7th Anniversary amidst the COVID pandemic

by | May 1, 2020 | Firm Matters

This is our Firm’s 7th anniversary. Like so many people who are celebrating birthdays, wedding anniversaries and other significant events during the COVID pandemic, we are all working remotely, apart, and unable to do any activity in close proximity to each other. Luckily for us, we and our families, and all of our clients (and their families) to our best knowledge, are healthy. Not everyone is so lucky. The pandemic has a lot of people down, and for sure, it is really hard on front line health care workers, first responders, and regular workers who are just doing their jobs in tough circumstances – like working at grocery stores – not to mention all of their families who risk a lot more contact with the virus. Indeed, our staff have family members serving in these vital roles. So this year our firm just wants to say thanks to all of the people out there who are working so hard to minimize the impact of the virus here in Maryland, and risking their own health and health of their families. We appreciate your work, and hope when this subsides that you can take some time off, and physically and mentally recover.

Do You Really Want to Register that CORONAVIRUS Tagline? Things to Consider When Seeking a New Trademark Registration.

by | Apr 21, 2020 | In the News, Intellectual Property, Trademarks

Have you been sitting in your house, properly adhering to stay-at-home standards, and thinking to yourself, “I can’t wait to get some sweet coronavirus merch?” That is at least what recent trademark filers have assumed you were thinking, anyway. Since the beginning of 2020, fifty-three (53) trademark applications have been filed with the United States Patent and Trademark Office (PTO) containing the word “CORONAVIRUS”, and with one hundred seventy-six (176) more being filed containing “COVID.”

The majority of the trademark applications being filed are for printed materials like t-shirts or bumper stickers. “I SURVIVED THE CORONOAVIRUS,” “I SURVIVED COVID-19,” “CATS AGAINST COVID-19,” and “CORONAVIRUS FREE” are just a few examples. A quick search on the website Redbubble, a place where artists upload their designs to be printed on various items and sold, shows a litany of products already on the market.

 
While it is understandable that budding entrepreneurs may be looking to the current pandemic as a way to make a profit during this difficult economic time and achieve something positive, not every use of “CORONAVIRUS” or “COVID-19” is entitled to federal trademark protection.  So, it seems like a good time to take a brief moment to highlight several of the issues you should consider as you seek federal trademark protection, coronavirus-related or otherwise.  

First:  what is a trademark?  It is not just a clever saying – although that could be the beginning concept– but more is needed to establish trademark rights A trademark is a word, phrase, design or combination of both that is used in connection with goods or services and identifies and distinguishes the source of the good or services of one party from those of others. Consumers, for example, want to know when they’re drinking a genuine COCA-COLA product, not someone else’s inferior product with an infringing name slapped on it.  Thus, consumers associate you as the source of a product or a service when your trademark appears on that product or service.  By applying your trademark to your products or services, for example on a clothing line or a video game product, or in connection with consulting services or health-related services, you are building rights in your trademark. 

Also, at the time you file your trademark application, you must either (1) be using the mark in a trademark sense in interstate commerce (that is, actually selling your goods or rendering services to customers between more than one state or U.S. territory, or in commerce between the U.S. and another country); or (2)  have a bona fide good faith intent to do so.  You cannot obtain a registered trademark by merely requesting a “place holder” so no one else can use the mark on a particular good or service when you do not have a bona fide good faith intent to use the mark.  To show a bona fide good faith intent, you should have documentation to back up your intent, such as marketing plans and internal business meeting memoranda. 

Further, prior to filing, it would be in your best interest to make sure the mark is available for registration. If a third party has started using an identical or confusingly similar trademark before you in connection with the same or related goods or services, they would be the senior user of the mark and would have priority rights over you.  The United States is a use-based nation, meaning that trademark rights are created through the use of the trademark, and not necessarily through registration.  For this reason, a trademark search for the availability of a trademark – although not mandatory – is extremely beneficial in determining if your trademark is eligible for registration.  

This brings us to an important point regarding use of the trademark.  When a trademark is applied to your goods or services, the mark should be used in a “trademark sense” as opposed to an ornamental sense.  For example, a t-shirt design with the trademark placed largely front and center would not be considered a trademark use; rather, it would be seen merely as an ornamental use.  To function as a trademark, the mark would need to be displayed in a certain way for example, a properly used trademark would be displayed on clothing on its tag or label. The mark could also be displayed on the clothing item itself, usually in a smaller size above the breast, behind the neck, or son the arm of the shirt).  For services, the trademark would be used in connection with the services – for instance, on one’s website or brochures describing the services provided under the trademark. A trademark will not register on the Patent and Trademark Office’s Principal Register (where distinctive marks are registered) if it considered merely decorative or “ornamental.” 

Also, when considering whether to seek trademark registration, you may wish to consider how long you intend to use the mark, as the registration process can take 9-12 months if all goes smoothly at the U.S. Patent and Trademark Office and there are no issues with the mark.  During that period, you can use the TM symbol on your trademark, but you cannot use the  registration symbol until the U.S. Patent and Trademark Office actually issues a registration certificate.  Further, there are continued costs associated with maintaining the trademark after registration.  As an example, while we may all be thinking about COVID-19 now, hopefully down the road when we are all allowed to see each other’s bright and shining faces in public again, the initial phase of “covidwear” may fade out (as we hope the virus phases out), and you may no longer have a viable business interest in selling your goods or services under that mark. If you have any questions, please contact Kimberly Grimsley kim@olivergrimsley.com or Jennifer Mumm jen@olivergrimlsey.com at Oliver & Grimsley.

