Business and Technology Law

In the past, I have covered some of the most problematic aspects of standard IBM software license agreements. However, IBM software licensing can be a recurring nightmare for procurement teams and IT administrators for reasons that extend beyond the four corners of those agreements. Three of the more “global” challenges associated with correct licensing of IBM software products include the following:

1. You will be assimilated. Though IBM has a wide array of current software-product offerings, a large part of that catalog is the result of a substantial number of acquisitions of other companies (e.g., Tivoli, Lotus, Guardium, SPSS, ILOG, Cognos, Rational, Informix) that developed innovative software products. As a result, IBM’s software products often have very little in common with one another, either from an architectural or a business-model perspective. Licensing metrics and restrictions vary substantially across the product line, requiring software asset managers to become proficient in a stack of licensing rules that rival the Oxford English Dictionary for fine print.


2. Good luck with discovery. The variability of IBM’s software-product architectures means that it can be extremely difficult to deploy a software asset discovery tool that is capable of identifying all IBM software installed on company computers. IBM’s License Metric Tool (ILMT), in theory, at least, is one product designed to facilitate the discovery process. However, ILMT can be challenging to deploy and configure correctly, especially in virtualized environments (where its use typically is mandatory, if a business wants to take advantage of sub-capacity licensing). In addition, it is worth being at least a little suspicious of discovery tools that are developed and distributed by the same companies that naturally would like to maximize their customer’s software-licensing expenditures.


3. Resource drain. Many of the products published by IBM are mission-critical software tools. A company’s entire customer-facing business operation may be constructed on top of WebSphere Application Server, and its repository of customer data may be stored in a DB2 database. Consequently, IBM software products often are very widely distributed throughout corporate IT environments, meaning that IT administrators often must choose between the lesser of two evils: either (a) license all servers to full processing capacity, which maximizes the likelihood of license compliance at the expense of higher licensing charges, or (b) devote IT manpower to configuring and monitoring processor usages, which maximizes the likelihood of licensing efficiency at the expense of human resource costs. Pick your poison.

Correct licensing for Microsoft SQL Server database software can be a complex undertaking, and in light of the prices charged for certain kinds of SQL Server licenses, it also is an undertaking where mistakes can be extremely costly.

SQL Server actually is a package of various software components with different functions in creating and managing a SQL database, so one of the more challenging aspects of analyzing SQL Server license obligations is determining how many licensable SQL Server instances are installed on company computers. Some of those components can be installed, effectively, on an unlimited number of network computers, provided that the core components are correctly licensed. Those “free” components include:

• Business Intelligence Development Studio
• Client Tools Backward Compatibility
• Client Tools Connectivity
• Client Tools SDK Management Tools - Basic
• Management Tools - Complete
• SQL Client Connectivity SDK
• Microsoft Sync Framework
• SQL Server 2008 R2 Books Online

However, the core components of SQL Server – the Database Engine and the Reporting, Integration and Analysis Services – all require separate licensing. This means that if a company wants to separate the core SQL Server components across several different servers (for security or workload-distribution reasons, for example), then it must purchase the same number of SQL Server licenses that it would need to purchase if it were deploying all of the core components on each of those machines. Those licensing costs can add up very quickly (per-processor licenses for certain editions of SQL Server can cost between $25,000 and $50,000 per physical processor that is activated on the servers where the software is installed).

Complicating matters is the fact that some automated software-inventory products sometimes report the “free” SQL Server tools and the “paid” SQL Server components the same way. That can lead the users of those inventory products to believe that the number of SQL Server product installations for which they need to purchase licenses is lower that it really is, resulting in a licensing gap and potential audit-related exposure.

Businesses with questions about licensing for SQL Server and other costly, mission-critical software owe it to themselves to discuss their requirements with knowledgeable licensing counsel before proceeding with license purchases that may be either inadequate, in terms of quantities acquired, or incorrect, in terms of product versions, editions and license types included in a purchase order.

Many IT-solution providers develop and sell hardware, software or support services (or some combination of all three) intended to reduce costs associated with deploying someone else’s enterprise-level software products in the licensee’s network environment. For business owners, the high cost of deploying some industry-standard, server-based software deployments can lead to near-desperation in efforts to remain competitive while keeping associated costs from breaking the bank. In many cases, third-party solutions designed to achieve those ends can seem too good to be true. However, in those cases, a prudent business owner will start with the assumption that they are, in fact, too good to be true, and he or she will conduct a thorough level of due diligence before (1) obligating the company to contractual obligations with a provider that can’t deliver on its promises and, possibly, (2) exposing the company to legal liability.

An excellent case-in-point is the recent settlement reached between IBM (the mother ship of high-end software solutions) and an Austin-based firm called Neon Enterprise Software. Neon developed a product called zPrime, which is a software solution designed, in essence, to allow certain IBM mainframe software licensed on a process-capacity basis to run on lower-priced IBM processors that do not trigger the same capacity-counting rules as a server’s “primary” processors. By deploying zPrime, IBM mainframe customers effectively could reduce a large portion of their processor-capacity-based licensing fees to zero. In response, IBM began to threaten Neon’s customers with legal liability based on the argument that use of zPrime constitutes a violation of applicable IBM license agreements. Neon sued IBM in an effort to stop these practices, and IBM then countersued Neon based on allegations of tortious interference with the contractual relationship between IBM and its customers. IBM’s most recent counterclaim and Neon’s most recent answer to that counterclaim provide a good summary of the arguments in play in the litigation. However, despite the vigor with which both parties appeared to be pressing their respective cases, IBM and Neon reached a settlement in early June 2011, under the terms of which Neon agreed to pull zPrime from the market.

For Neon’s customers’ IT procurement teams, this litigation undoubtedly caused a number of headaches. Those customers’ deployments of zPrime likely initially resulted in license-breach notices from IBM (which doesn’t really need to threaten much past termination of associated license agreements in many cases, since that action alone could be devastating for businesses with IBM-based mainframe architectures). Then, following loss of zPrime as a supported product (or perhaps once the case appeared to be a lost cause for Neon), those customers were required to absorb an unanticipated and possibly very high bill for the license-rights required to deploy mainframe software at regular-capacity levels.

The Neon case is just one example of what can happen under these circumstances. Oracle, for instance, is known to threaten its hardware customers with license-breach claims based on attempts to use non-Oracle service providers for support and maintenance of Oracle systems. This leaves many of those customers feeling as though they are joined at the hip to Oracle, despite the availability of support services from third-party providers that may be better and cheaper. Whatever the circumstances, it is important to keep the following in mind when considering solutions like zPrime, third-party maintenance for Oracle systems, or similar, third-party work-arounds for high IT costs:

1. Read – slowly and carefully – licenses or other agreements with the software or system source (e.g., IBM or Oracle) to determine if the proposed third-party solution is likely to result in heat from that source/li>.
2. Read – slowly and carefully – any proposed statements of work or services agreement with the third-party provider to determine whether any work to be performed or solution to be delivered by that provider could result in legal exposure from the system source./li>
3. Consult with counsel. Even if it looks like there may be a conflict – in fact, even if the system source has sent a letter saying that there is a conflict arising from a solution known to have been deployed already – that does not mean that the source’s legal team is correctly applying the law. The customer may be well within its contractual and other legal rights in working with the third party, leaving it up to the system source to demand different terms during the next round of renewal talks.

Independent software vendors (ISVs) constitute a diverse group of businesses whose core business model typically consists of utilizing third-party software infrastructure and development platforms (such as Microsoft SQL Server or IBM WebSphere Application Server) to create targeted solutions for their customers. ISVs have become a fixture in today’s marketplace for information technology solutions, and most large software companies have programs and licensing models specifically intended for use by ISVs. However, while the return on investment for ISV-delivered solutions is very high in many cases, it is critical for potential ISV customers to be aware of opportunities for legal exposure that can arise when one company’s software products are licensed through in independent vendor.

First, the license that accompanies an ISV’s solution typically includes terms that are specific to the third-party technology utilized by that solution. ISV customers need to be familiar with those terms in order to avoid liability associated with possible over-deployment of the third-party products. For example, many of SAP’s client-relationship management solutions use IBM’s DB2 Enterprise Server software as the associated runtime database. The DB2 license grant included in SAP’s end-user agreement typically allows the user to install the DB2 software as widely as necessary in order to use the SAP solution within licensed limits. However, those terms also expressly limit the use of DB2 to functions related to the SAP solution, and business that use that DB2 software for any other purpose incur the obligation to ensure that those DB2 deployments are independently licensed through IBM. Therefore, in the event of a software audit initiated by IBM, past inattention to the use of SAP-licensed DB2 installations can result in significantly increased licensing exposure.

In addition, it is important to keep in mind the fact that a business’ license to use third-party software in connection with an ISV’s solution is only as good as the rights acquired by the ISV. To the extent that the ISV has failed to secure adequate pass-through license rights through the platform vendor, any license purportedly granted to the end user is potentially worthless. Businesses need to remember that copyright infringement is a strict-liability offense, which means that a belief that software was properly licensed through an ISV is no defense to liability for unlicensed installations (though it may help to mitigate the amount of a damages award). Therefore, it is critical for a business to ensure that its agreements with ISVs include terms requiring the ISVs to provide indemnification for third-party infringement claims. In cases where an ISV is relatively small or otherwise may not have adequate resources to deliver on a duty to indemnify, it is not inappropriate to request that it acquire appropriate insurance coverage against such claims.

Companies are well advised to seek input from knowledgeable licensing counsel where there appears to be potential for risk associated with ISV solutions.

Many businesses are realizing the processing and failover benefits of incorporating clustered servers in their IT environments. Having groups of servers whose processing resources are shared and centrally allocated means that server malfunctions can be remedied without compromising business functions that otherwise might need to be suspended until the appropriate fix can be applied. It also means that the most mission-critical functions can benefit from prioritized allocation of processing power from multiple machines, often resulting in improved overall performance.

However, licensing software in clustered environments can carry with it pitfalls that many business may not suspect at the outset. IBM software licensed based on Processor Value Units (PVUs) is an excellent example. PVU-based licensing entails counting up the number of processor cores for a computer where software is to be installed, multiplying that number by the per-core PVU value assigned by IBM for the processor architecture in question, and then multiplying that number by the per-PVU MSRP for the software product. Thus, for example, an IBM 795-series server with a single quad-core POWER7 processor chip running IBM DB2 Enterprise database software would incur the following licensing obligation:

4 cores per server x 120 PVUs per core x $405.00 per PVU = $194,400.00 per server

However, unless the business qualifies for IBM’s sub-capacity licensing model (more on that below), the inclusion of that server in a server cluster means that each of those servers must be licensed to full PVU capacity for DB2 Enterprise as well. Worse, even if the cluster is comprised of numerous virtual servers, and only one of those virtual servers is the one where DB2 Enterprise is installed, the entire cluster nevertheless must be licensed for that product. Thus, though a business may only be deriving limited functionality from its DB2 Enterprise installation, if that installation is in an 8-server cluster where each of the physical servers is identical to the one shown above, that business could incur a DB2 Enterprise licensing charge equal to 8 times the above amount, or $1,555,200.00.

For this reason, it is vital that business operating IBM software in clustered server environments familiarize themselves with IBM’s sub-capacity licensing rules. Under the sub-capacity model, it is necessary to license a PVU-based software product only according to the number of activated processor cores accessed by that product. Thus, in the example above, if DB2 Enterprise is capped to a virtual server utilizing only 1 of the 4 availably physical cores , then the licensing charge is a quarter of the full-capacity server charge reflected above, or $48,600.00.

However, in order to utilize sub-capacity licensing, a business must agree to and abide by IBM’s contract terms for sub-capacity licensing, which include requirements for the technology used to cap the virtualized software deployments along with the obligation to maintain regularly generated records regarding the nature of those deployments. In many cases, it is necessary to deploy the IBM License Metric Tool (ILMT) to generate those records.

IBM software licensing can be a complex undertaking. When doubt arises, it is well worth it to seek the assistance of knowledgeable licensing counsel.

A processor value unit (PVU) is a unit of measurement that IBM uses to determine licensing costs based on the kinds of processors deployed on servers where IBM software is installed. A server’s PVU count is defined by the brand, model and number of physical processors running in the server and the number of core chips per processor. In order to calculate the number of PVUs, it also is necessary to refer to IBM’s PVU-per-core ratings for current processor technologies, which are updated on IBM’s website here.

A sample, full-capacity, PVU-licensing calculation for IBM WebSphere MQ software on a hypothetical server is as follows:

Server stats:
Server/Processor: IBM 795-series POWER7
PVUs per core: 120 | Physical processors: 8 | Cores per processor: 4
PVU calculation: 120 PVUs/core x 8 processors/server x 4 cores/processor = 3,840 PVUs/server
Software price: $73.25/PVU (as of May 2011)
Licensing calculation: 3,840 PVUs/server x $73.25/PVU = $281,280.00/server

As an alternative, “sub-capacity” licensing gives IBM customers who use virtual-server technology the option to license IBM products based only on the PVUs made available to the licensed software, rather than on the total PVU count for that server (as in the example above). However, sub-capacity licensing also requires that IBM customers meet the following requirements:

• Agree to IBM’s sub-capacity licensing terms. The most recent, form Sub-Capacity Licensing Attachment is available here.
• Use eligible software products. The latest published statement by IBM on sub-capacity-eligible software is available here.
• Use eligible virtualization technologies. The latest list of eligible, virtual-server technologies published by IBM is available here.
• Use eligible processor technologies. The latest list of eligible processors published by IBM is available here.
• Use the IBM License Metric Tool (ILMT). The ILMT is a software tool designed to assist with the maintenance of an inventory of PVU-based IBM software deployments. Sub-capacity users must use the ILMT on a regular basis to generate and retain inventory reports for audit purposes.

Returning to the above example, if the server in question is running an eligible virtualization technology to limit WebSphere MQ to 3 processors, the sub-capacity PVU-licensing calculation would be as follows:

Use of the sub-capacity licensing model therefore can result in significantly reduced licensing costs. Businesses with questions regarding whether it makes sense to license IBM software on a sub-capacity basis should consult with experienced licensing consultants.

Most Internet service providers are well versed in their obligations with regard to copyrighted content posted by their users. Sophisticated vendors know that the Digital Millennium Copyright Act (DMCA) gives them an important shield against claims of contributory copyright infringement resulting from their users’ actions, as long as the providers have a registered agent to receive claims from content owners and take prompt action to remove infringing content brought to their attention.

However, ISPs’ exposure to IP-related claims does not end there, as a recent judgment in a federal lawsuit demonstrates. On March 14, 2011, the U.S. District Court for the District of South Carolina entered judgment against a search engine optimization firm based on the company’s role in helping to create and host a website used to market counterfeit golf clubs. The plaintiff in the case, Roger Cleveland Golf Company, had alleged that the SEO defendant in question, Bright Builders, knew or should have known that it was hosting and otherwise helping to market a site (under the not-so-subtle domain www.copycatclubs.com) that was being used illegally to infringe the plaintiff’s trademarks. The jury in the case agreed and determined that Bright Builders should be held liable for damages, even though it never received actual notice of infringement from the plaintiff prior to the filing of the lawsuit.

SEO companies and web hosts need to pay close attention to the outcome in this case. There is no equivalent under U.S. trademark law to the safe harbor provisions of the DMCA. This means that aggrieved trademark owners do not have to make ISPs aware of trademark infringements before filing suit and that ISPs therefore have an affirmative duty to take steps to address hosted content that clearly infringes third-party trademarks. The disparate damages awards in this case ($770,750 against Bright Builders, compared to $28,250 against the site owner) should serve as strong incentive for ISPs to maintain a reasonable level of awareness regarding how their services are being used and, ideally, to implement policies allowing trademark owners to easily bring infringing content to the ISPs’ attention.

Businesses often rely on the talents of creative independent contractors when developing original works like software, marketing media, and product documentation, to name a few examples.

Many business owners believe – mistakenly – that the fact they paid for the contractors to develop the creative works in question means their companies own those works. Other business owners hit a little closer to the mark and believe – still, though, mistakenly – that their companies always will own the works as long as they identify them as being “made for hire” in their agreements with the contractors. However, both sets of owners run the risk of failing to perfect their rights in those works, leading to the possibility of disputes and costly, unexpected licensing arrangements down the road.

U.S. copyright law does not treat independent contractors like employees, whose works generally are held to be the property of the employing companies. In order to secure its copyrights, a business needs to take two important steps in written agreements with its developers:

1. Identify the works in question as “works made for hire,” and (more importantly)
2. Specify that the developers assign any rights they may have in those works to the company.

Step 2 is critical, because many kinds of creative works do not qualify for work-for-hire treatment under U.S. law. The copyright act specifies that works made for hire must be specially ordered or commissioned and must fall into one of the following categories:

• a contribution to a collective work,
• a part of a motion picture or other audiovisual work,
• a translation,
• a supplementary work (defined as being a published addendum that introduces, explains or assists in the use of an earlier work prepared by a different author),
• a compilation,
• an instructional text,
• a test,
• answer material for a test, or
• an atlas

A wide variety of works – notably including many kinds of computer programs – do not fall within the scope of those categories, making an express assignment a vital element in the developer or project agreement. However, a full assignment also can be a source of friction in negotiations, and businesses dealing with savvy contractors should expect in many cases to pay a premium to own those works at the end of the relationship.

In difficult cases, businesses are well advised to seek the assistance of counsel.

Businesses often use famous creative works as source material for new marketing campaigns, construction projects or other investments. The Mona Lisa might serve as the subject of a new ad campaign for an printer manufacturer, or a cartoon character may be used to promote a new family-themed restaurant. However, while the payoff from such investments may be worth the price of entry (often in the form of licensing agreements with the owners of the pre-existing works), businesses that fail to exercise due diligence prior to incurring new costs can find themselves in the position of seeing their money wasted and their bottom lines exposed to legal liability.

For example, in a lawsuit filed on February 16, 2011, the Board of Regents of the University of Texas alleged that an Austin-area car wash business’ replica of the iconic UT tower constitutes an infringement of UT’s rights in three trademarks consisting of various depictions of the tower. (A copy of the complaint, with pictures, is available here.) The car wash owner reportedly spent approximately $3 million designing and building his 60-foot replica of the famous 300-foot tower, but he apparently did not expect that undertaking would implicate intellectual property rights held by UT.

The lesson to be learned here is that trademark disputes can arise from unexpected sources. High-value projects incorporating pre-existing works in any form need to be accompanied by some measure of due diligence regarding third-party rights. In this case, UT’s likelihood-of-confusion claims seem to be somewhat misplaced, in light of the fact that it is doubtful the defendant is offering educational services at the car wash, and it will be interesting to see if the university amends its complaint to emphasize a trademark-dilution theory of liability. However, before sinking $3 million on any high-visibility investment for PR purposes, a business owner needs to be prepared to include an appropriate legal review at a very early stage in the process to help ensure that an aggrieved IP owner does not come knocking after the project is complete.

Many businesses with strong and successful web presences find themselves in the position of having to determine how to respond to the unauthorized use of their web content by others. In fact, it is not uncommon for a web content owner to wake up one morning to find essentially its entire website – which may be the principal vehicle for all of its marketing and customer-outreach efforts – to have been copied nearly verbatim by a competitor. In some cases, the competitor in question may not even know of the infringement, having relied on a website-development vendor to create the site. However, regardless of the cause, it is critical for the original owner to have a plan to address such activity.

