Federal Court Rules that a Search Engine Company Can Maintain Negligence Claims Against a Domain Registrar

August 9, 2010 by Leave a Comment

A judge for the United States District Court in the Southern District of New York has ruled that Baidu, a company which operates a search engine service in China, could maintain gross negligence claims against domain registrar Register.com for failed security practices which Baidu alleges helped facilitate a cyber-attack against Baidu’s website.

After Baidu registered its domain name with Register.com, an intruder launched a cyber-attack against Baidu’s website by redirecting Baidu’s webpage to one stating that “it had been hacked by the Iranian Cyber Army” and showed “an Iranian flag and a broken Star of David.”

The intruder gained access to Baidu’s website after having an online chat with a Register.com customer service representative. The representative asked the intruder for Baidu’s security verification information, which the intruder could not provide, “but the [representative] nonetheless emailed a security code to the email address that Baidu had on file.” However, the intruder did not have the security code, so at the intruder’s request, the Register.com representative changed the e-mail address on file. The hacker was then able to access the account by using the “forgot password” feature.

Baidu brought claims for breach of contract, gross negligence, recklessness, and contributory trademark infringement. In it’s defense, Register relied on the limitation of liability clause in its Master Services Agreement which states that, “termination … or modification of [the Services,] … inability to use the Service[s], … loss incurred in connection with [the customer's] services,” or “any other matter relating to [customer's] use of the Service[s].” The Master Services Agreement also includes a limitation of liability clause limiting Register’s liability to $500, and states that it is the customer’s “responsibility to safeguard the User name, password and any secret question/secret answer . . . from any unauthorized use.”

The New York court stated that, while limitation of liability clauses are generally enforceable, they are not enforceable if they limit liability for willful or grossly negligent acts. Therefore, the court held that Baidu’s complaint satisfied that standard because Register failed to follow even minimal security procedures, much less its own security standards.

In its defense Register also argued that under the contract, it was the customer’s responsibility to maintain security of any password or security information and, therefore, it had no obligation to maintain any security procedures with respect to Baidu’s account. The court rejected this argument, stating that because Register undertook a duty to Baidu, it was required to live up to that duty in a non-negligent manner. In fact, the court said that these security measures were put in place by Register precisely because a cyber attack on its customers was foreseeable.

Finally, Register argued that it should be granted immunity as a registrar because Baidu failed to adequately allege the elements for contributory trademark infringement. The court rejected this argument. Yet, the court agreed with Register that Baidu did not “plausibly allege that Register engaged in contributory trademark infringement.” Therefore, the court dismissed this count.

This case should serve as a warning to domain registrars to maintain their security standards and protocols. It should also serve as a warning website owners to be vigilant in guarding the security of their site. However, based on this case it seems unlikely that a domain registrar would be held liable for website hacks that were unforeseeable.

Do you think that a domain registrar should be held responsible for the security breach that occurred in this situation? Please share your thoughts!

To read this opinion please go to: Baidu, Inc. v. Register.com, Inc.

If you have questions about this issue, or if we may be of assistance to you, please feel free to contact us.

Filed under Intellectual Property, Technology and Telecom Law

Russian Businessman Trademarks Emoticon

December 30, 2008 by Leave a Comment

Moscow, Russia: The Associated Press and the BBC reported last week that Russian businessman, Oleg Teterin, president of the mobile ad company Superfone, claims to have the trademark to the combination of punctuation marks used to convey the “winking face” ;-) emoticon in e-mails and text messages. Teterin states he does not wish to obtain money from individuals who use ;-) and similar emoticons. He does, however, intend to demand “tens of thousands of dollars” in payments from corporations who use the trademarked emoticons. Teterin claims similar emoticons like :-) or ;) or :) may fall under his trademark since they are similar to the wink ;-) .

The Federal Service for Intellectual Property, Patents and Trademarks, Russia’s federal patent agency, apparently favors enforcing the trademark rights that Teterin claims. The Russian agency will send out warning letters to companies believed to be in violation of the mark’s use. According to Teterin, “Legal use will be possible after buying an annual license from us. It won’t cost that much – tens of thousands of dollars.”

Reaction from Europe has been extremely skeptical: “Imagine the next wise-guy who trademarks the 33 letters of the Russian alphabet and then says anyone who uses the Russian alphabet has to send him money. It’s absurd,” Alexander Manis, the director of a broadband Internet and mobile company said.

British trademark attorney, Lee Curtis, said that even if Russia continues to enforce the trademark rights Teterin claims he has the right to assert, it is irrelevant in the EU. According to Curtis, there are two grounds for objection relating to Teterin’s registration.

