Video: 3 trademark essentials for your business

Here are three key ideas for selecting and protecting your company’s trademark:

(1) choose a distinctive mark that is not descriptive,

(2) conduct clearance so that you will not infringe, and

(3) seek registration with the United States Patent and Trademark Office.

Malware detection software provider gets important victory allowing it to flag unwanted driver installer

Despite a recent Ninth Circuit decision denying immunity to malware detection software for targeting competitor’s software, court holds that Section 230 protected Malwarebytes from liability for designating software driver program as potentially unwanted program.

Plaintiff provided software that works in real time in the background of the operating system to optimize processing and locate and install missing and outdated software drivers. Defendant provided malware detection software designed to scan consumer’s computers and to report potentially unwanted programs. After defendant’s software categorized plaintiff’s sofware as a potentially unwanted program, plaintiff sued, putting forth a number of business torts, including business disparagement, tortious interference and common law unfair competition.

Defendant moved to dismiss under 47 U.S.C. 230(c)(2)(B), which provides that no provider of an interactive computer service shall be held liable on account of any action taken to enable or make available others the technical means to restrict access to material that the provider deems to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.

The court granted the motion to dismiss, holding that Malwarebytes was immune from suit under Section 230. It differentiated the case from the Ninth Circuit’s recent decision in Enigma Software Group USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040 (9th Cir. 2019), in which the court held that Section 230 immunity did not protect Malwarebytes for designating a competitor’s anti-malware software as “otherwise objectionable”. In this case, the court found that plaintiff’s software did not make it a competitor to defendant. Since the parties were not direct competitors, the limitations on Section 230’s protection did not apply.

The case can be met with a bit of a sigh of relief to those who, along with Professor Goldman expressed concern that the Enigma case would make it more difficult for anti-malware providers to offer their services. Though Enigma did limit Section 230 protection for these vendors, this decision shows that Section 230 immunity in this space is not dead.  

Asurvio LP v. Malwarebytes, Inc., 2020 WL 1478345 (N.D. Cal. March 26, 2020)

Video: How to stop phishing using your company’s trademarks

COVID-19: Phishing is up since the beginning of the Coronavirus crisis began. Companies can file a straightforward action to stop fraudsters using domain names similar to the company’s trademark.

Related blog post: How companies can use their trademarks to combat COVID-19-related phishing

How companies can use their trademarks to combat COVID-19-related phishing

Straightforward out-of-court domain name proceeding can provide efficient relief against fraudulent websites and email.

Google has seen a steep rise amid the Coronavirus pandemic in new websites set up to engage in phishing (i.e. fraudulent attempts to obtain sensitive information such as usernames, passwords and financial details). Companies in all industries – not just the financial sector – are at risk from this nefarious practice. But one relatively simple out-of-court proceeding may provide relief.

Varieties of Phish Species

Phishing schemes can take a variety of forms. A fraudster may register a domain name similar to the company’s legitimate domain name and use it to send email messages to the company’s customers, requesting payment and providing wire instructions. Distracted or untrained customers who receive the email may unwittingly wire funds as instructed in the fraudulent email to an account owned by the criminal. Or the phishing party may set up a legitimate looking but fake website at a domain name similar to the company’s legitimate domain name, and direct users there to purportedly log in, thereby disclosing their usernames, passwords, and perhaps additional sensitive information.

Taking Sites Down with the UDRP

Everyone who registers a domain has to agree, by contract, to have disputes over the domain name’s ownership resolved through an administrative proceeding (similar to arbitration). The Uniform Domain Name Dispute Resolution Policy (UDRP) governs disputes over .com, .net, .org and many other domain name registrations. The World Intellectual Property Organization (WIPO) provides administrative panels who decide disputes under the UDRP. These are decided “on the papers” with each party having the opportunity to submit arguments and supporting documentation. The time and expense of a UDRP proceeding is a small fraction of what one sees in typical litigation – UDRP cases usually conclude within weeks, and generally cost a few thousand dollars.

The UDRP Frowns Upon Phishing

To be successful in bringing a UDRP proceeding, a party has to prove (1) that it owns a trademark that is identical or confusingly similar to the disputed domain name, (2) that the party that registered the disputed domain name has no rights or legitimate interests in the disputed domain name, and (3) that the disputed domain name was registered and has been used in bad faith.

