Publications

If you’re familiar with Banksy, you know he’s the epitome of counterculturalism. For those of you who aren’t familiar with Banksy, he is an anonymous England-based street artist, vandal, political activist, and film director who has been active since the 1990s. His satirical street art and subversive epigrams combine graffiti and dark, sometimes morbid, humor. If you have a minute, take a look at his work. He certainly isn’t someone who you would expect to turn to the legal system to protect his intellectual property. In fact, he’s openly stated that “copyright is for losers.”

Nevertheless, it turns out that Banksy would, in fact, turn to the legal system to put a stop to the misappropriation of his work. Banksy recently made a public statement that a greeting card company is misappropriating his intellectual property and attempting to procure a trademark in his name so that they can sell fake Banksy merchandise without fear of legal prosecution. In fact, although the details are a bit unclear, it seems the greeting card company, Full Colour Black, brought the fight to Banksy, seeking to cancel various copyrights and trademarks Banksy holds in the European Union Intellectual Property Office. Banksy believes that Full Colour Black is relying upon Banksy not showing up in court to defend his property, but judging by Banksy’s reaction, that couldn’t be further from the truth.

Read More

The deadline for business to implement compliance with the California Consumer Privacy Act is just around the corner and chances are most businesses are not ready.

On June 28, 2018, Governor Brown signed into law the California Consumer Privacy Act of 2018.  The Act applies to any business which does business in California, and i) has annual gross revenues in excess of $25 million; ii) buys, receives, sells, or shares for commercial purposes, the personal information of 50,000 or more consumers, households, or devices; or iii) earns more than half of its annual revenue from selling consumers’ personal information.

The purpose of the Act is to provide California residents with significant new rights related to their personal information.  The Act provides:

1. That California residents have the right to know the type of personal information being collected about them, to know whether such information is being sold or disclosed to any third parties and the identification of such third parties;
2. That California residents have the right to prohibit the sale of their personal information;
3. That California residents have the right to access their personal information and may request a business delete any or all of their personal information; and
4. That California residents may not be discriminated against for exercising these rights.

The Act defines “personal information” broadly to include any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  Examples of personal information include identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license or state identification number and a passport number.  Personal information also includes an insurance policy number, employment history, a bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Characteristics of protected classifications under California or federal law (e.g., race, religion, age, etc.) are considered personal information as is biometric information.  Additionally, commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; internet or other electronic network activity information, including, browsing history, search history, and information regarding a consumer’s interaction with an Internet Website, application, or advertisement; geolocation data; audio, electronic, visual, thermal, olfactory, or similar information is considered personal information under the Act, as is any inferences drawn from any of the above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.  Personal information does not include information that is publicly available or “aggregate consumer information,” which is data that is “not linked or reasonably linkable to any consumer or household.”

The Act does not delineate personal information based on the means of collection or the consumer’s relationship with the business.  Accordingly, the Act applies to personal information collected in both digital and non-digital means, and covers not only business customers but employees, contractors, vendors, etc.

If a business collects personal information, the business must, at or before the point of collection of the personal information, provide two methods, one of which must be a toll-free number and a website address (if the company maintains a website), for consumers to submit requests to be provided with a wide variety of information, including the categories of personal information the business has collected about that consumer, the business propose for collecting such information and the third parties with whom the business shares such personal information. Such requests must be responded to, generally, within 45 days.

For any business that sells personal information, the Act requires that it create a link on its internet homepage and privacy policy to a page entitled “Do Not Sell My Personal Information” that permits a consumer to exercise their right not to have their personal information sold. Additionally, the Act requires that businesses inform consumers of their right to have their personal information deleted.

Existing online privacy policies should also be revised (or business should consider creating a separate privacy policy for California residents) for compliance with the CCPA.  A revised privacy policy should disclose the California consumer’s right to request information about the collection and use of personal information.  The revised privacy policy must also list the categories of personal information (as enumerated in the Act) the business has collected from California consumers in the last 12 months, the categories of sources of such information, the business purpose for collecting such information, the categories of third parties with whom the business shares such personal information, and the categories of personal information the business has sold in the last 12 months. If a company provides a financial incentive for providing personal information, this must be disclosed in the privacy policy.

Compliance with the Act will be enforced by the Attorney General of California through substantial civil penalties. The Act also provides remedies where a California consumer’s personal information is accessed or disclosed due to a data security breach where such breach is due to the failure to “implement and maintain reasonable security procedures.”  The Act provides for statutory damages and allows such claims to be made on a class-wide basis.

Merely updating an online privacy policy will not guarantee compliance with the CCPA.  A business will need to create internal processes for responding to consumer requests, be mindful of monetization restrictions, and ensure CCPA compliance (and obtain indemnification) from vendors that process personal information on its behalf.

