Archive for the 'App Law' Category

Unilateral Changes to Online Terms: do they work?

Consumers wonder what exactly has changed when they are confronted with a new set of online terms, in a cloud-based service, website terms or software license. We reviewed this issue in an earlier post, which looked at changes to online terms in the middle of the product lifecycle. Amendments are often introduced due to changes in the law or changes in product functionality.

Instagram amended its terms of use in early 2013. In Rodriguez v. Instagram , CGC-13-532875 (San Francisco Sup. Ct. Feb 28, 2014), a US court reviewed a complaint alleging that Instagram’s new terms consituted a breach of good faith and fair dealing. The court noted that: “The New Terms modified the original terms in three allegedly material respects:

  1. in the Original Terms, Instagram disclaimed any ownership rights in content users post on Instagram, whereas in the New Terms Instagram disclaimed ownership of content users post on Instagram;
  2. in the Original Terms, Instagram was afforded a non-exclusive limited license to use, modify, delete from, add to, publicly perform, publicly display, reproduce, and translate content users posted on Instagram, whereas under the New Terms Instagram has a transferable and sub-licensable license to use the content users post, with the two allegedly material aspects being (i) the addition of sublicensing authority; and (ii) removal of any limitations on the scope of the license; and
  3. the New Terms add a liability waiver.”

The New Terms were structured so that users accepted the terms by continuing to use Instagram after the effective date. A user could decline acceptance by ceasing all use of Instagram. The plaintiff in this case did continue use of Instagram after the New Terms were introduced. This opened up the argument for Instagram that this user consented to be bound by the New Terms. The lack of a click-through was not fatal to Instagram’s case. As a result, this decision seems like a bright spot for cloud service providers and software licensors – after all, it seems to permit unilateral amendment clauses in online terms without forcing users into a mandatory click-through screen. The court also seems to accept that the new terms can apply retroactively to user-generated content that pre-dates the New Terms. However, a note of caution should be sounded for cloud computing providers and software vendors:

  • unilateral amendments to online terms should always be handled carefully;
  • consider in advance whether amendments are permitted under the current terms before imposing new terms;
  • due to the facts of this particular plaintiff, the court did not address the question of what would be done with user content if the user had ceased use of the service – i.e. if the user had not impliedly consented by continued use;
  • consider how to log or track user consent (either active consent or implied “continued-use” consent) by users.

Calgary – 07:00 MDT

International Breach of Copyright

Copyright in Canada is a function of the Copyright Act – without that law, there would be no copyright. How does Canadian copyright law interact with the copyright law in other countries?

In Active Operations Management (AOM) NA Inc. et al v. Reveal Group, 2013 ONSC 8014 (CanLII) (a law-school-exam-question of a case if ever there was one),  the court dealt with a claim by an Ontario company of infringement within Canada of UK copyright, by another Ontario company controlled by an Australian resident, Mr. Crouch.

The claim by AOM reads like a software vendor’s nightmare. AOM is the Canadian distributor of certain software developed in the UK. According to the allegations by AOM, Mr. Crouch copied elements of the software and a business method when he worked for an Australian licensee of the UK software. Mr. Crouch started a company in Canada and then allegedly used that as a vehicle to market a replica version of the UK software and the corresponding method in Canada.  With this (Canadian) copied version of the (UK) software , Mr. Crouch allegedly lured customers away from AOM. AOM filed a lawsuit alleging breach of copyright, misappropriation of trade secrets, interference with contractual relations, unjust enrichment and misappropriation of goodwill.

Remember, AOM was not the owner of the (UK) copyright – it was merely a distributor. The question for the court was whether AOM could maintain a copyright infringement lawsuit in Canada. To complicate matters, the “software” and the “method” were owned by two different (UK) owners. AOM added these owners to the lawsuit, but did not make the specifics clear in their claim.

