`

Apps are not just for Angry Birds anymore. The licensing of mobile apps is becoming more common for business-to-business software vendors who are extending the reach of their enterprise applications to take advantage of opportunities in mobile and cloud computing. If you are a vendor of enterprise software and you want to add mobile functionality, here are a few of the most important legal issues to consider:

1. Check the EULA:

Compared to the full suite of desktop functionality, the mobile app may represent a small piece of your overall software product. But even a mobile app needs an end-user license agreement (EULA). Cloud computing service providers may have service terms that are designed for web access to their software, and they may not perceive the need for a “traditional” EULA, but in the case of a mobile app, remember that this is a “traditional” license where a copy of the application resides on the user’s device and system. So point number 1 is to check the EULA.

Software vendors should understand that apps launched on the iOS platform will come with a “ready-made” EULA courtesy of Apple. Other platforms will come with other license terms. Software vendors should consider developing a custom EULA if there are good reasons for doing so after a risk assessment. A few other points to note: If you prepare your own EULA on the iOS platform, take note of Apple’s “mandatory terms” that must be included in every license. Under the Android Market Developer Distribution Agreement, the default terms grant a “non-exclusive, worldwide, and perpetual license”. If you don’t want to grant such a broad license, then consider a custom-made EULA.

2. Review Privacy:

App developers should get legal advice on privacy issues. The privacy problem with apps has been percolating for some time and several high-profile reports have brought attention to this issue. In several cases, app developers have (intentionally or otherwise) harvested private details about app users by dipping into address books and location-data. In Canada, the privacy landscape is complex, but is underpinned by private-sector privacy laws that apply to “personal information” across all industries, at both the federal and provincial level.

In the US, the California Attorney General recently entered into an agreement with mobile app platform vendors – Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion – to improve privacy protections for app users. This arrangement implements certain “privacy principles” and requires app developers to have a privacy policy, something that would bring app developers in line with Canadian law. If you don’t have a privacy policy, then consider developing one along with the launch of your mobile app. It can be a useful exercise to determine what information is being collected, from whom, for what purpose.

3. Check the Data:

Ownership and control of data is a critical issue for end-users. In the case of mobile apps that are an add-on for broader enterprise or cloud-based software offerings, the data issue is even more complicated. Who owns it? Who is responsible for it? Where does the data reside? On the device, on customer’s server, on the vendor’s server, or with a third-party host in the cloud? These issues can be addressed within the app EULA, or it may be possible to cover them within the EULA for the enterprise software application. Data escrow may also be appropriate in some cases.

4. Distribution:

Consider where and how the mobile app will be distributed? For example, in some cases, mobile apps can be contained within a “closed” system, which permits distribution within a company. However, if you are a vendor wishing to distribute your mobile app to all of your customers, the easiest method of distribution may be, for example, through Apple’s App Store. This means the app will be available to users in over 60 jurisdictions around the world. Consider the jurisdictional issues – for example, one app developer realized that its marketing materials offended advertising rules of the Federal Trade Commission in the United States, which triggered an FTC complaint and ultimately a fine.

5. Integration:

It goes without saying that your mobile app should be integrated with the other services or software products (whether these are desktop, virtualised or web-based services). But consider this both from a technical perspective as well as a legal perspective. Does the app EULA dovetail with the EULA for your enterprise software applications? What promises, warranties or limitations are available under each document? Does one agreement pick “Alberta law” while the other one falls under “California law”? Consider the situation where the enterprise EULA makes promises or guarantees that user-generated data will be archived by the licensor and provided in a particular format to the customer on request. If that data is collected through the mobile app, and resides on devices of users, then this promise may be difficult or impossible to perform.

6. Brands and Trade-marks:

Lastly, the marketing of mobile apps deserves particular attention. You may have secured trade-mark rights for your enterprise software, but you should also consider trade-mark rights for the app itself. Apple’s App Store is still something of a wild-west when it comes to trade-mark rights. Consider treating the mobile app just like you would any other product – branding and brand protection should be considered in the most important jurisdictions where your customers will be downloading and using the app.

This article was initially published on Corporate LiveWire.

