Sunday, November 24, 2013

GoldieBlox Sues Beastie Boys for Declaratory Judgment of Non-Infringement

Earlier this week, a new product out on Kickstarter called GoldieBlox - a toy aimed at engaging young girls in engineering - made a pretty brilliant music video as an advertisement. The video features a parody of the song "Girls" by the Beastie Boys:

As reported by TechDirt:
The whole point is to mock the message of the original song, with its famous refrain: "Girls - to do the dishes; Girls - to clean up my room; Girls - to do the laundry; Girls - and in the bathroom; Girls - that's all I really want is girls." The new one switches it to: Girls - to build the spaceship; Girls - to code the new app; Girls - to grow up knowing; That they can engineer that; Girls - That’s all we really need is Girls." The point is pretty clear. Parody the original song to highlight how ridiculous that stereotypical image of girls is -- and, of course, highlight how the kinds of toys that GoldieBlox makes can be useful in learning. 
I'd like to reference, once again, what is likely one of the controlling case in this instance - the famous Campbell v. Acuff-Rose. Centrally, in that case, 2 Live Crew sampled Roy Orbison's "Pretty Woman" in a highly parodic fashion. The Supreme Court performed a fair use analysis, which has the following four factors:

(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or value of the copyrighted work.

The Court relied heavily on factor four in remanding the case to a lower court to make a better fair use determination. Specifically, the Court determined that a hip-hop parody of a country song would likely have negligible effect on the market for the original song. The lower court, however, basically glossed this analysis in finding for infringement. The case was sent back down, and it was settled, likely because Orbison knew he was fighting a losing battle.

I genuinely cannot conceive of a negative market influence on the original Beastie Boys song as a result of the GoldieBlox remake. That, in addition to the fact that this GoldieBlox is explicitly an educational toy should weigh very heavily in favor of GoldieBlox.

The Beastie Boys' lawyers would be wise to very, very quickly issue a sincere apology, withdraw their threat, offer a zero cost royalty, and make a contribution to the GoldieBlox kickstarter. Either that or come off looking like a bunch of misogynist bullies - and hypocrites, as they are still defending a copyright infringment lawsuit over that same album. I very, very sincerely hope that the original threat letter sent to GoldieBlox was the result of an overzealous (and clueless) lawyer acting without approval from the band members - because if the band members were involved, well, that could conceivably have a market impact on the Beastie Boys, and a very negative one at that.

You can read the complaint here. Note that GoldieBlox is represented by Orrick, who are not to be trifled with, and they have requested a jury trial. I cannot imagine trying to argue to a jury that GoldieBlox was not a fair use of Girls, and I would certainly have a panic attack when the lyrics comparison charts came out:


Friday, November 8, 2013

Artist Suing Jay-z Over Sample - I Hope it Goes to Trial

The long-short of it is that some artist is suing Jay-z over a sample included in Blueprint III. The details are almost irrelevant, because I cannot fathom how this falls outside of the scope of fair use. From what I've seen, and correct me if I'm wrong, the only reason people get away with suing in nonsense cases like this is because it is easier and cheaper to settle than to actually litigate to verdict.

HOV has the resources to litigate, however, and it would be nice to see copyright sample trolling of this sort simply put to bed altogether. It's a nonsense claim and very frustrating to see it reported on as if Jay-z was somehow a bad actor. It would be great if Campbell v. Acuff-Rose was unambiguously expanded to samples of all sorts, not merely parodic samples.

Tuesday, November 5, 2013

3D Printing 'Encryption' to Hide Contraband Objects Seems Really Overhyped

Tl;dr Yesterday, on Forbes.com, this article ran about using 'encryption' to hide contraband objects in 3D printer blueprints. I think this claim is designed to incite moral panic, and is also an incorrect one. Centrally, distribution channels for contraband already exist online, and this so-called 'encryption' will add no value to that ecosystem.

The central claim of the Forbes article:
If 3D printing companies and government agencies hope to police the spread of dangerous or pirated digital shapes, their task is about to get much more complicated. 
Late last month Matthew Plummer-Fernandez, the 31-year-old creative technologist for Goldsmith College’s Interaction Research Studio at the University of London, released what he’s calling ‘Disarming Corruptor,’ a piece of free software designed to distort 3D-printable blueprints such that only another user with the app and the knowledge of a certain key combination can reverse the distortion and print the object. That means any controversial file–say, a figurine based on Mickey Mouse or another copyrighted or patented shape, or the 3D-printable gun created earlier this year known as the Liberator–could be ‘encrypted’ and made available on a public repository for 3D-printing blueprints like the popular site Thingiverse without tipping off those who would try to remove the file.

On the left are the blueprints for the now-notorious "Liberator," the first 3D printable gun. (Note: it is a really crappy gun.) On the right is the 'encrypted' version of those blueprints. Using the software created by Plummer-Ferndandez, if you have the correct decryption key, you can turn the blobby thing on the right into the gun on the left. And, because the blobby thing on the right is visually meaningless, MakerBot would never ever realize it was a gun, so they would never take it down from ThingiVerse.

However, if MakerBot doesn't recognize that the thing on the right is a Liberator... then how are other users, who want to find the Liberator, going to realize this either?

They are already going to have to know, somehow, that this particular file is the Liberator. Which means they will already have to have been given this information, and, supposedly, the decryption key from a third party. Likely on an online forum of some sort. Where people can post files.

So why not just post the Liberator blueprints to that forum in the first place? There are already myriad places on the internet where people can and do post contraband material that are well beyond the reach of US corporations and law enforcement. So encrypting the file is a wholly unnecessary step.

