IP Advisor - February 2009

Even at this early stage, 2009 is shaping up to be a very challenging year for advertisers, particularly with the changeover to a new administration and changes to key leadership positions in Congress. Numerous legal and regulatory issues, such as green advertising, behavioral targeting and drug advertising, loom large for advertisers and their agencies. The following are some of the most significant of these issues likely to garner substantial attention this year.

Behavioral Targeting

The ability of advertisers to closely track consumers’ online behavior and to target advertising based on that information has generated hotly debated issues about consumer privacy and the safety of identifiable consumer information collected by advertisers. As more advertising dollars move to the online environment, this may well be the primary legal battleground facing advertisers in the coming years. The issues are likely to be fought on multiple fronts, including the Congress, state legislatures, the courts and the Federal Trade Commission (“FTC”).

Four of the leading advertising industry associations recently announced a self-regulatory initiative aimed at developing a set of principles to govern online behavioral advertising. In addition, expect the FTC to monitor industry practices with respect to: (i) full and clear disclosure about behavioral advertising; (ii) consumer control over the use of behavioral advertising; (iii) obtaining affirmative express consent from consumers; (iv) treatment of sensitive behavioral information; and (v) storage and retention policies regarding consumer information.

Key issues likely to be debated over the coming year will be whether industry self regulation is sufficient, whether “opt-out” or “opt-in” will become the method by which to obtain consumer consent and how the requisite disclosures about the collection and use of consumer information must be written for lay consumers. In addition, expect consumer groups to push for a “Do Not Track” list similar to the “Do Not Call” initiative instituted by the FTC in recent years.

Green Advertising

Following a series of workshops held over the past year, the FTC is expected to announce early in 2009 revisions to its current guidelines (“Guides for the Use of Environmental Marketing Claims”) for green marketing. These guidelines, originally written in 1992, do not have the force of law and are not independently enforceable, but they are quite important as administrative interpretations of the law. The FTC workshops considered advertising claims regarding carbon offsets, renewable energy certificates and green packaging. Other key issues will be (i) the relevance of third-party certifications or other substantiation techniques for environmental marketing claims, and (ii) whether certain types of environmental claims will be prohibited outright or whether definitions will be provided that advertisers must adhere to when making such claims.

The FTC has taken note of the surge of green advertising over the past two years, and has also indicated that it is on the lookout for precedent-setting cases. In addition, expect increasing numbers of challenges by third-party watchdogs of potential “greenwashing” in environmental claims, which is already a very active field in many European jurisdictions.

Drug Advertising

Facing considerable pressure in the form of proposals to impose a multi-year moratorium on prescription drug advertising, in 2008 a group of major drug companies agreed to a six-month moratorium on new prescription drug advertisements, during which time doctors are to be educated about the medication. Notwithstanding the voluntary moratorium, drug advertisers should expect continued scrutiny and more restrictive proposals from congressional and Food and Drug Administration (“FDA”) critics. Likely to resurface are proposals for a three-year moratorium on advertisements for new prescription drugs, pre-clearance requirements for all direct-to-consumer advertising, and the use of symbols to indicate drugs that are new to the market. Also likely is congressional consideration of whether the FDA should be given jurisdiction of over-the-counter drug advertising, and further debate over promotion of off-label uses.

Endorsements and Testimonials

The FTC has proposed significant revisions to its guidelines, last updated in 1980, for the use of testimonials and endorsements in advertising, and is in the process of obtaining public comments on the proposed revisions. The FTC’s proposed revisions address consumer endorsements, expert endorsements, endorsements by organizations and disclosure of material connections between advertisers and endorsers. Among other things, the proposed revisions would heighten requirements for pre-publication substantiation of “generally expected results,” and would eliminate the current safe harbor that allows non-representative testimonial claims so long as the advertisement conspicuously states that the depicted results are not typical. If adopted in their current form, expect a significant First Amendment challenge from advertisers.

