Michael Geist wrote an interesting article about a situation where a popular Canadian website containing public domain music scores has shut down after getting a demand letter from an Austrian music publisher. Seems that the laws in Austria regarding public domain are different enough that some of the content might have been unlawful to post in Austria.

Michael points out several reasons why this is troubling, including the perspective that if this is correct, then the public domain becomes an offline concept, since posting works online would immediately result in the longest copyright term applying on a global basis.

Read Michael’s post

For the London Free Press – October 29, 2007

Read this on Canoe

For more than fifty years, contract law has been haunted by the spectre of fundamental breach.

From its inception in the law courts of the United Kingdom in the 1950s it was controversial. In essence, it is a way for courts to look beyond a contract, or at least not to enforce limitation of liability clauses contained in a contract, to provide a remedy for very serious contractual breaches.

Regardless of the theory, we simply need to remember that no-one can hide behind a limitation of liability clause in a contract if they don’t perform at all, or fail miserably — even if the limitation clause is a typical one.

In more technical terms, if a party commits a radical breach of a contract — then uses an exculpatory clause to take all the benefits of the contract but none of the burdens — the courts will prohibit that party from relying on that exculpatory clause irrespective of how clearly it is drafted, because to do so would be unfair to the other contracting party.

To this day, legal theorists and even judges are unable to agree exactly what amounts to a fundamental breach of contract, or if such a thing should even exist.

In a recent article in the Canadian Bar Review entitled Return of the undead: fundamental breach disinterred, Richard F. Devlin, Associate Dean at Dalhousie Law School, looks at how the principle seems to stick around despite efforts by some judges to eliminate fundamental breach as a concept of Canadian contract law.

While judges, academics and lawyers struggle with the differences, theories, and appropriateness of the concept of fundamental breach, or alternate concepts such as unconscionability or good faith – the practical effects on the enforcement of contracts are virtually the same.

In one instance the doctrine of fundamental breach was used to prevent a storage company from relying upon a limitation of liability clause. Under questionable circumstances, after the rent on a storage locker fell behind, the storage company sold the goods contained within, valued at $60,000, to an auctioneer for $800. The court held this action amounted to a fundamental breach of the contract.

In another case, a company was hired to move household possessions. They left the moving truck parked on the street overnight without any security or monitoring and the goods were stolen. The court found they could not rely upon their limitation of liability clause as their breach of contract was unconscionable.

As the courts struggle with the concept of fundamental breach and some judges try to get rid of the concept entirely, the reality is that courts will find a way to provide remedies for significant breaches of contract by whatever legal theory is available to them.

Despite the uncertainty provided by the presence of the doctrine of fundamental breach, there is little question that limitation of liability clauses will remain standard fare. In most cases they serve a useful purpose and can be applied quite successfully. In the end, however, no one can safely hide behind a limitation clause in situations where they don’t perform their obligations under a contract at all, or fail miserably to do so.

This is a summary of a presentation I made for TechAlliance yesterday.

The PowerPoint (pdf format) is here

Update: This post has been reproduced on the Canadian IT Managers blog

Dealing with legal issues sooner rather than later lessens risk and costs. Some legal mistakes can take a lot of time, energy and cost to correct, and some can’t be cured at all. They can affect daily operations, reputation, financing, risk and liquidity events.

If, for example Microsoft or Google come knocking to buy your business, but find some of these things have been done poorly or not at all, they may lower the price or go elsewhere.

INCORPORATE THEMSELVES

The odds are the details won’t be right and the corporation will not get organized with the right bylaws, resolutions etc.

Companies often choose the wrong jurisdiction.

It’s important to get tax and accounting advice at this stage to ensure proper share structure.
If there are any assets to be transferred in it may be advantageous to do a section 85 rollover, which requires accounting help and the accountant to work with the lawyer to draft the right special share structure.

It’s more expensive to fix this later than to have it done right up front.

RELYING ON ANECDOTAL ADVICE

Relying on the ubiquitous “consultant” or anecdotal advice from others on legal matters is never good legal advice.

