Monday
May082006

The Long Tail Of Infringement

With Chris Anderson's book coming out, I was thinking about how marketplaces and commerce don't by any means have a lock on the long tail. The dynamics of copyright infringement must also follow a power law curve, with massive bootleg software/music/movie operations situated somewhere near the top, but the majority of infringing acts happening out among the rank and file — probably largely unknowingly, certainly without harmful intent — on the tail.

As a rule, these long tail infringers aren't out to do something unlawful; they're out to do something (e.g. use, time and/or place shift, create), and, to the extent they're aware of potentially running afoul of copyright laws, a quick cost-benefit analysis tells them that out there on the tail they're likely to fly under the radar. To the extent they know something might be amiss, they'd prefer not to have to operate on the fringes of the law. But, they're practical — and driven by the prime directives of convenience and speed.

David Prager has some dead-on insights along these lines in TWiT Episode 51. David is the practical, business manifestation of something I've realized for a long time: that those adopting Creative Commons and other permissive licensing models are going to start sucking market share away from from locked-down media faster than an eight operator HSI with QLP pulse jet filter. David isn't about about, "let's give it away for the common good." David is about, "let's exploit this undeniable opportunity." He and his colleagues at Revision3 have the long tail of infringement squarely in their sights in precisely the way smart businesspeople should — not as potential defendants, but as potential customers.

[Technorati tags: , , , ]

Friday
May052006

San Francisco Vignette

Study in contrasts: Stopped at Sacramento and Sansome. (No scooting through a yellow in SF, unless you're a complete jerk, and one with a death wish to boot.) Crossing paths in the crosswalk — (1) homeless man wearing a boxy jacket of chartreuse felt, tied round the waist with a black cord, pushing an upright cart bearing his belongings in two cardboard boxes with the world's tiniest boombox perched atop, and (2) male financial district worker in shirtsleeves, loose tie, and slacks, pushing a tags-still-dangling new office chair in the precise chartreuse as the homeless man's boxy jacket.

(I suppose as a function of being in a suit-rich environment this week, I realized the contrast was made more complete by the worker's casual appearance than it would have been by a more buttoned up/buttoned down look.)

Friday
May052006

Slides From My iTechLaw Talk

Here are the slides from my talk yesterday on Blogs+IP.

[Technorati tags: , ]

Friday
May052006

Current Issues in Online Marketing at iTechLaw

There was some timely and topical information in the iTechLaw session on Current Issues in Online Marketing, and my notes follow. I'm just capturing the highlights here, and have inserted an aside or two in brackets.

David Bender, Online Marketing and Privacy

Privacy can be a strong marketing issue. Recommends an article by Martha Rogers and Don Peppers, called Return on Customer. Privacy is an important means to build customer trust and cut down customer "churn." Also references an article from the Ponemon Institute. Purpose of the survey was to determine the perceptions of people who received security breach notices, occasioned by losses of data or network security holes. The survey sought the reactions of those who learn their data may have been compromised. The survey revealed that 19% of recipients had or would terminate their relationship with the company, 40% were considering termination, 58% lost confidence in the company. 52% thought the notice was confusing/ineffective (email, customers assumed it was spam; phone, assumed it was telemarketing; mail, assumed it was junk). 36% thought the potential injury wasn't properly explained, 41% believed the company was holding back information, 5% had retained lawyers to seek recourse. Emphasizes the importance of avoiding these situations through proper security. If one of these situations does somehow nevertheless come up, you have to make the communications timely. Only one good reason for any delay: you may be required to wait by a law enforcement agency in order to investigate the facts. The communication has to get across the fact it's an important message and not junk mail. You have to consider how much it is worth to you as a business to retain your customers when choosing the means of communication. Companies who used a form letter/email were more than 3 times as likely to lose the customer than those who drafted personal messages. It has to be comprehensible. It has to explain what types of information has been compromised, to whom, and what kind of injury is likely to result. Think about providing extras, such as free credit monitoring and a toll-free hotline. Key point: 12% of respondents to the survey said their confidence in the organization increased when their perception was the situation had been handled properly.

