I love being a business and technology lawyer. In my 13 years in practice (12 of them spent here in Philadelphia), my greatest source of professional satisfaction has been spending time with many terrific business clients, getting to know them and learning to appreciate their ideas, hopes and worries. I consider myself particularly lucky to have started my practice in the era of the Internet, which opened new vistas for business lawyers and confronted us with all the possibilities, as well as the legal challenges, of emerging technologies. I am also thrilled to live and work in Philadelphia, with its rich arts scene, growing technology sector and vibrant nightlife, and its new focus on walkable urbanism and sustainable quality of living.
Baer Business Law is a new type of law firm focused on providing affordable high-quality contracting, transactional and business counseling services to small and medium-sized businesses, non-profits and others concerned with managing legal costs. Baer Business Law is the brainchild of its founder, Andrew M. Baer, who, after spending 13 years working at large law firms and as in-house corporate counsel, understands that business clients want a lawyer who thinks like them, is oriented toward results, and can deliver large-firm expertise at low cost.
Andrew is a highly skilled transactional lawyer with more than a decade of…
Business Formation. Whether to form an entity, what type of entity (LLC, LLP, S corp., or C. corp.), and in which state to organize are critical decisions for a startup business, impacting its tax treatment, governance structure and ability to attract investors, as well as the liability of its principals. Getting solid legal advice and assistance from before birth will help you chart a course for future growth.
Read Andrew Baer’s blog for useful tips and updates about legal issues facing businesses, information on cutting-edge developments in e-commerce, technology and intellectual property law, ruminations on the Philadelphia legal market, rhapsodic musings on Center City restaurants and bars, and many other morsels.
V-J (Jailbreaking) Day
On Monday July 26, the Register of Copyrights handed digital rights advocates a huge victory by announcing new rules legalizing iPhone jailbreaking.
For those who are unfamiliar with the iPhone ecosystem, jailbreaking is iPhone user parlance for modifying the smartphone’s firmware so that it operates with applications (or “apps”) which are not sold through the Apple iTunes App Store. Jailbreaking opens up the ecosystem by enabling iPhone owners to run any apps they wish. Apple, citing reputational and user experience concerns, such as avoiding security breaches and malfunctions, as well as the need to protect app sellers on the App Store from unauthorized distribution of their works, has opposed jailbreaking and lobbied vigorously to maintain a closed ecosystem.
Of course, Apple has a vested interest in keeping the App Store the exclusive source of iPhone apps, as it frequently takes a cut of sales. Furthermore, according to the Electronic Frontier Foundation (EFF), which led the battle to legalize jailbreaking, Apple is somewhat puritanical about what apps may be featured on the App Store. In 2009, for example, Apple initially barred a Nine Inch Nails-themed app from the band’s front man Trent Reznor, as well as “Me So Holy,” an irreverent app that pastes a snapshot of the user’s face over the faces of hallowed religious figures.
The copyright issues involved in the rulemaking, while complex, are worth considering, since they raise cutting-edge issue of digital fair use that will become ever more germane as smartphones (and iPads) become our can’t-live-without, all-purpose personal computing, communication and multimedia devices.
Thou Shalt Not Circumvent, Except….
The so-called “anti-circumvention” provision of the Digital Millennium Copyright Act (DMCA), 17 U.S.C. §1201(a)(1), prohibits the circumvention of technological measures (also known as digital rights management or DRM) that “effectively control[] access” to copyrighted works. In this case, jailbreaking often requires the bypassing of software locks controlling access to the copyrighted iPhone firmware, the bootloader and operating system. Therefore, until now jailbreakers ran the risk of being sued for unlawful circumvention.
However, under the DMCA, the Library of Congress and the Copyright Office may hold rulemakings to create three-year exemptions permitting the circumvention of technological measures controlling access to certain classes of copyrighted works if users are likely to be adversely affected in their ability to make non-inf[......]
Law & Order: Special Website Terms Enforcement Unit
Kudos to the digital rights crusaders at the Electronic Frontier Foundation for combating a disturbing new trend: criminal prosecutions of persons who violate the terms of use of public websites.