CARES Act and Trademark Deadlines

by | Apr 7, 2020 | In the News, Intellectual Property, Trademarks

On March 27, 2020, the President signed the Coronavirus Aid, Relief and Economic Security Act (CARES Act) – This Act is to provide the various areas in which the government is providing emergency assistance and health care to individuals, families and businesses impacted by COVID-19.  Under the CARES Act, the United States Patent and Trademark Office (the “PTO”) has provided for the extension of certain trademark filing deadlines between March 27th and April 30th, as the PTO has determined that practitioners, applicants, registrants and others associated with PTO filings and fees are being impacted and may be unable to make timely filings due to the outbreak.

In particular, the PTO and the Trademark Trial and Appeal Board (TTAB) has provided that they are giving a 30-day extension for the following deadlines currently due between March 27, 2020 and April 30, 2020:

  1. Response to an Office Action, including Notices of Appeal from the final Office Action under 15 U.S.C. § 1062(b) and 37 C.F.R. §§ 2.62(a) and 2.141(a);
  2. Statement of Use or Request for Extension of time to file a Statement of Use under 15 U.S.C. § 1051(d) and 37 C.F.R. §§ 2.88(a) and 2.89(a);
  3. Notice of Opposition or Request for Extension of Time to file a Notice of Opposition 15 U.S.C. § 1063(a) and 37 C.F.R. §§ 2.101(c) and § 2.102(a);
  4. Priority filing basis under 15 U.S.C. § 1126(d)(1) and 37 C.F.R. § 2.34(a)(4)(i);
  5. Priority filing basis under 15 U.S.C. § 1141g and 37 C.F.R. § 7.27(c);
  6. Transformation of an extension of protection to the United States into a U.S. application under 15 U.S.C. § 1141j(c) and 37 C.F.R. § 7.31(a);
  7. An Affidavit of Use or Excusable Nonuse under 15 U.S.C. § 1058(a) and 37 C.F.R. § 2.160(a);
  8. A Renewal application under 15 U.S.C. § 1059(a) and 37 C.F.R. § 2.182; or
  9. Affidavit of Use or excusable nonuse under 15 U.S.C. § 1141k(a) and 37 C.F.R. § 7.36(b).

There are other extensions available as well.  For instance, TTAB  has provided that if COVID-19 has caused a delay in a filing not mentioned above, a request (in an ex parte appeal) before the Board or a motion (for trial cases) for a reopening of a case may also be made.

Also, if a trademark application was abandoned or a trademark registration was canceled/expired under any of the deadlines listed above (due to an inability to respond to a trademark-related Office communication by its original deadline) because of the COVID-19 outbreak, the PTO will waive the revival and reinstatement fees.

Thus, filing one of the above documents will be considered timely provided that the filing is made within 30 days of the original due date and provided that the filing includes a statement that the delayed filing or payment was due to the COVID-19 outbreak.  With regard to the type of circumstances that would be considered to effect a timely filing, the PTO has noted the following situations::

  • Office closures,
  • cash flow interruptions,
  • inaccessibility of files or other materials,
  • travel delays,
  • personal or family illness, or similar circumstances, such that the outbreak materially interfered with timely filing or payment.

The PTO and TTAB are providing information as to their extensions and information on frequently asked questions on its website at www.uspto.gov/coronavirus.  The PTO will continue to evaluate the situation and will report if additional measure or extensions are put in place.

If you have any questions, please contact Kimberly Grimsley kim@olivergrimsley.com or Jennifer Mumm jen@olivergrimlsey.com at Oliver & Grimsley.

CARES Act Loan Provisions Overview

by | Apr 2, 2020 | Business Law, Corporate

Congress passed and the President signed H.R. 748 on March 27, 2020 in light of the recent Coronavirus / COVID outbreak. It contains the single largest government spending program ever enacted or implemented. Many clients are debating whether to make use of a portion of the act – specifically Div A, Title I, KEEPING AMERICAN WORKERS PAID AND EMPLOYED ACT. That Section allows the Small Business Administration to guarantee and in some cases pay off certain loans that would otherwise not be available to small businesses. The entire CARES Act can be viewed here https://www.congress.gov/116/bills/hr748/BILLS-116hr748enr.xml This post is an overview of that loan program and the ability to have some or all of the loan forgiven.

Before providing the overview, any client considering using this loan program should consider how likely the loan will be approved to be forgiven – and how much might not be forgiven. Even if a loan is not forgiven, there are valid reasons to consider using this loan program because the loan terms are generally very favorable as compared to regular SBA loans. Some businesses however, for example, businesses that have few or no employees, such as real estate holding companies – will not really benefit from this. However, their tenants might benefit from this because a covered cost includes rent. If their tenants are able to re-employ their workers in a fairly short time frame, the loan amount for those expenses might largely be forgiven.

