Career Agents Network, Inc. (“CAN”) brought suit against a former customer, Lawrence White, who had developed a web site called careeragentsnetwork.biz solely to warn prospective customers against doing business with CAN.  The lawsuit included claims under the Anti-cybersquatting Consumer Protection Act, alleging that White registered the web site in bad faith in an effort to profit from his use of CAN’s trademark. The complaint also included a more traditional trademark infringement claim under the Lanham Act.  White prevailed, with the court finding that his site was simply meant as a forum to express dissatisfaction with CAN and not to reap profit by stealing potential customers from CAN.  As a result, White not only succeeded in obtaining a dismissal of CAN’s claims but also received an award of attorney’s fees – the court determined CAN had brought the suit in an oppressive manner and that its claims were unfounded.

The case should be viewed as a warning to businesses to think carefully before retaliating against gripe sites and online critics with legal action. Litigation is always an expensive proposition, but the costs in this kind of scenario are augmented by the reputational damage that can result even from sending a threatening letter to a targeted business. Such letters have a habit of being posted on the sites in question and of further exacerbating the existing publicity problem.

A better solution, when possible, is usually to engage critics in an effort to resolve a negative experience through customer service efforts. Barring that, an effective search engine optimization strategy can help to bury search results pointing to gripe sites and to keep the majority of potential customers from encountering the negative content. A knowledgeable attorney can assist with those efforts and can provide an effective battle plan when informal efforts are found to be ineffective.

Now imagine you are the vendor of software products that could potentially store statutorily protected data for your customers. You potentially have just inherited compliance evaluation projects for every one of your customers.

For many vendors, such compliance demands are too burdensome, and a quick review of their cloud computing agreements shows that their methods for handling these requirements often consist of avoiding the subject altogether or by expressly absolving themselves of the responsibility. Many vendors attempt to avoid liability by including provision in their contracts disclaiming any liability for data breaches or compliance with data security regulations. Cloud customers that do not carefully evaluate cloud agreements can find themselves holding the bag for data breaches that may have been caused by their cloud vendors.

Some statutes, such as the recently revised HIPAA rules, have addressed such contractual liability avoidance by specifying that business associates of companies covered by the statutes are also liable for data breaches. As the cloud computing industry matures, vendors will learn that they have to comply with statutory security requirements. During this maturation, new and possibly standardized methods to share responsibility for security of customer information will emerge. For now, customers should seek the advice of experienced counsel before entering into any cloud computing agreement to mitigate or eliminate vendor avoidance and to ensure the vendor will adequately protect protected personal information.

In its regular 3-year review of exemptions to the DMCA’s anti-circumvention exceptions, the Library of Congress, which includes the U.S. Copyright Office, added to the list so-called “jail breaking” of wireless telephones, most notably Apple’s iPhone. iPhone users are now able to modify, unlock, and use previously unauthorized applications on their cell phones. Apple had argued that modifications to its iPhones constituted unauthorized modification of its software. However, the Library of Congress emphasized that iPhone owners paid for the product and should have the right to modify their phone for their personal use. The new DMCA exceptions also include:

  Circumvention of security measures in DVDs, when short portions of the content is to be used for “educational uses by college and university professors and by college and university film and media studies students
  Circumvention of security measures in video games accessible on personal computers for certain testing and security-related operations
  Circumvention of security measures in computer programs protected by out-of-date hardware-based security accessories (also known as “dongles”)
  Circumvention of security measures in ebooks for the purpose of making the content accessible for readers with disabilities, provided that no other edition of the work allows accessibility-related modifications

In MGE UPS Systems Inc. v. GE Consumer and Industrial Inc., the 5^th Circuit further clarified the overall scope of the DMCA’s anti-circumvention provisions in ruling that bypassing protections on copyrighted software in order to access or use the product does not necessarily trigger a DMCA claim. MGE had sued GE for copyright infringement, claiming GE hacked the software security key to access its copyrighted software. The Court held that simply viewing or using copyrighted software does not constitute unlawfully accessing copyrighted materials in violation of the DMCA, and that a copyright owner’s software security protections must protect against a right specifically granted Act. That holding also might be significant for some companies faced with allegations of unlicensed software use by organizations such as the Business Software Alliance (BSA) or the Software & Information Industry Associations (SIIA).

The DMCA is multi-faceted legislation, with some provisions that historically have been good for small to medium-sized businesses and some that have been less positive. These recent developments represent a net improvement to the effect of the law for most consumers of digital media.

