| |
 |  |
 |              |  |
John Farmer's Column: 2002
Published in the Richmond Times-Dispatch Beware Domain-Name Cyber-Slamming Watch out for a relatively new Internet deception – switching domain name registration, or “cyber-slamming” in Web-speak. Many people are complaining about efforts to trick them into changing the registration of their Web domain names. Even savvy consumers are being fooled. To understand cyber-slamming, a little background on the domain name system is necessary. You don’t buy domain names, you rent them, usually for two or three years. If you fail to renew your registration, it eventually returns to the common pot for potential registration by someone else. For each top-level domain, such as .com or .net, one company operates as the registry for that domain. It administers the leasing of domain names from the common pot, maintains an online directory of the registered owners of domain names (called a “whois” database) and grants licenses to other companies to lease domain names from the common pot. The companies that lease domain names to users are registrars. In some cases, a registry also functions as a registrar. For example, VeriSign operates the registry for .com and .net and leases such domain names to end-users. Usually, more than one company serves as a registrar for a type of domain name. Presently 116 companies compete to lease .com and .net registrations from the same common pot. Each registrar pays a wholesale price to VeriSign for the lease of the domain name and then marks up the price when reselling to the public. Some registrars compete on price while others compete on service and extras. Here domain-name registration resembles telephone service. In both instances, one company largely controls the technical infrastructure, but that company must allow other companies to buy services and resell them in competition with the infrastructure owner. In both cases, you can switch service providers without having to switch hardware; you just move your account from Company A to Company B. How the switch works Or sometimes Company B deceives you into switching your account. Everyone’s heard of telephone “slamming,” where a deceptive long-distance provider dupes someone into switching services. The same practice has arisen with domain names. Domain name registrars have been accused of pilfering customers of other registrars by misleading these customers into thinking they are just renewing their domain name registrations when, in fact, they are moving their registrations. Specifically, several domain name registrars, including major players such as VeriSign and Register.com, have been criticized for sending “Domain Name Expiration Notices” to other registrars’ customers. Such a notice, designed to look like a bill, warns that your registration is about to expire and that you need to pay that company immediately to renew the registration. You can view copies of such notices at DomainScams.com. Only in the fine print do such notices disclose that you will be transferring your domain name registration. Also, you usually have several months before your domain name registration will expire. It’s possible that a cyber-slammer’s rates might be lower than the rates charged by premium registrars. Yet, cyber-slamming can hurt a domain name holder. In addition to the possibility of higher fees, one could lose related services that sometimes come with a domain name, such as DNS hosting (telling the Internet where to find your e-mail server and/or Web site), Web site hosting and e-mail forwarding. Protecting yourself Fortunately, both the FTC and the United States Postal Inspection Service have begun taking steps to stop this practice, such as opening investigations of VeriSign’s marketing practices. Consumers who have been subject to any Internet-related scams can file complaints online with the FTC (at ftc.gov) and with the Postal Service (usps.com). Several registrars have sued VeriSign, and most of these suits have settled. Bulkregister.com, one of the plaintiffs, offers its former customers who were lured away reimbursement of the registration/transfer fee plus one extra year with Bulkregister.com for free. VeriSign also is being sued over this practice in at least one class action suit. Fortunately, this practice is easy to thwart. Most folks fall for it because they don’t know how domain name registration works. You should be able to spot cyber-slamming attempts by carefully reading “renewal” notices. Look for an indication that your domain name registration will be transferred. For those seeking greater security, services such as Afternic.com monitor domain name registration details and alert subscribers to any changes. Also, some registrars offer a lock service, which prevents a domain name from being transferred without the manual “unlocking” by the domain name holder. Transferring your domain name registration sometimes makes sense – better prices, better free add-ons or better service. But such transfers should be willing choices. Read the fine print, and you should be fine. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch Trademark Plan is Boon for Small Firms Perhaps the key achievement of the Industrial Revolution was the invention of the factory assembly line, which enabled manufacturers to make goods at a price affordable by average consumers. Henry Ford brought mass production to the automobile industry. Ford wanted to produce the first car “for the great multitude.” Ford’s company sold its first Model T, the 1909 model, for $850 (a little more than $15,500 in today’s dollars). He sold more than 10,000 of the 1909 model-year cars, a record for a single car model but far short of his goal. Looking for a cheaper method to produce Model T’s, Ford became the first to use an assembly line to build cars. After years of study, Ford broke down automobile assembly into 84 steps, with each worker participating in only one step. Using an automatic conveyor belt forced workers to complete their tasks quickly. The assembly line created great efficiency. By the end of 1913, Ford had reduced the time to manufacture the chassis from more than 12 hours to 93 minutes. By 1915, mass production had enabled Ford to sell a Model T for only $290 (a little over $4,900 in today’s dollars). That year alone, Ford sold 1 million Model T’s. Fragmented process Until now, the world of international trademark protection has been a lot like early car production: fragmented and inefficient. Trademarks are registered on a country-by-country basis. Aside from a European process, U.S. companies did not have a way to obtain broad international trademark registration in a simple, affordable process. In a boon for American small business, the United States recently joined an international scheme for obtaining trademark registration in many countries through one-stop shopping. This scheme, the Madrid Protocol, will greatly reduce the cost and hassle of obtaining trademark registration in other countries. The Madrid Protocol creates a central application process for seeking trademark registration in all member countries. U.S.