A few weeks ago, we reported that Equifax was successful in wresting over 125 domain names from squatters who were hoping to cash in on the publicity behind the Equifax security breach.  For those that have been in a sensory deprivation tank for the last few months,  on September 7th of this year, Equifax Inc. announced a cyber security breach that could potentially impact 100 million US consumers. On December 5th, the World Intellectual Property Office issued a second decision involving Equifax related domains against a different Respondent with a well reasoned opinion that requires the transfer of some, but not all of the domains stating that “Scandals spawn hashtags and disasters breed domain names”.

Warpaint Resources LLC had registered 135 domain names the next day.  These include EFXbreach.biz, EFXbreach.club, Equifax breach.guru, etc. (the “28 domain names”), efxhack.attorney, equifaxfuckedme.com, equifaxhackedus.com (the “107 domain names”).   Warpaint argued that the domain names were not confusingly similar.  Warpaint claims it was retained by an attorney to develop a communication strategy  to provide information to consumers about the data breach and regarding the possiblility of filing individual and class action lawsuits against Equifax.  The 28 domain names were transferred to Equifax Inc. while the Respondent retained ownership of the 107 domain names. The panel had no issue in concluding that all 135 of the domain names met the confusingly similarity requirement for establishing standing.  The panel also determined that some of the marks fell into the  category of fair use for purposes of asserting a legitimate interest in the Domains. Those domains that trigger an inference of affiliation with Equifax’s rights (the 28 domain names) that include the more neutral term of “breach” in association with the Equifax trademarks.  The panel found that these domains were inherently likely to engender confusion as to source or affiliation and are likely to “misleadingly divert consumers…for commercial gain”.  The panel concluded that the Respondent had legitimate interests based on the nature of the 107 domain names that included terms like “hack”, “lawsuit” and “equihax” as it was unlikely to cause confusion as Equifax would not utilize such domain names itself nor would it be likely that consumers would believe that such domains emanated from Equifax.  Therefore, the 107 domain names were not transferred.

The panel did issue a cautionary note to the Respondent that if they were to turn to a pay per click (PPC) monetization of the 107 domains, the panel might view these domains differently and even mentioned that allowing domain names that incorporate or mimic another party’s trademarks to be used for monetized PPC landing pages is irresponsible, unfair to the trademark owner and inconsistent with Respondent’s obligations under the registration agreement. The panel then takes the “unusual step of entering this Decision expressly without prejudice” so that Complainant may refile a Complaint after either websites are published or if any of the domains continue to be used by third party advertising landing pages after a reasonable transition period.

So.  Today’s lesson incorporates a few thoughts:  It is potentially legitimate to utilize another’s trademarks in your domain names if there is a legitimate fair use of the trademarks.  However, companies defending their trademarks are encouraged to continue to monitor the domain registrations and subsequent webpages that resolve from the domain names. All may not be lost.

On September 7, Equifax Inc. announced the cyber security breach that could potentially impact 100 million U.S. consumers. In addition to Equifax’s main website, Equifax.com, the company set up a dedicated website — www.equifaxsecurity2017.com — for consumers wanting to confirm whether their information was breached.  Between September 8 and September 15, China Capital Investment Limited filed in excess of 125 domain names that included multiple typosquatting versions of the website including equifaxdatabreach2017.com, equifaxsecuriy.com and 2017equifax.com, to name only a few. The domains were connected to monetized parking pages with a banner announcing that the domain name was for sale.

Equifax filed a Complaint with the World Intellectual Property Organization (WIPO) requesting transfer of the domains.  In the complaint, Equifax alleged not only that the domains were identical or confusingly similar and that China Capital had no right or legitimate interest — pretty standard stuff.  In the allegation that the domains were filed in bad faith, Equifax went on to allege that China Capital has been on the receiving end of many similar complaints from well-known trademark owners.  Combined with the monetized site as well as the offer for sale, the WIPO Panelist had little difficulty in assessing bad faith.

The case also reiterated that while failure on the part of China Capital to respond to the complaint was not fatal to China Capital’s case.  The burden of proof is still on the party filing the complaint. The panelist is allowed “in the absence of exceptional circumstances to draw such inferences as it considers appropriate.”  See WIPO’s administrative panel decision.

A good practice tip:  whether good news or bad news is being communicated from a company, a watch of new domain names should be considered.  Take immediate action and review whether the respondent has been determined to be a serial squatter.