Curtis said: “Firstly, the emoticon is effectively not acting as a badge of trade origin. In the main, trademark registrations protect terms which distinguish the goods and services of one trader from those of other traders. I doubt the public would ever view a ;-) emoticon as a trade mark. The ;-) is descriptive of a feeling, rather than the goods and services of any one trader. The emoticon simply does not act as a badge of trade origin. Secondly, emoticons are now so widely used that they have effectively become descriptive terms in common parlance. Thus, even if one could argue that when the emoticon was originally devised … the term is now so widely used that it has effectively become a term of art. The use of emoticons has not been controlled by a single entity and effectively the public owns the term now.” Curtis concluded saying that trade mark registrations are territorial, so even if these types of registrations are enforced in Russia, they are not enforceable in other countries.

What do you think: How would your company respond if it received a demand for trademark infringement of the emoticon? Should Oleg Teterin be able to enforce his trademark on the ;-) ? Does Teterin have an enforceable trademark?

Filed under Intellectual Property

White Paper: Prepare for Incoming Torpedoes

August 27, 2008 by Leave a Comment

In the grand scheme of things, it’s always exciting to begin new ventures, and starting a new business or renaming an existing business is one of them. But with all of the adrenalin flowing in anticipation of such changes, some matters do have a tendency of getting lost in the process. Consequently, the business can be hurt when it least expects it, from heretofore silent torpedoes coming from the warships of trademark owners.

As an example, when a business is in the start-up phase or an existing business is going through a renaming to capture a new market, a great deal of effort goes into (or should go into) determining the branding of the company. It is not merely important to find a name which will turn potential customers’s heads and bring them through your door. What is even more essential is to find a branding which is protectable and enforceable.

This is generally a two-step process. First, when the name of a company is selected, two separate searches must be done to confirm that the name is available for use. If the company is incorporated, a search may generally be done through a corporate name database in the state of incorporation. In addition to that, it is imperative that companies run a trademark search on the name, because this is the warship from which the torpedoes are fired. And most companies have the corporate name search done and don’t even think about a trademark search.

Trademark searches generally involve a search through the U.S. Patent & Trademark Office (PTO) database, which houses registered marks and pending applications. Further, searches include an examination of telephone books, corporate names, journals and newspapers, as well as State trademark registrations and Internet domain names. The searches can be as comprehensive as the budget allows.

The second step is, once the searches have determined that the name is good to go, to obtain a  Federal registration from the PTO. Federal requirements include ultimate use in interstate commerce before the registration will issue. Also, the name should never be descriptive of the goods and/or services the company offers – in such cases, registration will be refused. Practically speaking, the strongest and most enforceable marks are those which are arbitrary or fanciful (such as Kodak for cameras), those which make people sit up and take notice, make them laugh or make them think. What they will do, most importantly, is remember the name of the company, which is, of course, the point.

Many companies have been brought up short by a trademark owner’s torpedo, demanding that a company name be changed due to a likelihood of infringement with a mark which has been in use longer than the company name and which is, in all probability, already registered. The cost and time of rebranding under these circumstances (and, indeed, the cost and time of litigation should you choose to fight it) can be tremendous. Furthermore, if the name of your company is found to be infringing an established mark in a legal proceeding, you will likely be required both to pay damages and to disgorge whatever profits you have made during the period of time your company has used its name.

Smart companies put on their armor at the outset by having both searches performed before confirming a new company name selection. For new start-up companies, this means the protection of sensitive capital right away; for established companies which want to put on a new set of packaging in the form of a new name, the same applies.  Be smart and let the torpedoes pass you by, as you sail into calm and lucrative waters.

Susan E. Colman is Of Counsel to Technology Law Group and has been practicing intellectual property law (trademarks, copyrights, computer law, and IT law) for more than 27 years.

Filed under Intellectual Property

E-Mail Privacy at the Office

July 8, 2008 by Leave a Comment

The introduction of new communications technologies into the workplace has created new privacy concerns for employers and employees. Should an employer have the right to view what an employee is doing on his or her computer while at work or while on company business? Should an employee have an expectation that personal e-mails or documents will be kept private from employers? These are questions that are in the process of being answered by the courts. However, there is still no clear precedent in determining a standard answer to these questions. So far, the courts have decided that employees are entitled to a “reasonable expectation of privacy but this reasonable expectation all depends on the facts of a particular case.

