Are Trademarks a Data Security Alternative to Sad, Weak, Outdated Copyrights?

If you’ve been on the web for a while, you’ve seen an advertisement that looks like the user interface of the website you’re viewing- or maybe an ad that has a false close button, and clicking it just navigates you to the advertised page. These are blatant ways to trick consumers into taking actions they don’t want to take. Sometimes, these inadvertent actions can create security vulnerabilities such as malware.

Despite all of the focus on applying copyright law to the internet, I wonder if there are hints of trademark and trade dress protections that could become relevant to data privacy issues. I will cautiously, even timidly, explore a few of those possibilities (which several others have explored over the last few years).

I. Trademarks: When it Comes to Data Privacy, Accept No Imitations.

Trademarks have a simple purpose: to let consumers know the origin of a good or service. Trademarks are often a word, phrase, or image (logo), but can also be a sound or smell (on rare occasion, it can get a bit more abstract ).

A major category of trademark infringement is counterfeiting. That $20 “ROLEX” watch from the guy in the alley? That’s a counterfeit (sorry), and one of the legal issues involved in the sale of that watch is the use of a trademark without the legal right to use it. There haven’t been a lot of counterfeit websites on the internet, especially since SSL and other authentication processes got better. However, there are plenty of imitation apps and games. One of the reasons such apps and games fail and are quickly removed from distribution is that they infringe trademarks.

However, some countries do not have the same standards regarding trademark (or copyright) enforcement. Consider an imitation League of Legends game, lampooned here. At the end of the video, the player says “Oh, and it’s also a virus,” as his security software reports malware after playing the game. This humorously underscores the point that many infringing* products pose a security and privacy threat. Using trademark law to limit the proliferation of readily accessible, easily confused programs is a valuable practice in maintaining computer security for consumers.

II. Trade Dress: No One Really “Owns” That Icon… But You Know Who Owns That Icon.

Trade dress is a sort of sub-category of trademarks. It’s rarely talked about or used, but it can be thought of as the totality of design and aesthetics that go into a product, place, or service that make consumers identify the source. Color palette, patterns, shapes, and other factors go into the evaluation of trade dress. Crucially (and perhaps fatally), elements of a trade dress must be considered “non-functional.”  For example, the major case in trade dress concerned a Tex-Mex restaurant that used the same colors and layout of another Tex-Mex restaurant.

Here’s the controversial idea I think deserves consideration: Could misleading, camouflaged web content be considered an infringement of trade dress? (Think of the kinds of ads that make you believe you’re not clicking on an ad, but rather some piece of actual content on the site- especially regarding navigation buttons that match the navigation icons of the site.)

The reason I look to trade dress for a solution is that icons and interfaces, even stylized ones, are not subject to trademark, copyright, or patent protections. Furthermore, websites are increasingly treated as the digital equivalent of stores and offices of businesses- so much so that designs and layouts can come to be the trade dress of that business. Thus, there is a gap in the legal protection of user interfaces, and a need to cover that gap.

(Treating websites as subject to trade dress might have the added benefit of discouraging UX and UI designers from fiddling with the location and arrangement of navigation tools every other month just to justify their paycheck. And that’s the kind of change this world really needs.)

Conclusion: Trademark Protection is Already Working, Trade Dress is Still Vague and Untested

Trademark law is already quietly making the digital ecosystem a little bit safer by eschewing threatening knock-off games and apps. I think there’s a case to be made for applying trade dress to websites and UIs, but it would be a novel application and courts may be hesitant to apply the law so creatively.

 

* “300 Heroes” Infringes both copyrights and trademarks, but it’s the funniest example.

 

ISPs Tell Two Lies: “This is Fair” and “This Will Work”

Intro: The Parable of the Watermelon Stand

Once upon a time, two folks (Alphonzet and Balantanoid) decided to sell watermelons at a roadside stand. The two-step business model was: 1) buy watermelons for $1 apiece from a farm, then 2) transport them in their pickup truck to the roadside stand, where they sold the watermelons at a retail price of $1 apiece. After some time, accountant Balantanoid informed business partner Alphonzet that, due to the price of gasoline and other incidental business costs, they were actually losing money. Alphonzet reviewed the numbers and pondered, and then ventured a solution:

“Do you think we need a bigger truck?”

Businesses looking to buy consumer information from ISPs are like the characters in this story considering using a bigger truck. More data isn’t what businesses need, and there is danger is believing otherwise. Furthermore, ISPs unjustly shirk responsibility that ought to come with the entitlement to the data they intend to sell.