If there is one thing you need to do by the end of the year, it is refiling your designated agent registration with the Copyright Office. The message from the Copyright Office is very clear — if you do not refile by December 31, you will lose the safe harbor protections under the Digital Millennium Copyright Act (DMCA). Consequently, you will forfeit all shields from monetary liability and may end up paying statutory damages and attorney’s fees if you are found liable for copyright infringement claims caused by user-uploaded materials.

Refiling the agent designation is relatively simple — you can do so online through the Copyright Office’s electronic registration system.  Under the new electronic system, an individual can be identified as the agent, as well as a specific position, title or department of the agent.  The process will likely take less than 20 minutes and costs just $6.00. Renewal is required in three years.

Under the DMCA, online service providers, such as providers and operators of any website, mobile app, game, etc., can protect themselves from copyright infringement claims arising out of user-uploaded materials by registering an agent and promptly taking down allegedly infringing content.  To continue benefiting from such safe harbor protections after December 31, designated agent information must remain up-to-date in the Copyright Office database so that the public can send DMCA take-down notices to the designated agent. These changes are meant to simplify the Copyright Office’s maintenance of the designated agent database and, more importantly, to provide the most up-to-date designated agent information to the public.

Trust us, this will be the most valuable $6.00 you spend over the next three years. View our November 2016 legal update for more information about the changes to the DMCA registration system.

Historically, the U.S. Patent and Trademark Office (PTO) has refused to register trademarks considered to be offensive in that they disparaged a particular person, group or institution.  Now the PTO cannot deny the registration of offensive marks on the ground that they conclude the marks to be disparaging.

On June 19, the Supreme Court unanimously held (8-0) that so called the disparagement clause of the federal trademark law (Section 2(a) of the Lanham Act), is an unconstitutional violation of the First Amendment’s Free Speech Clause.

The case arose out of the name of a Portland, Oregon, rock band “The Slants.”  All the members of the band, including the plaintiff and trademark applicant, Simon Tam, are of Asian decent.  Mr. Tam filed a trademark application to federally register the band’s name, “The Slants.”  The band chose the name to “take back” or reclaim a term historically derogatory of people of Asian descent.  The PTO refused to register the mark as “derogatory or offensive” based on the dictionary meaning of ‘slants’ or ‘slant-eyes’ and also because one of the band’s performances was purportedly canceled “because of the band’s moniker.”  Tam appealed the decision to the PTO’s Trademark Trial and Appeal Board (TTAB), but with no success.  The next appeal, to the Court of Appeals for the Federal Circuit, was successful.  The Federal Circuit, in an en banc opinion, overturned the TTAB’s decision and found that the disparagement clause is unconstitutional under the Free Speech Clause.  Then, the Supreme Court granted a request for review of the case filed by the PTO.

The disparagement clause reads as “No trademark … shall be refused for registration on the principal register … unless it (a) consists of or comprises … matter which may disparage … persons, living or dead, institutions, [or] beliefs … into contempt, or disrepute.”  The Court first clarified the meaning of the statute as being clear in its prohibition of registration of trademarks, which “disparage persons who share a common race or ethnicity.”

The Court then turned to the PTO’s arguments that federally registered trademarks are government speech as a form of government subsidy, and, the disparagement clause should be reviewed under the “government program” doctrine, which is outside of the protection of the First Amendment.  First, the Court confirmed that the PTO’s registration of a trademark does not make a trademark government speech describing the argument as “far-fetched.”  The Court further exemplified the PTO’s mischaracterization of government speech using several examples, such as “make.believe” by Sony or “JUST DO IT” by Nike.   The Court noted that trademarks are “dream[ed] up” and “edit[ed]” by applicants, and therefore, “have not traditionally been used to covey a Government message.”  The Court was particularly concerned that the PTO’s elimination of First Amendment protection to registered trademarks would similarly apply to copyright registration, which is inconsistent with copyright protection for free expression, and therefore, rejected the government speech argument.  The Court also rejected the PTO’s position that trademark registration is a government subsidy because applicants pay filing fees and maintenance fees to the PTO for registering a trademark and “every government service requires the expenditure of government funds.”  Finally, the Court denied the application of the “government program” doctrine, which provides a limited public forum for private speech based on the content or the speaker.  The Court noted that in this case, the PTO exercised “viewpoint discrimination” under the disparagement clause because, although the clause prohibited disparagement of “any person, group, or institution,” it only prohibited offensive wording – a “happy-talk clause” and went “much further than is necessary to serve the interest asserted.”  The Court found that the disparagement clause as “not ‘narrowly drawn’ to drive out trademarks that support invidious discrimination.”  Thus, the Court concluded the disparagement clause violates the Free Speech Clause.