The fact-based nature of the inquiry makes the establishment of clear guidelines difficult. For example, courts have concluded that employers can monitor employees’ e-mails on company computers. However, courts have also recognized a distinction between employees use of company, versus private, e-mail. On this basis, the federal District Court of Appeals in California ruled that personal text messages sent on two-way pages provided to police officers were protected from the department.

In another case addressing the privacy issue, this same Circuit Court ruled that an employee has a reasonable expectation of privacy within the space of his private office. Therefore, “any search of that space and the items located therein must comply with the Fourth Amendment. However, “had the company computer assigned to Ziegler [the employee] for his business-use only been physically located outside a private office, we might have had to consider whether Ziegler had reasonable expectation of privacy in the device itself, in the face of a corporate policy of monitoring the corporate computers.

Significantly, while recognizing the greater expectation of privacy within a specific office, the courts have also been clear that employees reasonable expectation of privacy is overcome if a company has clearly stated a policy that it has the right to inspect all equipment (including laptops, filing cabinets, etc) that it has provided to its employees. Thus, “a public employee’s reasonable expectation of privacy may be reduced or eliminated by legitimate regulations’ or by office practices and procedures, such as how frequently coworkers and other individuals are permitted to enter the area that was searched.

Along these same lines, the courts have found that an employee’s own conduct may limit his expectation of privacy and thus his privacy rights. For example, if an employee “knowingly exposes [materials] to the public, even in his own home or office, [those materials are] not a subject of Fourth Amendment protection.”

Because the expectation of privacy is such a fact specific issue, and because of the myriad of potential fact patterns and applicable technologies, the line between the right to privacy and the employers right to access remains a blurry one. For example, where will the courts draw the line regarding Web-based e-mail which is not directly controlled by the employer, or, does an employer have the right to view correspondence between an employee and his/her doctor or lawyer if they occur on company provided equipment and email service even though such correspondence, if held face-to-face, would be considered strictly confidential? These kinds of issues are still being considered by the courts.

The lesson is that the legitimate interests of employers and employees are best met by the development and implementation of clear policies and practices regarding the use and monitoring of communications originating from a workplace. These policies must recognize both that employees do have a “reasonable expectation of privacy” but that employers also have a legitimate interest in ensuring that company email is utilized for its intended purpose.

At the end of the day, given the fragility of private information and the difficulty of repairing the damage that can be done by public disclosure, employees are well advised to keep personal e-mails, documents, or the like out of the office and off of company computers or technological devices.

Filed under Intellectual Property

Keep Competitors Off Your Intellectual Property

May 22, 2008 by Leave a Comment

Telecommunications companies, like other technology-related ventures, often base their businesses on the unique and proprietary nature of their business ideas, processes, products and services. Indeed, it is these proprietary products and services that allow many telecommunications businesses to stake out a niche in the marketplace and to distinguish themselves from the multitude of competing service providers. Yet, despite the importance of these ideas, processes, products and services to the success of their businesses, many telecommunications companies do not take the steps necessary to protect themselves against copycats lying in wait to steal such “intellectual property” from them, thus gaining access to the market niche they have so carefully developed.

In most cases, they need not let this happen. Service providers can protect their company’s intellectual property by obtaining appropriate patent, trademark and copyright protection. This article briefly explains each type of protection, the matters to which they apply, how to determine if protection is needed and, if it is, the steps necessary to obtain such protection.

Patents

A patent may be obtained for “any new and useful process, machine, manufacture or composition of matter, or any new and useful improvement thereof.” To be patentable, the process, machine, manufacture or composition of matter must meet the requirements of patentability, including novelty and non-obviousness. Thus, for example, software may be patentable to the extent that it is not merely a mathematical algorithm and is associated with a practical application. The same is true of a business process: it may be patentable if it is sufficiently unique, useful, concrete and tangible.

Patent law confers what is called a “negative monopoly.” That is, a patent owner may prevent others from making, using or selling the invention for a period of 20 years from the date the application is filed. The patent owner also can elect to license the patent to others and to derive often substantial royalties from such licenses. In determining whether your business has a patentable process or product, it is important to keep in mind that the United States is the last remaining country in the world in which the initial patent applicant must be the “first to invent” and not the “first to file.” Thus, even if a competitor has stolen your invention and has filed first, you still may have the opportunity to secure your rights.

Trademarks

The function of a trademark is to evoke a connection in the minds of the purchasing public between a product or service offered under the mark with the source of the product or service or the company that produces it. By using a trademark and making it known in the marketplace, a company creates a valuable asset: goodwill. Goodwill is a byproduct of the consumers’ loyalty to a product, as well as their ability to recognize the product, thereby being able to distinguish just that product from others that are similar.

