Cloudy With a Chance of Disaster
Steve Jobs recently announced the introduction of iCloud to the world of consumer computing. The service promises to provide access to files, such as music and photos, from multiple devices. A recent radio advertisement touts the benefits of an online payroll system that can be accessed from anywhere in the world, and is so easy to use a boy operating a lemonade stands can use it. The concept behind iCloud and software that is accessible anywhere is not new, but is part of a rapidly growing technology platform called the cloud or cloud computing. Cloud computing gives both consumers and businesses the ability to use software applications and input and access data on any number of devices anywhere in the world.
Cloud computing is generally the ability to remotely access software and data from off-site servers and other hardware through the Internet. It is divided between public and private clouds. A public cloud services multiple clients and customers, and a private cloud, similar to traditional outsourcing that is controlled by the user, services only one or a limited number of clients and customers. Application software offered in the cloud, or software as a service (Saas), runs on servers located off-site or in a remote location. The software does not reside on the desktop or local computer or server. Netbook computers are designed to operate Saas, because they do not need a hard drive, but merely need access to a browser and the Internet to operate the SaaS application.
Many of us are already in the cloud with Google’s Gmail, Yahoo mail, Facebook, Flickr, and Google docs. The number of business applications is rising rapidly. The economic and other benefits cannot be ignored, particularly in stressed economic times. However, there are several potential drawbacks, especially for business applications, that need to be addressed before fully embracing and launching the concept.
Some of the advantages of a public cloud are the sharing of costs, infrastructure, and resources, but the advantages of a private cloud are control and security. Because cloud services are operated on servers not owned or operated by the user, there are significant cost savings available. Users do not need to support upfront capital investment to purchase the same level of hardware and software required for internal networks. With access through the Internet, information may be input and accessed from any location in the world where there is Internet access, and because the cloud is not tied to a specific location or device, the information may be accessed by multiple and diverse devices. Cloud services are scalable, again without significant cost increases.
Unfortunately, there are also several potential landmines that cannot be ignored, and many cloud providers have developed boiler plate terms of service that are non- or minimally negotiable. In many cases, the terms of service may be modified by the service provider simply by providing notice online. As a result, it may not be possible to negotiate several of the critical terms that impact on the use on the cloud.
Some unavoidable concerns are security and privacy, because both are out of the control of the user. The level of care exercised by the cloud service provider may not rise to the same level the user might maintain. These concerns are particularly relevant for financial institutions under GLBA and health care providers and business associates under HIPAA. Backing up data, business continuity, continuous access to data, backwards compatibility, and location of servers for purposes of US and international law regarding privacy are a few other examples of issues that need to be addressed.
Cloud computing is on the rise, and provides some incredible benefits, but it is not for everyone. No business should use the cloud without first doing a full assessment of its needs, and assess the downside of the failure to meet those needs, both legal and business. Any due diligence or assessment should include a careful review of the terms of use. Over time, many of the concerns will likely diminish, but for now, users must walk carefully through the minefield of potential disasters.
Door Opens for New Competition in the Domain Name World
On June 20, 2011, ICANN (Internet Corporation for Assigned Names and Numbers), the international body that regulates domain names, approved the implementation of a procedure for the adoption of new generic top level domain names (gTLD). Generic top level domain names are the letters to the right of the dot in a domain name, such as .com, .net, and .org. Prior to this action, there were 22 generic top level domain names, but now there could be potentially thousands of new gTLDs. According to ICANN, “Internet address names will be able to end with almost any word in any language, offering organizations around the world the opportunity to market their brand, products, community or cause in new and innovative ways.”
New gTLDs will be assigned based on a complex and expensive application procedure. The initial filing fee is $185,000, and there is an annual fee of $25,000. These are in addition to other application fees in some cases, and other expenses as well. The application procedure guidebook is approximately 350 pages. Applications may be filed between January 12, 2012 and April 12, 2012. There may be additional rounds of applications, but the first will be the most critical, and it is not certain there will be additional rounds. According to http://dot-nxt.com/applicants, there are currently already over 120 applications that will be filed during the application period, and some of the anticipated names are .mls, .music, .hotel, .canon, .hitachi, and .vegas.
