Earth: A Pit Stop to Mars?

Written by: Irram Khan

On September 27, 2016, Elon Musk, inventor and founder of SpaceX, revealed details on his plan to colonize Mars.[1] This endeavor is more than just a savvy actualization of a 1960s sci-fi novel—it’s  a significant advancement in human development and technology. The concept, however, is not new. According to National Geographic, the plan to conquer Mars has been in motion since at least the 1970s.[2] Musk’s latest move is reviving mainstream interest in space.  Even the Boeing CEO, Dennis Muilenburg, confidently declared at the most recent “What’s Next” innovation conference in Chicago, that Boeing will land the first person on Mars.[3] Although the journey to Mars sounds exciting, space travel faces some very real developmental issues here on earth, from a legal standpoint. For young lawyers and law students, however, this may be good news.

A fundamental concern is the regulation of rocket development. In the article, Space Lawyers Set the Rules for the Final Frontier, author John Bonazzo points out that the primary concern is the scrutiny of rocket invention, especially since different stages of development are governed by different government entities.  But this type of regulation is neither new, nor unexpected.[4]  Bonazzo explains that space travel has been regulated since at least 1959, and the United States—along with many other countries—recognizes the Outer Space Treaty of 1967.[5] The U.S. Department of State says the treaty was established long before space travel was actually achieved, as a way to prevent “a new form of colonial competition.”[6]

On the other end of the spectrum, the economic prospects of sending humans to Mars seem to be great. Bonazzo includes commentary from space lawyer and founder of a nonprofit technology policy think tank, Berin Szoka, who believes mining the Moon for resources, for example, could be a viable and lucrative business of its own.[7] The article also notes that space lawyer, James Dunston, even brokered a deal of the Mir Space Station to the Russians using a commercial building lease.[8]

Whether it is a space race or a burgeoning commercial space flight industry, it appears that colonizing Mars intrinsically leads to an emphasis on technological advancement, competition, innovation, and employment. But regulation might be hindering this progress. James Dunston criticizes current U.S. regulation disharmony, commenting, “We’re on the precipice of a real revolution in launches, but we don’t have the launch infrastructure or regulatory environment to license all of them.”[9] We really don’t know how close space travel is for the average human being, but with heightened world interest in Mars, we can expect an increase in legal work in the space law sector, and possibly regulatory change.




[4] - [5]


[7] - [9]



Not Merely an Exit: Brexit’s Effects on European IP Law

Written by: Michael Choi

Breaking away when a situation becomes unfavorable, while not the smoothest option, is an appropriate option to consider. However, failing to consider the ramifications of turning away may complicate the situation further.

Enter: Brexit.

Brexit, a portmanteau of the words “British” and “exit,” describes the controversial referendum held on June 23, 2016, where voting-age citizens of the United Kingdom (UK) voted on whether to remain in or leave the European Union (EU).[1] A 51.9% majority voted for the UK to exit the EU.[2] Because of its international economic presence, the UK’s severance will leave the EU in a precarious position. The severance will even challenge the United States, since many of its companies continue to conduct business in the UK.

The effects of Brexit have yet to be felt in full, since the UK must submit a formal notification of its intent to leave the EU.[3] In the meantime, companies that conduct business in the UK and the EU must be mindful of the potential changes in their intellectual property (IP) rights.

Although copyrights, which are dealt with on a national basis, will likely not be impacted, patents and trademarks, which are both based on EU-wide agreements, will experience radical changes.[4] EU patents and trademarks will no longer enjoy IP law protection in the UK. Companies wanting to conduct business in the UK and the EU will have to file separate applications. 