In Curver Luxembourg SARL v. Home Expressions Inc., case number 18-2214, the U.S. Court of Appeals for the Federal Circuit recently held that the claim language of a design patent can limit its scope where the claim language supplies the only instance of an article of manufacture that appears nowhere in the figures.

Plaintiff Curver had asserted U.S. Design Patent No. D677,946 (’946 patent), entitled “Pattern for a Chair” and claiming an “ornamental design for a pattern for a chair.” Curver sued defendant Home Expressions alleging that Home Expressions made and sold baskets that incorporated Curver’s claimed design pattern and thus infringed the ’946 patent. The design patent’s figures, however, merely illustrate the design pattern disembodied from any article of manufacture.

At the district court level, Home Expressions moved to dismiss under Federal Rule of Civil Procedure 12(b)(6), arguing that its accused baskets could not infringe because the asserted design patent was limited to chairs only. To determine whether the complaint stated a plausible infringement claim, the district court conducted a two-step analysis. First, it construed the scope of the design patent. Second, it compared the accused products to the claimed design as construed to determine whether the products infringed. Under the “ordinary observer” test, an accused product infringes a design patent if “in the eye of an ordinary observer . . . two designs are substantially the same,” such that “the resemblance is such as to deceive such an observer, inducing him to purchase one supposing it to be the other . . . .”.

At the first step, the district court construed the scope of the ’946 patent to be limited to the design pattern illustrated in the patent figures as applied to a chair, explaining that “[t]he scope of a design patent is limited to the ‘article of manufacture’— i.e., the product—listed in the patent.” At the second step, the district court found that an ordinary observer would not purchase Home Expressions’ basket with the ornamental “Y” design believing that the purchase was for an ornamental “Y” design applied to a chair, as protected by the ’946 patent.

Accordingly, the district court dismissed the complaint pursuant to Rule 12(b)(6) for failing to set forth a plausible claim of infringement.  The Federal Circuit then had to decide whether the district court correctly construed the scope of the design patent as limited to the illustrated pattern applied to a chair, or whether the design patent covers any article, chair or not, with the surface ornamentation applied to it. In doing so, the Federal Circuit for the first time had to decide whether claim language specifying an article of manufacture can limit the scope of a design patent, even if that article of manufacture is not actually illustrated in the figures because all of the drawings fail to depict an article of manufacture for the ornamental design. Thus, this was a case of first impression in which the Federal Circuit said it was confronted with an “atypical situation.”

In making its decision, the Federal Circuit noted that since the figures fail to illustrate any particular article of manufacture, Curver’s argument effectively collapses to a request for a patent on a surface ornamentation design per se.  However, the Federal Circuit reasoned the law and long-standing precedent has never sanctioned granting a design patent for a surface ornamentation in the abstract such that the patent’s scope encompasses every possible article of manufacture to which the surface ornamentation could be applied.  Therefore, the Federal Circuit did not want to construe the scope of a design patent so broadly merely because the referenced article of manufacture appears in the claim language, rather than the figures.

Next, the Federal Circuit reasoned the Patent Office has made clear that it does not grant patents for designs disembodied from an article of manufacture.  In so doing, 1) the claim is not directed to a design per se, but a design for an identified article, and 2) the scope of the design claim can be defined either by the figures or by a combination of the figures and the language of the design patent. Thus, to obtain a design patent requires that the design be tied to a particular article, and the claim language, and not just illustration alone, can identify that article.

Next, turning to the specifics of this case, the Federal Circuited noted the prosecution history shows that here Curver specifically amended the title, claim, and figure descriptions to recite “pattern for a chair” in order to satisfy the article of manufacture requirement necessary to secure its design patent. And, under the ordinary observer test, Curver does not dispute that the district court correctly dismissed Curver’s claim of infringement, for no “ordinary observer” could be deceived into purchasing Home Expressions’ baskets believing they were the same as the patterned chairs claimed in Curver’s patent.

Thus, in sum, given that long-standing precedent, unchallenged regulation, and agency practice all consistently support the view that design patents are granted only for a design applied to an article of manufacture, and not a design per se, the Federal Circuit held that claim language can limit the scope of a design patent where the claim language supplies the only instance of an article of manufacture that appears nowhere in the figures.

LinkedIn is a popular professional networking website with more than half a billion members. Many of its users, in an effort to enhance their networking capabilities, make their profile public and available to anyone to review their personal details such as their employment, education, skill sets and other personal information. Although LinkedIn disclaims any ownership of the information its users post, this information has enormous value in the online marketplace.

