Germany’s DeNIC offers (a bit) more privacy for some registrants

Whois screengrab

With the increasing focus on privacy in Europe, and ongoing challenges to the US-European “Privacy Shield” agreement, domain name registrants from Europe see domain names as (yet another) weak link in privacy rights. They wouldn’t be wrong in that – in order to protect domain name registrants in the case of the failure of a domain name registrar, all registrars are required to put the underlying registrant data in escrow with an accredited data escrow provider. Until recently, however, the only ICANN-approved data escrow provider has been the US company Iron Mountain, and as a result all of the agreements (and the underlying data) were subject to US law. That, of course, means they were subject to US law enforcement and civil litigation demands as well.

That has recently changed. According to heise online (in German), DeNIC, the German company in charge of the .de country level domain, has recently been accredited by ICANN as a third party data escrow provider for registrar data. DeNIC’s accreditation provides a European alternative to Iron Mountain, and provides some assurances that European data remains in Europe subject to European privacy laws. While that’s an improvement, domain registries must also escrow data, and there’s only a single provider for those services as well (can you guess who that might be?). DeNIC, looking to close that weak link in data protection, is actively seeking accreditation there as well.

While this particular service may not impact US business to any great extent, it does demonstrate an increasing interest in European alternatives under the current political climate. No doubt companies like XING (a German LinkedIn alternative) and UK online bookseller Wordery will seek to capitalize on increasing European concern over US service providers.

At the rate things are going, US disregard for privacy may create the European Internet champions that European lawmakers could not.

For more on DeNIC’s accreditation and continuing efforts, see this press release.

So long e-signatures, it was nice to know you.

DocuSign screenshot

We recently bought a house or, more accurately, a bank bought a house which we own a teeny-tiny part of. That, of course, resulted in an unending series of requests by mortgage companies, banks, title companies, realtors, sellers, etc. for signatures on long and seemingly duplicative documents. In most of those cases, our signatures were obtained via DocuSign. That’s become pretty standard practice in the real estate industry these days, and also in other industries which require large numbers of signed documents. While it’s annoying, I suppose it beats having an equally large pile of signed originals in a file somewhere.

Or maybe it doesn’t. According to a recent memorandum in a California court, however, a “signed” DocuSign document might not be enough. The judge in that case sanctioned an attorney for relying on DocuSign signatures in the context of bankruptcy law, pointing specifically at a requirement that electronic signatures are only valid if a copy of the “original” signed document was retained. DocuSign, of course, has based its entire platform on the idea that the digitally signed document is the original, which may now be in serious doubt.

For now, the memorandum serves as a reminder that users of digital or e-signatures have to be certain that the laws pertaining to that particular transaction allow e-signatures without a “wet signature” to fall back on in the event of a dispute. Bankruptcy lawyers in particular, take note. That being said, the logic behind the memo calls into question the entire premise behind electronic and digital signatures and, if followed, may end up being a really good development for paper companies. After all, if I sign by putting my name following /s/ in an e-mail, or using the signature function in Apple’s Preview application, the potential authentication issues raised in the memo are exactly the same as raised in this case.

I’ll keep that in mind if we have second thoughts about this whole home-ownership thing.

Hat tip to Whitney Merrill (via Twitter, @wbm312)

How about Estonian law with your morning cuppa’

Supreme Court of Estonia

This is, in fact, the Supreme Court of Estonia. Who knew?

It’s not often you start the morning with an international legal dispute, and that before one’s morning coffee. This morning, from the kitchen, I was treated with the dulcet tones of my wife arguing with the London Times about cancellation of her online subscription. It turns out they only accept cancellations from the US via passenger pigeon on odd Tuesdays which have a full moon, and then only when written in the blood of a recently slain unicorn. Ok, not really, but as we haven’t actually figured out how one successfully cancels a subscription, that may in fact be the cancellation policy. Pro tip – don’t subscribe to the London Times.

Anyway, the interesting thing about that kerfuffle is the degree to which the average consumer worldwide is entering into contracts with companies in other countries, ostensibly under the laws of those countries. As consumers, however, those individuals remain protected under the consumer protection and other laws of their respective countries (or, in the case of the US, an odd patchwork of federal, state, and local laws). As a result, even as simple transaction as a newspaper subscription or Facebook registration can give rise to significant legal cases with an international impact.

