April 16, 2008 by thomason.

Prior posts dealt with legal experts and the uncertain edge between copyright claims governed by federal law, and distribution contracts subject to state law. In a software infringement, and unauthorized distribution, case, there already may be expert issues of “substantial similarity” on a functional or instruction level. Add to that, disputes over local law as applied to the distributor’s alleged unauthorized actions under the contract. The latter issue presented difficulty when the dispute crossed international boundaries in Artificial Solutions Germany GmbH v Creative Virtual Ltd., [2008] EWHC 593, Case No: HC07C01803, England and Wales High Court of Justice (Chancery Div. Apr. 2, 2008).

Rather than relating the overall dispute, the High Court’s comments on the legal experts are instructive of what often is presented and how the court views it. My other observation is the German convention of listing all the titles of an expert, e.g, Prof. Dr. Dr.

Both parties offered experts on German law to try to confirm or avoid provisions in the software distribution contract. But counsel, probably, kept the experts’ opinions circumscribed (possibly so the opponent could not get admissions). The High Court felt that the narrowing approach was not altogether helpful, as follows:

“I also heard evidence from two distinguished professors of German law. Professor Dr Dr Stefan Grundmann, Professor of German and European Private and Business Law” and from “Professor Dr Heinz-Peter Mansel, Professor of German Civil Law, Comparative Law and Private International Law,” and both “were clearly doing their best to assist the court.” Their assistance was limited though, because “both had been led by their instructions to focus on the application of the relevant principles of German law to their instructing party’s version of the disputed facts of the case, rather than on simply expounding their understanding of those principles.” This frustrated the inquiry, making it “difficult to ascertain precisely where they differed as to the principles as opposed to the application of the principles.”

And so it goes. Experts can agree on the principle, of law or damages or of science, or they can disagree on the applicable principles. Similarly, experts who agree on principle, can apply the principles in ways that lead to differing results. Here, the Court felt that neither side was committed to a principle, but only to a result that favored their client. Before spending a lot of time and money on experts, it is preferable to commit to a principle, and state if it differs fundamentally or in application to what the opposing expert relies upon, and go with that in court. Trying to get past making that commitment runs the risk of the experts not being persuasive, or having the High Court deem your approach “not straightforward.”

Posted in Copyright | Comments Off

April 15, 2008 by thomason.

It’s acronyms in April.  Today, PCI compliance, which are the industry standards set by the Payment Card industry.  There may be an incestuous affair between lawyers and the merchants of software and hardware.  A problem gets publicized, the lawyers promulgate laws and regulations, and companies have to buy software and consultants’ services to meet those regulatory requirments; then, other lawyers sue for non-compliance with these minimum standards.  That’s trickle-around economics, and why some can afford those really nice homes near our shores. 

When I’m done droning on about IP, I switch the topic to IT, just to stroke the pace.  With each new report that users’ credit cards and/or personally identifiable data has been taken, some time has to be devoted to learning how the ‘job’ was done, and what the lawyers said about it in later suits.

On Mar. 27th, the Hannaford grocery chain had two PCI compliance events: it was re-certified PCI compliant, and it reported being aware of a data breach where 4.2 million card users data was stolen. Later, it determined that the breach continued until Mar. 10th, and class action lawsuits began being filed on the 19th. The data breach had resulted from malware installed on all the store servers, and when a card was sent in for authorization the malware intercepted the card number and expiry, then it batch sent the numbers over the internet to a foreign ISP. Unlike the TJMaxx breach, where in part the intrusion came in via unsecure wireless access, Hannaford did not have wireless network access.

Some have speculated that installation of the malware may have been done by an “insider” or a vendor’s technician.  One of the suits alleged around “1,800 cases of reported credit or debit card fraud related to the security breach.” In another, a plaintiff in Maine was told by the Burbank, Calif. police that a “replica of her card was swiped at the register when” fraudulent purchases were made. (see Complaint in Courchene v. Hannaford, linked to main case 2:08CV89 D. Maine). Also, it is claimed that the PCI standards establish a legal standard of due care, such that if a company is non-compliant, then it is legally negligent. That creates somewhat of a moving target, since the PCI standards are broad-based goals, rather than specific dos-and-don’ts. It too is of concern because of the overall dynamics of the situation: PCI compliance is a necessity, but a compliant company is not insulated from liability; and, the flexible PCI standards may create or provide proof of liability for an unpreventable data breach. Also, the coincidence of Hannaford being re-certified and that same day reporting the breach seem to suggest that the PCI audit lead to discovery of the breach, and it provoked the requirement that Hannaford report it. Last, in all the contracts related to PCI compliance, it is difficult to transfer or even mitigate data loss liability - consultants, auditors, software vendors, etc., accept no liability in those arrangements.

