Erik J. Heels’s Favorite Techdirt Posts Of The Week

from the forest-and-trees dept.

By Erik J. Heels

First published 8/19/2011; Techdirt; publisher: Floor64

Mike Masnick of Techdirt did not ask me why I am a Techdirt fan, but here’s why. Techdirt has (1) good headlines/titles/Tweets (headlines are titles are Tweets, you know), (2) good URLs (no outsourced feeds here), (3) good content, and (4) good cluefulness. This rare combination of goodness makes Techdirt great. Mike has the ability to see both the trees and the forest, providing timely commentary on why stuff is broken and why that brokenness might be part of a larger – often bad – trend. For its insightful commentary on the intersection of law and technology, Techdirt is on my short list of must-read blogs, and you should nominate Techdirt for the ABA’s list of top 100 law-related blogs. And although I link to Techdirt more than I comment on Techdirt, I thank Mike for the opportunity to write about my favorite posts of the week.

So here are my favorite stories (trees) and trends (forest) of the week.

I have noticed that the controversy surrounding a particular flavor of intellectual property (IP) protection is inversely proportional to the duration of the IP rights: (1) Patents generally last 17-20 years and are extremely controversial, (2) copyrights generally last the lifetime of the author plus 90 years and are very controversial, and (3) trademarks last potentially forever and are not very controversial. So I’ll start with trademarks!

Trademarks

1. Where In Trademark Law Does It Say It’s Okay To Trademark A Town Name ‘For The Good Of The Community’? (2011-08-15).

Sturgis Motorcycle Rally Inc. (SMRi) trademarked “Sturgis” (a town in South Dakota) and then tried to stop “unauthorized providers” from selling Sturgis souvenirs. The Sturgis trademark application at issue took over ten years to register (about one year is average), surviving an opposition along the way. The file is 373 pages long! In short, the applicant was able to successfully argue that the geographically descriptive mark “Sturgis” should be accepted as a trademark under the theory of “acquired distinctiveness,” which states that otherwise descriptive marks can be registered if they have been used for five years in connection with the goods and services on the trademark application. If you Google “Sturgis,” you will discover that the word is synonymous with the annual motorcycle rally, not with the town where the rally is held. In other words, the Sturgis motorcycle rally is more important, trademark-wise, then Sturgis, SD. This is a good example of how the law, even when applied accurately, does not always produce a fair result. It seems to me that any retailers in Sturgis should be able to sell Sturgis-related products, but the law says otherwise.

2. Waffle House Says Rap Song Called Waffle House Violates Its Trademark (2011-08-17).

This is a case of Waffle House (the restaurant) cluelessly over-reaching with the trademark rights it does own to try to stop something it doesn’t like. That’s not what trademark law is for. There are registered Waffle House trademarks for restaurant services and mugs and clothing. But not for rap music. See how that works? Waffle House (the restaurant) gets to stop other restaurants from calling themselves “Waffle House.” But it does not “own” the phrase “Waffle House” and get to dictate to the world how or whether to use it.

Which is why Mike Doughty can sing a song called “Busting Up a Starbucks.”

But even that song appears as “Busting Up a Starbuxxx” on iTunes. Hmm.

Censorship, Civil Liberties, And The Cluetrain

As George W. Bush infamously said on 1999-05-22, when trying to justify censoring the parody www.gwbush.com website, “There ought to be limits to freedom.” It seems, unfortunately, that America agrees with you, W.

3. Police Try To Bring Wiretapping Charges Against Woman Who Filmed Them Beating A Man (2011-08-15).

Does this headline sound like it’s coming from North Korea or from the United States? I wonder if government agencies and law enforcement personnel are more stupid today than in pre-Internet times. Or if the Internet just shines a brighter light on their stupidity. Either way, less stupid, please.

4. FCC Investigating Whether BART Cell Service Shut Off Was A Violation Of Federal Law (2011-08-16).

Good that the FCC is investigating the Orwellian decision by BART to shut off cell service over rumored protests about BART. Bad that BART even considered this option in the first place! North Korea or United States?

5. New Research: Internet Censorship To Stop Protests… Actually Increases Protests (2011-08-17).

This is what happens when governments try to censor free speech. The censorship itself becomes news, and the speech spreads. Can you say Streisand Effect?

6. Police Say They Can Detain Photographers If Their Photographs Have ‘No Apparent Esthetic Value’ (2011-08-16).

Stories like this make me think that maybe the 9/11 terrorists are winning. Only when our liberties return to pre-9/11 status will freedom have the upper hand. I think that the police who enforced this rule have “no apparent law enforcement value.” Unless you consider security theatre valuable.

Patents

7. Google Spends $12.5 Billion To Buy Motorola Mobility… And Its Patents (2011-08-15).

8. What Google Gets With Motorola Mobility (2011-08-16).

9. Motorola Deal Showing Massive Loss To Innovation Caused By Patents (2011-08-17).

The big tech story of the week was Google’s purchase of Motorola. Or was it Motorola Mobility? (Same? Different?) Or Motorola Mobility’s patents? I think the only Motorola device I’ve ever knowingly used is my sucky cable box. So I was having a hard time caring about this deal. When commentators started suggesting that the deal was a patent play, it started to make more sense to me. I teach and practice patent law, and I believe in the ideals of the patent law system. But to say that the current patent law regime is broken is an understatement. Most patents are a waste of money. Modern patent laws were never designed to allow for non-producing non-inventors (i.e. patent trolls) to extract revenues from those actually adding value to society. What worries me most about the Google/Motorola deal is that I don’t believe that Google believes in “don’t be evil.”