One of the important objectives of ICANN in adopting the new gTLD was to avoid cybersquatting, and other trademark and intellectual property infringement. In the early days of the Internet and the use of domain names, cybersquatting became a significant problem, and finding remedies was a challenge. In response, Congress passed the Anticybersquatting Consumer Protection Act, and ICANN adopted the Uniform Dispute Resolution Procedure. Under the new procedure, the application fee alone will be a significant deterrent, but there are other procedures and protections built in as well. Not only will the application process attempt, through an evaluation procedure, to identify any potential infringement and misuse, but there will be procedures for third parties to protect their own intellectual property and other rights. The policy includes a trademark clearinghouse and sunrise procedure, as well as dispute resolution procedures. However, there is no crystal ball to identify what problems will arise, and how successful these procedures will be in protecting rights and avoiding problems.
The adoption of this new policy and the implementation of new gTLD could be revolutionary. Consumers will no longer be left to finding products and services using potentially confusing second level domain names and domain names. For example, a search for a Nissan automobile at nissan.com will be disappointing. Computer products and messages about Nissan Motor’s litigation against Nissan Computer are available at Nissan.com, but Nissan automobiles will only be found at nissanusa.com. Nissan Motors may be highly motivated to apply for the new gTLD .nissan to avoid the problem going forward. Brand owners will have a unique opportunity to secure a strong position on the Internet, and will no longer need to compete with others for domain names within the .com gTLD. Communities of people and organizations may have a unique and strong presence online, such as organizations supporting a .eco gTLD.
There are at least two significant implications for brand owners and others doing business in an online world. Businesses need to seriously consider either banding together with others to develop a community or generic domain name, such as financial institutions adopting the gTLD .bank, or consider adopting a brand gTLD, such as .canon or .deloite. However, applying for and adopting a new gTLD will not be for everyone. In addition, brand owners will need to be vigilant in making sure that others do not trample on their rights when adopting new gTLD, and take appropriate action. Some appropriate actions are to monitor applications filed, submit comments to ICANN on applicable applications, including as part of a community, file objections and lawsuits, if necessary, and participate in other procedures, including trademark clearinghouse and sunrise procedures. This significant development is also a good opportunity to review current online brand strategies to see if any changes or modifications are appropriate.
Significant changes in the world of the Internet, in addition to bringing positive changes, also usually yield unintended consequences. Unintended consequences are likely with the venture as well. But, the potential for brand and community awareness is huge. Brand owners and community participants will need to be vigilant and aware of developments and the implications for them as this policy and application process unfold, and new gTLDs launch in cyberspace.
How Well Are You Managing Your Legal Risk?
As Congress considers cutting trillions of dollars from the federal budget, waste and fraud detection will certainly be part of the plan for finding precision dollars. Regulatory agencies are likely to increase their focus on compliance, and a new culture of compliance is likely to emerge in business in general. Managing legal risk, in particular, is part of strategic planning and corporate compliance. Unmanaged legal risk can lead to potentially significant adverse consequences. Legal risk management is designed to help business managers improve future earnings of the company by identifying and appropriately managing legal risk to minimize potential losses.
What is legal risk management?
It is a systematic way of identifying legal risk in business, establishing programs for eliminating, avoiding, transferring, or mitigating the effects of such risk, developing a plan for conflict resolution, and educating business leaders and employees on how to manage such risks in the future. There are five stages or steps:
- identify key issues and documents relevant to risk management through the use of a questionnaire
- assess legal risk through an interview with key management personnel and a review of the documents
- analyze legal risk by prioritizing and determining what risk can be eliminated, mitigated, or otherwise managed, and specifically how it will be done
- manage legal risk and conflicts by developing a plan based on the risk analysis, including the use of available resources, establishing a conflict resolution plan, and providing appropriate training
- implement, review, and follow up on the plan
What will I have at the completion of this process?
