IP & the Internet

Secrets to a Successful Privacy Policy

Posted on by Rina Van Orden

Privacy policies may seem like a snooze, but they can actually be a key tool in protecting your business and communicating with customers.  A privacy policy explains your entity’s views and procedures regarding privacy and provides information about how you will use a website user’s personal information and/or data.  It also details the steps you take to maintain user information securely.

Privacy policies must:

  • Be specifically tailored to your industry, business, and circumstances
  • Have clear and accessible explanations understandable to the average consumer
  • Provide enough information that users have informed consent
  • Be strictly adhered to once published
  • Be updated to reflect any changes

A recent case underlines the importance of a well-crafted privacy policy.  In Carlsen v. GameStop, Inc., the plaintiff brought a lawsuit against GameStop regarding the video game retailer’s information sharing practices.[1]  The appeals court dismissed the plaintiff’s claims and proposed class action because of GameStop’s privacy policy.

The plaintiff subscribed to GameStop’s monthly publication Game Informer magazine, including both print and online versions.  GameStop provides a feature that allows subscribers to log in to the magazine content through their personal Facebook accounts.  The plaintiff filed suit because once he logged in to the magazine through Facebook, his Personal Facebook ID and Game Informer browsing history were transmitted to Facebook.

In order to access the online content of Game Informer, a subscriber must agree to the site’s terms and conditions, which includes GameStop’s privacy policy.  GameStop’s policy stated that “Game Informer does not share personal information with anyone.”

The court held that the transmission of Game Informer subscribers’ Facebook IDs and browsing history did not constitute “personal information” under GameStop’s privacy policy because these items were not included in the explicit list in the privacy policy detailing “personal information” and because the information at issue was not specifically solicited by Game Informer or voluntarily submitted in response to such a solicitation, as specified in the privacy policy.  Because the Facebook IDs and browsing history were not included in the privacy policy as protected personal information, GameStop did not act wrongly in sharing that information, and thus there was no breach of contract.  GamerStop’s clear and well-written policy was key in extricating GameStop from this lawsuit.

Privacy policies have become a common business practice for many websites.  These days, website users are keenly aware of privacy concerns and protective of their personal information.  The prevailing view is that a credible website will operate with at least minimal privacy standards in place.  Privacy policies are especially necessary when you are engaged in e-commerce or data collection.  If your prospective and current clients are likely to have concerns about privacy, then they will expect you to have a policy that details the various protections and procedures that you have in place.

Every website will have different elements to cover, and some websites will need more comprehensive policies than others. This is likely dependent on what kind of user information is collected and how much/to what extent it will be shared with third parties.

Regulated industries, like banking, medical, and others, are required by law to maintain a privacy policy that applies both on and off the internet.  Entities in these industries should address all issues covered under industry regulations in an online privacy policy as well.

We advise against copying a policy from another business, even if that business is similar to yours.  A poorly written or inapplicable policy taken from another website can expose you to liability.  You want to make sure that your privacy policy specifically covers the individual needs of your business.

Often websites will have full terms and conditions with a separate privacy policy integrated into the terms.  A privacy policy needs to be easy to understand even though it is a legal document.  Your policy should be also clearly and prominently displayed on your site and accessible from key pages like the homepage and shopping cart, if not every page.

You want to make sure that as your business or technology evolves (say you launch a related app or pair with a social media platform), your privacy policy is updated to address the same.  Anytime a change to your policy is made, you should provide clear notice to users and in some cases obtain consent from users for material changes.

Privacy policies typically include sections that address:

  • user information that is collected
  • method of collection
  • how that information is shared and/or stored

A policy should address not only the required personal information that a user enters into the website but also any data logged automatically by your website, application, servers, etc.  A privacy policy should also address any use of cookies.

Once you have a policy in place, it is essential that you abide it and make sure that your practices actually match the statements in your policy. Your policy creates a contract with your users. If your policy and practices do not align, you open yourself up to liability, both from lawsuits by users and actions by regulators like the FTC, who scrutinize unfair or deceptive trade practices.

