Smartphone theft on the rise with no smart solution in sight.

Part 1.  As 2011 came to a close, New York City boasted its lowest crime rate ever, with murders and other violent crimes at lowest levels since good records were kept. However, smartphone theft is on the rise in the Big Apple, with iPhone theft taking the biggest bite.

According to an NYPD study, about 8,000 robberies in New York City over the first 10 months of 2011 involved mostly cell phones, with the iPhone accounting for over 70% of all stolen cell phones, i.e. in NYC alone, there’s at least one iPhone being stolen your every waking hour.

Reports of this alarming trend focus on worthless aspects of the problem, from expressing astonishment that these thefts surpass cash or other similar thefts to providing the basic advice to not flash your iPhone in crowded places, to finally reporting increased NYPD presence in buses and subways.

Indeed, at first glance, this appears to be an old problem with an old solution – petty theft – like getting your wallet stolen when it’s peeking out of your pocket or like getting your purse or jewelry snatched when unattended or in plain view. Certainly, increased police presence in high occurrence areas, albeit a knee jerk reaction, will reduce theft in those areas. Unfortunately, it’s not an economically sustainable solution and moreover not applicable to all scenarios where these thefts occur.

Further, educating people to be more precautious with their belongings additionally reduces such occurrences. However, New Yorkers have always been vigilant, fostered by our history of crime, starting from industrialization through the 80s, and amplified by our more recent misfortunes. Every New Yorker or any other modern urbanite for that matter, habitually keeps purses close to the body, and wallets and jewelry well concealed and “if you see something you say something.” People don’t carry much cash or cards anymore, which are easily and quickly canceled with a simple phone call. Admittedly, over the years, from being more vigilant to carrying fewer valuables, such precautions have reduced thefts on subways and buses and elsewhere.

Yet, despite these long standing measures, smartphone theft is on the rise, and will only continue to grow. Only time will confirm the shortcomings of the present solutions, in part deficient due to the mischaracterization of the problem as requiring the same old solution. Thus, until this new problem will be recognized as such, present attempts at solutions and precautions will fall short and smartphone theft will only increase.

The key to understanding the problem is examining the differences between smartphones and other personal valuables. Specifically, the benefit of stealing a smartphone versus stealing most other personal valuables will usually outweigh the cost. Understanding the differences is even more significant when crafting an adequate solution, if the word smartphone is any indication.

First, the relevant distinction is best illustrated by the cost/benefit analysis of stealing any small personal item. Generally, precautions taken to safe keep small personal items make it more difficult for a thief; thereby the benefit of pursuing the theft must be significantly higher. The cost includes factors such as the difficulty in parting the item from possession, the time it takes to take possession, the likelihood of getting caught. The benefit is simply the value of the item, i.e. money acquired from fencing the item. Notably, the benefit aspect in petty thievery is a gamble, as the value is usually not easily ascertainable, i.e. the amount of cash in the wallet, or authenticity of the jewelry may not be easily or definitively gleaned.

Conversely, for smartphones, the cost/benefit analysis usually comes up all benefits. The cost remains the same or, in some instances the cost of theft is reduced as smartphones are ubiquitous parts of our daily lives and are hardly ever concealed. Notwithstanding, the benefit is usually significantly higher, thereby usually outweighing the cost. At the very least, the value of the target item is easily ascertainable. An experienced thief or any smartphone techie connoisseur would quickly be able to approximate the value of a smartphone. Finally, a smartphone is easily resold, and not even necessarily on the black market (more on that later), for hundreds of dollars, ranging anywhere from $200 to $800 depending on the phone.

To Be Continued…

Forever 21, the fashion copycat that always lands on its feet.

Anna Sui Spring 2007 RTW | Forever 21 Maven Top

Fashion undergoes constant change with a regular recycling of trends, from bell bottoms and peasant blouses to shoulder pads and tweeds.  Designers seldom come up with entirely unique pieces; most new items are inspired by predecessors.   Copying each other’s designs and trends is usually nothing more than an IP faux pas but Forever 21, a relatively new clothing retailer, has been creating more waives than usual.  However, despite 50+ lawsuits in the past few years, Forever 21 is successfully forging on.

Fashion design in U.S. receives the least amount of intellectual property protection of all the other artistic industries, unlike music and film and U.S. seems to be lagging well behind other fashion leading countries.  Fashion law seems to be an emerging field as the United States is experiencing a fashion culture growth and many in the industry are looking forward to a change for the better.