Many of those cases involve privacy and the EU-US privacy shield. Europe isn’t alone in its concern for the privacy of citizens, however, with a new decision extending the protections of Canadian Privacy to data disseminated outside of Canada (hat tip to Daniel Solove). While the US doesn’t really care as much (or perhaps at all) about privacy, there are laws like the Speech Act which attempt to protect US residents (in this case writers) from the effects of foreign laws which are against US public policy (in this instance, the right to free speech).

There are a host of other issues which arise from these contracts, however. Do companies like the Daily Times understand and follow US legal requirements like the Fair Debt Collection Practices Act or, in the case of selling (and upselling), the Telephone Consumer Protection Act? Even if they do, how does one collect a relatively small debt in a foreign country in an efficient and cost-effective way? In the other direction, Europe has extended its controversial “right to forget” worldwide, creating a compliance nightmare for Google and other big US tech companies, and an unresolved conflict for others without as much skin in the game in Europe.

The Internet makes international business possible from your kitchen table. What that means for public policy and protection for the consumer remains largely unresolved.

Image by Ivo Kruusamägi

A cold wind on privacy

SoccerSnow

Whaddaya mean you’re calling the game?

Standing outside in the chill of what passes for “spring” these days, with a cold breeze numbing the end of my uncovered ears (it’s SPRING for God’s sake), I listened to my fellow soccer parents discussing the merits of the Senate’s recent vote to rescind the FCC’s as-yet unimplemented rules on privacy for ISPs. Overall, I think most of the parents were pretty ok with the loss of some privacy in exchange for the perceived benefits of data sharing. Most of that had to do with the cool things technology can do when provided with access to data, like make sure your latté is ready before you actually arrive at Starbucks in the morning.

Listening, I was trying to think of why I’m not on board with that logic (other than the fact that I’m not a huge latté fan). Aside from the many concerning ways in which ISPs can and have used data, the bigger problem would seem to be that there’s no real guarantee that the data will remain with the ISP or their marketing partners.

First of all, big companies of all stripes are pretty terrible at keeping data secure. That means that, in addition to that cool relocation feature which allows you to pre-order a late on the drive to that early-morning soccer tournament, you may be letting hackers from the Ukraine into details about your life which may (or may not) allow them to hack into your bank accounts or determine the content of that highly sensitive e-mail you received.

Secondly, as lawyers well know, data of all types is discoverable in litigation, so those “innocent” late night visits to Ashley Madison may not be as private as you think they are. While much of that data is already available and discoverable from your e-mail provider or home computer, giving ISPs an incentive to keep and distribute that data certainly won’t improve matters any. Increasing the amount of data available also means more data available to the government, and while it’s nice to believe that only matters if you’ve done something wrong, that’s not always true. In Europe, the public and the courts have been fighting against mandatory data retention rules, even as the US arguably incentivizes the private collection of data.

For or against, there’s not much you can do to protect yourself against data collection – most Americans have limited choice in ISPs, and some have no choice at all. Short of running everything through a VPN, or simply not using the internet, it looks as though consumers have to get used to the idea that their traffic will be collected and shared by ISPs, the government, and pretty much everyone else who has access to it.

Which symbol do I use for my trademark?

™? ®? ℠? ©? Ever wonder what all those brand name symbols mean? Here is the simple lowdown.

The ® indicates that a trademark is registered with the United States Patent and Trademark Office (USPTO). It should only be used after you have received confirmation from the USPTO that your mark has been registered.

The ™ and ℠ symbols can be used when a trademark is not registered (whether or not an application for registration is pending). These symbols are a way for a trademark owner to claim proprietary rights in a mark even though the mark is not registered. The difference between the two is that ℠ stands for “service mark” and indicates that the trademark identifies a service, as opposed to a good, whereas the ™ symbol, which stands for “trademark”, is commonly used for both goods or services.

The © symbol is for copyrights, not trademarks.

Think your DMCA designated agent is set? Think again.

