Internet Law Lawyers, Data Security Law, Intellectual Property Law

Tuesday, May 17, 2016

Trade Secrets Extraordinary Provisions

Trade secrets are going to be dealt differently now that the President has signed into law the new Defend Trade Secrets Act (DTSA). Through the bipartisan efforts of Sen. Orrin Hatch, R-Utah, and Sen. Choons, D-Del., DTSA is meeting the desired measure that has long been sought by businesses to address the delicate nature of intellectual property protection at home and abroad. The importance cannot be overstated when the provision now allows federal civil claims for misappropriation of trade secrets. This step undoubtedly heightens the impact of filing lawsuits under the Federal Economic Espionage Act.

DTSA will be considered as other concepts and notions of the intellectual property realm are considered, i.e., patents, trademarks, and copyrights. By doing so, entities claiming trade secrets misappropriation will have more certainty in the process with the authoritative sphere now being a federal law. DTSA will apply to products and or services, regardless if they are in commerce or are intended to for use in commerce. The claimed pretext of use in commerce extends beyond interstate commerce into foreign commerce, availed by the Espionage Act.

While DTSA has now a federal platform, the potential claimants of trade secrets misappropriation will have a choice to either proceed in federal court or proceed in state court. It is the discretion of the litigant to determine the most fruitful avenues considering potential protections and how foreseen motions would be handled. Yet, with the federal option available, there will be at least a more settled approach going forward. The damage award aspect of DTSA for the wrongful taking of a trade secret is accompanied with the seizure provision that will allow claimants to a seek seizure of their stolen trade secrets. This mechanism has certain underpinnings.

The underpinnings of the seizure provision are based on demonstrating extraordinary circumstances that will require certain steps. There is a requirement of filing an exparte application with an accompanying affidavit or verified complaint. The litigant, overall, claiming misappropriation will be able to avail itself of a remedy heretofore not seen at the state level. The initial requirement of demonstrating the inadequacy of the equitable relief under Rule 65 of the Federal Rules of Civil is required, however. Additionally, the litigant must demonstrate irreparable injury with an outweighing balance of any legitimate interest of the possessor, with a demonstration of the nature of the misappropriation and a description of the trade secret, and showing that if notice was provided to the possessor the trade secrets would be made in any way inaccessible or otherwise destroyed. The acquired trade secret will then be in the court’s custody, and if need be, the litigant can request that it be encrypted.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."

Thursday, May 12, 2016

Internet Technology and Employer Monitoring

Internet technology and the internet of things pervasive expansion in our everyday lives has become a crazy, a thing to do, and something to use by employers. The risks of privacy are overlooked as well as liabilities when an employer goes too far. The application of technological uses to keep track of employees, staying in touch with their work progress, whether in town or out, does place challenges. We all hear about notice requirements given to employees allowing for express consent, but that may not be enough when we consider the extensive reach and ability of what is being given to employees under the rubric of wellness, company productivity, and operational efficiency. Needless to say, employers desire ‘healthy’ employees who have ‘healthy’ lifestyles. Conversely, if an employee is in the private sector, the limits imposed upon by the U.S. Constitutions 4^th and 14^th Amendments do not assail the employer, except for privacy considerations.

The legal considerations for the use of internet of things tracking means of employees run into work related and non-work related aspects. Technology allows through employers given cell phones, wearables, work identification cards that house transmitters, and RFID tags (radio frequency identification), to monitor employees whereabouts during work hours and beyond. Where should the line be drawn? If an employer is utilizing artificial intelligence technology to monitor its employees even outside of work, in Florida, it could be considered a tort of intrusion upon seclusion, based on the employees demonstrating that its solitude or private affairs and concerns were intruded upon by the employers’ technological use.[1]

Aside from internet technology tracking whereabouts, the devices companies offer employees to allow the employers to know their employee activities to the extent of knowing their heart rate, activity frequency duration, and time, to name some details that comprise an employees’ biometric data profile. On this point attention must be drawn to the prohibition placed on employers by the Genetic Information Nondiscrimination Act of 2008 (“GINA”) prohibiting them from using genetically acquired information for employment and insurance. Furthermore, we must note the prohibition imposed upon employers by the Health Information Portability and Accountability Act (“HIPPA”) not allowing employers to acquire employee health information.

