data breach attack

10 Common Data Breach Attack Techniques

Among the more frustrating aspects of cyber security is the constantly evolving nature of the threat and the multitude of data breach attack techniques. One vulnerability is patched only for another to be found/created; one technique is foiled only for a different tactic to arise. Here we give a brief discussion of motivations and offer a list of the ten most common cyber attack/data breach techniques. Hat tip to the incomparable website Hackmaggedon.com which has been tabulating and compiling cyber attack reports for several years.

There were over 850 data breach attacks in 2017, many of which led to theft of customer personal and financial information. Not only is the number of breaches on the rise, but costs are rising, too. The New York Times reported that, through March 2017, Target spent more than $202 million on settlements, legal fees, and other costs following the November 2013 breach. Anthem Inc, the largest U.S. health insurance company, recently agreed to pay $115 million to settle hundreds of lawsuits stemming from a 2015 hack of customer information.

Cyber Attack Motivations

In general, at a broad level, one can identify several motivations for cyber attacks. The owners and operators of Hackmageddon.com offer these four:

  • Cyber crime
  • Cyber-espionage
  • Hacktivism
  • Cyber warfare

Cyber Crime

Nearly three-fourths of cyber attacks are criminal in nature, an attempt to directly steal money from financial accounts, steal credit card numbers, demand a ransom, or something similar. The hack on Target stores in 2014 is a typical example. Cybercrime is, by far, the largest concern for businesses and certainly the focus of regulators.

Cyber Espionage

Close behind is Cyber-espionage. These attacks, of course, are efforts to gain access to trade secrets and other confidential business information. A widely-reported example from March 2017 was the theft from Dun & Bradstreet of a 52GB database containing data on 33.7 million people in the highest profile industry and government jobs. Dun & Bradstreet is reported to have paid a substantial sum for the database which was used for targeted email promotions; it was a substantial loss to Dun & Bradstreet to have the database in the hands of its competitors. Where motivation can be determined, in any given year, these types of attacks are 10-15% of the total.

Hacktivism

Hacktivism is often in the news, but is generally ignored and/or overlooked by businesses since the purpose of hacktivism is social or political, not financial. As an example, in February of 2017, an anonymous hacking group targeted and shut down various dark web sites that were purportedly hosting child pornography. As with cyber-espionage, the total number of attacks is low. These types of attacks are 10-15% of the total, ebbing and flowing in various countries with various election cycles.

Cyber Warefare

Cyber warfare is defined as either government sponsored attacks or cyber attacks that are intended to just cause chaos. Essentially, a generalized war on the internet and flow of information. These are, year-to-year, the least frequent types of attacks.

10 Common Data Breach Attack Techniques

As noted, attack techniques are constantly evolving. A list of the most common techniques from 10 years ago would look very different than the list for the last couple of years. This evolution is not only code driven, but device driven. Android mobile devices have become significant targets of cyber crime and, thus, the number of techniques used for breaching mobile devices has multiplied.

Here the top 10 attack techniques for the last couple of years:

  • Malware/point of sale: Probably a third of all attacks target point of sale terminals with the intent to obtain credit card and debit card information; Home Depot and Target suffered such attacks.
  • Ransomware: This form of attack saw significant increases in 2017 (example: WannaCry). Malware generally threatens ether to publish secret or embarrassing data or to perpetually lock out the victim from his or her own computer systems unless a ransom is paid; another variant is to demand ransom to hide the existence of the data breach itself — example Uber
  • Account hijackings: Individual, business, and now more common “cloud account hijackings” — email, computer, system accounts are hijacked to allow theft of personal and financial information; can be the basis for transferring money directly from financial accounts, using credit and debit cards or ransom demands.
  • Structured query language (“SQL”) code injection: Database sites and applications are particularly vulnerable to SQLI attacks since they are designed to allow searchability and interaction from the internet; if not properly protected, hackers can change coding, which is sent to the database server through the web application; this can, for example, allow access to the server without the need for a passcode, which then can allow the hacker access to linked/non-segregated systems/networks, etc.; this can allow uploading of malware, hijacking of accounts, and the like.
  • Denial-of-service: Singular or distributed — the main type of attack used in cyber warfare and, often, hacktivism; hackers send a flood of traffic to the victim’s system or website from hundreds, thousands, or potentially hundreds of thousands of sources; the intent is to overload the victim’s traffic and bandwidth causing the system to shut down and the site to go offline; often accompanied by efforts to sneak in trojans and other malware under cover of the mass of traffic.
  • Domain name server (“DNS”) hijacking: Hackers either infect the system so that internet queries are redirected to a domain name server controlled by the hackers; this is a version of domain name theft; intent is to steal web traffic or financial information via false “enter payment information” pages or to trick webusers into downloading malware.
  • Malicious cross-frame/Java Script: Similar to DNS hijacking; malware loads a legitimate looking page on the victim’s computer/device to steal data that the user inputs or to send the user to a website/page that the hacker controls.
  • Zero-day vulnerability: A new dispersal technique; malware is often mass dispersed across the web; however, zero-day dispersal is new; malware that targets a program or system vulnerability is released but activation is “held back” until the vulnerability is discovered (the so-called “zero day”); the malware is programmed to immediately complete its task — theft, breach, download of malicious code — on the “zero day”; because the malware does not activate immediately, it may gain wide circulation before the zero day.
  • Brute Force: No deception, just blunt force automated trial and error method used to locate passwords or data encryption standard keys; if, for example, the password is five digits, the program literally tries to go through every single combination of numbers and letters until the password is uncovered.
  • Credential stuffing: A version of brute-force hacking — repeated automated efforts to gain access to accounts by using partial login information. This is considered a exceptionally serious attack technique. A large volume of data breaches have partially compromised customer information for hundreds of million of individuals.

Data Breach Attorneys: Contact Revision Legal Today

If you need more information on data breaches and on preventing data breaches, contact Revision Legal. We can be reached by email or by calling us at 855-473-8474.

You Might Also Like:

10 Data Security Management Tips to Prevent a Data Breach

Your Company Needs A Data Protection Officer

2017 Data Breaches — Severity and Frequency On The Rise

automated trademark registration

Trademark Applications: Think Twice About Automated Registration

Properly cared for, your trademark can develop into the most valuable asset you own. At a gathering of staff from several Coca-Cola bottling plants, a senior executive reportedly declared that “the company could lose all its plants, lose all its staff, lose its access to the sources of its raw materials, lose its capital and its accounts, but as long as it had [its trademark], it would be possible to walk into a bank and receive sufficient credit to replace the entire global infrastructure.”¹ Unlike other forms of intellectual property like a patent or a copyright, your trademark can live forever. Given its potential value and import, even fledgling companies should recognize that their trademarks are sacrosanct.