Brexit currently has little effect on filing for patent rights on the European continent: rights seekers can file with the United Kingdom Intellectual Property Office, or with the European Patent Office.[5] Since filing with the European Patent Office is done via the European Patent Convention, which is not an EU member state agreement, registering for and enforcing patent rights will remain largely unchanged.[6] However, the UK’s severance presents an obstacle for the EU’s proposed Unified Patent Court system (UPC).[7] The UPC was meant to consolidate the patent filing and prosecution system in the EU.[8] Consequently, the UK will not be included in this system.[9] The UK is one of the three named countries (along with France and Germany) that must ratify the agreement.[10] Thus, the UK’s departure from the EU will delay the UPC from centralizing the EU’s patent laws.[11] Even if the EU manages to solve the ratification problem, it faces the issue of replacing London as one of the UPC’s original court locations.[12]

All EU trademarks are at risk, since all European trademark regulation is done under the EU Trademark system (EUTM).[13] When the UK is no longer a part of the EU, EU trademarks will no longer receive protection in the UK.[14] Current EU mark owners will either be forced to adhere to transitional provisions, or file completely new trademark registrations under the UK trademark law.[15]

Rights owners in the EU must be conscientious about protecting their rights in the future. With the UK’s absence in all EU-related matters, companies with EU IP rights must adapt to the new IP laws emerging from Brexit.





Is It Time for the U.S. to Implement Stronger Data Protection Regulations—Like the EU’s General Data Protection Regulation?

Written by: Luis Colula

Yahoo, one of the largest email providers, revealed last week that it experienced a cyber attack in late 2014.[1] Yahoo discovered the breach only after it was alerted of a separate, unconfirmed breach, which had prompted the Internet firm to review its security systems.[2] The breach affected some 500 million user accounts.[3] It is believed that hackers acquired account users’ names, birth dates, email, telephone numbers, and, in some cases, encrypted and unencrypted security questions.[4] Nevertheless, Yahoo has assured customers that no passwords, payment card, or bank account information was affected.[5] Notwithstanding the appearance that the attack comprised low-value information, the breach is still thought to be the largest ever in terms of user accounts.[6]

This begs the question of whether U.S. companies and U.S. government agencies are doing enough to improve cyber security.

Unlike its European counterpart, the U.S., for the most part, has taken a hands-off approach by encouraging self-regulation and leaving data subjects “to come up with creative ways to minimize their own risks.”[7] However, it is evident the U.S.’s approach to cyber security has failed: “[t]he majority of breaches (77 percent) occurred in North America, with 59 percent of those being in the [U.S.]”[8] In comparison, “Europe accounted for 12 percent” of cyber attacks.[9]

These staggering statistics should push the U.S. Congress to adopt a regulatory scheme similar to Europe’s General Data Protection Regulation (“GDPR”). The GDPR’s main objective is to give citizens greater control of their personal data and to unify data protection regulation across the EU.[10] For instance, the GDPR applies not only to entities established in the EU, but also to entities offering goods and services to individuals in the EU, and entities monitoring EU citizens’ data.[11] The GDPR also establishes that location data, IP addresses, and online identifiers constitute personal data, because this data could be used to identify individuals.[12] The GDPR also requires breach notifications to data subjects in all industry sectors; creates a one-stop-shop mechanism for companies doing business across multiple EU countries; and expands the rights of individuals.[13]

Adopting a scheme similar to the GDPR in the U.S. would allay the present lack of uniformity in individual states’ privacy laws. Currently, U.S. privacy laws consist of sector-specific federal regulatory schemes, like the Child Online Protection Act (“COPA”) and the Health Insurance Portability and Accountability Act (“HIPAA”), and a variety of state regulations surrounding unfair business practices. Consequently, companies that traverse state borders face the burdensome task of understanding each jurisdiction’s regulations, and complying with all applicable requirements. For instance, companies wishing to do business in states like California (which has famously robust privacy laws) must choose whether to risk fines or jail time for non-compliance with state law, or fork-over significant sums to comply with the heavy regulations. Further, due to the lack of uniformity among states, a company might be held liable in one state or in multiple states. This is time-consuming and costly for the company litigating the case(s) and the judicial system hearing the case(s).