Here's an analogy: I would never go to the iTunes store to download 35 minutes of static that becomes an episode of VEEP with a magic key. So why would I go to Thingiverse to do the same? And why would someone who knows they are selling illegal goods would want to do it in someone else's store - a store with security? No one is selling knockoff iPhones at the Apple store. And it is not like this filetype can only be posted to Thingiverse - it can be posted anywhere. So there is actually a disincentive to post known contraband to Thingiverse - even if encrypted.

Distribution channels for contraband material already exist. They are called black markets - or, in internet parlance, pirate sites. Adding this 'encryption' is a completely redundant step. When you go up to an unlabeled white van and buy a pair of speakers you aren't handed a mess of shattered plastic and a glue gun with the instructions "some assembly required." Rather, they take your money, hand you a pair of Harmon Kardons, and drive off. Similarly, try searching for your favorite show online: I bet you can find it and no encryption will be involved. Accordingly, encryption is not necessary for sharing .stl files, the filetype used for 3D meshes. There is no reason that .stl should be unique as compared with literally every other file type currently being illegally distributed.

Additionally, it is not the mission of 3D printing companies to police the actions of all of their end-users. Though they have a strong policy goal and public interest in trying to prevent the spread of contraband 3D blueprints over the internet, it is their primary legal goal not to become suppliers of infringing or illegal material themselves. If MakerBot discovers that a particular weird blob looking thing is getting downloaded with alarming regularity, or based on a user report, my suspicion is that MakerBot has the capacity to perform an investigation and remove the questionable material from Thingiverse.

This 'encryption' adds absolutely nothing novel to the ecosystem of transporting contraband across the internet. Forbes may, in fact, be right that it will be increasingly difficult for law enforcement to police the production of contraband with 3D printers in the near future. However, this 'encryption' will have probably have played no role. Rather, as 3D printers spread, so will 3D printing.

Monday, November 4, 2013

Third Party IP Infringement Liability & You: What You, as a Contract Developer, Should Know

A while back I had a post on Contract Drafting for Software Development Agreements. Today's post is a followup, specifically about the issue of Third Party IP Infringement Liability.

If you are someone who offers engineering or design services on a contractor basis, or work for a firm that does, there will almost certainly be a series of clauses in your contract regarding third party IP infringement indemnification. That's a big legalese mouthful, but it is potentially the most expensive part of your agreement, so it should be negotiated carefully.

Essentially, when a service provider indemnifies a client over third party IP infringement claims, the provider is stating that the work-product it delivers doesn't infringe anyone else's copyright, trademarks or patents. Copyright and trademark is pretty easy to cover, as long as you are not using uncredited stock photos or rival company's logos.

Patent infringement is much trickier. There are millions upon millions of patents issued, and as we learned from This American Life, a patent from 1999, predating the first podcast by several years, actually apparently does cover podcasts themselves. As a result, it is very, very hard to know if one is infringing third party patents.

And patent damages can be extraordinary. Many, many multiple times the value of an underlying services contract. This is why you need to be particularly careful when making representations about third party IP infringement. So, from the point of view of a service provider, here are a few ways to limit your exposure (if you are a client, then you will be coming at this from roughly the opposite perspective):

1. Disclaim all third-party IP infringement warranties. If you can get this provision, you probably don't need any further advice, because you are well known in your field and have substantial bargaining power. However, sometimes a client will be willing to accept this condition, so if the initial contract is silent on this issue, this may be the place to start negotiation.

2. Offer third-party IP infringement indemnification only over knowing or negligent violations. Basically, this means that you will not be on the hook for "strict liability" infringement. This is essentially the situation in the podcast story above, where no one had any idea that their techniques fell into the scope of the patent until they were hit with a demand letter. You'll only be on the hook for infringing patents you know about or should have known about. That latter part can get tricky, because then the question is "well should you have known about that?" This inquiry will get into how much of an expert you are in your particular field, how much a particular patent or lawsuit has been in the news, etc. However, it is still a pretty strong standard.

3. Limit your total indemnification liability. This is often the easiest solution. Typically damages under an agreement, no matter what form in which they occur, should have a cap. Often times, however, indemnification liability is specifically exempted from this cap. So, for instance, if there is an liability cap of $1,000,000.00 on an agreement, and you show up to your client's office and blow up a $2,000,000.00 piece of machinery, you are only on the hook for the initial $1M. If, however, indemnification liability is exempted, and it turns out you deliver work that infringes a third party patent, your liability could be limitless. Liability caps commonly used in developer agreements range from a negotiated, fixed price, to the fees paid to the consultant over a given period of time (trailing twelve months, trailing two years), the total fees paid to the consultant, or a multiple of any one of those. Additionally, there should be a sunset provision on this indemnification liability, meaning you will no longer be on the hook for these types of claims two, three, five, etc., years out.

4. Negotiate at what point indemnification liability obligations become active. Some clients will want you to indemnify them for claims as they arise, which means you will be on the hook for every crank and potentially baseless infringement claim your client receives. Other possible solutions include having indemnification obligations become active upon the breach of an IP warranty, i.e., proof that you knowingly delivered infringing IP, after a claim has survived a motion to dismiss, or upon adjudication that IP was actually infringing.

It is very, very important to pay close attention to these provisions when you agree to develop software on a subcontracting basis. More than any other clause, this one can come back to bite you, years later, for enormous sums of money. To put it another way, if you give a client unlimited, strict liability third party IP infringement indemnification, your contract with them is no longer so much of a services contract as it is an insurance contract. Keep in mind, that as a developer makes more and more representations, the developer can argue it is entitled to higher fees, as it is bearing higher risk. The counterpoint is true from the point of view of the client. In any event, it is essential that before the commencement of services both client and service providers have negotiated this issue explicitly, so they understand their mutual responsibilities and obligations to each other.