Automated Trademark Registration Services: To Good To Be True

Too often, clients come to us with trademark applications filed through automated services like trademarkengine.com or similar services. The price for such services looks too good to be true because it is. Once a federal trademark application is filed, there are many significant limitations on how it can be amended. A trademark attorney with years of experience dealing with the Trademark Office can help you identify problems that you did not know existed. In most cases, it is important to identify these issues as soon as possible. Being forced to change your brand after a year in business is often a death sentence to a young company.

Preventative Medicine: The Office is Open

Like medical work, a little bit of preventative legal advice is much more cost effective than triaging an early mistake. If you have used a DIY trademark filing website, you may be facing an Office Action from the Trademark Office that illustrates this point. Office Actions often read as though there is no hope for registration. In most cases, however, applicants have options. We specialize in navigating the thorny procedural issues that arise when dealing with the Trademark Office. We also litigate trademark disputes in federal courts across the country. Our expertise gives us a unique perspective that allows us to spot potential issues that attorneys who focus only on trademark applications or trademark litigation would miss.

Your trademark is your reputation. We want to help you protect it.

 

¹Rosemary J. Coombe, The Cultural Life of Intellectual Properties: Authorship, Appropriation, and the Law 56 (Duke University Press 1998).

How Strong is Your Trademark? 5 Levels of Distinctiveness [Infographic]

Picking a mark to represent your brand can be one of the most important decisions you make. Think about the brands we see everyday. Apple. Coca Cola. Microsoft. These are immediately identifiable both with the company and the products they produce.

Just how strong is your trademark?

On one end of the spectrum, are descriptive or generic marks. These are the weakest marks, and either can’t be trademarked, or require that the mark acquire secondary meaning first.

Proceeding by increased strength are suggestive, arbitrary, and fanciful terms. Each has it’s own requirements for trademark registration, with fanciful being the strongest of all marks and most likely to receive trademark registration.

strength of a trademark

The benefits to trademark registration are numerous. In order to receive the benefits of trademark registration, care should be taken to select a mark that is high on the scale below.

These issues should be considered when determining whether to apply for trademark registration, or even better, before significant investment is made into building a brand.

You can see each type of trademark strength, plus examples, in the infographic below. If you’re in the branding stages of your company, or considering a rebrand, keep it handy! You’re going to use this guide for reference as you develop ideas to identify your brand.

 

 

9 Top Trade Secrets You Need to Protect Now

In practice, a trade secret can be pretty much anything. The federal Trade Secrets Act, 18 U.S. Code § 1839(3), defines a “trade secret” as:

… all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing if—

(A) the owner thereof has taken reasonable measures to keep such information secret; and

(B) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information.

Despite the fact that almost anything can be a trade secret, some types of trade secrets are more common and typical than others. Here are the most common types of trade secrets that you need to protect.

1. Secret Recipes

Every major food and beverage company has trade secrets related to recipes and cooking processes. Coca-Cola, for example, protects its secret recipe safely locked away in a custom-built vault at the World of Coca-Cola, the company’s museum in Atlanta. See report here.

As this Forbes article details, Coke had the FBI investigate and prosecute some former employees for trying to steal some of Coke’s secret recipes. Ironically, competitor Pepsi, Inc. turned in the would-be-trade-secret-thieves. The defendant got eight years in prison.

Other famous example include KFC’s secret recipe of 11 herbs and spices for its original recipe fried chicken, the formula various Heinz condiments, and the formula for WD-40.

2. Manufacturing Processes

Manufacturing processes are among the most common examples of trade secrets. One of the most historically famous example is the secret of harvesting the silkworm’s thread. This was discovered in 2700 BC or so. The Empire of China kept the method secret for hundreds of years and the secret formed the economic foundation of the famous Silk Road Trade Route from China to modern-day Turkey. The Empire made revealing the secret process punishable by death, as well as trying to take silkworms and eggs out of the Empire.

An interesting modern example involving broccoli seeds comes from this trade secret case Caudill Seed & Warehouse Co, v. Jarrow Formulas, 161 F. Supp. 3d 513 (W.D. Kentucky 2015). In that case, two competitors were litigating competing trade secrets claims with respect for methods of removing a chemical called myrosinase from broccoli seeds. Myrosinase is an additive in certain types of herbal dietary supplements. The plaintiff used a process to remove the myrosinase by soaking the seeds in water and then drying the extract. The competitor simply used broccoli powder at lower temperatures so that the myrosinase did not lose its effectiveness.

It is likely that every business has a protectable trade secret that is a process or method of accomplishing some part of its business.

3. Research and Development, Including Failed projects

Again, this one is almost stereotypically considered a “trade secret.” Many overlook the commercial value of failed R&D projects. In much the same way as the vending example, when you discover what does not work, that is valuable because a competitor knowing that has a “leg up.” As another Forbes Magazine article explains with respect to WD-40:

“In the case of WD-40 , the product’s name comes from the 40th try by scientists in 1953 to come up with a “water displacement” formula for a rust-prevention solvent and degreaser for the aerospace industry. Not only is that formula a trade secret, but so are the formulas and work that went into the preceding 39 attempts. If a competitor learned about those failed attempts alone, it might still save a lot of research and development time.”

4. Client and Customer Lists

It has become well-known that client and customer lists are valuable trade secrets. Customer/client lists are one of the most common claims made in trade secret misappropriation cases. A quick case law search shows that in 2017 alone, no less than 150 cases were filed in state and federal courts where it was alleged that customer lists were misappropriated as trade secrets.

5. Client Buying Habits

As valuable as customer contact information is, client buying habits are even more valuable. Remember, the touchstone of a “trade secret” is information that has “commercial value”; that is, if the information was known to your competitor, your competitor could undercut your marketshare.

Take a mundane example of a vending business. You have a snack and drink machine at the nearby firehouse. Over the months and years, through trial and error, you have learned that the firefighters and the other first responders and employees like plain chips, bbq-flavored chips, and cheddar-cheese flavored chips, but otherwise, not much will sell. That is commercially valuable information because a competitor will have to go through the same trial and error to learn the same information about the buying habits of the folks using the vending machines at the firestation. Your competitor will lose money like you did at first trying to sell nacho-flavored chips, cheese puffs/crunchies, hot and spicy flavors, etc. The same reasoning applies to all the items in the vending machines: Coke or Pepsi? Hershey’s or Nestles or Mars or Dove brand chocolate?