I. Background.  Internet Service Providers Aren’t Satisfied With a de facto Monopoly

Internet service providers have no competitors and provide a borderline necessity. They can charge anything (and do) and provide a low quality product and service (as they do), and customers will still pay them (and they do). This isn’t enough for them. The telecommunications industry has successfully lobbied congress into repealing an FCC order that previously prevented the sale of tracked, identifiable consumer data to third parties.

Of course, ISPs are the only ones who can risk fighting their customers. Service providers operating on the internet can’t antagonize their customers because they are subject to fundamental concepts of free market capitalism: If they anger their customers, their customers will go elsewhere. ISPs don’t have “customers” in the traditional sense. They have “victims” or “hostages”- so it makes sense that ISPs wouldn’t worry about treating them like customers.

II. “This Will Work.” ISP’s Already Lie to Consumers and Government- Now They Get to Lie to Businesses

I don’t know how many lies the telecommunications industry had to tell congress to get the FCC’s rule repealed. Probably not many- after some generous donations, congress rarely asks very many questions, or cares about answers. But the lie that ISPs are relying on now is for 3rd party companies to believe that (in the context of the aforementioned parable) a bigger truck will turn their watermelon business profitable. There are two likely outcomes of this business arrangement: either advertising will get better, more efficient, more streamlined, more effective, and benefit both advertiser and consumer, OR advertising will become more obnoxious, more noisy, less useful, less relevant, more intrusive, and worse for consumers and advertisers.

In his NYT Op-Ed on this legislation, former FCC Chairman Tom Wheeler gives the example of ISPs selling data to car dealerships about which customers are visiting car websites, thus allowing car dealers to target more likely customers. One interpretation is that this will help car dealers only target relevant audiences, and customers will get better opportunities and information as customer-business connectivity is optimized. My experience is that this is supremely unlikely.

My most recent experience with targeted advertising is that the business model is not effective. I spent an evening looking for a new pair of shoes from online stores. The next day, ads for shoes show up on my Facebook feed. But I had already bought shoes. I was no longer a potential customer in that market. No amount of advertising is going to persuade me to make a purchase, because the purchase was already complete.

More data doesn’t mean you understand your customer better. You need the right data- and ISPs just can’t provide that. Data science simply isn’t good enough yet. The algorithms consistently fail to capture human thought, intent, and desire. The greater danger in the loss of this privacy isn’t in other parties knowing who you are- it’s in other parties THINKING they know who you are.

This example reveals two facts that render third party purchases of consumer data useless: a single data point or grouping of data points doesn’t tell you all of the important data about a consumer, and second, consumers move faster than companies. For the same reasons that cause all of us to receive junk mail addressed to people who haven’t lived at an address for years, (or even addressed to deceased persons), companies efforts to use consumer data are routinely ineffective. The myriad problems with the over-reliance on big data is its own subject, but one that informs this issue.

The effort to make money off of violating privacy won’t work because companies aren’t equipped to turn data into sales.

III. “This Is Fair.” Justice Requires That ISPs Pick A Single Classification: Common Carrier or Private Enterprise

There is a doctrine in tort law that common carrier services like buses and trains have reduced duties to customers. Private carriers have more discretion about how to run their business, but have increased liability. In the famous tort case Paslgraf v. Long Island Railroad, a railroad company was not held liable when a passenger’s explosive package accidentally detonated, causing injuries. Part of the reasoning relied on the notion that the railroad was a common carrier, and such service providers are not liable for some acts of their customers because they have less discretion regarding their customers than a private carrier has.

This reasoning ought to be applied to internet service providers: ISPs can be either a common carrier or a private carrier, but must accept the responsibilities and limitations of whichever classification they choose.

If ISPs want the benefits of being private enterprises, they need to take on the liability commensurate with those benefits. The concept of safe harbours in the DMCA is predicated on the notion that ISPs are a sort of public utility or common carrier. ISPs that want the benefits of private business need to be liable for crimes and damages that common carriers would not be liable for.

ISPs believe they have a right to the data of their individual customers, such as their browser histories and app usage rates. If they are so interested in the private information of their customers, they should take on criminal liability for crimes committed by their customers, from piracy to identity theft to terrorism or child pornography. This is the burden of responsibility. If an ISP is truly entitled to the content of a customer’s online activity, they are responsible for that content. There is no entitlement without responsibility. This is a fundamental precept of justice that permeates the law.