Yes, you heard that correctly. In the last few months, the federal government has brought indictments against several individuals under a 1986 anti-hacking statute, the Computer Fraud and Abuse Act (the “CFAA”), for engaging in otherwise legal online behavior that nevertheless violated website terms of use. The CFAA (18 U.S.C. §1030) imposes criminal and civil sanctions for access to a protected computer without authorization or exceeding the scope of authorization. The theory used by government prosecutors and private litigants is that the do’s and don’ts spelled out in website terms of use define the scope and limitations of permitted access. Any behavior contrary to such terms, then, renders the site access illegal. In the most common application of this theory, an action is brought against a data aggregator or other person for using bots (automated software programs) to access a public website whose terms of use prohibit access through “automated means.”
Cops Armed with Website Terms
Even apart from the argument that the CFAA was never intended to prevent non-invasive access to public websites, the EFF highlights another problem with this theory: it delegates to private website owners the ability to define what is and is not criminal behavior. As a Internet lawyer who has both written and reviewed many website terms of use and privacy policies over the years, I can appreciate the EFF’s concern that they are rife with arbitrary and one-sided clauses.
In United States v. Lowson, federal prosecutors brought an action in New Jersey against the operators of Wiseguys Tickets, Inc., which used bots to buy concert tickets on the Ticketmaster.com website for resale, contrary to the site terms of use which prohibited access by automated means. Although scalping is not illegal in New Jersey, the government justified its action by a supposed need to protect consumer access to tickets. The EFF has filed an amicus curiae (friend of the court) brief on behalf of the defendants in this case.
In United States v. Drew, the feds indicted a woman who created a false profile on MySpace and used it to communicate with a teenager, who later committed suicide. The EFF similarly filed an amicus brief for the defense, and the indictment was ultimately dismissed.
Facebook is using a similar theory in a civil suit against a [......]
The Bilski Ruling: Software and Internet Patents Still Up in the Air
It wasn’t supposed to happen like this. The U.S. Supreme Court’s long-awaiting ruling in Bilski v. Kappos was supposed to bring clarity to the question of what “processes” were eligible for patenting and whether general methods of conducting business more efficiently (so-called “business methods”) could qualify. These are vital issues for software and Internet companies, whether concerned with protecting their own products and processes (the novel parts of which may not tied to a particular machine or transform something physical and tangible) or living under the shadow of harassment from patent trolls.
You’ve probably sensed the hunger for an answer if you’ve read this blog at all over the past year. (And if you haven’t, we forgive you.) Everyone, including all nine Supreme Court justices, agreed that Bernard Bilski and Rand Warsaw’s patent application for a method of hedging weather-related risk in energy trading was properly denied by the Patent Office. That much was clear from the November 2009 oral arguments before the Court, in which the querulous justices peppered Bilski’s counsel with business method patent hypotheticals (speed dating, an 80%-effective method of keeping students awake during an antitrust class, a method of maximizing wealth by buying low and selling high, and horse whispering). The hypotheticals were only slightly more absurd than the reality with which businesses have been living since the Federal Circuit suggested in its 1998 ruling in State Street Bank v. Signature Financial Group that methods of conducting business could be patentable if they produced a “useful, concrete and tangible result.”
The Bilski/Warsaw “invention” did not pass the smell test. The question was why? Inquiring technologists and IP lawyers wanted to know.
Abstract Ideas
In the end, the Court splintered. All the justices agreed that Bilski’s patent application taught an abstract idea or principle, and as such, according to well-established precedent, was not eligible for patenting as a “process” under 35 U.S.C. §101. Abstract ideas or principles, laws or phenomena of nature (even if just discovered) and mental processes are not patent-eligible subject matter because they are seen as the basic tools of scientific and technological work, and courts are careful not to permit any single person or entity to preempt their use. (However, as the Court’s opinion noted, the application of such concepts to a known structure or process can be [......]