If your website is directed toward children under the age of 13, additional requirements apply to your website under the Children’s Online Privacy Protection Act and should be detailed in your privacy policy.

As demonstrated by the GameStop case, a clear privacy policy drafted to meet your needs and circumstances can not only provide your users with a transparent explanation of your privacy practices, but also protect your entity from liability. — Rina Van Orden

[1] 833 F.3d 903 (8th Cir. 2016).

The Digital Millennium Copyright Act: The Copyright Office Examines Whether it Needs Revamping

Posted on by Stephanie Martinez

As most internet users of today know, music, videos, poems, photographs, and various other creative works are often posted on social media and other sites without the permission of the work’s creator.  These postings violate the creator’s exclusive right to distribute his or her own work, one of the central rights protected by copyright law and based on the Constitution.[1]  To address concerns of increasing copyright infringement online, Congress enacted the Digital Millennium Copyright Act (the “DMCA”) in 1998.  The DMCA allows copyright owners to submit takedown notices to internet service providers (who provide the platforms for postings, think YouTube, SoundCloud, Twitter, etc., abbreviated in this article to “ISPs”), demanding that access to an infringed work be blocked or the work removed.  In exchange for compliance with the DMCA and the swift removal of infringing materials, ISPs are exempted from liability for copyright infringement.

Although the DMCA may have provided a sufficient[2] remedy for copyright holders in 1998, copyright owners in recent years have complained that the increase in infringing posts resulting from the proliferation of user-upload sites such as eBay, SoundCloud, Vimeo, and others makes the takedown process onerous.  For example, since 2012 the music recording industry has sent takedown notices for over 17 million infringements.[3]  Google receives on average over 75 million URL takedown requests per month, and must use computer programs to sift through them all.[4] In response to the uproar from copyright holders, Congress has requested the Copyright Office conduct a study to determine the effectiveness of the DMCA.[5]  The study is currently ongoing, with the Copyright Office receiving more than 92,000 submissions in its first round of comments.[6]

In reviewing comments submitted during the first round, battle lines have clearly been drawn between the creators of works and ISPs.  In support of its position that the DMCA sufficiently protects the various parties’ interests, in its comment Amazon focused on the economic growth driven by the DMCA’s safe harbor provision, noting that, because of the safe harbor, ISPs have not been required to conduct the “difficult” task of policing posted content, a policy that has been “crucial to the growth of the Internet.”[7]  Amazon further asserted that the DMCA strikes “the right balance” between providing rights holders with the ability to remove infringing content while allowing ISPs the ability to “innovate and host ever-increasing amounts and types of content without fear of massive liability based on the activities of their users.”[8]  Other ISPs argue that, in fact, the takedown system is being abused, with a “guilty until proven innocent” approach often leading to misuse and overreach.[9]  One Google-backed study, conducted by the Berkeley School of Law, found that almost 30 percent of takedown requests received in a six month period had validity issues.[10]

Creators of copyrighted works, however, assert that the take down provisions are not an adequate deterrent to infringement, [11] particularly when a majority of takedown notices are for infringing uses previously the target of a notice.[12]  To counteract the cycle of takedown-repost-takedown, many creators are arguing for a “takedown, stay down” provision, which would allow copyright holders to submit a takedown notice for a work once with the expectation that the work never appear again on the same platform.[13]  Indeed, in support of its position that the DMCA needs strengthening, the Artists Rights Society argues that the current takedown provisions, contrary to Congressional intent, favor ISPs, who profit from infringing posts through listing fees, advertising, and/or increased traffic.[14]  To restore balance, the Artists Rights Society recommends that online service providers be required to pay a percentage of the quantifiable revenues received from an infringing third-party user to the copyright owner.[15]  The Artists Rights Society does not elaborate on how these fees would be collected and dispersed.