Yet, as the technology continues to advance and its use becomes commonplace and pervasive in all aspects of life, the laws are not up to speed to address the fine lines of privacy, the tort of intrusion upon seclusion, and employers’ wellness programs and their employees’ participation. Monitoring laws are taking shape throughout the country but until there is a clear stance of where they are headed, employers and employee should be mindful of several considerations. For instance, employees should be the only ones able to see the generated biometric data profile and not the employer. Any video surveillance in the workplace is prohibited in restrooms where an employee has a reasonable expectation of privacy in restrooms.[2] Employees have no reasonable expectation of privacy in emails going through employer’s server, so email monitoring is permissible.[3] Some states have imposed notice requirements on employers who use monitoring technology whether in its emails, the internet, and their phones. Some states recognize an employee’s privacy interest allowing them to claim invasion of privacy where they have a reasonable privacy expectation. So, as employees play with their gadgets, emails and work phone lines are monitored, work cell phone use serves a way for our employer to know we are hard at work, and our wearables log how hard at play we truly are, we need to 'exercise' [pun intended] caution and be aware of rights and restrictions, whether you are an employer or an employee.

[1] Benn v. Florida E. Coast Ry. Co., (S.D. Fla. 1999).

[2] Sec. 810.145, Fla. Stat.

[3] Leor Exploration and Production, LLC, et al., v. Aguiar, (S.D. Fla. Sept. 23, 2009).

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."

Wednesday, May 11, 2016

Copyright Protection Standard for Clothing

Copyright protection standard for clothing articulated as conceptual separability will now be entertained by the U.S. Supreme Court amid the background of disparate circuit court views. Copyright protection applies to the features pertaining to design, of say, articles, and pictures. The garment sector items fall into the dichotomy of use or utility, as the design varyingly is construed to not be separate from its utility by a variety of courts. However, according to utility concept, described in section 101 of the Copyright Act of 1976, there has to be an independent existence of the article item. The notion is that there has to be a separability regarding the design and its use, i.e., utility. This concern is before the U.S. Supreme Court in Star Athletica LLC v. VarsityBrands, Inc.[1] What the Court will struggle with as other courts have previously, is to construe the independence of the design from its use or the items’ function, with the purpose of delineating when copyright protection can inure to it.

The garment maker, Varsity Brands argued, in its suit in the U.S. District for the Western District Court of Tennessee, against Star Athletica, copyright infringement on certain garments designed for cheerleading. Star Athletica argued for the absence of any copyright infringement because of the utility of the garments in its intended use which rendered it not copyrightable. The District court agreed with Star Athletica in that the garment had a functional aspect to it in that the individual wearing the garment would be construed to be a cheerleader. This was based on identity sake of item usage. Hence, the court in granting summary judgment stated that ‘the designs at issue were functional because they identified …the ideal of ‘cheerleading-uniform-ness’, and therefore useful. The usefulness rendered it not copyrightable.

The 6^th Circuit disagreed in that it determined that graphic features of Varsity’s designs had a conceptual value. By having a conceptual value, there would be a separation between the conceptual design of the garment and its use. The use or function of the garment, in this case, was for cheerleading which can be construed separately from the garment’s design. It seems the court held a position followed by the 7^th Circuit which emphasizes the designer’s judgment in balance with function and design.[2] Of interest would be the emphasis the Supreme Court would give to the physical aspects of the item’s usage and design as the Fourth Circuit struggled[3] with along with the Fifth Circuit’s analysis[4] regarding the marketability of the item in question. As it balances the varied circuit views, the test for conceptual separability between the design and the usefulness of the garment is not without its apparent application in other sectors of which involve household goods, furnishings, etc. The bottom point of analysis is where the balance will be drawn on identifying the design characteristics of the garment or item in question from its useful purpose. The result will change the direction of copyright enforcement regarding the utility of an item whether seen together or separate from its design.

[1] _{Star Athletica, L.L.C. v. Varsity Brands, Inc}_{., 84 USLW 3407, US, May 2, 2016 (No. 15-866).}

[2] _{Pivot Point Int'l, Inc. v. Charlene Prods.}_,_{Inc., 372 F.3d 913 (7th Cir. 2004).}

[3] _{Universal Furniture Int'l, Inc. v. Collezione Europa USA, Inc}_._{, 618 F.3d 417(4th Cir. 2010).}

[4] _{Galiano v. Harrah's Operating Co.,}_{416 F.3d 411(5th Cir. 2005).}

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."

Tuesday, May 10, 2016

Data Security and the Internal and External Cyber - Insecurity

Data security and the insecurity of electronically stored information (ESI) is ephemeral and any anticipation of its occurrence or origin is absolutely unpredictable. All attention is always on the external incidents but little is focused on the internally sourced infraction. Seldom do entities envision the internally sourced incident. The risk from internal unauthorized access to trade secrets leading to misappropriation is realistic. This is not to spawn an environment of distrust in the workplace. Of course, it is difficult to swallow that employees would pilfer company knowledge, designs, formulas, or even the companies R&D new software specs for self-gain. Word to the wise, swallow it fast and be ready.