Calgary – 07:00 MDT

For copyright fans, today kicks off a frenzy of reading Supreme Court decisions. Judgments in the 5 copyright cases which were heard last December were released today:

1. ESAC v. SOCAN
2. Rogers v. SOCAN
3. SOCAN v. Bell
4. Alberta v. Access Copyright
5. Re:Sound

IPOsgoode’s exellent summary appears here. Michael Geist’s review appears here. Further coverage to follow.

Calgary – 07:00 MDT

.

Bill C-11, the long-awaited and long-debated Copyright Modernization Act has received Royal Assent… but is not yet in force. For an overview of the Act, see the government’s legislative summary.

Calgary – 11:00 MDT

It is a fundamental feature of copyright law that it protects only original expression, not ideas. Applied to software, the law of copyright tells us that certain elements of a computer program are not protectable by copyright. For example, purely functional elements such as the structure of a library, or database, or elements dictated by the operating system, can fall outside the scope of copyright protection, since those elements lack the originality necessary for copyright.

In Tetris Holding LLC v. Xio Interactive, Inc., an app developer was found to have infringed copyright in the famous Tetris game.  The puzzle game Mino was, by the defendant’s own admission, inspired by Tetris. However, the defendant maintained that it only copied unprotected elements, a conclusion that the developer reached after researching copyright law. The court did not agree. After an exhaustive review of the idea-expression dichotomy (40-pages worth of anaylsis, if you want to read more), the court decided that Mino did infringe the protectable “look and feel” of Tetris. According to this case, you shouldn’t assume that expression is unprotectible merely because it is related to a game rule or game function.

UPDATE: In the Oracle v Google case (see our earlier coverage here), the judge decided that APIs in this case were not eligible for copyright protection. This amounts to a complete loss for Oracle in its suit against Google for infringement of the Java APIs used in Google’s Android software. This case is expected to go up to appeal.

Calgary – 07:00 MDT

.

The House of Commons has now passed Bill C-11, An Act to Amend the Copyright Act, with only minor amendments at the committee stage. The Bill has been sent up to the Senate where it has passed First Reading. Second Reading could commence as soon as today.

After years of ponderous debate, this quick pace suggests the Bill will progress through the Senate efficiently. However, the Senate rises for the summer at the end of June, leaving little more than a week to push the legislation through. If the Bill does not become law by the end of June, then it will be pushed into the fall calendar. The Senate returns from the summer recess on September 17th … (wish we were all so lucky).

Stay tuned.

Calgary – 2:00 MDT

.

A California court has approved a nationwide class action lawsuit against Apple, based on claims that the device has tracked user location and movements without their consent. This is the same claim that was dismissed once, with leave to amend (see App Law: Update on Privacy). The plaintiffs amended and came back for round two. In a partial win for Apple, the privacy claims were dismissed. However, the remainder of the claims have been permitted to proceed. Apple’s defence is that its terms of service and user agreements will provide cover. The court has indicated that there is some ambiguity about whether the terms cover the scope of information that was collected.

For Apple’s lawyers, this is not a new phenomenon. These lawsuits are also in the works:

• A class action lawsuit related to iPods;
• Customers are trying to get a class-action for iTunes refunds;
• A class action based on false-advertising claims related to Siri.

However, the user-tracking lawsuit looks like the most interesting of the bunch, and may put Apple’s app store terms and conditions to the test.

Calgary – 07:00 MDT

.

ICANN has revealed the applicants for new generic top-level-domains (gTLDs). (See our earlier post: Let a Thousand .Flowers Bloom? Update on New gTLDs ) This is the list of companies and organizations that want to run their own domain registry, though the new domains have not yet been approved by ICANN. Some points to note:

• Many of the applicants will walk away empty-handed. For example, there are 12 applications for the .APP domain, and only one one of them will be awarded the right to establish that domain.
• A number of global trade-mark owners have staked their claim in this new space – for example, the owners of the APPLE, AUDI, FORD and AMERICAN EXPRESS brands have each applied to establish these brands as gTLDs.
• Yes, someone has applied to establish .FLOWERS, as predicted in our earlier post… there are four applications for this domain.
• Some brand owners have elected to go with generic applications – for example, both Safeway and Walmart applied for .GROCERY
• Internationalized domains are part of the list, including 삼성 (That’s SAMSUNG in Korean).
• Google appears to be among the most enthusiastic applicants. They established a separate company – Charleston Road Registry Inc. – to apply for more than 100 top-level-domains.