-based companies should be able to use this process by November 2003. Most economically significant countries, such as the members of the European Community and Japan, are members of the protocol. Canada and Mexico have not joined yet, although they may do so soon now that the United States has joined. Currently, filing individual trademark-registration applications in multiple foreign countries is so time-consuming and expensive that many smaller businesses cannot afford to do so. This obstacle can dash a company’s plans for international expansion. In almost all of the rest of the world, the first person to apply to register a trademark gets that trademark. If a small U.S. company launches a brand-name product or service and finds some success, an opportunist in another country might spot that success. He could register a matching trademark in that country before the U.S. company can afford to apply for trademark registration outside of the United States. Saving time and money Using the Madrid Protocol will save U.S. businesses money and time. The International Trademark Association found that it costs about $14,000 in expenses and attorney fees to file for trademark registration in a sample of 10 countries. Under the Madrid Protocol, registration in the same 10 countries would cost about $4,700. Actual savings depends upon the countries selected. The main cost savings, though, will arise from lower costs to maintain trademark registrations and to make administrative changes to trademark documents. For example, a company that has a trademark registration in 15 countries would have to file an amendment with each country just to change its address, perhaps requiring the hiring of a lawyer in some countries. Under the Madrid Protocol, one can perform a name change with one form and a $100 filing fee. Using the Madrid Protocol also should speed up things. The protocol requires member countries to process centrally filed applications within 18 months, or within 25 months if someone objects to registration. Currently, some countries take four or more years to process applications. Not a cure-all The Madrid Protocol isn’t a panacea. For example, for U.S. users of the protocol, all international applications depend upon the U.S. application for five years. If the U.S. application fails or if the eventual U.S. trademark registration is revoked during the first five years, then related international applications filed under the protocol automatically fail too. In the event of such failure, there is a safety net. You can immediately file trademark applications in each country that you wanted to cover, and you can keep the advantages you gained with your earlier use of the Madrid Protocol. Yet doing so will mean additional hassle and expense. By 1927, the last year of Model T production, Ford produced a new car every 24 seconds. Hopefully, the Madrid Protocol will bring similar efficiency and availability to U.S. businesses seeking international trademark protection. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch Will New Regulations Mean Real Privacy? Next April, massive regulations on the privacy of health information take effect. Will they really give you more privacy and, if so, at what cost? The federal Health Insurance Portability and Accountability Act will require health-care providers and health insurers to follow rules governing the use and disclosure of individual health information. The act, known by the acronym HIPAA, will create the first nationwide, comprehensive scheme for protecting health privacy. What changes will you see? Mainly, a written privacy notice will confront you when you visit a doctor’s office or hospital. Expect to see it posted on the wall with copies available at the registration desk. You might be asked to sign it, although the act doesn’t require you to do so. This notice will be several pages long and difficult to digest in one reading. HIPAA requires health providers to give written notice of their privacy practices to their patients. This notice will tell you the details of your doctor’s health-information privacy practices and will tell you when your written authorization will be needed to use your health information for ancillary purposes, such as marketing other services to you. The notice will tell you that your health-care provider will not need written consent from you to use your health information to treat you, to interact with other doctors, to get paid (by your insurance company, for instance) or generally for that provider’s health-care operations. What if I don’t like what the notice says? What if you don’t like what the privacy policy says and want your medical information handled differently? For example, what if you don’t want test results reported to your health insurer? While you can request that an exception be made to the privacy policy for you, I predict most medical providers will reject most requests and only offer an informal effort to honor others. Keeping track of various special requests is hard and expensive. If you don’t like your doctor’s privacy practices, you could look for a doctor with a privacy policy that suits you. Yet, I expect most privacy policies will look similar. A proper privacy notice has to cover lots of HIPAA-mandated ground, and the lawyers drafting them will try to preserve maximum flexibility for their clients. Still, you will have some control over your privacy. For example, your doctor cannot withhold services just because you refuse to authorize an unnecessary use of your medical information, such as for marketing purposes. Will HIPAA give me more real privacy? HIPAA will give patients new rights. Among others, patients usually may inspect and copy their medical records, and they may request an accounting of all disclosures of their medical information occurring in the past six years. Yet, HIPAA won’t change much of the way medical information is handled. Doctors still can communicate with nurses, other doctors and hospitals to treat you. Medical practices still can communicate with your health insurers to get paid. A doctor’s office still can call to remind you of appointments. Also, HIPAA allows disclosure if state law mandates the disclosure, such as in reporting West Nile Virus to a public health agency or child abuse to social services. Thus, aside from more paper being shuffled, the public won’t see much change. Will HIPAA keep others from helping me? What if you want to pick up a prescription for your spouse? What if you want to help an elderly neighbor navigate the hospital obstacle course? Will HIPAA get in your way? Probably not, although that’s not certain. Under HIPAA, almost any adult can be someone else’s personal representative in the health-care process. The act allows personal representatives of the patient to have access to medical information when such access is directly relevant to the caregiver’s role. A health provider can withhold disclosure if doing so is in the patient’s best interest, such as cases of suspected child abuse. Still, HIPAA might make some doctors feel constrained from talking as much as before. A doctor concerned about a potential privacy lawsuit could decide that the layperson doesn’t need some medical information in order to assist the patient, even if knowing that information would enable the caregiver to be a more effective champion in the health-care process. Also, navigating a patient through the medical maze can require the tag-team efforts of many family members and friends. A doctor could become concerned that not everyone asking questions is a caregiver, making teamwork less available. Hippocrates advised doctors to help “or at least do no harm.” Recent amendments to HIPAA removed burdensome requirements for getting signed consents for most routine disclosures in the treatment and payment process, so much potential harm has been avoided. Yet, the tradeoff is that medical privacy will not change much from what we have today. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch Instant Messaging Saves Time for Many CompaniesWhat do the allied navy ships in Operation Enduring Freedom, e-Bay, and Merrill Lynch have in common? They all use enterprise instant messaging to stay in touch. Instant messaging (known as "IM") is the Internet equivalent of passing notes in class. IM differs from e-mail because IM occurs in real-time and allows users to see when others are online. According to Edward Isaacs, a senior network engineer and security consultant with Keane (an IT consultancy), IM moves quicker than e-mail because it either utilizes a single server that is configured for fast communication or, in some two-party communication, no server at all. By contrast, e-mail often runs through several slower servers. Aids productivity, slacking Businesses are learning what consumers already know -- IM can save time. For productive workers, IM can boost efficiency by enabling them to gather information quickly without losing time waiting for return e-mails and voicemails and without having to engage in the polite chitchat necessary in phone calls. But IM also enables a lazy employee to yak with buddies while appearing to work. Currently, according to the Meta Group (an IT consultancy), about 150 million people worldwide use IM for corporate and personal purposes. Of those, 5 million are business-sanctioned users, and the Meta Group estimates that number will reach 200 million by 2005. Wall Street financial firms have adopted IM to please their clients. CS First Boston, Goldman Sachs, JPMorgan, Lehman Brothers, Merrill Lynch, Morgan Stanley, Salomon Smith Barney, and UBS Warburg recently implemented an IM system that connects them to each other as well as 2,000 institutional investor clients. These investors demand IM so they can move transactions quickly while ducking the sales pitches. Technical issues If a company has many employees, unless that company has taken technical steps to block use of free IM systems, it's almost certain that some employees use IM at work. Free, consumer-oriented IM systems (AOL, ICQ, MSN messenger and Yahoo!) have invaded many workplaces. According to Isaacs, companies can stop most IM use by blocking certain computer ports. Savvy users can evade such limits, so to be free of unwanted IM, a company must tightly control what can be downloaded on its computers. Like e-mail, free IM can open the door for viruses and spyware. IM users often fall for "social engineering" - the intimacy of IM lulls them into accepting a download (such as a song) containing a harmful payload. Because free IM enables users to pick any online name, pretenders can dupe users. According to Isaacs, virus scan software can be configured to automatically scan attachments, whether attached to IM or e-mail. Yet most computer users don't set their virus scan software to do so and don't scan IM attachments at all. Also, free IM systems are not encrypted. Then again, most corporate e-mail isn't encrypted either. Still, some folks say things in the immediate and intimate environment of IM that they wouldn't say even in e-mail. Some companies utilize corporate IM packages, such as Lotus Sametime and Microsoft Exchange 2000 IM Service, to control these risks. Such corporate IM can be contained behind firewalls and encrypted. Also, corporate IM packages control username selection to prevent identity fraud. Also, corporate IM systems can be closed (permitting communication only with others in the company) or opened to only some other IM systems. Thus, it's possible to give employees IM access that's likely to be used for business purposes while blocking free IM systems and the cyberloafing they facilitate. Controlling legal risks As with e-mail and voicemail, IM creates the risk of recording improper conduct, which creates legal risks for employees and employers. It can provide a perfect record of harassment or discrimination, or of disloyal conduct or of theft of company property, such as trade secrets. Also, free IM systems can be used to trade unlawfully in copyrighted music files. To address such risks, corporate IM systems offer the ability to archive and monitor IM traffic (just like e-mail), so that managers can watch for improper conduct. Indeed, in some situations, management may have a legal duty to monitor IM traffic and take action if it suspects its employees are using IM for illegal activity. Indeed, in some industries, regulators require monitoring of IM. For example, the SEC requires logging and archiving of IMs by exchange members, brokers and dealers. Thus, employees using corporate IM systems should be on guard. The IM freeware ICQ stands for "I seek you." With corporate IM, perhaps that mantra should be "we watch you." By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch 38 Amendments May Be Recipe For SuccessSuccess rarely happens overnight, but with a little work, innovators can reap great rewards. Colonel Harland Sanders, for example, first served his chicken at a gas station he owned in Corbin, Ky. After 13 years of tweaking his chicken recipe numerous times, Colonel Sanders finally sold his first franchise to Salt Lake City's Pete Harman in August 1952. Sanders' chicken, coated with a blend of 11 herbs and spices, eventually gained national acceptance. Now, Kentucky Fried Chicken has 11,815 restaurants worldwide, does annual retail sales of $9.7 billion and serves nearly 8 million customers a day. The Uniform Computer Information Transactions Act, known by the acronym UCITA, has experienced a similar slow start. Virginia became the first state to approve UCITA, 10 years after it was first conceived. It turns out, though, that UCITA has not quite found its recipe for success. Thus far, Maryland is the only other state to adopt UCITA. In fact, three states have passed anti-UCITA legislation. Its opponents complain that UCITA lacks appropriate consumer protections and condones "buggy software." Of course, all software will have some bugs. As UCITA points out, Microsoft Word had about 10 million lines of code in the mid-1990s, compared with about 7 million parts in a commercial airliner, many of which don't move. To mollify those who had stymied UCITA, its drafters passed 38 amendments that may prove to be UCITA's secret recipe for success. What is UCITA? UCITA covers contracts that create, modify, transfer or license computer information, as well as online access contracts. Thus, when a consumer signs up for services with America Online or purchases a computer game, the transaction is subject to UCITA. UCITA's purpose is to provide a uniform contract law that answers questions that are unique to the computer information world. For example, if a software maker is flying on an airplane from Washington to Los Angeles and he transacts a deal on his laptop, what state's law applies? UCITA answers