Overview

  1. Eligibility:  In general, any business, including non-profits, sole proprietorships, contractors etc are eligible – but they generally must have less than 500 employees and have been in business as of 2/15/2020.[1] 
  2. Amount:  The maximum loan is 2.5 X the total payroll costs of the eligible business for the 1 year period prior to the date the loan is made, not to exceed $10,000,000. Businesses that have been in business for less time can still obtain a loan.
  3. Period:  The loan must be made between February 15, 2020 and June 30, 2020.
  4. Interest rate:  Interest cannot exceed 4%.
  5. Precondition:  The eligible business must make certification that it has been impacted by COVID, however, the certification is very broad.
  6. Use of funds:  Funds from the loan may only be used for eligible expenses which are: payroll costs; group health care benefits; employee related insurance premiums employee salaries, commissions, or similar compensations, payments of interest on any mortgage obligation, rent, utilities; and interest on any other debt obligations that were incurred before the covered period started.  Note that these types of expenses can extend past the “covered period” for loan forgiveness.
  7. Fees: All application fees are waived. All requirements for personal guarantees are also waived.
  8. Repayment deferral:  Lenders MUST defer all payments (interest and principal) for at least 6 months, but not more than 1 year.
  9. Forgiveness: The eligible business may request that the loan be forgiven for covered costs incurred during the “covered period” which is the 8 week period commencing on the date of the loan origination.
    • Covered costs are rent on leases entered into before February 15, 2020, payroll costs[2] (during the covered period), payments of interest on any covered mortgage obligation, and payments on covered utility payments.
    • The maximum forgiveness cannot exceed the covered loan amount.[3]
    • The amount to be forgiven is reduced on a formula of the average number of “full-time equivalent employees”[4] per month employed by the eligible recipient during the covered period, as compared to the same number in either the period of January 1, 2020 and ending on February 29, 2020 or the period February 15, 2019 and ending on June 30, 2019 (at the election of the borrower), but . . .
    • If the eligible business had reduced hours of full time equivalent employees in the period 2/15/2020 and ending on 4/27/2020, such reductions shall not be used in the above calculation as long as such reductions are reinstated not later than June 30, 2020.

More detailed provisions supporting the above summary

H.R. 748, Div A, Title I, KEEPING AMERICAN WORKERS PAID AND EMPLOYED ACT

Sec. 1102(a)(1)(A)(iii) – the term ‘covered period’ means the period beginning on February 15, 2020 and ending on June 30, 2020;

(viii) – “payroll costs” – generally, all costs, including retirement, PTO, tips, health insurance, but: capped at 100K over a year, does not include costs for employees whose principal residence is located outside of US, does not include employee tax withholdings, does not include payments under section 7001 of the Families First Coronavirus Response Act (Public Law 116–127).

Sec. 1102(a)(1)(D) – must have less than 500 employees (complex formulas and requirements as to how to count them, and for multi-location businesses)

Sec. 1102(a)(1)(E) – maximum loan is generally 2.5 X the average total monthly payments by the applicant for payroll costs incurred during the 1-year period before the date on which the loan is made, capped at $10,000,000. Formula is different if business was started after 2/15/19.

Sec. 1102(a)(1)(F) ALLOWABLE USES OF COVERED LOANS.—

“(i) IN GENERAL.—During the covered period, an eligible recipient may, in addition to the allowable uses of a loan made under this subsection, use the proceeds of the covered loan for—

“(I) payroll costs;

“(II) costs related to the continuation of group health care benefits during periods of paid sick, medical, or family leave, and insurance premiums;

“(III) employee salaries, commissions, or similar compensations;

“(IV) payments of interest on any mortgage obligation (which shall not include any prepayment of or payment of principal on a mortgage obligation);

“(V) rent (including rent under a lease agreement);

“(VI) utilities; and

“(VII) interest on any other debt obligations that were incurred before the covered period.

Sec. 1102(a)(1)(F)(ii)(II) A lender must consider the age of the business, especially if it either was not in operation as of 2/15/2020, or had no employees or contractors.

Sec. 1102(a)(1)(G) BORROWER REQUIREMENTS.— in general the borrower has to certify that

“(I) that the uncertainty of current economic conditions makes necessary the loan request to support the ongoing operations of the eligible recipient;

“(II) acknowledging that funds will be used to retain workers and maintain payroll or make mortgage payments, lease payments, and utility payments;

“(III) that the eligible recipient does not have an application pending for a loan under this subsection for the same purpose and duplicative of amounts applied for or received under a covered loan; and

“(IV) during the period beginning on February 15, 2020 and ending on December 31, 2020, that the eligible recipient has not received amounts under this subsection for the same purpose and duplicative of amounts applied for or received under a covered loan.

All application fees are waived, and there is no personal guaranty requirement.

Loans cannot exceed 4% interest

All payments on loans must be deferred at least 6 months, and not more than 1 year.

Loan Forgiveness, Sec. 1106.

“covered period” means the 8-week period beginning on the date of the origination of a covered loan;

“covered rent obligation” means rent obligated under a leasing agreement in force before February 15, 2020;

“expected forgiveness amount” means the amount of principal that a lender reasonably expects a borrower to expend during the covered period on the sum of any—

(A) payroll costs;

(B) payments of interest on any covered mortgage obligation (which shall not include any prepayment of or payment of principal on a covered mortgage obligation);

(C) payments on any covered rent obligation; and

(D) covered utility payments;…

Limits on forgiveness:  “The amount of loan forgiveness under this section shall not exceed the principal amount of the financing made available under the applicable covered loan.”  §  1106(d)

Amount is reduced by a formula:

(the average number of full-time equivalent employees per month employed by the eligible recipient during the covered period)

DIVIDED BY

EITHER:

(the average number of full-time equivalent employees per month employed by the eligible recipient during the period beginning on February 15, 2019 and ending on June 30, 2019)

OR

(the average number of full-time equivalent employees per month employed by the eligible recipient during the period beginning on January 1, 2020 and ending on February 29, 2020)

In addition, “The amount of loan forgiveness under this section shall be reduced by the amount of any reduction in total salary or wages [of any employee making less than 100K] … during the covered period that is in excess of 25 percent of the total salary or wages of the employee during the most recent full quarter during which the employee was employed before the covered period.”