Search Engine Advertising Practices

Courts have rendered conflicting rulings regarding the legality of certain search engine advertising practices under trademark law. At issue are practices such as using another party’s trademark as a search term in search engine advertising to drive traffic to one’s own website, or using another’s trademark in one’s own website metadata for the same purpose. It is possible that only Supreme Court review of these issues will provide a definitive answer for advertisers. While a number of courts have held that “purchasing” a competitor’s trademark for use as a search term in search engine advertising implicates federal trademark law, the influential Second Circuit Court of Appeals has held that this practice is not a “use in commerce” of another’s trademark. Because Internet-based search advertising is inherently national in scope, it will be important for the courts to resolve this division of legal authority.

More Domain Names, and More Domain Name Disputes?

In the coming year, the Internet Corporation for Assigned Names and Numbers (“ICANN”) is expected to implement new rules that would substantially expand the availability of generic top level domain names, or “gTLDs.”  These rules will allow advertisers and others to register names in domains with any suffix, not simply, for example, .com or .net. Although this will substantially increase opportunities for advertisers to purchase domain names to expand their brand presence on the Internet, at the same time the process will inevitably spawn trademark-based disputes over such registrations, and will result in increased costs for advertisers to protect against cybersquatting and brand dilution. ICANN is expected this month to respond to concerns raised by advertisers during a public comment period, and to issue a new set of guidelines for implementation of the new rules.

Product Placements or “Embedded Advertising”

The Federal Communications Commission  has published a Notice of Inquiry and Notice of Proposed Rulemaking with respect to product placement and integration practices. Critics of product placement have proposed that disclosure of these practices should occur during the actual programming, for example, in the form of a simultaneous crawl or pop-up, rather than as a disclosure in the end credits. Advertising industry representatives have argued that no persuasive case has been made that additional regulation is necessary.

Children’s Food and Beverage Advertising

In 2008, a long-awaited FTC study regarding food and beverage advertising to children turned up a surprise, namely, that marketers were spending about $1.6 billion on such marketing, which was actually $8.4 billion less than watchdog organizations and congressional critics had believed was the case. And this figure was derived from a period before many advertisers had voluntarily undertaken to cease marketing to children. Nonetheless, some congressional critics of the industry maintained that the $1.6 billion was wrongly spent. Expect Congress to closely monitor industry participation in and compliance with the industry’s self-regulatory initiative (the “Children’s Food & Beverage Advertising Initiative”), and for continued pressure on the industry to do more. However, the industry’s self-regulation, and the possible First Amendment implications of mandatory restrictions, will likely prove enough to ward off anything more than congressional criticism this year.

Legal Ramifications of User-Generated Content

Advertisers have attempted to capitalize on the popularity of social networking sites, twittering and online communities – as well as the proliferation of user-generated content – by inviting consumers to create product and brand-related content. Legal issues can arise, however, such as when an advertisement is seen as disparaging a competitor’s product, or as making false claims about the advertiser’s product. In addition, advertisers need to be mindful that user-generated content may often incorporate trademarks or copyrighted content of third parties. Expect some test cases this year to establish the extent of an advertiser’s responsibility for user-generated content, and for further development of best practices for inviting or permitting consumers to provide such content.

Agency-Client Relationships

Agencies and advertisers will continue to explore alternative compensation models, as well as issues of ownership of creative materials and concepts (e.g., for ideas developed by the agency but not adopted by the advertiser). A recent industry survey identified intellectual property ownership as one of the top issues between agencies and clients and between agencies and production companies. This is particularly so as the vehicles for agency-created content become more diverse and include non-traditional advertising projects such as various forms of Internet advertising and broadband virals. As these issues are hashed out, look for agencies and their clients to also explore alternatives to commission or fee-based compensation models, including having the agency take partial equity ownership, or performance-based incentives to reward increased brand awareness or market share.

     
© The New Yorker Collection 1993 Peter Steiner from cartoonbank.com. All Rights Reserved.

As the cartoon says, “On the Internet, nobody knows you’re a dog.”  The apparent anonymity of Internet users can be a source of significant frustration to businesses that are exposed to a wide variety of anonymous or disguised threats or actions. The very anonymous nature of such threats often makes them seem impossible to address. Yet, through court-authorized investigations of illegal conduct, it is possible to unmask the “bad dogs” on the Internet.

