By Lauren Harriman
A record is crucial to developing common law. Common law is critical in an area of law, such as technology law, where legislation is severely lacking. Any Dropbox user legal complaint should have the potential to provide legal precedent for future disputes. Only complaints filed in the state and federal courts can provide that potential. Remember that arbitration means you will likely be hailed to Dropbox’s headquarters in San Francisco should you have a dispute. Dropbox users can opt-out of the arbitration clause now by signing in with their usernames and submitting their first and last names. So take a minute and opt-out of this drop-bomb.
By Nicole Syzdek
Gartner, Inc., an American information technology research and advisory firm, reported that in 2013, combined end-user spending on 3-D printers will reach $412 million, up 43% from 2012. This rapid increase in revenue for 3-D printing companies is not likely to slow down anytime soon. Gartner predicts that in 2014, spending will increase by 62%, reaching $669 million. The increase of 3-D printing has the ability to shake-up many areas of commerce.
3-D printers allow consumers to print three-dimensional objects at home. Although there are many competing designs for 3-D printers, most work in a similar way. The printing begins with a blueprint typically created with a computer aided design (CAD) program running on a desktop computer. CAD programs are presently utilized by many designers, engineers, and architects to model physical objects before they are created. Blueprints can also be created by using a 3-D scanner to scan an existing object in a similar manner in which a regular flat scanner can create a digital file of a 2-D image. Once the CAD is created, it is sent to the printer, which builds the object up, layer by layer, from tiny bits of material.
As 3-D printing technology develops, people will be free to make almost anything they desire themselves. This ability furthers the already shifting societal culture from mass production-oriented towards the “maker movement” that seeks to empower people to create customized goods, turning the home into a personal factory. The growth in popularity of Etsy, the online marketplace for homemade goods demonstrates this shift. John Hornick, an IP attorney with Finnegan, Henderson, Farbow, Garrett & Dunner LLP in New York stated it best when he said, “Everything will change when you can make anything.”
The ability to make anything implicates all areas of intellectual property law. 3-D scanners will allow us to easily replicate all kinds of physical things that may be patented or subject to copyright or trademark protection. Not only is the copy of a physical object problematic for intellectual property enforcement, but the market for CAD files containing design specifications is already forming on free peer-to-peer file sharing networks such as Pirate Bay. Sharing CAD files for infringing goods is reminiscent of the Napster disaster that befell the copyright entertainment industry.
The current regulatory structure for intellectual property does not cope well with the digital revolution. Many of the copyright and trademark dominated industries have unsuccessfully confronted digitization, but patent-based industries have yet to face the challenge. Evidenced from the copyright disaster brought upon by Napster and peer-to-peer file sharing, when digitization rattles an existing IP structure those holding a large stake in keeping the regime functioning sprint to lobby for congressional aid. The government should play a role in protecting 3-D printing IP, but what has proved to not work is responding to “fear-based” lobbying by large stakeholders.
To prevent the “Napsterization” of the 3-D printing industry IP holders need to first accept that the best approach is not to try to make the new digital era work for them, but rather to restructure their own business models to make them work with digitization. IP holders should take notes from how businesses such as iTunes and Amazon capitalized on online users’ preference for the combination of quality and ease of access to generate profit from the new file-sharing era. Some may unknowingly seek to repeat the mistakes of the copyright wars by pushing for new laws to prosecute anyone who uses the new technology for infringing purposes, demanding technological solutions like digital rights management or attacking intermediaries who provide file sharing websites with aggressive take-down procedures and legal battles. But IP holders must remember those strategies failed. To cushion the economic shake-up, it is necessary for IP holders to begin strategizing on how to approach the business and legal issues woven into the emergence of 3-D printing. With adequate preparation, it is safe to say that IP holders are not out of options.
By Lauren Harriman
In 1984, Congress was facing a rapidly changing technological landscape. The world wide web was not yet available at the consumer level, but Internet use was growing quickly among universities. Law enforcement officers felt unprepared to handle what they believed would be “brand new” crimes of the Internet. Officers were not only concerned with domestic computer security threats, but international threats as well. Thus, in 1986, Congress enacted the Computer Fraud and Abuse Act (CFAA) to clarify the law surrounding computer-related crimes. However, the “brand new” Internet crimes that law enforcement feared and the CFAA meant to address were not entirely novel. In fact, the CFAA duplicated charges for several crimes already included in the Penal Code, simply providing prosecutors with one more tool to use in plea bargaining.
In plea negotiations, prosecutors are able to threaten law violators with extensive jail time if a settlement cannot be reached. This is especially true when prosecutors can charge violators under multiple statutes for the same crime. This plea bargaining tactic discourages the exercise of the right to a jury because violators are not willing to risk being found guilty of all charges. Aaron Swartz, prosecuted under multiple sections of the CFAA for excessively downloading documents from JSTOR over MIT’s network, fell prey to this tactic in 2012. Rather than face a sentence of thirty years in prison, Swartz committed suicide in 2013. His fate has united the Internet community in demanding for reformation of the CFAA.