No Patent for Bilski, Business Methods Survive
The Supreme Court issued its long-awaited decision in Bilski v. Kappos today. I will provide a detailed analysis of the ruling and its implications for the future of patent law in a subsequent post. Here is a brief summary of the high points:
* Bilski’s patent application for a method of hedging risk in commodities trading was properly rejected because the invention was nothing more than abstract principles and formulae, which are not subject matter eligible for patenting according to prior Supreme Court decisions.
* The Federal Circuit was incorrect in holding that the machine-or-transformation test is the exclusive standard for defining the patent eligibility of a “process.”
* There is no reason to exclude categorically business methods from the scope of patent eligible subject matter. A business method can be a patentable “process” if it meets the other statutory requirements for patenting (novelty, usefulness, etc.).
FTC Data Breach Action Against Twitter Settled
The Federal Trade Commission (FTC) announced on June 24 that Twitter is settling an action brought by the agency after hackers exploited lax information security protections at the site to gain administrative control and access private accounts and other personal information. The compromised information included e-mail addresses and tweets meant for individual recipients and followers only. Intruders were also able to send phony tweets from the accounts of then-President-elect Barack Obama and Fox News, among others.
The details of the 2009 data breaches and the security holes that enabled them are summarized in the FTC’s press release, which you can find here. The data breaches stemmed from two incidents. In the first one, an intruder used an automated password-guessing tool to enter an administrative password (a weak lower-case password consisting of a common dictionary term) on the site’s main login page. Using the password, the intruder reset several passwords and posted some of them on a website where they could be used by others. In the second incident, an intruder hacked a Twitter employee’s personal e-mail account and was able to derive an administrative password from similar passwords that were stored in plain-text. Twitter’s privacy policy at the relevant times used common boilerplate to describe its data security procedures:
“Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.”
It is important to note that Twitter never guaranteed the security of its site. Indeed, tech lawyers like myself routinely warn clients again calling their sites “secure” and making similar unqualified assurances. A cynic might remark that “weasel language” like Twitter’s is designed to stimulate a cozy feeling in users without committing the site to any concrete obligations or precautions.
The FTC’s explanation of the charges against Twitter crystallizes its thinking and underlines the agency’s increasingly aggressive approach to regulating privacy and data security on the Internet and especially on social media sites:
“When a company promises consumers that their personal information is secure, it must live up to that promise,” said David Vladeck, Director of the FTC’s Bureau of Consumer Protection. “Likewise, a company that allows consumers to designate their information as private must use reasonable secur[......]
National Online Privacy and Data Security Bill Coming?
From a business standpoint, the state of privacy and security law in America today is a real mess, because there is no one-stop shopping. Businesses collecting information online have to worry about a kaleidoscope of legislative and regulatory requirements on both the state and federal levels.
You’ve met the dramatis personae on this blog over the past year or so: the Federal Trade Commission, which issued a staff report in February 2009 containing “self-regulatory” guidelines for online behavioral advertising and now is panting to go further; the State of California, one of several that requires the posting of a website privacy policy and use of data security safeguards, including vendor oversight; the State of Nevada, which requires the encryption of personal information; and the Commonwealth of Massachusetts, source of the most comprehensive information security regulation in the nation (201 CMR 17.00, which went into effect on March 1, 2010).
The patchwork is so befuddling that a reporter once barked at me in frustration: “You mean a business has to hire someone like you to keep track of all of this?” No offense meant, of course. None taken, I replied, but the answer was yes. In an indirect way, the FTC funds my Philly Beer Week expenditures.
Now the federal bear is beginning to growl. After reading the draft legislation unveiled by U.S. Representatives (D-VA) and Cliff Stearns (R-FL) on May 4 — which has attracted strong comments by the Direct Marketing Association, along with criticism from the Technology Liberation Front and others — I’m trying to decide whether things just got better or worse for my clients. Actually, scratch that. This bill needs to be rewritten, since it takes a top-down, process-heavy Gramm-Leach-Bliley type of approach and tries to plaster it onto the vast domain of cyberspace. (The Gramm-Leach-Bliley Act is the seminal 1999 financial privacy bill that requires financial institutions to provide initial and annual privacy notices to their customers and a way for them to opt out of having their personal information shared with unaffiliated marketers. No doubt you read every line of the GLBA privacy notice your bank sends you every year. Anyway, there is a real strong musty whiff of GLBA in the Boucher-Stearns draft.)
