Retaining a Cell Tower Lease When Selling Property

When selling property with a cell tower lease, keeping the lease is a good option. Done properly, you get the best of both worlds: full value for the property and ongoing lease payments, with the option to sell the lease in the future should you desire.

Selling a property and cell lease together will rarely yield the full value for the lease; however, selling the lease in advance of selling the property may also not be attractive. You may not have other places to invest the proceeds where you will get the same return, for example, and taxes can take a big bite. Additional options, such as 1031 like-kind exchanges, are complicated with short deadlines.

Increasingly, real estate investors are opting to sell property — commercial, residential, land for development and, in a unique case, an office condo — but keeping the cell leases and future leasing rights.

To do this successfully, you should aim to establish balance with purchasers by retaining sufficient future rights to (1) renew the lease, (2) expand it some, and (3) satisfy their requirements for paying full value of the lease, should you decide to sell it in the future. You do not want to grant yourself so many rights that it interferes with a purchaser’s ordinary use and development of the property in question, thus decreasing its selling price.

Essentially, you are trying to attain the balance that would occur in a well-drafted cell lease sale to a third party, whereby keeping the lease is the equivalent of “selling” to yourself!

Specific subject areas where rights must be balanced include:

  • Permitted and restricted uses by both parties within the leased area;
  • Restrictions on uses or devices allowed on portions of the property outside the leased area, such as Wi-Fi using radio frequencies, which cell companies and lease purchasers alike desire;
  • Access rights and rights-of-way for tenants and utilities, as well as who pays for same;
  • Height and building envelope restrictions on new construction outside the leased area;
  • Property owner approval rights of changes in the leased area, and;
  • Relocation.
© 2022 Varnum LLP
For more articles about telecommunications, visit the NLR Cybersecurity, Media & FCC section.

New Poll Underscores Growing Support for National Data Privacy Legislation

Over half of all Americans would support a federal data privacy law, according to a recent poll from Politico and Morning Consult. The poll found that 56 percent of registered voters would either strongly or somewhat support a proposal to “make it illegal for social media companies to use personal data to recommend content via algorithms.” Democrats were most likely to support the proposal at 62 percent, compared to 54 percent of Republicans and 50 percent of Independents. Still, the numbers may show that bipartisan action is possible.

The poll is indicative of American’s increasing data privacy awareness and concerns. Colorado, Virginia, and California all passed or updated data privacy laws within the last year, and nearly every state is considering similar legislation. Additionally, Congress held several high-profile hearings last year soliciting testimony from several tech industry leaders and whistleblower Frances Haugen. In the private sector, Meta CEO Mark Zuckerberg has come out in favor of a national data privacy standard similar to the EU’s General Data Protection Regulation (GDPR).

Politico and Morning Consult released the poll results days after Senator Ron Wyden (D-OR) accepted a 24,000-signature petition calling for Congress to pass a federal data protection law. Senator Wyden, who recently introduced his own data privacy proposal called the “Mind Your Own Business Act,” said it was “past time” for Congress to act.

He may be right: U.S./EU data flows have been on borrowed time since 2020. The GDPR prohibits data flows from the EU to countries with inadequate data protection laws, including the United States. The U.S. Privacy Shield regulations allowed the United States to circumvent the rule, but an EU court invalidated the agreement in 2020, and data flows between the US and the EU have been in legal limbo ever since. Eventually, Congress and the EU will need to address the situation and a federal data protection law would be a long-term solution.

This post was authored by C. Blair Robinson, legal intern at Robinson+Cole. Blair is not yet admitted to practice law. Click here to read more about the Data Privacy and Cybersecurity practice at Robinson & Cole LLP.

For more data privacy and cybersecurity news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

Maryland Comptroller Adopts Digital Advertising Gross Revenues Tax Regulations

On December 3, 2021, the Maryland Comptroller published notice of its adoption of the digital advertising gross revenues tax regulations (which was originally proposed on October 8, 2021). Per the Maryland Administrative Procedure Act, the final adopted regulations will go into effect in 10 calendar days, or December 13, 2021. (See Md. Code Ann., State Gov’t § 10-117(a)(1).)

The final regulations were adopted almost entirely as proposed, with just two minor changes that the Attorney General (AG) of Maryland certified as non-substantive. Specifically, the changes to the October 8 proposed regulations concern the information that may be used to determine the location of a device and are described by the AG as follows:

  • Regulation .02(C): The Comptroller is clarifying language regarding the allowable sources of information a taxpayer may use to determine the location of a device. Specifically, this final action amendment changes “both technical information and the terms of the underlying contract” to “both technical information and nontechnical information included in the contract.”
    • Regulation .02(C)(2): The Comptroller is amending the non-exhaustive list of technical information to include “industry standard metrics.”

    Practice Note: While “industry-standard metrics” is a nice addition to the list of sources that may be used to determine the location of devices for sourcing purposes, significant and fundamental questions and concerns submitted as part of the comments were not addressed by the Comptroller in adopting the final digital ad tax regulations. The tax is subject to multiple lawsuits (both state and federal court) and pending a court order to the contrary is scheduled to take effect beginning January 1, 2022, with the first filing obligation for large taxpayers in April 2022. Taxpayers grappling with how to comply with this new tax are encouraged to contact the authors.

    © 2021 McDermott Will & Emery

    Article by Stephen P. Kranz, Eric Carstens, and Jonathan C. Hague with McDermott Will & Emery.

For more updates on tax regulations, visit the NLR Tax section.

In the Coming ‘Metaverse’, There May Be Excitement but There Certainly Will Be Legal Issues

The concept of the “metaverse” has garnered much press coverage of late, addressing such topics as the new appetite for metaverse investment opportunities, a recent virtual land boom, or just the promise of it all, where “crypto, gaming and capitalism collide.”  The term “metaverse,” which comes from Neal Stephenson’s 1992 science fiction novel “Snow Crash,” is generally used to refer to the development of virtual reality (VR) and augmented reality (AR) technologies, featuring a mashup of massive multiplayer gaming, virtual worlds, virtual workspaces, and remote education to create a decentralized wonderland and collaborative space. The grand concept is that the metaverse will be the next iteration of the mobile internet and a major part of both digital and real life.

Don’t feel like going out tonight in the real world? Why not stay “in” and catch a show or meet people/avatars/smart bots in the metaverse?

As currently conceived, the metaverse, “Web 3.0,” would feature a synchronous environment giving users a seamless experience across different realms, even if such discrete areas of the virtual world are operated by different developers. It would boast its own economy where users and their avatars interact socially and use digital assets based in both virtual and actual reality, a place where commerce would presumably be heavily based in decentralized finance, DeFi. No single company or platform would operate the metaverse, but rather, it would be administered by many entities in a decentralized manner (presumably on some open source metaverse OS) and work across multiple computing platforms. At the outset, the metaverse would look like a virtual world featuring enhanced experiences interfaced via VR headsets, mobile devices, gaming consoles and haptic gear that makes you “feel” virtual things. Later, the contours of the metaverse would be shaped by user preferences, monetary opportunities and incremental innovations by developers building on what came before.