As the court put it: “Copyright is a very specific right attaching to a ‘work’… Copyright cannot attach to an idea such as a method.  It can of course attach to the manuals or other material in which the method is described.  Similarly with computer software, copyright can attach to source code, to a graphic user interface, to manuals and to other material as defined in the Act.  Copyright cannot attach simply to what a computer program does.  The plaintiff must specify what it is that is covered by copyright and what it alleges has been done that gives rise to the statutory remedies.

The lessons for business?

  • Software vendors from outside Canada should know that, by virtue of international copyright conventions and treaties, international copyright can be enforced under Canadian copyright law;
  • The Canadian Copyright Act permits someone other than the copyright owner to sue for infringement of copyright – as long as that person has appropriate rights (such as a local distributor, as in this case). Here, AOM appeared to have rights to maintain the copyright infringement lawsuit, but did not specify its rights with enough clarity in the claim. Ensure that the chain-of-title is clear in the claim itself;
  • Regarding the additional claims – in particular, the trade-secret misappropriation – the court had this guidance: “It would be ludicrous …to compel a plaintiff to set out a trade secret with precision in the pleading.  To do so would destroy the secret itself. A trade secret is valuable precisely because it is secret.  It may be that information will have to be provided at the production and discovery stage but at that point the proprietor of the secret may seek confidentiality orders and to the extent that those details must be put into evidence may seek a sealing order.”

Calgary – 07:00 MT

Incoming Anti-Spam Software Regulations

Most Canadian businesses will have heard of the incoming Canadian Anti-Spam Law (referred to as CASL, which joins the Canadian pantheon of legislative acronyms like PIPEDA and PIPA). The consent requirements for sending commercial electronic messages (CEMs) is covered elsewhere (See here, and see this upcoming event on March 18 and 20, 2014). Those requirements come into effect July 1, 2014.

The software-related regulations are getting less press. Why? Possibly because CASL is being implemented in phases, and the software-related rules are not expected to be in full force until January 15, 2015. And possibly because the software-related regs are complicated and at times confusing.

This element of CASL is designed to control surreptitious installation of software, particularly “invasive software”. Generally, express, clear consent is required. Installation of invasive software imposes additional requirements. Implied consent (or “deemed express consent”) may be relied upon in other cases:

  • cookies, HTML code, Java scripts;
  • upgrades for telecom network security;
  • “reasonable” installs – where it is reasonable to expect that the user would consent.

Software vendors should take note of these incoming obligations, to assess and plan for any updates that will be required for CASL compliance. Get advice on how these regulations apply to your software products.

Calgary – 07:00 MST

No comments

Google’s Breach of Canadian Privacy Rules

In a recent decision released by the Canadian Privacy Commissioner (PIPEDA Report of Findings #2014-001), the commissioner investigated a complaint that Google pitched ads to an individual based on medical information that he disclosed while surfing various health-related websites. The commissioner’s office took the position that “meaningful consent” is required for the delivery of this kind of targeted advertising. Implied consent might be acceptable in certain circumstances, where the information is limited to “non-sensitive information (which would avoid medical, financial or health information).

In this case, the individual who initiated the complaint was using Google to search for information related to a medical device used to treat a specific medical condition. Google used this sensitive personal health information (as the commissioner described it, the “online activities and viewing history of health related websites”) to target ads to that individual. When Google relied on implied consent for the use of this sensitive personal health information, it contravened Principles 4.3 and 4.3.6 of the Act. Express consent is required for use of this kind of sensitive personal information.

Calgary – 07:00 MST

No comments

App Developer Wins in SCRABBLE Battle

01-players-required-for-scramble-with-friends-large.PNGZynga, the world’s largest app-developer has scored a win against the owner of the SCRABBLE brand. This case brings up several interesting points about international trade-mark protection in the era of apps.

The well known SCRABBLE® brand is a registered trade-mark owned by different owners in different parts of the world. Hasbro Inc. owns the intellectual property rights in the U.S.A and Canada. In the rest of the world, the brand is owned by J.W. Spear & Sons Limited, a subsidiary of Mattel Inc. Mattel is not affiliated with Hasbro – in fact, the two companies are long-time rivals.