Taking a slightly different course from both their fellow creators and the ISPs, the American Photographic Artists (“APA”) propose turning the tables on the oft-anonymous infringers who are benefitting from, according to the APA, a “de facto immunity” under the DMCA.  This de facto immunity is the product of the high cost of pursing a copyright infringement claim and the potentially low damages return (particularly for unregistered works),[16] making the pursuit of infringers essentially pointless.  Although it does not appear from its comment that the APA is advocating for one particular measure to shift the risk of infringement, one possibility the APA discusses is requiring an infringer to reimburse the copyright holder’s costs spent on a takedown.[17]

As the Copyright Office weighs these competing interests, it will also need to keep in mind how evolving technology may continue to impact takedown proceedings.  We will keep you updated on developments as the Copyright Office prepares its report. — Stephanie Martinez

 

[1] 17 U.S.C. § 106; U.S. Const. art. I § 8 cl. 8.

[2] Many would argue the DMCA never worked well and was instead poorly thought out and poorly executed.  See Chris Mills, These Three Dumb Examples Prove that Copyright Is Broken, BGR (May 24, 2016), http://bgr.com/2016/05/24/dmca-abuse-copyright-issues/.

[3] Randolph J. May & Seth L. Cooper, Copyright ‘Notice and Takedown’ System Needs Fixing (May 9, 2016) http://thehill.com/blogs/pundits-blog/technology/279179-copyright-notice-and-takedown-system-needs-fixing.

[4] Google, Transparency Report, https://www.google.com/transparencyreport/removals/copyright/.  Requests sent to Google are to remove links from Google’s search results due to infringing content on the website, not to remove the allegedly infringing content from the site itself.

[5] See United States Copyright Office, Section 512 Study, http://www.copyright.gov/policy/section512/.

[6] See United States Copryight Office, Requests for Public Comments: Digital Millennium Copyright Act Safe Harbor Provisions, https://www.regulations.gov/#!docketBrowser;rpp=25;so=ASC;sb=title;po=0;dct=PS;D=COLC-2015-0013;refD=COLC-2015-0013-0002.

[7] Amazon.com, Inc., Section 512 Study: Notice Docket No. USCO-2015-7 and Request for Public Comment, p. 3.

[8] Id.

[9] Caroline Craig, DMCA ‘Reform’ Harbors Return of SOPA, InfoWorld (May 20, 2016), http://www.infoworld.com/article/3072456/internet/dmca-reform-bill-harbors-return-of-sopa.html.

[10] Id.; Jennifer M. Urban, Joe Karaganis, & Brianna L. Shofield, Notice and Takedown In Everyday Practice, 11 (2016), available at http://poseidon01.ssrn.com/delivery.php?ID=847004104083015079003097000087118126055092036006058054127082102102096125010084120011039049035031006028001088081018024096080127018007025078012087102086098102098094112018040048025114126122121121117028006069023030065090123077101074065106086070087025106064&EXT=pdf.

[11] See American Photographic Artists, Inc., Initial Response to Notice of Inquiry 78 F.R. 13094 (Docket No 2015-7) Section 512 Study: Notice and Request For Public Comment, p. 2.

[12] In fact, the Federation of the Phonographic Industry has reported that 94% of its takedown notices are for “recordings uploaded repeatedly” to sites already notified of the infringing posting.  Randolph J. May & Seth L. Cooper, Copyright ‘Notice and Takedown’ System Needs Fixing, The Hill (May 9, 2016), http://thehill.com/blogs/pundits-blog/technology/279179-copyright-notice-and-takedown-system-needs-fixing.

[13] TorrentFreak, Ten Websites Hit With 70M DMCA Complaints In A Year, TorrentFreak (May 29, 2016), https://torrentfreak.com/ten-websites-hit-with-70m-dmca-complaints-in-a-year-160529/.

[14] See Artists Rights Society, Comments of Artists Rights Society, p. 2.

[15] Id.

[16] See American Photographic Artists, Inc., Initial Response to Notice of Inquiry 78 F.R. 13094 (Docket No 2015-7) Section 512 Study: Notice and Request For Public Comment, p. 3.

[17] Id.