6. Rare and Unique Vendors/Suppliers

In a similar manner as client lists, information about unique vendors and suppliers has large potential commercial value. Obviously, vendors and suppliers that are easily located on the internet do not fit this category. Having sources for rare and unique raw materials, goods, and services is a competitive advantage.

7. Software Algorithms/Programs

Famously, Google, Inc. has, over the years, refused to trademark, copyright, or seek patent protection on any of its search engine algorithms because, in each case, Google would have to publicly disclose the information. Google would rather protect the information as trade secrets.

The tech industry landscape is littered with countless other examples.

A similar trend can be seen with driverless car technology. Here again, Google and its spin-off subsidiary Waymo are involved in a high-profile legal fight with Uber with respect to trade secrets for driverless cars. See news report here. Google/Waymo alleges that 14,000 pages of secret data and information about Google’s driverless car technology was stolen by a former Google employee. That employee was working for Google and it is alleged that Uber was using the trade secrets to develop its own driverless car technology. At its core, the Google argument is the same as every other trade secret dispute: The information will give a competitor a “leg up” or “jump start” into the marketplace.

8. Behavioral Data on Well-Known Vendors/Suppliers

Just like your customers and clients, your suppliers have certain habits and common behaviors. These might include price discount practices, grace periods for payments, time-lags between orders and delivery, negotiation strategies and histories, etc. If your business has kept track of that type of information. If you have kept that information secret, then such information is a “trade secret” even though it relates to vendors and suppliers who can be readily identified from public information.

9. Genetic Information

Genetic data is another unusual type of information that is now widely recognized as a “trade secret” if steps are taken to keep the information secret. This is holding of a case filed by Del Monte against Dole with respect to a pineapple variety developed by Del Monte that was sweeter and contained more vitamin C, fiber, color, and a milder texture than “normal” pineapples. See Del Monte Fresh Produce Co. v. Dole Food Co., 136 F. Supp. 2d. 1271 (S.D. Fla. 2001).

Protecting Your Trade Secrets: Contact Revision Legal

If you want more information about trade secrets, about protecting your trade secrets or have other questions about business law, internet law, data breaches and other legal issues related to IP, contact the lawyers at Revision Legal. We can be reached by email or by calling us at 855-473-8474.

 

You Might Also Like:

Trade Secrets

New Federal Trade Secrets Law

How To Protect Your Trade Secrets

Too Much Secrecy And Trademark Priority

Social Media Policy

Revising Your Official Social Media Policy Guidelines: Lessons From Google

In today’s market, every business has or should have an official company social media policy guideline or policy statement. Even if your business is small, a policy statement is essential. Indeed, TWO social media policy statements might be necessary if your business uses employees to promote “the brand,” to promote sales and/or to promote interest in the store and/or sponsored events.

Like nearly all social media platforms, Google has features that allow online users to provide reviews. Yelp.com is a well-known example of a website dedicated to providing customer review. But Yelp is hardly unique; literally thousands of websites encourage consumer/user reviews of various sorts.

Like many web-platforms, Google has issues guidelines for those wishing to post reviews. See here for the latest version. Google’s Review Policies provide some good lessons for how to promulgate useful and common-sense social media policies for businesses. We wrote about some of these issues with respect to using social media endorsers and guidelines issued by the FTC. “Disclosure” seems to be the central idea behind the FTC guidelines. “Authentic” and “Don’t Do It” seems to be the the dual ideal behind Google’s guidelines. Based these, your business may need to review and revise your social media policies. An experienced business and social-media-savvy attorney can help. Here is what you need to know.

Social Media Policies: Excerpts From Google Local Guides Review Policies

The most current Google Review Policy begins with a summary that is a good touchstone for creating company social media policies. The summary states:

Summary: “Make sure that the reviews on your business listing, or those that you leave at a business you’ve visited, are honest representations of the customer experience. Those that aren’t may be removed.”

The Review Guide continues and states:

Preamble: “Whether you’re going to a place or you own one, you want ratings, reviews, photos, and recommendations that are helpful and trustworthy. Reviewing a place is a great way to share both positive and negative opinions. But please follow the policies listed below when writing your review.”

As noted above, these two provisions are attempting to facilitate review that are authentic and personal, rather than manufactured or purchased. The provision related to “CONFLICT OF INTEREST” hones in on the point and brings in the idea of “not doing” certain types of reviews or engaging in certain behavior. That provision states:

Conflict of interest: “Reviews are most valuable when they are honest and unbiased. If you own or work at a place, please don’t review your own business or employer. Don’t offer or accept money, products, or services to write reviews for a business or to write negative reviews about a competitor. If you’re a business owner, don’t set up review stations or kiosks at your place of business just to ask for reviews written at your place of business.”

Note that there is another Google Review Policy that you can find under the “Maps User Contributed Content” tabs. Under that policy, the conflict of interest provision state:

“Maps user contributed content is most valuable when it is honest and unbiased. The following practices are not allowed:

  • Reviewing your own business.
  • Posting negative content about a current or former employment experience.
  • Posting negative content about a competitor to manipulate their ratings.”

Some have argued that these Google Review Policies are directed at tamping down on disparagement by disgruntled former workers against former bosses and employers. See one example here. But the Google guidelines themselves have broader implications for your business; this is not just about former employees, but also about current employees and how your business engages with customers. The prohibition against “review kiosks” and “review stations” has an broader target than disgruntled employees.

Social Media Policies: What is a Social Media Policy Statement?

Like any company “policy statement,” a social media policy statement is a one or two-page document that concisely lists the “dos-and-donts” with respect to your employees using social media with respect to your business. Such statements are sometimes free-standing, but they are bundled into an employee handbook.