In this decision, Justice Alito emphasized the importance of trademarks, which express viewpoints and ideas, no matter how short the mark.  The government cannot censor such expressions based on viewpoint discrimination.

Notably, the decision is likely also a “win” for the Redskins football team, in its long-running Redskin trademark case, Pro Football Inc. v. Blackhorse, 112 F.Supp. 3d 439 (E.D. Va 2015).  In addition, the PTO will need to follow the decision in its review of forthcoming trademark applications.  Importantly, this decision surely broadens the protection available for trademarks, although it may result in a somewhat less-wholesome and more shocking trademark registrations going forward.

Effective May 25, 2017, privacy statements that are “materially inconsistent” with how you handle consumer information violate a new amendment of the Oregon Unlawful Trade Practices Act (“UTPA”).[1]  A consumer may file a complaint against you based on the belief that you handle consumer information inconsistent with the terms of your privacy statements.  The Oregon Attorney General (“AG”) or a local district attorney (“DA”) has discretion to initiate an “investigative demand,” enforce a voluntary settlement, an “assurance,” that requires you to pay restitution, punitive damages to the injured consumers or enjoin your behavior.  Granted, you have the right to defend your interests and recoup damages that you incur due to a frivolous or malicious complaint.  However, in responding to an investigative demand, you still have to review your statements and processes to demonstrate consistency between your processes and statements to the FTC, AG or DA.  The first step in the journey is to conduct an audit proactively.

The amendment reinforces that performing an annual review of privacy statements and information handling processes is a good practice.  A responsible, comprehensive review should include your online privacy policy and the privacy statements in consumer contracts, cloud-hosting agreements, registration requirements and any other documents that describe your information processes and the information you require consumers to provide to you.  You should know how you and your organization process data before an AG or DA compels a public review by way of an investigative demand.

A “material inconsistency” between what you practice and what you preach violates the amendment to the UTPA.  Privacy statements about consumer information explain how, and for what purpose, the information is:

  • Collected,
  • Used,
  • Stored,
  • Disclosed,
  • Discarded, or
  • Deleted.

If you state that you only disclose consumer information to your vendors, you should only disclose the information to vendors.  If you disclose information with third party marketers without updating your privacy statements to identify the change in your process, you are taking action that is materially inconsistent with your privacy statement.

Your privacy statement should notify consumers of their right to control the information you collect and how you use it. Good privacy statements also explain why you need certain consumer information to meet your contractual obligations to the consumer.  Ideally, consumers will understand precisely what you will and will not do with their information after reading your privacy statements.  If consumers cannot understand your privacy statements, the probability of confusion and a resulting complaint increases.  Clarity is important in privacy statements to minimize the chance that consumers believe compliant companies use consumer information inconsistently with public privacy statements.

Now is the time to review the privacy statements in your consumer contracts, websites and publications.  Conducting a voluntary audit serves several purposes, including:  (1) avoiding a violation, (2) demonstrating your commitment to protect consumer information and (3) signaling your desire to meet the spirit of the amendment.  Additionally, if you are the subject of an investigative demand, you will benefit from already having information from your audit to formulate a defense.  Having current information immediately available to the investigating office may substantiate your commitment to comply voluntarily with the amendment.

Investigative demands may encourage voluntary compliance with the amendment. The stated purpose of an investigative demand is “to receive an assurance of voluntary compliance.” The investigative demand may require the subject, under oath or otherwise, to:

  • appear and testify,
  • answer written interrogatories,Money_Plants
  • produce relevant documentary material or physical evidence for examination,
  • agree or respond to an order restraining/halting the alleged unlawful practice, or
  • deliver an assurance of voluntary compliance.

O.R.S. § 646.618.

An assurance of voluntary compliance sets forth what actions, if any, the subject of the investigation intends to take with respect to the alleged unlawful trade practice.  The prosecuting attorney has discretion to reject a voluntary assurance, obtain a temporary restraining order or institute a collection or enforcement action for unpaid monies or violation of the assurance. O.R.S. § 646.632(3) and (7). The voluntary assurance may include the payment of restitution to consumers who have . O.R.S. §§ 646.632.  The court may also impose penalties up to $25,000 per violation in some circumstances and an award of reasonable attorney fees and costs at trial and on appeal.  O.R.S. § 646.642.  A “violation” includes each separate occasion on which you mishandle consumer information for each consumer, so there may be multiple violations associated with one consumer.