that question by allowing contracting parties to pick the state's law that they want to apply to their transaction, as long as the law chosen is commercially reasonable. Consumer protection UCITA concerns contract law. It's not a consumer protection statute, and UCITA (in a so-so fashion) has always stated that it does not displace any existing consumer protection statutes, albeit not clearly enough for its critics. Indeed, UCITA offers some consumer protections above and beyond existing contract law. For example, UCITA provides consumers with a cost-free right of return of the software if the consumer does not approve of the license terms. Various consumer groups have criticized UCITA for not being sufficiently protective of consumers. These critics assert that UCITA doesn't adequately protect the applicability of existing consumer-protection laws. Yet UCITA always has made plain that it does not displace any such laws. If anything, these consumer-protection laws need to be updated to cover the Internet age. Still, to put the issue to rest, UCITA's framers recently amended the act to make the applicability of consumer-protection laws clearer. UCITA now states beyond equivocation that consumer-protection laws trump any substantive provisions in UCITA. Critics also complain that UCITA doesn't prevent software makers from imposing terms strongly slanted toward the software company. That's true, but unless we are going to legislate away the ability of parties to negotiate contracts, that's how the world works. Changes made On Aug. 1, the framers of UCITA approved a list of 38 amendments written to clarify and fix some of the problems with UCITA. Because Virginia has enacted UCITA already, so the General Assembly will have to consider whether to adopt the changes. UCITA previously may have allowed software companies to restrict criticism of their software by its nonconsumer users. Many complained that this stifled competition and raised First Amendment concerns. An amendment now precludes software companies from restricting criticism. Previously, UCITA appeared to cover open-source software. If covered under UCITA, makers of open-source software would be required to supply warranties for their free products. Many worried that this would increase the cost for the software makers, thus discouraging free software distribution. UCITA now expressly eliminates noncontractual, open-source software from the scope of the act. Another amendment prohibits electronic self-help after contract breach in all circumstances. Electronic self-help is when software companies write programs to automatically shut down or destroy computer information after a contract is breached. Previously, software companies could use post-breach electronic self-help in some nonconsumer transactions. The remaining amendments add other consumer options, such as limited reverse engineering, and clarify hard-to-understand concepts in UCITA. Will these 38 amendments be the 11th ingredient in UCITA's recipe for success? That remains to be seen. If so, Virginia could be the next Pete Harman. He now owns 307 KFC stores in Utah, Colorado, Washington state and California. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch List of Safeguards Can Help Prevent You From Losing Web Domain NameIt's easy to lose control of your Web domain name. Consider the Web portal Excite. In 1999, someone used an e-mail trick to change the administrative record for the domain name Excite.com, which was maintained by a domain name registrar, Network Solutions (now part of VeriSign). They changed the record to make Jim Reardon, who had no relation to Excite or role in the stunt, the administrative contact. Reardon then had the power to redirect all Web traffic intended for Excite with a few mouse clicks. Fortunately for Excite, Reardon is an honorable person. He immediately contacted Excite and helped to get the domain back in Excite's hands. Excite had been easy prey. When the Excite team registered its domain name, it didn't use the heightened security features then offered by Network Solutions to prevent theft. All the prankster had to do was forge the source of an e-mail to Network Solutions so it appeared to emanate from Excite. How domain names are stolen You can lose a domain name by failure to renew it, by a mistake by the company that leased to you your domain name (the "registrar" in Webspeak) or by outright theft. Most domain name losses occur because of user carelessness. You don't buy domain names, you only rent them for a few years. If you don't pay to renew when the time comes, they eventually are returned to the pool and become available for someone else to register. Opportunists use computer-monitoring tools to grab and resell (or worse) good domain names the instant they become available. Careless domain name renters miss the opportunity to renew their registrations because they don't respond to e-mail or "snail mail" warnings of imminent expiration (it can look like spam or junk mail). Sometimes they move or change e-mail accounts but never change their contact information and, thus, don't get renewal notices. Less frequently, someone looking to direct traffic to a porn or gambling site hijacks the domain. The fraudster might do this by exploiting weak security at a domain name registrar or by faking credentials in an e-mail or fax used to switch control of the domain. How to protect yourself While no measures guarantee safety, using these safeguards will help prevent unintentional loss:
Fortunately, the governing body for the domain system, the Internet Corporation for Assigned Names and Numbers, soon may require all domain name registrars to deactivate expired domain names but not return them to the available-for-registration pool for 30 days. Having the Web site go dark and e-mail not work should tip off the user that the registration needs attention. What if you get burned? What can you do if you lose a valuable domain name? Contact your domain name registrar when trouble first appears. If your domain name gets fenced to an innocent purchaser, it may be gone forever. Harass your registrar ceaselessly. Persistence has paid off for other victims. Suing your domain name registrar probably won't work. Various legal theories have been tried against domain name registrars, and none has succeeded. These registrars insulate themselves from liability in their contracts. You may be able to sue the person who took your name and recover it. You might not find the thief, since most thieves use fake contact information. Yet, such use of fake information may give you grounds to use a special arbitration process to take back the domain name, if the name corresponds to a trademark you own. Yet, in the physical world, a burglar usually will move on from a house with locked doors, and alarm system and a big dog. The same strategy applies online, and online prevention is cheaper than feeding the dog. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch Federal Law Lets 'Vicarious Avenger' Right the Wrongs of Misleading AdsCanadian humorist and political commentator Steven Leacock once observed that "Advertising may be described as the science of arresting the human intelligence long enough to get money from it." Consider these examples: Tropicana once aired a commercial showing Olympic athlete Bruce Jenner squeezing juice from an orange into a carton while touting Tropicana orange juice as "pure pasteurized juice as it comes from the orange." While it gets hot in Florida, it doesn't get hot enough to pasteurize juice (heating it to about 200 degrees Fahrenheit) while it's still in the orange. Tropicana was forced to withdraw the commercial. A company called Breathassure marketed a product of the same name, claiming the product "worked with your digestive system" and "gets rid of bad breath for hours." Breathassure later conceded that its product didn't stop bad breath and that it was no more effective than drinking water. Johnson & Johnson-Merck Consumer Pharmaceuticals advertised that one of its antacid products, Mylanta Nighttime Strength, was "made just for" nighttime heartburn. Yet J&J had no evidence that this product was any more effective at night than during the day. J&J had to stop using the name. These advertisements have more in common than just being unsubstantiated claims. The Vicarious Avenger stopped all of them. Avenger helps consumers The Vicarious Avenger is a powerful fighter against false or misleading advertisements. Under our federal Lanham Act, a company has the power to obtain an injunction stopping false advertisements by competitors and to recover money damages for the harm caused. Unfortunately, this act does not permit consumers to use it when they have been victims of false advertisements. Instead, the act makes it relatively easy for competitors to get injunctions stopping such false ads. Courts have excused such offended competitors from having to carry many of the burdens plaintiffs usually carry. They do so because the courts characterize such suing competitors as "vicarious avengers" acting not only out of self-interest, but also on behalf of consumers. For example, if a wounded competitor proves that an ad's claim is literally false, generally the court will presume that the falsity misleads consumers and causes harm to competitors, and will issue an injunction stopping the ad. For example, Warner-Lambert, the maker of Certs, stopped the Breathassure ads. In fact, in the case over Mylanta Nighttime Strength (decided just last month), a federal appeals court held that if the plaintiff has no research to back up its advertising claim, the court would presume that the advertisement is false. What kind of false claims can a Vicarious Avenger stop? Many kinds - false claims of product attributes, false claims about the products of others and false comparisons between products. If a competitor claims its product is better than yours, you can stop the ad by showing the advertised product isn't better. For example, in 1992 Castrol stopped Quaker State from running an ad in which Quaker State falsely claimed that its motor oil did a better job than Castrol's of protecting against engine wear. Doesn't ban mere puffery Also, if the advertiser claims that tests prove its product's superiority, you can stop the ad by showing the test wasn't reliable or didn't produce the results advertised. Castrol also used this rule to stop Quaker State's ads. The law doesn't ban mere puffery, perhaps because consumers are naturally skeptical of broad claims that a product is better, tastier or faster. The law only cares about material, specific facts that are measurable by research. For example, when Atari sued over 3DO's claim that its gaming system was "the most advanced home gaming system in the universe," the court labeled the boast mere puffery and declined to stop it. Indeed, it's rare to see an ad that names a competitor's product and claims superiority in a measurable way. It catches your eye - like the advertisements Oracle has been running comparing its products' performance and prevalence to Microsoft's and IBM's. Such ads are the legal equivalent of calling out your adversary for a rumble in the alley. Ultimately, though, if you have been the victim of the false ad of a competitor, you have to decide whether stopping the ad is worth investing the legal fees. You are not likely to recover your attorneys' fees when getting just an injunction. And to get money damages, you must meet a higher burden of proof. You must show that the plaintiff's false ads directly caused your lost profits. You also might be able to recover the cost of running corrective advertisements or even punitive damages, but most courts will first require proof that the advertiser intended to deceive, which is hard to do. Ultimately, dealing with such a lawsuit could cause you an upset stomach and restless nights. If only someone made a good nighttime antacid. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch Firms in U.S. Navigating an IT Passage to India
In May last year, The Economist magazine noted that General Electric (No. 6 in the Fortune 500) had more employees in India than in the United States. Information technology outsourcing has arrived. Outsourcing of IT functions to India by U.S. companies has mushroomed. India's association of IT companies, NASSCOM, estimates revenue to Indian companies from IT outsourcing grew 50 percent annually throughout the 1990s, reaching $8.3 billion and 400,000 Indian workers. Even with the American technology recession, NASSCOM estimates 30 percent growth will occur from March 2002 to 2003. According to Wired magazine, about 260 of the Fortune 1000 outsource some IT functions to India. While theydo not publicize it, several publicly traded companies headquartered in Virginia aggressively pursue outsourcing to India. "Outsourcing IT" is a catchall phrase for contracting out various services. These services include data entry; transcription (such as medical records); claims processing; call and e-mail response centers; computer user help desks; software application hosting, maintenance and development; and remote network management. Indeed, the new buzz-phrase is "business process outsourcing," vague jargon for taking any one of a company's business functions and hiring someone else to do it. Of course, lower cost entices many companies to India. Amazon.com cut customer service jobs in Seattle while adding them in Gurgaon, India via a contract partner. Various consultancies estimate the cost savings over using U.S. resources to be about 35 to 50 percent. But cost isn't the sole factor. Some U.S. companies report higher quality and faster turnaround from Indian companies than from American ones, perhaps because IT jobs disdained by U.S. workers, such as call center work, can be valued careers in India. India also produces more college graduates with IT credentials than the U.S.-50 percent more according to NASSCOM. Because India is 10 hours ahead of our East Coast, American companies can electronically send their IT problems to India at the end of the day and often have fixes sent back by the next morning. The sun never sets on the IT process. In addition, English is the IT language in India, a vestige of British colonial rule. In fact, Indian call centers often train their workers to fabricate American accents, interests and even names. Some Indian companies push their workers to watch "Friends." Outsourcing to India also presents different and greater risks than outsourcing to a U.S. company. Some risks can be overcome or reduced by contracts and relationship structuring.
