Posted on

Looking Ahead to 2010: To Boldly Go . . . .

Each year, at the end of the year, I create a Legal Bytes piece intended to be more thoughtful and philosophical than the articles posted during the year. Thank you, in advance, for reading and allowing me to attempt to provide some insight and thoughtfulness to your day, in what I hope is an enlightening and entertaining manner. While my normal postings are designed to bring you news, updates and thoughts about timely events, this is one is longer – and arguably less exciting – and asks you to indulge me in a bit of philosophy, or what passes for an attempt at philosophy about the year past and the year ahead.

This article will contain no hypertext links to distract you; it will not have citations to offer more information about a snippet; nor will it dazzle you with factoids or intrigue you with today’s news. It’s just me philosophizing, my one chance during the year to ramble about where we’ve been and where I think we might be headed – without any credentials, qualifications or expertise to do so. 

So loyal Legal Bytes’ readers, you don’t have to buckle up or fasten any seat belts. Just pull up an easy chair, open your Blackberry, your Kindle, your Droid, your iPhone, PC, Laptop, Netbook, Web-TV, PDA, or whatever your favorite Legal Bytes’ reading device might be; pour a glass of tea (or whatever your liquid of choice might be), sit back and enjoy . . . and again, thank you. So here goes.

*****

I’m a Star Trek fan. I’ve watched all of the television episodes, starting from the day Captain Pike, bound to a wheelchair resulting from his own heroism, is taken to the very first virtual world I can recall being displayed in mass media. I’ve watched all of the Star Trek movies. I confess to being a victim of an "even number" preference, culminating so far in this last Star Trek – certainly among, if not the favorite of all of them. 

Computers that can search for anything and everything. Touch screens and voice commands. Warp speed and instant communication across multiple languages and without regard to geography or time zones. All that with a bit of humor, a bit of clever philosophy and a social network (crew) that have hugely diverse (one might say inter-planetary) ethnic, cultural and racial characteristics, and at the same time work seamlessly together as a team. More than science fiction, Star Trek is really science within fiction, and a fiction that might just be reality if we close our eyes long enough and hard enough. Most of all, to boldly go where most of us have never gone before isn’t really referring to space as the "final frontier," is it?

Now I know not everyone is a Trekkie, and I confess that while I am a big fan, I’m not really obsessed. I don’t go to conventions or wear uniforms, nor do I run around screaming "Beam me up," although I do confess to a feeble attempt at a Scottish accent when I respond "I can’t do it, Captain." So what is it that makes me able to watch over and over again and relish each scene and each episode, and look forward to each new motion picture? It’s not simply because I like science fiction. Nor is it solely because of an ensemble cast, made up of some extraordinarily fine individual actors who work extraordinarily well with each other and with scripts that combine serious science fiction with some tongue-in-cheek individualism, not always in human form.

Let me digress to a personal, but relevant anecdote. Many years ago I had the pleasure of actually meeting Leonard Nimoy. I won’t go into detail, but on behalf of a client, I had contacted Phil Gersh, the gentleman (a true gentleman) who represented Mr. Nimoy at the time, and Mr. Gersh must have relayed our conversation to Mr. Nimoy, resulting in a meeting in New York. It was over lunch, very relaxed and informal, but I admit to feeling an amazing sense of excitement, good fortune and privilege at being able to actually sit down and talk with someone I had long admired as an actor, writer, director and producer.

Continue reading “Looking Ahead to 2010: To Boldly Go . . . .”

Posted on

Wandering Lonely as a Cloud? Not One Cloud Computing Inventor in Texas!

In 1804, William Wordsworth published what is certainly among the most well known and oft-read poems in the English language – it begins, “I wandered lonely as a cloud that floats on high o’er vales and hills, when all at once I saw a crowd, a host, of golden daffodils.”  Now even back in 1804, Wordsworth, no XML programming guru, was already talking about clouds, crowds and hosts . . . 