You should have a much better idea of what legal risks you face in your business, and a plan and process for managing that legal risk. You should have comfort knowing that you have taken steps to manage your legal risk. You will have sent a message to other members of your management team, and your employees, that you value corporate integrity and compliance.
How is legal risk management implemented?
The concept is a menu approach, and each step is unique. Although all steps should be implemented, after the first two, you can choose to retain legal counsel to continue to assist and guide the process, or use internal personnel only for the remaining steps. There is no outside legal cost for the first step. The cost for legal counsel for the second step will be determined after review of the questionnaire and will fixed. The cost for legal counsel for each additional step will likewise be fixed and determined from the information provided in the questionnaire and interview.
Who should be on the team for implementation?
Most businesses react to legal risks, and many attorneys are probably very good at addressing legal risks as they arise. Legal risk management, however, seeks to avoid unanticipated risk, and potentially “bet the company” risks, and requires the involvement of team members, both business executives and lawyers who both understand and have implemented these concepts.
Is it possible to eliminate or even effectively manage all legal risk?
No, the objective of legal risk management is not to eliminate all legal risk. That would be impossible. In fact, there is much legal risk that cannot be eliminated, and there are legal risks that business managers will consciously accept because the cost of eliminating them is too high. However, legal risk management can help reduce the possibility of facing unexpected expenses in the future by dealing with legal issues now. It is not about trying to find skeletons in the closet, but it is about looking forward and creating a plan to manage manageable risk. It is about finding solutions, not just identifying problems.
How is legal risk management different from other compliance functions?
There is an overlap between corporate compliance functions and legal risk management. Corporate compliance focuses on business and legal risks in a regulatory environment, while legal risk management focuses on how well the business is managing legal risk in general. Legal risk management seeks to provide business managers and compliance officers with the tools and concepts necessary to help them manage and reduce legal risk and costs, and thereby improve the bottom line, and corporate integrity and compliance within the organization.
Principles-based business management
The businesses that will be most likely to implement legal risk management will be principles-based businesses, meaning they are motivated by core principles that positively impact stakeholders over longer periods of time. Although they recognize the need for task-orientation, and acknowledge the new world of compliance in which they operate, they also seek to operate on time-tested core principles. For example, a principles-based business will implement employment policies and procedures consistently applied not only to comply with law or a regulatory requirement, but because they want to be fair to their employees and create a positive working environment. They will develop polices to avoid infringing on the intellectual property rights of others, because they value their own intellectual property rights and expect others to respect their rights. Corporate integrity is important to principles-bases business, meaning that if policies are implemented based on principles, the executive management team not only talks about compliance with those policies and principles, but seeks to embrace and manage based on those principles. Employees do not hear one thing, and see something else from their leaders. The executive management team understands and buys into the need for consistency and compliance.
Five Things Every Business Should Know About Copyright Law
Any business that has a website, uses software, advertises its products or services, or outsources any design or development work, needs to understand that copyright law is vital to your business. Jen Ward and I did a webcast presentation discussing five fundamental copyright law basics that will help your business to manage and protect its copyrights and avoid copyright infringement. Watch the webcast.
Outside General Counsel
Most small and mid-sized businesses cannot afford the benefits of inside general counsel. Some of the benefits of inside counsel include easy access to legal advice, cost controls on the cost of legal services, and legal focus and expertise in a specific business and industry. What if it were possible to have at least many of the benefits of inside general counsel, without the fixed overhead of inside counsel?
Here are some things outside counsel can do to provide some of these benefits:
- Manage legal risk, including annual compliance and legal reviews
- Conflict resolution management.
