Wednesday, February 10, 2016

Mobile Device Security Policies for Employers – Small and Large

As a business owner, perhaps you have seen articles about setting ground rules for BYOD (a.k.a. employees bringing their own devices to work to use for work purposes).  Placing restrictions on access to Company information, however, should not be limited only to those BYOD devices.  Instead, if the Company issues Company-owned devices to employees for use on Company systems, similar ground rules should be put in place to set expectations and provide the backdrop for any disciplinary action that may be needed later if an employee misuses Company information or loses an unsecured device.

Here are some questions to keep in mind as you develop policies for Company-owned devices issued to employees:

1.     Do you have an “Acceptable Use” policy in place?  Does it apply to both Company-owned and BYOD devices?
2.     Do you restrict the employee’s use of Company-owned devices?  (E.g., to be used for business purposes only, avoid storing personal information on the device, all information on the device shall be considered “owned” by the Company)
3.     Have you retained the right to take back any equipment that an employee does not use properly?  Similarly, do you ensure that Company-owned devices are surrendered upon termination?
4.     Do you require strong passwords to secure all portable devices (both BYOD and Company-owned)?  (You should.  See, e.g., Eric Griffith, “How to Create Strong Passwords,” PC Magazine, Nov. 29, 2011, for some good tips.).  Once you require passwords, remind your employees not to tape them to the front of their devices – instead, suggest alternate ways of remembering the unique passwords they just created.
5.     What about using portable devices on public or unsecured networks? (For instance, at the coffee shop while waiting for that triple-shot latte.)  Have you provided guidelines and training to your employees to avoid disclosing Company-sensitive information across such public networks?  This is especially important if the information is mission critical or could destroy the Company’s tactical advantage if its competitor were to access it.
6.      Do you require employees to report immediately the theft or loss of a Company-owned device?  Prompt reporting allows the Company to block potentially damaging intrusion attempts or to change the affected employee’s passwords to prevent unauthorized access.  The Company’s hands will be tied if the employee does not report the loss until several days later.
7.     Do you provide rules about whether Company documents can be downloaded to external devices and under what circumstances?  Consider mobile device management software to control the downloading of Company information to the device, to track the location of Company-owned devices and to enable remote wiping if the device is lost or stolen.
8.     Who handles the system updates to the device?  The Company?  (Probably, unless it’s a BYOD device.)  The employee?  (Probably only if the device is personally owned by the employee.)  If it’s a Company obligation, then ensure that the device is accessible to the Company when needed (i.e., “on demand”) to fulfill this requirement.
9.     Will the employees’ family members be accessing the device?  (More likely if it’s the only device in the house – less likely if there are other options available to the family.)  Consider restricting use of Company-owned devices to employees only.
10.  Do you prohibit the downloading of unauthorized content to the device?  Whether it’s pornography, another company’s trade secrets or pirated videos streaming the latest (copyrighted) episode of a favorite show, none of these things belong on most companies’ business equipment and could expose the Company to liability from a third-party who owns the rights to the content.
11.  Do you require encryption or password-protection when transmitting particularly sensitive Company information to outsiders?  If not, you should.  Take everyone opportunity to protect the Company’s trade secrets and try to keep them from public dissemination.  Having a reliable system in place increases the changes that a court would conclude that the Company’s trade secrets are deserving of such protection in the event of a breach.
·       Notably, in the 2012 Target data breach, the large, well-funded entity (Target) was not the source of the leak that allowed hackers to steal thousands of customer credit card numbers.  Instead, it was the HVAC servicing company that had minimal security protocols in place and effectively acted as the front door to enable the hackers to steal the data over a surprisingly long period of time. 
12.  Does the Company have record-keeping requirements (statutory, regulatory, etc.) that would apply to an employee’s use of a portable device?  Are employees who work remotely required to keep Company records and maintain certain Company files?  If so, consider implementing rules identifying when such record keeping should occur and provide guidelines for destroying extra copies or other pages that the employee might otherwise throw out in the trash at a remote site.  (Some states have “safe destruction of documents” laws intended to reduce the likelihood of identity theft or other unauthorized access of personally-identifiable information.)
A few closing thoughts – take every precaution to keep Company data secure.  Always require the installation and use of anti-malware/anti-virus and other security tools to limit a potential thief’s ability to misuse the Company’s data or to leave code behind that continues to collect the data even after the potential thief has appeared to withdraw. 