So we read recently that NetMass, a Texas company, reached a settlement and had a judgment issued in a federal patent case involving a lawsuit by an inventor, Mitchell Prust, alleging that NetMass infringed some cloud computing and cloud storage patents. Mr. Prust had apparently invented a mechanism to allow web browsers to access application programming – a fundamental aspect of cloud computing. The settlement and judgment entered by the Federal Court in Texas (Mitchell Prust v. Softlayer Technologies, Inc., et al., No. 2:09-cv-236) notes that NetMass had infringed three of Mr. Prust’s patents and enjoins NetMass from continuing to do so in the future. From current published reports, Mr. Prust also has a lawsuit pending in Federal Court in California against Apple.

This may be just the beginning of a wave of intellectual property lawsuits as cloud computing begins to evolve and become part of a commercial operational toolkit around the globe – not much different from those surrounding ATMs, online banking, networking and other once-emergent technology platforms. Stay tuned. You will be hearing more from us about clouds in the year ahead.

In the meantime, if your head is in the clouds (or perhaps just a fog), and you need help, feel free to contact me, Joseph I. (“Joe”) Rosenbaum or the Rimon attorney with whom you regularly work.

Posted on

University Licensing Gets a Jolt – Exclusivity Is Not Patently Obvious

This post was written by Craig P. Opperman.

The United States Court of Appeals for the Federal Circuit has just overturned a lower court’s decision to throw out a patent infringement action brought by AsymmetRx against Biocare Medical. Why, you ask? The Appeals Court concluded in AsymmetRx, Inc. v. Biocare Medical LLC that the patent owner, Harvard, should have been included in the lawsuit. Why should you care? Bear with me, especially if you are involved in any way in licensing, exploiting or otherwise commercializing technology, inventions or other intellectual property related to colleges and universities – or in litigating related licensing disputes.

Harvard gave AsymmetRx an exclusive license (including the right to enforce its rights) under a fairly standard and typical “university” licensing agreement. AsymmetRx sued Biocare and won. So far, all is right and ‘normal’ with the world. BUT, not so fast. Biocare appealed the decision and – are you ready?- The Appeals Court for the Federal Circuit sent the case right back to the District Court saying, exclusive? Not really. Harvard should have been joined in the infringement action. What, you say? How can this be? Read on.

The appellate court ruled that reading all the terms and conditions of the standard university license altogether, AsymmetRx didn’t really have the equivalent of full ownership of the patent or the subject matter – exclusive license notwithstanding. So Harvard, the owner, must be a party to the action for any determination on the merits. Specifically, the Court stated: “When viewing the retention of the right to sue in conjunction with all of the other rights retained by Harvard, it is clear that Harvard conveyed less than all substantial rights under the patents. While any of these restrictions alone might not have been destructive of the transfer of all substantial rights, their totality is sufficient to do so.”

In other words, since Harvard, under the terms of its license, still kept a significant amount of control over the patent rights, AsymmetRx as a licensee did not have enough of an interest in the patents to sue without joining Harvard – even though the license terms purported to give AsymmetRx the right to do so. Hmmmm.

Who cares? First of all, universities may now end up having to be joined in every intellectual property infringement action or disputes over intellectual property rights – even though it/they may have given an exclusive license, including the right to bring an action in its own name, to someone else. Are the litigators seeing dollar signs, and are university officials seeing legal costs and additional expenses, in the licensing process?

Just as significantly, if you are a transactional or intellectual property lawyer (or if you are involved in the licensing process from a transactional, contractual or licensing point of view), it gets more complicated. Universities have crafted standard licensing terms which, with rare exceptions, are used in virtually all of their licensing arrangements. So do you change the terms and conditions of these license agreements, relinquishing a greater degree of control – in which case the contract might look more like an ‘assignment’ than a ‘license’ – OR do colleges and universities start gearing up for being involved in more and more intellectual property infringement and rights disputes and lawsuits? If so, does the license agreement specifically need to state that the university is willing or amenable to being joined in the action? What if it’s not? What if it wants to decide on a case-by-case basis? What if the Court decides the university must be joined anyway? What if . . .?

So, are you a licensee? An investor? A university? A rights holder? Doing due diligence? Negotiating licensing agreements? Representing any of these folks? You can do nothing and hope for the best, or you can contact Rimon’s Craig P. Opperman. In uncertain times, no one may have all the answers, but at least you will have an informed basis to make some decisions from lawyers who know.

