Technology Continues to Test The Bounds of Copyright Law

The Internet is an unprecedented source of disruption. From retail services (e.g. Amazon) to media and entertainment, almost every industry has been forced to rethink its business model due to the accessibility, ubiquity and democratizing force of the Internet. Aereo was positioned to disrupt the traditional media distribution model by giving consumers greater control over what were otherwise “free” over-the-air transmissions.

The Aereo service was premised on the idea that consumers should be able to watch and record over-the-air broadcast television programming via the Internet. Major broadcast networks that owned the content made accessible through Aereo challenged the model on the grounds that Aereo was violating the exclusive “public performance” right guaranteed by the Copyright Act.

Copyright law provides copyright owners six exclusive rights. One of those rights is the exclusive right to publicly perform the copyrighted work. Because this right is a statutory construct, one must look to the statute to determine its meaning. To “perform” and to perform “publicly” means “to transmit or otherwise communicate a performance or display the work to a place … or to the public, by means of any device or process, whether the members of the public capable of receiving the performance or display receive it in the same place or in separate places and at the same time or at different times.”

While many reacted by asking whether the case would stifle innovation and have a chilling effect on start-ups, this case does highlight the increasing tension between technological advances and copyright law.

From a practical standpoint, one need not be alarmed about the impact of the decision on most types of innovation. For one thing, the Court went to some lengths to craft a reasonably narrow decision, which applies only to broadcast TV retransmitted over the Internet.

As with any type of innovation, there are different types of risk. On the one hand, there is technology risk: the risk that whatever technology is necessary for some business plan simply won’t work. On the other hand, there is legal risk, highlighted by the Aereo decision: the risk that the entrepreneur’s interpretation of some act or case law won’t ultimately prevail. That’s what happened to Aereo.

As an IP lawyer, I am somewhat perplexed. It is hard for me to understand why Aereo made such a bold move. However, at least the district court agreed with Aereo’s interpretation.

Do you work with start-up companies and need a basic understanding of the various intellectual property issues that can arise?

I will be co-presenting in this online seminar that will help you:

  • understand the trademark and copyright problems your client may encounter with branding;
  • learn how to protect your client’s branding once established;
  • familiarize your practice with patents, including what they protect, timing, and strategies to prevent inadvertent loss of patent rights before filing the application;
  • understand trade secrets and the importance of non-disclosure and confidentiality agreements;
  • recognize intellectual property issues relating to technology, including open source code and the cloud;
  • establish a proactive approach toward intellectual property ownership between cofounders, employees, and vendors; understand business names, domain names, promotional issues, and website content concerns.

The program qualifies for 1.5 hours MCLE credit.

I would like to personally invite you to attend the upcoming Law Ed program titled, “Identifying Intellectual Property Issues in Start-Ups,” which I will be co-presenting via live webcast on Tuesday, May 27th.

Presented by the ISBA Business Advice and Financial Planning Section

Co-Sponsored by the ISBA Intellectual Property Section

Privacy Law Update: California “Do Not Track” 

Two California laws went into effect at the beginning of the year that  require additional notifications to consumers.  The California Online Privacy Protection Act (“CalOPPA”) requires that web sites, mobile apps and other online services available to California residents (in reality anyone with a web site that may be accessed by a CA resident) post a privacy policy that gives notice to consumers regarding behavioral or interest-based advertising practices (“OBA”).

Disclosures must explain:
1. If a web site operator allows other parties to use tracking technologies in connection with the site or service to collect certain user data over time and across sites and services; and
2. How it responds to browser “do not track” signals or other mechanisms designed to give consumers choice as to the collection of certain of their data over time and across sites and services

In addition, the “California Shine the Light Act” requires that companies (except non-profits and businesses with less than 20 employees) collecting broadly defined personal information from California consumers on or offline either: (a) give consumers a choice as to the sharing of that information with third parties (including affiliates) for direct marketing purposes; or (b) provide notice of, and maintain, a method by which consumers can annually obtain information on the categories of information disclosed the names and addresses of the recipients of that data, and a description of the recipients’ business.

If an e-commerce service offers tangible goods or services, or vouchers for them, to California consumers, it must give certain notices to consumers, including how they can file a complaint with the CA Department of Consumer Affairs.

