will consider where along a spectrum of distinctiveness a trademark falls. The strength values within that spectrum sometimes are described as follows:

(1) GENERIC marks (e.g. “Cola” – these merely describe the class of goods or services into which a particular product or service falls and generally receive no protection);

(2) DESCRIPTIVE marks (e.g., “Fizzy Cola” – these generally receive protection only if, through continuous use, they have come to be clearly associated with distinct products or services in the marketplace);

(3) SUGGESTIVE marks (e.g., “Satisfaction Cola” – these require the customer to use some imagination to determine the product’s nature);

(4) ARBITRARY marks (e.g., “Royal Crown Cola®” – these use common words that do not have anything to do with the product); and

(5) FANCIFUL marks (e.g., “Pepsi Cola®” – these use names or words more or less invented in order to market the product and receive the strongest protection).

Thus, the more successful a business is in showing that its mark is arbitrary or fanciful, the more likely it is to receive strong protection for that mark.

A recent case from the Northern District of California provides a colorful illustration of this analysis. In Palantir Technologies Inc. v. Palantir.net, Inc., at issue, essentially, was the use of the mark PALANTIR. Tolkien fans may recall that, in The Lord of the Rings, the palantir were a set of magical stones, any one of which could be used to see events occurring near any of the other stones.

Palantir.net, Inc. (“Palantir.net”) is a national provider of Internet site design and software development services. It began providing services under the “Palantir” name in 1996, acquired the “palantir.net” domain name in 1997, and obtained trademark registration for its mark on January 31, 2006. In early 2007, Palantir.net became aware that Palantir Technologies Inc. (“PTI”) also was offering software development services under the “Palantir” name and that it had begun using Google’s AdWords service to obtain sponsored search engine results. PTI was created in 2004 and first started offering products under the “Palantir” name in late 2005. In response, Palantir.net sent a cease and desist letter to PTI and attempted to engage PTI in talks regarding the matter. However, PTI subsequently filed a declaratory judgment action seeking a ruling that it was not infringing Palantir.net's mark. Palantir.net then filed counterclaims and sought a preliminary injunction to restrict PTI’s use of the mark during the pendency of the lawsuit.

In ruling on Palantir.net’s injunction request, the court had to determine whether Palantir.net was able to demonstrate a likelihood of success on the merits with regard to its claims that there was a likelihood of confusion between the marks at issue. Because many of the factors involved in the likelihood of confusion analysis in this case were fairly straightforward (e.g., the marks were similar, were applied to similar products or services, and used similar marketing channels, among others), the court’s decision hinged in large measure on the strength of the word “palantir” as a trademark. In its motion, Palantir.net perhaps inadvertently described its mark as merely suggestive, a claim that PTI nevertheless disputed by arguing that the mark was part of a crowded field of similar marks.

The court disagreed with PTI’s crowded field argument (finding that there was little or no substantial evidence to support the claim), and it effectively gave Palantir.net the benefit of a doubt in stating:

Accepting Palantir.net's original assertion that its mark is suggestive, it is at the far end of the suggestive spectrum, very near to arbitrary or fanciful, and thus is of at least moderate strength. It requires a mental leap to go from Palantir.net's mark to its services; indeed, it requires a detailed knowledge of The Lord of the Rings and a precipitous climb from The Lord of the Rings to Palantir.net's services. “The more imagination required, the stronger the mark is.” Thus, Palantir.net's mark is strong enough to deserve trademark protection.

(citation omitted)

Thus, the opinion supports the unsurprising proposition that a legally fanciful mark may be found within the pages of fantasy literature. When assessing the strength of a mark and the viability of a strong IP enforcement regime, it is important to consider all factors that may support registration and potential future claims of infringement by others.

The Business Software Alliance (BSA) recently announced that it entered into a settlement agreement with a small-to-medium-sized motor sports dealer and equipment supplier in Greenville, South Carolina, regarding the dealer’s alleged use of unlicensed, Adobe and Microsoft software. The BSA said that under the settlement, the targeted dealer, which apparently owns only 40 to 50 computers, was required to make a settlement payment of slightly more than $72,000.00 and also to agree “to delete all unlicensed copies of software installed on its computers, acquire any necessary replacement licenses and commit to implementing stronger software license management practices.” There was no statement from the dealer included in the press release, a copy of which is available here. There is also a brief article regarding the matter from a local media outlet here.