If the ISP does not want to be liable for the crimes committed using their services, they must opt for the common carrier approach to providing internet and information services. The idea of ISP access to consumer data without responsibility to the consumer is not just offensive to privacy or comfort- it is offensive to the very concept of justice and fairness. It is the ISP getting something extra from a consumer in return for nothing. Forcibly taking from someone in exchange for nothing is the clearest possibly understanding of theft.

Conclusion

The data that ISPs will sell to 3rd parties is unlikely to make advertising substantially better, due to the challenges in execution. The larger issue is settling the classification of ISPs in the context of telecommunications law. ISPs can be either private enterprises or common carriers. They cannot continually shift their classification from moment to moment to suit convenience, reaping rewards and rejecting responsibility.

Update: ISPs earn their place… And they really have a cultural status.

The Potential Dangers of Minds Getting Played

I clearly remember hearing about a new kind of game back in the late 90s- a friend handed me a magazine while I was playing Descent. The article detailed a new genre of game: Alternative Reality, in which the content of the game connected with the real world, and the gameplay was woven through physical space as much as game space. The article focused on a game called Majestic. Even before law school secured my youthful cynicism, I was already concerned about the potential for disaster with this game: trespassing, distracted operating of motor vehicles, unfortunate confusion with actual crime- by both police and criminals, etc. The game, and the genre, never really took off, and so a lot of the issues got pushed aside and ignored for a decade and a half.

Then Pokemon Go came out.

I) How do we Distinguish Alternative, Augmented, Virtual Realities from Plain Ol’ Boring Reality?

As Jerry “Tycho” Holkins has pointed out, when someone is experiencing a reality that differs from the reality that others are experiencing, we usually conclude that the singular experience of reality is a hallucination of some kind. So, inviting a parallel version of reality is a bit ambitious for a species that still has some fundamental questions about the nature of reality and the capacity to perceive it. But humans tend to be ambitious.

Metaphysics has tried for several millennia to explain what reality is, and epistemology and philosophy of mind (now backed up by nascent efforts of neurobiology) have tried to understand how the human mind interacts with whatever reality is. These kinds of questions seem tiresome and sophomoric because they seem to be trying to solve a problem that we don’t have. Fortunately for philosophers, scientists, and lawyers, humans are good at creating interesting problems.

II) Augmented Reality, Virtual Reality, Social Media, and AI: A Combination for Confusion

The biggest danger isn’t really just immersing the human mind in an alternative reality. Literature and media have been doing that since the first tools of imparting imagination were created. However, there have always been clear markers about the borders of fiction and reality: the edges of pages, the entrance to the theater, the “play” button. Since video games started making recognizable depictions of reality, political bodies have been concerned with the ability of the mind to keep the fiction of the game separate from reality.

Some games have recently made a deliberate effort to blur the distinction between the game and reality. In Batman: Arkham Asylum, the villain Scarecrow created a visual effect that looked to the player as though the game-machine itself was having technical problems. Metal Gear Solid villain Psycho Mantis had similar behaviors, interfering with the usable controller ports on the Playstation, reading memory cards to learn what other games the player plays, and giving the appearance of technical problems with the visual display.

The connection of games to social media platforms and profiles perforates some barriers between games and reality. These perforations tear wider the more the game uses them. How much more of a leap would it be for a game to read the social profiles of a player and allow a villain to make threats against the actual friends and family members of the player?

This trajectory, combined with increasingly better artificial intelligence programs that can learn and affect both game worlds and real worlds, creates the potential for some bizarre problems that will still seem like science fiction even after the first time we read an article reporting on why a 22 year old is dead after a cat walked across her keyboard while she got a soda. It may not be long until someone is arrested in real life for a murder committed in a game due to a bug or an AI program getting out of control. Or, perhaps even more likely, some hacker will make use of the obfuscated and blurred boundary between the game and reality to either commit a crime or frame someone for one.

III) Pokemon Go: Traps, Muggers, Molesters

If these possibilities seem like pure fantasy, we should remember that we’ve already seen some of the first iteration of the dangers of people trying to handle two realities simultaneously. Pokemon Go serves as an example the nature of the problems and the sometimes tragic stakes of not handling the problems well. There have been reports of muggers and sex offenders using the game to their own malicious ends, as well as reports of accidental deaths and car accidents from the simple carelessness of distracted (or overly-ambitious) players.

If you die while playing Pokemon Go, you die in real life.

