Seriously, is this a real question? Isn’t this like asking who owns rights to your friends? Or … who owns rights to Grateful Dead fans? And doesn’t the very question present its own obvious answer? I mean, isn’t it a bizarre question? How can you “own” your fans?
Bizarre, perhaps, but data companies own all sorts of lists of people, so isn’t this just the same thing? To be clear, data companies never really argue that competitors cannot make their own competing lists and sublists of Democratic voters or whatever. The companies would just argue that others cannot copy their lists of such people.
Or is it more like last year’s Craigslist fight with Padmapper over Craigslist’s claimed exclusive rights to use Craigslist’s apartment listings: Can anyone “own” apartment listings? See my previous discussion of this case, here. Continue reading
With the proliferation of mobile devices in the past few years, application developers may now target their services and offerings to an ever-widening, always-connected audience. These apps involve the interplay of code and data in new and innovative ways. Whether an app developer begins the project informally in a garage, or as part of a team of developers, a host of intellectual property (IP) concerns exists from the inception of the idea, to the day the app is available for distribution in an app store. One simple, and often overlooked aspect of development is this: who owns the code?
Copyright and Computer Code
17 USC Section 117 of the Copyright Act states computer code, or software, is considered copyrightable material, providing it protection from unauthorized reproduction or distribution. This protection serves to reward innovators for their works, allowing them to benefit from their creations for a limited time. For an app developer, this means that the code created from the inception phase to completion is subject to copyright protection. Unless explicitly stated, it is not always clear just who retains ownership rights to the code.
Earlier this year, our colleague Bryce Cullinane wrote here on this blog about cookies or the tiny files created by websites you visit that store your information and allow sites to recognize your browser. Although cookies may have a profound impact on your desktop browsing activity, they’re steadily becoming obsolete due to both the growing ubiquity of mobile internet usage (cookies don’t work on mobile devices) and users’ conscious blocking of cookies. So far, marketers have developed just a few new technologies (that we know of) to continue to track consumers and deliver targeted ads.
The New York Times recently reported that the work of several new startups is dedicated to figuring out how to track people without cookies and also determine that multiple devices belong to the same person. California based Drawbridge is one company that is attempting to tackle this task, although COO Eric Rosenblum tells Claire Cain Miller and Somini Sengupta of the New York Times that “tracking is a dirty word” and explains that what they’re instead doing is “observing your behaviors and connecting your profile to mobile devices” (emphasis added).
By combining alerts sent by partners companies when you visit specific websites or use certain apps with statistical modeling, Drawbridge and its competitor companies like Greystripe can conclude that several devices belong to the same person. Once a consumer has been identified in this way, advertisers can ensure that this user receives specifically-targeted ads across all devices based on his or her activities. Or in other words, cross-device advertising.
Think about this. What’s the first thing you do when you wake up in the morning? Maybe you check e-mail on your phone. (Maybe you do something else before even that, ok we’ll grant you that.) From there, you may use your tablet for a few minutes to catch up on some news or check the weather. Then you might browse from your desktop at work. Fast-forward (perhaps many hours) and you’re in bed with your tablet (sadly), checking out your social media steams. Cross-device advertising makes it possible for flights to Europe to display on your tablet at night when you had been looking up similar flights earlier in the day while using another device. The same goes for purses you’ve browsed, restaurants for which you’ve read reviews and so on.
Although privacy advocates may be sighing in relief as cookies become increasingly irrelevant, their rest may be short-lived and not so easy in light of the coming attractions of future (and creepier) developments in online advertising.
With open source software (OSS), there seem to be 2 major misconceptions, one by end users and the other by developers. As to users, it may be helpful to understand that restrictions and compliance burdens do not apply to the end user’s own use, but only upon subsequent transfers of the software. As to developers, a major misconception involves what kind of newly-created work – say, a library or module component – is “derived from” the OSS and therefore bound by its same open source license.
First, with users, there is first the question of what use is restricted. And in a big sense the answer is “none”. So, for example, “Open source does not place a compliance burden on the end user, does not mandate acceptance of an end-user license agreement, does not subject [the end user] to para-police action from [any software industry trade group].” Simon Phipps wrote that in 2010, adding that “If you move beyond use of the software and study the source code, there is also no compliance burden. There is no risk associated with using the knowledge you gain for other purposes.”
Of course, the phrase “using the knowledge” is significant, because using the software (i.e. the code) is a different story. An end user’s use of ideas and know-how and processes is not subject to OSS license restrictions, at least not under a typical OSS license. But such use may be subject to restrictions under patent law. Continue reading
A Virtual Private Network (VPN) is a technology that allows anyone to create a secure connection over a public or private network, such as the internet, enabling users to tunnel through the web and access specific servers. VPNs have a few different uses. One way to use a VPN is to set up a network to protect your online privacy. Another way you may already use a VPN is to access an intranet, or a network used by individuals belonging to large organizations such as schools and corporations, remotely. Arguably, however, the coolest way to use a VPN is to get around various restrictions.