Investing in the review of privacy statements alongside your consumer information processes may be cheaper than responding to an investigation.  There are many “hidden” expenses associated with responding to an investigative demand:

  • Potentially harming your reputation with consumers and your business associates.
  • Responding to the investigation may distract employees and owners from doing their jobs.
  • Incurring unbudgeted legal fees to defend yourself and/or to prosecute your claim for a frivolous complaint.

Best practices:  Avoid the stress, strain and worry of an investigation by taking a few hours to audit your policies, contracts and processes at least once a year.

  • If you regularly conduct business in a state that enacts amendments and new legislation on a specific date, schedule your audit before the effective date to avoid a last minute scramble to comply.
  • Monitor the FTC’s decisions, rules and enforcement actions.  You can register through the FTC and most state attorney general websites to receive information about consumer privacy enforcement, legal updates and tips to help businesses comply with consumer protection rules: https://www.ftc.gov/stay-connected.
  • If you conduct business primarily online, see where your customers are located and familiarize yourself with the laws in those jurisdictions.[2]
  • You may want to test whether someone with a demographic profile similar to your typical customer understand your privacy statements.
  • Review the Consumer Complaint Form in the jurisdictions where you conduct business.  They generally identify specific classes of people the enforcement agency has a particular interest in protecting.  For example, the Oregon Department of Justice considers whether the complainants are veterans, over the age of 65 or speak English as a second language:  http://www.doj.state.or.us/consumer/pdf/consumer_complaint.pdf.
  • Ask someone unfamiliar with your business to read your privacy statements to test them for clarity.

Conducting a voluntary audit may be money well spent. If you do not have access to a money tree, run the numbers and make the business decision that works for you.

[1] The amendment is similar in application and remedy to the “deceptive” and “unfair practices” consumer protection regulations the Federal Trade Commission (“FTC”) enforces.  https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/enforcing-privacy-promises.

[2] California, for example, requires entities that collect personal information from California residents to include statements regarding online privacy in privacy policies.  https://oag.ca.gov/privacy.

An earlier version of this blog indicated that consumers have a private right of action under the amendment.  At this time, enforcement actions are expressly available only to government actors.  Presumably, the legislature will  determine whether there is an implied right of action.

Michelle Lee resigned yesterday as the Director of the USPTO, effective immediately.  Ms. Lee’s resignation follows months of uncertainty regarding USPTO leadership during which time high-tech giants and politicians alike expressed much support for Ms. Lee to remain as the Under Secretary of Commerce for Intellectual Property and USPTO Director under the Trump administration.  Today, Secretary of Commerce Wilbur Ross named USPTO Associate Solicitor Joseph Matal as interim Director until Ms. Lee’s successor is named.  Former Federal Circuit Chief Judge Randall Rader; Philip Johnson, a SVP for IP Policy & Strategy at Johnson & Johnson; and Michael McKeon, a partner at Fish & Richardson have all expressed recent interest in leading the USPTO and have been rumored to have interviewed with Secretary Ross to replace Ms. Lee.

Data does not exist in a vacuum.  There are some very lucrative careers based on the extraction of multiple, divergent uses of a single data set.  It follows that the fitness tracker that collects and analyzes data to encourage healthy habits may serve you well after your death.  Attorneys and litigants must be cognizant of the new horizon data presents. Criminal, personal injury and maybe, inheritance law may soon rely on data in some surprising new ways.

Dead people do tell tales. Thanks in part to data on the victim’s fitness tracker, Connecticut State police recently arrested Richard Debate for the 2015 murder of his wife, Connie.  The investigators used data to contradict Richard’s various versions of the crime.

The story the accused tells:  Richard claims he was home alone when an armed intruder entered the house demanding cash.  When Connie walked into the house after her spin class, the intruder immediately shot her to death. The intruder tied Richard to a chair.  After the intruder left the house, Richard freed one of his hands and immediately triggered the home security panic alarm to summon the police.

The story the decedent tells:  Connie’s fitness tracker data indicates that Connie, or someone wearing her tracker, took 1,200 steps in the house, over the period of one hour after Richard said Connie was dead.  Six minutes after the tracker collected the final steps, Richard triggered the panic alarm of the home security system.

The story the dogs tell: K9 dogs found no evidence of an intruder or anyone other than Richard and Connie in the house during the murder. The dogs, well, doggedly, followed Richard when tasked with finding the scent of the alleged intruder.

The story the accused accidentally tells:  Richard’s computer, cell phone and social media data revealed an affair and a pregnant girlfriend.

Police obtained an arrest warrant and charged Richard with Connie’s murder, filing false reports and tampering with evidence.  Fitness trackers can inform on the wearer’s health, mood, location and ability to focus.  Trackers surveille more accurately than a combination of video, audio and a retired junior high teacher.