Businesses that endure software audits initiated by the BSA or by the Software & Information Industry Association (SIIA), often come to the unpleasant realization toward the end of the ordeal that, in addition to the settlement payment, the costs of investigation and diversion of resources, and the legal fees already incurred on the path to reaching a settlement agreement, the auditing entity often demands that it be allowed to publicize the matter in a press release such as the one described above. In the vast majority of cases, the negative value to the business of such publicity is proportionally far greater than any positive value derived from the auditing entity. Nevertheless, the BSA and SIIA both typically demand that businesses pay a high premium to keep the existence of or details regarding an audit settlement from public attention. Businesses that fail to account and plan for such a premium at the outset of an audit engagement may be faced with the grim prospect toward the end of the matter of having to accept terms that include costly negative publicity that, especially in some tech-related industries, can be very damaging to a business’ reputation.

It is important to keep confidentiality in mind at the outset of the software audit process and, after a preliminary exposure estimate is calculated, to determine whether the cost of the bad press that audits often entail will be greater than the price to include confidentiality terms in an eventual settlement agreement. In cases where that price is too high, there may be less-expensive alternatives to explore at settlement, such as inclusion of terms that give the business the right to review and contribute to a press release prior to publication or terms that allow the auditing entity the right to publish the existence of the settlement, but not the details. A knowledgeable software audit attorney can provide valuable assistance in considering these and other options to mitigate the lingering effects of a BSA or SIIA software audit.

eBay recently entered into a stipulated final judgment with the operator of another Internet auction site that, as alleged by eBay, committed trademark infringement, dilution, false designation of origin and unfair competition through its use of a confusingly similar domain name – CoinBay.biz. Under the agreement, the CoinBay operator agreed to change the name of its site to CoinDay.com and to never attempt to register any trademark with “bay” or with a logo that includes offset letters or alternating colors, as in the well-known eBay logo.

The case serves as a reminder to all businesses owning famous marks that policing potentially infringing use of those marks by others can be a challenging prospect. An illegally infringing use can involve all or, as in the eBay case, only part of a mark. In some cases, though there may be a facially infringing use, if it is not tied to the promotion of products or services similar to those associated with the protected mark, the owner’s legal remedies may be limited. Furthermore, while certain cases may require trademark, cybersquatting, or unfair competition litigation in order to reach a resolution, others may be addressed through indirect methods, such as a request to an Internet service provider (ISP) that it take down an infringing site. With trademarks, as opposed to copyrights, the latter remedy may be somewhat less obvious, as there is no trademark equivalent to the Digital Millennium Copyright Act, under which an ISP is given safe harbor from potential copyright claims only if it removes infringing material in response to written notice from the copyright owner. In contrast, for trademarks, an ISP’s own terms of use often can be helpful in convincing it to remove infringing content.

The amount of business conducted worldwide on the Internet will only continue to increase into the future. Policing unauthorized use of protected marks on the Internet is therefore the lynchpin to an effective trademark enforcement regime.

It is not possible to copyright an idea. The owner of a small business in Georgia recently received an undoubtedly unwanted lesson in this sometimes-overlooked aspect of copyright law when she saw her suit for copyright infringement dismissed following the court’s grant of summary judgment in the defendant’s favor.

At issue in Ristuccia v. Super Duper, Inc. were decks of flash cards used to assist individuals undergoing speech therapy to learn to properly pronounce the letter ‘R’ in the English language. The plaintiff claimed that the defendant infringed the decks she published by “(1) copying her selection of R allophones and/or words and images, and (2) arranging its Vocalic R Cards decks in a phonetically consistent manner.” The Plaintiff believed her sound selections and arrangements to be original and protected by copyright.

However, as the trial court explained in its opinion, the scope and availability of copyright protections afforded to the “selection and arrangement” of constituent elements in a compilation is “thin,” even in cases where the bulk of the elements comprising an alleged infringer’s work were copied from material published by a claimant. With regard specifically to the arrangement of the selected components, the court stated:

Once again, Plaintiff is attempting to argue that her educational ideas are protected by copyright. They are not. Although the concept of arranging words in a “phonetically consistent” manner may be a useful educational innovation, a concept is not protectable by copyright. Defendant cannot be liable for simply arranging a non-infringing selection of words in a “phonetically consistent” manner.