The best marks to consider are those that are arbitrary and fanciful. For example, “Kodak” and “Polaroid” for cameras are excellent marks. These trademarks do not describe the products in any way and are very strong. Trademarks should not describe products or services. In fact, the U.S. Patent and Trademark Office will not register marks that are descriptive or that it determines to be generic. Examples of marks that have become generic are cellophane and escalator.

Unlike patents, trademark registrations do not expire as long as certain statutory requirements are met. For example, between the fifth and sixth year after the date of registration, an affidavit of continued use and incontestability must be filed at the Trademark Office. Also, every 10 years from the date of registration a renewal must be filed. Thus, with a little thought and planning, you can protect your company’s name and business identity through the trademark process.

Copyrights

Unlike a patent, a copyright does not protect ideas; it protects the expression of ideas in original works of authorship in a tangible medium of expression. Thus, businesses may be able to copyright software (including source code and object code), promotional materials, databases and related materials.

The beauty of a copyright is that you don’t have to do much to obtain protection, and you can get the protection immediately. A business automatically obtains copyright protection by fixing the work in a tangible medium of expression. In fact, a work expressed in RAM on a computer will be protected by copyright. Notice of copyright is provided by the placing the copyright symbol “©” on the relevant work, along with a date of copyright and an indication of the party to whom the copyright belongs. For an individual, a copyright lasts for the life of the author plus 50 years.  For a work created as a “work made for hire,” which is typical in a company setting, the copyright lasts for 75 years after the first publication of the work or for 100 years from the year of creation, whichever expires first.

A copyright owner, in most circumstances, has the right to exclude others from reproducing, distributing, displaying or importing infringing copies of the work, or from making derivative works. Derivative works are works based on the underlying copyrighted work. For example, certain enhancements to software can be viewed as derivative works.

So if you already have copyright protection in the instant you create the work, why register it in the Copyright Office? First, it allows you immediate access to the federal courts in case someone infringes your copyright. Second, it automatically gives you statutory damages in case of infringement. Third, if you prevail in a copyright litigation, you automatically will get attorneys’ fees. Litigation is extremely expensive in this country, and litigation over intellectual property is no exception.

Trade Secrets

A trade secret “… may consist of any formula, pattern, device or compilation of information which is used in one’s business, and which gives one an opportunity to obtain an advantage over competitors who do not know or use it.” Examples include technical and nontechnical data, plans, drawings, recipes, financial data, lists of customers and suppliers and software, which have economic value. Trade secrets can be used in conjunction with both patents and copyrights.

Trade secrets give you very powerful protection. At the same time, trade secrets are extremely vulnerable. If you own any trade secrets they must be kept secret or the protection will be lost.  Once this cat is out of the bag, it is out forever. License agreements involving any trade secret material need not disclose the secret itself, but must identify that trade secrets exist in the subject matter of the license. Furthermore, the license must direct the licensee to take sufficient measures and safeguards to keep the trade secret actually secret.

Unless prohibited under contract or license, reverse engineering is a legitimate means to let the trade secret cat out of the bag, so contracts and licenses must be drafted with care. Nevertheless, legal action can be brought for misappropriation of trade secrets. In such a case, you would have to prove three elements: (i) relative secrecy (e.g., that you have taken reasonable steps to protect your proprietary rights in the trade secret); (ii) the trade secret’s value to you; and (iii) novelty of the trade secret (although a unique combination of generally known information, or even data in the public domain, still can constitute a trade secret).

The duration of a trade secret is as long as it is kept secret. Companies would do well to set up internal safeguards in addition to the external safeguards set forth in their licensing agreements. The only cost is that associated with maintaining the secrecy.

The best way to determine whether you have assets–e.g., intellectual property–that need to be protected is to have a qualified attorney perform an intellectual property audit. We know–when you hear the word “audit” you automatically assume the fetal position, begin to whimper and to envision long visits with nasty, boring accountants. In this case, however, the audit will help you protect your business and save you money.

The intellectual property audit also will help you identify whether your company name, product names, logos or slogans have trademark or service mark significance. The intellectual property audit also will investigate and examine whether your company has documents, software and the like that should be registered with the U.S. Copyright Office. Finally, the intellectual property audit also will help you consider whether you have developed anything that could be considered a trade secret, and how you should protect it.

Once the intellectual property audit is completed, you will be in a position to make an informed judgment as to which of your assets need to be protected and the most efficient and effective means of obtaining protection. Like many other things in life, a little care and attention now inevitably will pay substantial dividends later.

Filed under Intellectual Property, Technology and Telecom Law

Follow

Get every new post delivered to your Inbox.