ICANN is pitching this as “The day it all becomes clear”, but the process is far from it. An “objection period” for new gTLDs now begins and ICANN states that this period “is intended to remain open for approximately seven months”. Not exactly clear. The proposed “Trademark Clearinghouse” is also not yet established, though this will be critical for brand owners to manage rights protection issues when the new registries are launched. Stay tuned.

Calgary – 11:00 MDT
No comments

.

In the copyright and patent infringement lawsuit between Oracle and Google (we posted on the copyright aspects here: Copyright Protection for APIs and SDKs and APIs: Do they have copyright protection?), a decision was reached last week by the jury on the patent side of the claim. The jury has determined that Google did not infringe the two patents that Oracle held for its Java system. This leaves the Oracle case in tatters, with no real prospect of meaningful damages, even in light of an earlier finding that Google infringed Oracle’s copyright in the Java APIs. The copyright side of the claim is still muddled – the judge has not yet decided the issue of whether APIs can be the subject of copyright protection, and the jury failed to agree on whether Google had a “fair use” defence to the copyright infringement that did take place… assuming that APIs can enjoy copyright that is capable of being infringed.

Still with me? We might expect some clarity on the copyright issue if the judge issues a determination on copyrightability. What’s more likely is that the patent decision is appealed and the copyright decision is sent back down for a retrial, leaving the entire issue unresolved.

Calgary – 07:00 MDT

.

This month marks the 25th year of operations for the .CA domain, Canada’s country-code top-level domain (ccTLD). It was originally allocated to John Demco, an employee of UBC, who operated the domain on a volunteer basis between 1987 and 2000, when it was formally transferred to CIRA (the Canadian Internet Registration Authority). I still recall the days when the mentality around domain name disputes was quite simple – someone knew someone who knew Jon Postel, who could simply reallocate the nameservers. Today, .CA disputes are resolved through formal arbitration under the CDRP – the CIRA Domain Name Dispute Resolution Policy, version 1.3 which came into effect August 22, 2011. A few recent decisions:

• Transfer Granted: In Oakley Inc. v. Zhou Yayang, the famous manufacturer of sunglasses and sportswear claimed rights in the domain name DISCOUNT-OAKLEYSUNGLASSES-SALE.CA. This case was a classic “squatter” case which featured a registrant who filed no defence. Evidence that the domain was being used to sell Oakley products outside of Oakley’s distribution chain. A long line of decisions was cited to support Oakley’s win, and the domain name was ordered to be transferred.
• Claim Dismissed: In Ebates Canada Inc. v. Cranhill & Co., there was a dispute about the EBATES.CA domain name. Ebates Canada claimed that it was the exclusive Canadian licensee of the trade-mark EBATES, a mark which is the subject of two competing trade-mark applications in the Canadian trade-marks office. Cranhill, the registrant, argued that it enjoyed earlier use of the name EBATES dating back to 1994 and had rights in 2000, the year the domain name was registered. In deciding to dismiss the complaint, the panelists noted that the claimant Ebates Canada Inc. was not incorporated until 2011. It did not exist in 2000 and could not have had any rights at the time the domain name was registered.

What’s the overall chance of success? If recent statistics are any guide, decisions are most often rendered in favour of applicants. There have been 51 decisions in 2010, 2011 and 2012 (to date) and of those decisions, roughly 80% of decisions have resulted in a transfer; in about 20% of the cases, the claim was dismissed. That may reflect the fact that applicants will only pursue a remedy through the CDRP when they have a strong case. In about 64% of the cases, a single arbitrator was used, as opposed to a panel of 3 decison-makers. Interestingly, of the cases in which the claim was dismissed, the majority (72%) were decided by a 3-member panel.