A regulatory scheme similar to the GDPR would also provide U.S. consumers with more protection. Currently, the limited regulatory schemes, both at the federal and state level, only protect personal information (i.e. name, address, telephone numbers, birth dates, social security numbers) and not other online identifiers, which the EU commission found could function like personal information. This allows companies to circumvent current regulations by claiming it is collecting other online identifiers and not personal information. However, the end result is the same—a complete profile of the data subject. Thus, a regulatory scheme similar to the GDPR would addresses key changes in the digital era.

Even if the statistics fail to motivate Congress to act, the financial costs incurred as a result of data breaches should motivate Congress and companies (internally) to act. A 2009 global study found that the U.S. had the most expensive average data breach cost: $6.75 million.[14] Further, data breaches diminish customer confidence and trust, which leads to lost business.[15] Finally, even if the great financial cost fails to motivate Congress or U.S. companies to act, the GDPR itself should. Congress and U.S. companies should adopt a similar regulatory scheme that, like the GDPR, “will apply to all businesses in and outside Europe that deal with personal data of EU individuals.”[16] This means that any U.S. company, which includes a majority of U.S. companies, conducting business in the EU will have to comply with the GDPR.

[1] - [6] Volz, Dustin. “Hackers Steal Data from 500 Million Yahoo Accounts,”, 22 Sept. 2016. Accessed 29 September   2016.

[7] Wharton, Knowledge. “How Yahoo’s Data Breach Could Help Overhaul Online Security,”, 27     Sept. 2016. Accessed 29 September 2016.

[8] - [9] Fadilpasic, Sead. “Majority of Data Breaches Occur in U.S.,”, 24 Feb. 2016. Accessed 29 September 2016.

[10] “Data Protection Reform – Parliament Approves New Rules Fit for the Digital Era,” (2016),            parliament-approves-new-rules-fit-for-the-digital-era. Accessed 10 October 2016.

[11] - [13] Hunton & Williams, LLP. “EU General Data Protection Regulation Finally Adopted,”, 14 Apr. 2016.      Accessed 29 September 2016.

[14] - [15] The Ponemon Institute. 2009 Annual Study: Global Cost of A Data Breach. PGP Corp., 2010. 29 September 2016.

[16] Hunton & Williams, LLP. “EU General Data Protection Regulation Finally Adopted,”, 14 Apr. 2016.  Accessed 29 September 2016.

The U.S. Versus the E.U. – The Inconsistent Nature of Design Protection

Written by: Daniel Armstrong

How difficult should it be to protect design? It’s a common enough notion: risk-takers and innovators want to be rewarded for creative solutions and designs, but in order to reap the benefits of their labor, the intellectual property they’ve created needs to be protected from copying.

The problem in the US: Many criticize the legal framework in the United States as providing inadequate protection to its designers, and warn that this protection deficit leaves designers feeling less motivated to enter the startup world in the first place. Those critics point to the European Union as an example of how the United States should reform its intellectual property protection framework.

Critics of the US legal framework have three primary complaints: First, the functionality doctrine—which prohibits protection of copyright works, trade dress, or patents that are simply functional, in order to avoid anticompetitive marketplace effects that would result from enforcement—is limiting the scope of design protection. Second, this diminished protection results in lower profits to designers and reduced drive for the public to innovate. Third, the costs and time needed to acquire protection make it harder for new designers and brands to stay ahead of the game, especially in rapidly moving industries like fashion.

In an effort to avoid these same complaints, the EU has implemented a single, independent regime for protecting design outside of the trademark, copyright and patent realms. The uniform system that is now in place is seen by many to be the ideal model for providing design protection, and from a distance appears to have solved those functionality, diminished protection, and cost and time complaints.