In JW Spear v. Zynga, a UK court has decided that the use of the SCRAMBLE brand by Zynga for its word-based app game does not infringe the SCRABBLE trade-mark in the UK, nor does it constitute passing-off. However, the court did consider Zynga’s SCRAMBLE logo design (above left) to constitute an infringement, since the stylized M appears at first glance to resemble a letter B. A few interesting points on this long-running battle:

  • As we’ve seen in other IP disputes covered by ipblog, this litigation is part of a wider dispute in multiple jurisdictions, including France and Germany.
  • Mattel was chastised by the court for its delay in responding to Zynga’s earlier use of the SCRAMBLE mark, in late 2007. This delay influenced the court’s conclusion that Mattel did not truly perceive SCRAMBLE to be a threat to the SCRABBLE mark. This in turn influenced the court’s opinion that the public would not be confused by the use of the 2 marks.
  • Mattel’s delay was likely caused by the efforts of the parties to negotiate a license agreement to produce a physical board-game version of the SCRAMBLE app.  The litigation followed a break-down in negotiations, when Zynga concluded a deal with Mattel’s rival Hasbro.

Calgary – 07:00 MST

No comments

Who is Liable: App Stores or App Developers?

The app economy is, by most estimates, equivalent in size to the GDP of a small country: $15 billion in 2012, projected to mushroom to $74 billion by 2016. All that economic activity inevitably breeds litigation. In what appears to be a case of first impression in the US, a federal court looked at the issue of whether the app store is liable for the apps it distributes, or the app developer.

The case of Evans v. Hewlett-Packard Co., 2013 WL 4426359 (N.D. Cal. Aug. 15, 2013), the court looked at the liability of Hewlett-Packard for a third-party app which allegedly infringed trade-mark rights.

This case hinges on an interpretation of Section 230 of the Communications Decency Act (47 U.S.C. §230), 1996 legislation which provides immunity for providers of an “interactive computer service”, such as ISPs and website operators. The court decided that HP, as the operator of the app store, does qualify for immunity under this legislation, putting the app store into the same category as ISPs.

Remember, the Communications Decency Act  is US legislation, not Canadian. However, Canadian app developers should take note of this decision, as most Canadian developers seek to market and sell their apps in the US.

Other app case are pending, such as this claim (Pirozzi v. Apple, Inc., 12-cv-01529-JST (N.D. Cal. Aug. 3, 2013)) which is proceeding against Apple, for violation of privacy rights. Stay tuned.

Calgary – 07:00 MDT

No comments

Canadian Privacy Law Update

The club of Canadian provinces with private-sector privacy legislation welcomes a new member this year: Manitoba has passed the The Personal Information Protection and Identity Theft Prevention Act (PIPITPA), joining B.C., Alberta and Quebec. In other provinces, the federal Personal Information Protection and Electronic Documents Act governs private sector privacy. Of course, most provinces have enacted some form of public sector privacy law, and many also have health-information laws. The Manitoba private-sector law follows the consent-based privacy regime of other Canadian provinces.

This law has yet to be proclaimed into law. Stay tuned.

Calgary – 07:00 MDT

No comments

Click Here to Transfer Copyright

When you upload your pictures to a website, you might click through some terms of use…Did you just transfer ownership of the copyright in your pictures?

In a recent US case (Metropolitan Regional Information Systems, Inc. v. American Home Realty Network, Inc., No. 12-2102, Fourth Circuit Court of Appeals) the court dealt with a copyright infringement claim over photos uploaded to a real estate website. Users were required to click-through the website terms of use (TOU) prior to uploading, and those terms clearly indicated that copyright in the images was transferred to the website owner.