Using New Domain Extensions to Your Brand’s Advantage

Posted on by Rina Van Orden

Registrations for new generic Top Level Domains (“gTLDs”) have topped 13 million.  As the use of new domain extensions becomes more prevalent, questions commonly arise about how search engines treat them and how large brands and marketing companies are using them.  Some misconceptions about the power of a new domain extension to improve SEO and ranking in search engine results have developed, but new domain extensions can be put to valuable use.

In a frequently re-posted blog post, Google has detailed how it handles new domain extensions. The search engine treats “new gTLDs like other gTLDs (like .com & .org)” and has no current plans to change its algorithm in order to favor new domain extensions.  The good news is that Google will return search results with new domain extensions just as readily as .com, .net, etc.  Google looks at new domain extensions more like additional options, and thus, an entity should register whatever domains fit its own specific long-term needs.  Over time, the algorithm will begin to recognize shifts in gTLDs, as it has previously.  For example, .co was once the country code for Colombia. Now .co is commonly used around the world to signify company or commerce and thus Google’s algorithm has evolved to no longer treat .co as specific to Colombia.  Even though Google’s algorithm does not explicitly favor anything to the right of the dot, use of a new domain extension can help increase reliability for your site and those searching for it, send a specific message to consumers, and develop your brand’s web presence.

More Names to Go Around

For the most part, the release of the new domain extensions has not resulted in a “land grab” targeting companies with well-known domains, perhaps simply because there are too many possible domain names.  It’s impractical for cybersquatters to buy and lock up all possible similar domains with the intent of selling them later.  This means that an entity looking for its name has a much higher probability of finding an available option using a new domain extension.

New domain extensions may be most appealing where the .com of the brand’s company name or acronym is already taken or the brand’s name is a common word with multiple meanings. One article cites ‘Lily,’ the world’s first self-flying camera drone, as a prime example.[1]  When the drone was created, Lily.com had already been registered by Lily Transportation Corp. Plus, the term ‘Lily’ has numerous meanings, including as a first name, the flower, or even a town. That’s why the robotics team responsible for Lily opted to secure lily.camera — both to differentiate its domain name from others and to provide a clear message of what the site is all about.

If you plan on communicating with your customers primarily through an app interface and your desired .com is already taken, selecting a relevant domain using a new domain extension can be just as effective.  For example, social networking app Whisper could not get its corresponding .com, so instead uses Whisper.sh. Even without the .com, a simple Google search for Whisper ranks it at the top of the results.

ccTLDs & Local Geo-Targeting

Notably, one type of domain extension that may have some effect on search results is country-code top level domains (ccTLDs) because they are used in geo-targeting. Google uses most ccTLDs to geo-target the website because the website is probably more relevant in the appropriate country.  For small businesses concerned with generating a more local reach, taking advantage of local domain extensions may be very valuable.  A ccTLDs shows search engines and users where the website originates, and this will likely have an effect on search rankings.  Thus, if all else is equal, the website travel.nz will most likely rank higher in the search engine results for a user in New Zealand than travel.com or travel.us. Notably, new domain extensions have been created for cities like Las Vegas, New York, Boston, and Miami (as well as cities abroad like London, Paris, Istanbul, Tokyo, and Sydney). Though the city extensions are currently treated as gTLDs, these kinds of domain extensions may become the best way to target local consumers in the future if they also become geo-targeted, especially in the U.S., where the .us extension has not caught on.

If you are looking into country code or city domain extensions, you need to research the meaning of the domain extension that you think applies. For example, .ca is commonly mistaken as meaning California, but it is actually the country code for Canada. Thus, if a California company purchases a .ca domain with the mistaken belief that it represents California, it may be a wasted investment because Google will not geo-target the website correctly.  Another example is .de which signifies Germany, not Delaware.