Although the CFAA is necessary to protect against the hacking of critical infrastructure, amendments to the Act have since expanded it to cover any “computer involved in interstate communication.” Due to the infrastructure of the Internet, it is almost impossible to use a computer to access the Internet without sending a communication outside of the state where the computer is located, thereby potentially implicating the CFAA anytime a user accesses the Internet. Even something as simple as running a Google search will send a communication to a computer outside of the user’s state.
Further, because the CFAA does not define “unauthorized access,” the Act has been interpreted to cover Terms of Service (TOS) violations. Thus, law enforcement can charge users under the CFAA if a user violates a TOS, his use of a given website is “unauthorized,” and any information he retrieves from the site is information obtained from “a computer . . . which is used in . . . interstate . . . communication” in violation of the CFAA. Though prosecutors argue that they will only target serious violators, several of the charges brought against Swartz were simply violations of JSTOR’s TOS. Swartz exceeded his authorized access of JSTOR’s website and was accused of downloading educational documents in order to make them available to the public. His actions can hardly be considered a threat to critical infrastructure.
Unfortunately, the laws of cyberspace often develop during cases which tug at the public’s heart strings. For instance, in United States v. Drew, the defendant created a MySpace account and used it to bully a thirteen-year-old girl, who eventually committed suicide. Fortunately, the court in Drew kept emotion out of its decision and recognized that prosecutions for TOS violations under the CFAA may be unconstitutional. The court granted the defendant’s void-for-vagueness motion despite any personal need it may have felt to hold the defendant accountable. The Electronic Frontier Foundation (EFF), an organization devoted to electronic civil rights, even noted that the girl who committed suicide was herself violating MySpace’s TOS, which require that users be over the age of fourteen.
The Internet community remains intent on amending the “unauthorized access” portion of the CFAA to prohibit actual hacking rather than simply computer research or mere URL manipulation. The EFF supports Congresswoman Zoe Lofgren’s proposed approach to the CFAA, which would redefine “access without authorization” as “to circumvent technological access barriers to a computer, file, or data without the express or implied permission of the owner or operator of the computer to access the computer, but does not include circumventing a technological measure that does not effectively control access to a computer, file, or data.”
Lofgren’s proposed language would place the burden on the server owners to protect their data and their users’ data, rather than on Internet users to not poke around where they were not “invited.” Server owners, however, want their content secure. The Googles and Facebooks of the world likely believe that they need TOS to protect their servers and are thus not likely to support a bill which would shift the burden of protection to server owners.
The potential misuse of the CFAA by law enforcement must be weighed against the burden placed on service providers to protect data. In balancing these sides, we must keep in mind the Aaron Swartz’s of the world. Rather than prosecuting violators like Swartz, prosecutors should be focusing on the threats which the CFAA was originally created to protect against: threats against critical infrastructure, which, due to the nature of the Internet, can come from anywhere on the globe. This goal of the CFAA can be achieved by amending the language of the CFAA to criminalize only true hacking activities.
View the Full Article: CFAA: Current Coverage and Needed Reform
By Kennard Herfel
Among the global gossamer of controversies concerning the NSA revelations brews a key case involving Ladar Levison, the founder of the encrypted email provider Lavabit. Levison created Lavabit soon after the Congress passed the Patriot Act to preserve citizens’ privacy in online messages.
Last Tuesday, the Fourth Circuit Court of Appeals heard oral arguments regarding the legitimacy of the contempt order placed on Levison for not providing the FBI with the Secure Sockets Layer (“SSL”) key to Lavabit. SSL is security technology that encrypts the links between server, client, and browser. The SSL encryption by Lavabit was likely too elaborate for the FBI to decrypt; thus, the FBI’s SSL request.
When the feds can’t decrypt SSL, like that used by Lavabit, they customarily turn to other methods to obtain the desired information, such as using “backdoor” hardware installation or asking the company to disclose the information or turn over the SSL key. To the extend of public knowledge, a company has never refused to comply with a government request for encryption keys—until Lavabit.
The case began when Edward Snowden—a Lavabit user and most likely the targeted user for the FBI’s investigation into Lavabit—leaked confidential NSA documents last June. The government served Levison with a “pen register” order, requesting real-time access to metadata from the targeted account. Levison refused to comply, concerned that the FBI would perform a dragnet search of Lavabit user accounts. His concern was not unwarranted as there are no definite guidelines for, or clear limitations on, such a search. Levison handed over the SSL key to the FBI only after he was charged with a $5,000 daily fine for non-compliance. Soon after doing this, however, Levison shut down Lavabit with great principled pride—and great monetary loss.