UDRP panels typically show little tolerance for blatant phishing efforts. Companies bringing UDRP actions against registrants of domain names registered for phishing purposes enjoy a high rate of success. A good phishing effort (that is, “good” in the sense that the fake domain name succeeds in deceiving) will require using words similar to the company’s mark. So the first element is usually a low hurdle. On the second and third elements, UDRP panels are readily persuaded that a party using a disputed domain name for phishing gains no rights or legitimate interests, and demonstrates clear bad faith. “Using the disputed domain name to send fraudulent email is a strong example of bad faith under the [UDRP].” Samaritan’s Purse v. Domains By Proxy, LLC / Christopher Orientale NA, WIPO Case No. D2019-2403 

Technology vendors must be proactive in dealing with COVID-19 problems

Early action now on possible performance issues will “flatten the curve” of customer problems in the coming weeks and months. 

Here are three things technology and software vendors can do right now to get ahead of problems that may appear (if they are not already) with services such as development, implementation and support:

  • Check your contracts to see whether there are any “material assumptions” that have failed or will fail – perhaps because of some governmental action or unavailability of personnel.
  • Consider whether a change order would be appropriate to redefine the scope of services, timing for performance, or the fees to be charged.
  • See if any delay in your performance is excused on the basis of force majeure. If so, do you need to give notice to your customer that you are claiming force majeure?

Learn from IBM: Do what is required when there are failures of material assumptions.

In 2006, the State of Indiana signed a $1.3 billion contract with IBM to revamp the technology of the State’s welfare system. The economy went south in 2008. In the complicated breach of contract litigation that followed, IBM argued, among other things, that the economic downturn resulted in the failure of one of the material assumptions of the agreement. IBM urged the court to consider that failure of assumption when deciding whether IBM had materially breached its contract to develop and deploy the system.

The Indiana supreme court rejected IBM’s arguments. Why? Not because the economic downturn was not a failure of a material assumption. (It might have been.) Indeed, the contract specifically said that one of the parties’ material assumptions was that the economy would not take a downturn. But IBM did not do what the contract required in light of the downturn – it did not submit a change order request in response to the failure of the assumption, as the contract required.

Change orders anyway?

Even if your contract does not contain material assumptions, it may contain a procedure for procuring change orders. Parties include change order provisions so that they have an organized pathway for making changes to the scope, timing or pricing when circumstances – whether dramatic or trivial – change while the contract is being performed. Vendors should consider whether a simple change to the parties’ obligations can be made now to reduce bigger problems later. It is better for a ship to correct its course early in the journey rather than after many weary days at sea.

And from a practical, customer-focused perspective, the discussions around possible change orders gives a vendor the opportunity to communicate with its customer. This gives the vendor the chance to assure the customer that services are safe in the long run, and can work to build trust and goodwill that will be key in the further development and collaboration that is going to happen in the technology space once this COVID-19 episode has come to a close. 

Force majeure notice – it is critically important

In the litigation against the state of Indiana, IBM also claimed that severe flooding in the state in 2008 was a force majeure event that excused IBM’s performance. Again, as with the argument for failure of material assumption, IBM did not do what it was required to do under the terms of the contract to avail itself of this excuse in performance.

The court found that force majeure did not apply because IBM did not give appropriate notice as required under the agreement. This highlights a critical takeaway – if a vendor sees an upcoming need to claim that it cannot perform due to some circumstance arising from causes outside its control, it is better to place the customer on notice of that fact sooner rather than later.   

So, here are the key questions to ask right now:

  • Has a material assumption failed? If so, what must I do?
  • Would a request for change order be appropriate?
  • What do I need to do before claiming force majeure?

Being proactive now, in the early stages of the COVID-19 crisis, will – just as in the epidemiological context – flatten the curve of problems later.

State of Indiana v. IBM Corp., 51 N.E.3d 150 (Ind. 2016)

Breaking a contract because of COVID-19 – force majeure and other issues

Changing market and other economic situations will no doubt put many parties in the situation of not being able to perform under the contracts they’ve entered into. Below is a brief video outlining the doctrines of:

  • force majeure
  • frustration of purpose
  • impossibility

During this lockdown I hope to generate more content like this. Please like and subscribe! Thanks. 

Ninth Circuit: Section 230 barred tortious interference claim

Amazon.com scored a Ninth Circuit win on Section 230 grounds when the court affirmed the lower court’s summary judgment against a pro se plaintiff’s claim against Amazon for tortious interference with prospective and actual business relations, and interference with an economic advantage. The claim apparently arose out of a third party posting a review on Amazon that plaintiff did not like. Citing to Barnes v. Yahoo!, Inc., 570 F.3d 1096 (9th Cir. 2009), the court observed that the Communications Decency Act (at Section 230(c)(1)) provides immunity from liability if a claim “inherently requires the court to treat the defendant as the ‘publisher or speaker’ of content provided by another.” Plaintiff had failed to raise a genuine dispute of material fact as to whether Amazon was not a publisher or speaker of content within the meaning of Section 230.