Finally, “the amount of loan forgiveness under this section shall be determined without regard to a reduction in the number of full-time equivalent employees of an eligible recipient or a reduction in the salary of 1 or more employees of the eligible recipient, as applicable, during the period beginning on February 15, 2020 and ending on [April 27, 2020]” if

EITHER OR BOTH OF THE FOLLOWING ARE TRUE:

“(I) during the period beginning on February 15, 2020 and ending on [April 27, 2020], there is a reduction, as compared to February 15, 2020, in the number of full-time equivalent employees of an eligible recipient; and (II) not later than June 30, 2020, the eligible employer has eliminated the reduction in the number of full-time equivalent employees;

(I) during the period beginning on February 15, 2020 and ending on [April 27, 2020], there is a reduction, as compared to February 15, 2020, in the salary or wages of 1 or more employees of the eligible recipient; and (II) not later than June 30, 2020, the eligible employer has eliminated the reduction in the salary or wages of such employees

[1] A business formed or started after this date might be eligible, it is a factor in the loan underwriting.  Multi-location businesses with more than 500 employees might also be eligible.

[2] Note that there are no exclusions for payroll paid to owners, so long as the owner is not making more than 100K.

[3] It is not clear if they intended this to mean “plus interest”

[4] Note therefore that part time employees are covered but are calculated on a “full time equivalent” basis.

Film documentarian not liable for failing to list a contributor as a Producer

by | Jan 2, 2020 | Contracts, Entertainment law

When creating new media works, such as films, television shows, and other entertainment productions, in addition to the “who is the owner of the work” question – which includes issues of joint authorship – a separate question that often arises is – what is the obligation to identify someone who contributed to the work with a specific title, such as producer, associate producer, executive producer, and so on?

In FOCAL POINT FILMS, LLC, v. ARJOT SANDHU, 2019 WL 7020209 (N.D. California. 12/20/2019) this issue was resolved in favor of a film documentarian in a dispute with a person who made some contributions to a film, and who claimed the right to be listed as a “producer” of the film.

Brief facts

The plaintiff, Focal Point, had the idea for and had been working on a documentary film about Betty Reid Soskin, “a 94-year old African American woman who entered the public spotlight when she became the oldest National Park Ranger serving in the United States.” The owner of Focal Point met the defendant Ms. Sandhu at a film workshop, and she asked to work on the documentary film project. She did work “as an extra camera operator during a handful of shoots, always under Gibel’s supervision and with the understanding that Sandhu would be compensated on partially deferred basis.” Focal Point offered Ms. Sandhu “associate producer” credit on the film, however after exchanging numerous drafts of agreements, over several years, the parties could not agree in writing. Allegedly Ms. Sandhu “snuck unauthorized co-director and co-editor credits for herself into a “pitch deck” for the film” – even after her services were terminated, and her assertion of title or co-ownership over the film was preventing Focal Point from obtaining financing to finish the film. Focal Point sued for a declaratory judgment that it was the sole owner of the Film.

The issue for the court was whether Ms. Sandhu owned any part of the film, and whether she was required to be listed as a Producer.

There is no universally accepted definition of “Producer” – it is an industry term of art that refers to “the person responsible for finding and launching a project; arranging financing financing; hiring writers, a director, and key members of the creative team; and overseeing all elements of pre-production, production and post-production, right up to release.” See https://www.masterclass.com/articles/what-does-a-hollywood-producer-do-responsibilities-of-a-film-producer-and-how-to-become-a-producer#what-is-a-producer. Or, in words of the Producers Guild of America “A Producer initiates, coordinates, supervises and controls, either on his/her own authority, or subject to the authority of an employer, all aspects of the motion-picture and/or television production process, including creative, financial, technological and administrative. A Producer is involved throughout all phases of production from inception to completion, including coordination, supervision and control of all other talents and crafts, subject to the provisions of their collective bargaining agreements and personal service contracts.” https://www.producersguild.org/page/faq

The legal issue

Looking at the issue of Producer credit, the court noted that under Dastar Corp. v. Twentieth Century Fox Film Corp., 539 U.S. 23 (2003) a person who claims ownership in a copyrighted work does not have a claim for false designation of origin (or any other unfair deceptive trade practice claim, in most cases) because “the phrase “origin of goods” “refers to the producer of the tangible goods that are offered for sale, and not to the author of any idea, concept or communication embodied in those goods.”” Id. at 37. The court also cited Sybersound Records, Inc. v. UAV Corp., 517 F.3d 1137, 1143 (9th Cir. 2008) in which the court rejected plaintiff’s claim that a karaoke company misrepresented it had proper synchronization licenses from the plaintiff – noting that “Construing the Lanham Act to cover misrepresentations about copyright licensing status as Sybersound urges would allow competitors engaged in the distribution of copyrightable materials to litigate the underlying copyright infringement”

The court, relying on the above cases, but also many others including Friedman v. Zimmer, No. 15 Civ. 502, 2015 WL 6164787 (C.D. Cal. July 10, 2015) (which held that a musician who claimed his work was included in a movie that represented only the music of Hans Zimmer was included, did not have a claim for failure to attribute him and his music in the credits) – found that Dastar and Sybersound barred Ms. Sandhu’s claims, including her claims that her reputation was being injured by failure to credit her role in the Film. The court also rejected similar state law claims.

Why a written agreement is important

If not obvious from the above case, it is important for film makers – really, any creators that will collaborate with others, to have an agreement *before* that collaboration commences. In this case the parties made significant efforts to put their agreement in writing, but the fact that they could not agree should have been a red flag to the documentarian that troubled waters were ahead. In these cases it is almost always best to terminate the relationship and find another collaborator who will sign a fair written agreement. At least this case helps to resolve one issue that comes up in those cases where a written agreement is not present – the collaborator will probably not have Lanham Act type claims for “credit” that would survive Dastar and its progeny, even under state law. That leaves just the issue of co-ownership – which in this case was not at issue on the motion.