In the course of the infringement lawsuit, this was challenged, so the court had to squarely address the question of whether copyright can be validly transferred via online terms. “The issue we must yet resolve,” said the Court, “is whether a subscriber, who ‘clicks yes’ in response to MRIS’s electronic TOU prior to uploading copyrighted photographs, has signed a written transfer of the exclusive rights of copyright ownership in those photographs consistent with” the Copyrght Act.

In Canada, the equivalent section of the Act says “The owner of the copyright in any work may assign the right, either wholly or partially …but no assignment or grant is valid unless it is in writing signed by the owner of the right…”.

The Court in the Metropolitan Regional case decided that yes, an electronic agreement in this case was effective to transfer copyright for the purposes of the Copyright Act.

Calgary – 07:00 MDT

No comments

Social Media Law: Copyright

As a follow-up to our earlier post about Revoking an “Implied” Software License, this interesting US case (Davis v. Tampa Bay Arena Ltd.) deals with the use of photographs on Facebook postings. A freelance photographer, Davis, worked for the Tampa Bay Arena, taking photos for various events. The photographer and arena had a verbal agreement since 1996, and then a written agreement since 2000. The written agreement stated that the arena had “rights to reproduce images for newsletter, advertising, display prints, broadcast, and the [Forum] web site.” The agreement was also clear that Davis retained copyright in the images.

That was the language dating from 2000. Fast forward 10 years, and the arena started posting Davis’s photos to its Facebook page, something not contemplated in the scope of the original agreement. However, for months Davis permitted the images to be posted, and even set up a upload site to allow the arena’s marketing department to easily resize images for the Facebook page. By this course of conduct and the email record, the court found that Davis granted an implied nonexclusive license to the arena to make use of the images in this way. Davis countered by saying that if an implied license was granted, it was only granted with certain strings attached – conditions regarding additional payment that were never met. Because these conditions were not met, the use of the photographs was unauthorized, giving rise to a copyright infringement claim.

The court disagreed. On the copyright claim, the court decided that “even assuming that Davis attached conditions to the Forum’s use of his images on Facebook, the record is clear that these conditions were covenants, not conditions precedent to the granting of the implied license. Accordingly, any breach on the Forum’s part of these covenants provides Davis with a breach of contract claim against the Forum, not a copyright infringement claim.” (Emphasis added.)

Lessons?

  • A chain of emails can easily establish a contract, such as the implied copyright license in this case;
  • For any license – particularly copyright, media or trade-mark licenses – check the original terms of the license. Social media can cause problems when its use is unauthorized by the scope of the original license, even though it seems like a natural extension of what is authorized within the scope of the original license.

Related Reading: Click & Copy: Breach of Online License Agreements & Copyright Infringement

Calgary – 07:00 MDT

No comments

Terms and Conditions May Apply

capture1.JPGThe criminal defence lawyers have their TV shows and movies. What about those humble lawyers who draft online agreements and terms of use all day long? It’s not every day that this kind of legal fine print gets time on the silver screen. Check out this documentary Terms and Conditions May Apply.

Playing next weekend at the Vancouver International Film Festival and Hot Docs Canadian International Documentary Festival.

Calgary – 07:00 MDT

No comments

New Alberta Privacy Decision: Cloud Providers Take Note

Consider this: A service organization we’ll call CloudCo collects and compiles personal information from its corporate customer. The individual whose personal information is being collected has a relationship directly with the corporate customer, but not with CloudCo. The personal information has been shared with CloudCo without the individual’s knowledge or consent. Sound familiar?

Many cloud service providers host personal information without any direct relationship with the individual. Maybe they rely on assurances from their own customer. Or they may simply collect personal information without thinking through the privacy implications. 

This recent decision of the Information & Privacy Commissioner of Alberta (Professional Drivers Bureau of Canada Inc. Case File Number P1884) deals with the collection of personal information of truck drivers by a private service company, called the “Professional Drivers Bureau”. This company collected personal information about drivers from trucking companies, created a database of information, and then offered a search service, by which trucking companies paid a fee for a report on the driver. In that report, the personal information about the driver was disclosed to the trucking company. The personal information was gleaned and compiled into a database over a long period of time, and it became clear during the Commissioner’s investigation that the individuals never consented to this collection, use and disclosure. The Commissioner ultimately decided that the “Professional Drivers Bureau” was in breach of Alberta privacy laws because it never obtained consent directly from the individual truck drivers.