(citations omitted)

This issue is sometimes described as the “idea-expression dichotomy” in copyright law. In many instances, it can present more of a challenging dilemma than in the Ristuccia case, because the “idea” and the “expression” are both intangible concepts, and their contours are therefore subjective. In closer cases, the outcome may be different, and a business that uses copyrighted content in a way that it believes to be a different expression of a common idea may nevertheless find itself on the losing end of a lawsuit.

Viacom’s well-publicized court fight against YouTube and Google his given Judge Louis Stanton of the U.S. District Court for the Southern District of New York an opportunity – or, perhaps more accurately – a good reason to now repudiate one of his prior decisions that seemed to leave the door open for punitive damages in copyright infringement cases. In Blanch v. Koons (2004), though she was able to prove willful infringement on the part of the defendants, the plaintiff found herself unable to pursue a claim for statutory damages under the Copyright Act, because she had not registered the works at issue before the infringement occurred. Moreover, she could not pursue actual damages, because she had sustained none that she could prove. However, Judge Stanton gave the plaintiff leave to amend her complaint “so that [she] has a chance to prove malice and raise squarely the question whether punitive damages are available to her.” The court’s decision was based largely on suggestions from other courts that such damages might be available, but despite the fact that nowhere in its text does the Copyright Act purport to allow awards of punitive damages for proven infringement, willful or otherwise.

However, this month, Judge Stanton reconsidered his earlier ruling in light of Viacom’s claims against YouTube and Google that the ubiquitous video sharing service is liable for the unauthorized copying and distribution of Viacom’s copyrighted content. In the pending case, Viacom relied upon the court’s decision in Blanch to move for leave to amend its complaint to include a punitive damages claim (despite the availability to Viacom of the full array of ordinary copyright protections for the content alleged to have been infringed). Judge Stanton denied the motion and made clear in surprisingly blunt terms that, to the extent that the opinion in Blanch was good law, it had been roundly rejected by other courts and commentators. As the court here held: “It is time to extinguish the ignis fatuus held out by Blanch. Common-law punitive damages cannot be recovered under the Copyright Act.”

Businesses facing claims of copyright infringement clearly should take them very seriously indeed, as the damages explicitly allowed under the Copyright Act can be substantial, especially where it is possible to prove willful infringement. However, if it ever was a concern, the need to factor in potential punitive damages into an exposure estimate now seems (once again) to have no practical utility whatsoever. It will be interesting to watch the Viacom case as it progresses through the trial and (no doubt) appellate stages. With the implications of the case as weighty as they are, it is likely that this will not be the last time a court uses the case as a vehicle to explain or confirm existing law, or, conceivably, make new law based on the facts and arguments presented.

A Western District of New York Magistrate Judge recently recommended that claims filed by the owners of several copyrighted songs (allegedly performed without their permission) should be dismissed as a result of the plaintiffs’ membership in the American Society of Composers, Authors and Publishers (“ASCAP”). In ruling on a number of pre-trial matters, the Judge independently raised the issue of the plaintiffs’ standing to sue based on ASCAP membership agreements they had attached to a motion for summary judgment. Those agreements included the following provisions:

1. "[Plaintiff] grants to [ASCAP] for the term hereof, the right to license non-dramatic public performances ... of each musical work .... The rights hereby granted shall include:
(a) All the rights and remedies for enforcing the copyrights or copyrights of such musical works ... as well as the right to sue under such copyrights in the name of [ASCAP] and/or in the name of [plaintiff] and/or others, to the end that [ASCAP] may effectively protect and be assured of all the rights hereby granted.
* * *
3. [ASCAP] agrees, during the term hereof ... to hold and apply all royalties, profits, benefits and advantages arising from the exploitation of the rights assigned to it by its several members, including [plaintiff], to the uses and purposes as provided in its Articles of Association.
4. [Plaintiff] hereby irrevocably, during the term hereof, authorize, empowers and vests in [ASCAP] the right ... to prevent the infringement thereof, to litigate, collect and receipt for damages arising from infringement ... and to release, compromise, or refer to arbitration any actions, in the same manner and to the same extent ... as [plaintiff] might or could do, had this instrument not been made.
5. [Plaintiff] hereby makes, constitutes and appoints [ASCAP] or its successor [plaintiff's] true and lawful attorney ... to do all acts, take all proceedings ... proper or expedient to restrain infringements and recover damages".
6. [Plaintiff] agrees from time to time, to execute, acknowledge and deliver to [ASCAP], such assurances ... as [ASCAP] may deem necessary or expedient to enable it to ... enjoy ..., in its own name or otherwise, all rights and remedies aforesaid."