Such anonymous harms can and have run the gamut, including the following circumstances:

• Posting insider information to a public message board
• Theft of corporate trade secrets or source code
• Unauthorized destruction of information
• Unauthorized access to private email
• Impersonating a corporate official
• Posting of proprietary source code on “open source” databases
• Unauthorized online use of trademarks or corporate identity
• Defamatory statements online or by email
• Unauthorized use of pirated software

Under these kinds of circumstances that can be deeply harmful and wrongful, aggrieved businesses and individuals cannot simply “let sleeping dogs lie.”  Rather, they must investigate the source of these activities. In these circumstances, businesses have increasingly used court-authorized discovery procedures to unmask these anonymous violators and thereby protect their legitimate interests. Despite the apparent anonymous nature of such activities, there are methods available to address the harmful circumstances described above.

Contrary to conventional wisdom, in fact, there usually is information available that can help to trace and identify the Internet’s anonymous actors. Internet protocol addresses – or IP addresses – can often be used like Caller ID to trace user activity. The computers that provide and facilitate Internet access often log and retain those IP addresses. And quite frequently, they also retain subscriber information that can enable investigators to tie those IP addresses to specific individuals.

So if the data is retained, why does the Internet seem so anonymous?  When the data is retained, it is usually in the hands of a third party, such as an Internet service provider (ISP). Those ISPs may have contractual privacy obligations to others, and thus may not be willing to share this data voluntarily. In such cases, by enlisting court-authorized discovery, legal counsel may help businesses trace malfeasance to its source.

To trace harmful activities to their sources, an aggrieved business should undertake five steps through its counsel: (i) file a valid complaint; (ii) request court-ordered discovery; (iii) notify the ISP of the court order; (iv) obtain information from the ISP; and (v) conduct any follow-up discovery requests as needed.

A pending lawsuit is typically the basis for obtaining court-authorized discovery. Thus, a preliminary step to receiving court authorization is to file a valid complaint in court. If a federal claim is made, such complaints may be filed in federal court. Since the identity of the defendant is unknown, the defendant is typically listed as “John Doe” or “Jane Doe.”  Indeed, such cases are sometimes known as “John Doe” lawsuits. (In cases where there appears to be multiple defendants, they are listed as, for instance, “John Does 1-150.”)

The victim would then request authorization for an appropriate court order or subpoena in order to obtain the information sought, and provide the basis for why such a court order or subpoena is necessary. Since the discovery is needed to identify the actual defendant to the litigation, it is usually reasonable to make this request.

• Nevertheless, since no defendant has yet been named in a case, such requests are still unconventional and, in the absence of any critical adversary, can receive enhanced judicial scrutiny. Moreover, certain courts have expressed concern – particularly in cases alleging defamation – that court-ordered discovery to identify the speaker of controversial anonymous statements might have an unintended “chilling” effect on freedom of speech. Thus, in requesting court-ordered discovery, many courts will consider a number of factors. These factors vary from jurisdiction to jurisdiction, and from court to court, but they often include inquiries into whether the requestor:
  
• Identified the actionable harm that the discovery will address
• Identified the ISPs or other sources of the discovery as specifically as possible
• Identified the information sought as specifically as possible
• Requested only information that is necessary for identifying the defendant
• Explored alternative means to obtain the requested information

When the ISPs or other sources of information are subject to specific legal regimes, they may insist that the court specifically tailor its approval of discovery to those legal protections. For example, many cable companies provide Internet services, and thus act as ISPs, and they often claim that their management of personal information is governed by the protections and obligations of federal cable laws. Thus, they sometimes insist on a particularized court order directed to those laws.

Those seeking court-ordered discovery must also attend to other practical concerns. For instance, many ISPs routinely write over their logs every 30, 60 or 90 days. Thus, it is often prudent to seek court-ordered discovery as quickly as possible. Additionally, under some circumstances, discovery from one ISP will lead the investigation not to the perpetrator, but to a second ISP, and additional discovery will be necessary from the second ISP. To the extent the requestor anticipates such “follow-on” discovery, he or she can seek authorization for discovery from the second ISP from the outset.