Fitness trackers are the equivalent of a plane’s black box.  Fitness trackers are essentially lie detectors rigged with a time and location stamp.  Depending on the sophistication of your tracker, it measures blood pressure, pulse, respiration, and skin conductivity—the same things measured during a polygraph test.  As premised above, the data that can assist the wearer to track physical activity has multiple uses, some life-saving, some life-affirming.

  • Analysis of the wearer’s vital signs saved a wearer’s life—doctors treated undiagnosed blood clots in the wearer’s lungs after the wearer noticed her excessively high resting heart rate.[1]
  • Red lines show the GPS movements of Seattle gladiator, Kelly Herron, as she battled for her life during an attack in park restroom.[2] Kelly’s intensity and relentless self-defense is obvious in the movements her tracker collected. Her account of the savage attack and fight corresponds with her fitness tracker data.

IP Blog 052517

Fitness trackers are emerging as a source of evidence in civil disputes.  The plaintiff, a former personal trainer, seeks to prove her diminished physical capacity after her injury through fitness tracker data showing she is not as active as the average woman of her age.  What next?  Might inheritance laws and wrongful death suits soon hinge on fitness tracker data?  Roll back time to the summer of 1991.

On July 16, 1999, the nation gasped and mourned the death of the son of Camelot.

John F. Kennedy, Jr., his wife, Carolyn Bessette-Kennedy, and his sister-in-law, Lauren Bessette, died when the plane Kennedy piloted crashed.  The National Transportation Safety Board determined pilot error was the cause of the crash.  When someone, especially someone wealthy, may be liable for an accidental death, a wrongful death lawsuit can be expected.  However, when spouses die simultaneously (actually, within 120 hours of each other in Washington) without children or a document such as a trust that explicitly directs the allocation of their estates after their simultaneous deaths, the inheritance would pass according to state law.  Many state simultaneous death statutes require that each spouse is considered to have predeceased the other.  This means that the next closest living relatives of the decedents divide the estates equally, according to the degree of kinship.  While laws have remained largely dormant, technology may force the legal field to evolve at a faster pace.

Fitness tracker data may have altered the division of the estates of the John, Jr. and Carolyn Bessette-Kennedy. 

Fast forward to 2017.  John, Jr. and Carolyn are wearing a fitness trackers when the plane crashes and data indicates one spouse died before the other.  Might the estates be disbursed differently now?  Would the heirs of the later expiring spouse have basis to allege a wrongful death claim?  Apply this hypothetical to other areas of law:

  • If you rear end a car will your fitness tracker data be used to show you are chronically sleep deprived?
  • If your tracker shows your heart rates increases when you are near your suspected lover, can that evidence be introduced in a divorce?

At first this may seem far-fetched, but consider that police are asking Amazon to release recordings from an Alexa in a murder investigation. This is truly an exercise in innovativeness.   Data in itself is neither good nor evil, helpful or harmful.  Make sure you know what data is [i]being collected, and how it is being used.  Ponder this as you achieve your daily step goal.

[1] CNN ROBERT JIMISON. “Fitness tracker clues woman in to life-threatening condition.” LOCALSYR. N.p., 04 Apr. 2017. Web. 25 May 2017. <http://www.localsyr.com/news/health-news/fitness-tracker-clues-woman-in-to-lifethreatening-condition/686839857>.

[2] “Instagram post by Kelly Herron ‍♀️ • Mar 6, 2017 at 6:48pm UTC.” Instagram. N.p., n.d. Web. 25 May 2017. <https://www.instagram.com/p/BRTqqdHD1No/?taken-by=run_kiwi_run>.

[i] Thanks to my Lane Powell colleague, Mary Lee Moseley for her advice on the Uniform Simultaneous Death Act.  http://www.lanepowell.com/20679/mary-lee-moseley/

Five months after rejecting a less detailed executive order on cybersecurity, Trump signed one on May 11, 2017 (Order). The Order notifies federal agencies that the “President will hold heads of executive departments and agencies (Agency Heads) accountable for managing cybersecurity risk to their enterprises.” Other key goals of the Order are to: (1) assess the scope and sufficiency of the U.S. cybersecurity workforce; (2) increase education opportunities to ensure the U.S. has the work force to protect itself and be competitive internationally; and (3) increase transparency in the software market.[1]  Proponents of the Order hope to strengthen the security of federal networks and protect the nation’s critical infrastructure. Coincidentally, the executive branch released the Order on the eve of one of the largest and very avoidable ransomware attacks in history, the viscious #WannaCry.