- Be readily available to respond to routine legal questions
- Attend board meetings
- Coordinate the delivery of all legal services
- Gain industry knowledge by attending industry conferences
- Work as a member of the management team
- Review legal bills and work on alternative billing arrangements
Developing Powerful Brands
In today’s challenging economic environment, businesses are looking for ways to improve their competitive advantage. One important way is through branding, which includes one or more trademarks. Some trademarks and brands are stronger than others. Watch a webcast presentation addressing how to develop, use, and protect a powerful brand while avoiding potential infringement litigation. Click here for the webcast.
Caution When Protecting Domain Names
A common concern with domain names is the use of very similar domain names by others, which drives traffic intended for one site to another. One example is typosquatting, which is the practice of registering and using a domain name that is the likely result of mis-typing a domain name. Traffic is then driven to another website by the mistaken typing of the intended domain name. Another common concern is the use of a trademark of another in a domain name, again with the intent to drive traffic to another site with the trademark. There are several ways to protect against such problems.
The Uniform Dispute Resolution Policy adopted by ICANN provides a means for a domain name to be assigned to a trademark owner if the domain name is confusingly similar to a trademark and the domain name is registered in bad faith. Similarly, the Anticybersquatting Consumer Protection Act provides remedies for trademark owners. A practical way to protect a domain name and trademark without having to hire a lawyer is to register several iterations of the domain name to prevent others from registering and using them, or registering them and trying to sell them. When registering such iterations to protect a website, there is a temptation to use the additional domain names as redirects, so that if a user types in one of the additional domain names, it takes the user to the original intended website. By doing so, the website owner can have several domain names all leading users to one website.
Here is the caution: if the website to which traffic is being driven using one of the additional domain names as a redirect collects any personal information, including a user identification and password, to access an account or other information, the website owner should not allow the registration of the other or additional domain names to lapse, or allow the domain names to be placed for sale by a registrar or used by another. Why? Because the new domain name owner could use the domain name as a redirect to his or her website, and users accustomed to typing in the additional domain name may not recognize that they have been redirected to a new website. This is true, particularly if the domain name includes a trademark, or name that is confusingly similar to a trademark. Users will believe that they are using the website of the original intended owner and happily type in personal and confidential information at an unknown and unintended website. The new owner of the domain name could then collect the information on the new website and use it to access accounts and other information from the original website. Fraud and identify theft are the natural results.
The bottom line is caution should be used when developing a plan for protecting domain names and the use of trademarks in domain names. There is no question that a plan should be established, but it needs to include consideration of these issues.
What Happened to Notice to Participants of Third Party Licenses
There may be some confusion about the rights of MLS in connection with new opportunities to license listing content to third parties, such as Realtors Property Resource™ (RPR), CoreLogic®, and Move®. For years, National Association of REALTORS® (NAR) has appropriately taken the position that listings are the property of the participant who generated them. Policy Statement 7.85 adopted by NAR in May, 2005 states that the participant owns the listing agreement, or in other words, the intangible property called a listing. This is distinguished from the copyrightable listing content that may be owned by the participant if he or she takes appropriate steps for such ownership. However, and consistent with the concept that the participant owns the listings, the policy statement also prohibits the use of listings and listing information by MLSs for other than the “defined purposes of MLS”, without first obtaining the participants’ consent, meaning all of the participants. The “defined purposes of MLS” means use by participants through the MLS system for providing real estate brokerage services. One interpretation went so far as to include IDX as being outside of the defined purposes of MLS. Further, the consent cannot be required as a condition of obtaining or maintaining MLS participatory rights, which addressed the red herring issue of who owned the listings. The policy statement allows MLS to presume such consent provided that listing brokers are given adequate prior notice of any intended use unrelated to the defined purpose of MLS, and given the opportunity to affirmatively withhold consent for that use. Any notice must be real, however, and not a sham. Participants need to be aware that the MLS is licensing listings to third parties, and let the participants know they have a right to opt-out of any such license. MLS need to take notice of this policy statement and remember to obtain the consent of its participants before licensing any listing content to any third parties, including Realtors Property Resource™ (RPR), CoreLogic®, and Move®. Failure to do so could put an MLS in a position of non-compliance with the NAR MLS model rules, and it could give a claim to a participant who does not want his/her listings being licensed without his/her consent.