Better to prevent something from happening, but there are good ways and bad ways to deal with the situation and it can make a big difference in what a company's customer base will look like after the event.

Jay T. Westermeier on Liabilities of Search Engines in Key Word Advertising

Jay thinks this is one of the more exciting topics addressed at the conference. The whole field of Internet advertising is balooning; by 2010 it's expected that $55 billion will be spent on online advertising worldwide. Keyword advertising is the biggest component. The legal battle with respect to the use of trademarks as keyword triggers is one of the major issues in the law today. To review, keyword advertising = the ability to link ads to particular search terms. Adword programs are a little different, but still based on context and trigger terms, and potentially trademarks as trigger terms. Jay did some sample Google searches for Motorola, Dell, and Microsoft, demonstrated how advertisers are using the search term/trademarks to link ads to searches. Google and Yahoo have different policies concerning trademarks as search terms.

Playboy v. Netscape involved Netscape's and Excite's use of "Playboy" as keywords triggering delivery of ads. Court (9th Circuit) found there was enough evidence of initial interest confusion to grant a preliminary judgment. The evidence was focused on the ads, that were not well marked and it was difficult to tell the ads weren't actually associated with Playboy. We never got a precedential decision out of this; the case settled.

In the 2nd Circuit, SaveNow software used the "1-800 Contacts" mark, and there were pop-up ads related to user activities. But the ads weren't publicly available (displayed only in client software), so no confusion.

Geico v. Google: Geico failed to meet its burden on likelihood of confusion. Recent Merck case involved ZOCOR mark, and in Edina Realty case, use of the search term was a use in commerce and violation of Lanham act. Wells Fargo and WhenU cases (earlier); no infringement. Pure machine linking function. Laptraveler case: postdomain use of mark not infringement (i.e., something.com/laptraveler).

Yahoo no longer allows bidding on keywords containing competitor trademarks. Implementation will be interesting/a challenge. This issue is a dilemma and cries out for trying to reach a balance between trademark owners and advertisers. Have to retain goodwill and quality associates with the mark, have to also let the business of Web search and the enormous and growing advertising economic market go forward.

Matt Gold of the FTC, on the Role of the FTC in Online Marketing

Views expressed here are his own, not the FTC's. FTC receives about 200,000 online fraud complaints/year. Largely involve offline problems that have just migrated online. "Old wine in a new bottle." In 1997, FTC concluded that the problems of the Internet were the same problems seen in the offline world, though the Internet could amplify the problems (pyramid schemes, etc.). Those conclusions still bear out today. Recent cases have involved miracle cures and online opportunities, for example. In the late '90s though, other sorts of problems started cropping up, started seeing new things unique to the online world such as modem hijacking (long distance calls), pagejacking (tricking visitors onto sites they didn't intend to visit), and mousetrapping (disabling the back button, not letting a visitor out).

The FTC has an Internet lab in Washington, D.C., set up apart from its computer network. They also have "virgin" computers there, can test programs suspected of spreading spyware or other wrongdoing. The FTC does education by participating in consumer.gov, enabling people to find information from various government agencies based on subject matter. Dot Com Disclosures is relevant info for companies. The FTC also has created about a dozen fake ads online. One is for a phony product called NordiCaLite. The person who clicks through learns, courtesy of the FTC, they could get scammed by responding to an ad like this. [Someone must have found and aggregated all these, yes?]

Spyware: slippery definitional issues, but it has to be something that installs without consent and can cause harm (changing home page; degrading performance; loss of Internet access, modification of system files, etc.) The FTC uses its Section 5 (general) authority to regulate, which means they must prove it unfair or deceptive. Generally the FTC uses the unfairness prong. FTC v. Seismic Entertainment Productions, Inc. is an example. Changed default search engine, installed adware, both charged as unfair practices by the FTC. Spyware also generated ads for a product that allegedly would remove the spyware (but of course didn't work). Case filed in New Hampshire, ongoing.

FTC v. Odysseus Marketing Inc. Kazanon installs additional programs (in addition to itself). There was a disclosure, "the typical EULA, very very long," and the FTC asserted this did not constitute adequate disclosure. Showed screen shots of comparative Google searches, Kazanon kept the look and feel, but changed all the sponsored links that displayed.