The President premises the Order on the belief that federal agencies are complicit in their vulnerability to cyber threats.

IP_PuppyThe Order identifies known, immediate threats to the security of the U.S. infrastructure including:

> Being lax about cybersecurity risk management;

> Using operating systems after the expiration of vendor support; and

> Disregarding patches and updates to remedy vulnerabilities.

Essentially, many federal agencies are complacent about cybersecurity.

The Order comes with a simple but proven tool box.

The National Institute of Standards and Technology (NIST) is a non-regulatory division of the Department of Commerce.  NIST’s original mission in the cybersecurityIP_Toolbox industry was to develop a voluntary framework to manage the cybersecurity risks that threaten the U.S. electric power grid and other critical infrastructure (Framework). The Framework’s simplicity and usability led private and public entities throughout the world and across countless industries to adopt it.

The Order requires that Agency Heads must use the Framework to develop realistic risk management plans. Agency Heads must modernize equipment and software, while increasing the sharing of IT services across agencies and being more receptive to monitor and address vulnerabilities. The timing of the Order, coming one day before the worldwide #WannaCry ransomware meltdown, illustrates the important, but too-long neglected cybersecurity and privacy concerns within the U.S. government.

WannaCry? Here is something to cry about.

Almost 250,000 computers in 99 countries (and counting) would not have been vulnerable to the WannaCry or WannaCrypt ransomware if their users had just restarted the network. Here is a quick primer on the WannaCry destruction.

Ransomware 101. Ransomware locks a computer’s files and the computer operator will get a message requiring the payment of somewhere between $300 and $1 million, give or take a few bitcoin, to get the files released.
IP_Shed_2Malware, called worms, spread ransomware attacks. How does malware get on a computer?  It, the worm, enters through a “hole” in the cybersecurity fence. How does a hole develop?  Inattention. How do you fix holes?  First, you have to monitor your fence line and know there is a hole. When you find a hole, you patch it. Then, you — the vendor or IT specialist — send updates to users, if the patch cannot be updated automatically, reminding them to restart their computers or networks to download the patch. Just like that…fixed.[2]

The perfect storm of using outdated software, not looking for holes and ignoring updates permits the nightmare of WannaCry ransomware to spread. One of the most exploited targets of WannaCry is a version of software that its vendor has not sold since 2008 or supported since 2014. Users who updated the exploitable software were safe. Those who did not update to acquire the patch may have been infected.

No solution is fail-safe. Nevertheless, at a minimum, use the tools provided to you by the software vendors, IT technicians and NIST. The continued safety of the U.S. relies in part on keeping the infrastructure free of malware and fully patched. The Order has a wide-range of obligations, analysis and goals that ultimately may not be achieved within the stated timeframe. There’s a patch for that.

[1] Software is treated as a one-time capital expense, depreciating over time. This pricing model ignores the reality that software is never truly finished — it always needs a new version or update to increase efficiency and reduce vulnerabilities. This aspect of the Order merits discussion, but not here, not now.

[2] The author clearly has a problem with holes in buckets also:  https://www.beyondiplaw.com/2016/06/23/reputation-matters-dont-lose-opportunities-due-to-inaccurate-personal-data/

Having read the recent Supreme Court decision of Star Athletica v. Varsity Brands and the new unified test for copyright protectability in useful articles, we can now turn to the challenge of what actual changes will result from this opinion. http://www.lanepowell.com/wp-content/uploads/20170329Intellectual-Property-Legal-Update-Spelman.pdf.

While nothing changes with regard to how trademarks are handled in the useful article world, there are some practice tips that will strengthen the opportunity to protect what designs are eligible for copyright. Each of the practice tips below revolves around working proactively. Copyright is a game played proactively for best and most predictable results. These tips are calculated to make that proactivity a system that works in your favor:

1. Document: as you design, keep documentation of the iterative drafts and the dead ends that you consider as well as the final design. If there is a challenge that your design in an infringement, it is useful evidence to demonstrate that you were truly designing new work and that you evolved the final design out a whole field of discarded drafts;

2. Focus: if you do review the current field of existing designs as you search for the new design option, clear the work area of all the prior designs. It is too easy to “borrow” or be “inspired” by existing designs when that prior design is right there in front of you;

3. Register: file copyright applications early and often at the U.S. Copyright Office using the “Electronic Copyright Office” (“ECO”) filing system. Optimally, you will keep a file of the works that you are designing. Filing a batch of new copyright applications every calendar quarter (90 days) is a sure way to be certain that you are going to get the benefits of claiming statutory damages and attorney’s fees in every dispute… And the consequential benefit of having a remarkable archival demonstration of what you are creating and have created;