NAR Mid-Year Meeting–Take Aways
As always, the National Association of REALTORS® mid-year meeting held in Washington, D.C. generated issues and discussion on many relevant topics. Here are just a few thoughts on some of those topics:
More RPR and IP
Although more subdued, services offered by Realtors Property Resource™ (RPR), CoreLogic®, and Move® were still topics of discussion. After reviewing drafts of the license agreements for PRP and CoreLogic, I was reminded of an important intellectual property risk that needs to be managed by MLS, preferably before signing a license agreement. In data license agreements, MLS may be asked to warrant that the MLS data will not violate any intellectual property rights of any third party. There are several steps that need to be taken in order to give that warranty substance, or to make it true. And the failure to take those steps exposes the MLS to the risk of copyright infringement and breach of contract claims.
When a MLS takes a listing it should obtain from the participant a license and certain representations and warranties concerning the listing. But in addition, the participant needs to take steps to insure that he/she has obtained an assignment or a license from all upstream parties involved in the creation of a listing, including the seller, agent, photographer, and any other person that contributes to any original element of the listing. If the participant has done his/her job, and the MLS has done its job, then the warranty will be accurate, and the MLS will be properly managing its risk. However, if either the MLS or the participant has not completed its work, and if the licensee of the listings, in this case First American CoreLogic, is sued for infringement, then CoreLogic has a claim against the MLS.
The MLS will then find itself in the very uncomfortable position of either having to pay the claim to protect its relationship with its participants, or sue one of its own participants for not obtaining the necessary assignments and licenses to the intellectual property rights to the listing. A much easier way to manage this risk is have the MLS rules and regulations, participation agreements, and license agreements reviewed to confirm they have the appropriate language, and then provide training to participants to help them understand what they need to do to manage their own risk. Education and compliance reviews are the keys to managing risk and maintaining good relationships with participants.
Required Photographs
At the multiple listing issues and policies committee meeting, the committee adopted a policy regarding the required submission of photographs to the MLS. Under the newly adopted policy, MLS’s may, as a matter of local option, require submission of a reasonable number of exterior photographs. If the photographs are taken by anyone other than an employee of the MLS, the MLS must have a license to use the photograph. If the license comes from a participant, the participant must receive an assignment of the intellectual property rights to the photograph from the photographer. Also, if the photographs are of the interior of the property, and if there are copyrighted works on the walls or displayed in the home captured in the photograph, there could be an infringement claim made against the MLS for display of those copyrighted works. Finally, if display of the photograph raises any privacy or security issues, seller consent should be obtained.
Use of “Green” Trademarks
At the MLS association executives meeting, there was a presentation regarding the green MLS toolkit. Just a remainder that when an MLS provides a means for a participant to represent a property as qualifying for certification under a particular green certification trademark, the MLS needs to caution the participant against making such a representation, unless the home or property has, in fact, been certified and all of the conditions to use of the certification mark have been satisfied. Otherwise, the participant could be liable for trademark infringement. The participant may not be happy with a MLS that provides an opportunity to check a box regarding certification without providing the appropriate training or knowledge on what it means to check the box.
New FTC Guides on Advertising–Applicable to You?
Endorsing products or services is anything but risk-free. In October, 2009, the Federal Trade Commission (FTC) adopted revised Guides Concerning the Use of Endorsement and Testimonials in Advertising (Guides) which became effective December 1, 2009. Under Section 5 of the Federal Trade Commission Act (15 USC Section 45) (FTC Act), the FTC has broad authority to prevent persons from using unfair methods of competition, or unfair or deceptive practices in commerce. To provide guidance for advertisers who want more definition about what constitutes unfair methods of competition, or unfair or deceptive practices, the FTC has adopted the Guides. Although the Guides are based on voluntary compliance, the FTC has significant remedies in its arsenal if it chooses to pursue endorsements and advertising inconsistent with the Guides. Presumably if certain acts are contrary to the Guides, the FTC would also find the behavior in violation of the FTC Act.