Baseball

10. NY Yankees: It’s Insulting To Call Us The Evil Empire… But It’s Also Trademark Infringement (2011-08-18).

I’m also ending with trademarks. Baseball trademarks! It seems that The New York Yankees (aka The Evil Empire, at least in Red Sox Nation) are opposing a trademark for Baseball’s Evil Empire (misspelled as “Baseballs Evil Empire” in the application). You know, because the Yankees are evil! Bwah-ha-ha! (See “Streisand Effect” above.) I love it when the jokes write themselves.

I am a diehard Red Sox fan (sorry, Mike). And if Suck The Red Fox (a not-so-subtle Spoonerism for “F*ck The Red Sox”) can be registered as a trademark, then I have no problem with Baseball’s Evil Empire! Go Red Sox! And Dear Yankees, here’s a lesson for you from your friends at Google: Don’t be evil!


Erik J. Heels is an MIT engineer; trademark, domain name, and patent lawyer; Red Sox fan; and music lover. He blogs about technology, law, baseball, and rock ‘n’ roll at ErikJHeels.com.

Is Encryption The Solution To Cloud Computing Security And Privacy?

Encrypt your data after storing it in the cloud.

By Erik J. Heels

First published 8/4/2011; CloudSwitch Blog; publisher: CloudSwitch

Wikipedia defines “cloud computing” as “the logical computational resources (data, software) accessible via a computer network (through WAN or Internet etc.), rather than from a local computer. Managing local computers is hard: there are security issues, computer lifecycle issues, accessibility issues. Cloud computing, ideally, is easy: set it and forget it, access your data from anywhere, outsource your IT headaches to your service provider. To end users, whether individuals or companies, “the cloud” is an abstraction, a computing environment that can expand to suit users’ needs.

What’s The Problem?

One problem with cloud computing is that both cloud computing providers and law enforcement agencies can access your files, usually more easily than if your stored the files on your own computer.

Also, security breaches, like the much-publicized Dropbox security breach, during which all Dropbox accounts were accessible to all users without any password protection, can occur in the cloud.

For users, it is important to know whether your data is secure, who can access it, and what happens when there is a security breach.

For service providers, it is important to comply with both US and non-US laws including (1) data retention laws, which are ostensibly designed to help law enforcement entities do their job and (2) data disclosure laws, which are ostensibly deigned to help users know when their private information has been compromised.

Is Encryption The Answer?

Most cloud computing providers (1) authenticate (e.g. transfer usernames and password) via secure connections and (2) transfer (e.g. via HTTPS) data securely to/from their servers (so-called “data on the wire”), but, as far as I can tell, none (3) encrypts stored data (so-called “data at rest”) automatically.

So if you want your data to be secure in the cloud, then consider encrypting the stored data. And don’t store your encryption keys on the same server! It is unclear whether a cloud computing provider could be compelled by law enforcement agencies to decrypt data that (1) it has encrypted or that (2) users have encrypted, but if the provider has the keys, decryption is at least possible.

I have used and abandoned both Microsoft’s Encrypting File System (EFS) and Apple’s FileVault for encrypting data on my desktop computers. But desktop encryption is painfully slow!

Perhaps cloud computing providers can leverage the power of their data centers to make the performance hit of encryption-decryption imperceptible to the user. That would be cool. And would make the benefits of cloud computing greatly outweigh the risks.

Here are three security questions you should ask of your cloud computing provider:

  1. Data On The Wire. Are files transferred to/from cloud servers encrypted by default?
  2. Data At Rest. Are files stored on cloud servers encrypted by default?
  3. Data Retention. If files on cloud servers are encrypted and there is a request from law enforcement to decrypt the data, then what do you do? Bonus question: What if you have the key(s)?

I searched for answers to these questions for four cloud computing providers (sourced in part from TechTarget’s list of top cloud computing providers and Wikipedia’s list of cloud computing providers) that are popular with small businesses like mine:

Simple Google searches of these providers’ websites provided more questions than answers on the topic of encryption:

Cloud service providers need to do a much better job of communicating what is and what is not secure about their offerings. For example, I would characterize Dropbox’s security page as misleading at best.

“Your files are actually safer while stored in your Dropbox than on your computer in some cases. We use the same secure methods as banks and the military…. Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that’s the rare exception, not the rule.”

Just because your files are transferred securely to Dropbox does not mean they are stored in an encrypted format on Dropbox’s servers. And it is the “rare exception” that is, or should be, the concern of users.

For More Information

Summary

As more individuals and companies move their computer files and computer applications from local client computers (over which they have a great deal of control) to remote server computers (over which they have limited control), security becomes a bigger concern – both for users and for service providers.


Erik J. Heels is an MIT engineer; trademark, domain name, and patent lawyer; Red Sox fan; and music lover. He blogs about technology, law, baseball, and rock ‘n’ roll at ErikJHeels.com. His law firm, Clock Tower Law Group represents cool companies such as CloudSwitch