What can other service companies – including cloud service providers – take away from this case?

  • Cloud service providers should consider if they are “collecting” any personal information themselves, or merely providing a service which allows their customer to store information in the cloud. When a service provider collects personal information, it must obtain consent. In this case, the service provider did not provide any notice to the individual of its collection of her personal information, did not indicate its purposes, did not provide the name of someone who could answer her questions. It apparently did not inform the trucking companies about its purposes in collecting the personal information. All of this was in contravention of privacy laws.
  • If a service provider is merely providing space on a server, the terms of service should address privacy issues, and make it clear that no personal information is collected, used or disclosed by the cloud provider. 
  • Termination issues should also be addressed in the agreement. What happens to that data when the service relationship ends?
  • Consider the position of the trucking company: in this case, the trucking company shared personal information about individuals with the “Bureau”. When personal information is disclosed in such a way, the trucking company should be asking: Was this disclosure authorized by the individual? What is the purpose of the disclosure? What contractual restrictions are placed on the recipient, to ensure that the personal information is used in accordance with the consent from the individual. In the cloud context, this means contractual terms that directly address the privacy issues.
  • Get privacy advice when entering into cloud-based service agreements.

Calgary – 11:00 MDT

No comments

Software Licenses and Indemnities

– 

License agreements often contain indemnities. An indemnity is a contractual obligation to step in and reimburse some financial obligation such as a liability, loss, or damage. In essence, the party giving the indemnity will make the injured party “whole” by recompensing losses and expenses.

The court in Coastal Contacts Inc. v. Elastic Path Software Inc., 2013 BCSC 133 reviewed the meaning and scope of an indemnity for intellectual property infringement, which is a common clause in many intellectual property (IP) license agreements. This is what’s known as an IP indemnity clause. What obligations does a software vendor take on, when they give an IP indemnity? For the full article, click here: Software Licenses and Indemnities: What Obligations Are You Taking On?

Calgary – 11:00

No comments

Terms of Service and Deceased User’s Account

When a user dies, who owns the contents of that user’s account?

In Ajemian v. Yahoo Inc.  (May 7, 2013), a Massachusetts court considered this question. Two brothers, who administered their brother John’s estate, brought a lawsuit against Yahoo for access to email messages of their deceased brother, and a declaration that the email account was property of John’s estate. The court considered the Yahoo Terms of Service, which included this clause: “You agree that your Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.

The court looked at the central question of whether these terms – in particular, this “No Right of Survivorship and Non-Transferability” clause described above – was reasonably communicated to the user. The terms were amended before the time of death but the evidence was unclear on whether the deceased user had assented to this particular amendment. Because of the weak evidence on this point, the court decided that Yahoo could not rely on the forum selection clause which would have deflected the case to California.

The court took the view that the deceased user was a Massachusetts resident and courts in that state had a strong interest in the outcome of the case as it related to the assets of a deceased resident, as opposed to the nature of Yahoo’s services. The ultimate decision was remanded to the lower court, but we can take away a few important lessons:

  1. The method of implementing Terms of Use and (just as important) amendments to those terms should be carefully reviewed by any Canadian company conducting business online. This includes everything from an email service like Yahoo, to cloud-computing service providers, online retailers, ebook sellers and software vendors.
  2. Corporate accounts may not impacted by the death of a user, but anyone making consumer sales should review their online terms to address survivorship issues. And there are many cases where even a “corporate” user is signing up as an individual, without any clarity on what happens to that account as an “asset” of the business after death.

Get advice from our licensing and internet law experts in this complex area.

Related Reading: Is There Life After Death for Your Digital Assets?