In short, the vision is that multiple companies, developers and creators will come together to create one metaverse (as opposed to proprietary, closed platforms) and have it evolve into an embodied mobile internet, one that is open and interoperable and would include many facets of life (i.e., work, social interactions, entertainment) in one hybrid space.

In order for the metaverse to become a reality, that is, successfully link current gaming and communications platforms with other new technologies into a massive new online destination – many obstacles will have to be overcome, even beyond the hardware, software and integration issues. The legal issues stand out, front and center. Indeed, the concept of the metaverse presents a law school final exam’s worth of legal questions to sort out.  Meanwhile, we are still trying to resolve the myriad of legal issues presented by “Web 2.0,” the Internet we know it today. Adding the metaverse to the picture will certainly make things even more complicated.

At the heart of it is the question of what legal underpinnings we need for the metaverse infrastructure – an infrastructure that will allow disparate developers and studios, e-commerce marketplaces, platforms and service providers to all coexist within one virtual world.  To make it even more interesting, it is envisioned to be an interoperable, seamless experience for shoppers, gamers, social media users or just curious internet-goers armed with wallets full of crypto to spend and virtual assets to flaunt.  Currently, we have some well-established web platforms that are closed digital communities and some emerging ones that are open, each with varying business models that will have to be adapted, in some way, to the metaverse. Simply put, the greater the immersive experience and features and interactions, the more complex the related legal issues will be.

Contemplating the metaverse, these are just a few of the legal issues that come to mind:

  • Personal Data, Privacy and Cybersecurity – Privacy and data security lawyers are already challenged with addressing the global concerns presented by varying international approaches to privacy and growing threats to data security. If the metaverse fulfills the hype and develops into a 3D web-based hub for our day-to-day lives, the volume of data that will be collected will be exponentially greater than the reams of data already collected, and the threats to that data will expand as well. Questions to consider will include:
    • Data and privacy – What’s collected? How sensitive is it? Who owns or controls it? The sharing of data will be the cornerstone of a seamless, interoperable environment where users and their digital personas and assets will be usable and tradeable across the different arenas of the metaverse.  How will the collection, sharing and use of such data be regulated?  What laws will govern the collection of data across the metaverse? The laws of a particular state?  Applicable federal privacy laws? The GDPR or other international regulations? Will there be a single overarching “privacy policy” governing the metaverse under a user and merchant agreement, or will there be varying policies depending on which realm of the metaverse you are in? Could some developers create a more “privacy-focused” experience or would the personal data of avatars necessarily flow freely in every realm? How will children’s privacy be handled and will there be “roped off,” adults-only spaces that require further authentication to enter? Will the concepts that we talk about today – “personal information” or “personally identifiable information” – carry over to a world where the scope of available information expands exponentially as activities are tracked across the metaverse?
    • Cybersecurity: How will cybersecurity be managed in the metaverse? What requirements will apply with respect to keeping data secure? How will regulation or site policies evolve to address deep fakes, avatar impersonation, trolling, stolen biometric data, digital wallet hacks and all of the other cyberthreats that we already face today and are likely to be exacerbated in the metaverse? What laws will apply and how will the various players collaborate in addressing this issue?
  • Technology Infrastructure: The metaverse will be a robust computing-intensive experience, highlighting the importance of strong contractual agreements concerning cloud computing, IoT, web hosting, and APIs, as well as software licenses and hardware agreements, and technology service agreements with developers, providers and platform operators involved in the metaverse stack. Performance commitments and service levels will take on heightened importance in light of the real-time interactions that users will expect. What is a meaningful remedy for a service level failure when the metaverse (or a part of the metaverse) freezes? A credit or other traditional remedy?  Lawyers and technologists will have to think creatively to find appropriate and practical approaches to this issue.  And while SaaS and other “as a service” arrangements will grow in importance, perhaps the entire process will spawn MaaS, or “Metaverse as a Service.”
  • Open Source – Open source, already ubiquitous, promises to play a huge role in metaverse development by allowing developers to improve on what has come before. Whether or not the obligations of common open source licenses will be triggered will depend on the technical details of implementation. It is also possible that new open source licenses will be created to contemplate development for the metaverse.
  • Quantum Computing – Quantum computing has dramatically increased the capabilities of computers and is likely to continue to do over the coming years. It will certainly be one of the technologies deployed to provide the computing speed to allow the metaverse to function. However, with the awesome power of quantum computing comes threats to certain legacy protections we use today. Passwords and traditional security protocols may be meaningless (requiring the development of post-quantum cryptography that is secure against both quantum and traditional computers). With raw, unchecked quantum computing power, the metaverse may be subject to manipulation and misuse. Regulation of quantum computing, as applied to the metaverse and elsewhere, may be needed.
  • Antitrust: Collaboration is a key to the success of the metaverse, as it is, by definition, a multi-tenant environment. Of course collaboration amongst competitors may invoke antitrust concerns. Also, to the extent that larger technology companies may be perceived as leveraging their position to assert unfair control in any virtual world, there may be additional concerns.
  • Intellectual Property Issues: A host of IP issues will certainly arise, including infringement, licensing (and breaches thereof), IP protection and anti-piracy efforts, patent issues, joint ownership concerns, safe harbors, potential formation of patent cross-licensing organizations (which also may invoke antitrust concerns), trademark and advertising issues, and entertaining new brand licensing opportunities. The scope of content and technology licenses will have to be delicately negotiated with forethought to the potential breadth of the metaverse (e.g., it’s easy to limit a licensee’s rights based on territory, for example, but what about for a virtual world with no borders or some borders that haven’t been drawn yet?). Rightsholders must also determine their particular tolerance level for unauthorized digital goods or creations. One can envision a need for a DMCA-like safe harbor and takedown process for the metaverse. Also, akin to the litigation that sprouted from the use of athletes’ or celebrities’ likenesses (and their tattoos) in videogames, it’s likely that IP issues and rights of publicity disputes will go way up as people’s virtual avatars take on commercial value in ways that their real human selves never did.
  • Content Moderation. Section 230 of the Communications Decency Act (CDA) has been the target of bipartisan criticism for several years now, yet it remains in effect despite its application in some distasteful ways. How will the CDA be applied to the metaverse, where the exchange of third party content is likely to be even more robust than what we see today on social media?  How will “bad actors” be treated, and what does an account termination look like in the metaverse? Much like the legal issues surrounding offensive content present on today’s social media platforms, and barring a change in the law, the same kinds of issues surrounding user-generated content will persist and the same defenses under Section 230 of the Communications Decency Act will be raised.
  • Blockchain, DAOs, Smart Contract and Digital Assets: Since the metaverse is planned as a single forum with disparate operators and users, the use of a blockchain (or blockchains) would seem to be one solution to act as a trusted, immutable ledger of virtual goods, in-world currencies and identity authentication, particularly when interactions may be somewhat anonymous or between individuals who may or may not trust each other and in the absence of a centralized clearinghouse or administrator for transactions. The use of smart contracts may be pervasive in the metaverse.  Investors or developers may also decide that DAOs (decentralized autonomous organizations) can be useful to crowdsource and fund opportunities within that environment as well.  Overall, a decentralized metaverse with its own discrete economy would feature the creation, sale and holding of sovereign digital assets (and their free use, display and exchange using blockchain-based payment networks within the metaverse). This would presumably give NFTs a role beyond mere digital collectibles and investment opportunities as well as a role for other forms of digital currency (e.g., cryptocurrency, utility tokens, stablecoins, e-money, virtual “in game” money as found in some videogames, or a system of micropayments for virtual goods, services or experiences).  How else will our avatars be able to build a new virtual wardrobe for what is to come?

