Non classé

Facebook wants to be at the center of its users’ lives

business-dreyfus-81-150x150With more than one billion active users, Facebook is perpetually innovating to stay in the race. Faced with an increasingly diverse range of social networks, the social web giant must improve the user experience. The following months are going to witness the implementation of various features, each with its share of clear issues.

 

Whether Facebook is a private or public space has always been open to debate. However, for most analysts, Facebook remained, by default, a public social network, a far cry from its origins when it was restricted to a handful of students. Besides, the innovations of the last few years have only highlighted this fact. The Court of Appeal of Besançon had thus held that “in light of its purpose and organization, this network must necessarily be considered as a public space”. (Besançon, November 15, 2011, 10/02642). With Timeline and Social Graph, it became very easy to regroup information that members could have wrongly thought to be private.

 

But Facebook seems to have backtracked, as new members will eventually have their confidentiality settings set to private. This will likely allow the courts to clearly assert the private nature of Facebook, as held by the Court of Appeal of Rouen in two 2011 judgments: “it cannot be asserted with absolute certainty that current case law denies Facebook the status of a private space given that this network can either constitute a private space or a public space, depending on the settings chosen by its user”.

Furthermore, all services or websites that allow for connection through Facebook will now be trying out a connection method that is “anonymous.” According to the social network, this will make it possible “to try out an application without sharing one’s personal information stored on Facebook.”

While Facebook is showing an inclination to limit the sharing of data, the social network still wants to know more about its members. Driven by the success of Shazam, Facebook will be adding a new feature that will make it possible to identify a song listened to by a user, and then to share it. Not only will Facebook have an intimate knowledge of the profiles of its users, but it will also be able to identify the musical tastes of each of its members, by region, age group or sex. This of course raises the question as to the use that is made of these data, their destination, or even their real purpose. There is no doubt that the social network is very closely monitored by all competent authorities in that respect.

 

The social network furthermore wants to bring its members closer. Thus, if two users are “friends” on the website, they could easily question each other on their relationship status by clicking on “Ask”. According to the Financial Times, Facebook is also devising an alternative to the famous application Snapchat. This ephemeral message service raises many legal issues: right to the use of individuals’ and/or goods’ images, right to privacy or even the gathering and admissibility of evidence.

 

Faced with social networks like WeChat, which is extremely popular in China and which offers various services, Facebook is diversifying. Despite the progress made by the network with respect to privacy protection, there remains the tricky issue of the right to be digitally forgotten. First and foremost advocated by Alex Türk, previous President of the CNIL, it is according to the latter “the implementation of a natural function, the ability to forget, which makes life bearable”.

 

Dreyfus is specialized in the fight against infringements on social networks. Please contact us for more information.

 

Read More

International designs: South Korea ratifies the Hague Agreement

Symbole copyrightWith effect from July 1, 2014, South Korea joined the Hague International Design System which allows for the protection of designs in several countries through the filing of a single application with the World’s Intellectual Property Organization (WIPO).

South Korea is the 62nd member to enter into the Hague Agreement for the International Registration of Industrial Designs.

This system offers significant opportunities for efficiency gains and allows the filing of up to 100 different designs per application. It also simplifies the recording of changes in, and renewals of, protected industrial designs.

Only contracting parties can benefit from the system. Non-member States such as the United States and Japan still require the filing of applications at a national level.

However, more and more countries are currently filing for membership, which is good news for companies. Similarly to international trademarks, it is recommended to take advantage of the benefits offered by international designs.

 

Read More

Open SSL: The Heartbleed situation

business-dreyfus-81-150x150Following the media coverage of its discovery in early April, the so-called Heartbleed flaw has been extensively written about. A major flaw, if any, Heartbleed is actually a coding error in the OpenSSL encryption software. The websites using OpenSSL are, or were for a few days, highly vulnerable to theft of data. Overwhelming for some, frightening for others, the flaw must be taken seriously in any event. The Heartbleed situation in four questions.

 

What is Heartbleed?heartbleed

Heartbleed is neither a malware nor a virus. It is a flaw in the implementation of the OpenSSL security protocol. The latter is used to secure communication between two computers while protecting their identities. Heartbleed allows any internet user to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. It compromises the secret keys used to identify the service providers and to encrypt traffic as well as the names and passwords of users. It also allows hackers to eavesdrop on communications and to steal data directly from the servers.

The flaw of the OpenSSL lies in this tiny line of code:

memcpy (bp, pl, payload):

Mempcy is a command that copies data by overwriting previously copied data. But, with Heartbleed, the data is stored in the system as information to be overwritten, but it is not, and the flaw allows for this data to be stolen.