How it works: The EU system offers two varieties for protection: registered and unregistered. “Designs are automatically protected at the time of their public release under the Unregistered Community Design (UCD). However, UCD protection lasts just three years from the date of the design‘s first disclosure in the EU, and only provides protection against intentional copying. A Registered Community Design (RCD) is renewable up to twenty-five years from the date of filing and provides protection from both intentional and good-faith infringement.” [1] One major benefit to this system is uniform application throughout all EU member states, resulting in clarity as to what designs are protectable subject matter. Additionally, because designs are automatically protected by the UCD at the time of their public release, less-established designers in fast moving industries don’t have to worry about the prolonged time or cost it takes to acquire exclusionary rights to their designs.

On the surface, the Europeans appear to have achieved something that the Americans have not—a uniform system that has removed the effects of varying standards; is cost and time efficient; and whose empirical evidence suggests an increase in innovation and investment to boot. But is it time for the US to consider taking a page from the EU’s book? I don’t think so.

A look deeper into the EU legal framework suggests that inconsistencies have resulted over time among the varying jurisdictions. “Each court is meant to apply the uniform EU law; however, each jurisdiction has its own body of developed case law which guides its application, as well as residual notions of design rights from pre-existing national design regimes.” [1] This leads to one significant downside of the European way. The US, in contrast, enforces design rights in a uniform fashion, nationwide. The result is far fewer inconsistencies.

Additionally, the US framework offers a broader level of protection. Although under the US legal regime it is harder for a designer to obtain exclusionary rights in the first place, once those rights have been obtained, the designer can potentially enforce those rights against any person or corporation who merely designs something similar. In the EU, however, the designer will need to show exact copying before finding infringement, a standard that did not serve Apple, Inc. well in protecting its user interface from a Samsung infringement in the United Kingdom. That same case was tried in the US, and came out in favor of Apple, Inc. It goes to show that although the US system maintains a more rigorous application process, the protection granted is greater upon application than what can be expected from the EU. A regime that only requires a minimal showing of innovation before granting exclusionary rights is simply not going to be able to offer the same level of protection as the current US system.

Even from a psychological standpoint, empirical evidence exists that shows “setting such high standards does result in a psychological drive to meet those higher standards, and thus in larger innovative steps.” [1] From a substantive, procedural, and apparently even a psychological standpoint, the US framework, although incongruous and often times rigorous, is still the one to beat.


[2] Apple, Inc. v. Samsung Elecs. Co., Ltd., 786 F.3d 983 (Fed. Cir. 2015)

Copyright Issues in the Construction Industry

Written by: Matthew Cox

The construction industry is governed by many different bodies of law.  Arguably, contract law lays the unifying foundation for the industry.  But other bodies of law still play vital roles in shaping the ever-changing legal landscape.  Intellectual property, and specifically copyright law, is vital to the industry.

Just who owns architectural or engineering design documents associated with a construction project?  Does the owner who contracted with the design professional[1] for design services own the documents?  Or, does the designer, by way of work product created by intellectual means, retain ownership of the plans and specifications? 

Design documents are subject to copyright laws in the United States; they fall under the category of “technical drawings,” which includes architectural plans.[2]  Whether or not unique aspects of the design were protected after construction was completed remained a looming question until 1990. Finally, litigation resulting from this issue persuaded legislators to clarify the code.[3]

The straw that broke the camel’s back was a case brought in 1988 by an architect against a homebuilder who allegedly copied the architect’s design after it had already been used to build the home for which the design was initially drawn up.  The homebuilder used the design and constructed an identical home elsewhere. The court found for the builder . . . and found no violation of the copyright.[4]

In response, Congress amended the copyright laws to more clearly define architectural work as the design of a building as embodied in any tangible medium of expression, including a building, architectural plans, or drawings.  This tightening of the rule brings in arrangement and composition of elements, but still excludes individual features.[5]  Under this rule, the design professional, by law, owns both the design documents, as well as the unique design elements of the structure—but not the individual elements.[6]

Parties are still free to contract how they see fit, so most agreements contain provisions for the owner to retain a limited license for the plans and specifications while the design professional retains ownership of the documents.  The copyright can also be transferred.  Issues arise when the design professional has concerns about use of the design in unanticipated ways by the project owner.  In this situation an indemnity agreement holding the design professional harmless and charging the project owner with providing a defense upon suit is an adequate risk management option.  The general rule of thumb has become: the professional designer retains ownership of design documents, unless the parties agree otherwise in contract.   