Calgary – 07:00 MDT

 

As a follow-up to our earlier article (SDKs and APIs: Do they have copyright protection?), the jury in the Oracle v. Google lawsuit issued a decision last week that Google’s Android software infringed copyright in the overall structure, sequence and organization of Oracle’s Java code. However, the jury failed to return a decision on Google’s “fair use” defence. Oracle’s main complaint was that Google’s Android software used Java code – in particular, 37 Java APIs (application programming interfaces) – that was not properly licensed from Oracle. Google has maintained that the use of any Java APIs in Android is protected by a “fair use” defence.

You’d think a jury decision would be a step forward. However, the issue of copyright protection of APIs remains unsettled, since the jury merely assumed copyright protection for the purposes of this issue, without a clear decision by the court on that point. The failure to decide on the “fair use” defence also leaves the issue open. The jury was deadlocked on that question, potentially leading to a mistrial. Indeed, Google filed for a new trial last week.

This jury decision is really just a way-station on the road… a very long road. The next phase of the lawsuit will deal with Oracle’s patent infringement claims; which will be followed by a further hearing to determine any damages. Stay tuned.

Related Reading: Copyrightability of Java APIs would be consistent with law and practice, not a ‘substantial departure’ for industry (FOSS Patents)

Calgary – 07:00

 

You may recall our earlier posts describing the gTLD process (see: The New gTLDs: Who, What and When). 

ICANN‘s process introduces new generic Top-Level-Domains (or gTLDs), expanding the domain name system from the current familar strings such as .com, .net and .ca, etc. to who knows what… .flowers, .lawyers or .anything. The application period was due to close on April 12, 2012. May 1, 2012 was slated as “Reveal Day”, when the applicants and their proposed TLDs were to be published. So far, some 2,091 applications along with USD$350 million in application fees have been submitted to ICANN. The May 1st deadline has passed without the publication of the application information, because ICANN has suffered a “software glitch” which must be resolved before the application period can be reopened and finalized.  

Once that is complete, ICANN will publish the names of applicants and their proposed TLDs. This triggers a seven-month objection period, during which rightsholders can file a complaint. A recent article from Managing Intellectual Property reports that the “Trademark Clearinghouse” is also behind schedule.

Even if half of the applications are approved, that means the introduction of a thousand new generic Top-Level-Domains. Trade-mark owners, brace yourselves.

Related reading: Lawyers Weekly: Domain Name Article

Calgary – 07:00 MDT

 

Virtual desktops running on the cloud (Desktop-as-a-Service or DaaS, if you need another acronym) have delivered desktop-style computing to mobile devices such as iPads and Android tablets. This is a way to remotely access the full functionality of a desktop (such as track-changes in MS Word, which is currently impossible on an iPad). This is the subject of a recent spat between OnLive, tuCloud and Microsoft. This dispute – a dramatic one in which tuCloud openly dared Microsoft to sue it – has focussed attention on the fine-print in Microsoft’s licensing regime under its Service Provider License Agreement. In a broader sense, it impacts any virtualization. When can a licensee of software deliver virtual access to multiple instances of that software, and how does the software vendor control such access? 

This dispute is one which will be watched closely as it develops. Software vendors should review their terms and their licensing models to ensure that they have contractual terms that match the current virtualization risks and opportunities that come with DaaS. 

For a related event, please join us for “Software Licensing: The Good, The Bad, and The Virtual“ on May 31, 2012.

Calgary – 14:00 MDT 

 

A recent Gmail outage reminds us that the cloud is not always up. What goes up must come down. Servers crash. Companies go bankrupt. When a cloud service provider fails or the technology falters, what happens to the servers that house the data?  Think of where your cloud-based data is hosted… and then try to imagine what it would take to get that data back. In these cases, questions of jurisdiction and bankruptcy law quickly come to the fore.

In the ongoing case involving Megaupload, a court battle is being fought over the servers: who will take conduct of them and what’s to be done with the data on those servers?