Levison is now challenging the contempt of court order brought against him for his initial refusal to disclose the encryption keys to Lavabit. With the promise of many more confidential documents to be revealed by Snowden and the growing concern around the world of how technology affects our civil liberties, passing time may be Levison’s best ally. The Fourth Circuit’s decision in this case could either mitigate the ease of government spying or reign in a new norm for those concerned with the future of civil liberties and technology.
By Laura Whiteside
Robert Morley, Professor at Washington University in St. Louis, recently filed a patent infringement claim against Jack Dorsey and Jim McKelvey, founders of Square, Inc. Square, a startup based in San Francisco, is responsible for the white plastic card readers that plug into the audio jack of mobile devices and are used to send and receive money electrically.
In the complaint, Professor Morley claims he was the original and sole inventor of the card reader. In 2008, Morley assisted McKelvey in creating a new business, and together they formed a joint venture along with Dorsey. Morley was cut out of the company when Dorsey and McKelvey incorporated. Square subsequently filed various patents that Morley claims used his insights and methods. Morley alleges that he planned to use the value of his patentable ideas to exchange for shares in the company. A court must now decide if Morley was an unfortunate victim or is simply making baseless allegations. Either way, Dorsey and McKelvey will undoubtedly keep riding the success of Square as it grows and transforms into a business that may replace the cash register and change the way large corporations process transactions.
As this lawsuit shows, founder issues can be a serious problem for startups. This is unsurprising given the fact startups are temporary organizations that make it their goal to grow—which might also mean growing out of some of their initial members. Discussions of equity splits, division of labor, and allocation of credit for ideas might not seem as pressing as creating an actual product. However, in order to avoid future litigation, it would be wise for new companies to determine these issues at the outset—before mere ideas ripen into successful billion dollar companies.
By Noah Johnson
Pinterest has filed a trademark infringement suit against a startup called Pintrips in the U.S. District Court for Northern California. Pintrips is a small travel-planning startup that launched in 2012. Pintrips provides travel-planning services, such as flight tracking, where users “pin” routes they are interested in to monitor prices. The service contains a limited number of social network elements where a user can interact and share tips with others. Pinterest, on the other hand, is an Internet giant and currently the third largest social network by user count in the United States, behind only Facebook and Twitter.
Pinterest alleges that a number of Pintrips’ actions amount to trademark infringement. Pinterest’s first claim focuses on the prominently displayed “pin” button on both companies’ websites. The complaint alleges that “[a]n important element in Pinterest’s success has been the popularity of its PIN IT button,” which allows users to save content on the site. Pintrips has a similar button. The outcome of the case will reveal whether Pinterest can successfully lay claim to the “Pin” button. While not a ubiquitous feature of the Internet, the “Pin” feature is used in a variety of applications, such as Google Maps. Further, “Dropping a Pin” has become synonymous with letting your friends know if you are in a certain place while using certain apps.
Significantly, Pinterest states that it is a social media bookmarking service “for all types of media,” while Pintrips boasts itself as a social media bookmarking service for “information about travel and flights exclusively.” Pinterest is attempting to establish exclusive ownership over the trademark rights to “Pin” buttons and “PIN-formative” within the entire realm of social media.
Pinterest’s allegations beg the question of whether Pintrips is a “social media bookmarking service” at all. Pintrips is different from traditional social media sites, like Facebook and Pinterest, in several ways. First, Pintrips operates as a browser plugin. Once a user downloads the Chrome plugin, Pintrips sits on top of the user’s browser, allowing him to pin things as he visits different sites. Second, while Pintrips allows users to collaborate with others, the service’s main function is to assist people in finding flights and streamlining the travel-planning process.
Pintrips is a viable service that users may would still find useful even if social networking was completely absent from the design. Granted, the social aspect is what makes the service “fun” and would allow the Pintrips to grow quickly if people adopted the service. However, classic social networks, such as Facebook or Pinterest, do not offer services that can be viably separated from the social component of their business model.
It will be interesting to see if Pinterest can make a convincing argument that there is a strong “relationship between the goods or services of the parties in terms of utility, use, and trade channels” in line with the likelihood of confusion test for infringement. This factor of the test is not dispositive, but it may weigh heavily. A decision on infringement (or lack thereof) could come down to how expansive or narrow a definition the court gives to a “social network.” If the court adopts a wide definition, something akin to “a web service that allows users to connect with another,” then the definition will cover Pintrips. If the court adopts a narrow definition, similar to “a web service that has the primary purpose of connecting users and facilitating relationships using messages, comments, and images,” the result will likely be in favor of Pintrips since the site does not resemble a traditional social network.