Familiarity & Reliability

Trustworthiness is a key factor in search engine optimization (SEO). So in the future, once the majority of the websites using the extensions .architect or .accountant are in fact members of those professions, those domain names will become a signal to consumers that those domain extensions can be trusted, similar to the familiarity with and trust of .org and .edu. The same goes for custom brand name domains. If .HBO becomes the primary domain extension for the premium cable channel, then consumers will know that any .HBO site is put forth by .HBO, thus increasing its trustworthiness. To demonstrate this point, a number of highly-regulated domain extensions already exist.  If you want a domain that uses .bank, .dentist, or .law, for example, you must provide authorizations, licenses, and/or other necessary credentials required to be part of that industry or sector when registering that domain. Thus, a website using .law must have been registered by a licensed attorney.

Some commentators still believe that the .com is the “Holy Grail” for a company’s domain in the U.S., primarily because non-savvy Internet users know and trust .com as a website extension.  For many, .com adds legitimacy to sites, while an unknown or not readily recognized domain may raise concerns about spam, malware, viruses, privacy, identity theft, etc.  Consumers don’t inherently trust sites with unusual TLDs more than ones with more recognizable endings.  As an example, one study asked users if, based solely on the domain name, they were more likely to trust an insurance quote from a website ending in .insurance. 62 percent of Americans, 53 percent of Australians, and 67 percent of marketers said they were unlikely to trust the quote based on the domain alone.[2]  But as use of the new domain names spreads, users will become more comfortable with them.

New domain extensions may also cause concern where they indicate the website itself is new. While for some sites appearing less established can be a disadvantage, perception likely depends on the extension itself.  For example, extensions like .name, .rocks, and .cc have received bad press as being commonly used for spam.  But other new extensions have earned credibility with particular industries and types of entities and consumers.  For example, .io has gained a lot of traction for websites about computing and technology startups.[3]  In general, steer away from very generic new extensions such as .website, .company, and .country, and instead select something specific that directly relates to your brand.

Brand Management

Signals to ConsumersIn many cases, the new domain extensions can tell consumers what your site is about before they even click on it.  For example, a website that uses .pizza is probably all about pizza, and the .pizza will signal to consumers who are looking for where to order their next delicious pie that your site focuses on pizza before they even click on your link in the search results. Even celebrities are taking advantage of the new domain extensions for their causes and brands. Lady Gaga has registered bornthisway.foundation and Oprah has wherearetheynow.buzz.

The new domain extensions also allow companies with lengthy .com domain names to obtain a shortened version using a different gTLD.  Short domains can be useful for clients, marketing, and for platforms like Twitter.

Securing .[BRAND]Large companies that secure their names as a domain extension (e.g., .mcdonalds, .nike, .cocacola) can use them to create extremely targeted and specific websites for different consumer experiences, based on what the consumer is seeking.  For example, the National Football League can establish domains for specific teams, cities, or events using .NFL.  Macy’s could tailor specific pages to certain interests, such as Home.Macys, Shoes.Macys, or WeddingRegistry.Macys.  Securing a brand domain extension will also allow companies to determine if users are searching for a domain that does not yet exist and signal them to create one.  For example, if Disney has Shop.Disney and Movies.Disney but discovers that users are searching for Frozen.Disney and that page has not yet been developed, Disney can determine whether to create such a page in order to capture those users’ interest.

Brand domain extensions will also likely have the ability to offer greater security that is controlled by the company itself.  As one commentator stated, “[f]or financial institutions, insurance companies and pharmaceuticals, this will have great value if it’s executed properly. For everyone else, it offers something more to consumers in a security-conscious society.”[4]

URL Shorteners — URL shorteners are commonly used for branding purposes in social media. However, these shorteners are typically owned by another brand.  One of the most well-known and well-trusted is bit.ly.  But consider instead creating a consistent brand message by instead using a custom URL shortener through the new domain extensions.  A commonly used extension as a shortenter is .link. So, instead of employing an unbranded bit.ly link, HBO could use got.link for posts about Game of Thrones. For brand builders, these custom URL shorteners offer an inexpensive solution for maintaining brand consistency. Both generic extensions like .help and .link and targeted extensions like .food and .style can help brands specifically target the audience they are looking for.