They also negotiate agreements barring the Indian company from performing similar work for competitors, to prevent even unintentional diffusion of secrets. Beyond these biggies, American companies also must pay special attention to their own compliance with U.S. laws limiting export of some kinds of technology (such as high-powered encryption). They must watch out for unfamiliar Indian taxes. And they should protect their ability to withdraw if the Indian company changes control, because of the difference in quality between Indian vendors. While some American workers fret about cheaper Indian labor, India worries about China. Chinese workers lack a key competency - widespread, strong English language skills, especially in speaking. Also, NASSCOM claims Chinese wages for comparable IT jobs are 15 percent to 20 percent higher than Indian wages - a statistic worthy of skepticism. Even if that's true, China has some budding advantages. NASSCOM acknowledges that China has 200 million telephone landlines and about 110 million mobile phones in use, versus 32 million landlines and 5.5 million mobile phones in India. Also, general Indian infrastructure is weak. India's IT companies commonly build their own roads, back-up power supplies and (in the Paharpur Business Center) even clean their own air because of the heavily polluted surroundings. Today, many Indian IT workers in the United States jokingly refer to "B2B" as "back to Bangalore" because of the U.S. tech slump and Indian tech rise. Someday, that may refer to "back to Beijing." By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch What Will be the Legal Fate of the Napster Replacements?The recording industry used powerful United States copyright laws to bury Napster. Now Napster's successors are facilitating the swapping of more music than Napster achieved at its high point. Will the recording industry succeed in using the law to kill these offspring? The Death of NapsterTo discuss the fate of later-generation music swapping services, you have to understand why Napster lost. Napster was a centralized directory of the music files located on the hard drives of Napster users who were connected to the Internet. Napster created software that individuals could use to read the Napster directory, to list songs in it, and to download songs listed there. Napster itself didn't store music files. When an individual chose a song from the directory, the download occurred directly between the requesting computer and the computer holding the music file (a "peer-to-peer" transaction). Still, the central directory made the connection possible. The Recording Industry Association of America attacked Napster successfully. The RIAA persuaded a federal court that Napster knew of the extensive use of Napster's network to commit copyright infringement, and that it could have done something to stop it but didn't until it was too late. This knowledge and failure to act stripped Napster of a shield, contained in the Digital Millennium Copyright Act, that protects online service providers from liability for the copyright infringement committed by its users. Without this shield, Napster had no serious defenses. The Second Generation - GnutellaLike Napster, the Gnutella network enables its users to download files directly from each other. While most folks use Gnutella to find music, it can swap many kinds of files. Unlike Napster, no central directory exists. Instead, each user queries other computers on the Internet as to whether they have Gnutella software and whether they have files to share. This inquiry spreads across the Internet in a viral manner. Various companies have acquired the Gnutella software and posted it for download under different names, such as Gnucleus, Bearshare, LimeWire and Morpheus. These systems all tap into the same network of Gnutella users. Because no central directory exists, there is no central point to attack. Even if the recording industry could sue to death all of the present Gnutella download sites, two new ones probably would pop up for every one dispatched. As long as users have Gnutella software on their PC's, the network exists. This leaves the recording industry with two unsavory options. It could launch counter-technology to overwhelm the Gnutella network with download requests, or flood the network with bad files, or post harmful files to scare off users. Doing so could create lawsuits against the recording industry and potentially could damage computer systems. Alternatively, the recording industry could sue people who download music illegally. Many believe that the music industry won't sue its potential customers. But physical stores seek criminal prosecution for shoplifters. As CD sales continue to decline, the recording industry might become more aggressive. The Third Generation -- FastTrackGnutella has unsatisfying characteristics - file searches don't reach extensively through its network, and downloads can be slow and often disconnect mid-stream. The third generation - FastTrack - attempts to overcome these problems by moving back partially to a centralized system. Presently, FastTrack is available under two brands - KaZaA and Grokster. Morpheus was part of the FastTrack network until recently, when a licensing dispute caused it to convert to Gnutella. The key function to FastTrack is a network of regional directories called "supernodes." Somehow, FastTrack designates some users' PC's as supernodes. When you submit a file query to the FastTrack network, your request asks the nearest supernodes whether they have what you seek, and these supernodes in turn query both the computers within their domain and other supernodes. Thus, a search for a file reaches farther through the network. In addition, FastTrack enables users to download the same file from multiple sources and to resume failed downloads. But has this move back toward centralization made FastTrack vulnerable to the legal attack that decked Napster? Perhaps not, because FastTrack might be beyond the effective reach of U.S. law. Grokster is based on the island of Nevis in the West Indies. (Ironically, America's most entrepreneurial founding father, Alexander Hamilton, was born on Nevis.) KaZaA operates in Australia. If the legal heat rises in these places, these networks could move to any third-world outpost. If the RIAA somehow can make the result of U.S. litigation stick against FastTrack, it might win. Even if KaZaA and Grokster don't maintain a central directory of postings, presumably they could use the FastTrack software to find the Internet Protocol address of users posting obviously copyrighted songs (every computer connected to the Internet has a unique IP address). If they can identify those using their networks for infringement, even if only by IP addresses, and don't take action to cut them off, then they are acting in the way that lead to Napster's legal demise. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch Anti-Copying Software for CDs Creates Backlash from Consumers, CongressmanCharley Pride always has been a path breaker. In the 1960s he became country music's first black star and now is the only black member of the Country Music Hall of Fame. Recently he became the first U.S. recording artist to release a music CD using anti-copying software ("Charley Pride - A Tribute to Jim Reeves"). Use of such copy protection signals a technological counterattack by the recording industry in the online music wars. The record labels are attempting to stanch the flow of music from store-bought CDs to online file-sharing networks such as Morpheus. In the process, they have gotten many CD buyers and at least one congressman mad. It's now commonplace for a CD purchaser to do more than just listen to the disc. The user often loads the CD onto his computer using "ripper" software. Most new computers contain such software built-in (it's part of Windows Media Player), or you can download free ripper software (which also contains an electronic jukebox) from sites such as Winamp, Audiograbber and Music-Match. From there, the user's options are as boundless as the Internet. A personal 