Calgary – 07:00 MDT

No comments

Canadian Online Business Take Note: Internet Tax Case

“The world has changed dramatically in the last two decades… An entity may now have a profound impact upon a foreign jurisdiction solely through its virtual projection via the Internet.”

This statement from the New York Court of Appeals in the recent decision in Overstock v. New York Taxation and Finance (PDF) paved the way for an interesting conclusion on the taxing power of New York State – and by extension, the sales tax that may be applied to many online sales, including sales by Canadian online business into the US market.

Traditionally, a state’s taxing authority was based on “economic activities” by the seller, for example, through its employees or sales agents in that state. The question faced by the court in this case was whether click-through links on a “local website” (that is, a website owned by a local state owner) would qualify to establish “economic activities” in that state. For example, a link to Amazon from a local New York State website has the effect of driving sales to Amazon. The court decided that by compensating the local New York State website owner who has signed-on to an affiliate agreement, Amazon is deemed to have established an “in-state sales force”.  The site which hosts the link is paid a commission, flat fee or price-per-click, and this was considered enough to create a “substantial nexus” to the state. Passive advertisements, by contrast, would not by themselves create a substantial nexus.

It is not clear whether Overstock.com and Amazon will appeal the decision.

In other news, the U.S. Senate voted 74-20 to put The Marketplace Fairness Act of 2013 to a final vote, an Act which would allow states to collect online sales taxes. The OECD is also preparing guidelines on how to handle international value-added taxes, to deal with the current “uncertainty and risks of double taxation and unintended non-taxation”. The 2013 draft of the OECD Guidelines derives from the “neutrality” principle (the notion that value-added tax is a tax on final consumption that should be neutral for business), and the so-called “destination” principle (that tax should be paid in the jurisdiction of consumption).

In the meantime, Canadian online retailers selling into the US marketplace should consider reviewing their affiliate click-through agreements and assess sales-tax collection policies with tax advisors.

Related Reading: New York’s Highest Court Affirms Constitutionality of Click-Through Nexus

Calgary- 07:00 MDT

No comments

Breach of Privacy in the Cloud (Canada)

When a cloud privacy breach occurs in Canada, what happens? In some cases, businesses are subject to mandatory breach notification requirements. This means that a privacy breach – whether as a result of a hacker, a lost USB or some other human error – must by law be reported to the commissioner and to affected individuals. Ontario has implemented mandatory breach notification under its Personal Health Information Protection Act. In Alberta, organizations subject to the Personal Information Protection Act (PIPA) are required to report a breach to the commissioner “without unreasonable delay” where a “reasonable person would consider that there exists a real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure”.

The “real risk of significant harm” requires some analysis in the event of a breach and the Alberta commissioner’s Mandatory Breach Reporting Tool (PDF) has been released recently, to assist organizations determine if they are required to report a breach under section 34.1 of PIPA. This area of law may be changing further: a private members bill  was recently introduced in Parliament to implement mandatory data breach reporting in the federal personal information protection law.

Here’s a recent case that illustrates the pitfalls of a cloud privacy breach in Canada:

  • In the recently released decision relating to WhatsApp (Report of Findings: Investigation into the personal information handling practices of WhatsApp Inc.), the Canadian and Dutch privacy authorities investigated WhatsApp Inc. a US company operating “WhatsApp Messenger”, a cloud-based cross-platform mobile messaging app allowing the exchange of messages for iOS, BlackBerry, and Android platforms.
  • The Commissioner launched an exhaustive review of the privacy aspects of the service after complaints regarding WhatsApp’s information-handling procedures, including the collection of more information than was necessary, the potential for privacy breach, the lack of encryption.
  • While the story generated damaging headlines, WhatsApp did work with the Commissioner to resolve many of the privacy concerns.
  • This investigation also shows the extent to which international privacy watchdogs will work together to launch an investigation that concerns personal information that crosses international borders.