Social Media Policies: Lessons From Google Local Guides Review Policies

The Google Review Policy Guidelines provide several good examples of behavior and activities that should be in any good social media policy given to employees. Among those are:

  • Do not post online reviews with respect to our COMPANY
  • Do not offer money, products, or services to someone else to write reviews for our COMPANY
  • Do not accept money to write reviews
  • Do not write or encourage anyone else to write negative reviews about any competitor of COMPANY
  • Encouraging authentic and truthful review written by someone else is acceptable BUT don’t delay or waylay customers as they leave to have them write reviews

Sometimes businesses can create their own worst nightmares with respect to inauthentic reviews. Often these ill-advised efforts originate with marketing and research and development departments. These departments want input and information to facilitate efforts to improve the product, customer service, customer satisfaction, customer loyalty, etc. So, naturally, they think: let’s get more reviews. Then they think: Let’s give incentives to our employees for them to encourage the customers to write reviews. This backfires since employees quickly learn that the easiest method of getting the customer “to write a review” is to write the review for the customer. Famously, this has happened at several prominent restaurant chains. Waitresses and bartenders were given bonuses for certain increased levels of customer reviews. Soon after the incentive program started, review began to increase. But it also became clear that the reviews were not “real.” It turned out the employees started saying things like: “hey hun/hey doll, will you write a review?” and if the customer was non-committal, with a big friendly smile, the next statement was: “Here, let me see your phone. I’ll write it for you.” Most often the response was: “Sure.” Obviously, from a marketing and R&D perspective, that is a “review” but not an authentic or useful review.

The foregoing are just some of the matters that should be included in your company’s social media policy guides for employees. As noted, if you have management-directed employees, you need a separate set of policies for them. Likewise, your marketing and R&D departments might need a set of policies too, about how to generate authentic and useful online reviews.

To learn more about the Google guidelines, contact the professionals at Revision Legal. If your business has a substantial online presence, 2018 may be the time to review company policies and procedures — and the employee handbook — to review or create your media social policy statement(s). Revision Legal offers a wide array of legal services related to the internet, business law and consumer protection.  We can be reached by using the form on this page or by calling us at 855-473-8474.

You Might Also Like:

Updated Guidelines for Online Endorsements

FTC Brings Charge for Misleading Consumers

FTC Issues Updated Policy for Deceptively Formatted Ads

New German Social Media Laws

New German Social Media Laws For 2018

As the calendar turned to 2018, a new German social media laws are set to be vigorously enforced requiring social media sites like Twitter, Facebook, etc. to remove hate speech, fake news, and “criminal content.” See BBC report here.

While the new German law applies only to websites with 2 million or more members, that could change. The law might soon be applied to your company’s website.

Details on Netzwerkdurchsetzungsgesetz

The new German law is called Netzwerkdurchsetzungsgesetz — or “NetzDG” for short. NetzDG was passed by the German Legislature back in June 2017 and actually became effective in October. However, it was announced that the law would only be mildly enforced until January 1st to give internet companies time to put into place policies and procedures. The new law is intended to speed up the process of removing criminal content.

Previously enacted statutes already require that websites remove criminal content; the new law adds a quick turnaround — 24 hours after notice — and significant fines — 50 million euro (approximately $60 million). The new law also requires the networks to offer users “an easily recognizable, directly reachable, and constantly available” complaint process for “prosecutable content.” The networks must also report back to the person who filed the complaint about how they handled the case and the networks can be forced to reveal the identity of those posting the criminal content. “Criminal content” is anything, which includes libel, slander, defamation, incitement to commit a crime, hate speech against a particular social group, and/or threats.

As the BBC reports, “Facebook, Twitter and YouTube will be the law’s main focus but it is also likely to be applied to Reddit, Tumblr and Russian social network VK. Other sites such as Vimeo and Flickr could also be caught up in its provisions.”

As noted, NetzDG requires that “evidently illegal” content be taken down within 24 hours. Internet companies have seven days if certain content is not obviously illegal. According to the BBC report, Facebook has recently hired hundreds of new employees to handle the new requirements.

The law was proposed because studies showed that various internet platforms were terrible to good on removing hate speech and other types of criminal content. See report here. For example, the studies showed that Twitter was terrible in that only about 1% of criminal content was removed. Facebook did better at about 50%, and YouTube was the best with a 90% take-down rate.

NetzDG Has Already Sparked Controversy in its First Week

In just its first week, NetzDG has already sparked several controversies. First, Twitter accounts for several German right-wing politicians were shut down for posting hate-speech. One of the politician was Beatrix von Storch. She was banned from Twitter for 12 hours for tweeting the following:

“What the h**l is happening in this country? Why is an official police site tweeting in Arabic? Do you think it is to appease the barbaric, gang-raping hordes of Muslim men?”

This was in response to Happy New Years tweets by City of Cologne police force sent in German and other languages, including Arabic. See report here.

A German satirical magazine, called Titanic, entered the fray and also had its Twitter account suspended for two days for violating hate speech laws. After von Storch was suspended, Titanic created a parody “von Storch” Twitter account and proceeded to tweet von-Storch-esque posts including negative comments about Muslims. Twitter flagged and removed the tweets and then suspended the Titanic Twitter account.

The whole episode created a dramatic political firestorm. The author of the legislation, Germany’s Minister of Justice Heiko Maas, defended NetzDG by saying that “calls to commit homicide, threats and insults, sedition or Holocaust denial were not exercising freedom of expression, but attacking the freedom of expression of others.”

NetzDG Already Creating Streisand Effects

With respect to lawmaker von Storch and others banned by Twitter, the bannings created significant Streisand effects. Ms. von Storch is a member of the German right-wing AfD as were the other politicians who were banned. The AfD party reported that, after the bannings, roughly 10,000 new followers began following the Twitter account for the AfD bringing the total number of followers of that account to nearly 1 million.

Twitter Offers Clarification on NetzDG

Following a week of controversy, according to the reports, Twitter released a statement clarifying its stance. Twitter announced that accounts belonging to prominent world leaders would enjoy a special status and less likely be banned or suspended. Twitter stated on its corporate blog:

“Blocking a world leader from Twitter or removing their controversial Tweets would hide important information people should be able to see and debate.”

Consequences for Business

US and EU businesses are caught between competing social and political forces. Unfettered movement of ideas and people on the internet is generally good for business. But governments are increasingly demanding that private businesses enforce public laws. This is problematic since these laws are not without controversy and the requirements carry significant costs for any e-commerce business. There are direct costs such as the need to hire hundreds of new employees, indirect costs such as potential lost business from angry customers, and potential costs in the form of possible fines.

In the case of the new German law, businesses are subject to charges of censorship from consumers/users — charges that come from both the political left AND the political right. Customers can and do boycott. US based fast food restaurant Chick-Fil-A has been dealing with boycotts for several years because its owners support anti-gay/lesbian political groups and ideological positions. A new restaurant is opening in Detroit, and a local paper began its article with this: “Homophobic chicken lovers rejoice.”