Are you  concerned about how to disclose how your service responds to “Do Not Track” signals or similar tools and settings, and whether third parties are permitted to collect personally identifiable information about consumer online activities over time and across different websites when a consumer uses that online service? We may be able to help. We can review your policies, your information gathering and sharing practices, and advise on whether there is room for improvement.

Please contact us for a no-fee consultation.

At the end of August, the California passed an amendment to the California Online Privacy Protection Act that will require commercial websites and services that collect personal data to disclose how they respond to Do Not Track signals from Web browsers.

AB 370, as introduced by California Assemblyman Al Muratsuchi, requires a business that discloses a customer’s personal information to a third party for direct marketing purposes to provide the customer, within 30 days after the customer’s request, as specified, in writing or by e-mail the names and addresses of the recipients of that information and specified details regarding the information disclosed.

This bill, available here, would declare the intent of the Legislature to enact legislation that would regulate online behavioral tracking of consumers.


A presentation on what goes into creating original designs and how these differ from copycats.

WHERE: Decoration & Design Building, J. Robert Scott Showroom, Suite 220

WHEN: Wednesday, October 2,2013 !2 p.m.

WHAT: From film to fashion, creative industries are taking steps to protect and promote original work. Designers and manufacturers need to know what steps they can take to protect their designs, their businesses, and their profits. The discussion will address issues related to how to protect original design (copyright & design patent) and the manufacturers (trademark, unfair competition).

WHO:

INTERIORS Magazine Editorial Director Michael Wollaeger

J. Robert Scott Founder Sally Sirkin Lewis

Designer Laura Kirar [Web Site]

Intellectual Property lawyer David Adler

Showroom reception to follow.

 

Download the full Fall Decoration & Design Building Market Brochure Here.

Enacted by Congress in 1986, the Computer Fraud and Abuse Act (CFAA) builds upon existing computer fraud law (18 U.S.C. § 1030). Initially, the CFAA was intended to limit federal jurisdiction to cases “with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.” Notably, the CFAA criminalized certain computer-related acts such as distribution of malicious software code, propagating denial of service attacks as well as trafficking in passwords and similar items. Recently, the CFAA has gained prominence as a bludgeon used to prosecute a wide-range of activities, some broadly labelled “hacking” and other stretching the boundaries of “unauthorized” computer access.

Two recently introduced bills, one by Representative Zoe Lofgren (D-CA) in the House and one by Senator Ron Wyden (D-OR) in the Senate aim to amend the CFAA in hopes of ameliorating application of the CFAA to claims of breach of terms of service, employment agreements. Additionally, with the nickname “Aaron’s Law,” they also seek to limit what some see as the CFAA’s tendency to allow for overzealous prosecution that they claim characterized Aaron Swartz’s case.

In short the bills would amend the meaning of “exceeds authorized access,” changing it to “access without authorization,” which is defined to mean:

“to obtain information on a protected computer”;
“that the accesser lacks authorization to obtain”; and
“by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information.”

For a well-documented discussion of the application and boundaries of the CFAA, check out the Electronic Frontier Foundations Legal Treatise on civil and criminal cases involving the Computer Fraud and Abuse Act here.

As businesses become ever more dependent on digital assets and systems, a working knowledge of the legal and regulatory framework that defines and protects those assets is paramount.

If you or your executive teams has questions about securing and protecting digital assets, please feel free to contact David M. Adler for a free consultation. LSGA advises a wide range of businesses on creating, protecting and leveraging digital assets as well as computer, data and information security and privacy.

Please tweet, comment on, and forward is article!

David M. Adler | Leavens, Strand, Glover & Adler, LLC
203 North LaSalle Street, Suite 2550
Chicago, Illinois 60601
Direct: (866) 734-2568
Direct Fax: (312) 275-7534
http://www.lsglegal.com
http://www.ecommerceattorney.com

*2012 Illinois Super Lawyer http://bit.ly/gFfpAt

Twitter: http://twitter.com/#!/adlerlaw
LinkedIn: http://linkedin.com/in/adlerlaw

Over the last few years privacy, and the lack of comprehensive protection, have made numerous headlines. From overly inquisitive mobile applications that fail to disclose how cell photo data is accessed and shared (Path) to handset manufacturers failures to properly inculcate privacy in the design and manufacturing process (HTC) to security lapses at government databases resulting in exposure of sensitive personal information (South Carolina), consumers, regulators and legislators are waking up to privacy issues.