For instance, web analytics companies have “harvested” this information for the purpose of analyzing it and/or selling their resulting analyses to third parties. One such company, HiQ Labs is a data analytics company that uses automated bots to harvest or “scrape” information from LinkedIn’s publicly available profiles, including data like names, job titles, work history and skills. HiQ Labs uses this information for two analytical products: (1) “Keeper,” which is used by employers to identify which employees are at the greatest risk of being recruited away so that they may take preventive measures; and (2) “Skill Mapper,” which aggregates the skill sets of employees in a particular workforce so that employers can determine where they may have “skill gaps.”

In May 2017, LinkedIn sent a cease and desist letter to HiQ Labs stating that it must stop accessing and copying data from LinkedIn’s servers and stated that LinkedIn would consider HiQ to be in violation of the Computer Fraud and Abuse Act (“CFAA”) (as well as other state and federal laws) if it continued its “scraping” activities. LinkedIn also warned HiQ that it had “implemented technical measures to prevent HiQ from accessing and assisting others to access LinkedIn’s site through systems that detect, monitor and block scraping activity.”

HiQ sued LinkedIn and sought a preliminary injunction preventing LinkedIn from taking these actions, claiming that they violated California law. HiQ also sought declaratory relief that LinkedIn could not invoke the CFAA (or other similar statutes) to shut down HiQ’s efforts. The District Court granted HiQ a preliminary injunction against LinkedIn after finding that HiQ had demonstrated a substantial likelihood of prevailing on the merits of its claims against LinkedIn and would suffer severe irreparable injury, i.e., the loss of its business model if such injunctive relief was not granted. LinkedIn immediately appealed this ruling to the Ninth Circuit.

After finding that the District Court did not abuse its discretion in finding the presence of irreparable harm, as well as the likelihood that HiQ would prevail under various state theories, the Ninth Circuit turned its attention to the applicability of the CFAA and whether LinkedIn could invoke it in an attempt to preempt HiQ’s state law claims. The CFAA prohibits a person or entity from “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, … thereby obtain[ing] … information from any protected computer.…” (18 U.S.C. § 1030(a)(2).) The CFAA provides various criminal penalties and civil liability for violations of its provisions.

Under the CFAA, almost any computer that is attached to the internet is covered as a “protected computer.” This would include the servers that LinkedIn used to host its members’ public profiles from which HiQ Labs would “scrape” data.

The primary issue that the Ninth Circuit considered was whether the sending of the cease and desist letter by LinkedIn to HiQ Labs meant that any further access of LinkedIn’s public member profiles by HiQ constituted access “without authorization” in violation of the CFAA. The Ninth Circuit began by recognizing that in other contexts, it had recognized that “without authorization” should have a non-technical meaning, essentially meaning the accessing of “a protected computer without permission.” For instance, in United States v. Nosal, 844 F.3d 1024 (9th Cir. 2016), the Ninth Circuit had held that an employee who used other employees’ log-in credentials to access his former employer’s computer system had accessed a “protected computer” “without authorization” in violation of the CFAA. HiQ Labs argued that where access to the computer information is open to the general public (such as LinkedIn’s public member profiles), CFAA’s requirement of “without authorization” was not applicable. The Ninth Circuit agreed with this reasoning, or in any event, concluded that it had “raised a serious question as to this issue” so that the District Court did not err in granting the injunction.

Next, the Ninth Circuit examined the CFAA’s legislative history and concluded that it also supported its decision. It noted that the CFAA “was enacted to prevent intentional intrusion onto someone else’s computer – specifically, computer hacking.” For instance, the original CFAA, in 1984, was limited to a narrow range of computers, primarily those containing national security information and financial data, or those operated by the government. In 1996, the CFAA was brought into any “protected computer” in order “to increase protection for the privacy and confidentiality of computer information.” The Ninth Circuit reasoned that “the CFAA is best understood as an anti-intrusion statute and not as a `misappropriation statute.'”

The Ninth Circuit also distinguished two cases, the Nosal case and Power Ventures v. Facebook, 844 F.3d 1058 (9th Cir. 2016), upon which LinkedIn was relying. The Court easily distinguished Nosal by finding that Nosal had used other employees’ log-in credentials to access his former employer’s computers and thus, the computer information that was accessed was “plainly one which no one could access without authorization.”

Likewise, in the Power Ventures v. Facebook case, Power Ventures had developed tools to circumvent I.P. barriers and gain access to password-protected Facebook profiles. Thus, Power Ventures was accessing data on Facebook servers that were protected by Facebook’s user name/password authentication system, which the Court reasoned was distinguishable from what HiQ was doing by “scraping” publicly available information.