Many of those restrictions are government-imposed, famously in recent years in countries restricting many civil and personal rights including tightly restricting access to media and other information. Here, in countries such as China, Iran, and Turkey, VPNs grant people access to a wider world web. A similar-ish use of VPN technology allows others to access geo-blocked content, such as streaming services for music and video which, depending on your location, might be inaccessible. Continue reading
I recently advised a client on a software contract involving the question of whether the contract would be deemed to involve “software” at all. The context was a technology vendor bidding on a contract to provide technology to a federal government agency. The question of whether “software” was actually being provided under the contract was important because ownership of any software created pursuant to the contract would be subject to fairly broad ownership rights to the benefit of the government. See for example, 48 CFR 27.4 (“Rights in Data and Copyrights”) and 48 CFR 27.404-1 (“Unlimited rights data”). However, in this case the vendor was not technically “delivering” any software at all, but instead was delivering access to a website.
In fact, no code was being delivered, not even executables. No downloadable software or object code or source code was being delivered at all. The vendor was to host the service entirely, making it available to the government via an internet website, in the most literal definition of “Software as a Service” (SaaS). Continue reading
What is the significance of thinking of software as a “good”, as opposed to a “service”? A recent case showed that various implied warranties under the Uniform Commercial Code (UCC) apply only to sales of “goods”, but frequently will apply to software licenses. The case also showed how software makers can be held liable for promises they make about performance of their software, despite disclaimers in a software license agreement.
A software vendor licensed its software to a customer, who agreed to the vendor’s end user license agreement (EULA) as a condition of the transaction. The case is Rottner v. AVG Technologies, 12-10920-RGS (D. Mass, May 3, 2013) [pdf]. The software vendor argued that the customer’s agreement to the vendor’s EULA rendered inapplicable the customer’s reliance on warranties provided anywhere other than in the EULA. If correct, that would have meant that the only applicable warranties were those expressly made in the EULA, and the inapplicability of any warranties provided under law including under the UCC. But also inapplicable would be any warranties based on claims made by the vendor in any advertisements or promotions about the software’s capabilities. Continue reading
Privacy by Design refers to a design of technology that emphasizes privacy as its default setting and is proactive in its approach to building and ensuring privacy throughout the life cycle of data storage.
About twenty years ago, Ann Cavoukian, now Information & Privacy Commissioner of Ontario, Canada, coined the term “Privacy by Design” to address privacy concerns if (ever) law and regulation failed to protect consumer needs. Today, although some technologies are created in adherence to the core principles of Privacy by Design (PbD), many new product developments do not begin implementing privacy on Day 1. If this seemingly practical approach to privacy is, in fact, good practice, then why isn’t everybody doing it?
- Businesses do not fully appreciate consumer needs.
- Alternatively, while businesses do appreciate that default privacy could benefit consumers, businesses calculate that there is no actual demand for it, thus no need to supply.
- Alternatively, we (who no speak legalese) don’t know what’s really going on.
So what exactly is Privacy by Design?
The option to go off the record in GChat is one example of Privacy by Design.
Put simply, PbD is built-in privacy. (A brief summary of the 7 Foundational Principles of Privacy by Design is included at the end of this post.) Dr. Cavoukian, who was recognized as the founder of Privacy by Design by the Best Practices Institute, identified default practices as a preventive solution to address the need for privacy, a need which she had anticipated. So, for example, the option to go “off the record” during a conversation in Google’s Gchat application illustrates PbD. Another example is 2-step security verification, used by companies such as Twitter and Evernote, which protects a user’s account against a third party discovering the user’s log-in information. PbD is not yet ubiquitous, but it is already incorporated into some of the products that many of us use every day. Nonetheless, at least according to the Future of Privacy Forum, a Washington, DC based think tank, businesses often struggle to implement Cavoukian’s principles into practice. Continue reading
In June, a ruling from a Federal court in New York, (Glatt v. Fox Searchlight Pictures Inc., S.D.N.Y., No. 11-06784, 6/11/13), made headlines when it determined that unpaid interns were entitled to back pay for their services in connection with the production of various films, including “Black Swan” and “500 Days of Summer.” This case ignited conversation across many industries that have come to rely on unpaid internships, but the decision did not herald a change in the law so much as reiterate the US Department of Labor’s standards for internships, which the court said were essentially identical to New York State’s.
If nothing else, the Glatt case should serve as a reminder to businesses to take care in structuring internship programs. Using the free labor of non-student adults for regular employee functions is a particularly dangerous practice, as Fox Searchlight found out. Continue reading
New York City recently joined Portland, OR, Seattle, WA, Washington, DC, San Francisco and the State of Connecticut in passing laws requiring employers to provide paid sick leave to employees. New York City’s legislation, initiated by Councilwoman Gale Brewer, was introduced in 2010 and, unless the economy takes a downturn, will take effect April 1, 2014. Enactment could be postponed if on December 16, 2013, New York’s Independent Budget Office determines that a specific economic success index is not at or above its January, 2012 level. The text of the new law can be found here. Continue reading