The Guides apply to any endorsement, which is any advertising message, and includes verbal and non-verbal representations, demonstrations, or the depictions of the name, signature, likeness, or other identifying personal characteristics of a person, that consumers are likely to believe reflects the opinions, beliefs, or experiences of another, including experts. Endorsements may be made in many ways, including television advertisements, radio promotions, infomercials, blog entries, demonstrations, film critic reviews, restaurant critic reviews, and scientific papers. Blogs as a new form of communication are a great way to promote goods and services, but any blog entry that fits the definition of an endorsement may fall within the scope of the Guides.
Any seller of a product or service that either has engaged a third party, or knows a third party is endorsing its products or services, needs to pay attention to the Guides. Whether the statements are intended to be endorsements may not be relevant. If the endorser is making representations or statements that reasonably could be interpreted as endorsements may bring such statements within the scope of the Guides.
The Guides identify several principles that govern endorsements and advertisements.
1. Endorsements must reflect the honest experience, beliefs, findings, and opinions of the endorser. For example, if the endorser claims to be using a product, the endorser must be using the product.
a. Should an endorser make any claims that are not substantiated?
b. If a product is modified, may an endorsement used for the product before modification continue to be used?
2. Advertisements with endorsements by consumers regarding the performance of a product or service will be interpreted as representing that the product or service is effective for the advertised purpose. The advertiser must be able to substantiate the claims in the endorsement in the same way it would if it were making the claims directly.
3. The experience of a consumer in an endorsement of a key attribute of the product or service will be deemed to be representative of what consumers will achieve generally with the advertised product or service. Again, the advertiser must be able to substantiate the claims in the endorsement.
a. If testimonials are given by several consumers for a weight loss product, what evidence must support the assertions made in the testimonials?
b. Does it make a difference if the testimonial is based on personal preference, rather than scientific results, for example, families that prefer cake mixes over cakes made from scratch?
4. Endorsements that purport to be made by consumers need to be made by consumers.
a. If a consumer receives some benefit for the endorsement, is she/he no longer a “consumer?”
5. Experts giving endorsements must possess the qualifications that give the expert the expertise for the endorsement.
a. May a chemical engineer hold himself/herself out as an expert on the design of an automobile in an endorsement?
b. Is it deceptive for a doctor with a Ph.D in exercise physiology to endorse a hearing aid, if the advertisement implies or makes it clear that the endorser is a “doctor?”
6. Endorsements by organizations, especially expert organizations, will be viewed as an endorsement based on the collective judgment or experience of the group, and not that of an individual member of the group. The expectation is that the judgment will be free from the bias and subjectivity of an individual member.
a. Is it sufficient to have an organization endorse a product, or does the organization need to have an independent basis for endorsing the product, such as independent testing or compliance with an organization standard?
7. When there is a relationship or connection between the seller of a product or service and the endorser that might materially affect the credibility of the endorsement, the relationship must be fully disclosed, assuming the connection is not reasonably expected by the audience for the endorsement.
a. Should bloggers disclose if the product being endorsed was given to the blogger free, or at a substantially reduced cost?
b. If a blogger posts a glowing endorsement about a product in a chat room, on a message board, or some other open forum, does he/she need to disclose his/her employment by the manufacturer of the product?
Generally speaking, the Guides do not create any obligations beyond being honest, accurate, not misleading, and reasonable when using endorsements. Asserting a lack of knowledge may not be a good defense. The FTC may bring a civil action under the FTC Act against anyone who engages in unfair or deceptive acts or practices with knowledge, or “knowledge fairly implied on the basis of objective circumstances” that the acts are prohibited. The potential downside is a civil penalty of not more than $10,000 for each violation.
