Header graphic for print

TMT Perspectives

Insight & Commentary on Business, Legal and Policy Developments Affecting the Telecom, Media, and Technology Sectors

Software Patents: What Software is Eligible for a Patent?

Posted in Intellectual Property, Lawsuits, Legal Developments, Patent

Note: This blog is largely for our friends in the legal community.

Increasingly, the court system is opposed to enforcing patents where the subject of the patent is an abstract idea. This has led to cases that undercut protections for software and “business method” patents.

One such decision was the Supreme Court’s June 2014 decision in Alice Corp. v CLS Bank. There the Court said that if a patent claim is directed toward an abstract idea or natural phenomena, the patent must also include something “significantly more” to be patentable.

What constitutes “significantly more” is the question lower courts will have to answer. My colleagues in Chadbourne’s Intellectual Property practice tell me that a California District Court decision from earlier this month goes a long way towards filling in that answer. If you are interested in reading their analysis, please visit our Client Alert.

 

Cyber Security: NIST’s Guide to Sharing

Posted in Cybersecurity

With cyber attacks growing in scale, complexity, and frequency and in the midst of the U.S. Postal Service and Federal Weather Network breaches, NIST continues to march on with efforts to stem the tide. At the end of October, NIST released the draft Guide to Cyber Threat Information Sharing. The public comment period closes November 28.  The Guide seeks to reduce cyber attacks through increased sharing of cyber threat information and proactive responses.

Proactive response and cyber defense is necessary because reactive defenses alone are not suitable for dealing with the advanced persistent threats that leverage sophisticated tools, zero-day exploits, and advanced malware to compromise systems and networks. Because cyber attackers often use similar strategies, tools and methods against multiple organizations, when one organization identifies and successfully responds to a cyber attack, it acquires information that can be used by other organizations to counter similar threats. The Guide’s goal of sharing threat intelligence will allow organizations to more readily detect intrusion attempts and rapidly deploy effective countermeasures. Continue Reading

Zero-Rated Data Plans and Net Neutrality

Posted in Companies, Competition Policy, Facebook, Legal Developments, Net neutrality, Social Networking, Twitter

We’ve written repeatedly about net neutrality. The debate is very theoretical. So let’s tackle a concrete issue.

“Zero rating” is when your mobile data provider doesn’t count the data used in accessing a certain type of application against your monthly data plan. Let’s imagine a simple example. Imagine that Netflix is zero rated by AT&T Wireless. Some users would clearly benefit from the zero rating. But there is a dark underside. If Netflix were to be zero rated by AT&T Wireless, competing video offerings would be harmed.

Why would something be zero rated? There are three main possibilities. Using our example above, first, because AT&T wants to give you Netflix for free to help AT&T compete against other mobile carriers who would charge you for the data used to access Netflix. Second, because Netflix is paying AT&T for the data you use. Or third, because AT&T owns Netflix and wants to harm competing applications.

Free is good, and therefore up to a point, you as a consumer are unlikely to object to zero rating. This is particularly true of two of the most recent cases: Virgin Mobile’s prepaid data plan that gives customers unlimited access to Facebook, Instagram, Pinterest or Twitter for US$12 a month (or US$22 for all four), and T-Mobile’s plan that allows you to stream a lot of Internet radio apps on a zero-rated basis. Likely these seem uncontroversial because they are offered by small players and because markets experiment with innovative pricing models as a regular course.

But what if Apple entered into an agreement with AT&T and Verizon to zero rate only iTunes Radio? Would that bother you as a consumer? What if you preferred Pandora? After all, theoretically you would be free to transition to anther wireless carrier, although of course you would have to pay for a new phone and a new plan, plus you might still owe AT&T for a while if your data plan term has not ended.

Do you think markets should be constrained such that the arrangement between Apple and AT&T and Verizon is subject to scrutiny? If you do, then you may be in favor of some sort of net neutrality principles or rules.

 

Summary Judgment in Copyright Infringement Cases: Shall I Compare Thee To A Scented Wax-Warmer Product?

Posted in Copyright, Intellectual Property, Lawsuits, Legal Developments

In an unpublished decision last week, Scentsy Inc. v. Harmony Brands, the United States Court of Appeals for the Ninth Circuit reaffirmed that subjective comparisons of a copyrighted visual work (in this case scented wax and wax-warmer products) to an allegedly infringing work should be left to a jury—not decided on summary judgment.

To establish copyright infringement, a plaintiff must prove both ownership of a valid copyright in a work, and copying of the original elements of the work. Because direct evidence of copying is not available in most cases, a plaintiff can establish copying by showing that the defendant had access to the plaintiff’s work and that the two works are substantially similar. To determine substantial similarity, the Ninth Circuit applies a two-part test. First, an “extrinsic test” is applied by objectively comparing specific expressive elements in the two works, focusing on the “articulable similarities.” Next, an “intrinsic test” is applied by subjectively comparing the works, focusing on whether an ordinary reasonable observer would consider the works substantially similar in “total concept and feel.” Continue Reading

CFTC Guidance to Financial Institutions on Cybersecurity

Posted in Cybersecurity

On November 5, 2014, the Chairman of the Commodity Futures Trading Commission (CFTC), Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014 in Chicago, Illinois.