The privacy lessons are clear: get advice on privacy implications of the cloud-based service, and don’t underestimate the importance of well-drafted privacy policies and user terms. Cloud service providers should also take time to understand the breach notification protocols that would apply in the event of a privacy breach.

    Calgary – 07:00 MDT
No comments

Software Patents in Canada: New Guidelines Released

The Canadian Intellectual Property Office has released guidance on “Computer-Implemented Inventions” as planned, in the wake of the Federal Court of Appeal decision in Amazon.  While “software” is technically not patentable, a “computer-implemented invention” is.  Such an invention could fall into one of several categories: a method (art, process or method of manufacture), machine (generally, a device that relies on a computer for its operation), or product (an article of manufacture). As before, computer programs, data structures and computer-generated signals alone are not patent-eligible.

Calgary – 07:00 MDT

 

No comments

Breach of Privacy in the Cloud (U.S.)

In 2012, LinkedIn made headlines as a result of a significant data breach. The passwords and email addresses of over 6 million LinkedIn users were hacked and posted online. Encryption and security was improved by LinkedIn in the wake of this breach. A class action lawsuit was commenced in the United States based on claims by LinkedIn “premium” users (who paid a monthly or yearly fee for upgraded services). The claim relied on an alleged breach of the terms of LinkedIn’s privacy policy which included fairly standard language about protection of personal information “with industry standard protocols and technology.” In the decision In re LinkedIn User Privacy Litigation , 2013 WL 844291 (N.D. Cal. Mar. 5, 2013), a US court has shut down the claim, deciding the plaintiffs lack standing. The claims were based on a “benefit of the bargain” concept – an argument that the claimants were allegedly entitled to security as paying customers and LinkedIn breached this promise.

The court rejected the claims since there was no indication that the extra service paid for by premium users included enhanced security or encryption, since “paid” users and “free” users received the same level of security. It is clear that claims based on breach of privacy will face a uphill battle in the US, and this decision together with the decision in last year’s iPhone class action claim demonstrate the complexities and difficulties of this class of claims.

Calgary – 7:00 MDT

No comments

API Copyright Update: Oracle & Google …and Harry Potter

Are APIs protected by copyright?photo.jpg

In the long-running litigation (and hey, is there any litigation that isn’t “long-running”?) between Oracle and Google, a US court decided in 2012 that APIs in this case were not eligible for copyright protection. See our earlier post. This meant a complete loss for Oracle in its lawsuit against Google for infringement of the Java APIs used in Google’s Android software.

Copyright protects only original expression. Applied to software code (including API protocols), the law of copyright tells us that certain elements are not protectable by copyright since they lack originality. The US trial level decision in Oracle vs. Google has been appealed and the parties are now filing briefs in the US Federal Court of Appeals (a copy of Oracle’s brief is here). The briefs make fascinating reading for those interested in the finer points of copyright law and the history of the Java programming.

Oracle’s brief opens by sketching a scene: “Ann Droid wants to publish a bestseller. So she sits down with an advance copy of Harry Potter and the Order of the Phoenix  —the fifth book—and proceeds to transcribe. She verbatim copies all the chapter titles—from Chapter 1 (“Dudley Demented”) to Chapter 38 (“The Second War Begins”). She copies verbatim the topic sentences of each paragraph, starting from the first (highly descriptive) one and continuing, in order, to the last, simple one (“Harry nodded.”). She then paraphrases the rest of each paragraph. She rushes the competing version to press before the original under the title: Ann Droid’s Harry Potter 5.0. The knockoff flies off the shelves.”

Does this constitute copyright infringement?

One of the big issues on appeal will be whether the appeals court accepts the notion that copyright infringement can occur without any actual direct copying of code. This is the so-called SSO argument – that the “structure, sequence and organization” of the software can attract copyright protection, regardless of whether specific code is cut-and-paste. As illustrated in the Harry Potter example above.

Stay tuned. This is one to watch in 2013.