The Canadian case of Stanford International Bank Ltd. (Syndic de), 2009 QCCS 4106 (CanLII), also involved a dispute over servers of a bankrupt company. In the Stanford International case, the bankrupt company was offshore. A liquidator acting for receivers based in Antigua sought an order from a Canadian court to confirm the winding-up order. However, the court objected when it discovered that the servers, located in Canada, had been erased by the Antiguan receivers, the data had been copied, and the copies were stored in Antigua. Essentially, the Antiguan receivers removed all the electronic data from the Canadian servers to Antigua, thus removing the data from the jurisdiction of Canadian courts and regulatory authorities.

The number of servers in that case was small enough to permit copying; compare that to the Megaupload case which involves some 1100 servers. No-one wants to incur the cost to house and maintain such a large number of servers, so they are in legal limbo until the court makes a ruling.  

In some cases, the data sits on identifiable servers – you could in theory (if you know where the server farm is located) point to a box and say, that’s where my data is stored. In other cases, such as Amazon’s “Elastic Compute Cloud” Service, high levels of redundancy mean the same data may appear in multiple instances across multiple servers, located in multiple geographical areas. It would be impossible even in theory to determine where the data is physically located. When negotiating mission-critical cloud-computing agreements, take time to consider the issues of what happens when the cloud comes down, and get proper advice for a soft landing.

Calgary – 07:00 MDT

 

Yes, only lawyers ask such questions. But now that the question has been asked…. A recent lawsuit has framed this question in copyright terms. In Canada Post Corporation v. Geolytica Inc. c.o.b. Geocoder.ca (Federal Court, No. T-519-12), Canada Post has sued Geocoder for breach of copyright in postal codes. According to the Statement of Claim, a compilation of Canadian postal codes within a database is the property of Canada Post, and a production or reproduction of that database constitutes an infringement of the copyright held by Canada Post. Geocoder, for its part, has responded by claiming in its Statement of Defence that its “Canadian Postal Code Geocoded Dataset” was independently authored through a “crowdsourcing” effort over several years. “Geolytica created this database without ever accessing or copying any database of postal codes of the Canada Post Corporation.” 

The first question is whether postal codes are even eligible for copyright protection? Second, if they are protectable by copyright, but no direct copying occurred, can there be an infringement? What about indirect copying? Perhaps the closest case on record is Ital-Press Ltd. v. Sicoli, 1999 CanLII 8048 (FC), where the court considered telephone listings and indicated the following: telephone listings that are “…garden-variety white pages director[ies], devoid of even the slightest trace of creativity” cannot be eligible for copyright protection (citing the famous US case of Feist Publications, Inc. v. Rural Telephone Service Co., Inc…. famous for copyright lawyers that is).

The wider issue is one we’ve seen many times over the history of copyright: a traditional business or institution feels threatened by smaller start-ups who innovate to reproduce or replace an established business model. We will monitor developments in this fascinating case.

Calgary – 07:00 MDT

 

When you apply to register a trade-mark in Canada, each trade-mark must be matched with a specific list of wares and services. The Canadian Intellectual Property Office has released an updated list of approved descriptions of services, as part of its Wares and Services Manual for the purpose of paragraph 30(a) of the Trade-marks Act. The new descriptions include:

• Cloud computing provider services for general storage of data
• Cloud computing enabling file storage of payroll data
• Cloud computing web hosting services
• Cloud computing providing software for database management
• Cloud computing video hosting web sites
• Cloud computing photo sharing services

Contact the Field Law trade-mark team for advice on registering your trade-marks for cloud computing services.

Calgary – 07:00 MDT

 

Cloud service providers often want to change online terms in the middle of the product lifecycle. Amendments are typically required due to changes in the law or changes in product functionality. For example, Apple’s introduction of its iCloud service triggered changes to the iTunes terms of use. If users want access to the new functionality, they must assent to the revised terms. It amounts to a midstream unilateral change to the contract. Do these changes hold up in court? Two recent US cases suggest there is a valid way to effect such changes:

• In Fineman v. Sony Network Entertainment (N.D. Cal.; Feb. 9, 2012), consumers objected to Sony’s amendments to the online terms governing the Sony PlayStation Network. The changes were challenged and ultimately upheld in court. 
• In Lebowitz v. Dow Jones & Co., 06 Civ. 2198 (MGC) (S.D.N.Y.; Mar. 12, 2012), a New York court permitted unilateral changes to the terms and pricing for the WSJ Online subscription service. This turned, in part, on the terms of the original contract, which permitted the vendor to make reasonable changes to the terms as long as notice was provided to the user. For further discussion, see Eric Goldman’s post.)
• In Canada, this issue was addressed in the leading case of Kanitz v. Rogers Cable Inc., 2002 CanLII 49415 (ON SC), in which a Canadian court upheld a change in the online terms imposed on Rogers internet customers.