Presently, trademark law seems to offer the most protection of fashion design since virtually most clothing items incorporate labels at least on the interior.  Copyright law protects the patterns on fabric; Patent law can play a role in protecting functional aspects of fashion, such as novel purse clasps or zippers.  Other than that, there’s really not much stopping knock-offs of new designs in the U.S.  Council of Fashion Designers of America has been lobbying for more design protection and the pending Design Piracy Prohibition Act aims to protect unique and original designs by giving the designers the ability to copyright the structure of a design with the protection lasting a minimum of three years.

In Europe, fashion designs receive much more protection.  The current French copyright system makes specific provisions for fashion works; this protection traces its origins back to the Copyright Act of 1793, which classified fashion as applied art.  In England, garments are afforded protection against copying as long as the designer can show that her product derives from work susceptible of protection under the Copyright Act of 1956.  If a fashion designer copyrighted drawings or sketches, then those drawings or sketches are protected against copying.

In the United States the concept and design of clothing is left unprotected.  Clothing is often photographed on a runway, emailed to manufacturers overseas for copying and shipped to U.S. retailers months before the designer versions hit the stores.  This practice attributes to the success of the many new lower end fashion retailers such as Forever 21, Wet Seal and H&M but not without pushback from major fashion designers.

In the past two years Forever 21 had been sued at least 33 times for crossing the line between imitating and copying.  Forever 21 operates a chain of 355 retail stores in the U.S. and has undergone rapid expansion in the past few years, opening an estimated 90 new stores each year.  The clothing chain made more than $1 billion in sales from March 2006 to March 2007.

Forever 21 Soho

One of the earlier law suits filed against Forever 21 was in 2006 where they were one of many defendants that eventually settled with Levi Strauss and were dismissed from the lawsuit.  The one remaining defendant was found liable in April 2007 for copying jean pocket stitching trademarked by Levi Strauss.

Less than a week after the Levi Strauss case, Anna Sui filed a complaint against Forever 21 alleging that the “Defendants had copied numerous of Sui’s most recent Sui Designs and that Defendants had made an ongoing practice of such copying from a number of recent collections, since at least late 2005.”    The copied designs ranged from copyrighted fabric prints to embroidery.

Since then other prominent designers such as Diane von Furstenberg, Gwen Stefanie, Anthropologie, Bebe and Trovata filed a string of similar lawsuits, some of which are still pending today.  Most have either settled or decided before proceeding to trial.  The Trovata case was one of the first to proceed to trial.

Trovata v. Forever 21

The Forever 21 shirts are on the top row, Trovata’s are on the bottom.

Photo: Courtesy Photo

Even though the picture above shows identical copying, these types of patterns and structural designs, i.e. the placement of buttons, are not protected by copyright law.   Unlike other lawsuits brought against Forever 21 in recent years, the Trovata suit does not allege copyright violations.   Trovata’s suit focuses on Forever 21’s copying of its unique button placements, decorative stitching, fabric patterns and other details, constituting trade dress infringement.

Trade dress is a legal term of art that generally refers to characteristics of the visual appearance of a product or its packaging that signify the source of the product to consumers.   This form of intellectual property protection has previously been used to cover certain fashion designs but is difficult to apply in this case.  To receive trade dress protection the item must be distinctive and non-functional (example, coke bottle – shape is distinctive, but is not the only efficient way to shape a beverage container).

With not much law to lean on, attorneys for both sides commenced a battle of the metaphors.  Trovata’s attorney compared the clothes to music, saying “Much the same as a music composer, [the designer] takes notes, chords, sharps and flats and combines them and arranges them to make original music.”  Forever 21′s attorney Bruce Brunda chimed back:  ”Much like a recipe for something like apple cobbler, Trovata is saying they didn’t invent the apples or the cinnamon or the sugar, but they are claiming the right to the combination.”

The case ended without much awaited precedent.  The U.S. District Court judge declared a mistrial on May 27,2009 due to “irreconcilable differences” among the members of the jury.

California Apparel News reported:

A U.S. District Court judge declared a mistrial early on May 27 in the trade dress suit filed by contemporary brand Trovata against fast-fashion retail giant Forever 21 Inc.

Judge James V. Selna dismissed the jury after it failed to come to a decision. The jury had been deliberating since May 21.  Trovata attorney Frank Colucci said he will request a new trial.