'radio station'You can rip many CDs, hit the shuffle button, et voila!, you have a personal "radio station." If you save your music in an acceptable format (usually MP3), you can load songs onto portable digital music player (iPod or Rio, for example). For those who disregard copyright laws, you can offer up your music for swap with others through download networks. To keep music bottled up on your CD, some record companies now sporadically use software that blocks effective copying from the original CD. Several brands of anti-copying software have achieved some usage with no dominant player yet emerging - Digital Shield, SafeAudio, key2Audio and MediaCloq (pronounced "Media Cloak," Charley Pride's choice). The record labels have not disclosed much information regarding their use of such software; indeed, sometimes individual CDs don't disclose its use at all. A purchaser sued Charley Pride because his CD cover simply stated that it was "designed to play in standard CD audio players only." The case settled with a requirement that the label contain a more detailed disclosure. To see whether a CD contains such software, check the message board at FatChucks.com. Inserting errorsHow does it work? The patent applications for such software indicate that these copy protection measures typically insert errors in the writing of the music to the CD that a conventional CD player can ignore but that a PC cannot ignore. Such technology is only in the test-market phase, and the testing has gone poorly. Sometimes these CDs won't play on some standard CD players or on other devices that have an ancillary ability to play music CDs, like game consoles. But music consumers want more than bug-free playability - they want to make copies. Indeed, in an open letter to the Recording Industry Association of America, Rep. Rick Boucher, D-9th, recently questioned whether use of copy-protection software violates the federal Audio Home Recording Act. It doesn't. The AHRA protects individuals from copyright infringement liability if they make limited copies of purchased music for personal use. But the AHRA does not create any right to copy music. Citing the Fair Use DoctrineReaching beyond the AHRA, some argue that the Fair Use Doctrine in copyright law requires music sellers to leave their products technologically available for copying. This doctrine permits some duplication of copyrighted material for purposes such as news reporting, criticism, teaching and research. While one can debate whether ripping a CD constitutes fair use, this doctrine only shields one from copyright infringement liability. It creates no positive right to copy. Overall, there is no such concept in our law as "copyduty" - a legal requirement that music (or any other work) be kept susceptible to copying. In fact, the opposite is true. Congress amended the copyright law in 1998 (with the Digital Millennium Copyright Act) to make it illegal to defeat the technological controls on software. Proposed changesThis law may change. Boucher plans to submit a bill amending it to make it lawful to defeat anti-copying software for the purpose of making legal copies, such as copies protected by the Fair Use Doctrine. Such an amendment would take the law out of the technological battle between music producers and music-hungry geeks. Even if Boucher's bill fails, the marketplace may force the same result. Hackers will find ways to rip CDs despite copy protection software. Violating the Digital Millennium Copyright Act won't deter them because such folks already engage in massive copyright infringement through use of online file-sharing services. To respond, the music industry is fiddling with "digital rights management" software, which would allow some copying and transferring of music files while blocking unlimited dissemination. The industry faces a challenge, though, because unprotected music always will leak out somewhere, and it's tough to beat free. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch Is the Business Software Alliance's Bite as Fierce as its Advertised Bark?Should your company fear the Business Software Alliance and, if so, how much? The BSA is a coalition of the world's largest software manufacturers, such as Microsoft and IBM. Its most visible purpose is to combat the illegal copying of its members' software. The BSA's mere existence demonstrates how much the computing world's view of software has changed. In 1957, IBM introduced its FORTRAN programming language by giving it away to its largest computer hardware customers - aircraft makers and the like. Ironically, IBM called this customer group "SHARE," a word software makers rarely use today in association with their products. Nowadays, the BSA trumpets its antipiracy program. It warns sternly of the penalties available for copyright infringement. If you infringe someone's copyright by making an unauthorized copy of software, under federal law you can be ordered to pay damages of up to $150,000 for each piece of software. Seven regions targetedBrandishing this legal club, the BSA recently targeted seven regions of the United States for increased anti-piracy publicity, including Richmond and Hampton Roads. The BSA extensively advertised a "software grace period" for Richmond and Hampton Roads for January 2002. Under this program, a business could report itself to the BSA and use January to procure sufficient software licenses. In return, the BSA promised not to pursue a piracy claim against that business if it got legal by the end of January. Now that the grace period is over, we wait to see whether the BSA's bite will be as fierce as its bark. The BSA harnesses the power of workplace displeasure. Its ads solicit tips from disgruntled employees, no doubt successfully. Small staff to process tipsYet, the BSA does not have a large staff to process these tips. The BSA indicates it has only 12 people "involved in enforcement" in the United States, all located in Washington. The BSA claims to multiply this force by using eight law firms to pursue infringers. Some media speculation exists as to whether the BSA has the power to take infringers to court. Only the copyright owner of software can sue for illegal copying unless that owner has delegated its authority to someone else. I found no reported cases of the BSA suing someone for copyright infringement. The BSA responds that it has "power of attorney" to file suit against infringers and, if it does so, it sues in the name of the software company affected. That explains why the BSA does not appear in case reports. Yet, working this way conceals how often the BSA files suit. The BSA claims it does not file many lawsuits because the companies it contacts usually cooperate. That makes sense, because a company probably will not have a good defense if it has made too many copies of software. To raise its intimidation level, the BSA sometimes publicly posts the scalp of a business it has pursued successfully for piracy. Making an exampleTypically, the BSA targets a small or medium-sized business and forces it to pay a couple or several hundred thousand dollars in software license fees and penalties. Unfortunately, these reports do not indicate the extensiveness or willfulness of the piracy. Regardless, because of the expense of hiring attorneys, no doubt these businesses spent more money to fix the problem than they would have spent to avoid it. The BSA hints that these settlements tend to be two to four times the cost of acting legally. Overall, some BSA watchers contend that the BSA does not pursue all of the piracy leads it generates and that the BSA's primary activity is intimidation via advertising rather than enforcement. The BSA responds that it "pursued" over 1,100 cases last year (what constitutes pursuing a case is fuzzy) and that it pursues every good lead. Because the BSA does not publish statistics on piracy reports and its enforcement activities, it's hard to make an assessment. Still, the BSA likely will take some action in the wake of its recent grace period. Appropriate responseIf your company gets a menacing letter from the BSA, so what should it do?