Contact the Internet Lawyers at Revision Legal Today

If you want more information about NetzDG, contact the professionals at Revision Legal. Internet law is at the core of Revision Legal’s practice with trademark, corporate, e-commerce, and litigation practice areas based on our experience and passion for helping online businesses grow. We are internet-focused attorneys; we understand the languages you speak; we know the complex and unique issues you face. Contact us via email or call us at 855-473-8474.

 

You Might Also Like:

Lumosity Deceives the Public; Result: $2M Settlement

FTC Brings Charge for Misleading Consumers

Updated Guidelines for Online Endorsements

post-registration opposition

International Trademark Law: Thoughts on Japan’s Post-Registration Opposition Proceedings

Most nations with fully-developed trademark legal frameworks allow for opposition proceedings with regard to newly filed applications for trademarks. Most jurisdictions, like the United States, provide that opposition proceedings shall occur during the registration process, prior to issuance of the relevant Certificate of Registration. However, about 10 jurisdictions allow for opposition proceedings ONLY post-grant of registration. Of those few, many — e.g., Germany, Denmark, Poland, etc. — are within the European Union and thus observe their own domestic trademark laws and the EU system. As such, for those nations, two opposition proceedings are available and many trademark practitioners avail themselves of both.

Japan, however, is an outlier, having an opposition system that is only post-registration. Here are a few thoughts on Japan’s post-registration opposition proceedings.

International Trademark Law: 1996-1997 Changing Japanese Trademark Law

Prior to 1997, Japan adhered to the traditional pre-registration model for opposition proceedings. However, in 1996, the Japan Trademark Office (“JPO”) had a significant backlog of applications and, at that time, Japan was considering signing the Madrid Protocols. Under the Madrid Protocols, a certain speed of application process was expected of all signatory nations. Japan needed a method of clearing the backlog and of speeding trademark application processing. Their focus turned to changing the system of conducting opposition proceedings.

In general, pre-registration opposition proceedings have the obvious and expected result of extending the length of the examination period.

Further, pre-registration oppositions had/have two advantages that provide incentives the filing of such proceedings. First, from a competitive standpoint, it is better to PREVENT a competing mark from being registered rather than fighting to have a mark revoked or canceled. Preventing registration means that the competing mark is never used in commerce and never threatens sales or market share. By contrast, in general, a mark can be used in commerce during the pendency of any litigation that is initiated to cancel or revoke a mark. Because litigation is time-consuming, there is business risk involved in post-registration opposition proceedings. Second, because opposition proceedings are administrative in nature, they are less expensive as compared to formal court litigation.

Taken together, these two factors — the preventative goal and less expense — have the effect of increasing the number of opposition proceedings initiated in a system that allows pre-rant-of-registration oppositions.

The JPO took the position that switching to a post-registration system of opposition would decrease the number of opposition proceedings and thereby increase the speed of registration. And, indeed, statistics support that conclusion. In the three years from 1992 to 1994, there were 402,500 opposition proceedings filed. After Japan moved to a post-registration opposition system, from 2003 to 2005, there were only 298,873 opposition proceedings filed. See here (page 7).

Aside from reducing the number of oppositions, there were other streamlining effects including:

  • No examiner involvement after grant — examiners freed to proceed to other applications
  • Post-grant proceedings administratively distinguished for budgetary, reporting and statistical purposes
  • Only one publication is needed — two publications are generally required under a pre-grant-of-registration opposition systems
  • Examiner “mistakes” in granting registration are “fixed” by a different administrative department
  • Administrative ease of changing “registered” to “canceled” on the Register if post-grant opposition proceedings succeed

From the vantage point of bureaucratic administration, there were some obvious advantages obtained by moving to a post-registration system of opposition.

International Trademark Law: Other Advantages of Post-Registration Oppositions

There were also advantages to Japanese businesses. First, trademark registration became streamlined and became relatively quick. At the very least, the opposition period was/is removed from the “wait time.” Even if processing by trademark examiners still takes several months, an applicant no longer has to wait during the opposition period. Once the examiner has said “yes,” the mark can be used in commerce with the attendant legal protections.

This is important because many entrepreneurs in fast-paced, quickly evolving market sectors feel that trademarks are for “dinosaur industries.” In some sectors of the economy — computing, smart phones, gaming, etc. — any given product might have short window of market opportunity before being overtaken by new innovations and advances in the technology. Indeed, that is sometimes the market plan — put this version out now with the next version already in process. Thus, having to wait 18 months for a trademark registration is unacceptable and certainly limits the usefulness of a trademark.

Another business advantage is that a post-registration opposition system allows for a more narrow challenge. Many trademark applicants apply for a mark with respect to multiple classes of goods and/or services. However, maybe there is an opposition to only one class of good or services in the application. There is a well-understood concept that a mark might be “confusingly similar” only if the mark is being used for a similar class of goods that might be found in similar channels of commerce. There is little likelihood of confusion for RITZ with respect to hotels in contrast to RITZ KIDS used for toy dolls.

Under a pre-registration opposition system, a challenger must challenge the application and this suspends possible use of the new proposed mark for all classes of goods and services. By contrast, post-registration opposition systems allow for a more focused challenge which allows use of the mark to continue in the marketplace for the other classes that are not being challenged.

International Trademark Law: Practical Issues With a Post-Registration Opposition System

As a practical matter, a post-registration opposition system does not change how a trademark owner should operate in the marketplace with respect to IP protection. Under either system, the following are necessary:

  • Constant monitoring of the official “Gazette” where new marks are published
  • Constant monitoring of the market for infringing marks
  • Use of cease and desist letters and notices of claimed infringement
  • Willingness to engage in aggressive litigation at the opposition and/or court level
  • Retention of skilled, experienced and dedicated trademark attorneys

Contact Revision Legal

If you need more information on trademark law or have other questions about trademarks, contact the lawyers at Revision Legal. Revision Legal offers a wide array of legal services related to internet law, intellectual property and business law, including all services related to trademarks. We can be reached by email or by calling us at 855-473-8474.

 

You Might Also Like:

What Is An Opposition Proceeding?

Don’t Get “Hustled” by The China First-to-File Trademark Regime

International Trademarks: Japan Embraces Color

Trademarks In China — Similarities and Differences

trademark priority

Trademark Priority: Risks of Too Much Secrecy and “Use in Commerce”

Trademark protection in the United States is based on “use in commerce.” Sometimes, competing businesses arrive at the same branding concept at about the same time, raising questions of trademark priority. With respect to trademark priority, as discussed below, too much secrecy can be risky.