With this shift to blockchain-based economic structures comes the potential regulatory issues behind digital currencies. How will securities laws view digital assets that retain and form value in the metaverse?  Also, as in life today, visitors to the metaverse must be wary of digital currency schemes and meme coin scams, with regulators not too far behind policing the fraudsters and unlawful actors that will seek opportunities in the metaverse. While regulators and lawmakers are struggling to keep up with the current crop of issues, and despite any progress they may make in that regard, many open issues will remain and new issues will be of concern as digital tokens and currency (and the contracts underlying them) take on new relevance in a virtual world.

Big ideas are always exciting. Watching the metaverse come together is no different, particularly as it all is happening alongside additional innovations surrounding the web, blockchain and cryptocurrency (and, more than likely, updated laws and regulations). However, it’s still early. And we’ll have to see if the current vision of the metaverse will translate into long-term, concrete commercial and civic-minded opportunities for businesses, service providers, developers and individual artists and creators.  Ultimately, these parties will need to sort through many legal issues, both novel and commonplace, before creating and participating in a new virtual world concept that goes beyond the massive multi-user videogame platforms and virtual worlds we have today.

Article By Jeffrey D. Neuburger of Proskauer Rose LLP. Co-authored by  Jonathan Mollod.

For more legal news regarding data privacy and cybersecurity, click here to visit the National Law Review.

© 2021 Proskauer Rose LLP.

FTC Reports to Congress on Social Media Bots and Deceptive Advertising

The Federal Trade Commission recently sent a report to Congress on the use of social media bots in online advertising (the “Report”).  The Report summarizes the market for bots, discusses how the use of bots in online advertising might constitute a deceptive practice, and outlines the Commission’s past enforcement work and authority in this area, including cases involving automated programs on social media that mimic the activity of real people.

According to one oft-cited estimate, over 37% of all Internet traffic is not human and is instead the work of bots designed for either good or bad purposes.  Legitimate uses for bots vary: crawler bots collect data for search engine optimization or market analysis; monitoring bots analyze website and system health; aggregator bots gather information and news from different sources; and chatbots simulate human conversation to provide automated customer support.

Social media bots are simply bots that run on social media platforms, where they are common and have a wide variety of uses, just as with bots operating elsewhere.  Often shortened to “social bots,” they are generally described in terms of their ability to emulate and influence humans.

The Department of Homeland Security describes them as programs that “can be used on social media platforms to do various useful and malicious tasks while simulating human behavior.”  These programs use artificial intelligence and big data analytics to imitate legitimate activities.

According to the Report, “good” social media bots – which generally do not pretend to be real people – may provide notice of breaking news, alert people to local emergencies, or encourage civic engagement (such as volunteer opportunities).  Malicious ones, the Report states, may be used for harassment or hate speech, or to distribute malware.  In addition, bot creators may be hijacking legitimate accounts or using real people’s personal information.

The Report states that a recent experiment by the NATO Strategic Communications Centre of Excellence concluded that more than 90% of social media bots are used for commercial purposes, some of which may be benign – like chatbots that facilitate company-to-customer relations – while others are illicit, such as when influencers use them to boost their supposed popularity (which correlates with how much money they can command from advertisers) or when online publishers use them to increase the number of clicks an ad receives (which allows them to earn more commissions from advertisers).

Such misuses generate significant ad revenue.

“Bad” social media bots can also be used to distribute commercial spam containing promotional links and facilitate the spread of fake or deceptive online product reviews.

At present, it is cheap and easy to manipulate social media.  Bots have remained attractive for these reasons and because they are still hard for platforms to detect, are available at different levels of functionality and sophistication, and are financially rewarding to buyers and sellers.

Using social bots to generate likes, comments, or subscribers would generally contradict the terms of service of many social media platforms.  Major social media companies have made commitments to better protect their platforms and networks from manipulation, including the misuse of automated bots.  Those companies have since reported on their actions to remove or disable billions of inauthentic accounts.

The online advertising industry has also taken steps to curb bot and influencer fraud, given the substantial harm it causes to legitimate advertisers.

According to the Report, the computing community is designing sophisticated social bot detection methods.  Nonetheless, malicious use of social media bots remains a serious issue.

In terms of FTC action and authority involving social media bots, the FTC recently announced an enforcement action against a company that sold fake followers, subscribers, views and likes to people trying to artificially inflate their social media presence.

According to the FTC’s complaint, the corporate defendant operated websites on which people bought these fake indicators of influence for their social media accounts.  The corporate defendant allegedly filled over 58,000 orders for fake Twitter followers from buyers who included actors, athletes, motivational speakers, law firm partners and investment professionals.  The company allegedly sold over 4,000 bogus subscribers to operators of YouTube channels and over 32,000 fake views for people who posted individual videos – such as musicians trying to inflate their songs’ popularity.

The corporate defendant also allegedly also sold over 800 orders of fake LinkedIn followers to marketing and public relations firms, financial services and investment companies, and others in the business world.  The FTC’s complaint states that followers, subscribers and other indicators of social media influence “are important metrics that businesses and individuals use in making hiring, investing, purchasing, listening, and viewing decisions.” Put more simply, when considering whether to buy something or use a service, a consumer might look at a person’s or company’s social media.

According to the FTC, a bigger following might impact how the consumer views their legitimacy or the quality of that product or service.  As the complaint also explains, faking these metrics “could induce consumers to make less preferred choices” and “undermine the influencer economy and consumer trust in the information that influencers provide.”

The FTC further states that when a business uses social media bots to mislead the public in this way, it could also harm honest competitors.

The Commission alleged that the corporate defendant violated the FTC Act by providing its customers with the “means and instrumentalities” to commit deceptive acts or practices.  That is, the company’s sale and distribution of fake indicators allowed those customers “to exaggerate and misrepresent their social media influence,” thereby enabling them to deceive potential clients, investors, partners, employees, viewers, and music buyers, among others.  The corporate defendant was therefor charged with violating the FTC Act even though it did not itself make misrepresentations directly to consumers.

The settlement banned the corporate defendant and its owner from selling or assisting others in selling social media influence.  It also prohibits them from misrepresenting or assisting others to misrepresent, the social media influence of any person or entity or in any review or endorsement.  The order imposes a $2.5 million judgment against its owner – the amount he was allegedly paid by the corporate defendant or its parent company.

The aforementioned case is not the first time the FTC has taken action against the commercial misuse of bots or inauthentic online accounts.  Indeed, such actions, while previously involving matters outside the social media context, have been taking place for more than a decade.