[1] Architects or engineers depending on project type.

[2] 17 U.S.C. §§101 & 102(a)(5).

[3] Donald E. Campbell, Construction Law in a Nutshell 92 (2015)

[4] Robert R. Jones Associates, Inc. v. Nino Homes, 858 F. 2d 274 (6th Cir. 1988).

[5] 17 U.S.C. §101

[6] Donald E. Campbell, Construction Law in a Nutshell 93 (2015).

The Face Behind Bitcoin: He Said, She Said

By Chris A. Batiste-Boykin

On March 6, 2014, Newsweek published an article by reporter Leah McGrath Goodman in which Goodman claimed to have identified the creator of Bitcoin as Mr. Dorian Nakamoto. The article reads almost like a Tom Clancy novel and suggests that the creator of the volatile, digital currency left clear and obvious hints as to his identity, despite an overwhelming public awareness that he intended to remain anonymous.

Mr. Nakamoto vehemently denies being Bitcoin’s creator and has lawyered up to defend his position. Mr. Nakamoto claims he didn’t even know that Bitcoin existed until February 2014 and that Newsweek’s accusation is costing him opportunities for gainful employment and adversely affecting the health and well-being of his family.

Curiously enough, Newsweek’s article includes quotes from Mr. Nakamoto’s family members—his former spouses, two of his children, and his brother—in which they consider whether Mr. Nakamoto could be Bitcoin’s creator. Family members hint that Mr. Nakamoto may be a bit paranoid, describing him as a fickle man with weird hobbies. They discuss his distrust of government and speculate about his possible motivation in creating Bitcoin as a reaction to a devastating home foreclosure that occurred after he fell behind on his mortgage and failed to pay taxes. Understandably, it’s possible that the foreclosure could have motivated Mr. Nakamoto to create a currency that does not rely on a central bank (or government backing) for financial transactions.

Bitcoin has infamously endured tidal wave momentum with the rise and fall of its value. From late 2013 to today, Bitcoin has been valued anywhere from $1,200 per coin to as little as $130, leaving investors curious as to whether the digital currency will ever become stable enough to be a viable central bank-free currency. Naturally, onlookers are skeptical. However, despite a vulnerability to theft, fraud and scandal, former Federal Reserve chair Ben Bernanke has stated that virtual currencies “may hold long-term promise.”

Given that the creator of Bitcoin owns an estimated $400 million in Bitcoin, which remains untouched, it is tempting to wonder why anyone would exchange $400 million for anonymity—or better yet unconditionally deny being the creator of Bitcoin? Bitcoin’s chief scientist, Gavin Andersen, who worked with the anonymous creator known only as Satoshi in 2008, says the answer is easy: the creator does not want to participate in the Bitcoin madness. Mr. Andersen has stated, “if you were to come out as the leader of Bitcoin, now you would have to make appearances and presentations and comments to the press and that didn’t really fit with Satoshi’s personality.”

Leah McGrath Goodman stands by her article—claiming Mr. Dorian S. Nakamoto is Satoshi Nakamoto, the named author of Bitcoin’s nine-page proposal entitled, Bitcoin: A Peer to Peer Electronic Cash System, which surfaced in 2008. She has gathered some interesting facts to prove her hypothesis, seemingly picking up the trail of breadcrumbs that leads straight to Mr. Nakamoto’s front door. Yet, in light of the possibility of a $400 million dollar fortune, Mr. Nakamoto exclaims, “you’ve got the wrong guy!”


“Dumb” Starbucks: “Dumb” Move?