 

How significant is the flaw?

Heartbleed allows a maximum 64 Kb of data to be retrieved, which may seem to be an insignificant amount. However, this represents a significant amount of information in plain text (64,000 characters!). Together, data retrieved from all servers represent a colossal amount of information. In addition, “the number of attacks from hackers is unlimited” as stated by Fox-IT, a company specialised in IT security.

The identity of the hackers may be equally important. Thus, a few days after the discovery of the flaw, the National Security Agency (NSA) was accused of having exploited this flaw for almost two years to collect the maximum amount of data on Internet users. While the Edward Snowden commotion had started to settle, these accusations did not bode well for the U.S. agency.

 

Has the flaw been fixed?

The OpenSSL protocol was developed as open software. This allows its users to modify the source code, and to deal with flaws of this magnitude. For April, an organisation for the promotion of open software, the open nature of the code has “substantially lowered the impact of this flaw.” OpenSSL has been updated but this still does not solve all the problems, as the update must be installed on all vulnerable servers.

The most popular websites had already installed this update of the protocol before the media started reporting on the flaw. The servers are therefore no longer vulnerable to this flaw.

Nonetheless, mistakes can happen swiftly. Akamai Technologies, which manages almost 30 % of global traffic on its 147,000 servers, learnt it the hard way. For over 10 years, Akamai has been using a modified version of OpenSSL which provided “better security” against the Heartbleed flaw according to the Chief Technology Officer of the company. However, an independent researcher found “a code full of bugs and non-functional” in the patch provided by Akamai to its clients. The researcher believes that the update does not offer adequate protection against Heartbleed. This is particularly worrying given that Akamai’s clients are major banks, media groups and companies specialising in e-commerce.

However it is possible that other flaws will be revealed. Indeed, OpenSSL is crucial for websites that use it; however this project is far from being sustainable. Its developers are “desperately short of funds” according to the Research Manager of Sophos. The Wall Street Journal says that only four developers work on this project, only one of them on a full time basis.

 

What should users do?

For users, two steps are crucial to prevent personal information from being stolen. Firstly, it is essential to ensure that websites they use have updated their version of OpenSSL. This is already the case for most websites, including social networks and banks’, but checking is still important.

The second step is to change your passwords. This change must be put into practice after the OpenSSL has been updated, otherwise hackers may retrieve the new password.

Last but not least, in order to ensure protection of one’s information on the Internet, one should have different passwords. This is commonly known advice but unfortunately it not applied frequently enough. Yet, it is essential. Thus a unique and hard to guess password is good practice for sensitive websites such as banks’ websites. Passwords that are too simple such as “password” or “123456” are obviously prohibited, on any website.

 

Read More

The challenging evidence of bad faith and trade mark use!

Symbole copyrightOn 10th December 2013, the Hague Court of Appeal has adopted a severe stance in relation to the evidence of trade mark use and of the defendants’ bad faith (200.110.341/01). As such, the company Promodyne manufactured cigarettes under the mark Maba, which was then exported to Asia by the company Zhu. Furthermore, the company Great Blue Sky International has filed a Community trade mark application for the mark Maba. Some months later, the company Zhu filed a trademark application for the same mark in Benelux. In response to the opposition made by Great Blue Sky International and Promodyne, the company Zhu claimed for the latters’ bad faith.

In order to prove bad faith, the Hague Court of Appeal requested the company Zhu to demonstrate that it was using the mark Maba in at least one of the countries of the European Union before the defendants filed a Community trade mark application. In other words, the company Zhu had to provide proof of prior rights in the European Union. The latter declared having used the mark for export purposes as per Article 15 (1) (b) of the Regulation No. 207/2009 on Community trademark.

However, the Hague Court of Appeal did not consider this point. It deliberated that the use of the trademark in the framework of exportation of the products outside the European Union constituted a use of trademark only if it is contrary to one of the functions of the mark. It is what has been retained in this case when specifying that although the products are meant for exportation, there is a risk that they reach the European market through the initiative of the owner or third parties. Moreover, as the products are directly sent to Asia, it seems difficult for the company Zhu to prove any sufficient prior use of the mark on the European market.

One can speculate on the solution of the Hague Court of Appeal if the company Zhu would have succeeded in providing evidence of sufficient prior use of the trademark. Would it have retained the defendants’ bad faith? In assuming that an appeal is requested before the Court of Justice of the European Union, it is not sure that it would follow the same reasoning as the Hague Court of Appeal.