A successful outcome for this kind of matter matters typically depends on a content owner’s compliance with the following three commandments:

1. Know what copyrightable content you own. Knowing what you created may be easy to determine in many (though not all) cases, but knowing what is copyrightable may not always be so clear. A website typically consists of a compilation of different kinds of materials (e.g., text, photography, artwork, streaming media), some of which the site owner may have created and some of which may have been created by others. In addition, certain kinds of content (such as lists of addresses or tables of statistics) may not be eligible for copyright protection, regardless of their source. The U.S. Copyright Office has provided guidance on the basics of copyright protection in a circular available here.
2. Register your copyrights. Copyright registration is a prerequisite to seeking remedies for infringement in federal court, and untimely registrations may result in the inability to secure statutory damages under U.S. copyright law. The availability of statutory damages may control a decision regarding litigation in a matter, because the alternative is to present proof of a claimant’s actual damages, which may be difficult or impossible to calculate accurately. Fortunately, copyright registration is relatively easy and inexpensive. More information from the Copyright Office is available here.
3. Tread carefully in enforcement efforts. It is important to pursue true infringers aggressively, because in some cases, failure to enforce a copyright may result in the inability to remedy the infringements. However, overreach in enforcement efforts can result in wasted legal expenses and, worse, exposure to legal liability for inappropriate claims. Certain provisions of U.S. copyright law (such as, for example, the website-takedown-notice provisions in Section 512 of the Digital Millennium Copyright Act) even make statutory damages available for individuals or businesses that suffer business interruption or other injuries as a result of an inappropriate DMCA notice letter. Effective protection of copyrights almost always involves a holistic process and nuanced analysis of the issues faced by content owners. The assistance of knowledgeable counsel often is critical, especially when it comes time to enforce your rights.

Many business owners seem to have an inaccurate grasp of what it means to acquire trademark rights in a word, phrase, logo or other item capable of serving as a trademark. Usually in the context of a discussion of filing an application to register a trademark with the U.S. Patent & Trademark Office, many practitioners often hear (and some, unfortunately, often say) some derivation of: “It is time to trademark that slogan.” This inaccurately conveys the sense that all trademark rights in that slogan depend on registration with the USPTO. Not so.

It is critical for businesses to remember that, in most cases, they acquire meaningful rights in trademarks as soon as they apply the marks to their goods or use them in connection with their services in commerce. The principal exception to that rule is when other persons or businesses started using the same marks first (or marks that are confusingly similar to them) and, therefore, can claim priority. It is for that reason that it always makes sense to ask an attorney to run or order a trademark screening search – including U.S. federal, state and international registrations as well as common-law sources like business filings and web searches – to determine whether and the extent to which a proposed mark may already be used in commerce.

Registration is an important step for helping to ensure that trademark rights, once vested through first use, are protectable in court. However, registration is not necessary in order to create an ownership right in those marks, and businesses actually may risk losing rights if they assume – incorrectly – they are without remedy for the infringement of an unregistered mark.

On January 10, 2011, Levi Strauss filed a lawsuit against Dolce & Gabbana based on claims that the Italian fashion icon infringed Levi’s registered, vertical-pocket-tag and pocket-stitching trademarks. Levi’s also alleged that D&G’s designs constitute a breach of a 1998 settlement agreement that the parties had signed to resolve an earlier dispute resolving the same trade dress issues in dispute in this new litigation. Samples of the designs registered by Levi’s and the designs sold by D&G are included in the complaint, a copy of which is available here. D&G has yet to answer Levi’s allegations.

Fashion-oriented goods are famously prone to claims of trade-dress infringement. The labels themselves are undoubtedly important, but even in this case, it is not so much a question of what those labels look like as it is a question of where those labels are placed on the product. To a much greater extent than for many other kinds of goods and services, brand value for fashion products is inherently dependent on the public’s recognition of the goods themselves – rather than on the logos or standard-character trademarks that may applied to those goods – as being indicative of their source or quality.

Registration of trade dress with the USPTO often is vital to empowering a business in that industry to protect its intellectual property, in that it gives an aggrieved designer substantial legal leverage, both in and out of court, in achieving a favorable outcome. However, trade dress registration can be a somewhat more challenging process than registration of a more “traditional” trademark. It typically makes sense to seek the advice or assistance of knowledgeable IP counsel in pursuing that kind of protection.

On December 30, 2010 Dallas-based Match.com was sued in the U.S. District Court for the Northern District of Texas by a group of individual plaintiffs seeking class-action certification. In the complaint, the plaintiffs allege breach of contract and negligent misrepresentation against Match.com based on their claims that the dating website contains “thousands of fake and fraudulent profiles” and that some of those profiles were “placed by third-parties for illegitimate and unlawful purposes.” The complaint alleges that Match.com “makes little to no effort to vet, police, or remove these profiles and thereby permits, condones, and acquiesces in their posting.”

Online content providers increasingly are facing legal challenges from both users and third parties demanding that they take affirmative steps to police the content they host. Google famously is facing an expensive and challenging legal fight initiated by Viacom alleging that Internet service providers either “inducing” the use of their services for infringing activities or having reason to “know” that their services are being used for those activities are ineligible for protection under the safe harbor provisions of the Digital Millennium Copyright Act (DMCA). Viacom wants to hold Google liable for copyright damages associated with third parties’ posting of Viacom-owned content on YouTube. The devil, of course, is in how you define “induce” or “know,” and that same question now appears to be at the crux of the challenge now faced by Match.com.

It will be interesting to see whether the plaintiffs’ complaint in the Match.com case gains traction and, if so, whether social networking sites will start taking steps to reduce the frequency of spam-level profiles. Online content providers need to watch these developments closely, as unfavorable precedent could have a real and lasting impact on how they are able to do business in the future.

On December 10, 2010, Microsoft announced that it was seeking to add an additional defendant to its pending federal lawsuit against RedOrbit.com, a news and information website intended for space, science, health, and technology enthusiasts. In its lawsuit, Microsoft has alleged that RedOrbit and, now, Vertro Inc. (a web advertising network business) engaged in a scheme to generate fraudulent “clicks” on advertisements placed on RedOrbit.com through Microsoft’s adCenter platform (now called pubCenter).

For the purposes of its lawsuit, Microsoft defines “click fraud,” essentially, as an instance where a person or computer program intentionally clicks on an ad (or otherwise generates an ad click) without having any real interest in the products or services being advertised. Microsoft has alleged that RedOrbit and Vertro committed click fraud as well as so-called “click laundering,” which it defines as a kind of click fraud involving technical measures to mask the origin of a click and to make invalid ad clicks appear to be legitimate. Microsoft alleges that more than a quarter of all ad clicks online likely are fraudulent and that such click fraud “hurts consumer choice and undermines the trustworthiness of the Internet as a safe place to do business – endangering the entire ecosystem of ad-supported online websites and services.”

Microsoft’s efforts to curb abuses of its advertising platform are understandable, and its case against RedOrbit and Vertro may be legitimate. However, the scope of its definition for “click fraud” is a little breathtaking, in that it seems to include instances where an individual user might click on an ad either because he or she is mad at the advertiser or because he or she favors the publisher of the site where an ad is placed, without having any interest in or expectation of monetary gain. “Fraud” allegations under those circumstances could implicate First Amendment concerns. It will be interesting to see whether the kinds of allegations included in Microsoft’s complaint find their way to other kinds of claims and whether state or federal policymakers make any changes to legal fraud definitions to encompass the sorts of activities potentially within the scope of Microsoft’s definition of “click fraud.”

Many trademarks – among them, ‘escalator,’ ‘pilates,’ and ‘netbook’, to name a few – have suffered the fate of being deemed “generic,” often in the context of trademark disputes. In those cases, what may have once been words or phrases capable of identifying the source of a product or otherwise uniquely identifying the product in the marketplace have been found to describe an entire category of products, such that competitors would be harmed by one company’s continued monopolization of the term. Ironically, in many cases, such “genericide” follows on the heels of significant commercial success for the products or services associated with the mark, making the loss of branding rights particularly troublesome for long-term business goals.

However, on November 30, 2010, the Trademark Trial and Appeal Board ruled that the THUMBDRIVE® trademark was not generic, leaving it eligible for registration with the U.S. Patent and Trademark Office. In reviewing the application filed by Trek 2000 International, Ltd., a USPTO examining attorney earlier had determined that “thumb drive” had come to describe an entire category of computer-related hardware devices, making it ineligible for registration with the USPTO. However, after Trek disputed that decision, the TTAB disagreed, finding that Trek had actively policed its mark and had taken steps to ensure that third parties recognized the mark as a Trek brand, rather than as a common term.

THUMBDRIVE® easily could have gone the way of other trademarks that eventually became “genericized” through inadequate or non-existent policing efforts. Especially in the Internet Age, language tends to evolve at a faster rate than it did in the past, meaning that trademark owners must be more vigilant against unauthorized or inaccurate uses of their marks, in order for those marks to maintain their value. Businesses working to develop brand awareness for their products and to protect their trademarks against unauthorized uses should work closely with knowledgeable IP counsel to implement a holistic policing and enforcement program. The more a trademark owner is able to demonstrate its exclusive use of a mark, the better its chances will be of defending that mark, either in the context of administrative registration efforts or in the context of third-party disputes.

On November 15, 2010, Dow Jones & Company, Inc. settled a lawsuit it had filed against Briefing.com for Briefing.com’s systematic republishing of more than 100 time-sensitive Dow Jones articles. Dow Jones had alleged that Briefing.com’s actions constituted both “traditional” copyright infringement as well as an infringement of Dow Jones’ rights under the so-called “hot news” doctrine. That doctrine originally was formulated by the Supreme Court in 1918 to address a competitor’s re-distribution of briefly valuable, time-sensitive “facts” that otherwise might not be copyrightable. A copy of Dow Jones’ complaint is available here.

The “hot news” doctrine has seen a resurgence in interest in recent years due to the ever-expanding volume of reported facts on the Internet. However, with so-called copyright “trolls” now starting to aggressively pursue alleged infringers, the doctrine has the potential to be abused by those in search of a windfall, and it will be interesting to see if the courts or Congress takes action to curb its applicability.

While Briefing.com’s liability appears to have been the results of actions taken by the company, rather than by the company’s online users, Internet content providers nevertheless should work with counsel to address any areas of doubt regarding compliance with laws that may affect their liability for published content. For example, the safe harbor provisions of the Digital Millennium Copyright Act (DMCA) allow providers to escape liability for contributory copyright infringement based on information posted by the providers’ users, but only if the providers meet certain statutory requirements under the Act. One of those requirements is registration of a designated agent for copyright claims. That registration must be made with the U.S. Copyright Office and must be accompanied by a $105 fee, which is a small price to pay for a measure of security from copyright “trolls.” More information regarding the registration process – including the registration application – is available here.

The Chinese government and software stakeholders in China appear to be strengthening their attention to the problem of unlicensed software use.

On November 30, 2010, the Chinese government announced that it would be inspecting all central and local government computers during 2010 and 2011 to ensure that all departments are using only properly licensed software. That announcement followed a six-month national campaign by the Chinese government to crack down on the production and distribution of pirated content. In addition, Microsoft recently announced that it had filed a lawsuit against 10 companies in China for selling computers with unlicensed versions of Windows and other products pre-installed, which came on the heels of the software giant’s recent victory in a lawsuit it filed against a chain of Internet cafe businesses in China that used pirated software.

Finally, in a series of meetings on December 1, 2010, the Business Software Alliance (BSA) and many of its members met with Obama administration officials to outline proposals for a new trade strategy with China intended to open up that market to software publishers whose efforts there have been crippled by widespread piracy. Those proposals include:

• Working to increase U.S. software exports to China by 50 percent in two years;
• Requiring the development and implementation of a system to ensure that stakeholders meet their commitments for legalization; and
• Requiring the development and implementation of legal tools to curb piracy;
• Dispensing with certain Chinese polices that often require foreign firms wanting to conduct business in China to transfer intellectual property to Chinese companies.

Many businesses that partner with Oracle to resell its server hardware or to host software solutions built on Oracle platforms are familiar with that company’s sometimes complex licensing rules. Many companies also are familiar with the fact that “complexity,” as applied to those rules, often could be replaced by “unreasonable” or even “draconian.” One industry group recently fired what could be the opening salvo against Oracle in an effort to attack some of those rules as being anticompetitive and in violation of U.S. antitrust law.

In a written appeal filed with the U.S. Department of Justice, the Service Industry Association (SIA), an industry organization representing computer, medical and business products service providers, has requested action against Oracle’s policies pertaining to Sun server hardware maintenance. In its letter, the SIA cites to new policies instituted by Oracle that effectively restrict access to necessary operating systems software updates only to customers with active Oracle hardware maintenance contracts. The effect of the policy is to keep third-party hardware maintainers from servicing Sun hardware, which is widely used across many different industries. According to the SIA, because of Oracle’s market power, this represents an attempt to monopolize a significant segment of the server hardware maintenance market in violation of U.S. antitrust law.

This may be a new policy for Oracle, but it is consistent with past practice by Sun prior to its acquisition by Oracle in January 2010. In the past, Sun attempted to justify that policy as an effort to protect its trade secrets from disclosure to third parties who may try to misappropriate the information, thereby damaging Sun’s business. Oracle likely will try to justify the new policy in the same way. However, that justification seems dubious, since third-party maintainers generally do not compete with Oracle as software publishers or hardware manufacturers, and even if there were a security concern, it is one that could be addressed more efficiently with an appropriate confidentiality and non-disclosure agreement.

Oracle customers and business partners may want to keep an eye on the DOJ’s response to the SIA’s appeal and on any other legal developments related to this issue.

A business owner’s perception of vigorous trademark enforcement in many cases depends entirely on whether he or she was last on the passing end or the receiving end of a cease & desist letter. For businesses that have been accused of trademark infringement, those allegations often seem to be nothing but overreaching by trademark owners trying to make a quick buck based on an unintentional and harmless oversight. However, for many of those trademark owners, failure to police unauthorized, third-party use of identical or arguably confusingly similar marks may mean loss of brand value or even the “genericization” of their once-valuable marks.

It appears that the federal government may be in the process of weighing in on the question of where to draw the line between valid trademark policing and invalid trademark “bullying.” Pursuant to a mandate in the Trademark Technical and Conforming Amendment Act of 2010, the U.S. Patent & Trademark Office recently posted a request for public input regarding deleterious effects of so-called trademark “bullies” on small business. The Act requires the Secretary of Commerce and Intellectual Property Enforcement Coordinator to conduct a study and prepare a report to Congress regarding “the extent to which small businesses may be harmed by litigation tactics by corporations attempting to enforce trademark rights beyond a reasonable interpretation of the scope of the rights granted to the trademark owner” and whether the federal government should play a role in curbing abusive tactics by trademark owners. The USPTO’s request for comment is available here. The deadline to submit comments is January 7, 2011.

While the concerns reflected in the ACT are understandable, it would be unfortunate if Congress were to place any arbitrary restraints on the ability of businesses to police their brands. Unlike patents and copyrights, trademarks generally are not good subject matter for “trolling” – or seeking to reap a windfall based on claims that a third party has infringed acquired intellectual property rights. The validity of a trademark depends in large measure on actual use in commerce, which is a distinction generally absent in other federal IP regimes. That distinction often is effective incentive for a business to be selective in its trademark policing efforts, and while there may be businesses that are arguably abusive in their policing efforts, an effort by Congress to draw the necessarily fine line between what is and is not acceptable enforcement could result in brand owners having to wait until it is too late to protect their rights.

It will be very interesting to see what actions are taken, if any, in response to any comments submitted to the USPTO.

On October 29, 2010, health insurance giant BlueCross BlueShield’s Michigan unit was sued for illegal price-fixing under the Sherman Act by Michigan plaintiffs seeking class-action certification. A copy of the complaint is available here. In their complaint, the plaintiffs allege that BCBS forced hospitals to include “most favored nation” or “MFN” clauses in their provider contracts, under which the hospitals allegedly agreed to charge other commercial insurers either at least as much as – or more than – they charged BCBS for the same services, thereby giving BCBS a competitive advantage in the marketplace. BCBS Michigan also is facing an antitrust lawsuit filed by the U.S. Department of Justice based on essentially the same set of facts.

Antitrust litigation almost always is a complicated affair, but this lawsuit has the potential to turn into a legal quagmire, especially in light of the incendiary nature of the nation’s pending health-care debate. The outcome likely will hinge on the ability of BCBS’ lawyers to show that the ultimate effect of the MFN language is not anticompetitive, which is a defense that will require significant discovery efforts and expert testimony.

Requests for MFN clauses can be fairly common in a variety of contexts when one of the parties at the table is able to wield sufficient leverage during the negotiations process. However, businesses with sufficient market share need to be careful when drafting agreements that include MFN language, because third parties who are left out of the MFN relationship – or who believe that they have been damaged by it – may scour any operative contracts for provisions that can be used to cast doubt on the agreement. U.S. antitrust law can be a very powerful weapon for aggrieved consumers and jilted vendors.

Developments in this lawsuit should be very interesting to watch.

Most of us have heard of patent trolls. Recently, we have seen the ascendance of the copyright troll. Trademark trolls, by contrast, probably shouldn’t even exist. After all, one of the principal concepts allowing a person to claim exclusive rights in a trademark is (supposed to be) that person’s actual use of the trademark in commerce, and actual use of IP is not something with which most trolls are supposed to be familiar. Trolls, the story goes, exist in shadowy recesses, ready to swing their quietly acquired IP clubs against the unwitting in the hopes of spilling a little windfall.

However, despite the oil-and-water prospects for a relationship between trademarks and trolling, Edge Games, Inc. and its founder, Dr. Tim Langdell, nevertheless have made a go at asserting claims against various players in computer gaming-related industries based on allegedly unauthorized use of the word “edge,” which forms the basis of several trademarks held by Edge and Langdell. Somewhat amusingly, though, in a recent opinion issued by the U.S. District Court for the Northern District of California, those attempts “flamed out” in spectacular fashion.

In this case, Edge filed suit against Electronic Arts (“EA” – a recognized heavyweight in the gaming industry), alleging that EA infringed its marks by releasing a game with the title “Mirror’s Edge” in 2008 and requesting that the court grant a preliminary injunction against EA’s use of the mark pending the outcome of the suit. In a colorfully illustrated opinion, the court denied the request, citing not only to the Edge’s failure to demonstrate a likelihood of confusion with regard to EA’s use of the MIRROR’S EDGE® mark, but also to what the court described as “numerous items of evidence that plaintiff willfully committed fraud against the USPTO in obtaining and/or maintaining registrations for many of the asserted “EDGE” marks, possibly warranting criminal penalties if the misrepresentations prove true.” Indeed, the evidence described in the opinion appears to indicate that Edge and Langdell repeatedly had submitted counterfeit use specimens and false information to the U.S. Patent and Trademark Office in order to secure and maintain the registrations upon which Edge had filed suit.

Overeager business owners seeking to secure trademark rights would do well to take a look at the opinion for its numerous examples of how not to be a trademark owner (to say nothing of trying to be a trademark troll). However, even where trademark fraud does not rise to the possibly criminal levels described in this opinion, it is important to keep in mind the fact that the Trademark Trial and Appeal Board takes a very hard line against irregularities in trademark applications and maintenance filings and routinely cancels whole registrations based on inaccuracies pertaining to only one class of goods or services within the scope of a registration. It is never a bad idea to have a knowledgeable attorney review those filings prior to submission.