The more conscientious you are about keeping Company data secure, the more likely you are to avoid severe consequences (or at least reduce them) in the event of a data breach – whether the breach is caused by the concerted efforts of outsiders or by wrongful conduct of your own employees or by unintentional mishaps (such as the employee leaving the device in the back of a cab during a hectic business trip).  Watching the doors is always worthwhile.
Copyright (c) 2016, Christina D. Frangiosa, All Rights Reserved.

Wednesday, December 30, 2015

Common Questions – What's Involved in Registering a US Trademark?

So, you’ve decided to launch a brand name in the U.S. and are contemplating registering it in the U.S. Patent & Trademark Office (“PTO”).  What can you expect?  Not every application is the same, so there will be variations in exactly what happens in the prosecution of your application, but hopefully this will serve as a “Trademark 101 Primer” to describe the basic process overall.  (Note - this post is for general information purposes only and does not provide any specific legal advice.  Contact your trademark attorney to discuss any areas of specific concern.)

Basics
What is a Trademark?  It’s a word, phrase, symbol or design, or a combination of words, phrases or designs, that identifies and distinguishes the source of the goods of one party from those of others.  A service mark performs the same function as a trademark, but applies to the source of a service rather than of a product.  (For simplicity, this post refers to trademarks and service marks collectively as “trademarks.”) 
How Valuable is a Good Trademark?  The value of a good trademark lies in its ability to convey to the public the source of a particular good or service.  The key is to develop a mark unique enough that customers associate it with your goods or services – and only your goods and services.  While temptingly simple, choosing a mark that describes your goods and services will not create any trademark value.  Customers won’t know to distinguish your goods from others in the same market.
Can Rights Develop Based on Use?  Federal registration is not a requirement to protect trademarks in the U.S. – instead, rights in a particular trademark can be established simply based on use in connection with particular goods or services in the marketplace (aka “common law trademark rights”).  Nevertheless, federal registration offers more comprehensive protection than reliance upon common law rights, including providing nationwide notice of the owner’s claim to the mark. 

Trademark Application Process
Is Pre-Application Searching Required?  No, it’s not required, but it’s a good idea for a variety of reasons.  See my prior post on Common Questions – Benefits of Trademark Searching for more details.
Overview of the Application Process.  The chart below gives a birds-eye view of each application track (Use-Based vs. Intent to Use-Based; both are described below).
Flowchart - Trademark App Procedures
Components of the Initial Application for Registration
One of the first steps in registering a proposed trademarks or service mark is to determine exactly how you are using (or intend to use) a mark and then to determine the applicable class or classes in which the mark should be registered.  An applicant may elect to apply for registration in all of the applicable classes in its first application, or apply for the core classes and wait until later to file in other applicable classes.

  1.  Determining Classes
There are current 45 potential classes (see Nice Classifications) – each one triggering a separate filing fee (see Current Filing Fees).  When you file an application to register a trademark based on a particular description of goods or services (regardless of which classes you designate), you may later clarify or limit the goods or services offered in connection with that mark – but not expand or broaden them or change the way the mark looks on the drawing page submitted to the PTO. Accordingly, it is critical to work out with your trademark lawyer the ways in which you already use the mark, or plan to use the mark, before the application is filed.