The BSA touts software called "GASP" that allows you to self-audit your software usage (it's available at bsagrace.org). Yet, to download this software, you must provide identifying information. The BSA states that it doesn't get any information back from use of the software, although the download terms do not make this clear. Until the BSA clarifies its terms, I would not use this software. Don't get the wrong impression. Copyright infringement is theft. But if your business finds itself in the spotlight, take the time to respond thoughtfully. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Published in the Richmond Times-Dispatch Does the U.S. Constitution Allow States to Have Laws Exiling Spam?The French playwright Moliere once wrote "Nearly all men die of their remedies and not of their illnesses." In the realm of medicine, this phrase once was almost universally true. For example, our first president, George Washington, died in 1799, purportedly from a severe throat infection. Yet, Washington's doctors had drained about five pints of his blood during the day before his death. Since an average adult male (admittedly smaller than the 6-foot, 3-inch Washington) has only about 12 pints in him, Washington may have died before his time. Considering Moliere's statement more broadly, one reasonably can ask whether the spate of state laws attacking e-mail spam do more constitutional harm than annoyance-saving good. Technological failureDespite such laws and the technological resources dedicated to fighting spam, it grows in inboxes like kudzu. For example, Microsoft Outlook allows you to build a list of undesirable e-mail sources, and it will label further e-mails from such sources as likely spam. Yet, if you use this feature, you'll spend more time supplementing your spam list than you would just deleting the spam. Additionally, most Internet service providers prohibit sending spam into or out of their networks. These ISPs use spammer lists (such as the controversial Realtime Blackhole List) to try to filter it out. They also employ rules for determining whether volumes of e-mail entering or leaving their domains are spam to be blocked. Yet, even AOL can't hinder the flow, because most spammers forge their e-mail headers and relay their spam through the mail servers of innocent bystanders. Doing so gives the appearance that the spam comes from somewhere other than its true origin, thereby ducking spam filters. Such filtering failures leave spam management to the e-mail user. Here, beware of how many spammers work. Any benevolent spammer will include a link in its e-mail that allows you to unsubscribe to future mailings. Unfortunately, using such links is like playing Russian roulette. An unscrupulous spammer will use your reply as a confirmation that it has found a working e-mail address and then will spam you more often. Also, many spam messages are HTML-based. When this is so, the spammer can include in its e-mail a Web bug - a tiny piece of software that enables the spammer to detect if you have opened the message. Opening the message can confirm to the spammer that it has hit a working e-mail address, which will result in your getting more spam. Thus, don't open suspicious e-mail. Just delete it. Constitutional challengesCurrently, 18 states have enacted anti-spam legislation. While these states' laws vary in their content, they often include one or more of these features:
Are these laws constitutional? After all, the First Amendment protects speech, even annoying advertisements. Also, the Constitution's Commerce Clause limits states' ability to enact laws restricting interstate commerce, and nothing is more interstate than the Internet. As for the First Amendment, the Constitution permits regulating commercial speech (speech intended to sell goods or services) as long as the government has a substantial interest in doing so and the restriction is narrowly tailored to fit that interest. Courts upheld laws banning junk commercial faxes against First Amendment challenges primarily because of the cost imposed on the recipients of junk faxes. Similarly, although a state might not be able to ban commercial spam constitutionally since it's not s costly to the recipient, most likely it can impose modest restrictions like the ones outlined above. Yet, if a state tries to restrict all spam, including messages concerning political or religious topics, such a law has little chance of withstanding constitutional review. Our courts apply strict scrutiny to laws that prohibit all speech and rarely uphold them. Then there's the Commerce Clause. Essentially, it permits a state to enact a law affecting interstate commerce only if such law does not overtly discriminate against out-of-staters and is not excessive in relation to its benefits. So far, the anti-spam laws of two states, California and Washington, have been tested on Commerce Clause grounds, and both survived. Most likely, state anti-spam laws will continue to pass Commerce Clause scrutiny as long as they remain reasonable in their prohibitions. Ultimately, though, law and technology have accomplished little. Spam still gets through. If you value your time, the technological and legal remedies for spam can't beat the delete key for efficiency. By John B. Farmer © 2002 Leading-Edge Law Group, PLC. All rights reserved. Your use of this Web site constitutes acceptance of our terms of use and privacy policy even if you choose not to view them. The information you obtain at this site is not, nor is it intended to be, legal advice. You should consult an attorney for individual advice regarding your own situation. | |