Archive for the ‘Intellectual property’ Category

Senator Patrick Leahy just introduced the ‘Combating Online Infringement and Counterfeits Act’ (COICA). As the Electronic Frontier Foundation notes in their press release, this is an egregious power grab by the government. This bill would allow state Attorney Generals to arbitrarily designate entire internet domains as “infringing” and require domain registrars/registries, ISPs, DNS providers, and others to block Internet users from reaching those domains. Worse, the bill allows the US Justice Department to create its own blacklist with even more intrusive restrictions and fear-inducing penalties, all without any judicial review, much less an actual conviction that something illegal really happened.

The thinly veiled excuse of “copyright protection” ignores the massive potential for abuse on the part of overzealous prosecutors and bureaucrats. It tramples on the First Amendment rights of other potential users of the domain, requiring not merely that the specific infringing content be taken down but that everything else on the site, all the blogs, images and any legitimate content be made inaccessible as well.

The US is supposed to be the leader in freedom. This bill sends a message to the rest of the world that we don’t really believe what we say – that censorship is acceptable. This is a very dangerous and patently unconstitutional bill.

Please take a minute to read EFF’s article. But more important, WRITE YOUR SENATOR opposing this bill.

Who owns your contact list? Is your rolodex yours or is it intellectual property of your employer? And how does that rule change when your rolodex is really your LinkedIn account?

Two recent court cases out of the UK concluded that your contact list may well belong to your employer. The first involves the UK arm of a US publishing group, PennWell Publishing (UK). In this case, a departing employee burned 18 files containing contact details for industry members and conference attendees onto a CD. While at the company, the employee had stored both personal and work contacts in his email account address book. As the database contained his own “journalistic contacts”, he believed he was entitled to a copy when he left to set up a competing business. Despite a strong argument by the former employee about “the highly personal nature of the files”, the judge found that an address list in the email system and backed up by the employer is exclusively the employer’s. He went further and said that not only is the employee not entitled to exclusive use of his former address book, he is not even entitled to shared use and was permanently enjoined from using the address list. This was true even though the list was started from a list that the employee brought from his previous employment and updated himself and despite the fact that it contained a proportion of purely personal contacts.

In the second case, a former Hays Specialist Recruitment employee was forced to disclose business contacts added to his LinkedIn account before leaving the company. Again, the company’s motivation was the employee’s use of the contacts to set up a competing business.

Some forms of intellectual property are clear. Stealing the recipe for Coca-Cola, employee lists showing SSNs, the company’s strategic plans or patented machine designs is bad. Whether a customer roster belongs on that list depends a lot on the company’s business model. And whether your own address book counts as a customer roster may depend on your position within the company – there’s a stronger argument if you’re in Sales than if your rolodex consists mostly of IT vendors.

The line between personal and business life is increasingly blurry – and that blurriness helps companies more often than not in my opinion. Often, you want the personal connection of a human name in the contact list. I am not in favor of a blanket rule that you can never mix personal and business contacts. We need to be careful about putting too many barriers in the way of our employees.

In some cases, you can get around the problem by setting up role-based accounts for the company. For example, when I was working the company’s domain registrations, I set up an account called “dom-admin”. All the contacts, registration credentials, alert messages, etc were made in that dummy account’s name. For convenience, the account forwarded to my internal email but everything stayed with the dummy account. When I moved out of that role, we simply switched the forwarding to the new person. It really helped our continuity. That doesn’t work for every situation, though.

Whatever the policy is, your company needs to make the policy clear especially in this age of expanding social media and networking. If your rolodex is yours, fine. If it’s the company’s, make sure your employees know the rule ahead of time. The company’s Social Medial policy is a good place to make clear who owns your contact list. If the policy isn’t clear, push the issue. Ambiguity is good for nobody but the lawyers.

NPR had a tidbit this morning about the Bluff City, TN police department that lost its internet domain name, BluffCityPD.com to a disgruntled citizen who is now using the site to complain about the department.

I have little sympathy for the police department in this case. The rules for internet domain names are very clear. With a little shopping around, domain names cost $10 or less per address per year and can be rented up to 10 years ahead. If the registration does run out, the domain registrars are very aggressive with their renewal emails. And even if you blow them off until the last minute, there’s a generous grace period during which your site is down but you still have a “preferred right” to renew before the domain goes back into the public pot. If the city didn’t deliberately waive their claim to the right to the domain by not renewing, they were certainly negligent – and more negligent for not noticing when the domain went down.

There is an interesting side discussion about whether internet domains should be permanently ownable rather than merely rented. But we’ll leave that for another day.

Lessons for a small businesses from the Bluff City PD story:

  • If you have a website (and who doesn’t these days), rent your domain name as far out as you can.
  • Buy the domain using a role-based email address such as webmaster@yourdomain.com and set that ID up to forward to your IT person. Avoid setting up the account with the IT person’s ID directly because it’s too easy to forget when the individual moves on. And if you don’t, you won’t get the renewal notices.
  • Make a conscious decision about the alternate domains you want to buy at the same time. If you own .com, you might also want .net, .org, etc. You might also want to think about local variants and names that align with your brand, your products, etc. Domains are cheap.
  • Having said that, I recommend against trying to preemptively buy derogatory or pejorative names such as ihateyourcompany.com. Even at only $10 per name, you could never afford all the variants. Who, for example, would think of buying glennbeckrapedandmurderedayounggirlin1990.com (a domain that the court recently ruled is a legitimate satire site).

Domain names are part of your company’s intellectual property. Protect them appropriately.