INTERNET LAW BLOG

The Intriguing Legal Ramification of Pokémon GO

Recently, there has been a virtual tsunami of articles about the so-called hidden dangers of using the Pokémon GO app. The vast majority of them concern potential violations of the privacy rights of both consumers and landmark-owners. The media’s Chicken Little-like take on this is that augmented reality apps are opening the door to a dystopian future.

However, what has not been widely discussed is the impact of all this on the developers of augmented reality apps. That deserves some space as well.

I am the managing attorney of the Nissenbaum Law Group, LLC, a boutique commercial law firm located in NY, NJ, PA and TX with a focus in intellectual property. Our firm handles a fair amount of work involving apps. This includes everything from licensing agreements and movie and book deals to lawsuits over infringement of our clients’ intellectual property. We have reviewed the Pokémon GO controversy from the developers’ perspective and have come to the conclusion that it raises some very intriguing legal issues. Here are a few.

What sort of access is really necessary in order to utilize the app?

Many commentators have complained that signing into Pokemon GO provides “full access” to users’ Google accounts, i.e. gmail, maps, contacts, calendar, etc. See Slate.com’s excellent article on this concern. But does the app need to require a user to give total access to their Google account or is that simply an unnecessary overreach? If not, why stir up the hornet’s nest of privacy concerns when you can simply dial back the access without impairing the app’s functionality? The developer may not have complete control over how the app is downloaded, but that is precisely the point. Indeed, implementing such legal protections might give the developer a marketing edge to sell a more privacy-friendly product when others are not, e.g. end-to-end encryption. On the other hand, many developers have taken the position that no change is necessary since the heightened access level is fully disclosed and consented to by the app users in the terms and conditions and privacy policy. Either way, the developer should enter this legal thicket with eyes open. There is a downside of having the “benefit” of free access to user data.

The web has been rife with articles concerning Poké Stops and Pokémon Gyms located at properties owned by people who have no idea that they have been selected.

Notable examples of this have come from such wide-ranging landmarks as the Holocaust Museum and Arlington National Cemetery. Setting aside the concern that it can be irritating to suddenly have 50 people show up at a national landmark because it has now become part of a video game, there are serious questions about whether this is also an invasion of privacy.State laws differ, but generally, invasion of privacy breaks down into three basic categories. As set forth in the Restatement of the Law, Second, Torts, § 652, they are:

  • Intrusion Upon Seclusion – One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.
  • Appropriation of Name or Likeness – One who appropriates to his own use or benefit the name or likeness of another is subject to liability to the other for invasion of his privacy.
  • Publicity Given to Private Life – One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that
    (a) would be highly offensive to a reasonable person, and
    (b) is not of legitimate concern to the public.

It is obvious that any one or all of these could apply to the legal issues raised by augmented reality technology.

So how can the developer be protected? A good start would be a waiver of liability. It is critical that the terms and conditions for the app waive liability not just for the company distributing it, but the developer, as well. Another important consideration is whether the developer can obtain a suitable insurance policy that would cover these sorts of claims. There is no way of being completely protected, but such measures at least can offer a partial shield to potential liability.

Where does copyright law come into all this? Let’s consider the following hypothetical: the XYZ Candy Company is known throughout the country as being the best place to buy high-end candy and related items in bulk. It has a tremendous Internet presence and has franchised stores all along the eastern seaboard. Its unique building design—which is in the shape of one of its candies—has been copyrighted (Yes, under the right circumstances, a building design can be the subject of a copyright).But now, the XYZ Candy Company building also has become a Pokémon Gym. Players from miles around aggregate to that location because the name and logo are depicted in the app as a Pokémon Gym location. At what point does this mean the app is using the copyrighted design in violation of the copyright registration? The concern is not just that a developer would lose a lawsuit like that, but that they would be sued at all. Even a successful defense against such a challenge would create all sorts of negative consequences for the developer, e.g. litigation cost; backlash from the fan base; strain on the relationship with the app distributor; etc. If the potential for a copyright suit relating to building design is significant, the developer should consider negotiating license agreements / location releases with the copyright owner to specifically authorize the app’s use of it.