Northrop has yet to answer or to respond to the lawsuit, so its position with regard to AccuSoft’s factual claims has yet to be determined. However, the facts presented in the complaint appear to reflect the kind of dispute that often arises when one or both parties to a software licensing relationship do not have an accurate grasp of controlling license agreements. Especially with many larger enterprises, the business units responsible for software license negotiation and acquisition may lack sufficiently open lines of communication with production departments, resulting in internal confusion regarding what agreements have been signed, what agreements remain in effect, and what those agreements mean for the company’s day-to-day operations.

Compounding the confusion is the fact that larger software license transactions often involve the execution of a master license or services agreement, to which other documents specifying discrete product or service orders are attached, as executed, as schedules or exhibits. Over time, the resulting “document soup” can become nearly impossible to manage unless the company’s has been diligent, in the interim, in tracking all material changes or amendments to the master agreement, all exhibits or schedules that have been executed since the beginning of the relationship, and the effects, if any, of those later instruments on earlier agreements.

Where businesses fail to take pro-active, enterprise-wide, contract-management steps at an early stage, disputes such as the Accusoft v. Northrop litigation become almost inevitable, especially in an age where many publishers, such as Microsoft, IBM and Oracle, to name a few, are proceeding with software audit initiatives, in some cases across their entire customer bases, in order to ensure compliant software use and licensing.

Businesses with a heavy reliance on software and technology licensing cannot afford not to work closely with counsel in reviewing the terms of all agreements that may affect their ability to use that software or technology in the way that their customers demand.

Elaborating on the differences among the various messaging options offered by social networking sites, Judge Morrow found that messages sent between users via Facebook and MySpace private messaging systems are no different than e-mail under the Stored Communications Act. Under the Act, a third-party company storing private electronic data is not required to turn over the private information unless presented with a federal criminal law warrant. However, the judge limited her decision to private messages sent on social media sites and left unanswered other questions, such as the issue of discoverability, through subpoena, of semi-private postings on user walls visible only to a select few.

Increasingly, courts will be asked to interpret outdated discovery rules against new technologies and heightened public concern over online privacy. Following the recent furor over Facebook privacy settings in the press, we expect to see a court take on the task of a comprehensive examination of social media privacy concerns with respect to electronic discovery, similar to Judge Shira Scheindlin’s Zubulake opinion on general e-discovery issues, before the Supreme Court and Congress undertake revisions to the Federal Rules.

The CDA often is applied to Internet service providers, but it has also been used by individuals who operate websites and web-based forums. The CDA even has been used to protect individuals who knowingly allow content to be posted to a website under their control.

Although the New Jersey case involved an antiquated forum (USENET can be properly characterized as Web 0.1), the rule generally applies to Web 2.0 as well, from Twitter to Facebook to, likely, whatever comes next. Courts continue to find that the CDA immunizes publishers from liability for defamatory comments posted to their websites.

In many cases, filing suit against anyone other than the author of arguably defamatory content is likely to produce no advantage for the complainant. A better approach to dealing with attacks on your online brand may be to utilize other methods, such as drowning the negative comments with positive publicity. An attorney knowledgeable regarding Internet marketing and brand protection efforts can assist you to formulate an appropriate strategy in response defamatory, third-party activities.

IBM previously employed a processor-based licensing formula for its server products, but in 2006 it moved to a licensing model using what it calls “processor value units” (PVUs). Under this model, each server processor is assigned a per-core PVU number that depends on the manufacturer and specifications for that processor. (IBM maintains a chart of per-core PVU numbers here.) That PVU number then is multiplied by the number of physical processor cores embodied in the processor to determine the processor value for the physical processor. For servers with multiple processors, that processor value then is multiplied by the number of processors to determine the server value. It is this final PVU number that reflects the licensing required for each computer, as follows:

Server Description: Dual processor, quad-core Dell PowerEdge SC1435
Server value = 50 PVUs/core x 4 cores/processor x 2 processors = 400 PVUs

IBM terms the formula described above “capacity licensing.” For machines employing virtualization technologies, under which a virtual server hosted on a physical machine may utilize less than all of the physical machines resources, IBM allows its customers to apply “sub-capacity” licensing rules to reduce the number of PVUs required for compliance. However, the sub-capacity rules entail a number of significant requirements, including agreement with the terms of a Sub-Capacity Licensing Attachment and use of IBM’s License Metric Tool, which generates software deployment reports that must be maintained for at least two years and provided to IBM in the event of an audit.