 

Read More

Choosing the correct legal basis for Facebook takedown notices: distinguishing trademark infringements and copyright infringements

business-dreyfus-81-150x150On January 22, 2014, the U.S. District Court for the Northern District of California ruled on whether a takedown notice submitted to Facebook was in violation of the Digital Millennium Copyright Act (DMCA), a US statute enacted in 1998 to combat copyright violations.
CrossFit created a fitness training program and owns the trademark CROSSFIT. Jenni Alvies, without CrossFit’s consent, set up a blog “crossfitmamas.blogspot.com” and a Facebook page “CrossFit Mamas” on which workout routines and personal comments were posted. In addition, Alvies sold various products through her blog and was remunerated through Google AdWords ads.
After several exchanges, CrossFit sent a takedown notice to Facebook requesting the removal of the contents published on Alvies’ page on the grounds of a violation of the DMCA.
CrossFit eventually decided to sue Alvies before the Courts for trademark infringement. In response, Alvies argued that the DMCA only covers copyright infringements. Thus, by relying on the infringement of its trademark rights, CrossFit submitted an erroneous takedown notice to Facebook. CrossFit, on the other hand, argued that Facebook offers the option to submit notices based on either copyrights or trademark rights.
The District Court rejected CrossFit’s argument. Even though CrossFit did convince Facebook to remove Alvies’ page, the Court did not take this into consideration and highlighted the copyright violation by CrossFit. Besides, the Court found that Alvies, who received income through her Facebook page, would have suffered unreasonable damage due to the unlawful removal of the contents of her page.
Right owners must thus remain vigilant with regards to the wording of, and legal basis used in, takedown notices, to make sure they are not rejected.

 

Read More

E-commerce: Amendments to the law

business-dreyfus-81-150x150The French Consumer Act, aka the Hamon Law (Act N˚ 2014-344 of March 17, 2014), will enter into force on June 13, 2014. It incorporates the provisions of the EU Directive on Consumer Rights of 2011 (Directive 2011/83/EU of October 25, 2011) which promotes e-commerce in the EU at national and cross-border level.
In order to comply with EU rules on consumer protection, e-merchants will need to provide more detailed information to consumers. This information obligation includes information on the obligation to pay, return costs, procedures to exercise the consumer’s withdrawal right and accepted modes of payment.
In the same vein, the Hamon law will bring in line with EU law the withdrawal and refund periods, which will be 14 days instead of 7 and the delivery period within the EU, which will be 30 days. The consumer will also have 30 days to make a request for cancellation of the sale based on non-delivery. Moreover, the Consumer Act prohibits contractual provisions which transfer the liability associated with the transport risk to the consumer.
Furthermore, the consumer’s consent will have to be obtained by opt-in; the consumer will compulsorily have to tick the boxes to notify his consent.
With regards to the protection of e-merchants, new exceptions to the withdrawal right will be established, mostly for hygiene purposes. E-merchants will also be able to hold consumers liable if the returned product has been overused. Finally, the e-merchants will not be held liable in case of loss or damage of products upon delivery, provided that the consumer chose his carrier.
What are the required updates for e-merchants?

  • Amending general terms and conditions of sale in order to incorporate the changes in time limits and the new rules;
  • Training and educating employees and partners on the new procedures, particularly on returns and refunds;
  • Adjusting the order process to be in line with the new rules;
  • Sending order confirmations containing all the required information on a durable medium which the consumer can store;
  • Modifying the order button so it shows clearly the obligation to pay.

These measures form part of the EU’s fight for consumer protection. These measures are not limited to the regulation of e-commerce; they also provide for amendments in relation to litigation, with the introduction of class actions “à la française”.

 

Read More

Slogans and domain names

business-dreyfus-81-150x150Used as a marketing tool by economic operators, slogans are not only exploited in the real world but also in the digital world.

Protecting slogans over the Internet includes fighting against the use of third-party registered slogans in domain names. UDRP decisions show that assessing the likelihood of confusion in relation to slogans is similar to assessing such likelihood in relation to trademarks generally.

If a slogan has been registered as a trademark, the Panel will compare it with the domain name. On the other hand, if the slogan has not been registered as a trademark, then the existence of rights of a non-registered trademark (Common law rights) should be established. The applicant should establish an active use of the slogan, having created a link in the mind of the public between the slogan and its goods and services (D2005-0649 Ice House America, LLC v. Ice Igloo, Inc ; <icehouseamerica.com> and  <icehouseamerica.net>). It should be established in concreto at the time of registration of the disputed domain name (D2002-1117 Arthur Guinness Son & Co. Limited, Guinness Anchor Berhad v. Josh.com.my a.k.a. Josh Lim ).