30 years of practicing law – a retrospective

by | Dec 19, 2019 | Firm Matters

I received my license to practice law 30 years ago to the day. I thought I would do a retrospective mainly on how the profession has changed in 30 years as it mostly relates to technology, but also a bit about my own career. This is a long article – to jump to my thoughts on the present day legal profession, click here.

The beginning – 1987-89.

The legal profession was just starting to go a bit crazy in the late 80’s when I was in law school. I always attributed a part of this to the very popular TV show LA Law, which first appeared in 1986 (I had already started law school at this point). Some examples of what I mean – my “summer associate” class at Whiteford Taylor & Preston (1988) was the largest they had ever had (14), and the starting class of lawyers that year was also the largest they had ever had (I recall 18 lawyers started in 1988). When I received my offer for a start in 1989, my salary was X, but when I actually started, because there was so much competition for young lawyers and salaries had increased at other large firms and for the new starting class of lawyers, my actual starting salary was bumped $5,000 – a significant bump back then. Indeed, this was the era of large NY and DC firms constantly one upping each other with what seemed then like crazy starting salaries (significantly more than mine).

At least for Whiteford, to my knowledge, this was the largest summer associate class and starting class to this day. Of course, within a year quite a few of the lawyers that started were gone, and only a handful of us from my summer associate class got offers or accepted them.

Side note – I have recently been shredding some of my really old papers – that I still had from back then for clients that followed me – my rate in the mid 90’s was $90 / hr, and that was a good rate – some partners that did insurance defense were billing at about the same range! (I worked in “Commercial Litigation” – where they could bill higher rates).

Technology – late 80’s and early 90’s.

Technology – one the driving forces in every industry and profession, and surely for lawyers, was still in its Jurassic period in the early 90’s as compared to today. We had a Wang “dumb” terminal but any real drafting was done either by our secretary, or the word processing department – which was a cubicle dense area where staff typed out documents, agreements and pleadings that were hand carried to them. All deliveries of anything significant were by hand or courier – and while you could fax, it was somewhat unreliable, and could take forever if the document was long. Anything that came by fax, FedEx or courier was to be opened and reviewed immediately – it had to be important because these were expensive methods of communication. We still wrote and sent letters – some lawyers felt they were art forms and spent and undue time composing and editing them.

Law Schools – most of them anyway, did not have specialized course tracks for intellectual property – but of course offered the main courses – patents, copyrights and trademarks. There was no commercial internet for most of my time at the big firm, which ended in 1995. However it was obvious the internet would drastically change legal practice. Our firm started a technology committee – which I sort of chaired when it started, with a designated partner. I had advocated for early email adoption, however, it was not until clients started essentially saying they were requiring us to have it, that we finally adopted it, and at the start only a select few lawyers were permitted to use it. A positive aspect for email in the early days – no concept of “spam” really existed. If you had an email account and received an email, it was almost assuredly work related (AOL email was internal to AOL and was only starting to expand to consumer use outside of AOL).

In this period, and really for many years to come, there was no way to work at home or remotely – so it was a 5 (or 6 or 7) day a week slog into the office. The side-benefit was that no one could send you an email at 7pm, and call you 1 minute later and expect you to have read the email and be ready to discuss it 😀.

Civility in the late 80’s and early 90’s?

As a law school graduate you are not really prepared to practice law – you need to learn how to practice from more experienced lawyers. I think lawyers who had 30 years of experience when I started would probably have said the profession was less civil in the early 90’s than when they were younger. I do know that how lawyers treated each other in some high profile litigation utterly shocked me as a young lawyer – the things they said in letters, and said and did in depositions – outside of the purview of the judges – it was eye opening. The lawyers I learned from at Whiteford did not engage in these practices – they were much more civil – but it was obvious that the legal profession was changing because clients more and more were demanding lawyers be “junkyard dogs” – and lawyers were giving them what they wanted. (this was an essential premise of the TV show LA Law after all . . . )

As competition for clients increased more and more lawyers were doing things the client wanted – it definitely eroded civility in litigation. Judges made some efforts to stop it, but Judges are a very limited resource – particularly in my case – almost everything I did was in federal court. You could threaten to “take it to the judge” but the reality is judges were too busy to micromanage petty lawyer infighting, and lawyers knew it.

Example: One particular instance I recall vividly. I was unable to get a lawyer to produce documents in a case in bankruptcy court – after incredible cordial efforts I was forced to file a motion to compel (I hated filing them . . . ). The judge scheduled a meeting in his chambers. We came in and he left us in his office and asked us to work it out. The other lawyer turned to me and said – he knew the judge would never enter the order and he would never produce the documents. Of course, I could never say what he said to the judge… This was one of a string of instances where it became apparent to me that litigation was more of a game than anything else.

Mid 90’s – technology firmly takes hold.

A short but meaningful recession occurred in 1990 to 1991. It had an impact on commercial real estate – some well established large Baltimore firms that were built primarily on real estate failed (e.g. Frank Bernstein). There was a lot of vacant office space and consumer spending was down. However, the internet was just about to be opened to full commercial use . . . and that triggered massive innovation and a major technology boom until the crash of 2001.

Transition to a new practice.

I left the large firm in 1995 and started at a 2 lawyer firm as the third lawyer. I had only been practicing 6 or so years. At this time I was almost exclusively doing patent or other intellectual property cases in federal court or occasionally in state court. But litigation was wearing more and more on me – I was never going to be a junkyard dog. I was more of the boy scout (though never actually one in real life) – always prepared. A partner I worked for at Whiteford referred to me as “triple check” – I always knew the facts and law cold. As we grew busier, we hired a new associate, and she came in one day and in not so many words said she wanted to take over the cases I was working on. I had already been transitioning to a corporate and transactional practice – this was my opportunity to leave litigation for good!

