Avoiding Infringement: Trademarks

When designing trademarks, the organization has a responsibility to ensure that the new mark is not infringing on an existing mark. There was a case in 1998 where Tommy Hilfiger was assessed for damages on the “Star Class” trademark. Hilfiger had his attorney perform a search of federally registered marks, but failed to search state and common marks. This lead to damages as Hilfiger was not shown to have performed due diligence in the duty to search. New trademarks – whether it is a product name, service name, slogan, domain name, or other initiative – should be thoroughly researched to ensure that there is not a use in the federal or state registration systems, or in the commons.

When reusing another organization’s trademark, reasonable effort should be put forward to use the exact mark and include the ™ trademark symbol as appropriate. Many firms have restrictions on how their logo and mark can be used (for example, on a partner’s website or a business card.) These restrictions must be researched and understood. In doing so, an organization can avoid accidental misuse of another firm’s IP.

April is Copyright Awareness month according to the Copyright Society of the USA. This article is part of a series delving into the topics of trademarks, copyrights, patents and trade secrets. Follow the tag “Intellectual Property” to read all the articles.

An information security professional has a duty to his organization to protect its information assets, and a duty to his profession to ensure the organization’s technology is not used for illegal activity. The next four articles cover Intellectual Property from the perspective of avoiding infringement.

The purposes of copyright and patents are to publicly distribute and protect intellectual property, while trade secrets are used to privately hold and use IP. While the information security field is naturally cautious of security through obscurity, keeping specific aspects of an organization’s processes and knowledge secret can provide an advantage. To define a trade secret, three items must be present: “the information is not generally known or ascertainable by proper means; the information has economic value; the owner of the secret must use reasonable efforts to maintain secrecy. (Stim, 2001)”

Demonstrating due care and due diligence in guarding an organization’s information systems and informational assets is critical in keeping trade secrets undisclosed, and prosecuting competitors should the secrets by discovered. “The enforcement of trade secret protection is time-consuming and expensive later on. Generally, the proof required consists of a showing that there was an active security program in place that was sufficient to protect the information as confidential (Bosworth & Kabay, 2002).”

There are several ways to protect trade secrets. The information security program and the controls over access (both physical and digital) play a role. Agreements – confidentiality, non-disclosure, and third-party – can also be used to restrict people who have access to the trade secret from communicating it out. The agreements can be used in breach of contract suits to prevent the trade secret from being released or to seek compensation for its release. In addition, the “inevitable disclosure doctrine” can be enacted to prevent employees who have access to sensitive information from leaving for a competitor where that information will naturally be a part of their role.

References:

Bosworth, S., & Kabay, M. E. (2002). Computer Security Handbook, 4th Edition. New York: John Wiley & Sons, Inc.
Stim, R. (2001). Intellectual Property: Patents, Trademarks, and Copyrights, 2nd Edition. Albany: Delmar.

Copyright can be contentious issue for security practitioners weaned on open source and raised on Slashdot. It is important to remember that open source licenses, Copyleft, and Creative Commons are themselves imaginative hacks on traditional copyright law. It is copyright that makes these alterative licenses possible.

The purpose of Copyleft and Creative Commons is simple: disperse information as widely and as freely as possible. The purpose lines up neatly with the hacker ethic. Information wants to be free, after all, and these licenses are ways to ensure its freedom while still maintaining some protective controls for the author. The purpose is in turning works into generative pieces. Standard copyright reserves all rights for the author.

The decision on the copyright license to use lies with the organization. Specifically, the designated owner of the information asset is charged with making these decisions. As the security managers for the information networks, our responsibility is to educate the designated owner and ensure that the decisions are enforced correctly and consistently.

Copyrighting a document has a few obvious requirements. The document must be original and not infringe on other’s existing copyrights. It must be fixed form, like a document, image, or an audio/visual recording. Architectural plans and software source code can also be copyrighted. The copyright protects a given expression of an idea, but not the idea itself. Thus an architecture plan that is copyrighted protects the plan itself, but not the ideas behind designing the plan. Software copyrights are similar. The copyright protects the specific source code but not the underlying idea, method, or algorithm. Copyrighted works must be substantive. A short phrase, a brief sound clip, a plan for a room’s walls, and a short code snippet all are non-copyrightable.

Copyright provides specific protections. Other organizations cannot copy without permission (unless permission has been granted with Creative Commons or similar licensing). People and firms that buy copyrighted material, however, do have extended rights (called First Sale doctrine) to resell or redistribute the purchased copy. Similarly, the Right to Adapt exists that gives control over derivative works are produced to the original author. End user license agreements can be tailored to avoid First Sale doctrine and Right to Adapt. These licenses provide tighter control over how the property is used.

The commercial impact of unauthorized works is taken into account in copyright infringement cases. The end users can still reuse and create the document under Fair Use. Fair Use allows remixes based on four conditions: how different and unique the new content is, the nature of the work, the amount of the original copyrighted material in the new material, and the effect on the market. Evidence of the market effect may be present in the information systems. The evidence, for example, may be in sales trends, in store traffic, or in web site traffic. It is, therefore, important that copyright protection mechanism include systems that gather, correlate, and maintain statistics on use.

Copyright materials can be registered with the United States Patent and Trademark Office (USPTO). Simply affixing the © symbol to a work (or corresponding Creative Commons symbol) creates an enforceable copyright. Copyright protects intellectual property for the life of the longest living author plus a period of 70 years. Works for hire, created for a firm for pay, are protected for 95 years from the date of first published or 120 years from when the material was created, whichever is less.