Another legal risk for the developer that should be mitigated by appropriate waivers of liability and indemnification clauses is a slip and fall claim. Believe it or not, there are already proposed laws that would prevent people from walking in public locations while utilizing their cell phone. These laws would penalize pedestrians who use the sidewalk while distracted: something which would only be exacerbated by using a cell phone with an augmented reality location app. (And while we are on the subject, how about liability for using the app while driving?)This raises the obvious question of who would be indemnifying the developer in this scenario. Perhaps the user. They could, on the one hand, hold the developer harmless from the user’s own claim for damages caused by the user’s negligence and, on the other hand, indemnify the developer for any claims by others (third parties) for damage that also arose from the user’s conduct. While not foolproof, the best way to try to obtain this protection would be to include it within appropriate terms and conditions for use of the app.

An integral way that augmented reality apps can be monetized is for the property owners to pay (perhaps on a per visitor basis) to be listed as a sponsored location. This can be complemented by such businesses using their status as an augmented reality location to provide discounted services to participants. All of this raises the question of how the developer can maximize the value of the brand and the monetization opportunities. Proper intellectual property registrations and a strong licensing and enforcement regime would be critical to doing so.Let’s take the example of a restaurant that advertises itself as a “Poké Stop” and utilizes a game image in connection with the stylized “Poké Stop” mark in its store window. That is arguably an instance of both copyright and trademark infringement. To best enforce those rights, however, it would be important for the game developer to have federally (if not internationally) registered those intellectual property rights.

But why is it important to inhibit this type of use? Doesn’t it help promote the game? Perhaps, but, on the other hand, once a restaurant can associate itself with the game and the developer for free, the opportunity to sell that right to another restaurant diminishes greatly. Why would Restaurant A pay to be a sponsored location, if Restaurant B is doing it without paying? The value of the license—the amount that Restaurant A might pay the developer for that opportunity—is greatly enhanced by properly policing the intellectual property and not allowing third party infringers to use those rights without permission.Moreover, even if the developer is not seeking to make money from these opportunities, it still behooves it to have a license in place. Having a proper license can help the developer maintain brand integrity and quality control.

As to brand control, for example, if the game is sold and targeted as being family-friendly, it will be important to ensure that the reality-based locations that are associating themselves with the game and its intellectual property, are appropriate venues, rather than liquor stores, places of adult entertainment and so forth.

Quality control is also critical. A license can help maintain this and ensure that a location using the brand indiciative of the game does not inadvertently tarnish it. In other words, if there is a restaurant that has health code violations, terrible reviews and other such challenges, the developer may very well not want to have its game associated with it. A proper license can help to provide an exit strategy and afford the developer enhanced rights.

Augmented reality apps are a quintessential example of disruptive technology. Their impact will extend beyond the digital world and affect other segments of society that may not currently even be aware of their existence. In the past, the law has done a very uneven job of keeping up with the pace of change created by such disruptive technologies… I could provide more examples, but I just saw a Mewtwo run into my law library. Gotta catch ‘em all…

May Copyright Infringement Suits Allow the Use of Blanket Subpoenas to Identify Anonymous Users of Potentially Infringing Internet Content? Originally Published Jan 28, 2014

Is it abusive for a company alleging copyright infringement to uncloak the anonymity of users of adult content in an effort to embarrass them into settling marginal claims? That issue was considered by the Court in Amselfilm Productions v. Swarm, 6A6DC, 12-cv-3865.
In that case, the plaintiff clearly was the object of infringing conduct by persons using BitTorrent – a peer to peer method of sharing content anonymously. The only question was whether the plaintiff could issue blanket subpoenas to obtain the IP addresses of the groups (“swarms”) of BitTorrent users and then coerce these individuals to obtain individual settlements with them. The implication was that if these individuals did not settle, their names would be made public, causing embarrassment over the fact that they potentially had downloaded adult content. This became a particularly important issue because so many of the claims of infringement were relatively unsubstantiated, i.e., how does one prove that any one individual within the larger “swarm” specifically downloaded specific content on a specific day?
The Court found that this was a misuse of legal process and procedure and prohibited employing such subpoenas without more of a showing of a particularized set of circumstances. In other words, there would have to be some level of demonstration suggesting that a particular individual had downloaded specific infringing content.
This case is one of many throughout the U.S. in which the practice of issuing blanket subpoenas successfully has been challenged.
Comments/Questions: gdn@gdnlaw.com
© 2014 Nissenbaum Law Group, LLC

Can the Estate of a Person Who is Deceased Enforce that Person’s Right of Publicity?