Posted on

Will Net Neutrality Compromise Net Profits?

Earlier today, Julius Genachowski, Chairman of the Federal Communications Commission (FCC), telegraphed the Commission’s plans to open a formal rule-making process on the issue of “net neutrality.” It’s likely the specifics regarding hearings and a timetable for any proposed rulemaking procedures will be on the agenda for the FCC’s October meeting.

While many of the major carriers – including wireless carriers who have typically been out of the fray when it comes to the Web – have argued against both the need and the wisdom of competitive regulation amongst carriers, open Internet advocates, many of whom were ardent campaign contributors and supporters of President Obama, have been aggressively pushing for regulation. Companies such as Amazon.com and Google, have long argued for rules that would prohibit carriers from denying their right to give consumers complete freedom of choice when it comes to both the content they receive and the devices they use to receive it. While not necessarily quibbling with what appears, on its face, to be a reasonable and market driven approach, opponents point out that the government stay away from intervening in yet another major marketplace – this time one, they argue, that isn’t broken. Further, and perhaps more significantly, companies such as ATT and Verizon, now joined by ATT Wireless, Verizon Wireless, Sprint (Sprint Nextel) and T-Mobile (Deutsche Telekom) argue that forcing carriers to open up their networks without corresponding economic counterbalances in place will force them to either raise consumer prices to keep up with virtually unrestricted broadband demand, but may require them to limit availability and accessibility for capacity and technological reasons. Wireless carriers may have special reasons to be concerned given current pricing models and the technological limits of current bandwidth capacity. That said, the major cable television, fiber optic and DSL-based Internet providers have long had to cope with government regulation and requirements.

Back in the days following the breakup of AT&T’s telephone monopoly (anyone remember Judge Green and his landmark 1983 rulings?), the regional and local companies spawned by carving up the nations’ previously regulated monopoly – the so-called ‘Baby Bells’ – worried about long-distance carriers (including the remaining long distance carrier, AT&T) making deals for preferential treatment over interconnections. Thus the principle of equal (“neutral”) treatment for interconnectivity arose. When cable companies started offering Internet service – previously the domain of phone-line intensive telephone companies (remember dial-up?) – they tried to convince everyone that neutrality didn’t apply to them. They carried information, and weren’t, after all, common carriers.

OK. Fast forward to the market response. Phone companies decided to get into the content business! Cable companies are offering Internet and VOIP services, telephone companies are offering entertainment, programming and information services, wireless phone services stream video content and provide messaging of news, sports scores and applications galore (oh, they do still carry voice traffic when you need to make a call).

So back to 2009 and the future. According to Commissioner Genachowski: “This is not about government regulation of the Internet,” adding that “We will do as much as we need to do, and no more, to ensure that the Internet remains an unfettered platform for competition, creativity, and entrepreneurial activity.” That said, his proposal would add a fifth principle to the FCC’s existing four that relate to the Internet. To wit, that carriers will not be permitted to be selective about the content they carry (subject, of course, to their continued ability to block illegal content) and will be required to be transparent about how they are managing the carriage of content across their networks. Violations and allegations of discriminatory practices would still be reviewed by the FCC as and when the facts of each specific case arise. You can read or download the complete statement of Commissioner Genachowski’s prepared statement today, entitled “Preserving a Free and Open Internet: A Platform for Innovation, Opportunity, and Prosperity,” right here.

Clearly if you are a small Internet application provider or software developer that has traditionally had to pay for access through a carrier, open, non-discriminatory access would prove a major boon. Then again, Internet carriers – wired and wireless – have invested huge amounts of capital in building their own proprietary networks. Since there is no evidence that there is a lack of competition, why should the government tell any of them what they should or should not carry on their networks? Indeed, since the early 1990s, when the Web evolved from a glimmer in the eye of Tim Berners-Lee, to a reality, there have been so few real complaints (and so few complaints from consumers, even as competitors bash each other about), why fix something that doesn’t appear to be or have been broken for almost two decades?