If you’ve read this far, then you may want to consider my ‘conspiracy theory.’ The data breach at Hannaford began around Dec.1, 2007. At that time, the USDOJ issued investigatory demands to all the large chocolate companies over alleged price fixing. On Mar. 25, 2008, Hannaford sued all the chocolate companies alleging monopolization and price fixing. The PCI audit, the malware and data breach at Hannaford, and the price-fixing suit by Hannaford may not be related. But, it raises the (albeit unlikely) possibility that the intrusion into Hannaford’s servers was industrial espionage done to access information related to the later-filed price-fixing suit (even if taking the credit card data was just moonlighting by the hackers, or done to make the attack appear to be something other than espionage).  Sure, it’s far-fetched, or too Oceans Eleven, but threatened world domination of all things chocolate requires some Austin Powers’ thinking.

Posted in Uncategorized | Comments Off

April 4, 2008 by thomason.

The prior post about challenges to anonymous bloggers and sniping commentors put me in touch with the recent ruling allowing a defamation claim to be pleaded against a commentor to a blawg. The ruling, on Leap Day, in Document Security v. Adler Tech. 03CV6044 (W.D.N.Y.) grants, over objections, a “supplemental” pleading that amends and adds a counterclaim and a new party. The gravamen of the allegation is that plaintiff’s personnel posted a comment on Philip Brooks’ fine IP blawg, which related to facts and disputes in the parties’ litigation. The Judge agreed the amendment would result in “delay,” but “plaintiff has not set forth the exact prejudice it will suffer if this defamation counterclaim is allowed.”

It is possible that depositions will address the new, defaming claim. In a given circumstance, the blawg itself may need to provide information. What then becomes of commentary? Blawgers have to moderate comments, and not post those with too much of an ‘edge.’  Is blawging to become less like Speakers’ Corner in London, where free and open dialogue was allowed, but no one was exposed to suit?

Posted in Uncategorized | Comments Off

April 3, 2008 by thomason.

In losing a case over the copyright holder’s 106(3) exclusive right of distribution, one reads every case and all of the legislative history on the subject. Even when studied, the distribution right protected by copyright has fuzzy contours and intangible aspects. Copyright is a creature of federal law and statute, but distribution is more a matter of contract, lex mercatoria, and the U.C.C. Thus, what distinguishes the two regimes, and to which caesar is tribute owed.

The latest, best analysis of the distribution right comes as a result of the ‘plausibility’ probing that The Supremes required after Bell Atl. v Twombly, (2007). In Elektra Entert. v. Barker, 7:05CV7340 (3/31/2008 S.D.N.Y.), the standard suit by the RIAA against some peer-sharer got non-standard review. The claim that Barker infringed the right of distribution went under the microscope, because RIAA alleged that the copyrighted works had been “made available” as an infringement distinct from actual distribution.

In the end, the Judge found enough allegations of actual distribution, but held that just making a copyrighted work “available” for distribution failed to state a claim of infringement of the enumerated statutory rights. “[B]ecause Congress did not expressly equate the act of ‘offering to distribute’… to the act of ‘making available,’ Plaintiffs’ allegations - insofar as Plaintiffs wish to hold Defendant liable for acts of infringement other than actual downloading and/or distribution - fail to state a claim.” Reduced to an analogy, advertising “$8.95 copies of last year’s Oscar winning movies,” but selling none, does not infringe the copyright owner’s exclusive right to distribute.

The infringement alleged in my first copyright trial requires a working knowledge of skee-ball as is played at coastal amusement parks, and of the fabulous prizes always on display. Understand this much, no one wins the big prizes hanging about the booth. Those just attract skee-ballers to play, only to win junky, little, novelty prizes. My defendants displayed plush toys that were beloved characters in a most-famous movie. No one ever won one, i.e., none ever were “distributed,” but these toys were ‘made available.’ As the saying goes, if I knew then what I know now, maybe the 2nd Circuit already would have ruled on the available right of distribution.

Posted in Copyright | Comments Off

April 1, 2008 by thomason.

It’s old news that the Troll Tracker got outed, and that his employer established a new policy on employee blogging.  Now, the SCOTUS blog, which fulfills the role of quasi-official blog of the U.S. Supreme Court, has announced their policy decision to disable the “comments” section.  Seems that some work by the High Court was provoking, (egads !) “sniping” and the sort.

The era when the internet was ‘open source’ for commentary, even from anonymous commentors is passing. 

The SCOTUS blog has been so very useful for keeping up on issues pending before the Court.  But, if dialogue is disallowed among we little people, then only those few, who actually get to ’speak to’ the Court, are allowed to speak about the Court.   Is ii surprising that issues before the Supremes generate hostile, visceral, impertinent remarks?  So too, that such remarks trigger reprisal remarks?  If the Court takes away, or refuses to protect constitutional rights - dang, people get upset.

On a daily basis, I delete most all the comments that come into this blawg.  Why?  Because those are irrelevant, or are spam, or do not add to any dialogue about the topic.  The best comments are those that I reply about directly to the author, and don’t post.  My favorite comment recently received was “Your an idiot.”  I didn’t post that one either. 

Seems that SCOTUS favors a blanket prior restraint policy, instead of applying strict scrutiny and refusing to post comments that merely ’snipe.’

Posted in Uncategorized | Comments Off