The Judge stated that the effect of the above provisions was to strip the plaintiffs of their standing to sue under Article III of the U.S. Constitution. Under the Judge’s interpretation of the agreements, the plaintiffs assigned exclusively to ASCAP all rights to seek remedies for infringement of the covered works. Therefore, according to the Judge’s recommendation, none of the plaintiffs was unable to show that his “individual need requires the remedy for which he asks…that he stands to profit in some personal interest…and that he personally would benefit in a tangible way from the court's intervention." (internal quotes and citations omitted)

Many software publishers, including Microsoft, Adobe and Autodesk, are members in industry trade groups such as the Business Software Alliance (“BSA”) and the Software & Information Industry Association (“SIIA”), which typically operate under powers of attorney from the publishers to target small-to-medium-sized businesses with allegations of software copyright infringement. In the event of litigation arising from such allegations, filed either directly by the publishers or by the BSA or SIIA, it would be a good idea to carefully review all relevant membership documents to determine the scope of authority under which the named plaintiff has filed the action. It will also be interesting to watch the New York litigation to see if the Magistrate Judge’s recommendation is adopted by the District Court and upheld on appeal, if any.

Perfect 10 – the publisher of adult photographs that lost its appeal to hold Google liable for copyright infringement by linking to and displaying thumbnails of unauthorized copies of its copyrighted images – has won the support of the MPAA, the RIAA, and several other industry groups in a separate effort to hold Visa and other financial services businesses liable for enabling copyright infringement.

The various industry groups recently filed an amicus curiae brief with the U.S. Supreme Court in support of Perfect 10’s petition for review of the 9th Circuit’s refusal to reverse the trial court’s dismissal of its claims against the defendant businesses. In this litigation, Perfect 10 has argued that the credit card companies facilitated infringement of its copyrighted content by providing payment processing services to various businesses that copy and distribute that content for profit. However, the 9th Circuit dismissed all of Perfect 10’s claims in July 2007, characterizing those claims as “radical new theories of liability.” In its opinion, the Court held that the fact “that Defendants have the power to undermine the commercial viability of infringement does not demonstrate that the Defendants materially contribute to that infringement.” In their brief, the amici counter that it is the 9th Circuit’s opinion that “dramatically changes the secondary liability standards that courts have applied for decades, and it does so in ways that threaten the effectiveness of secondary liability as a means to combat Internet piracy.”

Though it seems an unlikely result, if the Supreme Court does grant Perfect 10’s petition for review, the effects of its opinion on the matter could be very far-reaching and could further inform interpretation of the 9th Circuit’s earlier ruling on Perfect 10’s claims against Google.

The U.S. District Court in New Hampshire recently issued a written opinion that undoubtedly will give some Internet service providers reason to re-think their policies with regard to some anonymous user accounts. In Doe v. Friendfinder Network, Inc., the plaintiff discovered prior to filing suit that an unnamed individual had created a number of profiles using information about the plaintiff’s identity on various social networking websites operated by the defendants and oriented toward people seeking sexual relationships with others. The plaintiff sued defendants on various state-law claims arising out of the allegedly false and unauthorized personal advertisements. In its opinion, the court addressed the defendants’ motion to dismiss, which asserted that the plaintiffs’ claims were barred by the Communications Decency Act of 1996. That Act provides, in part, that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider,” which the Act further defines as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.”

The court held that the Act did work to bar all of the plaintiff’s state-law claims, except for one: invasion of privacy, to the extent that the plaintiff’s claim was based on the right of publicity. The court specifically looked to an exception in the Act, which provides: “[n]othing in this section shall be construed to limit or expand any law pertaining to intellectual property.” The court stated that a state-law right of publicity claim arises from a “law pertaining to intellectual property,” and it further held that state-law intellectual property claims are within the scope of the Act’s exception. In so holding, the court expressly disapproved the 9th Circuit’s opinion in Perfect 10, Inc. v. CCBill, LLC, where it held last year that the exception only extended to claims based on violations of federal laws pertaining to intellectual property.