Careful consideration and planning when deciding on new domain extensions to invest in can set you up for online marketing success. As the frontier of Internet marketing continues to develop, new domain extensions are likely to become an ever-more-present force tapped to spread a brand’s message. So make sure you settle on the right one(s) for your brand and keep an eye out for new possibilities in the future. — Rina Van Orden

 

[1] http://thenextweb.com/entrepreneur/2015/06/14/how-to-name-your-startup/.

[2] http://www.inc.com/peter-roesler/will-new-top-level-domains-matter-in-2015.html.

[3] https://iwantmyname.com/blog/2015/06/how-to-pick-the-right-domain-extension.html.

[4] https://searchenginewatch.com/sew/opinion/2429047/5-things-your-cmo-should-know-about-generic-top-level-domains-and-dot-brands.

Hot Off the 3D Printer: Infringing Printables Create New Challenges for Copyright Holders

Posted on by Noah Downs

Reproduction and dissemination of written works and 2D visual art like photos, drawings, and videos has become as easy as typing a few words into Google, finding your desire, and clicking “download.” The distribution can be nearly instantaneous. Copyright law has attempted to adapt to protect these works, and constructs such as the Digital Millennium Copyright Act (DMCA) give structure to the legal framework of the Internet.

Now, imagine if reproduction and dissemination of 3D products were that simple. For instance, you find an item you like on Amazon or eBay, click “print,” and have it appear next to you almost immediately. Such capabilities have always appeared to be a technology of the distant future — imagined in The Jetsons and Star Trek. Only in a space fantasy could Captain Jean-Luc Picard turn to a replicator device and say “Tea, Earl Gray, Hot” for a steaming mug of tea to instantly appear.

Surprisingly, this technology is here today. And it’s extremely accessible. 3D printing has rapidly evolved from a technology primarily used in industrial and medical settings to something available for home and personal use. Using digital modeling software, a user can design a product as simple as a cube or as complex as a fully-functional monkey wrench, click “print,” and have the product printed in minutes. 3D printing has evolved not just in the line of personal use, but also into other fields previously unimagined. In fact, architects can now design a home for a prospective homeowner, click “print,” and have that home printed within a few hours.[1]

3D printing capabilities raise endless questions for intellectual property attorneys.  First it may be helpful to understand why intellectual property protection is necessary in the first place. Intellectual property law serves to promote and protect innovation and creativity. Creators often make a substantial investment in the creation of their work and incur a much higher cost for creating the work than a second-comer who merely makes copies would. Without intellectual property protection, others could copy a work for a much lower (or even no) cost. For example, think of the long hours an author spends writing a novel. If anyone could then print a free copy of that novel without paying for it, the author would not have a chance to recoup her investment and may not be willing to invest further time and effort into creating more works. Knowing that your laborious creative endeavor could be freely appropriated by anyone else that comes along would leave little motivation for creators to continue creating. Thus, in order to incentivize creators, the law protects their right to develop their work for commercial gain and prevent copiers from doing so. In this way, creators are rewarded for the high costs of their creativity, and are able to fully harness their creations.

Unfortunately, copyright law has not yet caught up with the advances in 3D printing, leaving little specific guidance for tackling this new frontier. For the time being, intellectual property attorneys must apply older copyright cases and statutes that imperfectly fit the 3D printing world. For example, the Supreme Court ruled in the 1984 Sony v. Betamax case that although a VCR was capable of copying movies and television shows, the VCR was also capable of “substantial non-infringing purposes,” thus allowing VCR recording capabilities to remain in the hands of the masses. This result differs greatly from the case of Napster, the infamous peer-to-peer file sharing program that was initially shut down because the intended usage was found to be primarily for infringing purposes. The 3D printer likely falls squarely between these cases — when browsing leading 3D printing communities Thingiverse and Shapeways, a user finds as many Stormtroopers[2] and Iron Thrones[3] as original designs for items like cat battlearmor.[4]

The current framework of the DMCA creates difficulties for copyright owners of 3D works trying to have infringing copies taken down. Under the DMCA, Shapeways and Thingiverse may fall under a safe harbor provision that avoids infringement liability so long as they have a takedown policy and do not actively promote the infringement. The burden of enforcing rights falls on the copyright holder, who must search each site for copyrighted works and file takedown requests for each one or go after each individual infringer who uploads infringing content to the sites. The DMCA takedown policy is similarly employed on sites like YouTube, where infringing works are frequently uploaded.