Chairman Massad’s remarks focused, in part, on the importance of the Commission’s oversight of cybersecurity issues for the financial institutions, exchanges and markets that it regulates. This comes on the heels of the Federal Financial Institutions Examination Council’s (FFIEC) November 3, 2014 release of its Cybersecurity Assessment General Observations of more than 500 financial institutions and their preparedness to mitigate cyber risks. See our prior post to read more about that.

Chairman Massad discussed what the Commission is doing regarding cybersecurity, including a description of the safeguards that it has in place. Continue Reading

More than 500 Financial Institutions Assessed for Cybersecurity Risks

Posted in Cybersecurity

On November 3, 2014, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment General Observations of more than 500 financial institutions and their preparedness to mitigate cyber risks. The Council is a formal interagency body of the US government made up of five banking regulators: the Federal Reserve Board of Governors (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB).

The Council found that the level of cybersecurity risk varied across the financial institutions and recommended that all regulated financial institutions participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC). The FS-ISAC is a non-profit, information sharing forum established by financial services industry participants to facilitate the public and private sectors’ sharing of physical and cybersecurity threat and vulnerability information.

The Council’s Observations provide a framework for assessing your institution’s cybersecurity risk and preparedness. Continue Reading

Twitpic Is Dead, but Was It Twitter’s Fault?

Posted in Lawsuits, Legal Developments, Social Networking, Trademark, Twitter

Twitpic, the once-popular, photo-sharing add-on to Twitter, initially announced that it was shutting down on September 25, 2014, because it was unable to fight Twitter’s opposition to Twitpic’s trademark applications. Several days later, Twitpic announced that it was being acquired and that the service would live on. After almost a month of silence, Twitpic released a statement apologizing for the “acquisition false alarm” and confirming that Twitpic would shut down, this time on October 25. In an interesting turn of events, Twitpic announced on October 25 that while the service has shut down, it had reached an agreement with Twitter to give Twitter the Twitpic domain and photo archive, thus keeping the Twitpic photos and links alive for the time being.

Clearly, Twitpic had a rollercoaster ride and somewhere along the way it felt that attributing its failure to Twitter was a smart business move. So, the question remains: did a trademark dispute with Twitter sink Twitpic? The short answer is: No. We delve into the background of the two companies to analyze this further. Continue Reading

FTC’s Lawsuit Against AT&T Wireless Is a Mirage

Posted in Companies, FTC, Lawsuits, Legal Developments, Net neutrality

It has been widely reported that the Federal Trade Commission has sued AT&T Wireless, claiming that AT&T engaged in unfair and illegal practices. See a copy of the complaint here.

Many of those reports claim that the FTC has sued AT&T for throttling back the amount of data throughput it made available to wireless customers. Based upon such reports, commenters have said that the FTC’s actions prove that the FTC is willing to police and capable of policing net neutrality issues, including cases where a data services provider throttles back access to websites disfavored by the provider for its own commercial reasons.

In fact, the FTC’s case is more limited and does not necessarily have anything to do with net neutrality issues. The FTC’s suit claims only that AT&T erred in the way it marketed it services. Continue Reading

FCC Seeks To Become A Cybersecurity Enforcer With A $10 Million Sword

Posted in Cybersecurity, FCC, FTC, Privacy

Last Friday, the FCC released a Notice of Apparent Liability for Forfeiture (“Notice”) ordering TerraCom, Inc. and YourTel America, Inc. to pay a $10 million forfeiture for the companies’ failure to reasonably secure electronic customer information. In doing so, the FCC relied on Title II (i.e., the “common carrier” provisions) of the Communications Act of 1934, as amended, raising questions about whether the decades old statute can be read to cover data protection issues and likewise whether regulated companies had fair notice of their obligations under such an expanded reading. In doing so, the FCC also challenged the Federal Trade Commission, which had previously believed the FTC should have exclusive jurisdiction over privacy failures of this kind. Continue Reading

Prosecution of Retail Spyware App Publisher Raises Questions

Posted in Cybersecurity, Privacy, Technology

On October 7, 2014, federal prosecutors in Virginia charged Hammad Akbar with manufacturing, advertising, and selling to retail customers a mobile phone spyware application called “StealthGenie.[1] In issuing this Indictment, the Government applied an old law to new circumstances, which raises a host of questions.

  The Prosecution.  According to the Indictment, StealthGenie was marketed to persons wishing to monitor “spousal cheaters.”  When installed (requiring one-time access to a device such as a phone or computer) the app enables the person installing the app to intercept and record phone conversations and to obtain access to text messages and computer files, all without the knowledge of the owner.

The Government alleges that the app publisher broke the 1986 Electronic Communications Privacy Act, 18 U.S.C. § 2510 et seq. (the “ECPA” or “the Act”).  The ECPA expanded the 1968 “Wiretap Act,” which was largely designed to protect telephone conversations from unauthorized government access.[2] The ECPA extended those restrictions to computer files.