Sometimes domain names reproduce slogans in their entirety. Thus, the domain name <foreversport.com> was found to be similar to the slogan “FOREVER SPORT” by Adidas (D2000-1148 Adidas International B.V. v. Kadana Holdings Pty Ltd).

Domain names may also reproduce only part of the relevant trademark, which is also the slogan of the complainant. This has been the case for the domain name <morgandetoi.mobi> where the complainant was the holder of a complex trademark that included the slogan “Morgan de Toi” (D2012-2117, C.C.V. Beaumanoir v. Zhihao Zheng).

A likelihood of confusion may also be established where only part of the slogan is reproduced in the domain name, provided that the distinctive components of the slogan are used. Thus a shoe manufacturer holding the trademark “Think!” and using the slogan “Shoes by Think” successfully obtained the transfer of the domain name <think-shoes.net> (D2007-1007 Marko Schuhfabrik GmbH v. Mercom Group).

Domain names may also reproduce the slogan in a slightly different manner without excluding the risk of confusion. In the case concerning the domain name <thisisadamking.com>, the Panel found that the complainant had non-registered trademark rights on its slogan “Who is Adam King” and that the replacement of “Who” by “This” did not exclude the risk of confusion since, on the contrary, “This” could be viewed as an answer to the question asked by the slogan (D2002-1117 Arthur Guinness Son & Co. Limited , Guinness Anchor Berhad c/ Josh.com.my a.k.a. Josh Lim).
Domain names may also reproduce the slogan in combination with other terms. For instance, if a domain name reproduces the trademark of the complainant and adds it to its own slogan, the likelihood of confusion is even greater (D2010-2126, Akbank Turk A.S.c/. Axess Yeterbana <axessyeterbana.com> – trademark Axess + slogan “Yeter bana”).

However, where a domain name includes a slogan associated with a negative term, the likelihood of confusion does not necessary arise. The Panels’ opinions  are divided with regards to domain names containing pejorative terms. Some refuse to recognize the existence of a likelihood of confusion in this case whilst others recognize it: it all depends on how one interprets the freedom of expression. Fighting against such domain names can therefore prove to be very difficult.

In this context, it is worth noting the decision regarding the domain names <mma-prejudice-moral-economique.com> and <mma-zero-tracas-publicite.com> rendered in favor of the insurer MMA in a way that was particularly favorable to rights holders (D2012-2136 MMA IARD c/ Eric François). The Panel noted a potentially confusing similarity on the grounds that, if had he found otherwise, this would “prevent right-owners from fighting many cases of cybersquatting”.

Finally, beyond the likelihood of confusion, the protection of slogans over the Internet also aims to prevent the exploitation of slogans by non-authorized third parties. It may include e.g. fighting against a misappropriation of the slogan on a third party’s website. The case D2004-0249 SEC SNC against Manakel Communication concerning the domain names <baton-de-berger.com> and <batondeberger.com> covered these two aspects. The domain names were identical to the complainant’s trademarks and were redirected to a pornographic website which displayed the slogan “There is no time for sucking it”, which is a misappropriation of the complainant’s slogan “There is no time for eating it.” The Panel based itself on the reproduction of the complainant’s trademarks to establish the likelihood of confusion and on the unjustified exploitation of the complainant’s slogan to establish the bad faith of the registrant.

Caution should therefore be exercised when acting against a domain name comprised of a slogan.

 

Read More

United-States: court says cybersquatting protection doesn’t apply to gTLD application

business-dreyfus-81-150x150On February 5, 2014, the District Court of California ruled on a Legal Rights’ Objection (LRO) regarding the <.delmonte> gTLD (generic Top-Level Domain). The LRO was a protection awarded to trademark holders in ICANN’s New gTLD Program from June 2012 to March 2013. Trademark owners could file objections to new gTLD applications before the World Intellectual Property Organization (WIPO) to challenge the depositor’s rights to the gTLD.

 

Here, the court addressed a request to challenge a decision made by WIPO on the <.delmonte> in July 2013. The case involved two companies named Del Monte, a Delaware entity and its licensee, a Swiss company. The Swiss entity applied for the <.delmonte> gTLD as a license holder of the “DEL MONTE” trademark. However, the application was successfully contested by the Delaware entity by a LRO. In response, the Swiss company sued in US Federal Court to obtain the rights to the gTLD at issue and the Delaware company to give up its LRO.