Confused as to how the FCC proceedings might or might not affect your business? Thinking about participating in the dialog or submitting comments to the FCC? Let Rimon help you. To stay informed, keep your mouse tuned to Legal Bytes, and if you need to know more, please feel free to call me or the Rimon attorney with whom you regularly work.

Posted on

A Pirate’s Life (Not) For Me: France Strikes Out Internet Piracy

This post was also written by Andrew Boortz.

Over the last several months, France’s Parliament has been focusing on the issue of Internet piracy. In May, both houses of the French parliament passed the so-called “three strikes” law which would have given an independent body the ability to disconnect file-sharers from their ISPs. In June, the law was declared unconstitutional by the Constitutional Council because, under French law, the power to force such disconnection could only come through issuance of a court order. In response, French President Nicolas Sarkozy gave the first Presidential speech to the French Parliament in 150 years and passionately defended regulation of Internet piracy.

After President Sarkozy’s speech, the French Senate drafted and passed a modified version of the “three strikes” law which would allow alleged infringers to present their case to a French court, prior to losing their Internet connection. Judges in these hearings would have the power to: (1) order disconnection of the alleged infringer’s Internet access; (2) fine the alleged infringer up to €300,000; and/or (3) sentence the alleged infringer to a two-year prison term. Just yesterday (September 15th), the French National Assembly gave preliminary approval to the measure by a vote of 285-225 and now, a joint committee will unify the Senate and Assembly versions and present a final bill to both houses for a vote on September 22nd.

In looking back over the piracy-related events of this year, it may well turn out that 2009 will be remembered as a watershed year in the struggle between Internet pirates and rights holders.  With the Jammie Thomas and Joel Tenenbaum verdicts in the States, the pseudo-shuttering of the Pirate Bay in Sweden, the implementation of a self-imposed, self-regulatory “three strikes” policy by Ireland’s largest ISP (created under threat of massive litigation) and now France’s revised and revitalized new “three strikes” law, the global community is indeed tilting towards greater sanctions and regulation of Internet piracy.

This raises questions for technology innovators. For example, Facebook, which according to a CNN report out today has a social network population nearly as large as the population of the United States, will soon launch a voice chat feature.  Most likely, the feature could be used to stream media across the globe as well as the nation? Would Facebook be liable for creation and distribution of such a feature, which is similar to that which created liability for the Pirate Bay creators for their torrent-tracking website?

Need help? Confused by the torrent of information, technology and legal rights?  Need to know more? Contact Andrew (“Drew”) Boortz, in our Washington, D.C. office, call me or contact the Rimon attorney with whom you regularly work.

Posted on

Privacy: FTC Announces the First in a Series of Public Roundtables

Earlier today the Federal Trade Commission announced details of the first of a series of Public Roundtables being held to deal with continuing efforts to examine, evaluate and determine if, and to what extent, regulation may be needed in connection with consumer privacy. In its announcement, the FTC specifically cites its intention to review privacy practices related to social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers and third-party applications.

The FTC’s announcement acknowledges the beneficial uses of information and technological innovation, while seeking to balance those against the need to protect consumer privacy. The first full-day session will be held Monday, December 7, 2009, at the FTC Conference Center at 601 New Jersey Avenue, N.W., Washington, D.C., and no registration is required. Those who cannot attend in person are welcome to go to FTC.gov and will be able to view the proceedings as a webcast.

The FTC has invited individuals and organizations to participate and/or to suggest topics. To participate, your request can be submitted directly to the FTC by email sent to privacyroundtable@ftc.gov on or before October 30th, and comments surrounding the issues to be discussed can be submitted on or before November 6th. The FTC has prepared a list of specific questions it intends to use in opening the dialog at this first in its series of public roundtable discussions and has invited written comments, as well as research submissions. Details can be found at the Privacy Roundtable Workshop page of the FTC’s website. Comments can be mailed to the FTC, or you can check the FTC website for instructions as to submitting comments electronically. Of course, Rimon stands ready to assist clients in preparing comments or providing representation, and if we can be of assistance, don’t hesitate to contact us. If you need to know more, please feel free to call me or the Rimon attorney with whom you regularly work.