Interval Licensing, a patent holding company owned by Microsoft co-founder Paul Allen, filed patent-infringement claims on August 27, 2010, against eleven of the biggest names in Internet-based commerce: AOL, Apple, eBay, Facebook, Google, Netflix, Office Depot, OfficeMax, Staples, Yahoo, and YouTube. Interval’s complaint alleges that those companies incorporated technologies in their web sites that fall within the scope of four patents owned by Interval. However, as reflected in the substantial share of online activity dominated by those companies, Interval’s suit arguably represents one company laying claim to core components of the infrastructure of Internet business – components that vast numbers of businesses small and large employ every day in order to attract customers.
The four patents identified by Interval in its complaint are:

* Patents No. 6,034,652 and 6,788,314, issued March 7, 2000, and September 7, 2004: “Attention Manager for Occupying the Peripheral Attention of a Person in the Vicinity of a Display Device.”
* Patent No. 6,263,507, issued July 17, 2001: “Browser for Use in Navigating a Body of Information, With Particular Application to Browsing Information Represented by Audiovisual Data.”
* Patent No. 6,757,682, issued June 29, 2004: “Alerting Users to Items of Current Interest.”

While the patent titles do not provide deep detail, the combined scope of the patents upon review is nearly breathtaking, when you consider the ways many of us use the Internet today. Potentially implicated by Interval’s claims are video-streaming sites, news aggregators, and services providers that allow users to customize the displayed content and to receive email alerts when there has been a change to that content.

Interval apparently is prepared to show that all or some of the defendants knew or should have known that they were infringing its patents. However, to the extent that it is unable to do so, considering the widespread use of these concepts across the Internet, it would appear that a case of accidental infringement would be strong. That likely would only reduce the available damages, though – if Interval otherwise is successful in pursuing these claims the potential windfall it would receive in terms of licensing fees would be huge.

At least in part because they have the potential to entail such broad technological scope, business process patents like the ones at issue in the Interval lawsuit often combine to form fields of IP landmines for the unaware. Companies with a heavy dependence on technology must continue to recognize patent exposure as a cost of doing business, and they must be ready to work closely with knowledgeable counsel to evaluate the integrity of any patent claims with which they are presented.

On August 12, 2010, Oracle sued Google in U.S. District Court in San Francisco based on claims that Google’s Android operating system constitutes an infringement of Oracle’s patents and copyrights related to the Java software development platform. Oracle owns the intellectual property rights in Java following its acquisition of Sun Microsystems earlier in 2010, and in its lawsuit, it alleges that a Google-developed technology called Dalvik, which is integrated in the Android O/S, is a competitor to Java that infringes the various patents and the copyright in Java.

In light of the massive resources Oracle and Google each are able to bring to bear in this fight, the outcome of the lawsuit is anything but certain. Google has countered that versions of Java have been licensed under open-source licenses for years and that Dalvik was developed under that kind of license. In addition, Sun Microsystems’ approach to Java patent matters historically was very permissive, which may call into question Oracle’s ability now to base a patent suit on rights that arguably may have been diminished through past inaction.

However, one thing that is certain is that Oracle’s lawsuit will cause – and should cause – many software developers to think long and hard about the advisability of any long-term plans that depend on the open availability of Java as software development platform. As this case unfolds, developers should be prepared to carefully consider whether it represents a sea-change in Java-related IP enforcement, in which case it may make sense to start identifying appropriate alternatives to Java, or whether it is merely a case of one big fish going after another big fish in an effort to reach a joint-licensing or other context-specific outcome.

An Austin-area software publisher recently obtained a significant court order against Discovery Communications, Inc. related to the popular Cake Boss television show on TLC. The plaintiff, Masters Software, Inc., which consists of husband-and-wife team Kelley and Jon Masters, publishes a computer program called CakeBoss that provides office management functions for professional cake bakers. The Masterses learned about the Cake Boss program, which, for the uninitiated, is a reality-TV program centered around the New York-based cake-baking business of Bartolo “Buddy” Valastro, prior to its debut and contacted both Discovery and Mr. Valastro in an effort to keep the show from airing under the Cake Boss name. The show aired despite the Masterses’ complaints, and it since has become one of the networks more popular shows.

After the show aired, the Masterses began receiving numerous inquiries and requests from people who mistakenly believed that they were associated with the show or with Mr. Valastro’s business, some of which overwhelmed the server hosting their web site. In addition, the Masterses entered into a licensing agreement in 2009 with a supplier to sell CakeBoss-branded cake decorating products, but the licensee stopped selling the kits after Mr. Valastro threatened it with legal action. The Masterses subsequently filed suit against Discovery in March 2010, seeking an injunction against its use of the term “Cake Boss.”

In granting a temporary injunction against Discovery, pending a trial, the U.S. District Court for the Western District of Washington noted the actual confusion that had resulted as a result of Discovery’s heavy marketing of “Cake Boss” and held that there is “a substantial danger that Discovery's ability to saturate the marketplace will lead consumers to assume that CakeBoss is somehow associated with Cake Boss.” The Court also held that, though the products at issue – a software program and a television show – are not directly competitive, it is nevertheless “not a substantial leap for a consumer encountering CakeBoss software in the market place to imagine that Cake Boss might have an interest in selling or sponsoring cake bakery management software.” As a result, the Court issued an order prohibiting Discovery and its affiliates from using the name “Cake Boss,” either to identify the television program currently entitled Cake Boss, or in connection with the sales of merchandise related to the show, though the Court also delayed implementation of the order for Discovery to finish airing the first run of the show’s third season.

Brand selection is a crucially important step when launching a new product line or a new business. Companies owe it to themselves to run thorough trademark screening searches to determine whether there is a likelihood that an initially favored brand may end up being the subject of a trademark dispute in the future, and they certainly should think long and hard before moving forward with a mark that they know, or should know, already is being used by another business in the same or a similar market. Knowledgeable IP counsel can provide valuable assistance with that analysis.

On June 30, 2010, a New York businessman named Paul Ceglia filed a lawsuit against Facebook, Inc. and its founder, Mark Zuckerberg, that has the potential to become a significant distraction for the social networking giant. In the state-court complaint, Ceglia claims he signed into a contract in April 2003 with Zuckerberg, in which Zuckerberg agreed to grant Ceglia a 50% stake in the business to be derived from the expansion of “the project [Zuckerberg] has already initiated that is designed to offer the students of Harvard university [sic] access to a website similar to a live functioning yearbook with the working title of ‘The Face Book.’” Based on that and other language in the contract, and on the completion date for an earlier Zuckerberg-authored site at thefacebook.com, Ceglia claims that he now is entitled to an 84% interest in Facebook.

It is unclear whether the social networking technology Zuckerberg was developing in April 2003 is the same or even related to the technology that was the predecessor to Facebook as we now know it. In addition, Ceglia’s long delay in asserting his claim raises potential statute-of-limitations issues that may result in the claim being tossed out of court. Regardless, though, Ceglia was successful in New York State court in obtaining an order temporarily keeping Facebook and Zuckerberg from transferring or selling of their assets, stocks or bonds, pending a hearing. Facebook then removed the matter to a U.S. District Court in the Western District of New York, where the case currently remains, in an effort to have the state court order dissolved.

Regardless of the hurdles Ceglia may need to overcome in order to prevail on his claim, this case serves as a powerful reminder to developers of protectable, original content that they should carefully consider all of the effects of any agreements related to future ownership of business ventures. Sloppy drafting may cause unintended consequences and could result in expensive litigation to resolve questions of ownership related to the business venture. In light of the risks highlighted by the Ceglia lawsuit, developers considering that type of agreement should consult with knowledgeable counsel before proceeding.

On June 28, 2010, the U.S. Supreme Court issued its long-anticipated opinion in the case of Bilski v. Kappos, which, it was hoped, would at long last provide much-needed guidance for the U.S. Patent & Trademark Office and for practitioners on the subject of the patentability of business methods and other processes. However, other than rejecting the process-patentability test that had been proposed by the U.S. Court of Appeals for the Federal Circuit, the overall effect of the opinion is to re-introduce uncertainty into the question of what constitutes a patentable process and what does not.

In its en banc opinion in this case, the Federal Circuit previously had affirmed the exclusive applicability of the so-called “machine or transformation test” to determine whether a process qualifies for patent protection under U.S. law. Under that test, “[a] claimed process is surely patent-eligible under § 101 if: (1) it is tied to a particular machine or apparatus, or (2) it transforms a particular article into a different state or thing.” In re Bilski, 545 F.3d 943, 954 (C.A. Fed. 2008). The Supreme Court expressly rejected the machine or transformation test as the sole means to assess process patentability. However, other than identifying the test as a useful tool to make that assessment, the Court did not express any test or set of factors to provide any additional guidance on the subject. The Court, in fact, very clearly and expressly affirmed the unsettled nature of the law in this area, holding:

It is important to emphasize that the Court today is not commenting on the patentability of any particular invention, let alone holding that any of the above-mentioned technologies from the Information Age should or should not receive patent protection. This Age puts the possibility of innovation in the hands of more people and raises new difficulties for the patent law. With ever more people trying to innovate and thus seeking patent protections for their inventions, the patent law faces a great challenge in striking the balance between protecting inventors and not granting monopolies over procedures that others would discover by independent, creative application of general principles. Nothing in this opinion should be read to take a position on where that balance ought to be struck.

While it also rejected the argument that methods of conducting business are categorically un-patentable, the Court nevertheless affirmed the rejection of the business-method patent application that was the subject of the case on the grounds that it was an improper attempt to patent what is merely an abstract idea.

The Supreme Court’s opinion in Bilski likely will do nothing to help clarify the place of innovation in fields such as software development with respect to U.S. patent law, and it leaves the door open for enterprising patent collectors to perpetuate the same kinds of claims abuses that many had hoped Bilski would help to eliminate. Therefore, for the foreseeable future, software firms will need to continue to be prepared to recognize patent exposure as a cost of doing business in their industry, and they must be ready to work closely with knowledgeable counsel to evaluate the integrity of any patents they hold as well as the validity of any patent claims with which they are presented.

Many companies that market their products or services through distribution channels give their distributors licenses to use company trademarks and logos in order to facilitate marketing efforts. However, it is important for those companies to remain vigilant against overbroad license terms that may give the distributors rights in excess of what those companies may believe is reasonable or necessary to accomplish those ends. This consideration is doubly important when the distributor has substantially greater bargaining power than the manufacturer.

Video Professor, Inc., the manufacturer of a collection of heavily advertised, self-paced, computer education videos, may have learned this lesson the hard way in forming a relationship with Amazon.com to market its videos online. At the outset of the relationship, Video Professor agreed to the terms of Amazon’s Vendor Manual. The Vendor Manual Video Professor signed included a license giving Amazon the right to use Video Professor’s trademarks, including its core, registered VIDEO PROFESSOR® mark. However, the terms of that license were surprisingly broad:

Vendor [VPI] hereby grants to Amazon.com a non-exclusive, worldwide, perpetual, and royalty-free license to ... (c) use all trademarks and trade names included in the Product Information.

Almost shockingly, the Vendor Manual also included language specifying that the license grant “will survive the termination of any or all of this Vendor Manual.” Video Professor terminated its agreement with Amazon in September 2008. However, from December 2003 through April 2009, Amazon placed bids with Google for paid advertisements linked to the “video professor” keyword, and Video Professor subsequently determined that links from some of those ads went not to Video Professor’s products, but rather to those of its competitors.

Video Professor filed suit against Amazon in the Colorado U.S. District Court for damages related to infringement of its trademark. However, without reaching the substance of Video Professor’s trademark claims, the court granted Amazon’s motion for summary based on the license terms, holding that the “scope of the license in the Vendor Manual is plain and unambiguous, and Amazon's use of the mark “video professor” was within the scope of the license.”

When a company gives any other party a license to use its trademarks or any other intellectual property, it is vital that the parties’ agreement specify that the license is revocable by the IP owner or that the license terminates upon termination of the agreement, if not sooner. It is equally vital that the scope of permissible uses of the subject IP be limited to the furtherance of the relationship contemplated by the agreement. Ideally, the agreement also will give the IP owner the right to injunctive relief to stop any misuse of the subject IP notwithstanding any other dispute resolution provisions in the agreement.

A company’s intellectual property often is among its most valuable and important assets. Overbroad license terms can seriously diminish that value and may make it difficult to enforce the company’s IP rights in the event of misappropriation. When considering an IP license grant in favor of any party, a company should consult with counsel to ensure that the terms of that license do not run counter to the company’s plans and expectations.

U.S. businesses facing the misappropriation of their trademarks in the form of Internet domain names registered by third parties have a quiver-full of powerful remedies to obtain relief from such practices. In addition to “traditional” trademark actions in cases where the third party is using a confusingly similar domain name in connection with products or services similar to those offered by a trademark owner, U.S. law also offers significant ammunition against third parties who register names and then “squat” on them, without ever using the names in connection with the offering of any goods or services. Under the Anticybersquatting Consumer Protection Act (ACPA), trademark owners may sue such third parties in federal court to obtain both an injunction requiring the transfer or cancellation of the infringing domain name or names as well as actual damages or, at the mark owner’s election, statutory damages up to $100,000 per name, in the court’s discretion.

However, in many cases the registrant of an infringing domain name may be located in a foreign country and not subject to the personal jurisdiction of a U.S. district court in an ACPA proceeding. Under those circumstances, the ACPA provides for proceedings in rem, which are, in effect, lawsuits against the domain names themselves. In that type of proceeding, the trademark owner files suit in the U.S. judicial district where either the domain name registrar (e.g., GoDaddy.com or Network Solutions) or the domain registry (e.g., VeriSign for .COM and .NET domains) is located. Following notice to the registrant and to the registrar or registry, the court then makes a determination as to whether the domain name infringes the trademark owner’s rights and, if the mark owner prevails, issues an order compelling the registrar or registry to cancel or transfer the name.

In addition, the 9th Circuit Court of Appeals recently confirmed what appears to be the plain language of the ACPA by affirming that in rem actions pertaining to .COM and .NET addresses (which often are the top-level domains most frequently the subject of ACPA suits) may be brought in the Northern District of California, where VeriSign is located. This decision makes it easier for many trademark owners to consolidate their domain recovery efforts in one venue, rather than filing suit in districts where individual registrars may be located.

If your business has discovered infringing uses of its trademarks in third-party domain names, you should consult with knowledgeable intellectual property counsel to determine whether one or more ACPA actions may be appropriate as part of a comprehensive IP enforcement strategy.

After years of negotiations, several leaks regarding the text of the treaty, and resulting public pressure to soften what have been perceived by many to be some of its more excessively pro-industry components, on April 20, 2010, the countries negotiating the Anti-Counterfeiting Trade Agreement (“ACTA”) released a draft of the document for public review. That draft is available here. The intent of ACTA’s drafters is to establish international standards on the enforcement of intellectual-property rights in the participating countries. (ACTA’s current drafters include Australia, Canada, the European Commission, Japan, Jordan, Mexico, Morocco, New Zealand, North Korea, Singapore, Switzerland, the United Arab Emirates, and the USA.)

ACTA includes a number of provisions that indeed may have a significant impact on the enforcement of IP rights worldwide. One of the more interesting of those provisions is a proposed grant of safe harbor to Internet service providers (“ISPs”) hosting infringing content due to the actions of the ISPs’ customers, provided that the ISPs take action to remove that content following their receipt of notice that it is present on their servers. Such a provision could end up being similar to Section 512 of the U.S. Digital Millennium Copyright Act (“DMCA”), under which a content owner can send a notice to an ISP regarding the presence of infringing content on the ISP’s servers, in response to which the ISP must take action in order to maintain its safe harbor status.

At this stage, ACTA remains a rough draft in which the safe harbor options have yet to be confirmed. In addition, ACTA does not include steps as detailed as those under the DMCA to guide the form and substance of take-down notices, instead leaving those steps to the discretion of the member countries, within certain bounds. However, the overall outline of safe harbor under ACTA could be fairly similar to that under the DMCA, with safe harbor being conditioned under one option as follows (text in brackets remains unresolved):

an online service provider expeditiously removing or disabling access to material or [activity][alleged infringement], upon receipt [of legally sufficient notice of alleged infringement,][of an order from a competent authority] and in the absence of a legally sufficient response from the relevant subscriber of the online service provider indicating that the notice was the result of mistake or misidentification.

It will be very interesting to see how the ACTA negotiators resolve the issue of ISP liability and safe harbor. Businesses that have encountered infringing, third-party content hosted by U.S. ISPs have for several years been able to take advantage of Section 512 notices under the DMCA to cause the removal of that content in an efficient and cost-effective manner. However, foreign ISPs often do not have much to gain by compliance with U.S. copyright law, so the same procedures generally have been less effective against content hosted outside the U.S. An effective safe harbor provision under ACTA may change that.

It is natural for the owner of a trademark want to seek some sort of redress when another person or entity uses that mark in the URL or the content of a web site, especially when that site competes with or criticizes the owner. However, relief from such use may be unavailable under the Lanham Act when it is not possible to show commercial intent behind the use, and a recent 10th Circuit opinion suggests that the standard to prove commercial intent may be higher than some would expect.

In Utah Lighthouse Ministry (UTLM) v. Foundation for Apologetic Information and Research (FAIR), the plaintiff, UTLM, filed suit against FAIR based on a web site published by FAIR’s vice president and webmaster, a co-defendant, which parodied the content of UTLM’s site. UTLM is an organization that publishes critiques of the Mormon Church. FAIR, on the other hand, is a volunteer organization that responds to such critiques.

The description in the opinion indicates that the parody site bore many similarities to the UTLM site:

The design elements are similar, including the image of a lighthouse with black and white barbershop stripes. However, the words “Destroy, Mislead, and Deceive” are written across the stripes on the Wyatt website. Prominent text on the Wyatt website consists of a slight modification of the language located in the same position on the UTLM website. For example, the UTLM website states: “Welcome to the Official Website of the Utah Lighthouse Ministry, founded by Jerald and Sandra Tanner.” In comparison, the Wyatt website states: “Welcome to an official website about the Utah Lighthouse Ministry, which was founded by Jerald and Sandra Tanner.” (emphasis added.) The Wyatt website does not have any kind of disclaimer that it is not associated with UTLM.

The opinion also indicates that FAIR’s webmaster, through his company, also registered ten domain names, which were “combinations of ‘Utah Lighthouse Ministry,’ ‘Sandra Tanner,’ ‘Gerald Tanner,’ ‘Jerald Tanner,’ and ‘.com’ and ‘.org.’” UTLM alleged that FAIR’s parody site and its webmaster’s registration of the domain names at issue constituted trademark infringement, unfair competition, and cybersquatting. The trial court disagreed with UTLM and granted the defendants’ motion for summary judgment as to all UTLM claims. UTLM then appealed the trial court’s decision to the 10th Circuit.

In upholding the trial court’s grant of summary judgment, the 10th Circuit relied, in large part, on the fact that UTLM was able to prove no commercial intent behind the parody site or FAIR’s webmaster’s registration of the domain names. FAIR’s webmaster neither promoted nor sold any products or services at the parody site. UTLM argued that the parody site linked to FAIR’s web site, where FAIR sold books, some of which also were available through the UTLM site. However, the Court found that any connection between the parody site and the commercial activities at the FAIR site was too attenuated to support a finding of commercial intent. In reaching that conclusion, which was the 10th Circuit’s first time to analyze an argument for commercial intent based on this type of fact pattern, the Court cited to a 9th Circuit opinion in which no commercial intent was found where a parody site linked to another site operated by the same defendant, which in turn linked to a newsgroup containing advertisements for the plaintiff’s competitors. Though the “distance” between the parody site in this case and the FAIR site’s commercial activities was not as great as in the 9th Circuit case, the 10th Circuit held that the trial court had used an analysis similar to that employed by the 9th Circuit, which it believed to be appropriate.