Françoise Gilbert on SPAM and Compliance Issues

Marketing channels take many facets, need to consider mail, fax, mail, wireless, as well as email spam. [Let's not forget .] CAN SPAM Act: focuses more on commercial email, the primary purpose of the message dictates whether it's commercial. If so, it can contain no false or misleading messages, there must be an opt-out, the opt-out must work and be implemented within 10 days. There can be aggravated violations of the Act by using tricks such as creating multiple email accounts or harvesting addresses. Enforced by FTC and state attorneys general. Recent cases have focused on people negligent in their implementation of the Act, basic requirements not satisfied. The size of the penalties have been large: Jumpstart $900,000, Optin: $2.4 million. Much bigger than the penalties imposed under earlier laws. Important to get across to companies that the risks associated with violations is very high.

Compliance: it's important to implement procedures. There should be a CAN-SPAM compliant email marketing policy, privacy policies, document retention policies. Policies should be simple and easy to implement, but should take into account there are a number of gray areas where decisions should be left to legal rather than an aggressive marketing staff. There's a provision in the CAN SPAM act allowing for opt-out to be more granular and have a menu of options; this can be an affirmative marketing tool and should not be ignored.

Datran Media LLC case, prosecuted by the NY state attorney general's office. Datran purchased address lists but didn't do proper due diligence as to origins, addresses came from sites who had told customers their information would not be sold. Holding: a written warranty or representation can't be relied on, the purchaser of such lists must independently review, investigate, and confirm the information was legally obtained.

Subcontractors: companies who delegate their advertising and outreach to third parties should have provisions in their service agreement about proper due diligence and compliance with anti-spam laws.

Must consider consequences of anti-spam compliance in connection with M & A as well. Need to consider whether transferring customer databases is prohibited by CAN SPAM, for example. There's an exception for customers who provided affirmative consent to transfer when originally supplying the information. Past violations may accrue to acquiring company and should be taken into account. Think too about consequences of merging databases and differences in policies toward interacting with customers: can policies of a small company be required to alter the policies of a large/global acquiring company? It's possible.

David Schellhase (Senior VP and GC, salesforce.com) on Legal Issues in the Online Service Subscription Model

Comments are David's views and not those of salesforce. Also, he's not aware of any reported decisions significantly related to this new and still developing business model (i.e., selling software as a service). There are both legal and commercial issues around software as a service, and commercial issues that are disguised as legal issues. Salesforce does software on demand and Web delivery. The identity of the entity delivering your applications and functionality is the primary difference from old software delivery models. Companies outsource and/or supplement their IT departments by using salesforce. Subscription terms can be long or short term. Again, old wine in a new bottle. The kind of agreement you sign looks a lot like a traditional enterprise software license, with some new twists. The issues that come up in customer negotiations are mostly commercial, not legal. But there are legal issues such as privacy and data protection, limitation of liability, warranty, policing behavior of customers and users (indemnities sometimes important). Privacy and data protection: the data on salesforce's service comes from all over the world, and winds up replicating data of international companies on servers in the U.S. EU privacy considerations, customers concerned about privacy concerns and exposure of data to U.S. government, potentially. Salesforce tells customers it will comply with properly issued subpenas, so they're on notice. Limitation of liability: salesforce does this by contract, has customers indemnify against third party claims. The customer has a similar problem going in salesforce's direction (gives up control of data management, etc.) Limit salesforce uses is 1.5 times a customer's annual fee. Warranties: look like most enterprise software warranties, the service will work in accordance with the documentation. What gets warranted though is a moving target. Policing customer behavior: there is some element of monitoring that goes on. Salesforce monitors a customer's use of the system, but not the data itself. User identity issues: is a user on the U.S. denied parties list? From an embargoed country? Difficult points in the customer agreement are indemnities, confidentiality. Service level agreements: online software providers frequently asked to give assurances that the service will be available for some limited number of hours daily or monthly. Oracle learned six years ago that just offering money back if not delighted is not enough. Disaster recovery: industry is still evolving standards as to what constitutes an acceptable amount of downtime and when a customer is brought back up. Getting data out at the end of the relationship must be dealt with. Future directions: there's no much regulation here yet, but David anticipates there will be. Salesforce anticipates it will do $450 million this year. Thinks that service level agreements will slowly go away and service providers will be perceived as a utility with similar expectations on the parts of all involved. [See Google: gmail, calendar, gtalk, etc.]