Once again Forever 21 gets out relatively unscathed much to the industry’s dismay but more likely than not, this won’t be the last attempt to make Forever 21 play by the rules, coded or otherwise.

Facebook apps – you’re doing it wrong!

“[W]eb cognoscenti tend to think that people who worry too much about privacy are sentimentalists who should grow up.”

(See “Do you own Facebook – or does Facebook own you?” by Vanessa Grigoriadis, San Francisco Sentinel, April 8, 2009).

As someone having dabbled in both programming and law, this “cognoscente” respectfully disagrees.

My curiosity first arose when I advised a Facebook app developer on the adequacy of their privacy policy.  “We don’t store any info we gather from Facebook like the other apps, we’re good about that.”  I was a little shocked at first.  Info gathered from Facebook? What?  “Yeah, through Facebook APIs, everybody does it.”  Because I’m an avid Facebook user myself, and one that is professionally familiar with APIs I was a little concerned.  How come I didn’t hear of this before?!  I got on Facebook and started poking around.

I decided to add a facebook application to my profile and this is the screen that came up:

“By proceeding, you are allowing LivingSocial to access your information and you are agreeing to the Facebook Terms of Use in your use of LivingSocial.”

LivingSocial doesn’t have their own privacy policy.  This is what Facebook has to offer in terms of notice:

1. It tells you that the app will have access to “content that it requires to work” and
2. links you to the Facebook Terms of Use (ToU) (which was updated as I was writing this post on May 1st , but thanks to google caching can be found here )

I think a regular user will safely assume that “content that it requires to work” is general information not including much else than your facebook user ID and your name, but that’s not the case.  (More on that later)

Facebook Terms of Use
or as it’s presently called, Statement of Rights and Responsibilities.

The first clause is a brief description of and a link to their Privacy policy.

The rest of the clauses don’t really address what information is available to facebook apps.

The new version has a developers provisions clause which asks the developers not to use the collected data in unintended ways.  It also mentions Platform Guidelines.

OK, so after clicking around I finally stumbled upon their Platform Application Terms of Use which stated:

PLEASE NOTE: Facebook Platform does not give Developers access to your e-mail address, personal website, instant messenger ID, telephone number or street address (”Contact Information”). Facebook will only disclose your Contact Information to third parties in accordance with the Facebook Privacy Policy.

The Facebook terms of use continiues by explaining that “[t]he Facebook Platform is a set of APIs and services provided by Facebook that enable third-party developers.”

Well that’s presumptious of them to assume that everyone knows what that means so in case you’re in the minority that doesn’t, here’s a feeble attempt at an explanation.

In geek talk, API stands for Application Programming Interface.  In lesser geek talk, a Facebook API is a set of routines that Facebook makes available to outside programs (facebook apps like TopFriends, ComparePeople, Superpoke, Quiezzes etc).  How does it work exactly?

(Feel free to skip the following if you’re getting sleepy.)

Let’s say Facebook is a hospital and the users are the patients.  API’s would be the various employees of the hospital such as receptionists, nurses, doctors of varying specialties, medical billers, janitors, physician assistants, security guards etc.

Each employee at the hospital has a specific task to perform, and for the sake of analogy let’s say they only perform a single task.  A cardiologist will only give you patient’s heart statistics, a receptionist will only give you the patients basic information like name, address, social security etc., a medical biller will only tell you if a patient is covered by medical insurance or is self-pay.

The Facebook applications are visitors of the hospital but for the sake of analogy let’s assume they’re not mostly relatives or loved ones of the patients’.  A lot of them are ambulance chasers or Jehovah’s witnesses.

In the Facebook world, the ambulance chasers (Facebook Apps) will query the hospital employees (API’s) and get any information about the hospital patients (Facebook users) they ask for in order to do their job (TopFriends, ComparePeople, Superpoke, Quizzes).  In the Facebook world there’s no HIPAA compliance training that the employees are bound by, there’s rarely even a call to the patient to ask permission to give out some of the basic information.  Certain basic information is available regardless of the user’s privacy settings or consent.  Almost all of the information is available once a patient interacts with a Jehovah ’s Witness or an ambulance chaser just once without agreeing to join their religion or use their legal services.  Ah yes, the Facebook world.

Oh and if you thought you could shield yourself from these API’s by making your profile and all the contents private and only visible to your friends, think again.  Facebook provides API’s that allow the Facebook apps to retrieve your information through your friend.  Once a friend uses a Facebook app, that app can access their info and the info from any friend’s profile that they can view.