By Wilson Lau

On February 8, 2014, a new coffee shop opened its doors in Los Feliz, Los Angeles. According to the general consensus, the shop’s coffee is “pretty awful,” yet people were willing wait in line for an hour to get a cup of coffee from the new shop. So, what kept these people in line? While curiosity may tempt a few people to try the new coffee shop, more likely than not, it has something to do with its name: Dumb Starbucks. According to patrons, Dumb Starbucks looked identical to the real Starbucks—that is, except for the word “dumb” placed in front of everything.

The mastermind behind Dumb Starbucks is Nathan Fielder, a comedian on Comedy Central. Fielder apparently believes that the real Starbucks cannot sue him because, by adding the word “dumb,” he is technically making fun of Starbucks, and parodies are protected under the Fair Use doctrine of trademark law. According to one court, “[a] parody must convey two simultaneous—and contradictory—messages: that it is the original, but also that it is not the original and is instead a parody.”[1] In the case of Dumb Starbucks, Fielder would most likely satisfy this court’s definition of parody because of the shop’s FAQs listed on the premises, describing the company as a parody. In addition to their FAQs, the baristas working at Dumb Starbucks also told patrons that they are not affiliated with the real Starbucks.

While Fielder may have intended Dumb Starbucks as a parody, Fielder would have still been vulnerable to a trademark infringement claim because of his thoroughness in imitating the real Starbucks. In addition to using the name, Dumb Starbucks also imitated the real Starbucks’ famous circle logo, menu, distinctive colors, and even the CDs that they sell! This extensive copying might just be too over the top to be “fair use.”

In addition to a possible trademark infringement, Dumb Starbucks would have been open to another trademark claim: trademark dilution by tarnishment. Being a famous and distinctive mark, the real Starbucks is protected from tarnishment, which usually involves a violator putting a famous or distinctive mark on products of shoddy quality or using the mark in an unwholesome or unsavory context.[2] Here, the mark arguably meets both factors: (1) Dumb Starbucks’ coffee is awful, and (2) using the word “dumb” is unwholesome or unsavory.

Fortunately for Fielder, Los Angeles County Health Inspectors shut down his operation for not having a valid permit before he could be brought to court. While the real Starbucks was amused, they would likely have taken actions if the operation continued. And considering elaborate details appropriated by Dumb Starbucks, Fielder would have been in more trouble than he thought. Imagine getting sued for a “dumb” joke. Now, that’s a dumb move site.

[1] Cliffs Notes, Inc. v. Bantam Doubleday Dell Pub. Group, Inc., 886 F.2d 490, 494 (2d Cir. 1989).

[2] Lynda J. Oswald, “Tarnishment” and “Blurring” under the Federal Trademark Dilution Act of 1995, 36 Am. Bus. L.J. 255, 263-264 (1991).

Mark Your Calendars For Dropbox’s Arbitration Opt-Out!

By Lauren Harriman

Heads up—Dropbox just dropped a bomb during its most recent Terms of Service (TOS) and Privacy Policy update, and you need to take action! The update, which takes effect on March 24, adds an arbitration section to the TOS. If you prefer not to arbitrate, you must opt-out by completing an online form. While arbitration is a “quick and efficient way to resolve disputes,” and “provides an alternative to things like state or federal courts,” which can take “months or even years,” arbitration does not provide a record of the proceeding.

A record is crucial to developing common law. Common law is critical in an area of law, such as technology law, where legislation is severely lacking. Any Dropbox user legal complaint should have the potential to provide legal precedent for future disputes. Only complaints filed in the state and federal courts can provide that potential. Remember that arbitration means you will likely be hailed to Dropbox’s headquarters in San Francisco should you have a dispute. Dropbox users can opt-out of the arbitration clause now by signing in with their usernames and submitting their first and last names. So take a minute and opt-out of this drop-bomb.