Many businesses legitimately want to shroud in secrecy various aspects of product research, development, consumer testing, and marketplace pre-launch and launch preparations. In general, these fall under the category of “trade secrets“. In the best of business practices, trade secrets are protected by internal security protocols and by well-drafted confidentiality and nondisclosure agreements. When an application for trademark registration is filed, too much secrecy can conflict with an applicant’s assertion of “use in commerce.” A good trademark lawyer can help strike the right balance.

A recent trademark case out of the Federal District of Massachusetts gives a good example of this interplay between secrecy and trademark priority. See Nexsan Technologies, Inc. v. EMC Corporation, Civ. No. 16-10847-WGY (US Dist. Mass. April 14, 2017). In that case, too much secrecy led to a competitor being awarded the trademark priority.

Trademark Priority: The Parties, the Mark and the Claims

The mark at issue in the Nexsan case was “UNITY” intended to be the brand mark used by both competitors for newly developed computer data storage systems.

On March 22, 2016, plaintiff Nexsan filed two intent-to-use trademark applications with the USPTO seeking to register UNITY and NEXSAN UNITY marks. However, EMC Corporation claimed that it had been using the UNITY mark since early 2014 in connection with its “VNX” data storage system. Nexsan filed for declaratory judgment in federal court asserting trademark priority based on its intent-to-use registrations and other legal claims. As discussed below, the court ruled in favor of Nexsan.

Trademark Priority: “Use in Commerce” Legal Principles

Trademark rights may be acquired by filing for registration under the Lanham Act, 15 U.S.C. §§ 1051-72 or under federal trademark common law. Both the Lanham Act and federal common law require that the mark be used in commerce. Even though an individual or business might be the “first to file” a trademark application, that application or subsequent registration can be defeated if another can show priority of their use in commerce. Factors used by courts to determine “use in commerce” include:

  • Actual and consistent use
  • Quantity of use
  • Widespread use of the mark
  • Quality of use — targeted use
  • Use of mark in advertising
  • And more

The general idea is that the party seeking to prove priority must show that its use of the mark created, in the minds of potential customers, an association between that this mark and that party as the commercial source of the particular goods or services at issue.

Trademark Priority: Application of Legal Principles in Nexsan

In the Nexsan case, EMC argued that it had been using the UNITY mark since 2014. EMC pointed to three specific types of use – beta testing with focus groups, pre-sale product presentations and use of the word “unity” on a blog run by an EMC employee. The District rejected these as sufficient to establish priority.

Trademark Priority: Beta Testing as “Use in Commerce”

In general, beta testing of a product may be sufficient to establish prior use in commerce in a priority proceeding. However, in Nexsan, with respect to EMC’s beta testing, the court held that such was not sufficient use in commerce because the focus groups were too small, the testing was done under a shroud of secrecy and confidentiality and because EMC was not consistent with use the UNITY name. In general, for beta testing to constitute “use in commerce,” that testing must reach a sizable proportion of the relevant public. EMC only beta tested with a focus group of 20 businesses. The court found this to be “an insubstantial proportion of this market” where the market was “tens of thousands” of businesses.

More importantly for our discussion, EMC bound each beta tester to secrecy by nondisclosure and confidentiality agreements. Not only were the beta testers bound to the technical details of the product confidential, but also the product name. As such, the court held that EMC actually intended the brand UNITY to remain “non-public” which is the exact opposite of “open and notorious use in commerce.” The court distinguished this from other cases where a mark was used in trade journals to publicize a new product launch. In those cases, priority was held to exist because the trade journal reached a sizable portion of the relevant consuming public and the mark was non-secret and very much “public.”

The nondisclosure and confidentiality agreements (“NCA”) also inhibited EMC from arguing “word of mouth” as evidence of “use in commerce.” The NCAs forbade the signers from publicly discussing the UNITY name even among themselves even, in theory, during the testing. As such, the court rejected an claim the mark UNITY belonged to EMC because of “word of mouth.”

Finally, during the beta testing, EMC was inconsistent with use of the UNITY mark. As the court noted, using different names during beta testing lessens the likelihood that the beta test consumers will associate a single mark with the tested goods. Taken together, the court held the beta testing was not sufficient evidence of “use in commerce.”

Trademark Priority: Pre-Sale Presentations as “Use in Commerce”

For similar reasons, EMC’s pre-sale presentations were also held insufficient to be deemed “use in commerce.” Courts have held that pre-sale demonstrations and presentations and other forms of publicity may be sufficient to establish prior “use in commerce” for priority proceedings. However, many of the same principles discussed with respect to beta testing apply with respect to pre-sale marketing. To qualify as “use in commerce,” such must reach a sizable portion of the relevant consuming public, such must be “open and notorious” and must use the mark consistently.

In Nexsan, the court rejected EMC’s arguments that its pre-sale marketing was sufficient to establish “use in commerce.” First, the court held that EMC’s 84 presentations were not sufficient in a market of “tens of thousands” and held that such did not reach a sizable portion of the market. Second, as with the beta testing, all the attendees to the presentations were required to sign NCAs. Again, this undercut any argument that EMC used the UNITY brand “openly and notoriously.”

Trademark Priority: Blogging “Word of Mouth” as “Use in Commerce”

Finally, EMC argued that its UNITY mark was “widely known” to the public because of blog postings by a blogger known as Virtual Geek, an employee of EMC. However, the court rejected this as a form of publicity. First, Virtual Geek attached a disclaimer to his blog stating that his blog was “purely personal in nature” and that his blog articles were not authorized by EMC. As such, the blog-reading public would not see, in the blog posts, a commercial intent by EMC to create a brand. Second, according to the court, various Virtual Geek references to “unity” would not have been seen by the blog-reading public as being references to EMC’s UNITY product. Taken together with the disclaimer, Virtual Geek’s blogging activity was not evidence of EMC’s use in commerce of the UNITY mark. In the end, EMC lost out and the court awarded trademark priority to Nexsan.

As can be seen by the Nexsan case, there is an interplay between keeping product development confidential and needing sufficient public awareness to create a brand. EMC would have been wise to consult trademark attorneys during their beta testing.

Trademark Priority: Contact Revision Legal

If you need more information about trade secrets and trademarks or have other questions about business law, internet law, data breaches and other legal issues related to IP, contact the lawyers at Revision Legal. We can be reached by email or by calling us at 855-473-8474.