  2.  Drawing Page
Every application must include a clear drawing of the mark that you want to register.  This drawing is used by the PTO to file the mark in the PTO’s search records and to print the mark in the Official Gazette and on the registration certificate.  The representation of the mark must, therefore, appear in the proper format for either a word mark or a design mark (there are several variations). 
If a particular design or style of lettering is embodied in the mark, the drawing must be a substantially exact representation of the mark as it appears on the specimen.  Color may also be a key feature of the mark – if so, it should be claimed in the application. 
  3.  Specimen of Use

If you have already started using the mark in commerce in connection with the subject goods or services, the application is said to be based on “use.”  If no such use has yet been made, but you have a bona fide intent to use the mark in connection with particular goods or services, the application is an “intent to use” one. 
For a use-based application, you must submit a specimen at the time of the application that shows how the mark is actually used in commerce.  This is not the same as the drawing of the mark included on the drawing page. Picking the right specimen is an art.  You can find more information in the PTO’s guidance materials (TMEP § 904 (Specimens), § 1301.04 (Specimens of Use for Service Marks); Trademark Basics), but you should also consult with your trademark attorney about the best specimen to use.
If the application is based on a bona fide intent to use the mark, you will have to submit an Amendment to Allege Use or a Statement of Use (the choice depends on the timing of filing – and depends on whether the PTO has already issued a “Notice of Allowance” after the opposition period has ended) after you start to use the mark – to demonstrate actual use and to identify the “date of first use.”  The PTO charges an additional filing fee (Current Filing Fees) for either of these two filings.
PTO Examining Attorney’s Review and “Office Actions”

After the PTO receives your application, an Examining Attorney will review it on a substantive basis – to determine if it can be approved for registration.  This may take several months, and may require several interactions with the PTO before this phase can be completed. 
If the Examining Attorney finds fault with the application for any reason, the Examining Attorney will issue a letter (“Office Action”) explaining any substantive reasons for refusal and any technical or procedural deficiencies in the application.  If only minor corrections are required, the Examining Attorney may contact you or your attorney by telephone or e-mail.  If the Examining Attorney sends a formal Office Action, your response must be received by the PTO within six months or the application will be deemed abandoned.
Among other things the Examining Attorney does upon receiving your application is conducting his or her own search of the PTO database to determine if a conflict exists, i.e., a likelihood of confusion, between the mark in the application and another mark that is registered or already pending before the PTO, which conflict can form the basis of a substantive refusal to register.  An Examining Attorney may also refuse registration if the mark is:
  • primarily merely descriptive of the goods or services;
  • deceptively misdescriptive of the goods or services;
  • primarily geographically descriptive;
  • primarily merely a surname; or
  • ornamental, or for other similar reasons.
It is impossible to accurately predict how an Examining Attorney will view each application, but completing some version of a commercial search in advance can give you a “heads up” about potential conflicts before you file. 

Publication for Opposition
If the Examining Attorney raises no objections to registration, or if you are able to overcome all objections, the Examining Attorney will approve the mark for publication in the Official Gazette, a weekly publication of the PTO.  The PTO will send a “Notice of Publication” to you (or your attorney) identifying the “publication date”.  Any party who believes it may be damaged by registration of the mark has thirty days from the publication date to file either an Opposition to registration or a request an extension of time to oppose.
If the mark is published based upon the actual use of the mark in commerce and no party files an opposition or request to extend the time to oppose, the PTO will normally register the mark and issue a registration certificate within several months after the mark was published.  It is not unusual for this entire process to take between 1-2 years to complete before the Certificate of Registration is issued.
If the mark is published based on an “intent to use” the mark, then the PTO will issue a “Notice of Allowance”, upon which you must file evidence of your use of the mark (“Statement of Use”) within the initial six months (or during permitted extensions of time to file), demonstrating that use has occurred.  Registration will issue in due course after the PTO accepts your filing as meeting its requirements.