Preventing the “Napsterization” of 3-D Printing

By Nicole Syzdek

Gartner, Inc., an American information technology research and advisory firm, reported that in 2013, combined end-user spending on 3-D printers will reach $412 million, up 43% from 2012.[1] This rapid increase in revenue for 3-D printing companies is not likely to slow down anytime soon. Gartner predicts that in 2014, spending will increase by 62%, reaching $669 million. The increase of 3-D printing has the ability to shake-up many areas of commerce.

3-D printers allow consumers to print three-dimensional objects at home. Although there are many competing designs for 3-D printers, most work in a similar way. The printing begins with a blueprint typically created with a computer aided design (CAD) program running on a desktop computer. CAD programs are presently utilized by many designers, engineers, and architects to model physical objects before they are created. Blueprints can also be created by using a 3-D scanner to scan an existing object in a similar manner in which a regular flat scanner can create a digital file of a 2-D image. Once the CAD is created, it is sent to the printer, which builds the object up, layer by layer, from tiny bits of material.

As 3-D printing technology develops, people will be free to make almost anything they desire themselves. This ability furthers the already shifting societal culture from mass production-oriented towards the “maker movement” that seeks to empower people to create customized goods, turning the home into a personal factory. The growth in popularity of Etsy, the online marketplace for homemade goods demonstrates this shift. John Hornick, an IP attorney with Finnegan, Henderson, Farbow, Garrett & Dunner LLP in New York stated it best when he said, “Everything will change when you can make anything.”

The ability to make anything implicates all areas of intellectual property law. 3-D scanners will allow us to easily replicate all kinds of physical things that may be patented or subject to copyright or trademark protection. Not only is the copy of a physical object problematic for intellectual property enforcement, but the market for CAD files containing design specifications is already forming on free peer-to-peer file sharing networks such as Pirate Bay. Sharing CAD files for infringing goods is reminiscent of the Napster disaster that befell the copyright entertainment industry.

The current regulatory structure for intellectual property does not cope well with the digital revolution. Many of the copyright and trademark dominated industries have unsuccessfully confronted digitization, but patent-based industries have yet to face the challenge. Evidenced from the copyright disaster brought upon by Napster and peer-to-peer file sharing, when digitization rattles an existing IP structure those holding a large stake in keeping the regime functioning sprint to lobby for congressional aid. The government should play a role in protecting 3-D printing IP, but what has proved to not work is responding to “fear-based” lobbying by large stakeholders.

To prevent the “Napsterization” of the 3-D printing industry IP holders need to first accept that the best approach is not to try to make the new digital era work for them, but rather to restructure their own business models to make them work with digitization. IP holders should take notes from how businesses such as iTunes and Amazon capitalized on online users’ preference for the combination of quality and ease of access to generate profit from the new file-sharing era. Some may unknowingly seek to repeat the mistakes of the copyright wars by pushing for new laws to prosecute anyone who uses the new technology for infringing purposes, demanding technological solutions like digital rights management or attacking intermediaries who provide file sharing websites with aggressive take-down procedures and legal battles. But IP holders must remember those strategies failed. To cushion the economic shake-up, it is necessary for IP holders to begin strategizing on how to approach the business and legal issues woven into the emergence of 3-D printing. With adequate preparation, it is safe to say that IP holders are not out of options.

[1] Press Release, Gartner Says Worldwide Shipments of 3D Printers to Grow 49 Percent in 2013 (Oct. 2, 2013), available at

The Computer Fraud and Abuse Act: Current Coverage and Needed Reform

By Lauren Harriman

In 1984, Congress was facing a rapidly changing technological landscape. The world wide web was not yet available at the consumer level, but Internet use was growing quickly among universities. Law enforcement officers felt unprepared to handle what they believed would be “brand new” crimes of the Internet. Officers were not only concerned with domestic computer security threats, but international threats as well. Thus, in 1986, Congress enacted the Computer Fraud and Abuse Act (CFAA) to clarify the law surrounding computer-related crimes. However, the “brand new” Internet crimes that law enforcement feared and the CFAA meant to address were not entirely novel. In fact, the CFAA duplicated charges for several crimes already included in the Penal Code, simply providing prosecutors with one more tool to use in plea bargaining.