Because of the legal scrutiny and the practical issues, companies often use internal or public resources and information to supplement or focus court-authorized discovery. For example, where a computer hacker accesses a company’s computer system from a particular IP address, a company’s own logs might identify an employee who regularly accesses his email address from that same IP address. In that instance, it may not be necessary even to seek court-ordered discovery.

Typically, after an investigator works through these issues, an ISP may supply the requested information. As a result, the victim often is able to identify the apparent wrongdoer. Once the wrongdoers are identified, of course, the victim has a full range of options – for instance, it may choose to name the wrongdoer as a defendant in the lawsuit, or it may choose to contact them and resolve the matter privately.

By employing court-ordered discovery, businesses can make sure their rights are protected from harms perpetrated by anonymous actors. Experienced counsel can successfully and efficiently obtain court-ordered discovery to identify those who seek to act anonymously on the Internet and to make sure that “every dog has his day.”  By anticipating the legal issues and the practical challenges, court-ordered discovery can provide a quick and economical antidote to the anonymity that might otherwise shield those who cause so many Internet-oriented harms.

Copyright infringement liability is one of the most publicized and potentially costly legal risks facing online video sites, social networks and other Internet sites which enable and commercialize “user-generated” content. Whether launching, operating, investing in or planning an acquisition of an online business involving user-generated content, there is some risk that such a business could attract copyright infringement lawsuits. New media, social networking, gaming and Internet companies (and venture capital and private equity firms that invest in such companies) are advised to adopt practical strategies for minimizing risk exposure to copyright infringement and other liability arising from user-generated content.

Section 512(c) of the Digital Millennium Copyright Act (“DMCA”) provides online service providers with defenses against claims of copyright infringement liability for the infringing acts of end users. Qualifying for eligibility under this “safe harbor” is the most effective strategy for minimizing copyright infringement liability, but failing to qualify for this “safe harbor” does not mean an online service provider is necessarily liable for infringement as other defenses (e.g., fair use) may apply.

To help avoid lawsuits involving user-generated content, here are 10 steps to help online service providers navigate into the safe harbor provided by Section 512(c) of the DMCA: 

1. Designate a DMCA Agent with the Copyright Office 

Designating an agent to receive notices of claimed copyright infringement with the U.S. Copyright Office is straightforward (mail in/deliver a form which contains identification and contact information) and inexpensive ($80 filing fee). The individual chosen should be knowledgeable about the DMCA procedures. The DMCA imposes brief times to respond to DMCA compliant notices of infringement, so consider also appointing an alternate agent who has been trained and can act in compliance with the DMCA’s requirements in the event that the designated agent is temporarily unable to do so.

2. Have a Working DMCA Notification System 

Online businesses should include the following information in their websites’ publicly available terms of use: (i) name and contact information of a designated agent to receive notifications of claimed infringement and (ii) how and where copyright owners can send DMCA compliant notices of claimed infringement.

3. Have a Reasonable Process for Dealing with DMCA Notices and Terminate Repeat Infringers

Adopt, reasonably implement and inform subscribers of a policy providing that the company may, when appropriate, terminate the accounts of repeat infringers. Create a written policy that sets out clear guidelines for suspending and terminating the accounts of subscribers who infringe on the company’s website and include the repeat infringer termination policy in the site’s terms of use. The DMCA does not state what “reasonably implemented” means and a variety of procedures for dealing with DMCA compliant notifications are permitted provided the service provider (i) terminates users who repeatedly or blatantly infringe and (ii) does not actively prevent copyright owners from collecting information needed to issue a DMCA compliant notification.

Below are components of a policy that the court in Io Group. v. Veoh Networks recently held to be “reasonably implemented”:    

• Respond to each infringement notice within a few days of receipt
• Issue users a warning for first time upload of infringing content
• Terminate the account of any user who has previously received a warning if notice is received that user has uploaded infringing content
• Block and/or disable all content provided by user terminated for repeat infringement
• Block repeat infringer’s email address to prevent establishment of new account under same email address
• Generate “hash” or digital fingerprint for each video file and use that   technology to terminate access to other identical files and prevent additional identical files from being uploaded
  

4. If a DMCA Compliant Notice is Received, Quickly Take Down Infringing Content

Establish, implement and document procedures which include (i) consistent and prompt review of all notices of claimed infringement to determine whether such notices “substantially comply” with the informational and procedural requirements of the DMCA and (ii) expeditious removal or denying access to content identified as infringing in any such DMCA compliant notice. Time is of the essence so a removal or disabling of access within 24 hours is best, though a 48-72 hour period may be sufficient.