Many businesses strive for an interactive website, but interactivity brings with it the risk that someone else’s posting will create legal risk. Fortunately, a number of laws help shield the website operator from risk, most important among them the Digital Millennium Copyright Act (DMCA)

The DMCA, or more specifically the DMCA “notice and takedown” procedure, protects businesses from copyright liability for content posted to their website by third parties. Essentially, website owners and operators who register with the US Copyright Office and follow the takedown procedure are granted immunity from copyright lawsuits as long as they were not actively involved in posting from the alleged infringement. This protection can be invaluable, given the potentially high cost of even inadvertent copyright infringement.

Key to DMCA protection is the designation of an agent with the US Copyright Office – without an agent, even companies which follow the procedure are not immune from liability. Under the original system, companies completed a paper form which was scanned and put online. Although it’s called a “directory,” the old list was really just a database of scanned forms, many handwritten and some illegible. Since the designations never expired, designations for long-inactive websites remained online well past the expiration dates of the underlying business ventures. Starting December 1, 2016 there’s a new directory which will replace the previous forms. In order to populate the directory, companies will be required to file electronic designations (along with a new, increased fee) by no later than December 31, 2017, after which all registrations under the old system will expire. Under the new rules, registrations must be renewed every three years.

Some have criticized this as a money grab on the part of the US Copyright Office and, frankly, I tend to agree. That being said, anyone who has ever filled out or tried to read the scanned “Interim Designation of Copyright Agent” has to agree that the procedure was in need of an overhaul. It’s hardly surprising that the government would want industry to pay.

For more information, see the US Copyright office’s website.

Protecting and Maintaining Your Trademark Registration

The battle to protect your trademark does not end with federal trademark registration. Once registered, you have to be vigilant about protecting the trademark from misuse, or risk losing the trademark’s protected status. The better the brand name, the easier it will be to protect it from improper use by others.

Protection begins with your own use of the mark. In order to maintain a federal registration, you have to actually use your mark in commerce; you cannot simply register it and keep it for possible future use. If you don’t use it, a third party (e.g. a competitor that thinks you came up with a great brand name and wants to use it for their own products) can seek to cancel your registration for non-use and then register it as their own brand name. It is important that you not only continue to use your trademark, but that you use it properly. I will discuss proper trademark use in a later post.

Additionally, certain documents must be filed periodically with the Patent and Trademark Office (the “USPTO”) to maintain a trademark registration. These documents essentially provide a mechanism of proof to the USPTO that you have been continuing to use the trademark in interstate commerce. If the deadline for filing a maintenance document passes, you will lose your registration. If you buy or sell a trademark (e.g. pursuant to the sale of a business or an inter-company agreement between related companies) or grant or take a security interest in a trademark or change the name or address of your company, you should update the ownership records with the USPTO. It is important to keep the trademark registration’s contact information up to date with the USPTO. However, the USPTO will not send you reminders about filing deadlines, so it is incumbent on the trademark owner to keep track of filing deadlines.

It is also important that you prohibit others from using your trademark improperly and without your consent. You should actively pursue any third parties who infringe your trademarks. Sometimes you will find out about an infringement in an ordinary Google search or because one of your customers tells you that they found a competitor’s website when they were looking for yours. There are also trademark watchdog services that will send you notices about potentially infringing marks. If you have a valuable trademark that is frequently infringed, a watchdog service may be a worthwhile investment.

If you are lucky enough to have a brand name that becomes extremely well-known, it may be eligible for status as a “famous” mark. Famous marks come with their own set of privileges as well as challenges. While afforded certain special protections against infringement, famous marks are sometimes vulnerable to becoming generic (and losing their registered status) through unchecked misuse. Examples of once-famous trademarks that lost their trademark registrations are aspirin, cellophane, thermos, escalator, zipper, and yo-yo. All of these once-famous trademarks are now generic names used to describe the product. Most of these were lost as a result of under-policing the misuse of the name by third parties and probably by the owners (and their employees) themselves. But while under-policing can lead to loss of the registration, over-policing can be costly too in terms of legal fees, watchdog service fees, and public image. Finding the right balance is important to ensure long-lasting protection while keeping costs to a minimum.