 

The Swiss entity based its complaint on both the Anti-cybersquatting Consumer Protection Act (ACPA) and “reverse domain name hijacking”. Both of these claims involve domain names. The main question here is whether the claims can also apply to new gTLD applications.

 

Such a requirement begs the question of the new generic top-level domain’s registration. The court therefore questioned whether ICANN could be considered as a domain name registration authority. Texts and Case law diverge on the matter. In this case, ICANN was considered “much like a traditional domain name registrar” but the court’s analysis remained inconclusive for the new gTLDs.

 

It then turned to the registration and use of the new generic top-level domain. The court said that the <.delmonte> gTLD was never properly registered. Therefore, the ACPA’s requirement of “registration, trafficking or use” to constitute cybersquatting could not be asserted. As a result, the Delaware entity maintained the right it acquired with the LRO to the <.delmonte> gTLD.

 

This decision also highlights the fact that the ACPA was not written to take into account the new gTLDs. A reform of the Act should be considered to adapt it to ICANN’s new top-level domains.

 

Read More

Trademark Offices: New common practice for the protection of black and white trademarks

Symbole copyrightThe Office of Community Trademarks – OHIM and some national Offices published, in January of this year, a common communication on black and white trademarks.

What does it say? What are the implications in practice?

 

 

 

  • A trademark in black and white will be treated as identical to a sign in colour if the difference between the two is so insignificant as to be unnoticed by the average consumer. Thus, if only a reasonably observant consumer will see a significant difference when comparing the two trademarks, then the difference will be treated as insignificant.
  • The distinctive character of a trademark registered in black and white will not be changed by a change in colour provided that:

o    The figurative elements are the same and remain as the main distinctive elements;
o    The contrast of shades is respected;
o    The colour or combination of colours does not have distinctive character in itself;
o    The colour is not one of the main contributors to the overall distinctiveness of the trademark.

  • If an opposition is filed, signs will only be deemed identical if the difference of colour is insignificant, i.e. hardly noticeable to the average consumer. Even if the signs are not identical, they may be considered as similar and a likelihood of confusion may be found to exist.
  • For a priority claim, a trademark registered in black and white will not be treated as identical to the same trademark in colour, unless the difference in colour is insignificant.

 

In addition, there is regrettably some divergence with regards to the implementation date of this new common practice between OHIM (June 2, 2014) and the various participating national offices (e.g. July 15, 2014 for the UKIPO). Further, the different offices have not decided if this new practice applies to pending applications or only to those filed after the implementation date; but also whether it applies to pending proceedings or only to those initiated after the implementation date.

 

Finally, it remains advisable, based on the specifics of each case and with regards to the new common practice, that trademark owners register their trademarks in both black and white and colour, particularly when colour is a distinctive element of the trademark.

 

Read More

The persistence of uncertainties relating to the notion of disclosure of designs!

Symbole copyrightOn February 13, 2004, the European Court of Justice intervened on the notion of disclosure of designs (C-479/12). In order to acquire protection for a design, that design must be a new one and must have an individual character compared with all the designs which have gone before. These designs have to have been made available to the public, that is, they must have been published following registration or otherwise, or exhibited, used in trade or otherwise disclosed “except where these events could not reasonably have become known in the normal course of business to the circles specialised in the sector concerned, operating within the Community” (article 7 regulation n°6/2002). The European Court of Justice has set out the contours of this exception.

 

Firstly, the concept of «specialised circles» has to be understood broadly. It does not only concern the persons who are involved in the creation of designs. Indeed, the Court also takes into consideration the disclosure to traders. However, this point remains unclear as it is considered to be a question of fact that must be solved by the national courts.

 

In addition, the Court considers that the events constituting disclosure must not necessarily have taken place within the European Union. Similarly, disclosure in a single undertaking in the sector concerned in the European Union is sufficient. However, the Court adds once again that it is a question of fact left to the national court.

 

Finally, the Court states that it is the person who is seeking to assert his or her rights who bears the burden of proof in demonstrating copying. It seems difficult for the rightholder to come up with this proof and therefore the national courts must counter that difficulty by lightening the onus of proof. Claims for compensation, destruction of infringing products and injunctions against the infringer must also be governed by national law.

 

If the decision of the European Court of Justice clarifies the notion of disclosure relating to designs, many elements must be determined by the national law. Therefore, we may fear an absence of harmonization in the national regulations and the practical difficulties.

 

Read More