Marilyn Monroe passed away in 1962.  Her estate has zealously enforced her trademark and other intellectual property rights against those who would infringe upon it.  However, there are other common law rights that might apply, such as the right of publicity, which would likewise bar someone from using her name and likeness.  The question that was before the Ninth Circuit Federal Court of Appeals in August of 2012 was whether that right of publicity could be applied in Marilyn Monroe’s case.  Archives v. Monroe, 692 F.3d 983 (9th Cir. 2012).

The twist in that case was that the Court had to determine whether Monroe was a resident of New York or California at the time that she passed away. If she had been a resident of New York, she would have no right of publicity since that state does not provide for such a right after death.  If she were a resident of California at the time she passed away, she would have such a right since California amended its law to provide for Monroe’s estate in particular to be able to avail itself of that protection.

The case was decided based upon the legal concept of “judicial estoppel.” Simply put, that principle states that a party cannot take countervailing positions under certain distinct circumstances, such as those presented in this case. Specifically, the Court determined that Monroe did not have such a right since she was a resident of New York at the time that she was deceased. Although she had moved to California and committed suicide there, the estate had taken the position in previous cases that she was a resident of New York.  Therefore under a theory of judicial estoppel, the Court found the estate was not allowed to make a contrary assertion in this later suit just because it was more advantageous.

© 2014 Nissenbaum Law Group, LLC

Does the Federal Government Have Trademark Rights Enforceable by the Pentagon? Originally Published May 29, 2014

Does the federal government have trademark rights, and can those rights be enforced by the military? The answer is yes and yes.

In a recent New York Times article http://www.nytimes.com/2014/05/25/us/as-wars-end-military-gives-its-trademarks-new-vigilance.html?_r=0 it was noted that the Marines have filed trademarks 68 times in the past year “for products like Guadalcanal sweatshirts, meant to evoke the World War II battle against the Japanese, and tip of the spear newsletters, named for the motto of the Marine Corps, First Light Armored Reconnaissance Battalion .”

These sorts of registrations are being driven by the fact that returning veterans are seeking to open businesses using terms that are confusingly similar to trademarks belonging to the military. One of the interesting twists is that just because a veteran is violating a military trademark, that does not mean that the military will automatically refuse to allow them to continue doing so. Sometimes the military will obtain licensing fees in return for allowing the trademarks to be used. In fact, as the article noted “since 2009 the Marines have collected $5.4 million in such fees, and last year their trademark’s office turned over $700,000 to a morale, welfare and recreation fund.”

© 2014 Nissenbaum Law Group, LLC

County Lacks Trademark Protection for its Official Seal- Originally Published Jun 17, 2014

Does a New Jersey county have trademark protection in its official seal? According to a federal judge, the answer is no.

Judge Kevin McNulty recently ruled that the county could not stop a local citizen from using Union County’s seal in a television program in which she was critical of the county. In that case Union County had sought a ruling that she was infringing on the county’s trademark rights. The court determined that she could not win such a claim because the county did not possess such rights.

© 2014 Nissenbaum Law Group, LLC

***WINNER*** 2015 Nissenbaum Internet Law Scholarship Essay – SHEILA A. VALENE (University of Colorado, Colorado Springs)

How Can The American Legal System Improve Its Approach To Policing And Regulating Digital Technology Without Unduly Stifling Innovation And Civil Liberties?  

We now have more information available at our fingertips than during all of collective history. This digital technology encompasses a vast amount of information as well as processing and accessing it. But how, if possible, can we even regulate digital technology? After all, the internet is difficult to police; it’s a public good, an exchange of information, not a physical location that can be patrolled. And even if it were, would we want it to be policed? Or does this violate our free speech and, most importantly, our right to privacy? Despite these concerns, there are some things that can be done to improve internet safety without unduly affecting civil liberties, including establishing international standards, requiring the stringent self-regulation and transparency of intermediaries (such as search engines and internet service providers), setting up a council within the US to address complaints, and lastly, educating the consumers who use this technology.

First of all, it is worth noting that there are many individuals who feel the internet should be self-governing. David Johnson, for example, has been a strong proponent of this, stating that “governing the Internet well fundamentally entails governing ourselves, making sure that more of our time, attention and effort … make society more productive, congruent, ethical, and, yes, interesting, complex and empowering for everyone… It is no light duty to be a good netizen.”[1] While his idea of a benevolent internet citizen, or “netizen,” is optimistic and hopeful, it doesn’t reflect the current reality. There are many violations being committed that require some type of legal intervention to properly resolve them.