In plea negotiations, prosecutors are able to threaten law violators with extensive jail time if a settlement cannot be reached. This is especially true when prosecutors can charge violators under multiple statutes for the same crime. This plea bargaining tactic discourages the exercise of the right to a jury because violators are not willing to risk being found guilty of all charges. Aaron Swartz, prosecuted under multiple sections of the CFAA for excessively downloading documents from JSTOR over MIT’s network, fell prey to this tactic in 2012. Rather than face a sentence of thirty years in prison, Swartz committed suicide in 2013. His fate has united the Internet community in demanding for reformation of the CFAA.

Although the CFAA is necessary to protect against the hacking of critical infrastructure, amendments to the Act have since expanded it to cover any “computer involved in interstate communication.” Due to the infrastructure of the Internet, it is almost impossible to use a computer to access the Internet without sending a communication outside of the state where the computer is located, thereby potentially implicating the CFAA anytime a user accesses the Internet. Even something as simple as running a Google search will send a communication to a computer outside of the user’s state.

Further, because the CFAA does not define “unauthorized access,” the Act has been interpreted to cover Terms of Service (TOS) violations. Thus, law enforcement can charge users under the CFAA if a user violates a TOS, his use of a given website is “unauthorized,” and any information he retrieves from the site is information obtained from “a computer . . . which is used in . . . interstate . . . communication” in violation of the CFAA. Though prosecutors argue that they will only target serious violators, several of the charges brought against Swartz were simply violations of JSTOR’s TOS. Swartz exceeded his authorized access of JSTOR’s website and was accused of downloading educational documents in order to make them available to the public. His actions can hardly be considered a threat to critical infrastructure.

Unfortunately, the laws of cyberspace often develop during cases which tug at the public’s heart strings. For instance, in United States v. Drew, the defendant created a MySpace account and used it to bully a thirteen-year-old girl, who eventually committed suicide. Fortunately, the court in Drew kept emotion out of its decision and recognized that prosecutions for TOS violations under the CFAA may be unconstitutional. The court granted the defendant’s void-for-vagueness motion despite any personal need it may have felt to hold the defendant accountable. The Electronic Frontier Foundation (EFF), an organization devoted to electronic civil rights, even noted that the girl who committed suicide was herself violating MySpace’s TOS, which require that users be over the age of fourteen.

The Internet community remains intent on amending the “unauthorized access” portion of the CFAA to prohibit actual hacking rather than simply computer research or mere URL manipulation. The EFF supports Congresswoman Zoe Lofgren’s proposed approach to the CFAA, which would redefine “access without authorization” as “to circumvent technological access barriers to a computer, file, or data without the express or implied permission of the owner or operator of the computer to access the computer, but does not include circumventing a technological measure that does not effectively control access to a computer, file, or data.”

Lofgren’s proposed language would place the burden on the server owners to protect their data and their users’ data, rather than on Internet users to not poke around where they were not “invited.” Server owners, however, want their content secure. The Googles and Facebooks of the world likely believe that they need TOS to protect their servers and are thus not likely to support a bill which would shift the burden of protection to server owners.

The potential misuse of the CFAA by law enforcement must be weighed against the burden placed on service providers to protect data. In balancing these sides, we must keep in mind the Aaron Swartz’s of the world. Rather than prosecuting violators like Swartz, prosecutors should be focusing on the threats which the CFAA was originally created to protect against: threats against critical infrastructure, which, due to the nature of the Internet, can come from anywhere on the globe. This goal of the CFAA can be achieved by amending the language of the CFAA to criminalize only true hacking activities.

View the Full Article: CFAA: Current Coverage and Needed Reform