However, unlike in the world of YouTube and digital music, the content on Shapeways and Thingiverse can allow for the creation of goods that affect and reduce a creator’s ability to fully exploit the fruits of their creative work. 3D printing allows users to create content and goods in the realm of the creator’s work that can completely replace a similar work of the creator. In the digital music world, if someone were to attempt to create a song in the style of Green Day, using similar sound and composition, or even identical lyrics, it would likely not be identified as Green Day music but rather as an imitation. By contrast, 3D printers are able to exploit a specific brand for commercial gain and cut into the monetization of the creator. For example, in the vast intellectual property pool behind Disney’s Frozen, a 3D printer could create a unique toy depicting a character from the movie and market it as a Frozen toy, competing with Disney’s other goods.

Recognizing the difficulty of copyright enforcement using the DMCA takedown notice, Hasbro teamed up with Shapeways in 2014 to create a different business model. Instead of going after infringers, Hasbro and Shapeways allow users with 3D printers to use certain Hasbro copyrights for a small fee in making figurines and fan art. This unique model has allowed Hasbro, Shapeways, and Shapeways users to profit from the creation and sale of these works, while reducing or removing the need for Hasbro to pursue copyright infringers. Essentially, Hasbro has made the potential infringer a part of the production team and is able to profit from its copyrights without production costs. Until copyright law catches up with 3D printing technology, partnerships such as that between Hasbro and Shapeways may be the way of choice for copyright holders to police their copyrights in the 3D printing world.

3D printing doesn’t just pose new questions for copyright law, but also for trade secret law. 3D printing is utilized by many manufacturing companies to create prototypes and mock-ups for proofs of concept and pitches. Often, these prototypes and mockups constitute a trade secret. However, researchers at the University of California, Irvine (“UCI”), have discovered a way to recreate a 3D-printed model based on the sounds the 3D printer makes when printing. The sounds of a 3D printer nozzle can be recorded and mapped based on their directional movements to and from the recording source. UCI researchers were able to recreate the 3D model by reverse engineering the sounds made during printing, thus putting carefully guarded trade secrets at risk of being revealed.[5]

Advances in technology (such as the VCR and Napster) have brought forth the most dramatic changes in copyright law and policy. But by the time laws regulating 3D printing come to pass, it is likely that new technology will be available to work around such laws, as was the case when the fall of Napster gave rise to new methods of illegal downloads such as bittorrent.  The question is whether the technology is driving the need for new regulation, or whether new regulation drives innovations in technology in order to work around the new laws. In the meantime, companies need to remain vigilant in their enforcement and innovative in their policies by working with intellectual property experts to protect their rights. — Noah Downs & Rina Van Orden

 

[1] See https://www.washingtonpost.com/news/innovations/wp/2015/02/05/yes-that-3d-printed-mansion-is-safe-to-live-in/.

[2] Stormtroopers are from the Star Wars universe and part of the extensive intellectual property holdings belonging to Disney.

[3] The design of the Iron Throne, made famous by the popular television show Game of Thrones, is owned by HBO.

[4] Cat battlearmor can be found at www.thingiverse.com/thing:1095858, and has over 9,000 downloads as of this article’s publication.

[5] See https://news.uci.edu/research/bad-vibrations-uci-researchers-find-security-breach-in-3-d-printing-process/.