The Friendfinder case may be one to watch for at least two reasons. First, it has the potential to set up a conflict between two federal circuits, which may help lead to or hasten review by the Supreme Court. (A petition for certiorari was denied following the 9th Circuit’s ruling in the CCBill case.) Second, if the trial court’s opinion in Friendfinder prevails, then Internet service providers – especially those operating social networking sites (which now include heavy-hitters such as Facebook and Second Life) – may face the daunting prospect of having to verify the validity of information entered in users’ personal profiles in order to avoid exposure from state-law claims based on violation of a third party’s right of publicity. Such a precedent could mean significant changes to the way such sites operate today.

By an overwhelming majority of 410-11, the U.S. House recently passed the Prioritizing Resources and Organization for Intellectual Property Act of 2007 (PRO-IP Act). The legislation has been controversial among many legal experts and consumer groups for proposing significant and, according to many, unnecessary changes to existing copyright law. The PRO-IP Act proposes new governmental powers and bureaucracies – including a “copyright czar” – with the stated goal of combating copyright infringement. The PRO-IP Act also provides for criminal and civil forfeiture of property used to commit copyright infringement, and it would allow courts in copyright litigation to order the seizure of property containing records documenting acts of infringement.

However, perhaps the most controversial aspect of the legislation was removed prior to passage. As introduced in the House, the PRO-IP Act would have provided as follows:

A copyright owner is entitled to recover statutory damages for each copyrighted work sued upon that is found to be infringed. The court may make either one or multiple awards of statutory damages with respect to infringement of a compilation, or of works that were lawfully included in a compilation, or a derivative work and any preexisting works upon which it is based. In making a decision on the awarding of such damages, the court may consider any facts it finds relevant relating to the infringed works and the infringing conduct, including whether the infringed works are distinct works having independent economic value.

That change would have comprised a substantial departure from the analysis used to calculate statutory damages for copyright infringement. Currently (and, ostensibly, for the foreseeable future), the Copyright Act expressly provides that compilations are to be considered “one work” for the purpose of calculating statutory damages for their infringement.

Industry groups had been strongly in favor of the legislation as it was originally drafted, because its passage would have increased the amount of copyright damages awards. The fact that the statutory damages language was stripped from the bill prior to passage is compelling evidence (to the extent that any was needed) that it was never the intent of Congress to allow for heightened damages awards for unauthorized copying of compilations, even when the constituent parts of those compilations are independently copyrighted and capable of “leading their own copyright life” apart from any suite in which they are included.

Trade negotiators from some of the world’s wealthiest industrialized nations are in the process of negotiating a pact that could lead to the establishment of a new kind of international IP rights enforcement. The U.S. is a leading proponent of the Anti-Counterfeiting Trade Agreement (“ACTA”), which would aim to establish international standards and legal frameworks for the protection and enforcement of IP rights and, if early information is to be believed, would entail surprising new legal reforms. Late last month, a “Discussion Paper on a Possible Anti-Counterfeiting Trade Agreement” was leaked to the operators of the Wikileaks.org web site. Although there are not many details, if the paper accurately depicts the agreement, the proposed deal points include:

• “[criminal penalties for] significant willful infringements without motivation for financial gain to such an extent as to prejudicially affect the copyright owner” (likely having the effect of chilling the activities of some non-profit media sites like Wikileaks.org)
• “ex officio authority for customs authorities to suspend import, export and trans-shipment of suspected [IP rights] infringing goods” and “[border] measures to ensure the seizure and destruction of [IP rights] infringing goods” (potentially giving customs officials the authority to inspect media content (e.g., music, software) for authenticity)
• “[civil] authority to order ex parte searches and other preliminary measures” (notwithstanding the constitutional objections, making the term “IP Police” more descriptive than may be comfortable)

To the extent that the trade negotiators working on the pact allow information from their proceedings to be made public (which seems somewhat unlikely), it will be very interesting to see the form that the final agreement takes by the time it is drafted and signed. It will also be very interesting to see how well it plays in the U.S., where some of the stronger measures of the recent “PRO-IP” copyright reforms had to be eliminated before the House passed the legislation on to the Senate.

The working paper remains available on the Wikileaks.org site here.