The rise of “internet law”.

At about the same time “internet law” was coming of age, so I decided to learn the technology side – I was already a programmer, so it was time to get back into learning the technical aspects of the internet. I taught myself all of the programming languages I could, and technologies – remember, these were the days of Netscape, cgi-bin, PERL – really rudimentary technology – javascript after all had not been created (it started in 1995). I taught seminars, read cases, published articles etc. and slowly built a practice. All the while, following technology as best as I could.

A great debate was started by Judge Easterbrook in his talk and article, Cyberspace and the Law of the Horse (http://www.law.upenn.edu/fac/pwagner/law619/f2001/week15/easterbrook.pdf ) to which a professor at Harvard (Lawrence Lessig) responded ( https://cyber.law.harvard.edu/works/lessig/finalhls.pdf). The debate pitted “old school” thinking – that all of the legal building blocks were there to learn internet law in their context – against the idea that there were such unique issues presented by this new technology that we needed new legal constructs – and to learn them as separate courses. In the end, the latter concept won out, at least at law school – as new courses on “Cyberspace law” began to be taught (including by yours truly).

But technology was accelerating way too fast – indeed, Congress could not even keep up, and had to address trademarks and domain names, defamation, free speech and many other issues – all as viewed through the lens of these new technologies. The USPTO could not even make up its mind, at first deeming any TLD as source identifying (e.g. while you could not get a trademark for GARDENING for a site that publishes information about gardening, but you could get a trademark for GARDENING.COM as long as it was also used as a mark) – but later reversing that position, and requiring a disclaimer of the TLD portion of the mark. As a side note, this issue still plagues the courts, for example the hotels.com and booking.com cases that have been litigated even as recently as this year – some 25 years after the debate started!

Toward the present…

This article is already too long and likely no one will make it to this point (I forgot how long a 30 year career is ) – but if you did make it to this point, here is a fast forward – technology law so to speak kept increasing in importance slowly from the mid 1990’s, survived a horrific market crash in 2001, and regrouped until 2007 – a watershed year in which three important things happened – the first iPhone launched, Facebook opened itself up to more than just college kids (this happened in late 2006) – ushering in the “social media era”, and the real estate market utterly crashed – wiping out a number of staid investment companies, hammering stock prices, and nearly killing the US auto industry.

The iPhone – a phone that could browse the internet and do many other so called smart things – was the “killer product” for sure – but it also needed some help from third parties to make the device more useful than just playing games and reading email – and that something was Facebook, which developed a site and later an app that worked for the iPhone.

The events of 2007 had and continue to have a lasting effect on the legal profession. Gone were the days that a client needed to call you, or mail a document, and physical deliveries of documents were clearly declining, and it was obvious this trend would only continue to accelerate.

Sidebar. Though not discussed above, patenting computer technology took off in the same time frame starting in 1998 with the State Street case which allowed a patent on a method of managing mutual funds – but that case’s impact was reduced in scope in the mid 2000’s and then essentially was rejected in the 2014 Alice Corp. decision. In that time frame a lot of innovation in technology generated by interest in (and profits derived from) the internet created a very fast moving legal landscape.

Present day (future of the profession?).

These days I still work on contracts, do mergers and acquisitions (buying and selling companies), review and revise licenses – with more focus on privacy and data security. I have probably worked on 500 million to 750 million in transaction value over the last 20 years – the vast majority in technology based businesses.

I wonder what a brand new lawyer practicing technology law today would think of how I practice compared to how they will? Is this generation going to be more civil to each other, or less (if politics is a weather vane, the prospect of more civility is very, very unlikely)? I also wonder if lawyers wanting to go into this area realize – this is a highly dynamic practice – I have to read updates on a daily basis – I track cases, technology, and now worldwide events – I have to learn US law and significant European and other laws in data security and privacy. I have spent over 2,000 hours in the last few years taking online courses on computer programming, data security, policy, privacy, hacking, defensive strategy – all to keep up. Because our federal government has done almost nothing on privacy, I have had to track multiple state laws and regulations and manage client expectations about legal compliance efforts. Even to this day there are not great systems that put all of this data in a form a human can manage easily (firehose), review, and find later.

Technology has made some things in the practice much better – we probably could not have started our firm but for the availability of VOIP, cloud email, cloud storage and so forth. At least, that technology made starting our firm much, much easier. But technology has significant drawbacks – clients now expect to handle conversations very fast and sometimes over the simple text message channel. Text messages are hard to store permanently, are more insecure, and compress what can be a complex issue into such a short message that issues are easily missed. Speed generally is a negative here – clients view their ability to go fast and be “agile” as as selling point – and so do some lawyers, but that can to the detriment of the client in the long run.

I have really enjoyed my practice over the last 30 years and think that as technology matures, some kind of equilibrium between speed, comprehensiveness and quality will settle out, for everyone’s benefit.