Identifying the Mark as a Trademark
Anyone who claims rights in a service mark or trademark may use the SM (in the case of a service mark) or TM (in the case of a trademark) designation with the mark to alert the public that the mark owner claims exclusive rights.  It is not necessary to have a registration, or even a pending application, to use this designation.  Although the claim to the mark may be disputed later or you may find someone else has a more senior use and requires you to stop using this designation, the use of the SM or TM may, nonetheless, be used with the mark in advance of any such determination. 
The registration symbol, ® , (also called a “Circle-R”) may not be used until the PTO has issued a Certificate of Registration for the mark.  Certainly, a ® should not appear next to the mark in the specimen that you submit to the PTO with your initial application or Statement of Use, or the PTO will reject it.
In all cases, the mark should be used consistently in all classes covered by the application so that it can continue to develop significance as a “source indicator” in the classes in which you use it in commerce.

So HOW MUCH WILL THIS COST?
Attorney fees will differ from firm to firm, and (actually) from application to application because there are so many moving parts.  It is therefore impossible to predict with any certainty how much an application will cost from start to finish. 
One component, the PTO’s filing fees, is published and can be budgeted ahead of time.  (See Current Filing Fees).  Among the most common fees:
  • Initial Filing Fee to the PTO - between $275 and $325 (depending on the filing options selected) per class of goods/services;
  • Statement of Use/Amendment to Allege Use - $100 per class of goods/services; and
  • Request for Extension of Time to Allege Use - $150 per class of goods/services.

OTHER SOURCES OF INFORMATION
 
The PTO has fantastic resources to explain the basic trademark process and to answer basic questions.  Some examples:
  • Trademark Basics:  “Basic Facts About Trademarks: What Every Small Business Should Know Now, Not Later” – includes videos, Basic Facts booklets, timelines showing the process for applications, etc.
  • Trademark Process: Step-by-Step evaluation of whether filing a trademark application is right for you.
  • TEAS Nuts and Bolts Videos: Explains various stages of the application process.
Of course, if you have any specific questions, consult with your trademark attorney to see what options are best for you.

Copyright (c) 2015 by Christina D. Frangiosa All Rights Reserved.

Friday, October 16, 2015

California Enacts Electronic Communications Privacy Act (CalECPA)

On October 8, 2015, California Governor Jerry Brown signed the California Electronic Communications Privacy Act (CalECPA) into law. This law basically prevents the government from accessing private electronic communications or electronic data without a warrant, subpoena or wiretap order, or without consent of the appropriate individual. State Senator Mark Leno explained the impetus for seeking to pass this legislation: “For what logical reason should a handwritten letter stored in a desk drawer enjoy more protection from warrantless government surveillance than an email sent to a colleague or a text message to a loved one?” Kim Zetter, “California Now Has the Nation’s Best Digital Privacy Law,” WIRED Magazine, Oct. 8, 2015.

As the Electronic Frontier Foundation summarized, “CalECPA protects Californians by requiring a warrant for digital records including emails and texts, as well as a user’s geographical location.” Dave Maass, “Victory in California! Gov. Brown signs CalECPA, Requiring Police to Get a Warrant Before Accessing Your Data,” Electronic Frontier Foundation, Oct. 8, 2015.

The law focuses on two kinds of data sets: “electronic communication information” and “electronic device information.” 2015 Cal. Stat. Ch.651.

“Electronic Communication Information” is
 
any information about an electronic communication or the use of an electronic communication service, including, but not limited to, the contents, sender, recipients, format, or location of the sender or recipients at any point during the communication, the time or date the communication was created, sent, or received, or any information pertaining to any individual or device participating in the communication, including, but not limited to, an IP address. Electronic communication information does not include subscriber information as defined in this chapter.

“Electronic Device Information” is
 
any information stored on or generated through the operation of an electronic device, including the current and prior locations of the device.

(Emphasis added.)

Under this new statute, law enforcement agencies cannot compel the “production of or access to electronic communication information or electronic device information . . . without a search warrant, wiretap order, order for electronic reader records or a subpoena issued pursuant under specified conditions, except for [defined] emergency situations.” Id. (Legislative Counsel’s Digest at (1)).

