Category: Cyberlaw

Advantages of a UDRP Domain Name Proceeding

Trademark and Domain Names

A business can spend a lot of time, capital, energy in building rights in a trademark and the associated goodwill with the public. It can be devastating when a third party registers a domain name and operates a website incorporating a confusingly similar name to that of the valuable trademark. The detriment to the business can be significant. For example, the third party website may sell a competing product, causing loss of income to the business. In a more unsavory scenario, the third party may operate an adult oriented website under the confusingly similar name, damaging the brand equity of the right holder.

Options Against Unlawful Third Party Domain Name Holders

The primary options for consideration against the third party include:

  1. Initiating a lawsuit
  2. Initiating a UDRP domain name proceeding; and/or
  3. Online content approaches to outrank or “bury” the competing website.

The business should note that each of these options is not exclusive and more than one option might be suitable for a given situation.

Generally comparing the two proceeding-based options, a lawsuit might include claims of trademark infringement and cybersquatting. The defendant domain name holder would be located and served, discovery (exchange of evidence), and a trial, all under the rules of civil procedure. This can take significant time, capital, and energy. The notable advantage of a lawsuit is that the possible remedies include injunctions and monetary damages, which a business may need to seek in some circumstances. Contrasting a lawsuit with a domain name proceeding, a domain name proceeding is almost always faster, cheaper, and less complex. A domain name proceeding is typically resolved in less than two months. This speed must be balanced with the possible remedies. The remedies in a domain name proceeding are limiting to cancellation or transfer of the domain name. This “cost” might be palatable or welcome, especially where a defendant is difficult to locate or loss of income due to the suspect domain name is leading to red ink.

UDRP Domain Name Proceeding Elements – Proving the Case

The Uniform Domain Name Dispute Resolution Policy (UDRP) is an online procedure for resolving complaints made by trademark owners about domain names. It is a mandatory administrative proceeding arising out of the registration agreement accepted during the domain name purchase process of .com, .biz, .info, .org, and .net domain names.

The trademark owner must prove three elements in the proceeding in order to prevail over the domain name holder:

  1. the business has a trademark right and the domain name at issue is identical or confusingly similar to that mark;
  2. the third party has no right or legitimate interest in the registered domain name; and
  3. the third party registered and used the domain name in bad faith.

Take the above elements to heart. Commonly, businesses incorrectly think that their trademark rights include the right to terminate any third party’s registration of any domain name for any purpose. This fails to account for the second and third elements. A third party in an unrelated industry may register a seemingly “confusingly similar” domain name without violation of the rules. A second, common mistake involves the apparent simplicity of the proceeding. Because the rules of evidence of a courtroom aren’t followed, business often conflate the informality of evidence with the strength of evidence. Strong evidence establishing each of the above elements should be proffered in order to convince the panelists and prevail. After all, the goal is to preserve the goodwill and, in turn, the income and equity potential arising from the trademark.

3 Key Terms of a Software License

Public Domain Licensing Logo
Who owns your software?

If your company has developed software, it should create a software license prior to distribution of that software. A software license is the key instrument that defines the rights in ownership, usage, and distribution of software between the company and user(s). Developers seek to protect rights in the product developed with their time, money, and staff. Users want to know what is being licensed and whether that license will meet their needs. A software license should be employed in enterprise software, consumer software, “cloud” software, customized software, and even in “open source” software contexts (it is a misnomer that if one desires software to be open source, that the company needs only to forego a software license). Failure to draft a carefully considered software license can lead to loss of ownership of key aspects of the software, loss of control of the business model, bad publicity, and other consequences. There are many options to think about for a software license but three key terms include:

Scope of Use – This element of the software license states the permitted and prohibited uses of the software. A license may, for example, limit the use of the software to the licensee’s own internal use or primary business activity. Such a restriction may support the licensor’s business model or effectively be required by law. For example, in credit card processing software, the software provider may also be providing related services and would seek to limit the uses of the software so that the licensee does not deprive it of revenue opportunities from those third parties. Additionally, the credit card processor may not be able to fulfill IRS reporting obligations if the user processes credit card transactions for third parties.

Intellectual Property – Since you’re reading an intellectual property blog, you probably knew this issue should be addressed. However, this issue should not be overlooked or oversimplified. Innovation in software can invoke multiple areas of intellectual property law and contract law, including patent law, trademark law, copyright law, and trade secret principles. Where software patents exist, notice of the patents should be provided. Copyright almost always exists in software, thus it should be addressed. Furthermore, the intellectual property clauses should not be oversimplified. For example, the intellectual property rights may not be as simple as “Developer owns all right, title, and interest in Software… we own it all, you can’t use it, the end…” Unreasonable restrictions on use of the software may lead to a backlash, lot revenue, or just may not fit the company business model. The intellectual property clauses may be more nuanced due to contemporary business models and social media influence, where the users may make substantial contributions. For example, use of the “Android” name and logo (ie trademarks) by third party developers is advantageous to the Android Market ecosystem. Likewise, the prolific placement of Twitter and LinkedIn logos on third parties websites promotes the use of the Twitter and LinkedIn systems, respectively.