Mike Oliver and Oliver & Grimsley named Best lawyer and Best Law firm again in 2020

by | Dec 6, 2019 | Firm Matters, In the News, Office News

The US News and World Reports have published their best lawyer and best law firm lists for 2020, and Mike Oliver and Oliver & Grimsley are again listed:

  • Mike Oliver is again listed as a Best Lawyer in 2020
  • In addition, Mike Oliver was recognized as the “Lawyer of the Year” for Copyright Law in Baltimore (only one lawyer is so named in each area, each year). Mike has been recognized as Lawyer of Year in Baltimore 5 previous times, in the fields of Copyright Law (twice before), Information Technology Law and Trademark Law (twice before).
  • Oliver & Grimsley has been ranked:
    • Nationally (Tier 3) in Information Technology Law
    • In the Baltimore Metro area (Tier 1) for Copyright Law, Information Technology Law and Trademark Law

Oliver & Grimsley welcomes new associate, Jennifer Mumm to the team!

by | Nov 18, 2019 | Firm Matters

On November 12th, 2019, Oliver & Grimsley welcomed a new member to the trademark team – Associate Attorney Jennifer Mumm. Jennifer is coming to us after spending four years working at Stern & Eisenberg, PC. There, her focus was mainly on real estate law – supervising paralegals, corresponding with clients, and reviewing titles for properties.

As our firm grows, we hope to address our client’s needs proactively. Jennifer will be assisting with reviewing and filing trademark applications, providing legal insight to clients, and taking the necessary actions to ensure all client’s intellectual property rights.

We extend a very homely welcome to Jennifer and look forward to working with her.

Privacy law is a mess

by | Oct 15, 2019 | Data Privacy, Internet, Technology and Privacy Law, Privacy

The title says it all – what should smaller companies do to comply with privacy laws?

California has now finalized the California Consumer Privacy Act (CCPA), Cal. Civ. Code §§ 1798.100 to 1798.199 – well, at least for now (please note that this link does not have all of the law changes in it as of the posting of this article). It goes into effect 1/1/2020. Regulations under it will not be issued until December at the earliest and are likely to change over time. While it is a net gain for California consumers, it is a complex law with many incidental effects and traps for the unwary business. How does a small business deal with this mess? Before we address that, let’s discuss some background:

Why is CCPA important?

The CCPA is important because so many businesses do business with California consumers that California law is the “highest common denominator” – meaning, instead of trying to comply with disparate laws in 50 states, a business could target compliance with the most onerous law (typically California law in the pro-consumer sense), and then hope for the best that such compliance will also comply with other laws. This does not always work – for example, Illinois has a much harsher bio-metric security law than California, and New York has very detailed personal information protection laws and rules as well, particularly in the financial/banking sector. So, a slight modification of the above strategy is to target the “top 3” laws (i.e. California, Illinois and New York) and again hope for the best in other states. And finally, there is the modified “top 3” strategy of adding compliance with the General Data Protection Regulation of the EU (GDPR).

What many larger companies have done is simply targeted compliance with the GDPR worldwide, assuming it is the most onerous pro-privacy law. However, the CCPA has provisions that differ from, and add to, the GDPR, for example, the regulations on businesses that sell personal information, and that broker those sales, does not really directly exist under GDPR.

How does this affect small business?

Many small businesses may think they are not subject to these privacy laws because they do not “do business” in a particular state, or in the European Union. While those are interesting issues – either the ability of a state to constitutionally require a remote business to be liable under a privacy law when interacting solely electronically with a resident of that state – or whether the GDPR regulators can fine and enforce such fines against a small US business that has no offices, employees or other contacts in the EU, the problem is that many small businesses will contract with larger businesses that are subject to those laws and regulators and those contracts will require the small business to comply with those laws indirectly. This is particularly true in heavily regulated industries such as banking and health care, where regulators apparently force their member banks to impose liability on third party vendors.

In addition, when a small business goes to sell or merge – typically with a larger entity that may apply these rules and regulations in analyzing the level of data risk it has post transaction. If the small business has not thought about basic data privacy and data security, this can negatively impact the value of the business.

So, what should a small business do (and, what are the key provisions of CCPA)?
  1. First, do not ignore remote state laws like CCPA or the GDPR. Someone in the organization should be assigned the responsibility, and be given reasonable time, to make a true assessment of the data privacy and security risks of the company. Ideally that person would have a “C” designation (CIO, CTO, CPO etc) and be incentivized to diligently complete such tasks. The business should neither marginalize nor minimize such role.
  2. Second, do a data inventory – what data is the business collecting? Why? Does it really need it? Where is it collecting this data from? (the web, forms, manual entry, data harvesting/scraping, third party lists etc) What agreements are there with those data sources (this includes terms of service)? Is this information personal information? What type of personal information ? (i.e. is it sensitive personal information). Basically, this is a review of all inbound data flow . . .
  3. Third, determine where the collected data is being disclosed or shared? This can be the critical step – because if the information being collected is personal information, and particularly if it is sensitive information, this can have significant impacts if there is a data breach. Do adequate agreements cover that data exchange? Is the data encrypted? Should it be? Has any audit or review of the recipient been done to determine the adequacy of their data protection systems? Basically, this step involves tracing all outbound data flows, and determining the business need for the disclosure and the risk level such disclosure presents.
  4. Fourth, assess the computer systems used to capture, store, and transmit data, to determine weaknesses in security where a data breach can occur. Computer security is hard, period. It is way harder today when its not just your own computer security, but the security of every link in the data disclosure chain.
  5. Fifth, consider what tools to use to address risk. Do you throw technology at the issue, like better intrusion protection, detection systems, universal threat management devices, etc.? Do you hire experts, which may be costly? Both? Do you have proper agreements in place? Indemnity? Does the downstream recipient have insurance? Are you sure about that? Do you have insurance? Do contracts you have require insurance? Be especially careful with insurance – a good insurance broker will be up on all the various changes in insurance policies that claim to cover “cyber liability” (a generic term that is meaningless without specific context). You simply cannot determine what insurance you need if you have not performed steps 1-4 above.
  6. Sixth, engage in continuous review and management. Hackers are not static, they evolve – your systems must be maintained and modified to address new threats and issues, be updated and patched, and monitored for threats. See item 1 – it is why a dedicated C level person and/or team need to be in place to really address these issues.