Any warrant for electronic information of either kind must do the following:
 
(1) Provide a specific description (“describe with particularity”) the information to be seized, including applicable time periods, the target individuals or accounts, the apps or services covered, and the types of information sought.
 
(2) Require that any information obtained due to the search warrant that is unrelated to the objective of the search warrant “shall be sealed and not subject to further review, use or disclosure without a court order.”
 
(3) Comply with other California and federal laws.
 
(4) Require that service providers that produce such information “verify the authenticity of the electronic information that it products” through an affidavit that complies with Section 1561 of the California Evidence Code.

The law also requires that the government agency MUST destroy the electronic information it receives pursuant to this process within a specified period of time, in general, “as soon as feasible after the termination of the current investigation and any related investigations or proceedings.” Id. (§ 1546.1(e)(2)). In most cases, this period is within ninety (90) days after the agency receives the information.

This law only applies in California, although Maine (Subchapter 10: Portable Electronic Device Content Information in 2013) and Utah (Location Privacy for Electronic Devices in 2014) passed similar legislation. Proponents of the California law have suggested that it be used to form the basis for similar legislation in other states.

Copyright (c) 2015 by Christina D. Frangiosa All Rights Reserved.

Tuesday, August 18, 2015

Copyrighting Software? Don’t Rely on Screenshots Alone!

(This was cross-posted on August 18, 2015)

In a recent decision, the Second Circuit Court of Appeals recently held that a copyright application solely directed to screen shots generated from a software program was insufficient to establish copyright rights in the software as a whole, for purpose of giving the plaintiff a right to sue for infringement of the software. In A Star Group, Inc. v. Manitoba Hydro, the Second Circuit considered whether a plaintiff had jurisdictional standing to file suit for copyright infringement relating to its software – specifically because the plaintiff applied for copyright protection only over screen shots showing various displays that appear when its software was used and not in the software as a whole. (A Star Group, Inc. v. Manitoba Hydro, No. 14-2738-cv (2d Cir. July 27, 2015) affirming No. 13 Civ. 4501, 2014 WL 2933155 (S.D.N.Y. June 30, 2104) – BNA’s cite: 2015 BL 238362.)

The Copyright Office’s guidance for seeking registration of software (http://www.copyright.gov/circs/circ61.pdf) advises that at least some portion of the source code (subject to modifications due to trade secret claims) must be deposited with the Application in order to qualify for copyright registration in the software. In addition, the Copyright Office has confirmed that, “The registration [in computer software] will extend to any copyrightable screens generated by the program, regardless of whether identifying material for the screens is deposited.” (Circular 61, at 3). If instead, the applicant only wanted to protect certain design elements, then the applicant could apply for protection of only those elements as “works of visual arts.”

In the case at hand, A Star filed its application for registration the day before it filed a complaint in federal court for copyright infringement of its software. The copyright application only covered the screen shots; the deposit contained “operations risk reports, in the form of charts and graphs, apparently generated by the Timetrics software.” A Star did not apply for copyright registration in the software as a whole, nor did it submit a copy of the source code (either complete or excerpted due to trade secret claims) to the Copyright Office.

In its complaint, however, A Star described itself as “the owner of copyright rights to Timetrics software and related documentation, including without limitation, Timetrics screenshots, graphic representations, data compilations, source code, object code, programming tools and documentation related to Timetrics technology and derivative works thereof.” Essentially, asserting copyright ownership in a much broader collection of works than what was covered in its application for copyright registration.

The district court concluded that A Star’s infringement case was “deficient” because it had not completed its copyright application before filing suit. The district court also declined to allow A Star the opportunity to amend its complaint to refer to a subsequent registration of the screen shots alone, concluding plaintiff’s failure to tie the alleged infringement (of the software) to the registered copyright rights (in the screen shots) and thus had failed to allege how or when the defendant allegedly copied the copyrighted works.