4. Drive: check to be sure that any license or distribution agreement includes provisions that you are in control of dispute resolution, including litigation. Sometimes found in the “indemnity” clause; sometimes in a separate clause, but do provide for what happens when things go wrong:

5. Notice: while no longer mandatory, there are substantial legal and practical benefits to affixing notice on the article being distributed. For instance, if you are publishing code for 3-D printing, be sure to include a copyright notice in the object code, or as part of the surface of what is “printed”;

6. Clarify Ownership: be sure to clarify who is the claimant/author of the work each time. Who owns the design becomes very important. Remember that independent contractors (those whom you pay using an IRS 1099 reporting form) are the authors of their design unless there is a written assignment to you.

Copyright is stronger and a more reliable as an asset when the ownership and the registration process is faithfully worked through as a standard operating procedure. Proactive habits are pivotal to a viable copyright program.

Beyond_IP_Law_Black-and-WhiteAmerican and Canadian data scientists, librarians, hackers and activists have united in a “rogue” movement to locate and archive climate data maintained by U.S. agencies.  Environmental scholars and librarians at the University of Pennsylvania founded DataRefuge in late 2016.  The purpose of DataRefuge is to prevent the new U.S. administration from adapting former Canadian Prime Minister Stephen Harper’s treatment of a centuries’ worth of scientific data.

What happened in Canada?  How, pray tell, did P.M. Harper’s administration treat environmental data when he controlled the administration between 2006 and 2015?  The administration: Burned it; Stripped it from websites; Closed research libraries; Expanded budgets to include salaries for assigned administrative “minders” to accompany scientists to media and scholarly events; Threw hard copies of generations of data into dumpsters; and Created an effective public media blackout on climate change, because the bureaucracy so frustrated journalists that media coverage of government environment research dropped by 80%.[1]

Ok.  So this sounds bad, but nothing really bad happens when a government scientific data is not available to the public, right?  Not much.  Just overfishing, lag time in addressing viruses affecting plant and animal based food sources and the underestimation of the levels of radiation released from a nuclear plant in Japan.[2]  By the time Canadian scientists held a mock funeral for the “death of scientific evidence” on Parliament Hill in 2013, the public had lost access to scientific data needed to set appropriate fishing quotas that are needed to provide stewardship of the fishing industry for decades.

What is happening in the U.S.?  Newly formed oversight organizations such as the Environmental Data & Governance Initiative[3] are documenting ‘changes’ in the U.S. government’s transparency on scientific issues.  “Changes,” means the public can no longer access data that the government has compiled for over a century at great cost, mostly funded by public monies.  The United Kingdom announced the funding of £14 million (approximately, $17 million U.S.) “to ensure that the published outcomes of publicly funded research are made widely accessible as quickly as possible.”[4]  Most would say that despite their different approaches to personal privacy, the U.S. and the U.K. share the same core ideology about government; yet the U.S. is actively hiding data that was previously available to the public as the U.K. is broadening access to data that has not yet been collected.  Oh the irony!

M.I.A. Data.  What is missing from U.S. federal government websites this Beyond_IP_Law_Puppiesmonth?  Data from the: (1) Department of Energy showing the correlation between burning coal and greenhouse gas emissions, (2) Interior Department related to the negative effects of hydraulic fracturing on federal land,[5] and the (3) U.S. Department of Agriculture’s Animal and Plant Health Inspection Service identifying circuses, zoos, research labs and puppy mills that violated the Animal Welfare Act and the Horse Protection Act.[6]

None of the agencies provided prior notice of the changes to their websites as required by the 1995 Paperwork Reduction Act.  The USDA reposted some records about violators after the American Humane Society threatened to sue, but data about puppy mills and zoos is still missing.[7]  Puppies! Cue, Sarah McLachlan’s “In the Arms of an Angel” commercial for the ASPCA.  Seriously, puppies. I would like to know which businesses mistreat them so I can do something about it.  Open access groups anticipate additional limits on the types of data will be disclosed.[8]  So, what can be done to keep data accessible? Are there private actors that can fill the holes in the government’s reporting?

What are the risks to the citizens and political oponents?  Activists are concerned that the public will not have access to the data necessary to hold the government accountable.  Accountability requires knowledge.  Remember when the hardest working, most experienced beat cops solved crimes on TV by wearing down the suspects and not stopping until every witness had been interviewed?  Now cops solve crimes with algorithms, autoclaves and TrueAllele.  Villains no longer steal gold ingots; they steal thumb drives.  The power shift from power to knowledge is evident in cinema and life.  “The Firm,” a movie that is about photocopying records to help the FBI, is converse to the strategy employed by Enron, which was to shred data before the government could seize it.