Rights in User Data – Some user data is mission critical. For example, customer relationship management (CRM) can be  the lifeblood of a business. Judging by some of the posts on Twitter, other user created data may not be so critical. In light of the software, the business model, and customer profiles, the software license should address the licensor’s and licensee’s rights in user data. This may include user created data, data about the user, or information generated about the user from the user environment. For CRM software on an in-house workstation and servers, where the business model is that the enterprise pays for the software, the license may state that the licensee has complete ownership of the user data and the licensor has no rights in the user data. For a mapping application, the license may state that the mapping company has complete ownership, including the right to redistribute user supplied corrections.

Older language and terms may not apply to the current environment, so a company should periodically review the software licenses. Newer paradigms such as software as a service, virtualization, and multi-core processors have changed the software landscape and thus may lead to ambiguity or undesired results from an existing license.

The above terms are just three terms among many for consideration for inclusion in a software license, so do your research for your specific software and situation.

Website Terms of Service and Privacy Policies – More Than Law

Some companies simply copy and paste the terms of service and privacy policies. This can be a costly mistake. The terms of service (“TOS”) and privacy policies (“PP”) should reflect the combination of legal, business, marketing, and ethical concerns of the company. Facebook has received a lot of criticism of its privacy policies over the years, ranging from the tracking beacon to the more recent outcry over granting Facebook application developers access to its user’s telephone number and address information. Even though Facebook’s action were likely permissible within its TOS and PP, the public outcry lead to a reversal of its policy, highlighting the extra-legal importance of the documents. [Edit: Facebook has resumed the policy.]

Legal
Part of the lack of attention to the TOS and PP is that they are, in fact, legal documents… so the website developers’ eyes glaze over reading the legalese (snooze). But because they are legal documents that can bind the company and the website visitor, proper attention should be paid to the documents. In hurriedly copying the documents from elsewhere, a meaningful TOS and PP for an opinion blog, a product website, an adult services website, a B2B cloud service, a server penetration business, etc. may not be implemented. Each type of business has its unique legal issues that should be addressed. All the terms from one set of documents may not be intended, useful, and/or enforceable in different business use cases.

Business
As a binding document, the TOS and PP can positively and negatively affect the direction of the business, including the monetization strategy. Facebook started with its users segmented in different silos, namely their schools. Originally, one needed a .edu email address in order to join and communication was generally limited to other people having emails with the same domain name. More recently, Facebook’s growth strategy is almost the opposite of that original strategy. It now encourages everyone to join and create relationships that did not previously exist. An inflexible TOS and PP may not have permitted that strategic change in direction.

Contrast that business scenario with the PP policy of the former eToys.com website. It read in part:

eToys respects your privacy. We do not sell, rent, loan or transfer any personal information regarding our customers or their kids to any unrelated third parties. Any information you give us about yourself or your kids is held with the utmost care and security and will not be used in ways to which you have not consented.

At a quick glance, that seems a respectable policy. However, the company went bankrupt. As the customer data was one of the valuable remaining assets in the bankruptcy estate, there was a dispute over the sale of the eToy.com customer list. In other words, the documents affected the ability of investors, creditors, and successors to recover value.

The potential reach of the documents as a whole (as well as the language of the above section) is further highlighted by the recent purchase of the free to use OkCupid.com dating website by the paid use Match.com website. If OkCupid had a privacy policy of similar to that of the above quoted eToy privacy policy, there may be questions whether Match.com is an “unrelated third party,” impacting any possible integration plans. In addition to the legal question, there would be a business valuation question for OkCupid and Match if OkCupid had been marketed with a strong privacy expection. OkCupid users may then leave in droves, decreasing the potential value of OKCupid to Match.com.

Marketing
It may seem counterintuitive, but the TOS and PP can support (or detract from) your marketing efforts. Currently, the industry trend is to move to the cloud. However, two key reasons why businesses are hesitant to move to the cloud are downtime and data access/use concerns. A cloud service provider of B2B applications where users enter valuable, sensitive business data has a more compelling message when it can state that the privacy policy explicitly states that business data will only be used for the purpose of the application and will not be processed individually or in the aggregate for marketing purposes.