IV) Philosophy is still relevant

In 1967, Phillipa Foote introduced the famous “Trolley Problem”: a hypothetical dilemma of choosing to allow a train (or trolley) to kill several people, or choosing instead to intervene and divert the train to kill only one person. The problem was meant to probe people’s moral intuitions, as the goal was not so much the answer to the problem but the justification for the choice. Many people outside of philosophy dismissed this hypothetical as irrelevant nonsense that showed how stupid and meaningless academic philosophy had become in the enlightened, advanced age of the 20th century. Then, in the early 21st century, automotive engineers and programmers confronted the exact problem in determining how to program self-driving cars when confronted with similar dilemmas.

The story for the philosophical field of Aesthetics (the area concerned with understanding art and beauty) is similar. In the coming years, the interactive entertainment media industry will have to confront problems of understanding the boundaries of how, when, and why fiction is experienced. The analysis of essays on the use of the fourth wall and meta-humor will be important to cutting-edge games looking to balance novel thrills with consumer safety.

V) Solutions: Design for Safety, Be Helpful

The law can make some efforts to protect the public, but it’s almost always going to be reactive, not proactive, in these matters.

Developers should design for Audience Meta-Awareness. Yes, the much-touted quality of immersion adds fun to the experience. However, it is necessary to provide safety outlets for that immersion. The game creates a space- players need to always be able to see the door to the space and get out of it. They need to be clear about when they are in that space and when they are not. Games that actively seek out players to update them about the game undermine that distinction. Games that don’t allow players to put down the game, or don’t allow players to know when they have put down the game, are looking for problems.

The community can create safety nets, as we saw with Pokemon Go players acting as safety guards in potentially dangerous scenarios. However, if we’ve learned anything from the internet, it’s that groups of people knit together by cyberspace are not always a recipe for safety and well-being. Still, the more that games resemble mind-altering drug experiences, the more important it is to have a sober friend nearby.

 

4/14/17 UPDATE: One of my favorite web series on game design, Extra Credits, apparently also thinks this is an interesting subject. They provide a lot of examples of the concepts I addressed.

 

The Strategic Benefits of Balanced Consumer Protection

 

Reigns is an interesting game because you can lose by winning too hard. As the monarch of a fictional country in something like Middle-Ages Europe, you must make decisions that will affect your nation in four areas: food, military, religion, and population. Intuitively, if any area reaches zero, you lose the game. However, you also lose the game if any area does too well. Consumer protection law is an area of law that must be kept in a similar balanced state for optimal results; actually having too much success in consumer protection law is really a loss for everyone.

Consumer Protection: Is There Ever A Downside For Consumers?

The benefits of consumer protection law are pretty apparent. Laws help protect consumers from dangerous and harmful products, and also curb the deception and misinformation from advertising. By imposing regulations and penalties on companies, the law increases the overall safety of goods and services for consumers and creates a means of recourse when harms occur. By codifying requirements around safety and advertising, consumers can trust in a minimal floor of consumer protection, and companies understand the standards to which they are held.

As with most good things, it can be hard to believe that there can be too much consumer protection. Could consumers ever be too safe or too well-informed? I don’t think any American will ever be in danger of such a fate – but to the point at hand, it’s important to understand the downsides of consumer protection law. Compliance with safety regulations comes at a cost. Buying higher quality materials, training employees to a higher level, quality-control checking goods, and other dimensions of complying with consumer protection requirements require time and money. If legal restrictions or regulations ran out of control, companies would struggle to remain compliant. Furthermore, consumer protection provides for monetary penalties (either as government fines or as awarded damages after a lawsuit); fear of these penalties can chill a company’s innovation or expansion, and a single lawsuit could completely destroy a company if the damages were high enough.

Shutting down a single, reckless company or imposing high safety standards doesn’t seem undesirable at all, of course. But shutting down multiple companies for single, harmless infractions, or imposing such high quality standards as to raise prices by tremendous proportions—those things hurt both the company and the consumer. Setting aside any moral arguments about whether strong consumer protection undermines the societal notion of personal responsibility, rampant consumer protection leads to undesirable economic outcomes.

Short Case Studies

An example of well-balanced consumer protection comes from a ruling in New Jersey last month. A New Jersey consumer protection law allowed consumers to bring claims against a company for certain violations contained in documents like End User License Agreements. A court dismissed two cases under this law because there were no harms that resulted from the violations in question. The result is that consumers still have recourse if they are harmed, but companies are free to draft their documents how they like and will only be penalized if consumers are actually harmed.