The Second Circuit agreed with the conclusion – but for different reasons. The Second Circuit decided not to reach the ultimate question of whether a pending copyright application could meet the jurisdictional requirement for registering a copyright before filing an infringement lawsuit (see Psihoyos v. John Wiley & Sons, Inc., 748 F. 3d 120, 125 (2d Cir. 2014) (collecting cases regarding the different standards for registration before filing copyright infringement suits across various districts), and instead affirmed the dismissal on more basic grounds – that the plaintiff failed to identify how the defendant allegedly infringed the copyright in the screen shots.

As a result – software developers who seek to protect their code through copyright should apply for registration of every critical aspect of their software in order to obtain maximum protection against potential infringement. If the purpose is to protect the code, then the rights in the code should be claimed and a copy of the full source code (redacted if needed to account for trade secrets) should be submitted to the Copyright Office. If there is a user manual to be protected, that should be claimed and a copy submitted as well. While copyright protection exists the moment the “work is fixed in a tangible medium of expression,” a litigant cannot seek judicial redress for potential infringement unless the registration of the work sought to be protected has been accomplished BEFORE filing suit.

Copyright (c) 2015 by Christina D. Frangiosa All Rights Reserved.

Monday, April 13, 2015

Common Questions – Benefits of Trademark Searching

(This was cross posted on April 13, 2015)

Searching for potentially competing trademarks before you go through the time and expense of developing a strong brand is a very worthwhile exercise, but it costs money – and sometimes clients can be reluctant to spend the money if it's not technically "required" to do so.

Trademark searching is not required before you file an application for federal trademark registration with the U.S. Patent & Trademark Office (USPTO), but it is highly recommended. Here are a few reasons why:

1) The USPTO's filing fees are non-refundable if an Examining Attorney refuses registration of your mark based on a pre-existing application or a registration owned by another;
 
2) The owner of the pre-existing mark could send you a cease and desist letter demanding that you stop using their mark, change your mark, perhaps destroy products or advertising material that uses the mark, seek disgorgement of profits for earnings using their mark or seek other remedies; and
 
3) The whole point of developing a valuable trademark (or service mark) is to create "source identification" – basically, to allow the consuming public to associate your unique mark with you. And only you. This value is undermined if there are lots of marks that are very similar to the one you ultimately adopt and use.
 
There are different levels of searching that can be beneficial – depending on your circumstances. They include:

Brief Internet Search – While this level of searching would not give you a comprehensive picture of all potential risks in adopting and using a mark, it's a good first step. You might find an exact match that would cause you to change your brand strategy. But, again, it's not complete and other risks may still exist.

Knockouts/Screenings – This search only targets the USPTO's database of federal trademark registrations and pending applications, focusing on close matches to see whether there might be an absolute bar to your application. Again, not a complete picture of potential conflicting marks, but it might find exact matches you want to avoid.

Full Searches – Using various tools and databases, this search looks for competing trademark uses in the USPTO's database, state registration databases, at common law, in corporate registrations, domain names, the Internet and other relevant resources. These searches may be performed by commercial vendors, whose charges to undertake these searches will vary based on particular circumstances.

Design searches (looking for logos or other designs) and/or international searches (scope and cost can vary based on jurisdictions) may also be relevant to confirm that a mark you propose to use in a particular market is clear.

Each set of search results should be reviewed and discussed with your trademark attorney to determine whether a particular mark can be considered "clear" and available for use – or perhaps poses a risk because of certain search results. Sometimes search results from either a quick or knockout search will cause you to want to dig deeper to be sure that a mark is clear for use or simply change your mark and start over.

Once you have received the results of a search – and have consulted with your attorney to figure out how much weight to give the results – you can decide whether to pursue an application for federal registration or to modify a litigation defense strategy, if you've already received a cease and desist letter.

In either event, search results can go stale because a new application can be filed or use of a mark can begin almost immediately after the results have been obtained. As a result, you should not sit on search results too long before taking your next step. If substantial time has passed, you may want to revisit the search and perform an update to be sure nothing new has been filed.

Copyright (c) 2015 by Christina D. Frangiosa All Rights Reserved.