The imminent vulnerability is through personnel and their mishaps, forgetfulness, or deliberate sabotage. Always the employee with the increasing frequent absences draws a cause for concern and some form of a query, especially an employee who has access to critical company information. This concern is so realistic that it has motivated states to promulgate their own version of a uniform rendition on trade secrets and provisions addressing computer crimes. Some promulgations allow for civil and monetary remedies when business data is compromised as a result of someone exerting unauthorized access either internally or externally sourced.

With the ease of ESI transmission, unauthorized access becomes all too prevalent for the business insurance companies to fathom the risk. This reality is augmented by the anonymous activity through shadow bots, exchanges and other means that leave the business owner holding client data, innovative plans, beta testing new processes, without protective leverage. Backdoor access is always a possibility especially among those of trust who have a mutual gain in the prosperity of the enterprise. Worst case events are what gave rise to FUTSA and CADRA in Florida[1] and many other states that appreciated the seriousness.

Insecurity of data security, unfortunately, is by the nature of storing ESI and transmitting ESI in our day-to-day business endeavors. Customer information, as well as business assets, are at play in the realm of cyber insecurity. Security is only as secure as the weakest link in the chain of transmission. As vulnerability is realized in its present state, the urgency then is to focus not only on firewalls and other aspects but on internal employee training, policies, non-disclosure agreements, vendor contracts, cyber insurance policies and their coverage reviews, and vetting vendors’ cyber liability coverage before inking a deal. Can a business claim safeguarding its data assets to engender public confidence in the security of ongoing credit card transactions, storage of its personal account information, the transfer of its customers’ medical records, or the updating of financial records? The qualified claim itself draws also the risk of misrepresentation before the regulatory eyes of the Federal Trade Commission. ESI is business as usual and the role of risk management is to realize not only the external aspect of cyber intrusion but to also balance that attention with internal constructs in order to anticipate the unpredictable.

[1] Florida Uniform Trade Secrets Act (FUTSA), Chapter 688, Florida Statutes; Sec. 812.081, Florida Statutes; Computer Abuse and Data Recovery Act, Sec. 668.801, Florida Statutes (“CADRA”).

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."

Social Media Self-Modification

Self-Modification by social media platforms has struggled to ensure that the Internet is acceptable to all cultures, religions, political persuasion, and to all values of countries. This exercise in Internet Governance is tall and detailed and comes under criticism for being too heavy handed towards exercising censorship. Though easy to say, it becomes difficult to fathom when realizing complexities across borders. It is also complex when the business of platforms is to solicit the participation of content submittal for all to see and be exposed to. Such solicitation opens platforms to host content that will at some point cross an unacceptable line. The underlying aspect is that the role of Internet Governance is put forth by hidden unelected individuals having a say on what is right and wrong in the public domain. Nevertheless, biases and interests could translate into the decisions of what to allow on the platforms.

The issues run across many sensitivities considering objectionable content. The regard for decency and respect, but still allow for freedom of expression has certainly been tested. The responsibility has primarily rested on the platforms efforts to self-police the flow of content applying a form of “content modification.” Posting of violent incidents or committed acts of violence draws one to question the purpose of showing videos of a beheading, animal cruelty, a child being mutilated, a public flogging, or a child’s circumcision. Easier to accept has been public political demonstrations with incidents of restrictions in certain regions of the world.

The argument for free speech is not a free for all as some would imagine when it comes to implementing content policy. With over hundreds of millions of videos uploaded daily, the task is monumental. It is an internationally impactful role that impinges on political interests and national policy interests. The major social platforms are employing and institutionalizing global content review teams setting policies. A violent event could be deemed to have political and news value. A comedic video could be deemed socially acceptable to some and objectionable to others along the lines of being sexually offensive. In a sense, the global content policy initiative by the social media platforms are functioning as the eyes and ears of the user public trying to discern right from wrong without a definitive line but working with a moving value target.

The implementation of self-modification by YouTube, Facebook, and Google, begs the need to set requirements to define lines of acceptability. The distinctions fall under categories of journalist value, political interest, cultural value information, educational, social creativity and expression; and this is just to name a possible few. The power of what is allowed to be posted by them on the Internet could have endless political significance for a country trying to keep suppressing its citizens, for a social or issue driven cause prior to an election, or for promoting a war or an invasion. The result of exercising discretion over what is allowed to be posted could drive the direction of politics, social development, development of new laws, increasing government control, eroded national borders, or even blur the legal definitions of freedom, defamation, invasion of privacy, and human decency in the public domain. The startling realization is that the self-modification effort is done by entities and their employees who social media users did not elect to tell them right from wrong in the public domain.