Even if one can’t afford to do everything up front, at least get some upfront advice and prioritize them.

If one shares their business plan early with their lawyer, the lawyer can help prioritize the needs and perhaps raise other issues or give advice on some issues that can make a difference going forward. For example, the fundamental structure of arrangements with customers or suppliers. The potential value of a lawyer’s input is diminished if it is sought only on the eve of the signing of a document.

Web 2.0 concepts are based on the wisdom of the crowd but beware of the tyranny of the majority.

Doing research on various issues on your own to see what other companies have done can be helpful, but it doesn’t replace legal advice. Even if you research your ailment online, you wouldn’t perform surgery on yourself.

NOT PLANNING FOR GROWTH

Some new businesses under price their products based on the cost of working out of their garage. Products or services should be priced based on what it would cost to operate as you grow. Premises, people and professional services cost money and must be incorporated in your plan.

Often customers won’t take your services seriously if you charge too little – i.e. it can’t be any good if it costs that much less than the competition.

If a business waits until it is larger to do things like human resources and employee policies it becomes harder to put them in place and enforce them. While those things don’t have to be done immediately, they should be done reasonably early in the growth phase.

Businesses should plan for the scalability of their operations as well as the scalability of the product.

I have seen deals fail because the vendor was unable to support or implement the product because they did not have enough resources, yet could have afforded to provide that support if they had charged more, yet still undercut the competition.

POOR RECORD-KEEPING

This includes things like not keeping proper records of contracts or keeping track of tasks that need to be done.

It’s important to keep contracts and records intact and in one place (or at least have a master index that tracks where they are). That includes corporate records, customer contracts, supplier contracts, intellectual property documentation and other matters.

It’s crucial to have a tickler system for various matters that have due dates – such as domain name renewals, lease renewals, tax filings and payments and various agreements. Even mundane agreements for things like water coolers, copiers, and postage meters.

Agreements with a term may require notice to either stop them or to extend them. One doesn’t want to either miss renewing something or fail to terminate something inadvertently.

Tracking future actions is something that’s easy to do but the consequences can be severe if its not done.

It can be done either electronically or on paper but it needs to be organized and easy to administer.

For example it could be devastating if one misses the renewal of their domain name.

NOT DOCUMENTING IP OWNERSHIP

Intellectual property covers a wide gamut of things ranging from copyright, trademarks, patents, nondisclosures, trade secrets and license arrangements both in and out.

This is one of the most common problems and sometimes the most difficult to correct. While it is theoretically easy to document this after-the-fact, it is often not easy to find the right people, convince them that they should cooperate, and convince them that your view of ownership is the right one. People often don’t agree.

Not being able to prove that you actually own the rights to the product or service you sell can be fatal to that Microsoft / Google takeover.

It is crucial for ownership and moral rights issues to be addressed in writing with contractors. This is true whether one is hiring a large corporation to do some programming, whether borrowing some creative people from the business down the hall, or whether hiring an independent contractor to perform a task. Absent an agreement to the contrary, the starting position is that that contractor, and not the corporation that hires them to do the job, owns whatever they create.

It’s also important to ensure what they provide is original and not “borrowed”. Watch out for the use of open-source software or shareware. Often it can be used for personal use but not for business use, or not to create a product.

It is not uncommon for a client to a come to their lawyer with the problem where they think they own something, but a former employee or contractor insists they own it. Typically that happens were one needs to prove that you own it for some reason. If the other party knows that, it just raises the difficulty and the price to get it resolved.

NOT PROTECTING INTELLECTUAL PROPERTY.

It’s important to protect your own IP.

Protection includes not disclosing anything that might be sensitive unless one has to, ensuring appropriate nondisclosures are in place, marking branding with trade-mark notices, registering trade-marks for important brands, and making sure licenses for your product or service include appropriate provisions.

On the patent side, it is important to consider whether any of your creations are patentable. Patent rights can be lost if the subject matter is made public before the patent is applied for. It is not unusual for example to have someone who wants to apply for a patent on something they created while in school. But they can’t get a patent on it because the subject matter was disclosed in their master’s thesis published over a year ago.

Open-source software can cause issues. There’s nothing inherently wrong with the open-source model or using open-source software. The danger is that with some open-source licenses, depending on how you integrate your own code with the open-source code, you can be forced to disclose the source code of your own proprietary software. On the flip side, some programmers think that one must disclose the source code of your software if it comes anywhere near open-source software, which is not true.

One can compromise one’s own intellectual property if you violate the copyrights of others. Examples include copying creative works, whether that is computer code, web sites, photographs or promotional material of others.

GETTING INVESTORS WITHOUT LEGAL ADVICE

Securities laws are complex and failure to abide by them can be incurable. Many people don’t realize that the same laws that apply to public companies affect how private companies raise capital. Failure to do this right can severely hurt a corporation’s ability to get future financing or participate in a liquidity event. Securities laws are very strict regarding how one can advertise and sell shares, and the process for doing that.

There are many rules and exceptions to the rules. This is an area so complex that many business lawyers don’t understand it.

Another problem is issuing stock options to employees. Stock option agreements are a valuable tool for public companies but should be avoided by private companies. The minute one goes down this road, the employees become shareholders and as such are entitled to the same control and information disclosure as a normal shareholder. It can severely fetter the discretion of the founders or real owners. While having shares can be an incentive to employees, it can also give them an inflated sense of entitlement.

Employees of private corporations can be incented in other ways such as profit-sharing or bonus programs. The benefit to employees owning shares in private companies is illusory as there is no real market for the shares.

BLINDLY USING AGREEMENTS OF OTHERS

Businesses often try to use material that others have created for things like software licensing, Web terms and conditions, privacy policies and HR policies.

That’s a dangerous thing to do. Just because it’s OK for Microsoft doesn’t mean it fits your situation.

There are jurisdictional differences in agreements. US based limitation of liability clauses; for example, usually miss a key Canadian concept that can severely limit its effectiveness.
Different products, different delivery mechanisms and different fact situations all lead to different needs for documentation.

Things like warranties, conditions and disclaimers may not be effective in different jurisdictions. UK for example.

For things like privacy policies, being compliant with privacy laws involves far more than just sticking up a policy.

NOT HAVING YOUR OWN IT HOUSE IN ORDER

Backup and continuity plans are crucial. It can be a disaster if you lose work.

While we usually think of hurricanes, floods and 9/11 as the type of disasters we have to plan for, the most common disasters are things like water leaks, hard drive failures or backhoe Bob.
The risks of each organization will vary. It is crucial to access what risks exist for your business and address them appropriately.

In addition to effective backups, it is important to have disciplined file/document retention with consistent filing standards and revision control for documents and code.

Many businesses fail to adequately deal with security and privacy issues. That includes the security measures necessary to protect intrusions to your system and your paper files. Also any extra security measures required for portable media such as laptops, smart phones and jump drives.

Be sure that you have enough licenses for the software used in your operation.

There are also risks inherent in the application service provider model that many don’t deal with. The asp or apps on tap model has been around for many years but is growing in popularity. Since you do not house your own data, there is a risk of losing that data. While the asp provider may very well be able technically to better data backup than you can, the issue is what happens if something goes wrong and they go bankrupt or simply refuse to provide the data. That issue can sometimes be addressed by keeping local updated copies of the data. On the flip side, those businesses providing asp type services should expect this to be raised occasionally by purchasers, and have a plan to provide a solution to the issue.

HIRING THE WRONG COUNSEL

Lots of lawyers can do basic business things such as incorporating a company.
Tech companies are better off with a lawyer who understands tech issues and tech company needs, products and services.

Good legal advice (like most kinds of advice) is dependent on knowing the facts and context, and the practical issues at hand – not just the law.

For example, not many lawyers would check US trademarks or domain names before choosing a corporate name.

Not all business lawyers are familiar with issues surrounding intellectual property/licenses/security/privacy.

Techdirt has a post entitled Your Kids May Be Telling The Whole Internet Your Secrets that refers to an article about how children may post embarassing info one might not want public – such as a job loss or drinking problem.

I have written before about the possible consequences of posting too much information on social networking sites, and on the flip side how organizations should take advantage of the available information when contemplating hiring or doing business with someone.

Techdirt’s spin is: Perhaps instead of blaming the Internet for getting caught, perhaps these parents should take a look at themselves first, since it was their own illicit or inappropriate behaviors that actually got them in trouble in the first place.

My spin is that parents should teach their children that putting something on the net is the same as broadcasting it, and to use some discretion and tact when talking about others, whether it be to a friend or on the net.

Read the Techdirt post

Read the article at wesh.com

For the London Free Press – October 22, 2007

Read this on Canoe

The Canadian and Alberta privacy commissioners recently released their findings on the TJX privacy breach.

The commissioners found that TJX failed on basic privacy principles. The frustrating part is that while these basic privacy concepts have been promoted by privacy advocates and legislation for years, they are often not followed.

Privacy laws and issues can be complex in both theory and practice — but in essence come down to three basic high level points. Collect, use and disclose only the minimum personal information necessary, keep it only as long as it’s actually needed and secure it properly while you have it.

Too often organizations don’t take a crtical look at their information practices and needs from that high-level perspective.

In December 2006, TJX Cos., which owns such retail stores as Winners and HomeSense, had a major security breach. The information of approximately 45.7 million credit and debit cards were jeopardized, here in Canada as well as in the United States. The subsequent privacy commissioner inquiries determined the retailer was keeping too much sensitive information, was keeping it for too long a period of time following the sale transaction and did not have adequate encryption safeguards.

While TJX was the subject of the inquiry, it is certainly not the only entity needing to take a second look at its privacy, technology and security systems. Retailers should learn from the mistakes of TJX and avoid falling into the same traps that allowed the security breach.

A joint press release of the Privacy Commissioners of Canada and Alberta stated: “The TJX breach is a dramatic example of how keeping large amounts of sensitive information — particularly information that is not required for business purposes — for a long time can be a serious liability.”

As consumers, we should question the practices of retailers when they ask for information about us. When making a return, for example, retailers are entitled to ask to see ID for fraud prevention purposes, but they should not record the details. Retailers are obligated to explain what they are using our information for.

Ask why the information is being gathered, and who is going to use it. Consumers need to become aware of what is being done with their information after their credit or debit cards are swiped, and what becomes of their information at the end of the day.

For example, TJX has implemented software that generates a unique identification number where when entering driver’s license numbers or other forms of identification for non-receipted returns, rather than keeping the license number itself.

Another lesson is that privacy protections must be reviewed and updated regularly. The Commissioners were critical of the time it took TJX to upgrade its security protocols. Organizations often have a difficult time determining what IT security is necessary or appropriate. High levels of protection often come with onerous requirements for overhead and management. Accepted industry standards may be unclear or uncertain.

The risks of security breaches can only be minimized if organizations stay on top of developments in the security area, and implement improvements as best they can.

For the London Free Press – October 15, 2007

Read this on Canoe

Second Life is an online fantasy world where people adopt a resident with any appearance they choose.

The person then controls the resident, or avatar, as they go about their lives in a virtual version of the real world. Since its launch in 2003, Second Life has had more than 8.9 million accounts registered and it is growing rapidly.

Early on it was seen as little more than a hippy hangout where people took virtual drugs and participated in quirky games.

Second Life’s growth has led to the emergence of Second Life entrepreneurs who see tantalizing business prospects in this world of seemingly limitless possibilities.

The extent to which game dollars translate to real world dollars is debatable, but people do pay other gamers real world dollars to acquire game assets.

Politicians and businesses have also seen potential in this virtual world, setting up stores and campaign headquarters.

As the virtual world has been invaded by the real world it has struggled with disruptive residents known as griefers who have resisted this development.

Griefers were originally tolerated due to the anything goes attitude of the world’s residents. For those with financial investments in the world, these griefers represent not an annoyance, but a potential source of lost revenue.

Many view virtual worlds such as Second Life as the modern equivalent of the Wild West.

The question is how much real world governance of fantasy worlds should there be ?

One suggestion is to look to sport. In many sports, behaviour that would be considered assault off the field is considered acceptable on the field.

Within Second Life there are elements of self regulation by the designers and the residents. The goal of Linden Labs, the creator of Second Life, is to “foster a self-governing community where residents are empowered to act on things they feel strongly about.”

This may not be enough for those who want the law to protect their virtual assets in the same way it protects their real assets. The worry is that legislators will say virtual worlds should be like the real world and fear the evolution of Second Life into Real Life2.

But they approach the issue, in a world where even the law of gravity doesn’t necessarily apply, legislators may face a battle.

That’s the title of an article I wrote for Findlaw, a US legal publication.

It starts off by saying: The influence of blogs and bloggers are changing the way corporations act and react in many circumstances.

Read the article

Rogers is offering a free upgrade to Windows Mobile 6 to those of us who have a Rogers HTC with Windows Mobile 5. I upgraded mine yesterday – it was easy to do.

That upgrade was welcome – now if only the data rates would come down so I could actually afford to surf the net using the Rogers network, instead of having to do that over wifi.

Read more about that in an article by Jack Kapica

That’s the title of a presentation I am giving for the TechAlliance on October 25th. Take a look at the TechAlliance web site for more detail, and to sign up.

For the London Free Press – October 8th 2007

Read this on Canoe

Courts seem to be scrutinizing non-solicitation clauses of former employees more closely. Businesses would be wise to take a look at their existing non-solicitation provisions to take this into account.

A non-solicitation clause prevents employees from soliciting customers of their former employer to sell them a competitor’s goods or services.

Conventional legal wisdom was that non-solicitation clauses were easier to enforce than non-competition clauses (which state a former employee can’t work for a competitor). Non-competition clauses must be narrow in scope to be enforced. Recent case law says non-solicitation clauses in employment contracts also will be looked at to ensure they do not go beyond legitimate business protection.

Courts want to ensure the restrictions within the clauses do not overly limit the employee’s ability to find new employment, while still providing protection for proprietary rights of the former employer. The kind of restrictions or limitations the courts used to accept as necessary to protect the integrity of the business are narrowing.

When a court considers non-solicitation clauses, it will not correct deficiencies in the wording. If it is found to be restrictive in one particular aspect, they will deem the entire section to be inoperable.

Two recent decisions of the Ontario Superior Court and the Ontario Court of Appeal indicate that employers are held to a high standard of reasonableness when restricting the future earning potential of former employees.

Often geographical restrictions are too broad. The courts prefer limitations on solicitation of those who that particular employee specifically dealt with or knew of, rather than on all current and prospective clients of the business.

This was the case in a decision called IT/NET Inc versus Cameron, in which a sub-contractor signed a non-solicitation agreement which prevented him from soliciting clients not only at his job site, but in other locations within the company. The clause would have applied whether the contractor knew his target was an IT/Net client or not, and it had no spatial limit, so would apply anywhere in Canada.

The court found it was unreasonable to require such a covenant between the two parties, and that IT/Net did not require that kind of protection.

In Trapeze Software Inc. versus Bryans, the court considered the grounds on which a covenant has to be reasonable.

They include: that the employer actually had a proprietary interest to be protected, that the limitations on geographic work zones, or the duration of the covenant was not too broad to impede the ability of the employee to gain new employment, and that it is not against competition generally.

This means it is permissible to restrict contact between customers and former employees, but it may be necessary to limit that to customers the employee dealt with or was aware of.

These two cases are not a dramatic change, but clarify what has been known for many years; that any restrictive clauses in employment contracts must be reasonable.

Reasonableness is hard to define, but these cases tell us that so long as the former employee is not completely blocked from the industry, and not completely prevented from gainful employment, and so long as the employer has something legitimate to protect, like client lists, or trade secrets, the covenants will stand up to the court’s scrutiny.