Recent developments highlight the trend in Privacy

In the U.S. we lack a single comprehensive privacy law, although many state and federal laws address various aspects of collecting, storing and sharing personal information. In the absence of a single, over-arching, mandate, legislators and regulators are stepping into fill at perceived need.

GPS, Location & Privacy

The Geolocation Privacy and Surveillance (GPS) Act addresses use of location data by law enforcement. The bill (not yet law) requires police to obtain a warrant based on probable cause whenever it seeks “location information.” Unfortunately, the term “location information” is very broadly defined, does not distinguish requests for access based on the level of precision, time period, or whether the information is for past or future conduct.

Proposed Federal Privacy Standards

Two bills introduced this year aim to create a baseline level of privacy protection at the federal level. John Kerry (D-MA) and Sen. John McCain (R-AZ) introduced S. 799, the Commercial Privacy Bill of Rights Act of 2011, to create a regulatory framework for the comprehensive protection of personal data for individuals, enforceable by the Federal Trade Commission (FTC). Similarly, Rep. Cliff Stearns (R-FL) is promoting a Consumer Privacy Protection Act (H.R.1528), directed at consumers and focused on restricting the sale or disclosure of personal information.

FTC Protects Privacy Under Mantle of Consumer Protection

As a result of alleged data security failures that led to three data breaches at Wyndham hotels in less than two years, the Federal Trade Commission filed suit against hospitality company Wyndham Worldwide Corporation. The case against Wyndham is part of the FTC’s ongoing efforts to make sure that companies live up to the promises they make about privacy and data security.

Wyndham’s web site privacy policy claimed that, “We recognize the importance of protecting the privacy of individual-specific (personally identifiable) information collected about guests, callers to our central reservation centers, visitors to our Web sites, and members participating in our Loyalty Program …”

The FTC complaint alleges that Wyndham failed to maintain adequate and industry standard security measures by storing credit-card information in unencrypted format, allowing servers to remain unpatched, and failing to use firewalls.

The FTC alleges that these failures led to fraudulent charges on consumers’ accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia.

Most notably, the lawsuit will test whether the Federal Trade Commission has the jurisdiction to compel companies to provide a certain level of cybersecurity in order to safeguard consumer personal information.

Privacy Remains Top Concern

Many companies across many industries, financial services, higher education and healthcare, just to name a few, are facing a wide range of security and privacy concerns, scrambling to implement A defensible security framework and demonstrate compliance. It’s alarming, considering the significant consequences associated with not complying.

Organizations can lose contracts, customers and their reputation. That could put some out of business.

Compliance Preparation & Best Practices

Large organizations can spend many months and millions of dollars on compliance. Your business need not go to such extremes. To prevent getting caught by surprise and to prepare for the compliance journey, I’ve listed below some suggested best practices.

Periodic risk assessments. Evaluate potential damage and disruption caused by unauthorized access, use, disclosure, modification, or destruction of data or systems.

Policies and procedures. Incorporate procedures for detecting, reporting, and responding to security incidents, as well as business continuity plans.

Standardize. Set standards of acceptable information security for networks, facilities, and information systems.

Train Employees. Awareness training for employees, contractors, and other users of information systems is critical. Articulate the security risks associated with activities and define users’ responsibility for complying with policies and procedures.

Test & Evaluate. Periodic assessment of the effectiveness of information security policies, procedures, practices, and controls helps determine weak spots. At a minimum they should be conducted annually, according to Ford.

Respond & Repair. Have a pre-defined process for planning, implementing, evaluating, and documenting remedial actions designed to address legal, PR, HR and related risks in the event of a breach.

THIS IS NOT LEGAL ADVICE. The procedures outlined above are merely suggestions and there is no guarantee that implementation will reduce risk or mitigate liability.

Please contact Leavens, Strand, Glover & Adler at 866-734-2568 for a free consultation to learn how LSGA can help meet your specific needs.

Canadian Tech Startups More Focused on Revenue than a Big Exit

Techvibes (blog)
According to a PwC report released last week, fewer Canadian tech startups are looking for buyers in order to exit the market, choosing instead to find ways to reach their next growth stage and generate revenue in Canada.

Ben Franklin Technology Partners helps startups arrive.