Note: software vendors and cloud service providers need to be cautious about forcing users to waive class-action rights. Such amendments can conflict with local consumer-protection laws. Unilateral changes need to be managed carefully. Get advice before you attempt to impose unilateral changes to ensure the best outcome. 

Calgary – 07:00 MDT

 

This post by my colleague Dan Carroll provides a great review of the many issues in online defamation, including civil and criminal liability. 

Related Reading:

• Online Defamation: Injunctions Against Google in Canada
• SCC Defamation Decision
• Update: Canadian Online Defamation & Hyperlink Case

Calgary – 07:00 MDT

 

The Federal Court of Appeal (FCA) released its decision in Weatherford Canada Ltd. v. Corlac Inc.  (2011 FCA 228) in 2011 on the subject of “good faith” prosecution. Leave to appeal to the Supreme Court of Canada has been refused. See Neil Kathol’s article on the FCA decision.

Calgary – 07:00 MDT   

 

If your kids use Facebook, are they bound by the online terms?

This question was recently reviewed in a US decision in which certain minor children, resident in Illinois, were users of facebook.com. They alleged that Facebook’s practice of misappropriating their names and likenesses for “commercial endorsements” without their consent was a violation of their privacy rights. Facebook resisted by invoking the “forum-selection” clause in its Terms of Service (TOS). That clause effectively punts all disputes into California, Facebook’s home turf. The Illinois court had to decide whether the case could proceed in Illinois, or whether the forum-selection clause dictated that the case must proceed in California.

In E.K.D. v. Facebook, Inc., 3:12-cv-01216-JCS (S.D. Ill. March 8, 2012), the Court concluded that the minors could not avoid the forum-selection clause in Facebook’s TOS. A mandatory forum-selection clause is, under US law, valid on its face, and should be enforced “unless enforcement is shown by the resisting party to be ‘unreasonable’ under the circumstances.” Canadian law is similar. However, the courts look at a number of factors in determining what they consider “reasonable”, and online vendors or licensors must take care if they want to ensure the clause will be upheld.

Calgary – 07:00 MDT

 

It’s been an interesting week for Canadian copyright. In case you don’t follow the lawyers and politicians…(and why would you)…. the debate over copyright has turned a bit snippy here in Canada. Parliament is debating the current version of the copyright reform bill (Bill C-11), and various lobby and interest groups are fighting to get air time on this topic before the final version of the bill is sent to final reading in the House. So witness the sparring between the following players:

• Last year the Canadian Bar Association (CBA) committee made a submission to Parliament entitled simply Bill C-32 — Copyright Modernization Act Amendments (Bill C-11 is the Bill Formerly Known as Bill C-32);
• Professor Michael Geist posted a December blog entry entitled Clearing Up the Copyright Confusion: Fair Dealing and Bill C-32;
• Then came the January Response to Professor Michael Geist’s Clearing Up the Copyright Confusion;
• Next we saw interesting allegations by a group of Canadian IP lawyers that the CBA committee was a secretive cabal guilty of plagiarism;
• It didn’t take long for the counter-point by the CBA and Professor Geist that no plagiarism occurred: Counterpoint: Music lobby smears CBA paper;
• And finally a response by Dan Glover to Professor Geist’s response.

For Canadian copyright law, it doesn’t get much more exciting. With the possible exception of the isohunt case, a Canadian bit-torrent lawsuit. After all this, the Parliamentary committee has finalized its review of Bill C-11, without making any major changes and the bill will proceed to Third Reading. Stay tuned.
Calgary – 07:00 MDT