Posted on

Identity Theft: Don’t Just Yell ‘Stop Thief.’ Audit Something!

It was 1998 and identity theft had not yet hit the radar screens as heavily as it would during the course of the next decade. Who could predict? So when I received a call from Albert J. Marcella, Jr. Professor of Management in the School of Business and Technology, Department of Management, at Webster University in St. Louis, who said he was putting together an “audit oriented” publication for The Institute of Internal Auditors to guide professionals who were becoming increasingly concerned about online identity theft, I naturally wondered what I could contribute to that effort.

So we spent a great deal of time collaborating about what we knew, speculated about what we did not know, and tried to put the work in context—specifically, guidance for corporate auditors and security management professionals on what they needed to know as sensitive, personally identifiable information migrated online. The result, of which my contribution played only a small part, was a book entitled www.STOPTHIEF.net, Protecting Your Identity on the Web, published in November 1999 by The Institute of Internal Auditors.

Identity theft, not a brand new crime even then, had a new face in our online, digital interconnected world. And, it was growing and pervasive, and its implications—if for no other reason than the sheer magnitude of the potential risks and the speed at which they would materialize on or through the Internet—were unprecedented and were becoming global.

I now know what I could not have known then—that more than 40 states have passed identity theft statutes and that the Privacy Rights Clearinghouse website, which takes pride in cataloging such things, estimates that as of a day or two ago, 263,247,398 records containing sensitive personal information were involved in security breaches in the United States since January 2005—six years after the publication became available.

To appreciate the foresight and to learn about those audit guidelines and benchmarks, you have to buy the book. But to read my personal piece of that collaborative effort—an end-piece summary of the legal implications entitled “Technology, the Internet and Cyberspace: Challenges to National and International Privacy“, you just have to read Legal Bytes.

Posted on

It’s Often the Little Things that Count – Here are Two

Last month, we brought you information about outsourcing—a topic making news daily. This month, we bring you smaller news with potentially bigger implications.

In the biblical prophecy of Isaiah, the wolf lives with the lamb, the leopard lies down with the kid and a little child shall lead them. You can draw your own conclusions as to who are lions, lambs and the little child, but a few days ago, the unthinkable occurred. Sun Microsystems and Microsoft reached peace by dropping most claims, cross-claims and the vitriolic debate raging since 1997 when Sun sued Microsoft alleging violations of its Java license terms. With a trail of litigation which includes U.S. and European antitrust regulators, the announcement is nothing short of astounding. Yes, it remains to be seen whether years of mistrust will dissipate and lead to true cooperation, but this is not simply a truce between two rivals. The Wall Street Journal quotes Tony Scott, Chief Technology Officer for General Motors, as saying “What we try to do is educate them on the real pain customers go through when you have multiple incompatible standards and technologies.” Instead of customers being forced to figure out (and pay for) solutions to interoperability and compatibility problems, vendors are now being pressured to do so. Is this the beginning of a trend? Too soon to tell, but this truce is a big deal—Mr. Scott represents a customer!

And now, number 2. Perhaps we have become less concerned about providing information to “friendly sites,” but Yahoo! has introduced a “paid inclusion” product which allows advertisers to guarantee their sites will show up in searches—although payments do not change the order in which results are displayed. Not to be outdone, Google’s new “G-mail” will have context-based advertising derived from—are you ready—a scan of key words in G-mail received by subscribers, which customizes advertising based on information in the e-mail. G-mail a friend about bowling and you may see a pop-up coupon for a local bowling alley. Marketing professionals and advertisers point to the fact that G-mail is an opt-in service and consumers have shown they are willing to give up privacy to obtain greater levels of convenience.

For the record, cookies were invented to allow you to have a shopping cart and accumulate items when going web shopping. Fast-forward past cookies to
spammers, phishing, pop-ups, invisible GIFs, web bugs, intelligent bots and spyware to this latest announcement. Google can now accumulate a detailed
dossier of individual consumer preferences and the contents of e-mails. No one is suggesting Google would abuse such information or that subscribing is not
truly voluntary, but not only do we know what you did last summer, soon we may also be able to tell you what you are planning next summer.