UTLM also argued that the parody site interfered with “the ability of users to reach the goods and services offered on the UTLM website.” The 10th Circuit disagreed, stating:

In our view, the defendant in a trademark infringement and unfair competition case must use the mark in connection with the goods or services of a competing producer, not merely to make a comment on the trademark owner's goods or services. The Lanham Act addresses the specific problem of consumer confusion about the source of goods and services created by the unauthorized use of trademarks. Unless there is a competing good or service labeled or associated with the plaintiff's trademark, the concerns of the Lanham Act are not invoked. (quotations omitted)

UTLM raised a third argument regarding the general commercial nature of the Internet, but this too was denied by the Court. The Court also found that there was no likelihood of confusion between the sites at issue, especially in light of the fact that the defendants’ site was a parody site, and that UTLM had failed to prove any bad faith intent by FAIR or its webmaster to profit on the domain names that had been registered, thereby supporting the denial of UTLM’s cybersquatting claims.

Especially for businesses in the 10th Circuit, this case appears to present a significant challenge for claims of Internet-based trademark infringement where commercial intent is difficult to prove. Business considering lawsuits based on such claims should consult closely with counsel to determine whether the costs of litigation are worth the risk of loss.

Trade negotiators from some of the world’s wealthiest industrialized nations are in the process of negotiating a pact that could lead to the establishment of a new kind of international IP rights enforcement. The U.S. is a leading proponent of the Anti-Counterfeiting Trade Agreement (“ACTA”), which would aim to establish international standards and legal frameworks for the protection and enforcement of IP rights and, if early information is to be believed, would entail surprising new legal reforms. Late last month, a “Discussion Paper on a Possible Anti-Counterfeiting Trade Agreement” was leaked to the operators of the Wikileaks.org web site. Although there are not many details, if the paper accurately depicts the agreement, the proposed deal points include:

• “[criminal penalties for] significant willful infringements without motivation for financial gain to such an extent as to prejudicially affect the copyright owner” (likely having the effect of chilling the activities of some non-profit media sites like Wikileaks.org)
• “ex officio authority for customs authorities to suspend import, export and trans-shipment of suspected [IP rights] infringing goods” and “[border] measures to ensure the seizure and destruction of [IP rights] infringing goods” (potentially giving customs officials the authority to inspect media content (e.g., music, software) for authenticity)
• “[civil] authority to order ex parte searches and other preliminary measures” (notwithstanding the constitutional objections, making the term “IP Police” more descriptive than may be comfortable)

To the extent that the trade negotiators working on the pact allow information from their proceedings to be made public (which seems somewhat unlikely), it will be very interesting to see the form that the final agreement takes by the time it is drafted and signed. It will also be very interesting to see how well it plays in the U.S., where some of the stronger measures of the recent “PRO-IP” copyright reforms had to be eliminated before the House passed the legislation on to the Senate.

The working paper remains available on the Wikileaks.org site here.

By an overwhelming majority of 410-11, the U.S. House recently passed the Prioritizing Resources and Organization for Intellectual Property Act of 2007 (PRO-IP Act). The legislation has been controversial among many legal experts and consumer groups for proposing significant and, according to many, unnecessary changes to existing copyright law. The PRO-IP Act proposes new governmental powers and bureaucracies – including a “copyright czar” – with the stated goal of combating copyright infringement. The PRO-IP Act also provides for criminal and civil forfeiture of property used to commit copyright infringement, and it would allow courts in copyright litigation to order the seizure of property containing records documenting acts of infringement.

However, perhaps the most controversial aspect of the legislation was removed prior to passage. As introduced in the House, the PRO-IP Act would have provided as follows:

A copyright owner is entitled to recover statutory damages for each copyrighted work sued upon that is found to be infringed. The court may make either one or multiple awards of statutory damages with respect to infringement of a compilation, or of works that were lawfully included in a compilation, or a derivative work and any preexisting works upon which it is based. In making a decision on the awarding of such damages, the court may consider any facts it finds relevant relating to the infringed works and the infringing conduct, including whether the infringed works are distinct works having independent economic value.

That change would have comprised a substantial departure from the analysis used to calculate statutory damages for copyright infringement. Currently (and, ostensibly, for the foreseeable future), the Copyright Act expressly provides that compilations are to be considered “one work” for the purpose of calculating statutory damages for their infringement.

Industry groups had been strongly in favor of the legislation as it was originally drafted, because its passage would have increased the amount of copyright damages awards. The fact that the statutory damages language was stripped from the bill prior to passage is compelling evidence (to the extent that any was needed) that it was never the intent of Congress to allow for heightened damages awards for unauthorized copying of compilations, even when the constituent parts of those compilations are independently copyrighted and capable of “leading their own copyright life” apart from any suite in which they are included.

The U.S. District Court in New Hampshire recently issued a written opinion that undoubtedly will give some Internet service providers reason to re-think their policies with regard to some anonymous user accounts. In Doe v. Friendfinder Network, Inc., the plaintiff discovered prior to filing suit that an unnamed individual had created a number of profiles using information about the plaintiff’s identity on various social networking websites operated by the defendants and oriented toward people seeking sexual relationships with others. The plaintiff sued defendants on various state-law claims arising out of the allegedly false and unauthorized personal advertisements. In its opinion, the court addressed the defendants’ motion to dismiss, which asserted that the plaintiffs’ claims were barred by the Communications Decency Act of 1996. That Act provides, in part, that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider,” which the Act further defines as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.”

The court held that the Act did work to bar all of the plaintiff’s state-law claims, except for one: invasion of privacy, to the extent that the plaintiff’s claim was based on the right of publicity. The court specifically looked to an exception in the Act, which provides: “[n]othing in this section shall be construed to limit or expand any law pertaining to intellectual property.” The court stated that a state-law right of publicity claim arises from a “law pertaining to intellectual property,” and it further held that state-law intellectual property claims are within the scope of the Act’s exception. In so holding, the court expressly disapproved the 9th Circuit’s opinion in Perfect 10, Inc. v. CCBill, LLC, where it held last year that the exception only extended to claims based on violations of federal laws pertaining to intellectual property.

The Friendfinder case may be one to watch for at least two reasons. First, it has the potential to set up a conflict between two federal circuits, which may help lead to or hasten review by the Supreme Court. (A petition for certiorari was denied following the 9th Circuit’s ruling in the CCBill case.) Second, if the trial court’s opinion in Friendfinder prevails, then Internet service providers – especially those operating social networking sites (which now include heavy-hitters such as Facebook and Second Life) – may face the daunting prospect of having to verify the validity of information entered in users’ personal profiles in order to avoid exposure from state-law claims based on violation of a third party’s right of publicity. Such a precedent could mean significant changes to the way such sites operate today.

Perfect 10 – the publisher of adult photographs that lost its appeal to hold Google liable for copyright infringement by linking to and displaying thumbnails of unauthorized copies of its copyrighted images – has won the support of the MPAA, the RIAA, and several other industry groups in a separate effort to hold Visa and other financial services businesses liable for enabling copyright infringement.

The various industry groups recently filed an amicus curiae brief with the U.S. Supreme Court in support of Perfect 10’s petition for review of the 9th Circuit’s refusal to reverse the trial court’s dismissal of its claims against the defendant businesses. In this litigation, Perfect 10 has argued that the credit card companies facilitated infringement of its copyrighted content by providing payment processing services to various businesses that copy and distribute that content for profit. However, the 9th Circuit dismissed all of Perfect 10’s claims in July 2007, characterizing those claims as “radical new theories of liability.” In its opinion, the Court held that the fact “that Defendants have the power to undermine the commercial viability of infringement does not demonstrate that the Defendants materially contribute to that infringement.” In their brief, the amici counter that it is the 9th Circuit’s opinion that “dramatically changes the secondary liability standards that courts have applied for decades, and it does so in ways that threaten the effectiveness of secondary liability as a means to combat Internet piracy.”

Though it seems an unlikely result, if the Supreme Court does grant Perfect 10’s petition for review, the effects of its opinion on the matter could be very far-reaching and could further inform interpretation of the 9th Circuit’s earlier ruling on Perfect 10’s claims against Google.

A Western District of New York Magistrate Judge recently recommended that claims filed by the owners of several copyrighted songs (allegedly performed without their permission) should be dismissed as a result of the plaintiffs’ membership in the American Society of Composers, Authors and Publishers (“ASCAP”). In ruling on a number of pre-trial matters, the Judge independently raised the issue of the plaintiffs’ standing to sue based on ASCAP membership agreements they had attached to a motion for summary judgment. Those agreements included the following provisions:

1. "[Plaintiff] grants to [ASCAP] for the term hereof, the right to license non-dramatic public performances ... of each musical work .... The rights hereby granted shall include:
(a) All the rights and remedies for enforcing the copyrights or copyrights of such musical works ... as well as the right to sue under such copyrights in the name of [ASCAP] and/or in the name of [plaintiff] and/or others, to the end that [ASCAP] may effectively protect and be assured of all the rights hereby granted.
* * *
3. [ASCAP] agrees, during the term hereof ... to hold and apply all royalties, profits, benefits and advantages arising from the exploitation of the rights assigned to it by its several members, including [plaintiff], to the uses and purposes as provided in its Articles of Association.
4. [Plaintiff] hereby irrevocably, during the term hereof, authorize, empowers and vests in [ASCAP] the right ... to prevent the infringement thereof, to litigate, collect and receipt for damages arising from infringement ... and to release, compromise, or refer to arbitration any actions, in the same manner and to the same extent ... as [plaintiff] might or could do, had this instrument not been made.
5. [Plaintiff] hereby makes, constitutes and appoints [ASCAP] or its successor [plaintiff's] true and lawful attorney ... to do all acts, take all proceedings ... proper or expedient to restrain infringements and recover damages".
6. [Plaintiff] agrees from time to time, to execute, acknowledge and deliver to [ASCAP], such assurances ... as [ASCAP] may deem necessary or expedient to enable it to ... enjoy ..., in its own name or otherwise, all rights and remedies aforesaid."

The Judge stated that the effect of the above provisions was to strip the plaintiffs of their standing to sue under Article III of the U.S. Constitution. Under the Judge’s interpretation of the agreements, the plaintiffs assigned exclusively to ASCAP all rights to seek remedies for infringement of the covered works. Therefore, according to the Judge’s recommendation, none of the plaintiffs was unable to show that his “individual need requires the remedy for which he asks…that he stands to profit in some personal interest…and that he personally would benefit in a tangible way from the court's intervention." (internal quotes and citations omitted)

Many software publishers, including Microsoft, Adobe and Autodesk, are members in industry trade groups such as the Business Software Alliance (“BSA”) and the Software & Information Industry Association (“SIIA”), which typically operate under powers of attorney from the publishers to target small-to-medium-sized businesses with allegations of software copyright infringement. In the event of litigation arising from such allegations, filed either directly by the publishers or by the BSA or SIIA, it would be a good idea to carefully review all relevant membership documents to determine the scope of authority under which the named plaintiff has filed the action. It will also be interesting to watch the New York litigation to see if the Magistrate Judge’s recommendation is adopted by the District Court and upheld on appeal, if any.

Viacom’s well-publicized court fight against YouTube and Google his given Judge Louis Stanton of the U.S. District Court for the Southern District of New York an opportunity – or, perhaps more accurately – a good reason to now repudiate one of his prior decisions that seemed to leave the door open for punitive damages in copyright infringement cases. In Blanch v. Koons (2004), though she was able to prove willful infringement on the part of the defendants, the plaintiff found herself unable to pursue a claim for statutory damages under the Copyright Act, because she had not registered the works at issue before the infringement occurred. Moreover, she could not pursue actual damages, because she had sustained none that she could prove. However, Judge Stanton gave the plaintiff leave to amend her complaint “so that [she] has a chance to prove malice and raise squarely the question whether punitive damages are available to her.” The court’s decision was based largely on suggestions from other courts that such damages might be available, but despite the fact that nowhere in its text does the Copyright Act purport to allow awards of punitive damages for proven infringement, willful or otherwise.

However, this month, Judge Stanton reconsidered his earlier ruling in light of Viacom’s claims against YouTube and Google that the ubiquitous video sharing service is liable for the unauthorized copying and distribution of Viacom’s copyrighted content. In the pending case, Viacom relied upon the court’s decision in Blanch to move for leave to amend its complaint to include a punitive damages claim (despite the availability to Viacom of the full array of ordinary copyright protections for the content alleged to have been infringed). Judge Stanton denied the motion and made clear in surprisingly blunt terms that, to the extent that the opinion in Blanch was good law, it had been roundly rejected by other courts and commentators. As the court here held: “It is time to extinguish the ignis fatuus held out by Blanch. Common-law punitive damages cannot be recovered under the Copyright Act.”

Businesses facing claims of copyright infringement clearly should take them very seriously indeed, as the damages explicitly allowed under the Copyright Act can be substantial, especially where it is possible to prove willful infringement. However, if it ever was a concern, the need to factor in potential punitive damages into an exposure estimate now seems (once again) to have no practical utility whatsoever. It will be interesting to watch the Viacom case as it progresses through the trial and (no doubt) appellate stages. With the implications of the case as weighty as they are, it is likely that this will not be the last time a court uses the case as a vehicle to explain or confirm existing law, or, conceivably, make new law based on the facts and arguments presented.

It is not possible to copyright an idea. The owner of a small business in Georgia recently received an undoubtedly unwanted lesson in this sometimes-overlooked aspect of copyright law when she saw her suit for copyright infringement dismissed following the court’s grant of summary judgment in the defendant’s favor.

At issue in Ristuccia v. Super Duper, Inc. were decks of flash cards used to assist individuals undergoing speech therapy to learn to properly pronounce the letter ‘R’ in the English language. The plaintiff claimed that the defendant infringed the decks she published by “(1) copying her selection of R allophones and/or words and images, and (2) arranging its Vocalic R Cards decks in a phonetically consistent manner.” The Plaintiff believed her sound selections and arrangements to be original and protected by copyright.

However, as the trial court explained in its opinion, the scope and availability of copyright protections afforded to the “selection and arrangement” of constituent elements in a compilation is “thin,” even in cases where the bulk of the elements comprising an alleged infringer’s work were copied from material published by a claimant. With regard specifically to the arrangement of the selected components, the court stated:

Once again, Plaintiff is attempting to argue that her educational ideas are protected by copyright. They are not. Although the concept of arranging words in a “phonetically consistent” manner may be a useful educational innovation, a concept is not protectable by copyright. Defendant cannot be liable for simply arranging a non-infringing selection of words in a “phonetically consistent” manner.

(citations omitted)

This issue is sometimes described as the “idea-expression dichotomy” in copyright law. In many instances, it can present more of a challenging dilemma than in the Ristuccia case, because the “idea” and the “expression” are both intangible concepts, and their contours are therefore subjective. In closer cases, the outcome may be different, and a business that uses copyrighted content in a way that it believes to be a different expression of a common idea may nevertheless find itself on the losing end of a lawsuit.

eBay recently entered into a stipulated final judgment with the operator of another Internet auction site that, as alleged by eBay, committed trademark infringement, dilution, false designation of origin and unfair competition through its use of a confusingly similar domain name – CoinBay.biz. Under the agreement, the CoinBay operator agreed to change the name of its site to CoinDay.com and to never attempt to register any trademark with “bay” or with a logo that includes offset letters or alternating colors, as in the well-known eBay logo.

The case serves as a reminder to all businesses owning famous marks that policing potentially infringing use of those marks by others can be a challenging prospect. An illegally infringing use can involve all or, as in the eBay case, only part of a mark. In some cases, though there may be a facially infringing use, if it is not tied to the promotion of products or services similar to those associated with the protected mark, the owner’s legal remedies may be limited. Furthermore, while certain cases may require trademark, cybersquatting, or unfair competition litigation in order to reach a resolution, others may be addressed through indirect methods, such as a request to an Internet service provider (ISP) that it take down an infringing site. With trademarks, as opposed to copyrights, the latter remedy may be somewhat less obvious, as there is no trademark equivalent to the Digital Millennium Copyright Act, under which an ISP is given safe harbor from potential copyright claims only if it removes infringing material in response to written notice from the copyright owner. In contrast, for trademarks, an ISP’s own terms of use often can be helpful in convincing it to remove infringing content.

The amount of business conducted worldwide on the Internet will only continue to increase into the future. Policing unauthorized use of protected marks on the Internet is therefore the lynchpin to an effective trademark enforcement regime.

The Business Software Alliance (BSA) recently announced that it entered into a settlement agreement with a small-to-medium-sized motor sports dealer and equipment supplier in Greenville, South Carolina, regarding the dealer’s alleged use of unlicensed, Adobe and Microsoft software. The BSA said that under the settlement, the targeted dealer, which apparently owns only 40 to 50 computers, was required to make a settlement payment of slightly more than $72,000.00 and also to agree “to delete all unlicensed copies of software installed on its computers, acquire any necessary replacement licenses and commit to implementing stronger software license management practices.” There was no statement from the dealer included in the press release, a copy of which is available here. There is also a brief article regarding the matter from a local media outlet here.

Businesses that endure software audits initiated by the BSA or by the Software & Information Industry Association (SIIA), often come to the unpleasant realization toward the end of the ordeal that, in addition to the settlement payment, the costs of investigation and diversion of resources, and the legal fees already incurred on the path to reaching a settlement agreement, the auditing entity often demands that it be allowed to publicize the matter in a press release such as the one described above. In the vast majority of cases, the negative value to the business of such publicity is proportionally far greater than any positive value derived from the auditing entity. Nevertheless, the BSA and SIIA both typically demand that businesses pay a high premium to keep the existence of or details regarding an audit settlement from public attention. Businesses that fail to account and plan for such a premium at the outset of an audit engagement may be faced with the grim prospect toward the end of the matter of having to accept terms that include costly negative publicity that, especially in some tech-related industries, can be very damaging to a business’ reputation.

It is important to keep confidentiality in mind at the outset of the software audit process and, after a preliminary exposure estimate is calculated, to determine whether the cost of the bad press that audits often entail will be greater than the price to include confidentiality terms in an eventual settlement agreement. In cases where that price is too high, there may be less-expensive alternatives to explore at settlement, such as inclusion of terms that give the business the right to review and contribute to a press release prior to publication or terms that allow the auditing entity the right to publish the existence of the settlement, but not the details. A knowledgeable software audit attorney can provide valuable assistance in considering these and other options to mitigate the lingering effects of a BSA or SIIA software audit.

In determining the degree to which a trademark is entitled to protection against infringement, one of the factors that a court will consider is the strength of the mark. In making this determination, a court typically will consider where along a spectrum of distinctiveness a trademark falls. The strength values within that spectrum sometimes are described as follows:

(1) GENERIC marks (e.g. “Cola” – these merely describe the class of goods or services into which a particular product or service falls and generally receive no protection);

(2) DESCRIPTIVE marks (e.g., “Fizzy Cola” – these generally receive protection only if, through continuous use, they have come to be clearly associated with distinct products or services in the marketplace);

(3) SUGGESTIVE marks (e.g., “Satisfaction Cola” – these require the customer to use some imagination to determine the product’s nature);

(4) ARBITRARY marks (e.g., “Royal Crown Cola®” – these use common words that do not have anything to do with the product); and

(5) FANCIFUL marks (e.g., “Pepsi Cola®” – these use names or words more or less invented in order to market the product and receive the strongest protection).