Lead Generation: How Companies Mine for Your Data

Posted on by Stephanie Martinez

Most internet users today recognize that internet searching and website visits lead to data collection and targeted advertising. For example, a search for coffee makers on Amazon is likely to lead to coffee maker advertisements on Facebook. What may be surprising, however, is the value companies place on your information, and the many ways data collectors mine for consumer data.  Data collection, or lead generation, is estimated to be a multi-billion dollar industry,[1] with the largest industry player claiming to have, “on average, 1,500 pieces of information on more than 200 million Americans.”[2]

Lead generators obtain your information through a variety of sources. Perhaps the most well-known source is cookies, bits of information that are downloaded to your browser and can be used to determine when and where you saw an advertisement or what your interests might be based on the sites you visit. Lead generators also use less obvious sources, such as online fillable forms, including mortgage pre-qualification forms and online dating questionnaires, as well as “fun” surveys.[3] For example, the Huffington Post recently reported that a Google search for “McDonalds Jobs” resulted in an advertisement for the website <everyjobforme.com>, which linked to a form promising the user that it would “find McDonald Jobs near you” and requested the user’s name, zip code, and mobile number.[4] Once the personal information was entered, a recruiter for for-profit colleges would call regarding “educational opportunities.”[5] In addition, legitimate companies often grant third parties behind-the-scenes access to their websites, allowing these third parties to observe a visitor’s movement within the site.[6] A 60 Minutes report revealed that popular sites such as the New York Times’ website, among others, allow third party observers.[7] Finally, many retailers sell the data collected on consumers’ purchases, allowing lead generators to better understand what goods consumers are seeking and how to more effectively market those goods to individual consumers.

Currently, lead generation is a relatively unregulated industry, with little oversight from federal and state governments. In a 2013 review, the U.S. Government Accountability Office found there was no overarching federal law governing the collection of data or consumer privacy rights.[8] Instead, lead generation companies are governed through a patchwork of federal and state laws, as well as agency enforcement and self-regulation within the industry. One agency active in monitoring the lead generation industry is the Federal Trade Commission (FTC), which works to protect consumers from deceptive business practices. The FTC has used its administrative authority to fine lead generation companies for deceptive advertising, including a recent multi-million dollar settlement with multiple companies accused of unlawfully selling data obtained from payday loan applications, including social security numbers.[9] Some in the lead generation industry, however, believe that current FTC marketing guidelines are not being applied effectively and in some cases may even encourage misconduct.[10] The FTC is likely to update its guidelines soon to address these concerns. We will report further developments as they occur. — Stephanie Martinez


[1] Federal Trade Commission, Follow The Lead, An FTC Workshop on Lead Generation (Oct. 30, 2015), https://www.ftc.gov/system/files/documents/public_events/684511/leadgeneration-presentationslides_0.pdf.

[2] Steve Kroft, The Data Brokers: Selling Your Personal Information (Mar. 9, 2014), http://www.cbsnews.com/news/the-data-brokers-selling-your-personal-information/.

[3] Id.

[4] David Halperin, For-Profit College Recruiter Hides Behind McDonalds Arches, Huffington Post (Mar. 1, 2016, 4:54 PM), http://www.huffingtonpost.com/davidhalperin/for-profit-college-recrui_b_9359434.html.

[5] Id.

[6] Kroft, supra note 2.

[7] Id.

[8] U.S. Government Accountability Office, Information Resellers: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace (Sept. 25, 2013), http://www.gao.gov/products/GAO-13-663.

[9] Lexology, FTC Settles Charges with Data Brokers for Misuse of Consumer Data (Feb. 24, 2016), http://www.lexology.com/library/detail.aspx?g=2fa892c5-e828-4c28-8822-9505dc779005. The FTC has previously gone after other bad actors in the lead generation industry. In 2014 the FTC fined a mortgage lead generator $500,000 after it found that the company deceived potential borrowers with ads falsely claiming that borrowers could refinance their mortgages for free. Federal Trade Commission, Mortgage Lead Generator Will Pay $500,000 to Settle FTC Charges That It Deceptively Advertised Mortgage Refinancing (Sept. 12, 2014), https://www.ftc.gov/news-events/press-releases/2014/09/mortgage-lead-generator-will-pay-500000-settle-ftc-charges-it.

[10] Lexology, FTC Focuses on Lead Generation Practices In Higher Education and Ed Tech (Nov. 10, 2015), http://www.lexology.com/library/detail.aspx?g=5bd60940-c267-43f7-98cd-d712704d751b.