Ps and Qs of IP, Privacy Policies and Open Source

Software

WordCamp Tampa

October 4, 2014

Intellectual Property

• Copyright– Expression of ideas

• Trademarks– Source indicator- logos, phrases

• Patents– Inventions, business methods

Copyright• Simple to invoke

– Fixation in a tangible medium• Long period of protection

– Life of author + 70 years-single author• Serious penalties

– Criminal, fines of up to $250,000 per offense

Copyright• Registration is your best bet

– Gives you advantages– Don’t mail it to yourself!!!

• Registering software– First and last 25 pages of source code– Elements you want to protect, can include

audiovisual elements

Copyright• Owner gets a bundle of rights

– Reproduce work– Display it publicly– Make derivative works– Distribute copies– Perform the work- literary, dramatic works– Perform via digital transmission- sound

recording

DMCA-Digital Millennium Copyright Act• Covers sites where content is posted by

others• Need copyright agent to receive takedown

notices, put back notices • Viacom v. YouTube

– Upholds safe harbor protection for websites, puts responsibility to enforce rights on copyright owner instead

Copyright

• Know who owns the work, get permission (license)

• Get permission in writing• Don’t just rely on fair use• Pay attention to terms of use, licenses

Creative Commons

• Variety of Licenses– Attribution– Attribution-Share Alike– Attribution-NoDerivs– Attribution-Non Commercial– Attribution-Non Commercial- Share Alike– Attribution-Non Commercial-No Derivs

Trademark• Source indicator for goods or services• Matter of federal, state law • Can include

– Names, slogans– Logos– Colors– Scents– Sounds

Trademarks• Strongest protection- Federal registration• Done by class of goods or services• Can reserve mark prior to actual use

through application• Test for infringement

– Likelihood of confusion– Unauthorized use of mark

Trademark

• Standard: Use in commerce– Strongest protection: federal registration

• Factors for strength of mark:– Generic– Descriptive– Suggestive– Arbitrary or Fanciful

Trademark• New gTLDs

– Concern for trademark owners– Over 1900 domains applied for with ICANN

• .app, .blog, .book, .sucks, .rip• Applications being evaluated• Some going to contract soon

– Trademark Clearinghouse• Will give TM owners opportunity to object to

registrations for infringing domains

Privacy Policies

• Why do we have privacy policies?

Privacy Policies

• And people want to know what you’re doing with their data

Privacy Policies and ToS• …but let’s face it, most people just click

‘accept’ and here’s why…

Why We Just Click ‘Accept’

Trying to make the update pop up go awaySo much tiny font…Just take me to my download al-ready!Boring!

Species of Privacy Laws• Species of Privacy Laws

– FERPA– HIPAA– COPPA– CALOPPA– Potpourri of State Privacy Laws– EU Data Privacy Laws– Cloud– Mobile Payments

Terms of Service or Use/EULAs

• Rules of the road• Govern what you can do

– Hey, that’s my light saber!• Apps w/ terms that conflict with the app

they work with– i.e. SnapHack and Snapchat

COPPA• Children’s Online Privacy Protection Act

(COPPA) (1998)– Prohibits operators of commercial websites

and online services;– From collecting or disclosing personal

information– Of minors under age 13;– Without verifiable parental consent

COPPA– Notice required

• Operators must tell parents what information is collected and how it is used, even if they consent

– Not just for Kids’ Sites• Applies to any site that collects birth date

information from children• Many sites forbid registration if D.O.B. indicates

user is under 13, to avoid COPPA problems• COPPA prohibits conditioning a child’s participation in a

game, or the offering of a prize, on child disclosing “more personal information than is necessary” to participate

CALOPPA• California Online Privacy Protection Act• Requires all commercial operators of

websites or online services conspicuously post privacy policies to inform consumers about– Categories of PII being collected and– With which 3rd parties the PII will be shared

CALOPPA• New requirements- eff. Jan 1, 2015

– “Delete button”: Require retailer to allow minor who is registered user to delete or request deletion of any content posted by the minor

– Operators must provide minors with notice of ability delete online content and instructions

– Operators prohibited from marketing or advertising certain categories of products or services to minors

CALOPPA• Joint Statement of Principles

– With major app platforms– Voluntarily agreed to

• Provide consumers with opportunity to review app’s privacy policy before downloading

• Work to educate app developers about their privacy obligations, and

• Develop tools for consumers to report non-compliant apps

DMCA

• Make sure you have a copyright agent• Register with the Copyright Office• Have a takedown/put back policy• Follow it!

Best Practices• Keep it current• Revisit often• Keep it prominent• Should be living documents• Revise often, adapt to meet new needs• Monitor FTC rulings, developments• Be really careful about apps & kids• Protect the data you collect• Collect only as much data as you need

Open Source Software

• Software where source code is available• Greater freedom to use, modify• Great variety in license terms, types• Can save you time, money• But what does that license say?

Open Source- Who is Licensing?

• Author • Contributor• Distributor

Licensing Spectrum

Less Restrictive/Wide

Open

More Restrictive/‘Militantl

y Ope

n’

BSD/MIT CDDL/MPL GPL2/GPL3

Terms to Consider 1. Heredity

2. Copyleft

3. Linking

4. Open source improvements

5. Patent Grant

6. Merging

7. Distribution

8. Change tracking

9. Attribution

10. Hardware Locks

License Terms- Permissive• Beer License

– Can do what you want with source code• BSD

– Have to use copyright notice• MIT

– More like a license grant• Apache

– Patent grant, attribution requirement

Hybrid Licenses• Usually revocable if you violate terms• Eclipse

– Have to make source code available• MPL, CDDL

– Very popular– MPL requires new license for new

contributions • Artistic License 2.0• APL

Restrictive/Copyleft Licenses• Keep software open source forever• GPL, LGPL• GPL2• GPL3• LGPL

– Exceptions for linking to use libraries

GPL 2 or Later• GPL 2

– Strong copyleft– No linking– Can charge for object code, but must provide

source code– Have to give attribution– No hardware locks

GPL 3• Major changes

– Cannot use with digital rights management media

– Adds hardware lock protection– Grant anyone using or modifying code license

to use patents that protect algorithms in code– Can’t link to code w/ DMCA protections

Why Do the Licenses Matter?

• Can affect– Products– Company– Finances

• And everyone’s favorite….lawsuits!

Recent Litigation

• Patent cases• Copyright cases

– BusyBox software– Table Turner– Palm Pre

Best Practices• Know where every line of code came from• Know what the license says• Include required documentation• Know what will trigger the license• Cover open source issues in contracts

with suppliers– Indemnities

• Train your team

More Tips• Evaluate risk

– Value versus risks• Be very, very responsive to claims• Audit and track your IP• Create policies and follow them• Document compliance efforts

How Not to Provide Author Info

• Don’t just include link to generic license• Have to provide the info to fill in the blanks

to help people comply

Questions?

• Follow me on Twitter @punklawyer

• @ChrissieScelsi