[Technorati tags: , ]

Thursday
May042006

Open Source Software at iTechLaw, Part II

(Continued blogging of the iTechLaw Open Source Software panel, after a mid-morning break). Chris Nadan (Director, Software Legal/Associate GC, Sun) is up next. Impossible to know what will exactly will constitute a "distribution" under the GPL. The Free Software Foundation has a broad reading of the term; there's no guarantee that just because you're an end user you're not engaged in some form of "distribution" as the term is used in the license; words like "distribute" and "derived from" as used by lay developers should be interpreted consistently with the way they have been under copyright law, but there's no way to know for certain that they will be. (This is relevant because if you're "distributing" the licensed work in some way, you also have to make the source available under GPL.) Nadan says it's a myth that the GPL only affects "derivative" works. Professor Nimmer thinks of the derivative work as the work that has both the new (GPL) and old code in it. There's alot of case law that says just because software is copyrightable doesn't mean every line of code is copyrightable expression. Stephen Davidson adds that if you add the right two lines of GPL code to a much larger thing, the whole thing may become derivative.

Steve Mutkoski had an aside about the collision of mindsets between engineers, for whom ones and ones and zeros are zeros, and lawyers, whose definition of one can change to zero at any time and vice versa.

Sherman Chu (Director, Technology Licensing, Cisco) spoke next on developer best practices. It's best to think about open source as a software quality issue. In connection with acquisitions, though you might require representations and warranties of a company being acquired, as a practical matter they don't do much for you. Case study: Cisco and Linksys. Linksys acquired about three years ago by Cisco. Some Linksys products were OEMed from a company in Taiwan, and there was yet another level of derivation; Cisco was three levels removed. Yet, there was "open source contamination" in the code, and as a result Cisco was demanded to release the source code; didn't even have the source code. Because of the relative unimportance of the particular product, it wound up not being a big IP issue for Cisco, but the situation might have been otherwise and this is a cautionary tale. Even so, it was a bad PR and an unnecessary distraction. Sherman and Cisco follow a similar due diligence process in hope of avoiding these kinds of situations as the one Steve Mutkoski described for Microsoft. Due to the slippery nature of the issues involved, training becomes key; the message has to be broadly communicated. You also have to build processes to scale. Engineers just aren't going to come to a lawyer on open source issues if they think it'll take two weeks to get an answer. Cisco automates the approval process. Another tip is to get to know your organization's open source gurus, they're an invaluable resource as to how the community is likely to respond. Along these lines, it not just about the law. Community norms and actions can have just as big an impact (or bigger) than legal actions.

Closing out the session was Todd Nelson (Vice President of Legal and General Counsel for Fortinet) on the draft, in process v3.0 of the GPL. Trick is to keep proprietary bits proprietary and open bits open. The Free Software Foundation take on v3.0 is that it's not really a change but really the appropriate interpretation of v2.0, so the draft out for comment is at minimum instructive on the Foundation's take on 2.0. Discussion of the very different views of the GPL adopted by Richard Stallman and Linus Torvalds (who released Linux under 2.0 but has said he's unwilling to release it under 3.0). Key new thinks in 3.0 are the DRM exclusion and patent retaliation provision. Steve Mutkoski observes that 3.0 seems to be routing around the dispute about what's a derivative work. Todd Nelson responds that what 3.0 does is take a sledgehammer approach with a very broad definition. Under 3.0, DRM refers to anything that restricts your use, not just copy restrictions. Anything used to enforcde pre-defined policies controlling access. Upshot is that if anything contains GPL licensed materials all the DRM keys (as DRM just defined) must be provided. Todd had to unfortunately rush through alot of his material because they ran over time, and with that, we're breaking for lunch.

[Technorati tags: , ]