Dr. Bethany Wiggin voiced her concern that the politicization of science may keep “knowledge out of the hands of your political opponents,” which is “an effective win.”[9] Without data to correlate the presence of certain chemicals to illnesses lawsuits, implementation of product safety measures and conservation of animals will be much more difficult.  Knowing that child mortality increases when the new power plant opened in town is a fine thing to know.  But, only when you can prove the connection between the two is when you have the power to effect change.

“Rogue” U.S. data scientists, librarians and hackers are mobilized and making a difference.  Absent government websites with comprehensive scientific data, the public will be forced to rely on Freedom of Information Act requests or through nonprofit journalism websites like Mother Jones or the Sunlight Foundation.  Non-profits may be the best option to preserve existing data. Since November, DataRefuge, alone has hosted almost 20 events in several cities, including New York, Ann Arbor, Chicago, Los Angeles and Toronto.  Data scientists are not waiting to see how far the deletions go.  Instead, they assume that what happened in Canada will happen in the U.S.

Sometimes, apparently, you have to play dirty to preserve data.   Data scientists identify where the data is, or was, downloadable. Determine whether you can scrape the data off pages with web crawlers, if you need to write data-harvesting scripts or use other means.  Save the data somewhere safe.  The DataRefuge reportedly saves climate data to the Internet Archive or a research library.  The librarians (I LOVE librarians!) organize the data consistent with its original descriptors and try to keep the data free of evidence of handling.  Simple, right?  No.  Below are links to organizations that seem to have it all sorted out for you.  I do NOT support hacking; but I understand.

I don’t know about you, but if data scientists and librarians are consorting with hackers, I am terrified what will happen if they lose.  Let’s hope no fires in the U.S. are fueled by 60 years of climate data.

Beyond_IP_Law_Volcano Harvard Business Review and The Guardian have described data scientists like this:  Data Scientist: The Sexiest Job of the 21st Century and Data scientists: ‘As rare as unicorns.’  Now data scientists have an origin story.

Below are links to nonprofit organizations that are able and willing to assist others in joining the effort to preserve data before it is out of the public’s reach.  You can support and contact data preservationists at the links below:














[1] Palen, Wendy, When Canadian Scientists Were Muzzled by Their Government, NY Times, Feb. 14, 2017, https://www.nytimes.com/2017/02/14/opinion/when-canadian-scientists-were-muzzled-by-their-government.html?rref=collection%2Ftimestopic%2FHarper%2C%20Stephen%20J.&action=click&contentCollection=timestopics&region=stream&module=stream_unit&version=latest&contentPlacement=1&pgtype=collection; and Sowunmi, Jordan, The Harper Government has Trashed and Destroyed Environmental Books and Documents, Vice, Jan. 15, 2014, https://www.vice.com/en_ca/article/the-harper-government-has-trashed-and-burned-environmental-books-and-documents.

[2] Manasan, Althea, FAQ: The issues around muzzling government scientists, CBC News, May 20, 2015, http://www.cbc.ca/news/technology/faq-the-issues-around-muzzling-government-scientists-1.3079537.

[3] https://envirodatagov.org/.

[4] Research Councils UK, RCUK announces 2016/17 Block Grant for Open Access, Oct. 19, 2016, http://www.rcuk.ac.uk/media/news/161019/.

[5] Harmon, Amy, Activists Rush to Save Government Science Data – If They Can Find It, Save the US EPA, Mar. 7, 2017, https://savetheusepa.org/2017/03/07/activists-rush-to-save-government-science-data-if-they-can-find-it/.

[6] Chan, Melissa, The Government Purged Animal Welfare Data.  Now the Humane Society is Threatening to Sue, Time, Feb. 6, 2017, http://time.com/4661446/usda-animal-website-humane-society-lawsuit/.  

[7]Lewis, Lauren, Puppy Mill Inspection Reports Still Missing From Partially Restored USDA Database, World Animal News, Feb. 21, 2017, http://worldanimalnews.com/puppy-mill-inspection-reports-still-missing-partially-restored-usda-database/.

[8] In January, a bill was introduced to limit “the collection and disclosure of data about racial disparities in fair housing.”  Larson, Selena, Why Trump’s election scares data scientists: Trump administration removing info from websites, CNNMoney, Feb. 25, 2017, http://money.cnn.com/2017/02/25/technology/data-refuge-saving-data/index.html.

[9] Id.