Cowpunk pioneer Dan Baird exercises his right to opt out of data-sharing. (Actually, this is from his 1991 album Love Songs for the Hearing Impaired).
Preemption
On the plus side, the draft legislation would set a single national online privacy and d[......]
LinkedIn to LawSuit
In this depressed economy, social media is one of the primary tools used for job-related networking. At the risk of blaspheming, I greatly prefer LinkedIn to Facebook because of the professionalism and relatively serious mindset of the user base (you don’t see much of “Hey, I’m lying on the couch!” from the VP’s and SVP’s on LinkedIn). However, a suit filed this March in federal district court in Minnesota demonstrates the risks of casual chatter through LinkedIn when there is an employee non-compete agreement in the picture.
The facts of the case are very simple. Brelyn Hammernick was a Minneapolis technical recruiter for the IT services firm TEKsystems who left to take a job with their competitor Horizontal Integrations. Ms. Hammernick used LinkedIn’s e-mail tool to communicate with her network, which included several current TEKsystems employees. Ms. Hammernick had signed a non-compete agreement with TEKsystems containing standard non-solicitation language that prohibited her from communicating with company employees to induce them to leave TEKsystems or work for a competitor. Yet, as several attorney bloggers have already commented, certain of Ms. Hammernick’s e-mails were clearly solicitations. The relevant paragraph from TEKsystems’ complaint alleges:
“Hammernick is soliciting TEKsystems’ Contract Employees and clients in the geographic area encompassed by the non-competition and non-solicitation provisions of the Hammernick Agreement. For example, Hammernick has communicated with at least 20 of TEKsystems’ Contract Employees using such electronic networking systems as “Linkedin.” Hammernick has, at a minimum, “connected” with the following TEKsystems’ employees through “Linkedin: Harold Osmundson, Steve Wicks, Kazim Merchant, Shawn Faber, Srujana Pasunuri, Shailaja Garishakurti, Kevin Jordahl, Mitha KC, Carl Boudreau, Tom Peterson, Seann Van Cleve, Bob Hasselman, Marcia Diterich, Bill Severson, Claude Wallander, and Brett Snaza. In her contacts with Tom Peterson, Hammernick asked Peterson if he was “still looking for opportunities.” She then stated that she ‘would love to have [you] come visit my new office and hear about some of the stuff we are working on.’”
You can also find a full reprint of the key e-mails, along with some trenchant commentary, on Dallas attorney Rob Radcliff’s blog here. (I don’t normally cite other law firms’ blogs, but I consider Mr. Radcliff’s post both informative and dead-on.)
What are the take-aways here?
1. [......]
Startup Tip: Get Your Developer to Sign a Contract
Startups like to move fast and don’t have the time and resources for a lot of legal boilerplate and negotiation, much less legal fees. I get that.
Still, if a major part of your business is a website or software application (including iPhone and Facebook apps), it’s well worth the time and (minimal) expense to put in place at least a simple contract with your developers. This contract should get signed BEFORE the developer begins any substantial work on the project
What you get with a solid developer contract
I’ve represented clients rooked by unscrupulous developers, and that is why this topic is heavy on my mind at the moment. And, by the way, this post is not meant to pick on developers. (I represent several very good ones, and it’s in their interest too to make sure there is an adequate contract in place, namely to button down their right to get paid, fix the timing of payments and protect against scope creep.) Still, there are big risks for startups on the client side, which is why a little patience and forethought can avert an expensive derailment of ambitious plans.
Why do you need a properly written contract with your developer?