The key provisions of CCPA as they relate to small businesses are below:

  1. It only applies to certain “businesses” – namely – a business that has annual gross revenues in excess of $25,000,000); or that alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices; or derives 50 percent or more of its annual revenues from selling consumers’ personal information.
  2. A consumer has a right to an accounting – essentially, a consumer can request that a business disclose to the consumer the categories and specific pieces of personal information the business has collected.
  3. A consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer, subject to several exceptions.
  4. A consumer has the right to an accounting of personal information that has been transferred by the business to third parties, subject to several exceptions. These rights are enhanced if the business “sells” that personal information.
  5. A consumer has the right to terminate the sale of its personal information. It is important to note that the law does not force a business to offer a service to a consumer who makes such an opt out – in other words, a business can condition its service on the right to sell the information. However: (a) a business cannot sell personal information of consumers under 16 (if they know they are under 16) without express opt in, and for consumers under 13, the parent or guardian must opt in; and (b) a business cannot discriminate against a consumer who exercises any of their rights under the law.
  6. A business must provide two methods of contacting the business to exercise these rights – one of which is a toll free number, unless the business transacts business solely online and has a direct relationship to the consumer, in which case such online business need only provide an email address to send such requests. There are affirmative disclosure requirements for websites of businesses that are subject to the law. Businesses that sell personal information have additional affirmative disclosure requirements for their websites.
  7. A consumer whose personal information has been breached now has an affirmative damage remedy. Previously there was uncertainty in the law as to whether actual damage or harm would have to be shown to recover, or just the risk of future harm. In general the cases have held that actual harm is required, but vary in what they view as “actual harm.”
  8. Significant daily penalties can be assessed for non compliance after a 30 day notice period.

The above is only a general overview. However, some of those rights, for example, the right to onward transfer accounting, the right to delete information, and the right to opt out, present not only legal compliance issues, but significant technical hurdles. For many small businesses, their systems were not designed this way, and/or, they have so many disparate systems where data is duplicated, that it might hard or near impossible to comply. If a small business runs through the above checklist and gets a handle on the who, what, where, when and why questions, it will be easier to then assess the “how hard to comply” question.

For more information or assistance in data security and privacy law compliance, please contact Mike Oliver

Misconfigured Server costs firm £80,000

by | Jul 22, 2019 | Data Privacy, Privacy Law

Question: How do cost your company £80,000 with one relatively small computer error?

(Short) Answer: You misconfigure an FTP (file transfer protocol) server . . . and forget and leave it running.

This was the lesson Life at Parliament View Limited recently learned when the Information Commissioner’s Office (https://ico.org.uk) fined it £80,000 for violating the 7th principle of the Data Protection Act 1998 (“DPA”). See https://ico.org.uk/media/action-weve-taken/mpns/2615396/mpn-life-at-parliament-view-limited-20190717.pdf. ICO could have fined it £500,000 (the maximum under that act) – but chose to only implement 16% of the maximum fine.

What happened? Life at Parliament needed to mass transfer personal data – though not particularly sensitive data (note1) – to a data processor, and chose to use an FTP server. They intended to use a feature of this server to require a username and password, but the technicians misunderstood the server documentation from Microsoft, and ended up putting the server in Anonymous Authentication mode. In addition, “The FTP server was further misconfigured in that whilst approved data transfers were encrypted, personal data transmitted to non-approved parties was not. As such, transfers of personal data over FTP to non- approved parties had the potential to be compromised or intercepted in transit.” (Though not explained in the opinion, this was likely a fallback setting that allowed the server to transmit over a non encrypted channel if the receiving party did not have a secure channel available). The server was left in this condition for just shy of 2 years. Computer logs showed over 500,000 anonymous data requests. Eventually a hacker (well, really a person with ordinary computer skill who located the open FTP server) who had obtained the data, began extorting Life at Parliament.

While the failure of basic computer security is plain in this case, it is noteworthy that ICO also found the following violations:

  1. Post configuration of the server, LVPL failed to monitor access logs, conduct penetration testing or implement any system to alert LPVL of downloads from the FTP server, which would have facilitated early detection and containment of the breach;
  2. Failure to provide staff with adequate and timely training, policies or guidance either in relation to setting up the FTP server, or information handling and security generally.

ICO has been very active in the general data protection space and issuing fines, and this decision – while an easy one in light of the poor computer security practices – is telling because ICO found secondary violations in post implementation failures to detect and train.

The same tendency is happening in the US – the FTC and State Attorney Generals are increasing their oversight of data protection, and several states (e.g. California’s CCPA) are enacting new data protection and data oversight requirements. While the FTC has had some wins (see a recent order against a car dealer, no fine but consent order, where unencrypted data was exposed for 10 days – https://www.ftc.gov/news-events/press-releases/2019/06/auto-dealer-software-provider-settles-ftc-data-security), and at least one major set back in its efforts against LabMD (http://media.ca11.uscourts.gov/opinions/pub/files/201616270.pdf), it is likely that the government regulators will start going after companies that have engaged in less egregious data security violations, but nevertheless have lax training or monitoring set up, and probably also pursue smaller businesses who may not have the resources to have a robust security system and training.

For more information on our data security and privacy practice contact Mike Oliver.

_______________________

(note 1): The data consisted of “The types of personal data potentially compromised included names, phone numbers, e-mail addresses, postal addresses (current and previous), dates of birth, income/salary, employer details (position, company, salary, payroll number start date, employer address & contact details), accountant’s details (name, email address & phone number). It also contained images of passports, bank statements, tax details, utility bills and driving licences of both tenants and landlords.”