The Law.  Historically, the Act has been used for the purpose that was surely contemplated by its drafters: to prosecute the sale and use of hardware such as microphones and recorders used to capture voice communications.  See, e.g., United States v. Pritchard, 745 F.2d 1112 (7th Cir. 1984) (possession of tape recorder, amplifier and patch cords used to record room conversations sufficient to sustain a conviction under the Act); United States v. Wynn, 633 F Supp. 595 (C.D. Ill. 1986) (manufacturing, sale and advertisement of disguised listening devices prohibited under the Act); see also 2156 P.L. 90-351 (Apr. 29, 1968) (discussing the social harms caused by unauthorized surveillance and wiretapping).

Beginning in the 1990s, prosecutors took an expansive view of the term “electronic communications” to include television cable signals, and used the Act to prosecute the manufacturing, sale and use of so-called cable “descramblers” that allowed users to pirate cable television.  See, e.g., United States v. Crawford, 52 F.3d 1303 (5th Cir. 1995) (upholding conviction for manufacturing and selling devices for the unauthorized interception of cable television signals); United States v. Herring, 993 F.2d 784 (11th Cir. 1993) (same); United States v. Davis, 978 F.2d 415 (8th Cir. 1992) (same); United States v. Lande, 968 F.2d 907 (9th Cir. 1992) (same).  This creativity proved fruitful:  for a time, the Act was primarily used to prosecute cable television piracy and related crimes.[3]

New Era:  Challenges for Courts and Uncertainty for Software Manufacturers.   United States v. Akbar signals another era in prosecutions under the Act, this time based on an expansive view of the term “device.”  In the past, prosecutions under the Act involved the use of a physical device such as a covert microphone, tape recorder, or modified cable box.

But is a software application different from the types of physical devices that were traditionally subject to the Act?  Although a few courts in the civil context have evaluated application of the Act to software,[4] there is scant—if any—criminal case law addressing the issue of whether an application like StealthGenie constitutes a device for the purposes of the Act.[5]

Taken to its extreme, the Government’s novel view that a software program constitutes a device could lead to a proverbial slippery slope for the software industry.  If the Government’s interpretation stands, that means that manufacturers of digital products such as StealthGenie would face liability under the Act.  Given that the Government has already proven successful in expanding the definition of “electronic communications” to include cable signals, perhaps courts would also find that digital footprints such as cookies and browser histories are “electronic communications” subject to the Act.  It is well-known that companies such as Google and Facebook obtain and sell these kinds of consumer data without the end-user’s explicit knowledge or consent.  The Government’s approach to expand the Act to software applications could have far-reaching implications to the very business models upon which these companies reap their profits.

Also, although data privacy is currently a hot issue thanks to recent news of “hacked” celebrity photographs, as well as breaches or possible breaches of consumer information held by Staples, the Oregon Employment Department, and Home Depot (to name a few), the culprits in those situations are the thieves, not the manufacturer of the “crowbars” they used to “break in.”  Akbar has the potential to expand the scope of liability in these cases, as well.

It is unclear whether prosecutions like Akbar will be a successful, or whether courts will take a more restrictive view of the Act.  As the Luis court noted, “when existing laws are used in new ways, courts have struggled to determine whether, and in what circumstances” they should be applied to “modern and ever-evolving norms.”[6]


[1]     See United States v. Akbar, No. 14-cr-276 (E.D. Va. Oct. 7, 2014). On October 16, 2014, Akbar failed to appear for his arraignment, and a civil injunction was ordered to prevent continued advertisement and sale of the application.  See United States v. Akbar, No. 14-cv-1273 (E.D. Va. Oct. 16, 2014).

[2]     See 18 U.S.C. § 2512 (the Act) and 42 U.S.C. § 3711 (the Wiretap Act). The revised Act protects a broad range of electronic communications from unauthorized interception and makes illegal the “manufacture, possession, assembly and sale of devices designed for the purposes of surreptitious interception of wire, oral, or electronic communications.”  18 U.S.C. § 2512(1)(b).

[3]     See 129 A.L.R. Fed. 549 § 2(a).

[4]     See Havlicek v. Deep Software, Inc., No. 06-cv-211 (S.D. Oh. June 23, 2008) (dismissing third-party civil action brought against manufacturer of computer spyware software because 18 U.S.C. §2512 does not contemplate private causes of action and finding that the plain meaning of the word “device” refers to physical equipment and does not encompass software); see also Luis v. Zang, No. 12-cv-629 (S.D. Oh. March 5, 2013) (section 2512 of 18 U.S.C. does not contemplate private causes of action).

[5]     See United States v. Barrington, 648 F.3d 1178 (11th Cir. 2011) (upholding wire fraud convictions under 18 U.S.C. § 1343 based on individual’s use of “key-logging” software to infiltrate a university’s computer system and accepting the premise that the software constituted a “device” for sentencing enhancement purposes).

[6]     12-cv-629 at *4.