Thus, the more successful a business is in showing that its mark is arbitrary or fanciful, the more likely it is to receive strong protection for that mark.

A recent case from the Northern District of California provides a colorful illustration of this analysis. In Palantir Technologies Inc. v. Palantir.net, Inc., at issue, essentially, was the use of the mark PALANTIR. Tolkien fans may recall that, in The Lord of the Rings, the palantir were a set of magical stones, any one of which could be used to see events occurring near any of the other stones.

Palantir.net, Inc. (“Palantir.net”) is a national provider of Internet site design and software development services. It began providing services under the “Palantir” name in 1996, acquired the “palantir.net” domain name in 1997, and obtained trademark registration for its mark on January 31, 2006. In early 2007, Palantir.net became aware that Palantir Technologies Inc. (“PTI”) also was offering software development services under the “Palantir” name and that it had begun using Google’s AdWords service to obtain sponsored search engine results. PTI was created in 2004 and first started offering products under the “Palantir” name in late 2005. In response, Palantir.net sent a cease and desist letter to PTI and attempted to engage PTI in talks regarding the matter. However, PTI subsequently filed a declaratory judgment action seeking a ruling that it was not infringing Palantir.net's mark. Palantir.net then filed counterclaims and sought a preliminary injunction to restrict PTI’s use of the mark during the pendency of the lawsuit.

In ruling on Palantir.net’s injunction request, the court had to determine whether Palantir.net was able to demonstrate a likelihood of success on the merits with regard to its claims that there was a likelihood of confusion between the marks at issue. Because many of the factors involved in the likelihood of confusion analysis in this case were fairly straightforward (e.g., the marks were similar, were applied to similar products or services, and used similar marketing channels, among others), the court’s decision hinged in large measure on the strength of the word “palantir” as a trademark. In its motion, Palantir.net perhaps inadvertently described its mark as merely suggestive, a claim that PTI nevertheless disputed by arguing that the mark was part of a crowded field of similar marks.

The court disagreed with PTI’s crowded field argument (finding that there was little or no substantial evidence to support the claim), and it effectively gave Palantir.net the benefit of a doubt in stating:

Accepting Palantir.net's original assertion that its mark is suggestive, it is at the far end of the suggestive spectrum, very near to arbitrary or fanciful, and thus is of at least moderate strength. It requires a mental leap to go from Palantir.net's mark to its services; indeed, it requires a detailed knowledge of The Lord of the Rings and a precipitous climb from The Lord of the Rings to Palantir.net's services. “The more imagination required, the stronger the mark is.” Thus, Palantir.net's mark is strong enough to deserve trademark protection.

(citation omitted)

Thus, the opinion supports the unsurprising proposition that a legally fanciful mark may be found within the pages of fantasy literature. When assessing the strength of a mark and the viability of a strong IP enforcement regime, it is important to consider all factors that may support registration and potential future claims of infringement by others.

In addition to the words or logos accompanying a product or service, the physical structure and/or packaging of a product or the distinctive locations where a service is offered also can serve as powerful mechanisms to identify and differentiate the product or service in the marketplace. The shape of a Coca Cola® bottle or the seven vertical slots in the front grill of a Jeep® or the red and white color scheme of a Target® store all serve the same essential functions for their associated brands as do the names of those brands. In light of this, protection of such “trade dress” can be one of the most important parts of many business’ intellectual property enforcement initiatives.

As with trademarks, practical trade dress protection begins with registration. In order to be eligible for the protections that registration provides, trade dress first must satisfy the same basic, initial test as trademarks – that is, does the dress primarily serve to identify or distinguish associated goods or services in the marketplace? The important part of that question to keep in mind especially when considering trade dress is the word primarily.

Most trade dress serves – or originally served – some other purpose. A Coca Cola® bottle holds liquid. The slots in a Jeep® grill allow air to pass to the engine compartment. A Target® store houses merchandise and store operations. However, over time the designs of these items have become more important as indicia of the associated brands than as functional packages or structures. It is at the point where the design of a product becomes primarily non-functional that its eligibility for trademark registration and strong protections begins.

There is a long history of business disputes being waged in and out of court over the question of where on the primary purpose spectrum a product design falls. Most recently, we have seen high-profile disputes involving Louis Vuitton® purses as well as a contentious battle between Jeep® and Hummer® over the protectability of that famous grill. Many businesses would do well to consult with counsel in the establishment of a strong trade dress registration, monitoring, and enforcement program to protect their distinctive designs.

A recent opinion from the U.S. Court of Federal Claims highlights some of the difficulties that creative professionals may face when pursuing claims of copyright infringement against the federal government. Admittedly, though, it is doubtful that most such claimants would find themselves in the situation of pursuing such claims from a jail cell.

Robert James Walton v. The United States (opinion released January 23, 2008) involved the case of an individual (Walton) who, while serving a 17.5 years sentence at the U.S. Penitentiary at Leavenworth, Kansas, following his conviction on charges of bank robbery, performed professional graphic design services in the creation of several calendars under work detail for the federal government. (Prior to his incarceration, Walton received substantial graphic design training and had taught classes on the subject.) Following the creation of the calendars, Walton voiced concerns to prison officials regarding what he believed to be the government’s misappropriation of what he claimed to be his intellectual property rights in the calendars he created. Perhaps predictably, prison officials dismissed Walton’s concerns and informed him that all rights in the calendars belonged to the government (specifically, to UNICOR/Federal Prison Industries, Inc. (FPI), the non-appropriated fund instrumentality in charge of the work detail to which Walton was assigned). In response, Walton eventually filed suit against the federal government, alleging that FPI and the General Services Administration (GSA) infringed his copyrights in the calendars. Following several venue transfers as well as a stay to give the U.S. Copyright Office time to make a decision with regard to Walton’s application for registration of his copyrights, Federal Claims Court heard the U.S. government’s motion to dismiss and for summary judgment.

The government’s motion sought dismissal of Walton’s claims on essentially two grounds: (1) dismissal based on the court’s alleged lack of subject matter jurisdiction, because Walton’s failed to register his copyrights prior to filing suit; and (2) dismissal for Walton’s alleged failure to state a claim upon which relief can be granted, because Walton allegedly was an employee of the FPI and/or the federal government when he created the calendars.

The court did not grant the relief sought by the government for any of the reasons advanced in the government’s motion. With respect to the jurisdictional issue, the court held that Walton’s amended complaint, which Walton filed after he registered his copyrights in the calendars and while the alleged infringing activity was ongoing, served “…as a de facto supplemental complaint…analogous to a separate complaint distinct from the initial, November 21, 2001 complaint.” Thus, that jurisdictional issue could not serve as a basis for dismissal.

However, the court sua sponte raised a separate jurisdictional issue based on a statutory proviso to the federal government’s waiver of sovereign immunity in copyright infringement cases. 28 U.S.C. § 1498(b) reads as follows:

[W]henever the copyright in any work protected under the copyright laws of the United States shall be infringed by the United States, ... the exclusive action which may be brought for such infringement shall be an action by the copyright owner against the United States in the Court of Federal Claims ...: Provided, however, That this subsection shall not confer a right of action on any copyright owner ... with respect to any copyrighted work prepared by a person while in the employment or service of the United States, where the copyrighted work was prepared as a part of the official functions of the employee, or in the preparation of which Government time, material, or facilities were used....

The court first held that everything after the word “Provided” in the above passage is jurisdictional in nature, and thus constitutes matters that a plaintiff must prove (or disprove) in order for copyright claims against the government to move forward. The court then addressed the substance of the proviso and Walton’s relationship with the federal government, and noted the “absurdity” of trying to apply traditional, common-law agency factors to determine whether a prison inmate is an “employee” of the government (thereby effectively denying the other basis of the government’s motion, though the rest of the court’s opinion rendered moot both of the issues raised by the government). However, the court went on to hold that, at the time he created the calendars, Walton was “in the…service of the United States…” and that in the preparation of the copyright works, “…Government time, material, [and] facilities were used…” Because of this, and in light of the court’s prior holding regarding the nature of the proviso, the court found that it lacked subject matter jurisdiction over Walton’s claims, which it therefore had no alternative but to dismiss.

Most individuals or businesses performing creative work for the federal government will never find themselves in the sort of situation that Mr. Walton faced. However, the Walton opinion serves as a reminder of certain protections that you can take to ensure that you will retain rights in the works that you create. First, it is important to make explicit in a written agreement with the government that all works under the agreement are to be created in the individual’s or business’ status as an independent contractor of the government and also that those works are not “works for hire,” in which the government would hold the copyright. Second, to the extent possible, it is advisable to avoid using any government resources in the creation of the works, because the Walton analysis seems to make clear that a person working “in the…service of the United States” still may bring a claim for copyright infringement as long as he or she did not use “…Government time, material, or facilities…” in the creation of the works. Finally, as is true for any creative work, it is always very important to register that work as soon as possible following its creation, in order to avoid any potential jurisdictional problems.

A trademark is the most valuable asset owned by many businesses. The design, features, source code, or formulation of a product or service may change regularly and even predictably. Without a concise representation of the source, history or reputation of that product or service – as distilled to the mark used to brand it – such changes would make it immeasurably difficult, if not impossible, for a business to maintain demand. Businesses with particularly successful products or services spend considerable amounts of time, effort and money establishing and protecting their associated trademarks, and for good reason. Business owners who fail to pay sufficient attention to the protection of their companies’ marks face a number of what should be unacceptable risks, including the inability to register or use those marks at a future date, the dilution of the market’s recognition of their products or services, and, in some cases, legal fees and penalties arising from trademark claims made against them by other businesses. It is therefore important for all business owners to have an understanding of several basic principles of trademark law, including registration with the U.S. Patent & Trademark Office (USPTO), what constitutes improper use, and what remedies are available for infringement.

In some cases where a business’ trademark is not eligible for registration on the USPTO’s principal register, it is often advisable for the business to register the mark on the supplemental register instead. Marks on the supplemental register do not enjoy all of the statutory protections afforded to marks on the principal register. However, their owners are eligible to file lawsuits for trademark infringement under U.S. federal law. In addition, by treaty, many foreign nations require registration of a mark in its owner’s home nation before they will allow registration in their own records. Therefore, registration on the supplemental register may be a necessary step to securing trademark rights outside the U.S., where many foreign states have less stringent requirements for full protection. Finally, continuous registration on the supplemental register can be helpful to a business seeking primary registration for a mark that is asserted to have acquired secondary meaning through continuous, exclusive use.

To be eligible for registration on the supplemental register, a mark must be currently in use and “must be capable of distinguishing the applicant’s goods or services,” but it need not have the inherent distinctiveness required in order to avoid being deemed “merely descriptive” and, thus, ineligible for principal registration. However, many of the disqualifying criteria for registration on the principal register still apply to the supplemental register, including, for example, the presence of any deceptive or fraudulent elements or the unauthorized use of a third person’s name or likeness. Registrations on the supplemental register also are subject to the same requirements pertaining to duration and renewal that apply to registrations on the principal register.

Whether and to what extent supplemental registration represents a good value proposition for your business is a question best explored with a knowledgeable trademark attorney.

A trademark is the most valuable asset owned by many businesses. The design, features, source code, or formulation of a product or service may change regularly and even predictably. Without a concise representation of the source, history or reputation of that product or service – as distilled to the mark used to brand it – such changes would make it immeasurably difficult, if not impossible, for a business to maintain demand. Businesses with particularly successful products or services spend considerable amounts of time, effort and money establishing and protecting their associated trademarks, and for good reason. Business owners who fail to pay sufficient attention to the protection of their companies’ marks face a number of what should be unacceptable risks, including the inability to register or use those marks at a future date, the dilution of the market’s recognition of their products or services, and, in some cases, legal fees and penalties arising from trademark claims made against them by other businesses. It is therefore important for all business owners to have an understanding of several basic principles of trademark law, including registration with the U.S. Patent & Trademark Office (USPTO), what constitutes improper use, and what remedies are available for infringement.

After an application for trademark registration is filed, it is assigned to an examining attorney at the USPTO for review. That examining attorney is under an obligation to approve the mark for registration on the USPTO’s “principal register” of trademarks unless it meets one of several disqualifying criteria. For many businesses, most of these criteria are not usually difficult to avoid, including the following:

- The mark “consists of or comprises immoral, deceptive, or scandalous matter.”
- The mark disparages, brings into contempt or disrepute, or falsely suggests a connection with other persons, institutions, beliefs or national symbols.
- Consists of or comprising the name, portrait or signature of a living person without that person’s consent or of any deceased U.S. President during the life and without the consent of that President’s spouse.

However, other criteria can present more of a challenge. These include the following requirements:

-The proposed mark must not be so similar to an already-registered mark that it would cause confusion, mistake or deception as to the origin of the product or service associated with the proposed mark.
- The proposed mark must not be “merely descriptive or deceptively misdescriptive” of the product or service with which it is associated.
- The proposed mark must not be “primarily merely a surname.”

A search of the USPTO’s records can yield a surprising number of existing and pending trademarks that may be similar to a mark a business wants to register and protect. In addition, it is not uncommon for a business to want to register a mark that either is in whole or that contains elements descriptive of associated products or services. While many such descriptive marks may not be eligible for registration on the principal register, if, through a business’ continuous and exclusive use, those marks have acquired “secondary meaning” and become distinctive of the business’ goods or services, a business may be able to secure registration with sufficient supporting documentation. In these cases especially, a knowledgeable trademark attorney can provide valuable assistance to help reduce the risk of delay or denial in applying for registration.

A trademark is the most valuable asset owned by many businesses. The design, features, source code, or formulation of a product or service may change regularly and even predictably. Without a concise representation of the source, history or reputation of that product or service, such changes would make it immeasurably difficult, if not impossible, for a business to maintain demand. Businesses with particularly successful products or services spend considerable amounts of time, effort and money establishing and protecting their associated trademarks, and for good reason. Business owners who fail to pay sufficient attention to the protection of their companies’ marks face a number of what should be unacceptable risks, including the inability to register or use those marks at a future date, the dilution of the market’s recognition of their products or services, and, in some cases, legal fees and penalties arising from trademark claims made against them by other businesses. It is therefore important for all business owners to have an understanding of several basic principles of trademark law, including registration with the U.S. Patent & Trademark Office (USPTO), what constitutes improper use, and what remedies are available for infringement.

A trademark, or “mark,” is any word, phrase or symbol used by a business to let potential customers know who makes a certain product or who offers a certain service. (There is an increasingly archaic distinction made for marks that specifically designate services rather than products. Such marks are often labeled “service marks,” but this term is less frequently used today, and there is no meaningful distinction in the U.S. between the law’s treatment of marks for products and marks for services.)

In the U.S., a business may register its lawfully owned or used marks by submitting an application to the USPTO. Registration is not free: there is an application fee, and many businesses would benefit from the services of a knowledgeable trademark attorney in securing the registration and monitoring the use of any registered marks. In addition, in order for the registration to remain valid, a mark’s owner must file an affidavit of continuing use during the fifth year of registration and must submit a fee and application for renewal prior to the statutory expiration of the registration, which occurs at the end of ten years following registration or prior renewal.

However, for most businesses the benefits of registration far exceed the costs. Owners of unregistered marks are not wholly without recourse in the event of perceived infringement, but their options are significantly limited. Most importantly, owners of registered marks have the ability to file lawsuits in federal court for trademark infringement under the Lanham Act, the U.S. federal law pertaining to trademark protection. Owners of unregistered marks also may resort to federal litigation, but they typically face more difficult burdens of proof and less extensive remedies for proven infringement (e.g., treble damages are available only for infringement of registered marks). In addition, a valid certificate of registration from the USPTO carries with it a number of important evidentiary advantages, including: a presumption that the registered mark is valid, a presumption that the owner of the registration owns the mark, a presumption that the owner of the registration has the exclusive right to use the mark in commerce, and a presumption that the mark is not confusingly similar to any other registered mark. For all of these and several other important reasons (some of which are described here), a business owner with an existing, unregistered mark or a mark intended for future use should not hesitate to speak with an attorney regarding registration.

Websites have, in the past, relied primarily on textual or photographic elements to convey their messages. This fact has made it historically difficult for a business to support a claim that a competitor’s uncomfortably close emulation of its Internet content constituted trade dress infringement, in violation of U.S. trademark law under the Lanham Act. But that may be changing as the sophistication and importance of websites increases.

Modern websites are considerably more complex and content-rich than they were even five years ago. Those who frequent sites such as eBay® and Amazon.com® likely have come to associate those sites’ well-developed user interfaces with those companies to the same degree that shoppers at a Barnes & Noble® or Target® store would associate those stores’ design elements and merchandising practices with those businesses. Even sites without that degree of commercial traffic may enjoy great success in associating a successful web site design with a particular line of business. To the extent that a business can prove such an association, a handful of recent cases indicate that trademark law may provide the protections that some businesses need after all.

In Blue Nile, Inc. v. Ice.com, Inc., a 2007 case from the Western District of Washington, the trial court denied the defendant’s motion to dismiss the plaintiff’s claim that the defendant infringed its trade dress rights by copying the “overall look and feel” of the plaintiff’s well-known diamond-marketing site. While the court did not expressly sanction the use of trademark law to protect the “look and feel” of a website, it did nevertheless note that the theory deserved factual development in that case in order to assess its applicability. The court further noted that trademark law might provide the only basis for such claims, since more than one commentator has recognized that copyright law likely is insufficiently broad to cover a website’s overall format. In their briefing, the Blue Nile plaintiffs cited two earlier, unreported cases to support their arguments. In one, Peri Hall & Associates, Inc. v. Elliot Institute for Social Sciences Research, a 2006 case from the Western District of Missouri, the trial court granted the plaintiff’s request for a preliminary injunction prohibiting the defendant’s continued publication of a website that “copied the look and feel” of the plaintiff’s site and that further incorporated the plaintiff’s trademarks into the metatags for the site. In the other case cited by the Blue Nile plaintiff, Faegre & Benson LLP v. Purdy, a 2004 case from the District of Minnesota, the trial court there similarly granted that plaintiff’s request for a preliminary injunction based, in part, on the fact that the defendant there had published web page that featured “[plaintiff’s] nonfunctional trade dress… the appearance of which is confusingly similar to the trade dress of [plaintiff’s] web site” as well as the plaintiff’s trademarks.”

For many businesses facing infringement of their website content, it may be time and money well spent consulting with an attorney regarding the availability of a potential “cyber trade dress” claim such as those discussed in the Blue Nile opinion.

The Blue Nile opinion is reported at 478 F.Supp.2d 1240. The Peri Hall and Faegre & Benson opinions are available on Westlaw®, respectively, at 2006 WL 742912 and 2004 WL 167570.

Owners of successful commercial websites increasingly find themselves faced with the challenge of protecting their Internet content against the misappropriation and copying of that content by others, including, most importantly, by competitors. Compounding this problem is the fact that those who would misappropriate and copy that website content may be able to avoid liability for copyright infringement by copying only the “look and feel” of another site, rather than the original words or images.

A recent case from the Southern District of California highlights the difficulty of proceeding with a copyright-based claim of website content infringement. In Allen v. Ghoulish Gallery, the plaintiff sued the defendant for infringing his asserted copyright in the website he had created for his business, which produced and sold antique photographs that were altered using “lenticular technology” to create a “spooky” alternative image, depending on the angle at which the photograph is viewed. These “changing portraits” are popular in the haunt industry and as novelties. The plaintiff’s and defendant’s businesses were in direct and, apparently, heated competition with one another.