Ethics
Again, it may seem counterintuitive that the TOS and PP dating can indicate the culture of a company, but podcast and technology guru Leo Laporte deactivated his Facebook account citing poor privacy control for a user account and stating that Facebook had incentive to not provide strong privacy (Note: he has since recreated a Facebook account). Yours truly only maintains test accounts on Facebook for similar reasons. In fact, Facebook’s privacy issues lead to startup Diaspora’s raising of ~ $200,000 based on creating a privacy oriented distributed social network. (Edit: And that little project called Google+)

A more pointed illustration of lack of ethics illustrated via the TOS and PP was shown in some now defunct dating websites. Those websites would send messages to male subscribers of the website that appeared to be from interested women. A few jilted men suspected that the messages weren’t from interested women and complained to the website operators suspecting that it was a ruse to entice them to sustain their subscriptions. The website “customer service” pointed those men to the terms of service, which stated that messages may be sent through the system from “likenesses” (read non-existent women) based on those men’s profiles and interests…. Those “unique” terms may be enforceable, but they are still ethically questionable. You can imagine that reputation of the company.

Conclusion
The above illustrations aren’t to endorse one approach over another but they should highlight that even though the terms of service and privacy policy are “contracts,” they should drafted to reflect the legal, business, marketing, and ethical goals of your company. Are your TOS and PP  Google’s Terms, StartPage’s Policy, Twitter’s Terms, or your own terms?

Myths Regarding Integrating Internet Data Into Applications

Lookin’ for information on a chemical, well there’s a database for that. Looking for barcode information, well there’s a database for that. Lookin’ for a local restaurant, … you get the point. There is a lot of useful published data available on the internet in a convenient format. And there are lot of potential applications out there hoping to make that data even more useful.

In questions/comments after presentations, phone calls, intellectual property inventories, due diligence, and even on the internet (gasp!), I have heard many tales regarding use, reuse, and commercial use of published internet data. Frequently someone asserts that integration of the internet data into an application is a non-issue because it is posted on the internet. Some of the various reasons given include:

  • The data was made available for download.
  • The data was changed by 10/20/30 per cent.
  • The data was posted in XML format.
  • The data was semantically marked.
  • The data was reformatted.
  • The data didn’t have a copyright notice.
  • The creator of the data couldn’t be located.

Generally, a content creator has rights in original works as soon as it is saved. And generally these rights include exclusivity in copying the content, distributing the content, and creating derivatives of the content. In other words, if rights vest, the content creator substantially controls the use of the data. For these reasons the blanket statements above are myths.

It may be that the published internet data may not be be eligible for protection or have a very limited scope of protection. It may also be true that the content creator doesn’t care how the data is used or that it may licensed for commercial use. However, just because data is published on the internet, available for download, or accessible in a convenient format does not in and of itself mean that it is available for use in an application. Not only might the possibly impermissible use lead to the failure of your application, it may lead to liability for copyright infringement or violation of the terms of service. Due diligence should be performed before integrating the published data into an application. You should at least analyze whether the data is subject to copyright, whether there is a fair use of that data, whether it is being used in violation of the terms of service, or whether you are knowingly accepting some risk.

Startup Myth – First Come First Served for Domain Names

Frequently I encounter businesses seeking to protect a brand name. In discussing the actions taken to date taken, owners frequently state that they have registered the domain name corresponding to the desired brand name. Frequently, they believe that their name is “reserved” or protected because they have already successfully reserved the domain name. It is also often stated that because they were the first registrant of the domain name that they may do as they please with the domain name. Two common  incorrect beliefs include that one is entitled to operate a website with the domain name or freely sell the domain name. This is often not the case.  Just because one registers a domain first does not mean that the domain name can be lawfully used or sold. Not only does merely registering a domain name frequently confer only limited rights in the domain name or the underlying name, it is also possible that use of the registered domain name may lead to negative consequences.

The most known scenario is where one registers a domain name which is substantially a name in which another party has rights. If I (somehow) was the first registrant and operator of ibm.com, it would not be of much value. Ignoring the .com domain suffix, the relevant part of the domain name just contains the “IBM” trademark. Most people understand and agree that there could be trouble in this scenario, as IBM is a household name. However, most domain name registrants don’t realize that this scenario can occur with lesser known brand names as well. So being the first to register a lesser known domain name may place one in the same questionable situation.

A lesser known scenario is where one registers and uses a name which is similar to the name in which another party has rights. If I sought to register ibmsoftwaresolutions.com, my status as the first registrant of the domain name is again not very helpful in establishing rights in a “IBM software solutions” brand name nor in operating a similarly named website. Again this may not seem surprising using the IBM name as the context. However, as above, this scenario can occur with lesser known brand names as well.

There are times when registering a domain name may be helpful in establishing some level of rights, but being the first to register a domain name does not automatically lead to superior rights in the domain name or in the words contained in the domain name. Use of that domain name or attempted sale of the domain name can lead to loss of goodwill in the name, cease and desist letters, domain name arbitration, trademark actions, or anticybersquatting protection act claims, among possible consequences.