Sen v. Amazon.com, 2020 WL 708701 (9th Cir. February 12, 2020)

Facebook hacking that causes emotional distress – does the CFAA provide recovery?

A recent federal case from Virginia provides information on the types of “losses” that are actionable under the federal anti-hacking statute, the Computer Fraud and Abuse Act (“CFAA”).

Unauthorized Access Under the Computer Fraud and Abuse Act

Underlying facts

Plaintiff worked as a campaign manager, communications director and private sector employee of a Virginia state legislator. While plaintiff was in the hospital, defendant allegedly, without authorization, accessed plaintiff’s Facebook, Gmail and Google Docs accounts, and tried to access her Wells Fargo online account.

Plaintiff’s lawsuit

Plaintiff sued, alleging a number of claims, among them a claim for violation of the CFAA. Defendant moved to dismiss. Although the court denied the motion to dismiss on other grounds, it held that plaintiff’s alleged emotional distress was not the type of “loss” that is actionable under the CFAA.

Loss under the CFAA

One can bring a civil action under the CFAA if the defendant’s alleged conduct involves certain factors. One of those factors, set out at 18 U.S.C. § 1030(c)(4)(A)(i)(II), provides recovery if there is “the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals”.

Plaintiff alleged that defendant’s unauthorized access and attempted access to her accounts caused her to sustain a “loss” under this definition because it caused her to suffer emotional distress for which she needed to seek counseling.

The court disagreed with plaintiff’s assertions. Essentially, the court held, the modification of or impairment of a plaintiff’s treatment must be based on impairment due to the ability to access or used deleted or corrupted medical records. As an example – this was not in the court’s opinion but is provided by the author of this post – one might be able to state a claim if, for example, medical records were modified by a hacker to change prescription information. Further, the court held, to recover under the relevant provision of the CFAA, a defendant’s violation must modify or impair an individual’s medical treatment as it already exists, not merely cause the plaintiff mental pain and suffering that requires additional care.

Hains v. Adams, 2019 WL 5929259 (E.D. Virginia, November 12, 2019)

Real estate brokerage may be liable for its agent’s copyright infringement

Case underscores reason why companies using independent contractors should consider negotiating provisions that require those independent contractors to indemnify the company in the event of third party intellectual property claims.

Plaintiff’s claims

Plaintiff photographer sued a real estate brokerage firm and the firm’s independent agent who published on her brokerage-branded website one of plaintiff’s photos without authorization. Plaintiff asserted a direct infringement claim against the agent, and a vicarious infringement claim against the brokerage. Defendant brokerage firm moved to dismiss for failure to state a claim. The court denied the motion.

vicarious copyright liability

Elements of vicarious copyright infringement

To state a claim for vicarious copyright infringement, in addition to stating a claim for direct infringement by the agent, the plaintiff had to successfully plead that the brokerage (1) had a direct financial interest in the appearance of the infringing photo on its agent’s website, and (2) had the right and ability to supervise the infringing activity.

The court’s decision

On the first element of vicarious copyright infringement, the court found that plaintiff adequately alleged that defendant brokerage had a direct financial interest in defendant agent’s use of the photo on her website. Defendant agent was defendant brokerage’s sponsored agent, and it was plausible that her use of the photo to enhance the appeal of her website provided both defendant agent and defendant brokerage with a direct financial benefit in the form of increased business.

As for the second element – right and ability to supervise – the court found that plaintiff’s undisputed allegation that defendant agent was a licensed real estate agent under defendant brokerage’s sponsorship, coupled with defendant brokerage’s statutory obligation to supervise defendant agent’s actions, were sufficient to state a plausible claim that defendant brokerage had the right and ability to supervise defendant agent’s infringing activity.

The parties disputed the level of supervision and control that defendant brokerage had, and the “right and ability” to exercise control over defendant agent’s activity on her website.

Plaintiff asserted that the website was one published by the defendant brokerage, while the defendant brokerage disclaimed all responsibility for the website. Yet regardless of which party actually exercised direct control over the website, the fact remained – in the court’s view – that defendant agent carried out the alleged copyright infringement on the website under the auspices of defendant brokerage’s sponsorship, and defendant brokerage had a statutory obligation to supervise her conduct as a sponsored agent.

Moreover, although defendant agent could hypothetically continue her alleged infringement in a different setting were defendant brokerage to terminate her sponsorship, the undisputed fact that defendant brokerage could have terminated her sponsorship lent further support to the inference that defendant brokerage had the right and ability to supervise defendant agent’s infringing acts.

Stross v. PR Advisors, LLC, 2019 WL 5697225 (N.D. Tex. October 31, 2019)