In reviewing the plaintiff’s copyright infringement claims, the court noted that the individual elements displayed on the plaintiff’s site – fonts, navigation buttons, image frames, etc. – generally were not original or copyrightable. However, the court also noted that where “specific components of a compilation are not original or would not be protected by themselves, a party nonetheless may have protection in the selection, arrangement, and presentation of such components.” To obtain copyright protection under such a theory, a claimant must show: “(1) the collection and assembly of pre-existing material, facts or data; (2) the selection, coordination, or arrangement of those materials; and (3) the creation, by virtue of the particular selection, coordination, or arrangement, of an original work of authorship.” In this case, the court found that these elements were present in plaintiff’s web site and that the site was entitled to protection.

However, regardless of whether the content was entitled to protection, the court found that no infringement occurred. Where the work in question does not consist of original constituent elements, the inquiry involves a determination of whether there is a “substantial similarity” between the original work and the allegedly infringing work. That inquiry consists of an intrinsic analysis, based on “an ordinary person’s subjective impressions of the similarities between two works,” or an extrinsic analysis, which “focuses on specific criteria that can be listed and analyzed.” Here, the court used an extrinsic analysis and found that no substantial similarity existed between the two sites. The court noted that the two sites used the same fonts for the same purposes, the same configuration of tabbed links to different site sections, and “framed” examples of portraits, with either black oval “matting” or no “matting,” and substantially similar configurations of sample portraits. However, because the two sites used different colors within a predominantly black theme (which both also shared), different “framing” for the portraits, and different textual elements, the court ruled against the plaintiff’s copyright claim, and proceeded to take up the other claims of unfair competition and false claims that also had been raised.

Thus, if Allen is any indication, while copyright may be an option for businesses facing infringement of their website content by competitors, it could prove to be unavailing in many cases.

The Allen opinion is reported at 2007 WL 4207923.

Owners of successful commercial websites increasingly find themselves faced with the challenge of protecting their Internet content against the misappropriation and copying of that content by others, including, most importantly, by competitors. Compounding this problem is the fact that those who would misappropriate and copy that website content may be able to avoid liability for copyright infringement by copying only the “look and feel” of another site, rather than the original words or images.

A recent case from the Southern District of California highlights the difficulty of proceeding with a copyright-based claim of website content infringement. In Allen v. Ghoulish Gallery, the plaintiff sued the defendant for infringing his asserted copyright in the website he had created for his business, which produced and sold antique photographs that were altered using “lenticular technology” to create a “spooky” alternative image, depending on the angle at which the photograph is viewed. These “changing portraits” are popular in the haunt industry and as novelties. The plaintiff’s and defendant’s businesses were in direct and, apparently, heated competition with one another.

In reviewing the plaintiff’s copyright infringement claims, the court noted that the individual elements displayed on the plaintiff’s site – fonts, navigation buttons, image frames, etc. – generally were not original or copyrightable. However, the court also noted that where “specific components of a compilation are not original or would not be protected by themselves, a party nonetheless may have protection in the selection, arrangement, and presentation of such components.” To obtain copyright protection under such a theory, a claimant must show: “(1) the collection and assembly of pre-existing material, facts or data; (2) the selection, coordination, or arrangement of those materials; and (3) the creation, by virtue of the particular selection, coordination, or arrangement, of an original work of authorship.” In this case, the court found that these elements were present in plaintiff’s web site and that the site was entitled to protection.

However, regardless of whether the content was entitled to protection, the court found that no infringement occurred. Where the work in question does not consist of original constituent elements, the inquiry involves a determination of whether there is a “substantial similarity” between the original work and the allegedly infringing work. That inquiry consists of an intrinsic analysis, based on “an ordinary person’s subjective impressions of the similarities between two works,” or an extrinsic analysis, which “focuses on specific criteria that can be listed and analyzed.” Here, the court used an extrinsic analysis and found that no substantial similarity existed between the two sites. The court noted that the two sites used the same fonts for the same purposes, the same configuration of tabbed links to different site sections, and “framed” examples of portraits, with either black oval “matting” or no “matting,” and substantially similar configurations of sample portraits. However, because the two sites used different colors within a predominantly black theme (which both also shared), different “framing” for the portraits, and different textual elements, the court ruled against the plaintiff’s copyright claim, and proceeded to take up the other claims of unfair competition and false claims that also had been raised.

Thus, if Allen is any indication, while copyright may be an option for businesses facing infringement of their website content by competitors, it could prove to be unavailing in many cases.

The Allen opinion is reported at 2007 WL 4207923.

On October 5, Paul Holman and Lucy Rivello, both recent purchasers of Apple iPhones, filed suit against Apple and AT&T in the Northern District Court of California, alleging unfair and fraudulent business practices and anti-trust violations under California law, anti-trust violations under U.S. federal law, and trespass against personal property. The plaintiffs also are seeking to represent a nationwide class of similarly situated iPhone owners, dating from June 29, 2007, to the future date of judgment.

The plaintiffs’ allegations arise from their experience with the mobile network “locking” practices employed by Apple and AT&T with respect to the iPhone. Ordinarily, mobile network carriers can provide electronic codes to “unlock” a particular phone from their own network, thereby allowing the phone to access another carrier’s network that uses a compatible technical standard. While a carrier may charge an early termination fee before it allows a current customer to switch to another network, if that customer is under no pending contractual obligations with the carrier, the carrier usually will comply with the customer’s request and unlock the phone.

In the case of the iPhone, however, even though customers in most cases paid full retail price for their iPhones and may be under no contractual obligation to remain with AT&T, AT&T has refused to allow iPhone owners to unlock their phones and migrate to another compatible network. Moreover, according to the complaint, customers who have attempted to unlock their phones without assistance from AT&T have had their phones re-locked or even permanently disabled following a “mandatory” update to their devices’ operating systems from Apple. The complaint further alleges that when the affected customers have requested that Apple reactivate their disabled iPhones, Apple has refused, has told them that they are in violation of applicable iPhone user agreements, and has stated that the only recourse is to purchase a new iPhone.

As this case develops, it will be interesting to see how well the iPhone user agreement fares under scrutiny, as it is the document around which all of the claims and defenses in the case apparently will revolve. A negative result for Apple and AT&T could have important consequences for user agreements in other contexts.

You can download a copy of the complaint here

The Business Software Alliance (BSA) recently lent its support to legislation pending in the U.S. Congress that would expand the scope and power of federal criminal law pertaining to IT security matters. Under the “Cyber-Security Enhancement Act of 2007” (CSEA), section 1030 of the federal criminal code would be amended to include new offenses of extortion based on threats to gain unauthorized access to a computer and of conspiracy to commit any of the IT-related crimes defined in section 1030. More significantly, the bill would create another new offense directed at anyone who:

…intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains a unique electronic identification number, address or routing code, or access device (as defined in section 1029(e)(1)), from a protected computer.

The term “exceeds authorized access” already is defined elsewhere to mean “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” In addition, the bill amends the previous definition of “protected computer” to include any computer “affecting interstate or foreign commerce or communication” (which would seem to include any computer that is publicly accessible through the Internet). Finally, the bill would include all of these offenses, along with the other section 1030 offenses, as predicates for prosecution (as well as civil liability) under the Racketeer Influenced and Corrupt Organizations Act (RICO).

It is undoubtedly important to give law enforcement all the tools that it needs to combat organized efforts to infiltrate secure computer networks and the sensitive personal information that many of them contain (an objective that CSEA also pursues through greater funding for federal investigations into cyber-crime). However, in pursuing this end, the CSEA and its supporters seem to be casting a very wide net indeed. Questions concerning what constitutes “authorized” access or information to which a user is or is not “entitled” on a web-accessible computer could mean that more than just hardened cyber-criminals end up getting caught in CSEA’s sweep. The surprisingly broad scope of the bill, coupled with the new link to RICO and the private civil suits that statute allows, may also mean that we could see an up-tick in IT-related litigation in coming years, should CSEA see its way through to passage. It will be interesting to watch this bills progress in coming weeks and months.

You can read the text of the bill here. Section 1030 as it currently exists is available here.

On October 1, Microsoft announced a new licensing option for Windows XP Professional directed at businesses that have discovered that their computers are running allegedly unlicensed copies of the operating system. Dubbed the “Get Genuine Windows Agreement” (GGWA), the program offers interested companies the perhaps superficially attractive opportunity to purchase operating system licenses for their affected computers at a volume licensing discount. However, in order to be eligible for the discount, those companies must sign an agreement including an “acknowledgement of legalization,” a commitment to purchase legal software in the future, and a clause giving Microsoft the right to audit the company’s computers to ensure compliance with applicable license agreements. Moreover, the licenses acquired under the agreement apply only to the computers for which they were initially purchased and are non-transferable. More details on the program are available here.

While GGWA might present a cost-effective solution for some businesses that have discovered the presence of unlicensed Windows XP operating systems on their network, those savings should be weighed carefully against the costs inherent in the agreement’s terms. Interested businesses should take care to ensure that they have an effective software compliance initiative in place before giving Microsoft or any other software publisher the right to conduct a compliance audit in their environment. Businesses should also carefully consider the legal ramifications of signing a written admission that their computers have been running unlicensed software. For many, the incremental cost associated with purchasing licenses under other licensing frameworks may present a better long-term value.

New legislation introduced in the U.S. House of Representatives could result in amendments to the Digital Millennium Copyright Act (DMCA) in favor of relaxed usage rights for digital media. On February 27, Representatives Rick Boucher (D-VA) and John Doolittle (R-CA) introduced the Freedom and Innovation Revitalizing U.S. Entrepreneurship Act of 2007 (FAIR USE Act). Among a few other modifications, the Act would create a handful of specific exemptions from the DMCA’s prohibition on “unlocking” the rights management features of certain digital media. As a result, end users might be able to legally create, for example, backup copies of DVD and other purchased content. However, in a concession to opponents of previous, similar legislation, the Act would not create a fair use defense to a claim of circumvention in violation of the DMCA unless the conduct fell within one of the Act’s six enumerated exceptions:

(i) an act of circumvention that is carried out solely for the purpose of making a compilation of portions of audiovisual works in the collection of a library or archives for educational use in a classroom by an instructor;

(ii) an act of circumvention that is carried out solely for the purpose of enabling a person to skip past or to avoid commercial or personally objectionable content in an audiovisual work;

(iii) an act of circumvention that is carried out solely for the purpose of enabling a person to transmit a work over a home or personal network, except that this exemption does not apply to the circumvention of a technological measure to the extent that it prevents uploading of the work to the Internet for mass, indiscriminate redistribution;

(iv) an act of circumvention that is carried out solely for the purpose of gaining access to one or more works in the public domain that are included in a compilation consisting primarily of works in the public domain;

(v) an act of circumvention that is carried out to gain access to a work of substantial public interest solely for purposes of criticism, comment, news reporting, scholarship, or research; or

(vi) an act of circumvention that is carried out solely for the purpose of enabling a library or archives meeting the requirements of section 108(a)(2), with respect to works included in its collection, to preserve or secure a copy or to replace a copy that is damaged, deteriorating, lost, or stolen.

Significantly, the Act also would codify the Supreme Court’s “Betamax decision,” by eliminating any potential liability for copyright infringement “based on the design, manufacture, or distribution of a hardware device or of a component of the device if the device is capable of substantial, commercially significant noninfringing use.”

If enacted, the Act would represent a major re-working of some of the more complained-about aspects of the DMCA. While opposition from media producers and copyright owners is likely to pursue the bill, it will be interesting to see if the compromises its authors have included will be sufficient to see it through to passage.

Last month, the Software & Information Industry Association (SIIA) announced the first major settlement reached by its Corporate Content Anti-Piracy Program (CCAPP). (You can read the SIIA’s press release here.) The settlement was reached with Knowledge Networks, Inc. (KNI), a market research firm based in Menlo Park, California, with fewer than 500 employees nationwide. The SIIA accused KNI of copyright infringement arising out of KNI’s internal distribution to its employees of written content authored by SIIA members, such as the Associated Press, Reed Elsevier, and United Press International, without securing licenses to copy the content. The SIIA learned about the content distribution through a confidential tip from an informant who later received a $6,000 reward from the SIIA. In order to resolve the matter, KNI eventually agreed to pay the SIIA $300,000 and to send its employees to an SIIA-approved “Certified Content Rights Manager” course.

This chain of events – anonymous tip, followed by allegations, negotiation, and, eventually, settlement for money damages – is very similar to what typically occurs in software audit cases initiated by the SIIA, the Business Software Alliance, and some software publishers. What is perhaps more troubling about the SIIA’s new focus on “corporate content” is how small-to-medium businesses, many of whom are completely unaware that any of their actions might constitute copyright infringement, nevertheless could find themselves the targets of SIIA-initiated “content audits.” These companies may be subject to substantial settlements, and become the subject of a widely disseminated press release regarding corporate “piracy.” It appears that a company could targeted if an employee copied and pasted copyrighted text and then hit the “Send” button on an internal e-mail.

It is certainly important to develop and maintain awareness of the content that your employees are distributing internally within your organization. However, if your business has been accused of corporate content “piracy” by any industry association like the SIIA, it is equally important that you consult with an attorney who can provide some insight into the legal arguments and strategies typically employed in similar matters.

Many companies have started to experience the consequences of non-existent, insufficient or poorly implemented data security plans in the form of enforcement lawsuits filed by state attorneys general for violations of state data privacy and data security laws. However, in an interesting twist on this usual variety of state-initiated litigation arising out of poor data breach planning, the State of Connecticut is suing IT consultant Accenture for alleged negligence in losing electronic files containing information on bank accounts for almost all Connecticut state agencies as well as several hundred state purchasing cards and a handful of Connecticut taxpayers. Connecticut’s lawsuit also alleges unauthorized use of state information and breach of contract.

Connecticut hired Accenture to develop network systems that would allow it to consolidate payroll, accounting, personnel and other functions. Information related to Connecticut’s employees was contained on a data tape stolen from the car of an Accenture intern working on an unrelated, though similar project for the State of Ohio. (The tape also contained personal information on about 1.3 million Ohio residents.) The intern apparently had been using the Connecticut program as a template for the Ohio project. You can read more about the incident and subsequent lawsuit here and here.

The Accenture case underscores the business necessity of having a thorough data security program that employees actually follow, because breaches can be very costly and weak link in the security chain are prevalent. An effective plan should provide for contingencies affecting sensitive data, especially financial or health information. Plans should also ensure either that all of the business’ employees are aware of the data security policies and procedures, or, better yet, provide for physical, electronic, or procedural barriers to prevent data from being used for any unnecessary or non-business-critical purposes. Companies implementing security plans should consider reducing the risks identified in the Accenture matter by prohibiting interns from having access to sensitive information and restricting the presence of sensitive information on portable devices.

With the increasing number of lawsuits focused on data breach and security incidents, it is crucial that all businesses take steps to develop comprehensive security policies and also to ensure that their assets will be protected in the event that those policies fail.

Section 512 of the Digital Millennium Copyright Act (DMCA) gives providers of online content “safe harbor” from liability for copyright-infringing material stored on their web domains by third parties. In most cases, however, the shield provided by Section 512 is used as a sword by copyright owners, who are able to send “DMCA takedown notices” to content providers in order to force those providers to remove infringing content. Regardless of whether your business is on the sending or receiving end of such a notice, it is important to be aware of the requirements that the notice must satisfy in order for it to carry legal weight.

While Section 512 contains other liability-limiting provisions applicable to other types of service providers, the part of the act that most associate with “safe harbor” requires that a takedown notice contain:

A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.

Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material.

Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.

A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.

A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

A notice that does not substantially comply with all of the above requirements is not effective to give a content service provider notice that infringing material is present on their domain.

Although most of the requirements are straightforward, a person sending a notice should pay special attention to the second and third elements, especially in light of the fact that the notice must be signed by a responsible person under penalty of perjury. A sloppy description of the copyrighted material and/or a sloppy description of the content alleged to infringe that copyright, or transmission of a purported takedown notice that does not fall within the scope of the protections afforded under the Copyright Act, could result in an inference that there was no good faith basis for the takedown requested under the notice. A separate subpart of Section 512 provides that a “knowing,” “material” misrepresentation that online content is infringing could result in liability for damages, costs and attorney’s fees to the alleged infringer, the content service provider, or both. For example, in the case of Online Policy Group v. Diebold, Inc., 337 F.Supp.2d 1195, (N.D.Cal. 2004), Diebold sent a takedown notice to the Internet service provider for two college students, who had published on their web site, in an effort to draw critical attention to voting machines manufactured by Diebold, internal e-mails exchanged among Diebold employees. In its opinion, the court found that Diebold had violated Section 512, holding:

No reasonable copyright holder could have believed that the portions of the email archive discussing possible technical problems with Diebold's voting machines were protected by copyright, and there is no genuine issue of fact that Diebold knew-and indeed that it specifically intended-that its letters…would result in prevention of publication of that content.

Diebold eventually agreed to a settlement in which it paid the plaintiffs $125,000 in damages and fees.

These issues are receiving renewed attention in the wake of news regarding notice sent by the Science Fiction and Fantasy Writers of America (SFWA) to Scribd.com, a site allowing users to upload and share text files. The SFWA’s notice apparently included material – such as a schoolteacher’s bibliography for students – that could not reasonably be argued as infringing any copyright. (The SFWA has since issued a statement regarding the flaws in its notice and suspended the committee that was responsible for sending the notice.) It remains to be seen whether any legal liability will flow from the incident, but it should serve as a reminder to anyone dealing with either end of a takedown notice that it pays to be aware of just what the DMCA does – and does not – allow.

Late Friday, the U.S. House passed, by a 220 to 175 margin, significant reforms to the nation’s patent laws. Those who have been paying attention to this issue already know that recent Congressional activity regarding patent reform has been moving forward at a pace that has been uncharacteristically steady, considering past attempts to enact changes to U.S. patent law. The passage of the House bill on Friday follows approval by the Senate Judiciary Committee in July of its own set of largely similar reforms. The full Senate has yet to vote on its own bill, though, and differences between the two bills of course will need to be dealt with before final legislation can be approved and sent to the President for signing.

The Washington Post reports that the spokesman for Senate Majority Leader Harry Reid predicts that a Senate vote may be forthcoming within a couple weeks. However, the Bush Administration, while generally expressing agreement with proposed patent reforms, also has expressed its concern with some proposals, most notably those involving damages in patent lawsuits. It will be very interesting in coming weeks to see whether and to what extent the House and Senate can agree on a set of reforms that meet with the President’s approval.

Hot on the heels of uncharacteristic agreement in Congress concerning pending legislation to enact a number of tech manufacturer- and publisher-friendly reforms to the nation’s patent laws (more on that here), Seagate Technology has secured a victory in the Federal Circuit Court of Appeals that likely will give those same industry groups even more reason to celebrate. In re Seagate Technology, LLC, --- F.3d ----, 2007 WL 2358677 (C.A. Fed. (N.Y.), August 20, 2007), originated with Seagate’s petition for writ of mandamus to reverse the N.Y. Southern District trial court’s order compelling Seagate to submit to discovery of that part of its trial counsel’s work product, as well as communications with its trial counsel, related to the work of Seagate’s opinion counsel. Seagate had independently retained and designated opinion counsel both to refute the claims of willful patent infringement by plaintiffs Convolve, Inc. and the Massachusetts Institute of Technology as well as to support Seagate’s asserted advise of counsel defense. Following oral argument and the Federal Circuit’s review of the nearly two dozen party and amicus briefs that were submitted for and against the petition, the court, sitting en banc of its own accord, not only reversed the discovery order, but also fundamentally changed the controlling standard for a finding of willful patent infringement.