5. Do Not Turn a Blind Eye to Red Flags of Obvious Infringement

If there are blatant factors or “red flags” of obvious infringement, expeditiously remove or deny access to such materials.   Here are some examples of what might be considered “red flags” of obvious infringement: 

• Copyright notices that are prominently and consistently displayed in the content
• User statements indicating content is bootlegged or pirated
• Discussions amongst users on how the online business’ service can be used to circumvent copyright law
  

The DMCA does not impose any obligation on an online service provider to monitor and police its sites for infringing activity. Accordingly, many have criticized the “red flag” test as providing a disincentive for service providers to take technologically reasonable and feasible measures to prevent infringing files from being made available.

6. Consider Using Fingerprinting, Filtering and/or Other Technology

Myspace, YouTube, Veoh and other top providers of user-generated online content have implemented copyright protection technologies such as digital fingerprinting and content filtering in an effort to block clips containing infringing materials. Though there is debate on the effectiveness of these technologies, given their widespread use and support among top publishers, service providers should strongly consider implementing such technologies as part of a market-based approach for protecting copyright. When implementing any such technology, do so uniformly (i.e., do not discriminate between different sets of content) and consistently in order to steer clear of knowledge by willful blindness.

7. Notify Uploader of Take Down; If Uploader Files Counternotice, Reinstate Content After 10-Day “Quiet” Waiting Period

In an effort to prevent copyright owners from abusively or mistakenly demanding the removal of non-infringing materials, the DMCA requires online service providers to notify the uploader of a removal of content and provide them with an opportunity to send a counternotice to challenge such removal. Here is how to satisfy this counternotice and reinstatement requirement:

• Promptly notify in writing the uploader whose content has been eliminated
• If a counternotice is received from the uploader, forward a copy to sender of the original takedown notice along with a letter indicating that the removed content will be replaced or access to it will be restored in 10 business days unless a notice of court action seeking to restrain the infringing activity is received 
• Unless notice of court action is received, replace removed content or stop blocking access to it within 10-14 business days following receipt of the counternotice. If such notice of court proceeding is received do not repost the content
  

Service providers are not required to evaluate or determine whether the DMCA complaint was made in good faith or whether the subject content makes fair use of copyright.

8. Content Must Be Stored at the Direction of the User

Only material residing on a service provider’s system or network that is stored at the discretion of a user is eligible for the safe harbor under the DMCA. Recent cases such as Io v. Veoh and UMG Recordings v. Veoh have analyzed this concept of the DMCA and held that performing the following activities, which facilitate user access to material on a service provider’s website, does not result in the loss of safe harbor protection: (i) the automated process of encoding files to different formats (such as flash format); (ii) the creation of screenshots; (iii) the automatic creation of smaller chunks of uploaded video files; and (iv) allowing users to access streaming videos and download whole video files. However, a service provider would likely be precluded from safe harbor protection if it actively participates in or supervises the uploading of content, or previews or selects the files before the upload is completed.

9. Right and Ability to Control Infringing Activity

As the DMCA assumes that a service provider has control over its system or network, courts have held that the ability to “control” the infringing activity is something more than the ability to take down or block access to content. The “something more” concept has been found to exist in situations where the service provider (i) previewed content before posting, (ii) edited content descriptions, (iii) gave advice about content, (iv) controlled the content users chose to upload before it was uploaded, or (v) encouraged copyright infringement on its system. Service providers have no obligation to pre-screen any videos their users upload. Courts have held that the monitoring and/or reviewing by a service provider of its website to look for and remove obvious criminal and illegal activities or pornography does not amount to the ability to “control.”