For example, the Commission has brought three cases – against Match.com, Ashley Madison, and JDI Dating – involving the use of bots or fake profiles on dating websites.  In all three cases, the FTC alleged in part that the companies or third parties were misrepresenting that communications were from real people when in fact they came from fake profiles.

Further, in 2009, the FTC took action against am alleged rogue Internet service provider that hosted malicious botnets.

All of this enforcement activity demonstrates the ability of the FTC Act to adapt to changing business and consumer behavior as well as to new forms of advertising.

Although technology and business models continue to change, the principles underlying FTC enforcement priorities and cases remain constant.  One such principle lies in the agency’s deception authority.

Under the FTC Act, a claim is deceptive if it is likely to mislead consumers acting reasonably in the circumstances, to their detriment.  A practice is unfair if it causes or is likely to cause substantial consumer injury that consumers cannot reasonably avoid and which is not outweighed by benefits to consumers or competition.

The Commission’s legal authority to counteract the spread of “bad” social media bots is thus powered but also constrained by the FTC Act, pursuant to which the FTC would need to show in any given case that the use of such bots constitute a deceptive or unfair practice in or affecting commerce.

The FTC will continue its monitoring of enforcement opportunities in matters involving advertising on social media as well as the commercial activity of bots on those platforms.

Commissioner Rohit Chopra issued a statement regarding the “viral dissemination of disinformation on social media platforms.” And the “serious harms posed to society.”  “Social media platforms have become a vehicle to sow social divisions within our country through sophisticated disinformation campaigns.  Much of this spread of intentionally false information relies on bots and fake accounts,” Chopra states.

Commissioner Chopra states that “bots and fake accounts contribute to increased engagement by users, and they can also inflate metrics that influence how advertisers spend across various channels.”  “[T]he ad-driven business model on which most platforms rely is based on building detailed dossiers of users.  Platforms may claim that it is difficult to detect bots, but they simultaneously sell advertisers on their ability to precisely target advertising based on extensive data on the lives, behaviors, and tastes of their users … Bots can also benefit platforms by inflating the price of digital advertising.   The price that platforms command for ads is tied closely to user engagement, often measured by the number of impressions.”

Click here to read the Report.


© 2020 Hinch Newman LLP

Thieves Breach Twitter Security to Commandeer Famous Accounts

The Twitter accounts of major companies and individuals were briefly taken over as part of a bitcoin scam. Former and current heads of states, global corporations, and presidential candidates had their twitter accounts compromised. The tweet from many of the twitter account said similar things, for example Kanye West’s feed stated that he is “giving back to my fans”; the message from Bezos’, Barack Obama, and Joe Biden’s account said that they had “decided to give back to my community”; while Elon Musk’s account said “feeling greatful” and provided a link to a Bitcoin wallet to send money to. The tweets would indicate that they would send double the money back to a limited number of contributors.

Twitter, through its Twitter Support account notified users that an internal investigation was conducted into the matter. The investigation revealed that several employees who had access to internal systems had their accounts compromised in a “coordinated social engineering attack.” Twitter’s internal system was then exploited to tweet from high-profile accounts. The attack was at least moderately successful considering the Bitcoin wallets promoted in the tweets received over 300 transactions and Bitcoin worth over $100,000.

These tweets began at about 4 P.M. (Eastern Standard Time) on Wednesday, July 16. The first wave of attacks hit the Twitter accounts of prominent cryptocurrency leaders and companies, but expanded quickly after that. Along with Vice President Biden, President Obama, Kanye West, Bill Gates, Michael Bloomberg, and Elon Musk, large company accounts were also targeted including Uber and Apple. Twitter’s initial response was to take down the offending tweets, but those were quickly replaced by new ones – – an indication that the hackers maintained access to the individual accounts.

The persistence of the attacks led to Twitter disabling some the platform services including the ability of blue-checked (verified) twitter users to tweet. The services were restored around four and a half hours after the suspicious tweets began. However, that shutdown period was not insignificant. Several National Weather Service Twitter accounts were shut down as a line of severe weather and possible tornadoes moved across the Midwest. The National Weather Service felt severely hampered in its ability to communicate with people about the impending storm.

In a tweet, Twitter’s CEO Jack Dorsey said that the company feels  “terrible this happened” and that they are “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” The nature of this attack is yet to be determined. The legal implications will hinge on the findings of the investigation, including whether there were sensitive direct messages accessed by the attackers. Considering the compromised accounts includes current and former heads of state (Prime Minister Benjamin Netanyahu, President Obama, and Vice President Biden), there are also questions of national security involved.

The United States does not have a comprehensive federal data breach notification scheme. These obligations are provided by the fifty states and sector-specific laws. More than 40 of the state breach notification laws contain a harm threshold pursuant to which notification is not required unless harm to affected individuals has occurred or is reasonably likely to occur. The EU’s GDPR also includes a similar assessment. As more information is disclosed, we will get a better understanding of Twitter and the attacked users’ incident response processes.


Copyright © 2020 Womble Bond Dickinson (US) LLP All Rights Reserved.

You Streamed What? Copyright Infringement Pitfalls During COVID-19

In the sudden transition from in-person to online presentation of content precipitated by the COVID-19 stay-at-home orders, some educators and other presenters have run headlong into the digital world without a thought to the application of copyright law to their online presentations.  Scrambling to provide content, did some consider the sufficiency of their internet bandwidth and the security of their video-conferencing platform while overlooking copyright infringement issues?  Caution.  Those office webinars, college lectures, music lessons, and club meetings can be fraught with legal pitfalls.

Although we are slowly emerging from our bunkers and cautiously lifting our masks while maintaining social distance, some have predicted that online meetings and classes are here to stay—at least in some form.  Thus, these copyright infringement pitfalls merit consideration.  Granted, any attempt to treat this matter comprehensively in a 1500 word article is a fool’s errand.  And when it comes to these highly fact-specific matters, there’s no substitute for an attorney’s legal advice.  But some basic education on copyright law and some understanding of the distinctions between copyright as applied to education versus other areas might assist those unaccustomed to the online stage from stumbling into a battle over copyright infringement.

What is Protected by Copyright?

A copyright is a collection of rights that protect original works of authorship.  These works can include literary, dramatic, musical and artistic works.  A copyright does not protect facts, ideas, systems or methods of operation, although it may protect the way these things are expressed.  In general, a copyright exists from the moment the work is created and fixed in tangible form.  Registering does not create the copyright; but registering the copyright allows the owner to bring a lawsuit to enforce it and bears on the recovery that a copyright owner can obtain in the lawsuit.  Similarly, under the current law, neither the “©” symbol nor any other marking on an original work of authorship creates the copyright; but the copyright symbol or other marking can put the public on notice that the copyright owner claims his copyright.

What is in the Public Domain?

Works in the “public domain” can be copied.  These fall generally into three categories.

  • Works deliberately dedicated to the public without copyright protection.
  • Works for which the copyright has expired.
  • Works for which the copyright was not renewed.