 

You Might Also Like:

The US Trademark Registration Process

Intent-To-Use Trademark Applications

The Trademark Registration Process

Affirmative Defenses to Allegations of Trademark Infringement

Lessons in Trademarking Trade Dress: Apple vs. Samsung

Lessons in Trademarking Trade Dress

The long-running legal battle between Samsung and Apple over the shape of their respective smart phones provides some interesting lessons regarding trade dress law and how common law trade dress rights work. See news article here.

Apple vs. Samsung: Design Patents and Trademarks for Apple’s iPhone

In 2007, Apple, Inc. brought to market its first iPhone. It was very popular with consumers. The iPhone is a smartphone which, in general, is a cellphone “with a broad range of other functions based on advanced computing capability, large storage capacity, and internet connectivity.” See Samsung Electronics Co., Ltd. v. Apple Inc., 137 S. Ct. 429 (2016).

Apple sought and obtained several design patents including a patent covering a black rectangular front face with rounded corners, a patent covering a rectangular front face with rounded corners and a raised rim, and a patent covering a grid of 16 colorful icons on a black screen. At the same time, Apple also obtained trademark registration for some aspects of the trade dress of the iPhone, particularly the icon array.

Samsung also manufactures smartphones. After release of the iPhone, Samsung began manufacturing and selling a series of smartphones that resembled the iPhone in appearance. Apple sued, claiming infringement of the design and utility patents and also sued for trademark infringement based on theories of dilution. After trial, a jury agreed that Samsung had infringed Apple’s design and utility patents and awarded Apple $399 million. That award was reversed by the US Supreme Court in 2016 and remanded for further proceedings.

The jury also agreed with Apple on the trademark dilution claim and awarded Apple over $290 million. However, that award was reversed by the Ninth Circuit Court of Appeals. See Apple Inc. v. Samsung Electronics Co., Ltd., 786 F. 3d 983 (9th Cir. 2015). The case is now headed towards its fourth jury trial.

Apple vs. Samsung: Legal Principles of Trade Dress and Trademark

The Lanham Act governs trademarks and trade dress. And, just like a trademark, it is possible to obtain federal registration trade dress. In general, “trade dress” can be conceived of as the way in which a product or service is packaged or presented. In general, the view is from the “totality of elements.” The purpose of trade dress is the same as that of trademarks generally: to identify the source of the product.

However, courts have long balanced the trademark protection for “source identification” against the need for competition. In theory, a trademark will last forever — a perpetual monopoly — as long as the mark is used in commerce. As such, a registration that protects trade dress will not be allowed if the trade dress diminishes competition or gives the owner of the mark some competitive advantage. This leads to a requirement that the trade dress be nonfunctional. See Qualitex Co. v. Jacobson Prods. Co., 514 U.S. 159 (1995).

In general terms, courts have held that a product feature is “functional” if the

  • Function is essential to the use or purpose of the product
  • Function affects the cost or quality of the product
  • Function has some utilitarian advantage
  • Function has some other competitive advantage
  • Product works better in the particular shape or design

Apple vs. Samsung: Unregistered Trade Dress Held to be Functional

The ability to sue for trademark infringement/dilution does not require registration of your trademark with the US Patent & Trademark Office. One of the more interesting aspects of the Apple/Samsung case was Apple’s assertion of dilution with respect to unregistered trade dress. According to the Ninth Circuit case cited above, Apple’s asserted unregistered trade dress was described as follows:

“A rectangular product with four evenly rounded corners;

a flat, clear surface covering the front of the product;

a display screen under the clear surface;

substantial black borders above and below the display screen and narrower black borders on either side of the screen; and

when the device is on, a row of small dots on the display screen, a matrix of colorful square icons with evenly rounded corners within the display screen, and an unchanging bottom dock of colorful square icons with evenly rounded corners set off from the display’s other icons.”

The legal effect of not having this trade dress registered on the principal federal trademark register is twofold:

  1. The evidentiary burden of proof is placed on Apple to prove that the trade dress, taken as a whole, is not functional AND
  2. No presumption of trademark validity

Under Ninth Circuit precedent, four factors are used in considering whether trade dress is functional:

  1. Whether the design yields a utilitarian advantage
  2. Whether alternative designs are available
  3. Whether advertising touts the utilitarian advantages of the design, and
  4. Whether the particular design results from a comparatively simple or inexpensive method of manufacture

On each of these factors, the Ninth Circuit found that the iPhone trade dress was functional.

  • On the first factor, the court found there to be several utilitarian advantages. The rounded corners of the iPhone improved “pocketability” and “durability.” Further, the rectangular shape maximized the size of the display screen and the size of the corresponding texts or video or photos shown on the screen. Further,
  • On factor two, Apple failed to identify any alternative designs that were as utilitarian.
  • Likewise, Apple’s advertising subtly touted the advantage of the smooth surface, the size and icon configuration that allowed easy “thumbing” and the shape that fit easily in the hand.
  • On the final element — simple or inexpensive method of manufacture — Apple again lost. Because this trade dress was unregistered, Apple had the burden of proof and Apple had provided no evidence on this point.

Taking the factors into consideration, the Ninth Circuit held that the iPhone’s trade dress was functional and, thus, not entitled to trademark protection.

Apple vs. Samsung: Registered Trade Dress Also Held to be Functional

Apple also asserted that Samsung infringed/diluted Apple’s trade dress that was registered with the USPTO. Legally, federal trademark registration provides “prima facie evidence” of non-functionality and also places the burden of proof on the challenger — Samsung in this case. The “prima facie” evidence can be overcome. If sufficient evidence is produced demonstrating functionality, trademark registration loses its evidentiary significance.

Apple asserted registered trade dress for the each of and for the combined array of 16 icons on the iPhone’s home screen as framed by the iPhone’s graphic display of a rounded-rectangular shape with silver edges and a black background. For example, the design features of the first icon depicted the letters “SMS” in green inside a white speech bubble on a green background. There was/is a separate description for each of the sixteen icons.

The Ninth Circuit quickly concluded that the trade dress for the iPhone’s icons were functional. The court noted that Apple’s own expert from the trial testified that the interface on the iPhone promoted usability. The expert testified: “the whole point of an icon on a smartphone is to communicate to the consumer using that product, that if they hit that icon, certain functionality will occur on the phone.” As such, the Ninth Circuit held the trademark registration to be invalid on the grounds of functionality.

Applicable Lessons Learned

With more money and lawyers than most companies in the world, the trade dress troubles of both Apple and Samsung evidence the difficulty in obtaining trade dress protection. Due to this difficulty, it is important to work closely with an attorney if you are seeking trade dress protection or registration. An attorney can provide you with advice on how to advertise your product to ensure that you can seek and maintain trade dress protection.