IBM software licensing involves a significant financial cost, and IBM’s products typically function in business-critical capacities in a company’s network. Companies that find themselves engaged in IBM audits are well advised to discuss their IBM licensing status with knowledgeable outside counsel before disclosing any information to IBM or making any changes to their IBM software deployments.

Ensure Counsel Oversees e-Discovery Production at All Stages

In addition to highlighting the importance of fully reviewing and documenting litigation hold policies (click here if you missed the previous post on that subject), Judge Scheindlin’s opinion also reminds businesses not to fall into the trap of relying on IT departments to independently design and implement e-discovery procedures. Judge Scheindlin made clear, by issuing sanctions against the offending parties in the Pension Committee case, that legal counsel must actively participate in the entire process of document preservation and production. The judge said that anything less than total legal oversight would be considered negligence, which in an e-discovery context can be extremely costly. Essentially, when a party fails to have attorney participation in electronic discovery procedures, the judge can shift the costs of electronic discovery from the innocent to the offending party. For large cases, these costs can easily range into the multiple million dollar range. For more significant oversight failures, the judge can issue an adverse jury instruction—a sanction that can easily derail an otherwise winnable case by permitting the jury to infer facts that are detrimental to the offending party.

To avoid costly sanctions, companies must ensure that their e-discovery processes include regular, documented attorney review of all e-discovery production policies. Judges are becoming more and more familiar with the e-discovery process, and a party must show the court that attorneys were involved in the development and implementation of all stages of e-discovery activities. It is no longer acceptable to give the IT department control over the manner and method used to produce electronic information.

Senior managers, in-house counsel and litigators take note: last month a new set of e-discovery guidelines emerged. Judge Shira Scheindlin, author of the definitive electronic discovery opinions in the Zubulake case six years ago, has issued another soon-to-be classic opinion in Pension Committee of the Univ. of Montreal Pension Plan, et al., v. Bank of America Securities, LLC, et al., 05 Civ. 9016 (SAS) (S.D.N.Y. Jan. 15, 2010) Amended Opinion and Order. Judge Scheindlin dubbed her decision in Pension Committee, “Zubulake Revisited: Six Years Later,” and in it, set out some examples of common mistakes companies make with respect to records management and e-discovery.

In Pension Committee, Judge Scheindlin enumerates specific conduct that she deems to be per se negligent, or worse. The harsh sanctions that accompany a finding of negligence with respect to electronic discovery is a warning to senior managers and in-house counsel that e-discovery can no longer be passed off to the IT department—the process must be closely managed by legal counsel at every step along the way.

Technically the opinion is only applicable to the federal courts in New York, but Judge Scheindlin’s status as a thought leader in the field of electronic discovery guarantees that the examples set out in this case will elicit serious discussions between senior management, legal departments, and IT groups throughout the country. Because Pension ­Committee is too lengthy for overview in a blog, I intend to highlight some of the key findings in a series of blogs that should get companies thinking about the way they handle electronic discovery and records management.

LESSON 1:

To avoid such a devastating sanction, companies should take the time now to review their litigation hold policy with experienced counsel. Taking Judge Scheindlin’s opinion as an example, in most cases litigation holds must be issued in advance of the filing of a suit. Because of the timeliness requirement, a litigation hold process must allow for swift and comprehensive implementation of the hold as disputes become apparent. Also, the mere issuance of a litigation hold is not enough to avoid devastating e-discovery sanctions. A timely issued hold that does not effectively protect potentially relevant data is meaningless. Companies must carefully outline not only litigation hold triggering events, but they should also review the technology used to implement the hold to ensure compliancethat potentially relevant data is being saved.

Next installment: Ensure there is sufficient legal oversight of your document review and production.

Managed services agreements that assign all intellectual property rights related to the service contract to the subscriber weaken the strength of the contract.  Rights to any software, processes, or marketing materials developed by the MSP under the agreement would belong to the subscriber.  The MSP will have forfeited a potentially substantial revenue stream from licensing agreements with licensors.

MSPs often want to retain the right to increase rates for new subscribers with whom the MSP is unfamiliar.  Flexible rates allow MSPs to ensure new subscribers understand the importance of keeping their account current.  A managed services agreement that does not allow the MSP to raise rates under certain conditions exposes the MSP to potential losses.

If you are selling an MSP, buying an MSP, or if you are an MSP enrolling new subscribers, you should consult counsel experienced in advising managed service providers.