The basic information that the application can access once you’ve interacted with it (by simply visiting the apps page, or perhaps commenting on another users activity with the app) is outlined in the Users.getStandardInfo API.  When called, it returns your Facebook specific User ID, first name, last name, time zone, birthday, sex, regional affiliations, locale, and profile url.  But don’t worry, Facebook asks the developer to use this API “for analytic information only” and reminds the app developer that, other than the user id, storing this data for more than 24 hours or for any other use is against the Developer Terms of Service.

We get us some sort of notice about the lowered expectation of privacy but it’s not adequate.  There are other concerned users out there.   Facebook’s policy is vague and cumbersome and it doesn’t properly disclose the risks to its users.  I had to click a few different links and review the APIs documentation to see the exact data available.

What’s to stop these developers from storing the data and using it for other than “content that it requires to work”?  There aren’t many technological safeguards in place, and the only thing that’s really stopping them is the Developer Terms of Service.

When Chris Kelly, Facebook’s chief privacy officer was asked about the situation and the wealth of information provided by the API’s to Facebook apps, he responded with “’So the Indian government knows that you like Bon Jovi, and that’s a threat to national security?’ he asked, laughing.”  (See “Do you own Facebook – or does Facebook own you?” by Vanessa Grigoriadis, San Francisco Sentinel, April 8, 2009).

Yes, perhaps Facebook users aren’t under any immediate danger from India or a hoard of hackers, but that doesn’t mean we should be so lackadaisical with our privacy.   There’s nothing technologically speaking that’s stopping this kind of identity theft.  A lot of these Facebook apps are written and hosted in jurisdictions that don’t have developed privacy laws.  Because your full name, location, sex and date of birth are easily accessed through an API, it wouldn’t be difficult for a hacker to steal your identity.

Even assuming the developers are harmless and good natured, how do we know that they keep their data secure?  I know that to most programmers, in a small to mid-sized software company, data security and software stability is the last thing on their minds.   They are usually busy trying to make the new features run, without failing, before the next update; sales guys are busy putting lipstick on a pig and promising things for the next release; and the boss is mostly concerned with the invoices getting paid.

We can’t expect fancy code solutions with the way things are set up now, and I guess we can’t expect Facebook to screen all of the Facebook developers and vouch for them, but we’re at least entitled to better disclosure of the situation.  It seems to me that it’s only a matter of time before a 21^st century MacPherson brings a lawsuit that will finally impose a duty of care in these situations.  I guess I’ll just quietly go back to “Superpoking” until then.

The Second Circuit revives the trademark lawsuit against Google

Last Friday The Court Of Appeals for The Second Circuit ruled against Google in a previously dismissed trademark case.  The question in this case is whether displaying a competitor’s ad when searching for another trademarked term infringes that trademark.  For example, if I search for “Starbucks,” Google and Dunkin’ Donuts know that I’m looking for a java pick-me-up and could display a Dunkin’ Donuts ad next to the search results.  The courts are trying to decide if this violates Starbucks’ trademark.

Google offers AdWords, their own advertising product, for such searches, which is now their main source of revenue.  AdWords offers site-targeted advertising for both text and banner ads and bills only when the ad has been clicked on. Advertisers can use a keyword suggestion tool provided by Google and bid on certain searched keywords to insure their ads appear alongside the search results.  If you actually search for Starbucks or Dunkin’ Donuts now, you will not see any competitor ads for either of the two of the biggest coffee distributors in the United States –a wise precaution taken by Google until the pending case’s decision becomes final.

Plaintiff Rescuecom is basically the McDonald’s (on a smaller-scale) of computer services. They are based in Syracuse, NY and they have 67 franchises that offer repair, consulting, networking, and Internet services.   In the past, if you entered “Rescuecom” into Google, you would see ads for similar services displayed alongside the search results.  Google argued that using Rescuecom as an AdWord does not constitute a “use in commerce,” which is required to establish trademark infringement.  The Second Circuit disagreed but it’s too early to tell whether public opinion will follow.

The Electronic Frontier Foundation (EFF) explains: “The Second Circuit reversed the lower court ruling and held that recommending and “selling” a mark to an advertiser to trigger a sponsored link could violate trademark law.  Indeed, the Court went further, observing that even product placements could be subject to trademark law if the mark holder could show that consumers were confused.