Contact Revision Legal

If you need more information on trade dress, trademark law, or have other questions about trademarks, contact the lawyers at Revision Legal. Revision Legal offers a wide array of legal services related to internet law, intellectual property and business law, including all services related to trademarks. We can be reached by email or by calling us at 855-473-8474.

You Might Also Like:

What is the Supplemental Trademark Register?

The Trademark Registration Process

Affirmative Defenses to Allegations of Trademark Infringement

Intent-To-Use Trademark Applications

nonconsensual pornography

Dealing With Online Harassment and Nonconsensual Pornography

One thing attorneys may not learn in law school is that there are a lot of scumbags in the world. If you are lucky, a scumbag will let you know their character immediately. In other cases, even the most jaded cynic can be caught off guard.

Because of the imagined anonymity of the internet and the ease of sharing videos, photos, and other information, a scumbag can invade your privacy and attempt to disrupt your life in several ways. One of the most disgusting invasions of privacy is often referred to as “revenge porn”. That term is inaccurate. We will refer to this insidious reversal of intimacy or invasion of privacy as “nonconsensual pornography” for the remainder of this article.

Nonconsensual pornography may be distributed by someone the victim knows and trusts, but it is increasingly spread by someone who surreptitiously gained access to the victim’s electronic devices to steal intimate information, often photos or communications. Such scumbags are sometimes motivated by greed, blackmailing their victims, but they might also have almost no apparent motivation. The lack of an obvious motive and the subversion of trust make nonconsensual pornography a virulent attack. We have brought cases on behalf of many clients, from all walks of life, who have found themselves victimized by someone spreading nonconsensual pornography.

In our view, our clients cannot be made whole again. It is impossible to undo the trauma and other damage many of our clients have suffered. What we consistently can do is curb the spread of nonconsensual pornography, identify the source, and make the scumbag pay monetary damages in a meager attempt at repairing the damage the scumbag has caused. When we are litigating other cases, like a copyright dispute, there are often reasonable arguments in favor of both sides. That does not happen with these cases. When we identify a scumbag, we do everything in our power to put the screws to him. Let us not pretend that “scumbag” is a gender-neutral term. In our experience, the scumbag has always been a man. In some cases, it is a male agent working for a corporate entity that should have prevented the invasion of privacy, such as an internet service provider (ISP) or a cell phone service provider. In yet other cases, the scumbag is someone in a position of authority, like a police officer, abusing his access to a victim’s electronic devices.

It is frustrating to see people writing about the culling of prominent male media figures accused of sexual harassment as though it is anything but evidence of an ongoing, systemic problem. Anyone working in media law who handles cases involving nonconsensual pornography will tell you, this is nothing new. In 1984, the United States Court of Appeals for the Fifth Circuit considered Hustler’s publication of stolen photographs. Wood v. Hustler Magazine, Inc., 736 F.2d 1084, 1085 (5th Cir. 1984). The stolen photographs belonged to a husband and wife who shot the film while bathing nude in a river. Id. The plaintiff’s neighbors stole the photographs, forged a consent form, and submitted images of the wife to Hustler with fabricated information concerning the wife’s fantasies, which published the images. Id. at 1086. The couple first learned of the publication through friends. Id. The wife received “a series of obscene telephone calls after the magazine appeared.” Id. Applying Texas law, the Fifth Circuit approved the district court’s award of $150,000 holding that the publication of the photo with the fabricated information invaded the wife’s privacy by placing her in a false light. Id. 1093.

More than three decades later, a fair number of people carry a video camera in their pockets able to upload and download video with little thought. As digital storage becomes cheaper, people archive and forget about a staggering amount of data. If you have ever done any “hard drive archaeology,” you were probably surprised at some of the artifacts you located. Because even carefully guarded machines can be compromised and people you trust to have access to those machines might prove themselves unworthy of such trust, it can be impossible to guard intimate images, video, chat logs, and other information that you might not even know exists.

On December 1, 2017, the New Yorker published an article concerning a high-profile lawsuit between an accomplished “rising young writer” and her ex-boyfriend, who claimed that he was entitled to enjoy some of the financial success of the young writer’s first novel because she had allegedly plagiarized portions of the novel from his writings. The plaintiff, who had purchased the writer’s old laptop, obtained intimate images and chat logs from the computer. During negotiations between the parties, The New Yorker reported that the plaintiff’s law firm sent the writer’s attorneys a draft complaint “that it said it was prepared to file in court if the two sides did not reach a settlement.” According to The New Yorker, the draft complaint included a section titled “[The Writer’s] History of Manipulating Older Men,” which began with “evidence shows that [the writer] was not the innocent and inexperienced naïf she portrayed herself to be . . . .” The article stated that the complaint included thirteen pages comprising “screenshots of explicit chat conversations with lovers, including [a nude photograph of the writer she sent] to a boyfriend, explicit banter with people she’d met online, and snippets of her most intimate diary entries.” An accompanying letter from the ex-boyfriend’s attorneys included even more intimate material. Shortly before the article published, the writer’s attorneys filed its own lawsuit alleging that her ex-boyfriend had abused the legal process to “extract millions of dollars by intimidation and threat.”

This dispute illustrates how a person might create nonconsensual pornography without intending to by not deleting chat logs or otherwise. It also demonstrates that nonconsensual pornography may not only be used for revenge. According to the writer’s legal team, the ex-boyfriend above threatened publication of nonconsensual pornography and other intimate details about the writer to extract money from the writer after she earned a staggering advance on her first novel. You might not have received “close to two million dollars” for your first novel, but, if you have been affected by nonconsensual pornography, you may have more options than you think.

Privacy laws differ by state, and the application of one state’s laws over another can profoundly affect the outcome of a litigation. For example, some states do not recognize claims for false light invasion of privacy, which was the claim considered by the Fifth Circuit in the case discussed above. Other states have enacted legislation to protect victims of nonconsensual pornography with criminal statutes. If the material at issue was created by the victim, copyright law can be an effective way to remove material from the internet. In part, because the Communications Decency Act (CDA) largely immunizes ISPs from liability arising out of content posted by third parties using an ISP, the legal issues surrounding nonconsensual pornography online are complex. If you have been victimized, talking to an attorney who understands digital media as well as your goals can be a helpful step in understanding your options.

Amanda Osorio contributed to this article