10. Do Not Receive a Financial Benefit Directly Attributable to Infringing Activity Within the Company’s Control

If an online service provider has the right and ability to control infringing activity, it is eligible for the safe harbor if it does not receive a financial benefit directly attributable to such infringing activity. The “direct financial benefit” issue is complex and necessarily dependent on applicable facts and circumstances. Although this issue still remains to be clarified by the courts, Viacom has made arguments regarding direct financial benefit in its lawsuit against YouTube. To the extent that the Viacom v. YouTube case results in a decision, this issue would be one of the more interesting DMCA legal questions the case addresses.

Publications

Joel Lehrer published “Software and Business Method Patents, Post-Bilski,” in the December 12, 2008 issue of Mass High Tech.

James Fox and Deppa Nama published “Patent Infringement Issues Raised by Self-Replicating Inventions,” in the December 2008 issue of New Matter.

Jacqueline Klosek published “Competing Interests: Combating Piracy and Protecting Privacy,” as part of the BNA’s December 2008 IP & Technology Program.

Raivo A. Karmas published, respectively, Protecting Intellectual Property in Plants and Seeds and Enforcing Patents in the November/December and September/October issues of Cereal Foods World. These articles constitute the final articles (parts five and six) of the publication’s six-part series on patent law. Parts one through four, respectively, were “The Interplay Between Patents and Other Forms of Intellectual Property,” “Introduction to the United States Patent System,” “Anatomy of an Issued Patent” and “Obtaining a Patent.”

Deborah S. Birnbach, David Goldstone and Jacqueline Klosek published “New Regulations to Mandate Comprehensive Information Security Requirements Regulations to Take Effect January 1, 2009 Affecting All Entities with Personal Information of Massachusetts Residents,” in the November 2008 issue of Metropolitan Corporate Counsel.

James Fox published “Patent Infringement Issues Raised by Self-Replicating Inventions,” in the November 2008 issue of Intellectual Property Today.

Tom Scott, Steve Schreiner and Inge Osman published “Proscribed Conduct for Patent Holders Participating in Standard-Setting Organizations,” in the October 2008 issue of Intellectual Property & Technology Law Journal.

 

Upcoming Conferences

E-Marketing: IP Issues for Business Lawyers
Date: February 11, 2009
Location: Webcast
Jacqueline Klosek will be presenting at this ALI-ABA conference on e-marketing. This seminar will help business lawyers understand laws and regulations applicable to e-marketing, including Internet marketing laws, data privacy and security regulations, and laws on unfair competition and false advertising. The presenters – all specialists in the field of Internet privacy and marketing – will address how a consumer’s personal information can be gathered or used, and when it may not be disclosed. They will also explore state and federal regulations that govern Internet activities and the accompanying intellectual property issues.

Advanced Licensing Agreements 2009
Dates: February 26 - 27, 2009
Location: PLI Center, San Francisco, CA
This Practising Law Institute (PLI) program is designed to address some of the more complex and practical issues that arise in drafting and negotiating IP licenses, as well as tips to manage your patent portfolio to optimize sale or licensing. Ira Levy is chairing this seminar and presenting the “Litigation Planning for Licensing Lawyers” session.

Data Security and Identity Theft: Understand the New Requirements for Protecting Personal Information
Date: March 17, 2009
Location: MCLE Conference Center, Boston, MA (and via webcast)
This seminar, for which David Goldstone is on the faculty, will address the new requirements for protecting personal information in Massachusetts and in other states, best practices for compliance and avoiding liability, early experience in construction and enforcement, and other statutory considerations, such as anti-phishing laws.

The Growing State Role in Regulating Privacy and Data Security and
Cloud Computing and European Privacy Law
Date: April 1, 2009
Location: Crystal Gateway Marriott, Arlington, VA
Jacqueline Klosek will be presenting at the ABA IP spring meeting. The first session will examine the important role that states are playing in regulating  privacy and data security. It will focus on existing and proposed legislation in a number of key areas, including data security requirements, RFID, Internet privacy, social security number privacy and health information privacy. The second session will cover key privacy and security issues involved with cloud computing, with a particular focus international/cross border legal issues arising when the “cloud” is located in a foreign jurisdiction and/or where the data stored on the cloud concerns customers, employees and other individuals who reside in foreign countries.