The changes in the copyright legislation over the course of the past 40 years have made the rules about copyright expiration and renewal somewhat complex.  As of 2020, however, works published before January 1, 1925, entered the public domain.

What About Fair Use?

Most educators and presenters have some familiarity with the “fair use doctrine,” a defense to what is indisputably copying of an original work.  While some librarians have signed the “Public Statement:  Fair Use & Emergency Remote Teaching & Research” in which they boldly state that “making materials available and accessible to students in this time of crisis will almost always be a fair use”, as yet no legislature or court has carved out a “COVID-19” addendum or even a “public health emergency” addendum to the fair use doctrine.  Nevertheless, the fair use doctrine can provide a defense to presenters who exercise a modicum of discretion.

In considering an infringer’s reliance on the fair use doctrine as a defense to copyright infringement, courts consider the use made of the work in light of four factors:

1)   the purpose and character of the use, including whether the use is commercial or is for nonprofit educational purposes;

2)   the nature of the copyrighted work;

3)   the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and

4)   the effect of the use upon the potential market for or value of the copyrighted work.

Consideration of these factors is highly subjective and fact-sensitive.  The first factor, besides asking whether the use is commercial or educational, looks at the purpose of the use.  Educational as opposed to commercial uses are favored.  But contrary to popular belief, educational use alone will not suffice as a defense to copyright infringement.  Generally, whether the use is commercial or educational, there must be something “transformative” about the use.  In other words, is there something new created?  Does the new work offer a new expression, meaning or message?  Is it serving as raw material for a new expression or insight?  In the education context, is the instructor adding something new such as commentary?  Is he tying the work into his own lesson or is he just using the work to replace his lesson?

While the first factor is often considered the “heart” of the fair use analysis, the other factors matter too.  Consider the second factor.  Is the original work creative or just an arrangement of facts?  Fair use has a broader scope where the original work is factual or informational.  Is it published or unpublished?  Greater latitude is afforded the alleged infringer claiming fair use where the work is published.

But even if the work is published, the third factor considers the portion used—in a quantitative as well as a qualitative sense.  Is the portion used a paragraph or several chapters?  The fair use defense will more likely shield copying a small portion of a work than a large section.  Despite efforts by advocates, courts have refused to specifically quantify how much is too much.  Furthermore, if a copier carves out the most memorable portion of the work, the “heart” of the work, no matter how small, fair use will offer no sanctuary—except in parody.  Where the new work is a parody of the original, the court has recognized that it is the heart of the work at which the parody takes aim.

Finally, how does the copied work impact the potential market for the original? If the copied work undermines the current or potential market for the original work, then this will undermine the use of the fair use doctrine as a defense.

In the education context, Congress has carved out some specific ways in which instructors can circumvent infringement.  House Report No. 94-1476, 94th Cong., 2d Sess. (1976) includes the Agreement on Guidelines for Classroom Copying in Not-For-Profit Educational Institutions (p.6).  Single copying of a chapter from a book or an article from a periodical, a chart or cartoon for use in teaching or preparing to teach, for example is considered fair use under the guidelines.  Multiple copying for the use of pupils in a class is similarly fair use where the copying meets tests of brevity and spontaneity (as defined in the guidelines), meets the cumulative effect test (as defined in the guidelines), and each copy includes a notice of copyright.  But copying cannot be used to replace anthologies or to replace books intended to be “consumable.”  Specific guidelines apply to music.  While there may be instances in which copying does not fall within the protection of the guidelines but nevertheless is permitted under the fair use criteria, compliance with the guidelines offers a safe harbor for educators.

Outside of this safe harbor, presenters employing copied works must navigate the more uncertain waters of fair use and consider other ways to avoid infringement.  But be forewarned that mere acknowledgement of the source material, while perhaps one factor to be considered in a fair use determination, will not absolve a copier for infringement.  Likewise, a disclaimer—effectively a “No Infringement Intended” notice—won’t work.

How Does the TEACH Act Apply in the Online Classroom?

Addressing more specifically the online environment for education, the Technology, Education, and Copyright Harmonization Act of 2002, better known as the TEACH Act, addresses digital teaching materials used in both the classroom and in distance learning settings in 17 USC § 110(2).  This exempts from infringement certain performances and displays of works in an online classroom transmission under certain conditions.

What can be transmitted?

  • Performance of a nondramatic literary or musical work.
  • Performance of reasonable and limited portions of any other work.
  • Display of a work in an amount comparable to what would typically be displayed in the course of a live classroom session.

Under what conditions?

  • The transmission is under the actual supervision of an instructor.
  • The transmission is part of the instructional activities of the institution.
  • The work is related to the teaching content of the transmission.
  • The transmission is made solely for and is limited to the students officially enrolled in the course (as much as is technologically feasible).

What is not authorized?

  • Use of pirated copies.
  • Use of works normally marketed primarily for performance or display as part of online instructional activities.
  • Conversion of print versions of works to digital formats unless there is no digital version available, and even then, conversion is limited to the portions authorized by the size restrictions in the Act.

In order for an instructor to rely on the provisions of the Act, the institution must comply with certain requirements regarding policies and education of faculty and students and application of technological measures to reasonably prevent retention of the works by recipients of the transmission or further dissemination.  Posting class lectures that include copyrighted works on YouTube won’t qualify.

What about showing films?  In the face-to-face environment of a brick and mortar classroom, showing an entire film, video or TV program for educational purposes is allowed (17 U.S.C. § 110(1)), but not when the classroom goes virtual.  Showing portions of a film in an online classroom, may be considered fair use depending on how much of the film is shown and for what purpose.  If fair use does not apply and if the film is not in the public domain, however, students should view the film through a licensed streaming film provider.

What About Licenses and Releases?

Obtaining an author’s permission to use his work obviates the need to engage in the fair use or other analyses described above.  Whether the permission takes the form of a license (permission to use the work) or a release (promise not to sue for unauthorized use), however, many licenses and releases are limited to in-person presentation or distribution and do not extend to online presentation or distribution.  Presenters must carefully consider the scope of permission granted by a license or permission.

In the COVID-19 world, some publishers are offering educators temporary expanded permissions.  The key words here are “educators” and “temporary.”  These permissions do not extend to non-educators, and they are provisional.  Once the days of stay-at-home orders end, educators cannot assume that they can use the same works in the same way online.  In addition, the use of these expanded permissions comes with strings attached.  There are certain requirements that the publishers impose on the user.

Some creators offer their work through Creative Commons licenses.  These give creators standardized ways to grant the public permission to use their work.  Again, however, a user of a work offered under a Creative Commons license should carefully consider the scope of the permission granted.  Not all Creative Commons licenses allow the same types of use.

Obtaining permission to use works may seem daunting, but there are various organizations available online that streamline the process.  The Copyright Alliance offers a list of resources to assist those seeking licenses for works such as literary publications, music, photographs, software and motion pictures.

Conclusion

When it comes to copyright and online meetings, many well-meaning and well-educated people don’t know what they don’t know—until they do.  Unfortunately, that epiphany sometimes comes in the form of a takedown notice or a demand letter.  Thus, presenters would be well advised to evaluate their use of another’s work before posting, streaming, sharing or tweeting.