Posted on

The Buzz About Sourcing: Out, Near, Offshore, Strategic, Corporate, In…

Not a day goes by that outsourcing isn’t in the news. Not just news, but NEWS. The Wall Street Journal, Information Week, The New York Times, Financial Times, CIO Magazine, American Banker. “Press 1 for Delhi, 2 for Dallas,” “Prove It’s Secure: Legislators Want CIOs and Service Providers to Show that Customer Data Sent Overseas is as Safe as it is at Home,” “Global Talk Gets Cheaper—Outsourcing Abroad Becomes Even More Attractive as Cost of Fiber-Optic Links Drop,” “Offshore Outsourcing: How to Safeguard Your Data in a Dangerous World,” “Weighing the Benefits of Offshore Outsourcing,” “Big-Bank Perspectives on Offshore Outsourcing,” “Lesson in India: Not Every Job Translates Overseas,” “Business Coalition Battles Outsourcing Backlash,” “More Work is Outsourced to U.S., Than Away From It, Data Show,” “Offshoring Can Generate Jobs in the United States”—well, you get the picture. Senator Liz Figueroa (D-Calif.) is seeking legislation prohibiting consumer medical and financial data from being sent overseas without assurances of strong privacy safeguards (remember the U.S. position on the European personal data directive?). Even Alan Greenspan has weighed in, cautioning, “These alleged cures would make matters worse rather than better.”

Both providers and customers consistently articulate several key themes. Many third-party providers can do it cheaper, faster and at higher quality – processing is their business – not yours. Third-party providers survive by keeping up with technology, training personnel and responding to changes quickly and efficiently – often a secondary priority and a headache for other companies. Further, companies are recognizing that allowing a third-party to perform functions and assist in providing services rarely requires relinquishing control or responsibility – in fact, proper management increases, and almost always in a positive way.

Like it or not, outsourcing is likely to remain a significant weapon in management’s arsenal of choices in managing business—an alternative available for consideration as requirements change. Although perhaps obvious, an outsourcing transaction should take into account the following key issues:

  • All or Some?—Assess needs, evaluate priorities, costs and requirements, and understand which functions, process or operations should be outsourced and which retained. Outsourcing is a tool, not an end in itself.
  • Control, Flexibility & Cost—A delicate balance considering the difficulty and implications—especially when entrusted to a third party, or if you are a third-party provider. Agreements must address varying objectives, priorities, customers and suppliers—hardly a trivial exercise.
  • Human Resource—Outsourcing affects employees: seniority, pensions and benefits, decisions involving termination, changes in salary, and even relocation. Immigration issues arise when moving people around—even for temporary training or other assignments.
  • Performance Standards—Defining and prioritizing standards is difficult enough internally and fixing accountability in a contract even more so.
  • Corporate Compliance, Privacy & Security—These issues require careful examination. Functions can be outsourced, but rarely can the responsibility.
  • Relationship Management—Customer and provider must develop a solid working relationship—in operation and spirit. From shifting priorities to changing performance standards—there is no substitute for a strong, effective team approach.
  • International—Global outsourcing gives rise to issues relating to currency fluctuations, differing intellectual property protections, privacy and transborder data flow, surveillance and security, governing law, dispute resolution, and interpretation and enforcement of contracts in local courts; and
  • Insourcing—Sometimes forgotten, no decisions are permanent. Leave room to re-evaluate or move functions from one service provider to another in an amicable transition process. Businesses, operations, requirements and costs change—don’t lose flexibility.

Did you know Rimon has significant experience in handling sourcing transactions—near, offshore, strategic and otherwise? Did you know Rimon may be the only law firm with attorneys here and abroad who have handled major international and multinational outsourcing transactions for financial institutions, airlines, health care providers, telecommunications and manufacturing companies, to name a few? Did you know Rimon lawyers are adept at looking at both the purely legal and contractual issues, as well as counseling clients for success and guiding clients through the process?