Because of the concern for addressing Internet Governance groups have been organized. Many of these groups work in group associations such as the Global Network Initiative, Anti-Cyberhate Working Group, Safety Advisory Board (Facebook), and Truth and Safety Council (Twitter). While their stated goals may be lauded, their lack of transparency with their closed meetings causes to concern and engenders a distrust and doubt for their accountability to civil society and everyone’s use of the public domain.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."

Saturday, April 16, 2016

Ransom Seeking Malware, What to know and Do

Ransom seeking malware is nefarious and it comes in different flavors. The hedge of control is to hold hostage vital information within your network in exchange for compensation. Healthcare providers, financial institutions, and government entities have been the victim. Its variants and its methods are complicated means of affecting ways an entity accesses its information assets. Aside from and email variant which will be touched upon shortly, there are three predominant approaches to ransomware deployment.

As a software, it can be disguised so that it is accepted by the recipient entity including its employees. Its process involves disabling a network system serving as a lock which will prohibit access to valuable data in the subject entity. The process can involve encryption of the data so that no one can access it. There is one variant known to not interrupt access to the computers but the files that are used to process daily work operations are encrypted and not functional. The second variant of ransomware does not encrypt the files in the subject entity but is creates a block that prevents access to the data assets. Both are released, supposedly once the ransom is paid.

How entities react to the possibilities of these events is important for purposes of assessing liability. Coordinated efforts between work groups within an entity is necessary. Obviously, we can consider the need to monitor the readiness of an entity’s network. But do entities consider their insurance coverage? Chances are that this is an area that is overlooked too frequently. It is a good step to have a designated person authorized to oversee the modifications and updates to an entities network. It is also savvy to audit the entity’s process to find vulnerabilities.

What is as well intricate is the communications network where emails are the source of sharing data assets within an entity. It is as well the predominant gateway. The variant which involves the intruder capturing sensitive emails possibly holding client trade secrets, financial information, medical records, etc., involves a blackmail technique of threatening to disclose publicly the held data assets. The critical aspect of ransomware efforts is that there is no say that even if the ransom is paid, and it is commonly seeking compensation in Bitcoin, that the data asset will be released and access restored.

Best practices touch upon the necessity of encrypting files while in transit and as they are stored. It is also prudent to have frequent and timely updates to detection systems. The larger the entity the more likely that access to vital assets is limited to the scope of assigned duties of employees. An entity should be proactive and train its employees on best practices and provide teaching points on what to look for and be aware of the risks and of the traps. All this is important along with information technology personnel working together with the administration of an entity in order to anticipate the event and what to do in the event of a ransomware attack. As well, it is crucial to review the entity’s insurance and determine if there is coverage for cyber extortion.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."

Friday, April 15, 2016

Data Security Relevance to More than Just PII

Data security relevance is customarily popping up in everyday life, business, and in our system of society. To think that billions use handheld devices for entertainment, staying informed of news, and to also be able to know where they are and where they are going, there is another segment of our network life infrastructure, growingly dependent on being connected so-to-speak. Medical care providers, accountants, tax services, property appraisers, websites, and even law firms are vulnerable. Business has garnered higher stakes by virtue of it enhancing process features of administration and service delivery. Enhancement has come in ways touching upon data storage for files and ease in retrieval and sharing among colleagues. Improved means of communications coupled with the ease of recording such communication by date, title, content, and relevant matter.

To a certain extent, there is a growing responsibility to safeguard that data of amassed personal identifying information (PII) or customer proprietary network information (CPNI) or even confidential personal information (CPI), no matter what legal provision one resorts to find a binding basis for asserting some type of grievance. Law firms, the bastion for safeguarding rights, records, and maintaining confidentiality, are no longer seen as immune. As reported, two major American law firms became victim to phishing schemes which targeted employees of the two firms. The Wall Street Journal and The American Lawyer reported that the firm Cravath, Swaine & Moore and the firm Weil, Gotshal & Manges, were attacked by phishing schemes seeking held and stored client trade secrets, intellectual property, and sensitive client business information.

Data security relevance just shifted from commonly read consumer identity theft, acquisition of social security numbers, and credit card information to corporate espionage seeking competitive trade secret information. The efforts to safeguard the “valuable” commoditized client information are now at the forefront of and should be of every business or firm, large or small, association or government. Data security incidents will ubiquitously impinge on boardroom meeting agendas and also reach to district level school board meetings. The relevance of data security is ever present.

See: http://www.wsj.com/articles/hackers-breach-cravath-swaine-other-big-law-firms-1459293504

See: http://www.americanlawyer.com/id=1202753706763/Cravath-Admits-Breach-as-Law-Firm-Hacks-Go-Public-?slreturn=20160309123340

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."