Copyright 2020 Summa PLLC All Rights Reserved

Leveraging Your Microsoft Assets in this Remote Access World

The COVID-19 pandemic has led to an enormous increase in remote work. Organizations without remote access capabilities have adapted and implemented new solutions, while organizations with existing solutions have been forced to evaluate new capacity requirements and scale their solutions accordingly. You may be surprised to learn that your existing Microsoft assets include functionalities for remote access, and you can get rid of redundant or more costly solutions. Your Microsoft subscription, license, operating system, software, service, etc. should all be reviewed in some capacity at this time.

“In recent years, Microsoft has made a multitude of investments and changes to its portfolio and offerings,” says Scott Riser, Director of Microsoft and Data Management Services at Plan B Technologies, Inc. (PBT). “Some of these changes are quickly noticed during renewals or annual reviews, such as Microsoft Server Operating Systems licensing. However, many changes have happened ‘in the background’ and could easily be missed by organizations,” Riser says. “Make sure you’re taking advantage of your existing Microsoft assets, and know your entitlements – especially now.”

Most of these changes go beyond the typical Microsoft portfolio of Office products and Operating Systems. Microsoft has placed significant focus in the areas of security, video and audio conferencing, VOIP, virtual desktop, artificial intelligence, and cloud computing. Many of these Microsoft assets, which are likely already in your organization, are gaining additional functionality for your remote workforce. This can be done with minimal management overhead and reduced implementation costs over competitive third parties. So how do you ensure that your organization is properly leveraging its current Microsoft assets?

Know What You Have

Leveraging Microsoft assets to the fullest starts with knowing what your organization has purchased, and to what it is entitled. This goes beyond Microsoft assets alone and a full inventory of software, services, and features within your environment should be performed sooner rather than later. This full evaluation serves three purposes. First is that of an internal audit to ensure your organization has the proper number of licenses for each product and to correct licensing infractions before you incur hefty true-up costs or additional licensing fees. The second purpose is educational, as it provides technical staff and administration an understanding of the entitlements each software or service provides. This is particularly valuable since Microsoft 365 cloud subscriptions now include licenses for some on-premise systems. The third purpose of this evaluation is to identify overlaps in features and functionality among products to lower costs, simplify management of the environment, and promote productivity.

Failure to perform a review of current entitlements can result in a significant overspend and an overly complicated environment that is more difficult to manage. For example, your organization could be using a third-party Multi-Factor Authentication (MFA) provider when an already purchased Microsoft subscription has MFA built in, or you may have purchased an MDM solution that overlaps with an existing entitlement to System Center and Windows Intune.

With information from these internal audits, organizations are better suited to make impactful decisions while controlling cost. Once your organization understands what it is entitled to within your existing environment, you must then determine situational awareness for future planning and sustainability. Items that should be included in planning for the future include (but are not limited to) security, management, user workflow and communication.

Secure the Environment

If your workforce is now remote, has your organizational data gone remote as well? Now that most organizations have been required to provide users with remote access, either through Virtual Desktop infrastructure (VDI), cloud-based applications or internet portals, the attack surface for exploitation by bad actors has never been larger. This puts organizations at greater risk of a security breach. Knowing this, Microsoft has invested billions of dollars to protect their product offerings and combat cyber criminals.

Microsoft now has a full portfolio of security offerings, and buildings full of teams dedicated to securing their services and platforms as well as assisting criminal investigations. User identity has become the new perimeter for data as organizations move to cloud-based technologies and a remote workforce. This has been the case for years as VPNs and firewalls have limited preventive impact when a bad actor has credentials to access them. Microsoft has been active in making user identity more secure with easily implemented tools and access policies while also integrating artificial intelligence and improved reporting. These products and features include Windows Hello, Azure Multifactor Authentication, Conditional Access, Credential Guard, and User Sign-in Risk Reporting/Alerting amongst others.

Identity of course is only one attack vector that can be exploited. Therefore, it is essential to secure end user devices and the infrastructure where data is located. Microsoft Defender and Advanced Threat Protection (ATP) is ideally suited to protect servers and end user devices when implemented properly. Plus, it’s included in many Microsoft 365 subscriptions.

“In the past, Defender has received a stigma of being unreliable and faulty,” says Scott Riser, “but Defender has since become one of the most reliable pieces of security software available today. Why? According to Microsoft, over 1 billion devices are currently running the Windows 10 operating system, providing trillions of telemetry data points to continuously improve all Microsoft security services. And as a result, Microsoft has the largest security footprint in the world.”

The data provided by Defender from these devices is reported to artificial intelligence algorithms as well as Microsoft security teams to patch security flaws and update anti-virus definitions at unparalleled levels in the industry. It is also important to note that Microsoft Server Operating systems utilize Defender and the Defender platform can be upgraded to Defender ATP software to enhance built-in capabilities and provide additional security for on-premise data.

With an increasingly remote workforce, many organizations have moved their data to Exchange Online, SharePoint Online, and OneDrive for Business. Microsoft has built-in security solutions for these platforms as well. Depending on the Microsoft subscription that you’ve purchased, Exchange Online Protection, Azure Information Protection, Microsoft Advanced Threat Protection and Azure Advanced Threat Protection, can all be utilized to secure data stored in these locations. Furthermore, Microsoft understands that some organizations require more control over their data and systems in Infrastructure as a Service solutions such as Azure and AWS. For this, a combination of Defender ATP and Azure Sentinel can provide real time analytics and automated responses for detected breaches based on custom workbooks in a pay-as-you-go model.

All these security measures protect against bad actors attempting to breach an organization’s data. This of course does not protect an organization from internal threats, such as disgruntled employees or the inevitable human error. Organizations must now secure data from exfiltration which is not as simple as preventing all data from leaving the organization. The problem is more nuanced. A full lockdown, though simpler, would prevent your organization from essential collaboration with its staff and clients. Failing to protect data internally may result in proprietary data inadvertently shared with a client, or competitor, or being lost entirely. In healthcare and financial services, it can result in a loss of personal identifiable data, or banking information, which carry hefty fines from regulatory bodies.

Microsoft Data Loss Prevention (DLP) is the solution to this issue. With DLP, custom policies can be defined by an organization to determine data that should not leave the organization. It can also remind a user to review data being sent as it could possibly be confidential. DLP continues to gain traction in Microsoft 365 settings as the need to protect cloud-based collaboration platforms such as Teams and OneDrive grows. DLP can also be implemented in some areas of on-premise infrastructure. Exchange has built-in DLP features that often go overlooked. Organizations tend to use Mimecast, Proofpoint, and other third-party vendors for these solutions while the built-in functionality remains unconfigured.