Whether understanding sensitivities of internal employee concerns, or preparing RFPs and negotiating and managing these complex contracts, Rimon lawyers understand and handle risks and issues new and unknown to many organizations—a host of human resource and performance issues, assignment, immigration and employment, warranty, insurance, indemnity and liability questions, growth, change control, customer service and termination issues. How to handle a migration plan? What about our people? What if I can’t get the service I need? What if my needs, my systems, my operations or my processes or my business changes?

The implications are large, the risks enormous and the complexity overwhelming—don’t skimp on retaining people with the right expertise, including lawyers. Want to know more? Want to schedule a customized in-house seminar? Contact Joe Rosenbaum in the U.S. at joseph.rosenbaum@rimonlaw.com and let us help you.

Posted on

Avoiding a Legal Disaster: Déjà Vu All Over Again

In April 1995, Datapro Reports on Information Security published a Disaster Avoidance brief (IS38-200-101) entitled “Avoiding a Legal Disaster: Business Continuity Planning for Multinationals.” In that paper, the author analogizes a famous 1932 “technology” case decided by the Second Circuit Court of Appeals in the United States, to the growing potential liability of users in managing their technology and information security resources. Specifically, the article states that “In 1932, a famous case entitled The T.J. Hooper (60 F.2d 737; 2nd Circuit, 1932) held that the failure to take advantage of existing and available technology—even though it was not in widespread or common use—was not evidence that the defendant’s duty to take reasonable care had been fulfilled. By analogy, when a disaster occurs, it will not be a defense to argue that a recovery or security system or preventive measure is not commonly in use, especially if using it would have averted the disaster or minimized the loss.”

The article, which focuses on what organizations can do to minimize risk, goes on to note that, “The more reliant business and operations become on technology, the more available preventive and risk management tools become, the less excusable a failure to implement meaningful measures and exercise due diligence over company assets will become to government, employees, customers, suppliers, and shareholders—all potential plaintiffs.”

Now this fact and the author would probably be relegated to obscurity but for an interesting article on I.T. Litigation that has just appeared in the February 1, 2004 issue of CIO Magazine, entitled “Courts Make Users Liable for Security Glitches.” The author notes that an interesting turning point arose in the wake of 9/11 when, in October 2001, Hartford Insurance removed computer damages from its general commercial liability policy coverage. The article goes on to cite three recent cases which are beginning to look a lot like a legal trend in this area. First, a case in which Verizon asked a court to order the State of Maine to refund money because Verizon wasn’t using Maine’s network while Verizon was “down” because of the “Slammer” worm. Verizon had not implemented a Slammer patch and last April the Court ruled that while one may not be able to control a worm attack, they are foreseeable—no refund (Maine Public Utilities Commission v. Verizon).

In Cobell v. Norton, the U.S. Department of the Interior’s website and computer security became an issue in a case involving benefits allegedly and to American Indians. The Court was sufficiently irritated by the Department’s conduct related to security audits, that the Judge actually commenced contempt proceedings! Finally, in the last case cited by the article, the American Civil Liberties Union hoped to avoid liability for accidentally publishing donor information by pleading it had outsourced its security to a third-party vendor. Although the case settled, it is doubtful such a defense would have worked and it is almost certain regulated companies will not be able to escape accountability for compliance by outsourcing regulated activities—the responsibility will remain theirs!

There appears to be an increasing, and not-so-subtle, shift away from the notion that programming errors related to security breaches, computer viruses, worms, logic bombs and other malicious code or hacker and denial of service attacks are somehow equivalent to unpredictable natural disasters like earthquakes or fires—thus not subject to a “fault” analysis, but more appropriately covered by ‘accident’ insurance. Indeed, these and other cases arising in the courts treat breaches of security as fair game for negligence lawsuits—especially where damage has been done to a consumer (e.g., identity theft) or where the assets of a company—tangible or intellectual property—have been compromised. As noted in the 1995 article, liability for failure to implement available security is likely to increasingly hold both providers and users of technology liable where negligence can be shown—or even reckless disregard where safety or the protection of assets are concerned. You can read the CIO Magazine article here and, by the way, the obscure author of the 1995 Datapro article can be reached at joseph.rosenbaum@rimonlaw.com should anyone wish to see a copy or discuss the issues raised—then or now!