1. Confidentiality. Ideas have legs — muscular marathon runner’s legs — and you don’t want your developer to walk the idea for your new website or app across the street. It’s difficult to protect still-inchoate ideas and requirements (as opposed to completed designs, specifications or prototypes) under intellectual property law, since bare ideas in the process of formulation are not copyrightable or patentable. Moreover, the allowance rate for business method patents is extremely low (presently under 10%), and the cost of prosecuting patents is typically tens of thousands of dollars, so you should not count on being able to patent your website, program or app even at a more advanced stage of development. What this means is that, besides avoiding disclosures except where strictly necessary, contract protection (i.e., a non-disclosure or “NDA” clause) is your best bet to protect your idea as it is being developed.
2. Intellectual Property Ownership. Even if a bare idea is probably unprotectable, at some point the development of your idea is going to lead to the creation of protectable intellectual property. In the context of web or software development, this could be some or all of the following: (1) code, web design, graphics, images, text and other creative content (all of which can be copyrighted), (2) logos, slogans, catchy domain name[......]
SCOTUS Still Silent on Bilski
No word yet from the U.S. Supreme Court on Bilski v. Kappos, the eagerly awaited decision which is likely to limit the scope (if not drive the final nail into the coffin) of allowable business method patents. You can find a description of the issues and stakes involved in my blog post on the Federal Circuit’s (lower court’s) machine-or-transformation test for business method/process patent applications.
Based on my reading of the November 2009 oral argument transcript and my conversations with patent experts, we predict that (1) the Patent Office’s rejection of Bilski’s application for a method of hedging risk in commodities trading will be upheld, (2) the Federal Circuit’s machine-or-transformation test will be invalidated as unduly limiting given the statutory language and history, BUT (3) we may see a new definition of patentable subject matter based upon some ethereal concept of “technology.”
The Supreme Court will next release decisions on Tuesday, June 1. Given the importance of this ruling to our software and Internet clients, we will post a link to the opinion and a brief summary on this blog as soon as it is issued, to be followed by a full analysis not long afterward.
Angels Get a Reprieve
Innovation in America has been granted at least a four-year reprieve, thanks to the far-sighted efforts of a bipartisan group on the Senate Banking Committee.
In my March 26 post “Guarding the Angels?”, I blogged about some troubling provisions in Senator Chris Dodd’s (D-Conn.) financial reform bill that would have subjected private offerings to angel investors to burdensome SEC review and state regulatory compliance obligations. Among other things, these provisions would have drastically raised the $200,000/year income and $1 million net worth thresholds for angels to qualify as “accredited investors,” which assures private offerings to such persons critical exemptions from federal and state securities laws.
No doubt this sounds like legal gobbledygook, but from the standpoint of a tech attorney whose practice is focused on aiding creative startups, the prospect was sobering. Since startup businesses, particularly in risky technology fields, generally do not have access to traditional bank financing, the addition of potentially tens or even hundreds of thousands of dollars in legal and compliance costs as well as 120 days or more of delay to the angel funding process could have devastated innovative startups and job creation at a time of 9.9% national unemployment. This was a classic case of our political aristocracy in Washington not having had the “Mommy, where do jobs come from?” conversation.
Fortunately, Senate Amendment 4056, approved by the Banking Committee on May 17, while not a perfect fix, largely vitiates the problematic anti-angel Sections 412 and 926 of the Dodd bill. For this we have to thank Senator Dodd himself, as well as Senators Scott Brown (R-MA), Maria Cantwell (D-WA), Mark Warner (D-VA), Kit Bond (R-MO) and Mark Begich (D-AK), although the real heroes were the startups themselves (including my colleagues in Philly Startup Leaders), who organized nationally to petition our elected representatives to remember our critical role in the economy at a time of worldwide economic crisis.
S.A. 4056 gets rid of the SEC review requirement and threat of exposure to state securities compliance requirements and keeps the accredited investor income and net worth thresholds fixed at their current levels for a period of four years, after which they will be subject to SEC review and possible adjustment. This eliminates the immediate danger to startup funding.
In their press release, the Senate sponsors of the amendment hit exactly the right note: whatever went wrong with Wall Street in 2008, [......]