Device Management and Compliance

Another challenge of a remote workforce is the ability to maintain and manage devices, both corporate-owned and user-owned. Multiple organizations have made significant investments in System Center Configuration Manager (SCCM), only to find that policies and updates have not applied to end user devices unless they are on the network or connected via a VPN. Organizations can expand their SCCM environment to include cloud distribution and management points for devices that are not on-premise.  But this is not always an ideal solution as it requires additional infrastructure and configuration with SCCM. This has led to a rise in the use of Mobile Device Management and Mobile Application Management solutions such as Microsoft Intune. Through co-management, organizations can continue to utilize SCCM in conjunction with Intune for management of all devices regardless of corporate connectivity. This was further emphasized by the recent integration of the license offerings to provide Intune subscriptions for those with SCCM Client licensing and vice versa.

Collaboration and Communication

Securing and managing a remote work environment is important but ensuring users can communicate and collaborate on work that was previously performed in the office is one of, if not the biggest, challenges. Daily interactions between corporate users should be considered since the ability for face to face interaction through office meetings, business lunches, and other personal touches has significantly declined. These interactions are now being held through chat programs and conference calls. External communication is one of the primary reasons that Microsoft is still considered the industry leader for collaboration software with many companies utilizing the Microsoft Office suite.

A frequently overlooked solution included in your Microsoft 365 subscription is Microsoft Teams which provides instant messaging, document collaboration and audio/video teleconferencing. Furthermore, Microsoft Teams is integrated with and supported by other Microsoft products. It’s also governed by Advanced Threat Protection and Data Loss Prevention services to provide a more secure platform than its competitors with minimal (if any) additional investment. Microsoft Office can be customized based on the needs of the user and can easily be secured and managed when used in combination with other Microsoft offerings.

Getting the Results

Challenges continue to present themselves as users work remotely and organizations refine how they operate. With a vast majority of organizations utilizing Microsoft products in some way, it is important that entitlements are understood to reduce costs and complexities. Organizations can improve their return on investment (ROI) or make new investments once this is understood. Leveraging Microsoft service offerings can be optimized beyond the traditional use of Office products and Operating Systems, to provide a secure, managed, agile, and accessible environment for users regardless of their location. The result will be a streamlined, cost effective, collaborative environment that strengthens your organization’s bottom line.


© 2020 Plan B Technologies, Inc. All Rights Reserved.

For more on technological solutions for law firms and other industries, see the National Law Review Law Office Management section.

The United States Patent and Trademark Office Remains Operational and Flexible During the COVID-19 Pandemic

In view of the COVID-19 pandemic, the United States Patent and Trademark Office (USPTO) recently announced that its offices will be closed to the public “until further notice.”[1] However, the USPTO also assured the public that USPTO “operations will continue without interruption.”[2] Accordingly, applicants can continue to file related documents with the USPTO (e.g., patent applications, trademark applications, and responses to USPTO communications). Applicants can also hold interviews and oral hearings with the USPTO by video or telephone.[3]

Additionally, the USPTO has provided numerous accommodations for applicants that have been affected by the COVID-19 pandemic. As explained in more detail below, such accommodations for affected applicants include:

(I) a 30-day extension of certain patent-related and trademark-related filing deadlines that fall between March 27 and April 30;

(II) waiver of revival fees for (a) abandoned patent applications, (b) terminated or limited re-examination proceedings, (c) abandoned trademark applications, and (d) cancelled/expired trademark registrations; and

(III) waiver of original handwritten signature requirements for (a) registration to practice before the USPTO in patent cases, (b) enrollment and disciplinary investigations, (c) disciplinary proceedings, and (d) non-electronic payments by credit card.[4]

I.  USPTO extends certain filing deadlines for those affected by COVID-19

The USPTO has exercised temporary authority provided by the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) to provide a 30-day extension of various patent-related and trademark-related deadlines that fall between March 27 and April 30 for applicants affected by the COVID-19 pandemic.[5] Table 1 summarizes the patent-related and trademark-related deadlines that can be extended under USPTO’s temporary authority.

Extendible patent-related deadlines Extendible trademark-related deadlines
Reply to a USPTO notice issued during pre-examination proceedings by a small or micro entity[6] Response to an Office action, including a notice of appeal from a final refusal
Reply to a USPTO notice or action issued during examination[7] Statement of use or request for extension of time to file a statement of use
Reply to a USPTO notice or action issued during patent publication processing[8] Notice of opposition or request for extension of time to file a notice of opposition
Issue fee payment Priority filing basis
Numerous deadlines related to proceedings before the Patent Trial and Appeal Board (PTAB)[9] Transformation of an extension of protection to the United States into a U.S. application
Maintenance fee payment filed by a small or micro entity Affidavits of use or excusable nonuse
  Renewal application

Table 1.  Summary of patent-related and trademark-related deadlines that can be extended for 30 days for applicants affected by COVID-19.  The deadlines must fall between March 27 and April 30.

In order to obtain an extension of time for an applicable deadline, applicants must request the extension along with a statement that the delay was “due to the COVID-19 outbreak.”[10] Fortunately, the USPTO has broadly identified such COVID-19-related delays to include instances where “a practitioner, applicant, patent owner, petitioner, third party requester, inventor, or other person associated with the filing or fee was personally affected by the COVID-19 outbreak” through various occurrences, such as “office closures, cash flow interruptions, inaccessibility of files or other materials, travel delays, personal or family illness, or similar circumstances.”[11]

Unfortunately, extensions of time are not available for all deadlines affected by the COVID-19 pandemic.  For instance, original filing deadlines, PCT or national-stage filing deadlines, deadlines to file a non-provisional patent application claiming domestic benefit from a provisional patent application, and deadlines to file an inter-partes review petition are not covered.

II. USPTO waives revival fees for matters abandoned or affected due to COVID-19

The USPTO has also agreed to waive revival fees for the revival of matters that were abandoned or affected as a result of applicant’s inability to reply to a USPTO communication due to the COVID-19 pandemic.[12] Such abandoned or affected matters include: (1) abandoned patent applications, (2) terminated or limited re-examination proceedings, (3) abandoned trademark applications, and (4) cancelled/expired trademark registrations.[13] Table 2 provides a summary of the requirements and deadlines for requesting a waiver of revival fees for matters abandoned or affected due to COVID-19.

Matter abandoned or affected due to COVID-19

  Patent applications and re-examination proceedings Trademark applications and registrations
Requirements to waive revival fees
  • Reply to the outstanding Office communication
  • A petition to revive
  • A request for waiver of the petition fee
  • A statement that the delay in filing the reply required to the outstanding Office communication was because the practitioner, applicant, or at least one inventor was personally affected by the COVID-19 outbreak such that they were unable to file a timely reply
  • A petition to revive
    A statement explaining how the failure to respond to the Office communication was due to the effects of the COVID-19 outbreak
Deadline for requesting the waiver of revival fees
  • Two months from the issue date of the notice of abandonment of patent application or notice of termination or limitation of re-examination (“Notice”)
  • Six months from the date of patent application abandonment or termination/limitation of re-examination if the applicant did not receive the Notice.
  • Two months from issue date of the notice of abandonment or cancellation (“Notice”)
  • Six months after the date of abandonment, cancellation or expiration if the applicant did not receive the Notice

Table 2.  Requirements and deadlines for requesting a waiver of revival fees for matters abandoned or affected due to COVID-19.