Most courts agreed that the sale and purchase of another’s trademark as a keyword constitutes a “commercial use” of the mark and until Friday the Second Circuit was one of the outliers.   The decision on Friday didn’t actually decide the question of whether Google is liable for trademark infringement, but the appellate court did remand the case back to the lower court with orders to reconsider its initial verdict.  As EFF suggests, the biggest impact of overruling the 2006 decision, which stated that the act of selling trademarked words does not go against trademark law, is that if you are a trademark owner and Google sells your trademark as part of its AdWords program, then you could take Google to court. EFF further maintains that “Google… could now face an avalanche of similar lawsuits with no easy way to shut them down (instead, they’ll have to go through the expense of discovery and arguing the always difficult question of consumer confusion). But the real losers will be consumers.”

That may be so, but this isn’t the first time a search engine has gone down for something like this.  In Playboy v. Netscape, the Ninth Circuit Court allowed Playboy Enterprises to proceed for trademark infringement because the Netscape service facilitated the infringing activity.  In Playboy Enterprises, Inc., Netscape sold banner advertisements for adult-oriented businesses.  The advertisements were “keyed” to a pre-set list of words, which included the terms “playboy” and “playmate.” The banner advertisements would run along the top or side of the search result page like a banner whenever a user entered a specific search term.  Netscape required the adult-oriented companies that wanted “keyed” banner advertisements to use Netscape’s pre-determined word list.

There are at least four other precedent rulings that specifically opined on whether search engines make a “use in commerce” (American Blinds and 800-JR Cigar), plus another group of cases that held advertisers made a trademark use in commerce when they bought keyword advertising (Edina Realty) but it’s far from an avalanche as EFF would have us believe. And even so, don’t these trademark holders have a right to protect their intellectual property?

Some bloggers and forum posters have questioned Rescuecoms decision to sue.  Where and how do you draw the line as to what is a misuse of a trademark, and what is not?  If we have to depend on the courts every time someone wants to use a word that also happens to be a trademark, the chilling effect on the paid search business model could be significant.  Google can’t expect to know every possible trademarked word, especially something like “Rescuecom” so why is Rescuecom suing anyway?  Why bring this seemingly frivolous suit?  While the answers to most of those questions aren’t plain, at the very least the Lanham Act can be looked to for guidance on the last question.

The Lanham Act forbids a competitor from luring potential customers away from a producer by initially passing off its goods as those of the producer’s, even if confusion as to the source of the goods is dispelled by the time any sales are consummated.  This bait and switch of producers, also known as initial interest confusion, will affect the buying decisions of consumers in the market for the goods, effectively allowing the competitor to get its foot in the door by confusing consumers.

Why is it important to sue infringers?  The Lanham Act suggests that if you don’t put your foot down and defend your mark it may get away from you and/or become generic, i.e. too much fame and too little distinction.  Trademark owners must maintain adequate quality control of the goods or services provided. If the mark owner improperly uses its mark in a generic manner or allows others to do so, the consuming public may also describe the product or service in this form which sometimes results in a loss of right. For example, Kleenex is a great product and a great name, but in the store there are similar products, not made by Kimberly-Clark Worldwide, that you might easily call Kleenex without knowing the erosion you’re causing.  Other lost trademarks include aspirin, nylon, cellophane, escalator, linoleum, and zipper.  They have become common nouns having once been proper nouns.  Dixie Cup, Fiberglass, Jell-O, Band-aid, Laundromat, Magic Marker, Microchip, Ping Pong, Post-It Note, Scotch Tape, Super Glue, TV Dinner, and White-Out technically still have to be capitalized.  Spam is fading fast. When the noun becomes a verb it is well on its way to becoming generic.  Xerox tried to stop people from using its name as the verb meaning “to photocopy” but they chose too catchy a name.  Even Google faces the same problem, but how are they going to stop me from googling things if I want to?

Perhaps Rescuecom isn’t in any immediate danger of losing its trademark rights but care has to be taken early on.  Failure to police infringers can lead to loss of rights as unauthorized uses erode the mark’s strength and may cause the mark to become generic and abandoned. A trademark property right is not absolute and the owner has to take precautions such as making sure to set the trademark apart from other words appearing nearby, to use it only as an adjective and never a noun or a verb and make sure people are using your trademark correctly.  Suing Google for this allegedly infringing practice is one of Rescuecom’s most effective strategies for securing and maintaining rights in their trademark.