And what are these violations? The most common are those committed by criminals, including identity theft, phishing, malware, and fraud. Other common violations are committed at the commercial level and include collecting consumer information to sell or use in marketing without compensating, or sometimes even advising, the consumer. More recently we have become aware of governmental violations of “accidental disclosure,”[2] such as when a government employee’s laptop is stolen as well as the citizens’ information contained within it. This has occurred with other organizations as well, such as major retailers, credit card companies, and health insurance companies. While these infractions don’t occur with the frequency one would expect given the amount of available data, they happen enough to be concerning, and can have serious detrimental financial, psychological, and emotional effects on the individuals involved.

Clearly, then, some type of legal intervention is necessary. However, a large part of digital technology is essentially local access to worldwide information, and there is little worldwide consensus on how this should be handled and who’s jurisdiction it is. For example, someone from Country A is communicating with another person from Country B, and they are using a server maintained in Country C. So, if a problem arises, under which country’s laws is it handled? This can become very tricky, as different countries have different laws. Because of this, the US needs to be part of an international committee whose purpose is to codify a system of “Standards and Practices.” Guidelines regulating the obtainment of information and it’s appropriate usage should be created. Furthermore, penalties for violating this use should also be established, along with an agreement to enforce those penalties. This should reduce violations occurring both criminally and commercially. Of course, not all countries will be willing to participate, but establishing these laws for the majority would be the first step in managing global communications.

The US has the FTC to try and regulate these concerns within its own boundaries, yet the agency is having a difficult time. When it was established in 1914, it’s role was to prevent unfair methods of competition. Then in 1938 it’s role evolved to also “prevent fraud, deception, and unfair business practices in the marketplace.”[3] These provisions were established long before digital technology and simply do not meet the needed current regulation demands. There is just too much information. In 2009, for example, Google processed 24 petabytes (that’s 24 of 108 bytes) of information daily[4]; and that was six years ago. Neither the FTC’s size nor defined scope allow it to properly regulate and investigate the numerous concerns from all of this data. So, if the FTC can’t do it, who can?

One solution has been the required transparency and strict self-regulation of intermediaries; essentially, those companies through which consumers access information. These companies in effect “govern online life”[5] and include internet service providers such as Comcast and search engines such as Google. The problem with this method, however, is that there can be an inherent bias. Does Google prevent a site from being accessed because it has been identified as violating privacy rights, or because the site would compete with Google directly? And how does Google itself collect and use our private information? What is needed is a clear definition of use rules, as the Business Forum for Consumer Privacy has called for, which would “require all organizations to be transparent, offer and honor appropriate choice, ensure that risks to consumers related to use are assessed and managed, and implement security for the information they maintain.”[6Making the intermediaries more responsible for safety and security seems obvious, and clear law defining this monitoring is required. Yet we also need someone to “watch the watchers,” so to speak.

The establishment of a consumer-based council which would watch over the intermediaries and ensure they are complying with this model is necessary; this council could then file reports with the FTC after having conducted an investigation. Furthermore, the council could adhere to a strict confidentiality agreement to help maintain individual privacy; it could withhold individual names and identifying information from the FTC or any other government agency. This would eliminate the concern that “enforcement of privacy rights against enterprises would have the effect of exposing data to the government that otherwise would be forbidden to see.”[7] Thus privacy is maintained, and justice can still be meted out.

But creating laws and regulations and committees to enforce them is only part of the solution. Educating consumers is of the utmost importance. People need to be aware of where and how they are accessing information. Logging into a bank account from a random server while at a mall, for example, probably isn’t the safest way to look up that bank balance. It’s also critical to inform people of the unlikelihood that mailing $500 to a foreign country will result in the winning of an overseas lottery, and that they will probably never meet that attractive individual from a dating website whom they’ve been sending money. Additionally, people need to be educated on the importance of anti-virus protection, what malware does, and that Trojan describes more than a resident of ancient Troy. A safety study conducted in December 2005 discovered that 81% of personal home computers did not have “first-order protection measures such as current antivirus software, spyware protection, and effective firewalls.”[8] This is a scary statistic to be sure, and clearly the public is not receiving adequate information on how to utilize the internet safely. Another reality that needs to be reiterated to consumers is that once information is put out on the internet it becomes a public good, and can be retained there indefinitely. A series of public service announcements over the media, including television, radio, and even in print, would help educate individuals. Also, periodically noting safety suggestions on internet homepages would serve as a good reminder whenever people are online.