III. USPTO waives original handwritten signature requirements until further notice

In view of the COVID-19 outbreak, the USPTO is also waiving the requirements for original handwritten signatures until further notice.[14] Accordingly, original handwritten signatures will not be required for the following documents that previously required them: (1) registration to practice before the USPTO in patent cases; (2) enrollment and disciplinary investigations; (3) disciplinary proceedings; and (4) payments by credit cards where the payments are not being made via the USPTO’s electronic filing systems.[15]

IV.  Conclusion

Even though the USPTO is currently closed to the public, the USPTO remains operational.  Furthermore, the CARES Act provides the Director of the USPTO with broad discretionary authority to “toll, waive, adjust, or modify, any timing deadline” established by patent or trademark statute or regulation.  The numerous accommodations already provided by the USPTO should provide applicants that have been affected by the COVID-19 pandemic with flexibility. However, applicants should appreciate that, since the COVID-19 outbreak is a fluid situation, additional changes to the USPTO’s operations and/or further accommodations could be forthcoming.


[1] https://www.uspto.gov/coronavirus

[2] Id.

[3] Id.

[4] Id.

[5] March 31, 2020 USPTO press release entitled “USPTO announces extension of certain patent and trademark-related timing deadlines under the Coronavirus Aid, Relief, and Economic Security Act”.

[6] Such extensions can include a Notice of Omitted Items, Notice to File Corrected Application Papers, Notice of Incomplete Application, Notice to Comply with Nucleotide Sequence Requirements, Notice to File Missing Parts of Application, and Notification of Missing Requirements.

[7] Such extensions can include a final or non-final Office Action and a Notice of Non-Compliant Amendment.

[8] Such extensions can include a Notice to File Corrected Application Papers issued by the Office of Data Management.

[9] Such extensions are: (a) the filing of a Notice of Appeal; (b) the filing of an Appeal Brief; (c) the filing of a Reply Brief; (d) payment of the appeal forwarding fee; (e) request for an oral hearing before the PTAB; (f) response to a substitute examiner’s answer; (g) amendment when reopening prosecution in response to, or request for rehearing of, a PTAB decision designated as including a new ground of rejection; (h) request for a rehearing of a PTAB decision; (i) request for rehearing of a PTAB decision; (j) a petition to the Chief Judge; and (k) a patent owner preliminary response in a trial proceeding, or any related responsive filings.

[10] See USPTO Patent and Trademark notices provided in the March 31, 2020 USPTO press release.

[11] Id.

[12] USPTO’s March 16, 2020 Notice entitled “Relief to Patent and Trademark Applicants, Patentees and Trademark Owners Affected by the Coronavirus Outbreak.”

[13] Id.

[14] FR 17502, Vol. 85, No. 61. March 30, 2020.

[15] Id.


© 2020 Winstead PC.

For more on USPTO operations, see the National Law Review Intellectual Property law section.

Emerging Cyber-Security Threats for 2020: The Rise of Disruptionware and High-Impact Ransomware Attacks

Disruptionware is defined by the Institute for Critical Infrastructure Technology (ICIT) as a new and “emerging category of malware designed to suspend operations within a victim organization through the compromise of the availability, integrity and confidentiality of the systems, networks and data belonging to the target.”  New forms of disruptionware can be a more crippling form of cyber-attack than other more “garden-variety” malware and ransomware attacks. This is the case since, as the ICIT notes, disruptionware not only attempts to encrypt and deny users access to their data, but works as a “layered attack” designed to “disrupt operations and production in manufacturing or industrial environments (as well as infrastructure) in order to achieve some other strategic goal.”

Disruptionware has “consumed” many traditional cyber-attacks, making them part of the disruptioware “toolkit.” These techniques include cyber-attacks such as ransomware, “wipers,” “bricking capabilities,” automated components, data exfiltration tools and network reconnaissance tools. (See ICIT report for further definitions.) Today, the rise of disruptionware is a new and even more chaotic form of cyber warfare attack – it not only attempts to encrypt and deny users access to their data, but disruptionware works to “disrupt operations and production in manufacturing or industrial environments (as well as infrastructure) in order to achieve some other strategic goal.”

Additionally, generalized forms of ransomware attacks – designed to block access to the victim’s computer systems until money is paid – are continuing to represent a more prevalent threat to government agencies, healthcare providers and educational institutions. Ransomware was so destructive on its own that the FBI recently issued a Public Service Announcement (PSA) warning about such “high-impact” attacks on critical private and public sector institutions. Underscoring the FBI’s announcement, another publication has noted the rise of ransomware attacks since the beginning of 2019 finding that there have been at least 621 reported successful ransomware attacks against U.S.-based corporations. Of these attacks, at least 491 were targeted against healthcare providers, while another 68 of the attacks were directed at county and municipal institutions, and 62 of the attacks were focused on school districts.

According to the FBI, hospitals and health care institutions are the primary targets of these high-impact ransomware attacks because of the critical role they play in providing lifesaving services, and the fact that these institutions usually do not have the luxury of taking time to restore backups in order to get their networks working again and running safely and securing after an attack. Above and beyond the costs associated with paying the ransom and restoring computer networks and systems, ransomware attacks on hospitals and health care providers have proven especially damaging because they affect the ability of the targeted healthcare providers to deliver critical health care services to patients. Perhaps even more disturbingly, many of the victim companies reported losing data even when they paid the ransom demanded by the hackers. Nevertheless, according to the blog “knowbe4,” it was predicted that ransomware payments alone by victim companies will have exceeded $11.5 billion in 2019 – representing an increase of almost 30% over the approximately $8 billion paid in 2018.

Along with the rise of disruptionware and high-impact ransomware, hackers are also now using new and diverse techniques to launch multiple forms of cyber-attacks including, among other things, an increased use of new Remote Desktop Protocol (RDP) attacks, as well as leveraging various software vulnerabilities to infect organizations through backdoor channels. Unfortunately, few businesses are hardening their IT infrastructure against these new types of extremely damaging cyber-attacks. RDP attacks are becoming far more common because of the simplicity of many users’ login credentials, while companies are not doing enough to “whitelist” exclusively acceptable computer software and applications to prevent security holes caused by numerous software vulnerabilities in unsecured and sometimes untested software applications.

The FBI’s PSA serves as a warning to businesses that they should have a plan in place to respond efficiently and appropriately in the event of high impact ransomware and disruptionware attacks. Such plans should include, among other things, clear designations of responsible individuals (both inside and outside the company), procedures for contacting law enforcement, and the business having a firm understanding of what their data is as well as a good understanding of its importance in the overall business plan. Finally, businesses need a current and workable Disaster Recovery Plan for getting the organization up and running again as quickly as possible if there is a cyber-attack. Businesses would be wise to review how their systems are backed up, as reliable and readily accessible backups are often critical in allowing ransomware or disruptionware victims to try and resume normal business operations as quickly as possible.


©2020 Drinker Biddle & Reath LLP. All Rights Reserved

For more on ransomware and other cyberthreats, see the Communications, Media & Internet section of the Nationa Law Review.