The bottom line is that Pinterest is aggressively defending its trademark territory. In this case, Pinterest has asked for an immediate injunction of the use of “Pintrips, Pin or any other PIN-formative mark.” Pinterest also requests three times Pinterest’s damages from Pintrips’ use of the marks, or alternatively, thee times Defendant’s profits. If Pinterest prevails, the outcome will either radically change Pintrips’ identity and brand or put them squarely out of business.
Reposted from Briefs + Bytes
By Lauren Harriman
California’s new eraser law lets minors remove their posts from websites. But in a time where everything anyone posts is a google search away from being uncovered, is Internet erasability really something we want to teach the next generation? While I recognize that children need the opportunity to learn from their mistakes, should be we teaching them that the Internet is an acceptable place to make those mistakes? Rather than encouraging children to share every uncensored opinion though on Twitter, every bad outfit choice on Instagram, and every awkward dance move on Youtube, perhaps it's better to instruct the young generation that the Internet is more like the podium at the school assembly rather than the note passed in class. I’m all for encouraging children to experiment, but perhaps that experimentation is best done at home, or at least in person, rather than in front of an Internet audience of over 1 billion people. Although the new law allows for the erasure of content, there is no way to erase it from the minds of the multitude of people who have already seen it.
By Emily Poole
Google has just been hit with a €900,000 ($1.2 million USD) fine, the maximum amount possible for violation of Spain's data protection law. Google was found guilty of three distinct violations: (1) collecting users' data, (2) combining users' data from a variety of its services and (3) storing the data indefinitely, all without properly informing its users or obtaining consent.
Last year, privacy watchdogs from the 28 EU member states contacted Google, urging the company to amend its privacy policies to better align with the EU's data protection principles. It appears that Google didn't take the hint, however, as none of its privacy policies were revised after the notice.
Google has since responded in a written statement that the company is working with the Spanish authority to determine the next steps toward creating a privacy framework that will pass muster under Spanish law. Perhaps this week's fine finally hit a nerve, though it's more likely negative media attention is what actually struck a cord . . . what's $1.2 million to a multi BILLION dollar conglomerate?
In the coming year, Google could also face fines in five other EU nations for similar privacy violations.
By Emily Poole
The European Union ("EU") is in the process of strengthening its online data privacy laws, the far-reaching effects of which will be felt by any U.S. company or organization operating in the EU. The latest move toward implementation of the General Data Protection Regulation ("Regulation") occurred in late October 2013, when the European Parliament approved certain amendments to the current draft of the legislation.
Right now, the 1995 Data Privacy Directive ("Directive") regulates data privacy in the EU. It directs each of the twenty-eight member countries to create its own set of privacy laws that comply with the Directive's seven principles: notice, purpose, consent, security, disclosure, access and accountability. Since the Directive only provides a framework by which countries are expected to abide, rather than imposing concrete regulations, privacy law in the EU is a patchwork of country-specific rules, with some countries implementing and enforcing robust privacy regulations and others creating laws that simply meet the minimum requirements of the Directive.
The October vote moves the EU one step closer to overhauling the varied and inconsistent country-specific laws and replacing them with a single, uniform piece of the legislation. The goal is to have the provisions of the Regulation agreed upon by mid 2014 and to come into effect two years after that.
One of the provisions receiving the most attention is the Right to Erasure (formerly the Right to Be Forgotten), which is intended to give EU citizens a legal right to require service providers to, upon request, remove their personal data and communicate the deletion request to any third party to whom they sent the data. While such a move means to give individuals more control over their information, the provision brings up a host of free speech concerns. If a user is unhappy with a post about him or her, he or she could simply request that the site hosting the comment take it down--thereby, stifling speech.
The Regulation has yet to be finalized, so expect more disagreement over controversial provisions, such as the Right to Be Forgotten. Learn more at: http://ec.europa.eu/justice/data-protection/
By Brandon Wiebe
GoldieBlox, a toy company that generated buzz this week when its recent online ad went viral, has filed a lawsuit in federal court seeking a declaratory judgment that its parody of the Beastie Boys' song "Girls" constitutes fair use. The viral commercial shows three girls, bored of watching princess cartoons, build and unleash a Rube Goldberg machine in their house. The commercial is set to a parody of "Girls," with the original lyrics replaced by more empowering lyrics in line with the company's mission to get girls involved in science, technology and engineering.
The complaint in GoldieBlox, Inc. v. Island Def Jam Music Grp., 4:13-cv-05428-DMR (N.D. Cal. 2013) alleges that "the Beastie Boys and their label have lashed out and accused GoldieBlox of copyright infringement." It is settled law that even commercial parody can constitute fair use. See Campbell v. Acuff-Rose Music, 510 U.S. 569 (1994). While money generated from a parody can weigh against a finding of fair use, it is only one of four factors weighted in fair use analysis. The defendants will likely seek to distinguish a parodic recording created as a single or part of an album versus one made as a background accompaniment to an advertisement.