The trial court relied on the Federal Circuit’s prior precedent, which held: (1) that a potential patent infringer with actual notice of another’s patent rights had an affirmative duty to exercise due care to determine whether he is infringing those rights, and that failure to exercise such due care would give rise to a claim of willful infringement (and, thus, enhanced monetary damages), and (2) that assertion of an advice of counsel defense (under which the accused infringer raises advice received from his attorneys that he was not infringing as evidence of due care taken), in most cases functioned as a waiver of both the attorney-client privilege and the work product privilege, so that the validity of the defense could be tested. In interpreting the latter holding, trial courts had adopted differing approaches regarding the scope of that waiver, with some courts holding that it extended to all communications and work product of trial counsel, other courts holding that it extended to no such communications or work product, and still others holding that it extended only to such communications or work product that contradicted or cast doubt on the opinions used to support the advice of counsel defense.

In Seagate, the Federal Circuit attempted to eliminate that confusion. Before it did so, however, it first did away with the “affirmative duty” standard, which the court stated set a threshold for willful infringement that amounted to mere negligence, thereby placing an improper burden on the numerous attorney-client relationships affected by assertion of the advice of counsel defense. In its place, the court held that for claims of willful infringement, a recklessness standard would now control, under which patentees “must show by clear and convincing evidence that the infringer acted despite an objectively high likelihood that its actions constituted infringement of a valid patent.” Thus, the court shifted the burden from defendants to claimants to prove the existence, rather than the absence, of willful infringement, thereby eliminating much of the need for the advice of counsel defense in the first place. In addition, though, the court explicitly limited the scope of the privilege waiver, absent extraordinary circumstances, to communications with or work product of trial counsel.

It will be interesting in coming weeks and months to see the extent to which this very important opinion informs the congressional debate over proposed patent reforms.

You can read the Federal Circuit’s Seagate opinion here.

Recently, a Danish pop band from the 1980s gave Sony BMG an uncomfortable reminder that business officers who neglect to review their contracts in light of changes in technology and commercial objectives may find themselves having to play a costly game of catch-up when the terms of those contracts no longer reflect the current state-of-the-art technology.

Dodo and the Dodos apparently are one of Denmark’s all-time best-selling pop bands, famous (in certain regions along the eastern shore of the Atlantic Ocean, anyway) for several hits, including their biggest, “Vågner i natten’ (‘Waking in the Night’).” More than five years ago, Sony BMG sent out notices to approximately 400 composers of songs for which the company held distribution rights, including the Dodos, informing them that their compositions were slated to begin distribution via Internet download. The Dodos were the only recipients to object to and challenge their notice, based both on their belief that their current royalty deal was inadequate to fully compensate them for Internet distribution as well as, more importantly, on the fact that their existing contract with Sony did not explicitly allow for that method of distribution. Apparently, when the Sony-Dodos deal was inked, there was no reason to mention music downloads, as they were not then a technologically viable option for distribution.

After losing the case against it at the trial level, Sony appealed the decision to the Eastern High Court of Denmark, which upheld the trial court’s decision in a ruling issued on August 9. The case is believed to be the first of its kind involving electronic distribution of copyrighted content under dated distribution agreements. While the final decision is not necessarily controlling on courts in other jurisdictions, it is likely that it will be important ammunition for other similarly situated copyright owners who want to challenge Internet distribution of their works under terms of aging contracts that they may believe fail to provide adequate compensation.

As important as the case may prove to be for the music industry and other businesses handling electronic distribution of copyrighted materials, it serves as an important lesson for any company that enters into contracts affected by technological issues. Contract drafters sometimes make the mistake of failing to write agreements that are flexible enough to adapt to changes in technology over the life of those agreements. In other situations, contract managers fail to regularly review the terms of existing contracts to determine whether technological changes and advances have occurred since execution that will impact the interpretation of those contracts. Being behind the ball with respect to either consideration can prove to be an expensive mistake.

You can read a brief, English-language description of the case at The Copenhagen Post here.

Since Google acquired YouTube for $1.65 billion in November 2006, it has been forced to defend itself and its new acquisition against claims of copyright infringement made by swarms of angry copyright owners. Such cases include Viacom, which has claimed over $1 billion in damages, and the class action matter The Football Association Premier League Limited, et al. v. YouTube, Inc., et al.. Both cases are currently pending in the U.S. District Court for the Southern District of New York. (The current class action complaint is available at the web site set up by the plaintiffs’ attorneys here.)

Central to YouTube’s and Google’s defense in these cases is their claim that, though the YouTube.com site may be hosting audio and video works copyrighted by third parties, that action does not constitute actionable copyright infringement, thanks to Section 512(c) of the Digital Millennium Copyright Act (DMCA), which provides:

A service provider shall not be liable for monetary relief, or, [with some exceptions], for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider:

(A) (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;

(ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; OR

(iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;

(B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; AND

(C) upon notification [as specified elsewhere in the statute] of claimed infringement…responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.

Thus, YouTube and Google claim that, though they are working on technological countermeasures to filter copyrighted material, the YouTube.com site has such a large volume of users that they cannot effectively monitor all of the site’s content for infringing copies. Therefore, until given notice by copyright owners of the presence of infringing works on the site, they cannot be held liable for copyright infringement.

In response, the class action plaintiffs offer a number of arguments attempting to distinguish YouTube and Google’s actions from those of the average, theoretical, safe-harbor-eligible service provider: the defendants do not just “store” information at the direction of users, but rather provide functions to actively assist users disseminate copyrighted materials; the defendants have no policy in place to terminate the accounts of “repeat” copyright infringers; the defendants have failed in the past to timely respond to Section 512 takedown notices; the defendants “have failed to police” the site for the presence of infringing materials; and defendants have failed to employ existing, readily-available techniques to monitor the site and remove copyrighted works. (You can read the complaint here.)

It remains to be seen what success any of the parties will have with any of the above arguments. Perhaps the Supreme Court will consider the issues, at which point we hopefully will receive some much-needed clarification regarding the scope and implementation of the DMCA’s safe harbor provisions. However any of those cases may conclude, expect the pressure on Congress to modify the DMCA – pressure coming from copyright holders, on the one hand, and Internet service providers and content hosts, on the other – to only increase in coming months and years. And rightfully so. Whichever side you may fall on regarding the intent of the DMCA, in light of the fracas surrounding YouTube.com, few would dispute that it is a statute in need of extensive revision or elaboration.

Many companies who comply with a demand by a software publisher or industry association (such as the BSA or the SIIA) for an internal software audit end up facing significant settlement demands after forwarding their audit materials to the other side. One of the reasons the settlement demands often are so high is the fact that the auditing entities frequently base their demands, in part, on the “unbundled” price of software suites. Thus, where a company may expect to pay a fine based on the MSRP of, for example, one undocumented installation Microsoft Office Professional 2007 ($679), it likely will end up receiving a settlement demand based on the combined MSRPs of each of the components of that undocumented suite: Word ($229), Excel ($229), PowerPoint ($229), Outlook ($110), Publisher ($169), and Access ($229), all totaling $1195. In a typical case these difference add tens of thousands of dollars to the amount in controversy.

Another way in which publishers or auditing entities raise the amount in controversy in software audits is the attempt to assess separate “fines” for each allegedly infringing installation of a software product. Thus, a company reporting just ten undocumented installations of Office Professional 2007, with no other licensing shortfalls, may receive a settlement offer based on the combined, “unbundled” MSRPs of the component products totaling just shy of $12,000. Moreover, that is before the auditing entity applies any multipliers to that figure (yet another common tactic) or makes any assessments for their claimed legal fees, both of which factors may drive the opening settlement offer in the above example to $40,000 or more.

It is not difficult to see how owners of small to medium businesses who think that they have a handle on their financial exposure in a software audit matter often end up with truly unpleasant surprises after submitting audit materials to the BSA or SIIA that they may have believed would be negotiating on a more equitable basis.

If your business has been accused of software “piracy” and is responding to a software audit demand either from a software publisher like Autodesk or from the BSA or the SIIA, an experienced attorney can give you visibility into the process and help you avoid unpleasant surprises.

A recent U.S. Second Circuit Court of Appeals opinion should give contract drafters pause when including what they may consider to be mere boilerplate forum selection clauses in contracts implicating intellectual property rights. In Phillips v. Audio Active Ltd., 2007 WL 2090202 (2nd Cir.(N.Y.) Jul 24, 2007), Plaintiff-Appellant Peter Phillips (a/k/a Pete Rock, an influential hip-hop DJ, producer and rapper) appealed the decision of the New York Southern District Court to dismiss his contract, copyright and state law claims against defendant music companies based on a forum selection clause in the contract between the parties. The clause at issue read: "[t]he validity[,] construction[,] and effect of this agreement and any or all modifications hereof shall be governed by English Law and any legal proceedings that may arise out of it are to be brought in England." The Second Circuit affirmed the trial court’s decision to dismiss the contract claims as clearly falling within the scope of the forum selection clause, but it reversed the decision to dismiss the state law claims (asserting unjust enrichment and unfair competition) and copyright claims based on its determination that those claims did not, as the clause states, “arise out of” the contract.

The defendant music companies argued in the District Court that the copyright claims in particular did “arise out of” the contract provisions giving them the right to distribute an unspecified number of songs to be recorded by Phillips. The Second Circuit disagreed. While it did not give any weight to Phillips’ argument that a claim implicating a law of the United States may never be subject to contractual provisions governing disputes between parties, the court nevertheless found that, on the facts of the case before it and based on the language used in the contract, the forum selection clause had no bearing on Phillips’ right to pursue his copyright claims in any appropriate forum. The songs alleged to have been infringed by the music companies were authored and recorded by Phillips, making him, absent a valid assignment to another party, the owner of the copyright therein, regardless of anything contained in the contract. The defendants clearly could raise the contract terms as a defense against Phillips’ copyright claims, but the source of those claims – where it is that they “arise out of” – is the Copyright Act, not the contract.

The case serves as a useful reminder that a contract drafter who treats any “ordinary” or “boilerplate” provision as a given does so at his or her peril. While the opinion did not specify which party was responsible for drafting the contract, it was likely one or more of the defendant music companies (since it was Phillips who was objecting to litigating his claims in England). Those companies (or their lawyer) likely could have avoided the outcome of the case either by including some measure of specificity in the choice of law or by simply rewording it to include Copyright claims.

You can read the Phillips opinion here.

Late in the day on July 19, the U.S. Senate Judiciary Committee gave its approval to an amended version of the Patent Reform Act of 2007. The Senate action came a day after the U.S. House Judiciary Committee approved a substantively similar bill. While some differences between the House and Senate bills will need to be resolved in conference, passage and enactment of the legislation at this point seems to be much more likely than in years past when similarly extensive overhauls to the nation’s patent laws have been proposed.

Both versions of the Act attempt to curb the frequency of patent lawsuits both by replacing the current “first to invent” standard with a “first to file” patent system, as well as by establishing a “post-grant opposition” authority within the Patent & Trademark Office itself to address and resolve challenges to newly awarded patents. The bills also would restrict permissible venue options for patent litigants to avoid forum-shopping, would increase the factual showing required of claimants in order to prove a case of willful infringement and, thus, treble damages, and would allow courts to award damages based on a patent’s “contribution” to an infringing product’s market demand (which, as an aside, might address the scope of damages for patent infringement, but also would raise an astoundingly complex fact issue).

Recent Congressional action notwithstanding, support for the legislation, as with all attempts at patent reform, remains mixed. Those who invest heavily in research & design, such as pharmaceutical companies and technology licensors such as Qualcomm, have opposed the reforms as an attempt to weaken their ability to protect their intellectual property. On the other hand, technology manufacturers like Apple and most software publishers have supported the reforms as welcome relief from the high volume of patent litigation that tends to flow from products that incorporate a high volume of technological concepts or components.

It remains to be seen whether Congress will be able to work out the differences between the two versions and send a final bill to the White House that the President will be willing to sign. However, the mere fact that the legislation has made it this far means that this is a reform attempt well worth watching.

The Senate version of the Act is available here, the House version here.

No doubt much to its chagrin, Google has found itself at the receiving end of a number of lawsuits internationally in recent years alleging that the search engine behemoth should bear some level of liability when companies use its AdSense pay-per-click advertising system to infringe other businesses' trademarks or otherwise allegedly mislead consumers.
Now, no doubt to its even greater chagrin, Google is for the first time having to defend itself against somewhat similar charges brought by at least one government regulatory agency.

On July 12, the Australian Competition and Consumer Commission (ACCC) announced that it instituted legal proceedings against Google as well as an Australian company that used two competitors' business names in pay-per-click ads published through AdSense in 2005. The ACCC specifically has alleged that Google violated Title 52 of the Australian Trade Practices Act of 1974 by "causing the [allegedly deceptive] links to be published on its website" and by "failing to adequately distinguish sponsored links from 'organic' search results." While the suit does not seek any monetary penalty, the ACCC is asking the Sydney Federal Court, among other things, to enjoin Google "from publishing sponsored links of advertisers representing an association, sponsorship or affiliation where one does not exist" and also "from publishing search results that do not expressly distinguish advertisements from organic search results."

While I make no predictions as to whether this lawsuit might prove to be a catalyst that leads to similar actions being instituted in other countries, I think that this should be a interesting case to watch, especially for those interested in search engine optimization. If those in charge at Mountain View decide that the risk of future legal proceedings outweighs the cost of re-tooling their advertising machine, we might see a different-looking Google in years to come.

You can read the ACCC's press release regarding the lawsuit here.

A recent Government Accountability Office report has provided some interesting new statistics regarding the effects of data breaches on victims. The gist of the report (available here) is helpfully summarized in its title: “Data Breaches are Frequent, but Evidence of Resulting Identity Theft is Limited; However the Full Extent is Unknown.” The GAO found that there have been what would seem to be a distressingly high total number of reported breaches in recent years, including 570 breaches reported in the public media from 2005 to 2006, 788 breaches involving 17 different federal agencies 2003 to 2006, and 225 reported breaches in New York State alone in the ten months from December 2005 to October 2006. However, despite such figures, the number of known cases of identity theft resulting from data breach has been relatively low. As an example, the report states:

“…our review of the 24 largest breaches that appeared in the news media from January 2000 through June 2005 found that 3 breaches appeared to have resulted in fraud on existing accounts, and 1 breach appeared to have resulted in the unauthorized creation of new accounts. For 18 of the breaches, no clear evidence had been uncovered linking them to identity theft; and for the remaining 2, we did not have sufficient information to make a determination.”

However, the report also reminds its audience of the challenge involved in measuring the effects of data breach on victims, since those victims often are unaware that the security of their personally-identifiable information has been compromised and since many criminally-inclined recipients of lost or stolen data often wait for a year or more before attempting to make any use of the information.

The report makes no official recommendations, though it does emphasize the need for Congress, in considering the various potential federal data breach notification bills before it, to weigh the benefit of any such legislation against the cost of compliance, both in terms of the financial impact to business as well as the risk that consumers might begin to disregard breach notices if they become too numerous.

None of this should sound terribly shocking to anyone who follows this issue, although the release of the GAO report likely will make lawmakers feel more justified in taking even more time to make a decision with regard to a federal data breach law. That may be a good thing, to the extent that further deliberations might help Congress to formulate a risk-based approach that is not unnecessarily onerous for the businesses that would have to comply with the statute. However, the longer the issue is left unresolved, the longer those same businesses will be left scratching their heads trying to follow the patchwork quilt of state data breach laws or risking their necks being early adopters of umbrella rules or perceived trends in best practices.

Businesses accused of software “piracy” by publishers or trade associations usually are most concerned about their potential exposure in copyright fines, should their dispute proceed to litigation. A recent Sixth Circuit case suggests that statutory damages awards in such cases legally can reach levels that may represent windfalls for prevailing plaintiffs, far outstripping the amount of their actual damages.

In Zomba Enterprises, Inc. v. Panorama Records, Inc., 2007 WL 1814319 (June 26, 2007), the Circuit Court reviewed a trial court’s decision to award a total of $804,000 in statutory damages for what it found to be the defendant’s willful infringement of twenty six copyrights. (In copyright cases, plaintiffs may elect to ask the court either for their actual damages, for which they must present evidence to support the amount claimed, or statutory damages, which is an amount set in the trial court’s discretion between $750 and $30,000 for non-willful infringement and up to $150,000 for willful infringement, per copyright infringed). The defendant in the case was a manufacturer of karaoke discs who had published some karaoke tracks without the consent of the original songs’ copyright holder. On appeal, the defendant argued that the amount was unconstitutionally high, in violation of its substantive due process rights, because the plaintiff’s estimated actual damages totaled only approximately $18,457.92 in lost licensing fees, or about 2.27% of the statutory damages award. The Circuit Court rejected this argument, in part relying on the 1919 Supreme Court case of St. Louis, I.M. & S. Ry. Co. v. Williams, 251 U.S. 63. The Williams case involved a claim by two sisters who were awarded $75 apiece against a railroad under a state statute providing statutory damages for ticketing overcharges. The Supreme Court there held that even though the amount awarded to the sisters was about 113 times the amounts they were overcharged, this did not constitute a violation of the railroad’s due process rights. Disregarding the substantial dissimilarity between the fiscal significance of $75 to a railroad in 1919, on the one hand, and nearly $1 million (including attorney’s fees and costs), to a medium-sized business today, the Sixth Circuit held that the case represented persuasive precedent that the statutory damages award in Zomba should stand.

The facts of Zomba differ considerably from those of many cases involving allegations of software “piracy.” The Zomba defendant was familiar with the entertainment industry and, though it claimed to have been unaware of the need to obtain permission to re-record songs for karaoke discs (even going so far as to claim, amusingly, that such use had an “educational” purpose, thus constituting fair use), it also apparently continued to infringe the copyrights at issue after having received both a cease-and-desist letter from the plaintiff as well as an injunction from the trial court. However, there is always a risk that what seems like a less egregious case of infringement will be read by a trial court much more harshly than initially expected, resulting in substantial costs to a losing defendant. The Zomba case suggests that it makes good sense for a business accused of “piracy” to at least be mindful of the worst-case scenario, and let an experienced attorney work to close the gap between disaster and a more reasonable resolution.

Recently, the Coalition Against Counterfeiting and Piracy (CACP), a group consisting of heavy-hitting IP stakeholders, such as the Recording Industry Association of America, the Business Software Alliance (BSA), the Software and Information Industry Association (SIIA), and the U.S. Chamber of Commerce, announced its intent to push for rapid improvements in what it perceives to be universally lax enforcement of U.S. laws protecting IP rights. At a news conference on Thursday, June 14, the CACP, through its Chairman, NBC Universal general counsel Rick Cotton, announced that under this "aggressive, comprehensive" effort, the CACP would seek to increase resources for governmental investigation and enforcement of criminal IP laws, to "reform civil and judicial process" (whatever that means), and to educate consumers.

Generally speaking, few would quarrel with the notion that intellectual property is a valuable and important property interest, fully deserving of strong protection. However, in announcing this new, altruistically-titled "Campaign to Protect America," Mr. Cotton verbally expressed a degree of fanaticism that is, in practice, characteristic of many industry organizations that cite to the public interest to justify their sometimes indiscriminate targeting of alleged IP infringers. Mr. Cotton said:

Our law enforcement resources are seriously misaligned...If you add up all the various kinds of property crimes in this country, everything from theft, to fraud, to burglary, bank-robbing, all of it, it costs the country $16 billion a year. But intellectual property crime runs to hundreds of billions a year.