Lehigh Valley Business
CyOptics, once a startup that received funding and help from Ben Franklin, is just one success story, according to Laura S. Eppler, director of marketing for Ben Franklin Northeastern Pennsylvania.

7 startup lessons from the film industry

Ventureburn
At first glance you might not think there is much in common between the film industry and tech startups. I’m here to tell you differently. Both industries have their own set of challenges, whether you’re starting out, or refining your craft/company.

Database Startup Clustrix Builds Up its Bankroll

Wall Street Journal (blog)
Tech watchers once considered the database market pretty stagnant, at least in terms of new technology and new entrants. Suddenly it is anything but that, with Clustrix a prime example.

1871 anniversary spotlights Chicago startup growth

Techli
Leaders of the Chicago startup community released figures Friday regarding the city’s start-up growth coinciding with the first anniversary of 1871, one of the city’s start-up incubators. “Over the last year, the tech community has really come together.

Biz Stone’s new mystery startup Jelly nabs ex-Twitter veteran Kevin Thau

The Next Web
Rumors about the move have been circulating since late last month and follows the announcement that Ben Finkel is also involved at Jelly as Christopher Isaac “Biz” Stone’s fellow co-founder and Chief Technology Officer.

A start-up’s cool solution to manage heat – The Business Times

Business Times (subscription)
Thermal management solutions for lithium-ion batteries are also exactly what Gcorelab, a local clean tech startup, specialises in. Gcorelab is developing what it calls a “small liquid-based thermal management system” for electric vehicles.

Bowei Gai: A Worldwide Crusade to Connect the Global Startup Community

Tech in Asia
Gai When you’ve been co-founder and CEO of Snapture Labs, held the same titles at CardMunch, Inc. and are currently founder and chief ambassador at World Startup Report, you tend to attract attention when you enter the tech and startup community.

Tech Startup Develops Two-Click Checkout. – Yahoo! Finance

Finance: ALBUQUERQUE, N.M., May 2, 2013 /PRNewswire/ — Tech start-up @ Pay released its first public Application Programming Interface (API) today.

Silicon Valley based high tech start up in the Golf business, developing a cool product, is looking to expand its team in different disciplines including R&D.

Intel Mobile Device

Intel Mobile Device (Photo credit: Frank Gruber)

On February 22, 2013, the FTC announced a settlement with HTC America over charges that HTC failed to use adequate “security by design” in millions of consumer mobile devices. As a result, the company is required to patch vulnerabilities on the devices which include #Smartphones and #Tablets. The settlement, the first action involving a mobile device manufacturer and the new “Privacy By Design” guidelines, sheds some light on the legal risks for mobile device manufacturers and, to some extent, mobile application developers.

The FTC alleged that HTC failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk. The resulting vulnerabilities posed risks to sensitive functionality, including the possibility that malware could send text messages, record audio, and install additional malware onto a consumer’s device.

Here are four key take-aways for mobile device manufacturers and application developers from the FTC’s complaint:

  1. provide your engineering (programming) staff with security training
  2. review or test your software on mobile devices for potential security vulnerabilities
  3. follow well-known and commonly accepted secure coding practices
  4. establish a process for receiving and addressing vulnerability reports from third parties

Smartphones and tablets are powerful, popular, and continue to find their ways into our personal and business lives. New mobile apps hit the market each day. In this fast-moving era of entrepreneurship and creativity, mobile device and app developers need to keep up with evolving privacy and security. Apps and mobile devices that tap into consumer data — including contact information, photos, and location to name a few — pose a heightened risk to digital snoops, data breaches, and real-world thieves.

Please contact us if you are interested in learning how to evaluate your mobile security and privacy risk or to help develop a “Privacy By Design” approach mobile app security.

Please comment, tweet and forward!

Image representing CloudFlare as depicted in C...

Image via CrunchBase

I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.

One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.

Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.

Here are the three things I learned about how you can protect yourself and others in your organization.

First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.

TIP NO. 1: Use a private, obscure email address for your more sensitive information.

Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.

TIP NO. 2: Back Up your digital life, early and often.

Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.

Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.

TIP NO. 3: Whenever possible enable two-factor authentication.

Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.

Please comment and follow!

 

Follow

Get every new post delivered to your Inbox.

Join 3,111 other followers

%d bloggers like this: