Does Copyright apply to Chicken Sandwiches or Cheerleading Uniforms?

Lately the news has been too full of weighty stuff like elections, the Ashley Madison hack, stock markets, and the Chinese economy.

So today’s post is a bit lighter.

Courts in the United States have recently decided whether copyright applies to chicken sandwiches and to cheerleading uniforms.  They decided that it applies to one – but not to the other.

If you guessed  it doesn’t apply to the chicken sandwich, you got it right.  In the US Court of Appeals the parties were fighting over rights to a sandwich consisting of a fried chicken breast topped with lettuce, tomato, cheese and garlic mayonnaise on a bun.  The judge said that the “district court properly determined that a chicken sandwich is not eligible for copyright protection”.  And that “A recipe—or any instructions—listing the combination of chicken, lettuce, tomato, cheese, and mayonnaise on a bun to create a sandwich is quite plainly not a copyrightable work,”

In a 2 to 1 decision, the US Court of Appeals decided that copyright protection does apply to cheerleading uniforms.  The difference between the majority and the dissent hinged on what the purpose of cheerleading uniforms is.  The majority decided that the design was decorative, not functional.  The dissenting judge however felt that the function of the uniform was to identify a cheerleader as a cheerleader, and thus the design forms part of that function.

Cross-posted to Slaw

 

Internet of Things Security Standard Proposal

The Internet of Things (IoT) is surrounded by a lot of hype.  There is great promise to be able to do and know all sorts of things when all our stuff can communicate.  That could be almost anything, including thermostats, cars, garage door openers, baby monitors, appliances, fitness trackers, and the list goes on.  Cheap sensors and easy connectivity means that it is becoming trivial to measure everything and connect almost anything.

But with great promise comes great risk.  Our things will generate information about us – both direct and inferred.  There are security issues if these devices can be controlled by third parties or used as back doors to gain entry to other systems.  It may not be a big deal if someone finds out the temperature of your house – but it is a big deal if they can go through your thermostat and get into your home network.

These privacy and security issues must be dealt with up front and built into the devices and ecosystem.

The Online Trust Alliance (members include ADT, AVG Technologies, Microsoft, Symantec, TRUSTe, Verisign) just released a draft IoT Trust Framework to address this issue.  The draft is open for comments until September 14.

Cross-posted to Slaw

Alphabet – Google restructure – how does it affect us?

The Google re-org announced Monday has the tech press in a huge buzz.  Lots of virtual ink has been spent explaining and analyzing the change.  Essentially, Google created a parent company called Alphabet, left the core business in Google, and created sister companies to Google that will operate some of its other projects, such as the self driving car and smart medical sensing contact lenses.

This change has some sound logic behind it from a business perspective.   There are also interesting side stories, such as how their choice of abc.xyz as a domain for the new company has dramatically increased the sales of .xyz domain names, and perhaps helped end the dominance of the .com TLD.

So what does it mean for the average person?  Not much in the short term. It does, however, mean that they will continue with their “moonshot” programs that could in the long term bring us self driving cars, drone delivery systems, and medical innovations around aging.

It also means that Android will continue to evolve and innovate, and provide some healthy competition to Apple and Microsoft.

Cross-posted to Slaw.

Friday is System Administrator Appreciation Day

Friday July 31 is the 16th annual SysAdmin Day.  A day to show our appreciation to the IT professionals who keep our computers, networks and apps working.  For those of us who push the tech envelope a bit beyond a typical office setup, our thanks for not rolling their eyes every time we ask them for something new and different.  And our thanks for using us as the test platform for new stuff.

In the interest of using your SysAdmin’s time most effectively, take a look at this amusing list.

Cross-posted to Slaw

Crypto backdoors are a horrible idea

From time to time various law enforcement and government types whine that encryption is a bad thing because it allows criminals to hide from authorities.  That is usually followed by a call for security backdoors that allow government authorities to get around the security measures.

That’s a really bad idea – or as Cory Doctorow puts it in a post entitled Once Again: Crypto backdoors are an insane, dangerous idea: “Among cryptographers, the idea that you can make cryptosystems with deliberate weaknesses intended to allow third parties to bypass them is universally considered Just Plain Stupid.”

They build in a vulnerability to exploit – there are enough problems keeping things secure already.  And the thought that government authorities can be trusted to use that backdoor only for the “right” purposes, and to keep the backdoor out of the hands of others is wishful thinking.

Cross-posted to Slaw

Chatting in Secret

The Intercept has an article entitled Chatting in Secret While We’re All Being Watched that’s a good read for anyone interested in how to keep communications private.  It was written by Micah Lee, who works with Glenn Greenwald to ensure their communications with Edward Snowden are private.

Even if you don’t want to read the detailed technical instructions on how to go about it, at least read the first part of the article that explains at a high level how communications can be intercepted, and the steps needed to stop that risk.

Communicating in secret is not easy.  It takes effort to set it up, and it’s easy to slip up along the way.  As is usually the case in any kind of security – physical or electronic – its about raising the difficulty level for someone to breach the security.  The more efforts someone might take to try to intercept your communications, the more work it takes to keep it secret.  For example, you raise the sophistication level of the thief who might burglarize your house as you increase security – from locking your doors, to deadbolts, to break resistant glass, to alarms, etc.  It doesn’t take much extra security to make the thief go to another house, but it may take a lot more if a thief wants something specific in your house .

Edward Snowden’s communications, for example, require very diligent efforts, given the resources that various authorities might use to intercept those communications.

For the record, I think Snowden should be given a medal and a ticker tape parade, not jail time.  I recommend watching Citizenfour, the documentary about Snowden that won the Academy Award for Best Documentary Feature at the 2015 Oscars.  Also to read security expert Bruce Schneier’s book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.  Another book to put this into context in Canada (based on my read of the introduction – I haven’t made it farther than that yet) is Law, Privacy and Surveillance in Canada in the Post-Snowden Era, edited by Michael Geist.

I challenge anyone to watch/read those and not be creeped out.

Cross-posted to Slaw

When “use” is not trademark “use”

Law sometimes hinges on subtle distinctions that are not obvious, and can lead to surprising results.  The meaning of the word “use” for trademark purposes, for example.

A key principle of trademark law is that a business must actually “use” its trademark to keep its trademark registration alive, or to enforce its trademark rights against others.

But the legal concept of “use” for trademark purposes is narrower than most would suspect, and can result in a surprising loss of trademark rights for a business.

For example, a trademark on the side of a building, or on a business card, or on letterhead is not “use”.

A couple of recent cases in the Federal Court and the Federal Court of Appeal remind us of this.

It is common to register a corporate name as a trademark.  That’s fine if it is actually used as a trademark – but mere use as a corporate name is not enough to amount to trademark use.

Similarly, mere use of the trademark within an email or other text is not enough if it looks like the rest of the text.  It must somehow  look different than the rest of the text.

For example, if your company name is Abcd Widgets Inc, and your trademark is ABCD, the use of Abcd Widgets Inc. is not use of the trademark.  ABCD must be used independently.  And in text, using abcd is not use, but using ABCD may be, as it looks different than the surrounding text (unless, of course, the rest is in all caps as well.)

Cross posted to Slaw

Digital Privacy Act amends PIPEDA

Several amendments were made last week to PIPEDA, the federal private sector privacy legislation.   This has been sitting around in draft for a long time.  Except for sections creating a new mandatory breach notification scheme, the amendments are now in force.  The breach notification scheme requires some regulations before it comes into effect.  More on that at the end of this post.

Several of these changes were long overdue, and bring PIPEDA more in line with some of the Provincial Acts that were drafted after PIPEDA.

Here are some of the highlights that are in force now:

  • The business contact exception from the definition of personal information has been broadened.
  • Provisions have been added to allow the transfer of personal information to an acquiring business for both diligence and closing purposes. Most have been approaching this in a similar way, but vendors/purchasers, and their counsel should make sure they comply with the exact requirements.
  • A new section says consent is only valid if the individual would understand what they are consenting to.  This speaks to the clarity of the explanation, and is particularly important when dealing with children.
  • Several new exceptions to the collection, use and disclosure of personal information without consent have been added.  Such as witness statements, communication to next of kin of ill or deceased persons, and fraud prevention.
  • The Commissioner now has a compliance agreement remedy.

The breach notification sections that come into effect at a later date include:

  • Mandatory reporting to the Commissioner of a breach where “…it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.”  That test is somewhat subjective, and will no doubt cause some consternation in practice.  Guidance is included on relevant factors to consider and what constitutes “significant harm”.
  • The report must contain certain information and be on a form that will be in the regulations yet to be released.
  • Affected individuals must be similarly notified.
  • Businesses will be required to maintain records of “… every breach of security safeguards involving personal information under its control”, and provide a copy to the Commissioner on request. Note that this is “every” breach without regard to a harm threshold.  This could pose a challenging compliance issue for large organizations.
  • The whistleblowing provision has been amended to allow a complainant to “request” that their identity be kept confidential.
  • The section with the $100,000 fine for interfering with an investigation has been amended to make it an offence to contravene the reporting requirements.  That will make the decision of whether a breach passes the reporting threshold a serious matter to ponder.

Cross-posted to Slaw

Bill C-51 (Anti-Terrorist Act, 2015) passed by Senate despite massive opposition

Bill C-51 (Anti-Terrorist Act, 2015) has been passed by the Senate despite massive opposition against its privacy unfriendly invasive powers.  See, for example, commentary by the Canadian Civil Liberties Association, this article by security law professors entitled “Why Can’t Canada Get National Security Law Right“, and this post on Openmedia.ca .

Yet in the United States, the USA Freedom Act was just passed that pulled back a bit on the ability of the NSA to collect domestic data.

There seems to be no evidence that all this invasive spying and data collection actually reduces or prevents terrorism or crime.  The cost is enormous – both in terms of the direct cost of collecting, storing and analyzing it – and the costs to the economy.  A new report from the Information Technology and Innovation Foundation says that US companies will likely lose more than $35 billion in foreign business as a result of NSA operations.

And that’s not to mention the cost to civil liberties and privacy.  As many people have pointed out, 1984 was supposed to be a warning, not an instruction manual.

1984 warning

Cross-posted to Slaw