Calgary – 07:00 MST

Photo credit: Google, Inc.

1 comment

Social Media Law (Part 2: Twitter & Copyright)

Here is the next case that illustrates the potential pitfalls when dealing with social media:

This recent US copyright decision involving Agence France Presse (AFP) and photographer Daniel Morel dealt with the rights of a news publisher to publish images posted to Twitter.

Mr. Morel is a photojournalist who took a number of images of the 2010 earthquake in Haiti. He then posted those images to Twitter. Those images were picked up by AFP who “licensed” the images on to Getty Images.

When Morel complained, steps were taken to have the images removed from the AFP / Getty system. But through series of mixups (of the kind that would be familiar to anyone dealing with information technology and complex organizations such as AFP and Getty Images), the pictures were not removed and were picked up and published by The Washington Post under their agreement with AFP/Getty.

The court ultimately had to decide whether Mr. Morel – the photographer – had granted a kind of license to AFP by posting his images to Twitter. This required an analysis of the Twitter Terms of Service. The court decided no, the Twitter Terms of Service do not grant such a license. The court stated that “even if some re-uses of content posted on Twitter may be permissible, this does not necessarily require a general license to use this content as AFP has.” Put another way, a copyright owner who posts content to Twitter is clearly giving up some rights to that content – the right, for example, to re-tweet, which is a fundamental part of Twitter and is contemplated (even encouraged) by Twitter’s Terms of Service. However, merely by posting to Twitter, that copyright owner is not giving others an unrestrained right or license to remove the content, copy it and redistribute it commercially.

The court says “…the Twitter TOS were not intended to confer a benefit on the world-at-large to remove content from Twitter and commercially distribute it…” This is an important reminder.

In the final analysis (and that is 58 pages of analysis if you want to read the judgement) AFP and The Washington Post were liable for copyright infringement for use of Morel’s images.

Lessons for business:

    • This case confirms that any re-use of content from Twitter – and by extension, other social media streams – should be handled carefully.
    • Re-tweets are clearly contemplated as being within the scope of permitted uses, but copying and republishing for commercial purposes clearly is not.
    • Many situations will fall somewhere in the middle between those two ends of the spectrum. Before using or re-using content for commercial purposes, take time to review the specific situation, including the applicable social media terms of service. Before posting your own content to Twitter, be aware that the Twitter terms do contemplate certain re-uses (the scope of which is difficult to define precisely). Once it’s posted, it’s hard to stuff the genie back in the bottle

The case is Agence France Presse v. Morel.

Calgary – 07:00 MST

No comments

Social Media Law (Part 1: The Rogue Employee)

images.jpgSocial media law was not a topic on offer when I went to law school. Now, it’s a subject that’s hard to avoid for any business that has a consumer-facing social media presence. Here are two recent cases that illustrate the potential pitfalls as this area of law becomes more complex and more interesting:

Last week, HMV’s Twitter feed was hijacked by an employee who live-tweeted employee terminations from the company’s official Twitter account. Perhaps “hijacked” isn’t the right word, since the employee apparently had access to the account as part of her employment duties, though that position likely did not involve posting descriptions of firings as “Mass execution of loyal employees”. The next day the ex-employee (“Poppy Rose”) helpfully tweeted a reminder to the company that “you need to go to ‘settings’ and revoke my account access as an admin“. The lessons for business?

    • Many companies are slow to grasp the power of social media. Don’t underestimate the viral nature – both good and bad – of this tool. Though the offending tweets were deleted by the company, this became a national story within a few minutes. From the company’s perspective, it required careful handling to avoid any brand damage.
    • This highlights the need for a Social Media Policy for employees, to deal with the legal pitfalls of social media and particularly those employees who are engaged directly in social media sphere on behalf of the company. The ownership and control of corproate social media accounts is a simple but important element of such a policy.

Related Reading: Who Owns Social Media Contacts: Employers or Employees?

Calgary – 07:00 MST

No comments

« Previous PageNext Page »