It is natural for the owner of a trademark want to seek some sort of redress when another person or entity uses that mark in the URL or the content of a web site, especially when that site competes with or criticizes the owner. However, relief from such use may be unavailable under the Lanham Act when it is not possible to show commercial intent behind the use, and a recent 10th Circuit opinion suggests that the standard to prove commercial intent may be higher than some would expect.

In Utah Lighthouse Ministry (UTLM) v. Foundation for Apologetic Information and Research (FAIR), the plaintiff, UTLM, filed suit against FAIR based on a web site published by FAIR’s vice president and webmaster, a co-defendant, which parodied the content of UTLM’s site. UTLM is an organization that publishes critiques of the Mormon Church. FAIR, on the other hand, is a volunteer organization that responds to such critiques.

The description in the opinion indicates that the parody site bore many similarities to the UTLM site:

The design elements are similar, including the image of a lighthouse with black and white barbershop stripes. However, the words “Destroy, Mislead, and Deceive” are written across the stripes on the Wyatt website. Prominent text on the Wyatt website consists of a slight modification of the language located in the same position on the UTLM website. For example, the UTLM website states: “Welcome to the Official Website of the Utah Lighthouse Ministry, founded by Jerald and Sandra Tanner.” In comparison, the Wyatt website states: “Welcome to an official website about the Utah Lighthouse Ministry, which was founded by Jerald and Sandra Tanner.” (emphasis added.) The Wyatt website does not have any kind of disclaimer that it is not associated with UTLM.

The opinion also indicates that FAIR’s webmaster, through his company, also registered ten domain names, which were “combinations of ‘Utah Lighthouse Ministry,’ ‘Sandra Tanner,’ ‘Gerald Tanner,’ ‘Jerald Tanner,’ and ‘.com’ and ‘.org.’” UTLM alleged that FAIR’s parody site and its webmaster’s registration of the domain names at issue constituted trademark infringement, unfair competition, and cybersquatting. The trial court disagreed with UTLM and granted the defendants’ motion for summary judgment as to all UTLM claims. UTLM then appealed the trial court’s decision to the 10th Circuit.

In upholding the trial court’s grant of summary judgment, the 10th Circuit relied, in large part, on the fact that UTLM was able to prove no commercial intent behind the parody site or FAIR’s webmaster’s registration of the domain names. FAIR’s webmaster neither promoted nor sold any products or services at the parody site. UTLM argued that the parody site linked to FAIR’s web site, where FAIR sold books, some of which also were available through the UTLM site. However, the Court found that any connection between the parody site and the commercial activities at the FAIR site was too attenuated to support a finding of commercial intent. In reaching that conclusion, which was the 10th Circuit’s first time to analyze an argument for commercial intent based on this type of fact pattern, the Court cited to a 9th Circuit opinion in which no commercial intent was found where a parody site linked to another site operated by the same defendant, which in turn linked to a newsgroup containing advertisements for the plaintiff’s competitors. Though the “distance” between the parody site in this case and the FAIR site’s commercial activities was not as great as in the 9th Circuit case, the 10th Circuit held that the trial court had used an analysis similar to that employed by the 9th Circuit, which it believed to be appropriate.

UTLM also argued that the parody site interfered with “the ability of users to reach the goods and services offered on the UTLM website.” The 10th Circuit disagreed, stating:

In our view, the defendant in a trademark infringement and unfair competition case must use the mark in connection with the goods or services of a competing producer, not merely to make a comment on the trademark owner's goods or services. The Lanham Act addresses the specific problem of consumer confusion about the source of goods and services created by the unauthorized use of trademarks. Unless there is a competing good or service labeled or associated with the plaintiff's trademark, the concerns of the Lanham Act are not invoked. (quotations omitted)

UTLM raised a third argument regarding the general commercial nature of the Internet, but this too was denied by the Court. The Court also found that there was no likelihood of confusion between the sites at issue, especially in light of the fact that the defendants’ site was a parody site, and that UTLM had failed to prove any bad faith intent by FAIR or its webmaster to profit on the domain names that had been registered, thereby supporting the denial of UTLM’s cybersquatting claims.

Especially for businesses in the 10th Circuit, this case appears to present a significant challenge for claims of Internet-based trademark infringement where commercial intent is difficult to prove. Business considering lawsuits based on such claims should consult closely with counsel to determine whether the costs of litigation are worth the risk of loss.