A new question in consumer protection is whether software developers should be held liable for bugs in software. This question becomes more pressing as software becomes a functional part of the lives of consumers in everything from cooking and hygiene to medical care and construction. The disproportionate amount of expertise held by developers and the complexity of the product in question are reminiscent of one of the earliest subjects of consumer protection law: automobiles. Perhaps crafting new laws for software liability should begin with considering the reasoning behind regulations on manufacturers and sellers of cars in the mid-20th century.

It will be important to bear these principles of balanced consumer-protection in mind in the future, as questions will only continue to become more complicated. A lawsuit against Niantic poses several questions, such as responsibility for placing digital content on private property. In August, a New Jersey resident filed against the developers of Pokemon Go because players kept asking if they could go into his backyard to catch a pokemon. Plenty of other controversies from Pokemon Go have raised questions, but this one includes both liability for digital content and using that digital content to influence consumers to behave in ways which (hypothetically) could become illegal (e.g., if the players started trespassing or started harassing the plaintiff).

Popping Caps in CS:GO and Cable Cutters

The big selling point for capitalism is usually “innovation and progress.” When folks compete in a free market, they try to make the best product at the lowest cost, and thereby win the customers and the money. The market rewards those who can find new ways to make a product more efficiently, or who can simply provide a better overall service. The winner is the one who can do the best job, and when your society is full of the best possible products and services, everyone is a winner.

But economists never count on some of the alternative strategies available. Sure, you can try to win more customers by making a better product—or you can surround your competitor’s store with lava. That’s another way to win.

Cheese or Cheating?

In the CS:GO quarterfinals of DreamHack 2014, Fnatic was losing a match to LDLC. Fnatic stunned the audience—and even the shoutcasters—when they performed a previously unknown “boost” maneuver that allowed them to see most of the map. Using this vantage point, Fnatic went on to stage an amazing comeback and win the quarterfinals round. LDLC filed a complaint with DreamHack administrators, arguing that the specific “boost” performed was not legitimate. DreamHack administrators eventually agreed, and determined that the match should be replayed (Fnatic declined to replay the match and LDLC advanced to the semifinals round, eventually winning the tournament).

The legitimacy of the boost remains an extremely controversial topic. Some argue that players should be permitted to do anything that the game allows them to do, provided that they do not modify the actual code of the game. Others argue that the effect of this technique gave clear evidence that it was a game flaw (to those who are familiar with the game), and Fnatic should have known that its use would not be permitted by the tournament rules. (Specifically, the use of the boost made some wall textures transparent and the boost was considered “pixel walking.”) Along with a lot of implications for game developers and esport tournaments, a central question here is: what is the difference between cheese and cheating?

Cheese is the use of an unorthodox or surprising strategy or tactic to attempt to win a game in a way that avoids the standard methods of play. It is often considered bad manners or unsportsmanlike, but finds some level of tolerance in competitive game play. (Cheese strategies are prone to backfire badly, as they often require a very drastic “all-in” decision which leaves little room for recovery if not successful.) Cheating also avoids standard methods of play, but does so through a violation of established rules.

Data Capping or Kneecapping?

Comcast supplies cable as well as internet. Thanks to the smorgasbord of entertainment options available on the internet, people don’t need 17,000 cable channels when they want to engage in one of America’s most popular past-times: doing “nothin’.” Many Americans are cancelling their cable subscription services (“Cutting the Cord“) because they can get the entertainment the need from the internet. Comcast might have noticed the drop in their cable subscriptions, because they started imposing data caps on some cities. The effect is that people can’t watch unlimited Netflix if they only get 100GB/month, so they have to go back to cable if they want to watch shows and movies. Comcast is using its power as an ISP to “leverage” its revenues as a cable provider—not by making its own product better, but by interfering with its customer’s ability to access a competitor’s product.

So, is Comcast bending rules or breaking them? There is no law against ISPs imposing data caps on customers. Comcast’s merger with NBC-Universal was approved by the Department of Justice. Comcast’s market conditions are not like the capitalist’s ideal free market: Comcast has the incentive to interfere with entertainment-content providers, and they have very few competitors who would prevent them from doing so. The effect might not be the kind of innovation that capitalists hope to see from competition, but it’s still led to an innovative way to undermine competition.

I imagine that either the FCC or the DoJ will have to examine this behavior and decide whether this constitutes a violation of antitrust law or is unduly harmful to consumers. It seems easy to make the case that it undermines innovation and competition, but because these regulators have approved all of the conditions that caused this activity, it will require a lot of regulatory untangling to explain why the natural result of several legal decisions turns out to be illegal.