The Ninth Circuit also stated that its limitation on the applicability of the CFAA to publicly available computer information was similar to its analysis of cases brought under the Stored Communication Act (“S.C.A.”), which contains a similar “without authorization” provision. Furthermore, given that the CFAA provides for criminal penalties (as well as civil liability), the “rule of lenity” favored adopting a narrow interpretation of the CFAA’s “without authorization” provision. Thus, the Ninth Circuit concluded that when a computer network generally permits public access to its data, especially given that LinkedIn claimed to have no ownership of the information posted by its users, the Court will generally find that no violation of the CFAA. The Ninth Circuit noted, however, that there could be other remedies available to LinkedIn for this type of conduct, including copyright infringement, misappropriation, unjust enrichment, and/or breach of privacy.

The Ninth Circuit’s decision in HiQ demonstrates that the Ninth Circuit is willing to place some limitations as to the scope of the CFAA’s applicability. However, given that the case is still in its preliminary stages, it is possible that the Court will allow LinkedIn to pursue other legal theories in an attempt to try to stop HiQ from “scraping” its publicly available member profiles. Stay tuned.

Landlords whose tenants sell counterfeit goods can be liable for trademark infringement if they have knowledge of the infringing acts or are willfully blind to the infringement.

In Luxottica Group v. Airport Mini Mall, LLC, 932 F.3d 1303 (11th Cir. August 2019), Oakley, Inc. and its parent Luxottica sued the owners of a shopping mall in Georgia for contributory trademark infringement under the Lanham Act (15 U.S.C. §1114).  Luxottica and Oakley make and sell high-end sunglasses under the Ray-Ban and Oakley trademarks.  The defendants owned and managed an indoor mall, and subleased space in several hundred booths in the mall to vendors of various products.  The defendants were aware of three raids by law enforcement of certain booths that sold counterfeit sunglasses; in which thousands of items bearing Luxottica’s trademarks were seized.  The vendors were selling the infringing eyewear for $15 to $20, while Luxottica’s eyewear sold for $140 to $220.

The defendants received copies of the search warrants and knew which booths had been raided.  Luxottica sent two letters to the defendants, informing them that certain of their subtenants were selling counterfeit sunglasses.  After the lawsuit was filed, the defendants met with law enforcement and discussed the subtenants’ sales of counterfeit Oakley products.

At no time, however, did the defendants take any action to stop the subtenants’ sales of the counterfeit products.  The defendants did not evict the subtenants or terminate their leases.

At trial, a jury found the defendants liable to Luxottica for contributory trademark infringement, and awarded $1.9 million in damages to Luxottica.

The defendants appealed.  The Eleventh Circuit Court of Appeals affirmed the jury’s verdict, finding sufficient evidence to support the verdict.

The Lanham Act provides that a defendant is liable for contributory infringement if the defendant induces or knowingly facilitates the trademark infringement.  In order to establish contributory trademark infringement, the plaintiff must show: (1) that there was direct trademark infringement by someone; and (2) that the defendant intentionally induced the direct infringer or supplied a product to the direct infringer, with either actual knowledge or constructive knowledge of the infringing acts.  Willful blindness, which occurs when a defendant suspects a wrongful act but deliberately fails to investigate the act, is one type of constructive knowledge.

The court noted that whether contributory trademark infringement applies in a landlord-tenant situation was a question of first impression, but that it did not decide the issue because the defendants did not contest the issue.  However, the court said that the application of contributory infringement in the landlord-tenant context was consistent with tort liability in general.

The court held that the plaintiffs had provided sufficient evidence that the defendants had constructive knowledge of, or were willfully blind to, the subtenants’ acts of direct infringement.  The defendants supplied a service to the subtenants (the leased space, utilities, maintenance, and parking).  The plaintiffs relied on substantial evidence, including the defendants’ knowledge of the three law enforcement raids and seizures of large volumes of counterfeit goods, the defendants’ meeting with law enforcement, and the defendants’ ability to inspect the products the subtenants sold.

The court also affirmed the verdict against several of the individual defendant owners and managers of the shopping mall.

Have you ever driven away from your home and then had that irritating doubt in your mind as to whether you remembered to close your garage door? I know I have. No matter how hard I try to search my brain’s archives, I really don’t remember whether I closed the garage door even though I close it 99.9% of the time! In that moment, you wish there was a way to check that doesn’t require turning around and going back home to see if you really left the house wide open for anyone to walk in.

Well The Chamberlain Group, Inc. (“Chamberlain”) thought it had patented an invention that could help with this type of problem—a garage door opener that wirelessly transmits information such as whether the door is open or closed. See U.S. Patent No. 7,224,275 (the “’275 Patent”). Specifically, the patent “relates to an apparatus and method for communicating information about the status of a movable barrier, for example, a garage door.”

Read More