At least Mr. Cotton was kind enough to limit his generalization to "property crimes."

Statements like these should make clear to any business targeted and accused of "piracy" by organizations such as the BSA or the SIIA that the IP "defenders" are more likely to be interested in making examples of their targets, rather than reaching a solution that truly accounts for all the facts (not the least of which is the usually confusing and even deceptive way that software publishers in particular undertake to license and market their content). If your business has been accused of "pirating" software, it is immensely important that you know whom you are dealing with before you divulge any information or sign any agreement.

A copy of the CACP’s press release can be found here.

Most protections afforded to intellectual property (IP) are available only after the property is in the public realm. For instance, trademarks must be used in commerce to identify products and services offered to consumers. Creators of original works generally must publish or register those works before they may enjoy any meaningful copyright protections. More significantly, prospective patent holders must not only submit their inventions to the scrutiny of the patent process, ultimately resulting in a publicly accessible record of every last detail concerning that invention's construction and use, they also must be willing to see their exclusive rights in that invention vanish upon the expiration of the patent. While patent holders do obtain a large measure of predicable certainty regarding the remedies they have available to protect their inventions, in many cases, the high cost (both substantive and procedural) of obtaining those protections may represent a poor investment, depending on the type of IP to be protected. In those cases, owners might find a more appropriate IP regime under trade secrets law.

In effect, a trade secret operates as a kind perpetual patent; the owner potentially can use the secret for his or her own commercial benefit forever. Moreover, almost anything can be a trade secret, while the availability of trademark, copyright or patent protection may be limited based on the nature of the IP at issue. However, "forever," with respect to trade secrets, may be roughly translated as: "for as long as you can keep it." Unlike with patents, where a fairly complex, federal statutory regime usually provides most of the protection afforded to patent holders, those who intend to protect their inventions as trade secrets must be willing to do more of the heavy lifting themselves, using, in the United States, two primary tools: state law and contracts.

Most states have enacted trade secrets legislation - usually modeled on the Uniform Trade Secrets Act - under which an owner of a trade secret may obtain injunctive relief to prevent another from misappropriating that secret by acquiring or using it without the owner's consent. The Trade Secrets Act also gives the owner the opportunity to seek civil damages arising out of such misappropriation, as well as attorney's fees. However, in many cases, an owner's resort to such statutory protection will represent a failure of the owner's front-line trade secrets defenses: his contracts and internal policies.

The key to effective trade secrets protection lies in addressing those secrets with a holistic set of internal policies regarding their use and with a well-crafted set of contractual agreements designed to restrict the ability of a third party to misappropriate them. Internally, access to the existence or details of a trade secret should be clearly limited by internal policies to only those employees who need to have such access, and those policies themselves must be crafted in such a way as not to attract unnecessary (or, sometimes, any) attention to the secrets they should be designed to protect. Moreover, a trade secrets owner must always be mindful of the extent to which any vendors or contractors or even customers are allowed to access those secrets, and it should include enforceable provisions in contracts with such parties to protect its interests. Finally, a trade secrets owner needs to include a comprehensive set of protections in its employment agreements, which should provide, within the bounds of what is permitted in the owner's jurisdiction, that work completed by employees in the course of their employment constitutes property of the employer and that those employees will remain bound to the terms of specified non-disclosure agreements and non-compete covenants during the course of, and for a period of time following, the term of their employment. What is and is not legally permissible with respect to such clauses usually varies from state to state.

It is worth noting that most of these same protections are good ideas for patent holders as much as they are for trade secrets owners. With trade secrets, though, while the owner must devote more vigilance to the implementation and enforcement of such protections, it need not necessarily undertake the considerable initial expense to obtain the protection in the first place.

Whether it makes sense to construct a comprehensive trade secrets protection regime for your IP will depend on your willingness to commit to full implementation and enforcement, and that willingness may itself depend on the type of property at issue. If that property likely will become obsolete within the patent term (generally, 20 years) just by virtue of the market in which it competes, then it may make more sense to seek protection from other sources. If that is not the case, though, trade secrets protection could be the most appropriate means of protecting your IP.

On May 14, 2007, the office of the U.S. Attorney General transmitted a legislative proposal to U.S. House Speaker Nancy Pelosi that would represent one of the most significant overhauls of federal copyright law in recent years. Most of the proposal’s provisions work to expand the scope of the statute and include more tools to combat criminal copyright violations. However, one provision in particular would represent a significant new weapon for those who target businesses for copyright litigation based on software use. The proposed modification to 17 U.S.C. § 503(a) is underlined below:

At any time while an action under this title is pending, the court may order the impounding, on such terms as it may deem reasonable, of all copies or phonorecords claimed to have been made or used in violation of the copyright owner’s exclusive rights, and of all plates, molds, matrices, masters, tapes, film negatives, or other articles by means of which such copies or phonorecords may be reproduced, and records documenting the manufacture, sale, or receipt of things involved in such violation. The court shall enter an appropriate protective order with respect to discovery by the applicant of any records that have been seized. The protective order shall provide for appropriate procedures to assure that confidential information contained in such records is not improperly disclosed to the applicant.

The potential for this or similar legislative proposals to affect the operations of your business makes it even more important to ensure that all records regarding software license purchases and installations are readily available, or at least easy to retrieve. Such pro-active organization on your part not only makes good business sense, it also greatly facilitates the software audit process for those destined to receive letters from the Business Software Alliance or the Software & Information Industry Association (as are an ever-increasing number of U.S. businesses)…and it might help to avoid some of the harsher remedies that the future may hold under the Copyright Act.

A copy of the legislative proposal may be found here.

Currently, businesses responding to a breach of their customers’ personal information must consult a patchwork of state laws to determine what steps they are required take to mitigate the damage, including whether and to what extent they must notify those customers that their information may have been compromised. There is not yet a federal privacy statute applicable to such situations. (More information regarding the present state of the law on this issue can be found here.)

However, since all of the alternative legislation now pending in Congress would preempt state laws to one degree or another, it makes sense for companies to begin to familiarize themselves with the direction that Congress might be heading in this regard in order to ensure early and full compliance with whatever rules Washington ends up enacting. The various privacy bills still pending in the House and Senate described in the article referenced above are a good place to start. In addition, though, on April 30, 2007, Congress received a report on a study conducted by the U.S. Government Accountability Office (“GAO”) in order to assess the government’s own response to data breaches. While the stated aim of the study was to help federal agencies improve their ability to respond to such incidents, the basic framework of the GAO’s policy recommendations incorporates many concepts found in pending federal and enacted state legislation, and it is therefore easy enough to translate to a business context. To the extent that the report will return congressional attention to the issue of data security, it should be a useful resource for businesses wanting to begin early implementation of internal procedures that likely will not be too far from the mark, once a final federal rule is enacted and becomes effective.

Many of the GAO’s policy recommendations will sound familiar to those who have some experience with existing data security regulations and best practices. Among other measures, the report recommends: a “two-tiered” approach to incident reporting, where all incidents are reported to a designated, responsible government office, with only those entailing a risk of identity theft being reported to the affected individuals; the designation of a “core management group” to be responsible for quickly responding to incidents; the implementation of mechanisms to allow for the efficient retrieval of addresses of potentially-affected individuals for notification purposes; and taking steps to ensure awareness and training on data security issues. both among internal staff as well as among contractors.

The full report may be obtained here.

JP Morgan Chase recently received an unwanted reminder that information security demands attention to more than just the data residing on network hard drives and digital media. “Protestors” from the Service Employees International Union (“SEIU”) filmed themselves sifting through trash in dumpsters outside several New York City Chase Bank branch locations and apparently finding numerous, un-shredded customer financial statements in trash bags awaiting pickup. (The SEIU has been in a dispute with Chase regarding the bank’s use of non-union security employees.) The video quickly achieved notoriety after being posted on YouTube.com here.

While the video might have been more clearly damning if it had included footage of Chase employees actually dumping the bags, regardless of its weight, it serves as a valuable reminder to all businesses maintaining sensitive customer records that information security does not begin and end with electronic data. Clearly, no IS policy is complete unless it includes provisions for the proper collection, handling, storage and disposal of paper records containing private information. Chase has stated that it has reached out to the SEIU for information regarding the records appearing in the video and that it is investigating whether and/or the extent to which its employees may have violated its internal IS policies.

The consequences for failing to adequately protect against loss or theft of personal customer data are becoming increasingly severe. Expenses associated with information security breaches can and often do include the costs to notify and assist affected persons, loss of customers, litigation and consulting costs, regulatory fines, and diminution of stockholder share value. In Chase’s case, if the video footage does in fact end up being evidence of a failure on the company’s part to effectively enforce the paper record disposal policies it says it has, then it is not difficult to imagine that the number of affected customers – and Chase’s potential loss exposure – could be quite high indeed.

For more information regarding the consequences of data breaches, you can obtain a copy of a recent national survey on that subject commissioned by Scott & Scott, LLP and independently conducted by the Ponemon Institute by clicking here.

Increasingly, generally-accepted industry standards and best practices seem to be saving our legislators much of the detail work when it comes to enacting laws pertaining to technical or otherwise complex fields. For instance, we know that the internal control framework disseminated by the Committee of Sponsoring Organizations of the Treadway Commission (thankfully, generally shortened to “COSO”) is identified by name by the U.S. Securities and Exchange Commission as a standard that businesses may use to achieve compliance with the rigorous internal control evaluation and disclosure requirements contained in the Sarbanes-Oxley Act of 2002 and related regulations.

Now, legislation proposed in Texas goes one step further and stops just shy of naming an industry standard by name in the text of a bill designed to ensure the security of personal data stored in portable “access devices,” such as credit cards. Texas House Bill No. 3222 contains the following provisions:

A business that, in the regular course of business, collects, maintains, or stores sensitive personal information in connection with an access device must comply with payment card industry [“PCI”] data security standards [“DSS”].

…[and]…

A financial institution may bring an action against a business that is subject to a breach of system security if, at the time of the breach, the business is [not in compliance with PCI DSS].

The bill goes on to provide that a business may avoid a lawsuit brought under the statute if the business was certified by a “[PCI]-approved auditor” as being in compliance with PCI DSS at least 90 days before the date of a security breach. However, if the business was not in compliance, and if the lawsuit moves forward, the business may end up having to pay the financial institution’s “actual damages” – including costs incurred in connection with “cancellation or reissuance of an access device affected by the breach,” “closing of a deposit, transaction, share draft, or other account affected by the breach and any action to stop payment or block a transaction with respect to the account,” “opening or reopening of a deposit, transaction, share draft, or other account affected by the breach,” “refund or credit made to an account holder to cover the cost of any unauthorized transaction related to the breach,” and “notification of account holders affected by the breach” – in addition to the financial institution’s attorney’s fees. Obviously, for even a moderately large breach of, for example, credit card account information, the potential penalties flowing from this legislation for noncompliance with PCI DSS could be staggering.

The interesting part of this for me, though, is the bill’s almost express naming (but for the initial capital letters) of a specific industry standard – the Data Security Standard published by the Payment Card Industry Security Standards Council – to substitute for a detailed description of the actions a business must take to be in compliance with the law. Businesses should expect to see ever more numerous examples of this sort of legislation in coming years, making familiarity with and early adoption of generally-accepted business standards all the more advisable.

You can read the full text of HB 3222 here.

In addition, you can download a free copy of the PCI DSS here.

My last two entries discussed, respectively, the ISO 19770-1 Organizational Management Processes and Core Processes for SAM. Last in the series is the “Primary Process Interfaces for SAM” subset, which consists of processes specifically related to management and review of the software lifecycle itself. As such, it is designed to align SAM requirements with lifecycle processes specified in ISO 12207 (defining tasks required for developing and maintaining software) and ISO 20000 (defining tasks required for effective service management).

The lifecycle processes specified in ISO 19770-1 are designed to allow an organization first to identify and manage software changes at a fairly high level and then to specify the details of each “waypoint” in the software lifecycle identified in the standard. Those waypoints progress fairly logically from acquisition and development, to release and deployment, to incident and problem management, and finally to retirement.

As with all of the other processes specified by ISO 19770-1, it is important to keep in mind that the word “specified,” when it comes to this standard, is somewhat of a term of art. ISO 19770-1 lists out the process that an organization should implement and the goals that the organization should have in mind in doing so. However, it leaves the specifics of implementing those processes up to the organization seeking to achieve compliance. There are no ISO 19770-1-approved checklists or schedules included with the standard itself, leaving each organization more or less free to tailor the processes to its own unique set of demands and resources.

You can obtain a copy of the standard here. As I write this, the price is CHF 108.00, which translates into about $90 USD.

In my last entry, I gave an overview of the ISO 19770-1 Organizational Management Processes for SAM. Next in line are what the standard terms its “Core SAM Processes.”

The ISO 19770-1 Core SAM Processes are divided into three process subsets: (1) those pertaining to SAM Inventory Processes, which include processes specific to software asset verification, inventory management, and control; (2) those pertaining to SAM Verification and Compliance Processes, which include processes specific to software asset record verification and security compliance, software licensing compliance, and conformance verification; and (3) those pertaining to Operations Management and Interfaces for SAM, which include processes specific to the management of third-party relationships and contracts, finances, service levels, and IT security.

The Inventory and Verification and Compliance processes together constitute the “meat” of ISO 19770-1 – those most directly related to assessment of an organization’s ownership and proper use of software assets. Unsurprisingly, the SAM Inventory Processes are those that allow an organization to know what software assets it owns and how efficiently it is using those assets. This is an obvious early step to SAM implementation under ISO 19770-1 or any other relevant standard. Without an appreciation for and up-to-date records regarding the assets to be managed and any changes to those assets, the management process is going to be a valueless one for the organization. Closely aligned with core SAM inventory processes are those related to Verification and Compliance. These processes ensure that the assets inventoried under ISO 19770-1 are used within the bounds of applicable organizational policies and contractual obligations, and also according to the ISO 19770-1 standard itself.

The Operations Management Processes and Interfaces of ISO 19770-1 consist of management functions that help an organization to efficiently and effectively implement the core Inventory and Verification and Compliance processes. This subset ensures that everyone influencing the SAM process – vendors, suppliers, budget managers, and responsible staff – provide their respective inputs in a manner that is standardized, reportable, and secure. This allows those ultimately responsible for effective SAM implementation to maintain a clear view of the organization’s current SAM status and opportunities for improvement.

In my last entry, I gave an overview of the ISO 19770-1 Organizational Management Processes for SAM. Next in line are what the standard terms its “Core SAM Processes.”

The ISO 19770-1 Core SAM Processes are divided into three process subsets: (1) those pertaining to SAM Inventory Processes, which include processes specific to software asset verification, inventory management, and control; (2) those pertaining to SAM Verification and Compliance Processes, which include processes specific to software asset record verification and security compliance, software licensing compliance, and conformance verification; and (3) those pertaining to Operations Management and Interfaces for SAM, which include processes specific to the management of third-party relationships and contracts, finances, service levels, and IT security.

The Inventory and Verification and Compliance processes together constitute the “meat” of ISO 19770-1 – those most directly related to assessment of an organization’s ownership and proper use of software assets. Unsurprisingly, the SAM Inventory Processes are those that allow an organization to know what software assets it owns and how efficiently it is using those assets. This is an obvious early step to SAM implementation under ISO 19770-1 or any other relevant standard. Without an appreciation for and up-to-date records regarding the assets to be managed and any changes to those assets, the management process is going to be a valueless one for the organization. Closely aligned with core SAM inventory processes are those related to Verification and Compliance. These processes ensure that the assets inventoried under ISO 19770-1 are used within the bounds of applicable organizational policies and contractual obligations, and also according to the ISO 19770-1 standard itself.

The Operations Management Processes and Interfaces of ISO 19770-1 consist of management functions that help an organization to efficiently and effectively implement the core Inventory and Verification and Compliance processes. This subset ensures that everyone influencing the SAM process – vendors, suppliers, budget managers, and responsible staff – provide their respective inputs in a manner that is standardized, reportable, and secure. This allows those ultimately responsible for effective SAM implementation to maintain a clear view of the organization’s current SAM status and opportunities for improvement.

Software is a business asset.

That statement may be so obvious to you that my writing it seems a waste of bandwidth. However, many businesses nevertheless have been “late to the dance” when it comes to effective management of that business asset. While they may rigorously record and catalog the details of their IT hardware and infrastructure, they often fail to pay anything close to the same level of attention to the programs powering those assets.

To a certain extent, that is perhaps unsurprising, since software is a very different kind of asset. Where businesses usually own their network hardware outright, most software use is dependent on the details of a license agreement with the software publisher. Where hardware is relatively easy to safeguard from external dangers, the threats to software are constantly evolving and require similarly constantly evolving strategies to thwart them. Where there is no appreciable risk that a business’ employees are going to bring stolen network switches to work for their personal use, it can be very difficult to keep employees from installing and using pirated or otherwise unlicensed software on company computers.

However, just because software asset management (“SAM”) is a challenge does not mean that business may be (or should want to be) excused from rising to it. Considering the high costs associated not only with software licensing but also with the effort that must be spent to “fix” software-related problems when they occur, businesses simply cannot afford to have ineffective (not to mention missing) SAM tools at their disposal.

With that fact in mind, the International Organization for Standardization (“ISO”) and the International Electrotechnical Commission (“IEC”) released International Standard 19770-1 on May 1, 2006. Standard 19770-1 “establishes a baseline for an integrated set of processes for [SAM].” The standard divides the processes into three main categories – Organizational Processes, Core SAM Processes, and Primary Process Interfaces.

The ISO 19770-1 Organizational Management Processes for SAM are divided into two process subsets: (1) those regarding the SAM Control Environment, which include processes specific to corporate governance as well as organizational roles and responsibilities, policies and procedures, and assurance of competence with regard to SAM; and (2) those regarding SAM Planning and Implementation, which, predictably, include processes specific to planning, implementation, monitoring and continual improvement of SAM.

The key “message” of the Control Environment processes is that effective SAM is impossible without input and support from an organization’s corporate officers, who ultimately are the ones responsible for clearly defining the organizational roles, responsibilities, policies and procedures regarding planning and implementation of SAM. Officers are uniquely situated within an organization not only to oversee the big-picture implementation of effective SAM, but also to objectively assess the risks of incomplete or uninitiated SAM. Therefore, naturally, it must be the officers who select the individuals to execute SAM within the organization, and it must be the officers who approve the initiatives those executives undertake. ISO 19770-1 makes clear that, unless the officers become interested stakeholders, the SAM process will go nowhere.

Once the “captains” for an organization’s SAM efforts place themselves in charge of those efforts, they must make sure that the organization has a useful and standardized “playbook” to guide the SAM process and to prevent the need for micro-management. The SAM Planning and Implementation processes in ISO 19770-1 let the captains know what needs to go in that playbook. As with many ISO standards, one of the goals of ISO 19770-1 is to promote a set of processes that to a large extent implement themselves. While the ISO 19770-1 standard speaks in terms of “SAM owners” – those responsible for the management of one or a set of discrete SAM processes – the processes that an organization implements under ISO 19770-1 are standardized, cross-linked with other SAM processes, and tied by cross-reference to the ISO standard itself. Once implemented correctly, SAM under ISO 19770-1 should exhibit a cost-benefit ratio much lower than might be expected.