And what of privacy? Even according to the US Privacy Act of 1974, “the increasing use of computers and sophisticated information technology, while essential to the efficient operations of the Government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information.”[9] The bottom line is that consumers are essentially exchanging some level of privacy for the freedoms of communication, accessing information, and commerce that the internet provides. This is inescapable and inherit in design; the system is more “for flexibility…than security.”[10] This needs to be made clear to consumers through a variety of medium. Yet creating a private domestic council that would maintain privacy and assist the FTC, as well as establishing an international committee, are crucial to regulating digital technology. Furthermore, neither of these would unduly infringe upon civil liberties, allowing us as law-abiding consumers to continue to express our individuality and creativity.

 

[1]  Johnson, David R. “Democracy in Cyberspace: Self Governing Netizens & a New, Global Form of Civic Virtue, Online.” The Next Digital Decade: Essays on the Future of the Internet. Berin Szoka and Adam Marcus. Washington D.C.: TechFreedom, 2010. http://www.nyu.edu/projects/nissenbaum/papers/The-Next-Digital-Decade-Essays-on-the-Future-of-the-Internet.pdf . Accessed May 2015.

[2]  Downes, Larry. “A Market Approach to Privacy Policy.” The Next Digital Decade: Essays on the Future of the Internet. Berin Szoka and Adam Marcus. Washington D.C.: TechFreedom, 2010. http://www.nyu.edu/projects/nissenbaum/papers/The-Next-Digital-Decade-Essays-on-the-Future-of-the-Internet.pdf , pg 515. Accessed May 2015.

All preceding information contained within the paragraph regarding the types of misuses of data are taken from the author cited.

[3] Federal Trade Commission, About the FTC, Our strategic goals, https://www.ftc.gov/about-ftc . Accessed May 2015.

[4]  “MapReduce”. Portal.acm.org. Retrieved 16 August 2009. http://en.wikipedia.org/wiki/Petabyte . Accessed May 2015

[5]  Pasquale, Frank. “Trusting (and Verifying) Online Intermediaries‘ Policing.” The Next Digital Decade: Essays on the Future of the Internet. Berin Szoka and Adam Marcus. Washington D.C.: TechFreedom, 2010. http://www.nyu.edu/projects/nissenbaum/papers/The-Next-Digital-Decade-Essays-on-the-Future-of-the-Internet.pdf , pg 348. Accessed May 2015.

[6]  Downes, Larry. “A Market Approach to Privacy Policy.” The Next Digital Decade: Essays on the Future of the Internet. Berin Szoka and Adam Marcus. Washington D.C.: TechFreedom, 2010. http://www.nyu.edu/projects/nissenbaum/papers/The-Next-Digital-Decade-Essays-on-the-Future-of-the-Internet.pdf , pg 524. Accessed May 2015.

[7]  Ibid, pg 523.

[8]  AOL/NCSA ONLINE SAFETY STUDY 2 (Dec. 2005).

[9]  Pub.L. 93–579, 88 Stat. 1896, enacted December 31, 1974, 5 U.S.C. § 552a

[10]  Zitrrain, Johnathan. “Protecting the Internet Without Wrecking It: How to Meet the Security Threat.” The Next Digital Decade: Essays on the Future of the Internet. Berin Szoka and Adam Marcus. Washington D.C.: TechFreedom, 2010. http://www.nyu.edu/projects/nissenbaum/papers/The-Next-Digital-Decade-Essays-on-the-Future-of-the-Internet.pdf , pg 92. Accessed May 2015.

Looking for advice?

We're here to help.

Contact the Nissenbaum Law Group to schedule an appointment at 908-686-8000 or feel free to use the following form to e-mail us. Please include as much information as you can to ensure that we are able to handle your request as quickly as possible.

Looking for advice?

We're here to help.

Contact the Nissenbaum Law Group to schedule an appointment at 908-686-8000 or feel free to use the following form to e-mail us. Please include as much information as you can to ensure that we are able to handle your request as quickly as possible.

Consent to collect and store personal information

2 + 2 =

OFFICE LOCATIONS

MAIN OFFICE

2400 Morris Avenue

Union, NJ 07083

P: (908) 686-8000

F: (908) 686-8550

140 Broadway

46th Floor

New York, NY 10005

P: (212) 871-5711

F: (212) 871-5712

1500 Market Street

12th Floor East Tower

Philadelphia, PA 19102

P: (215) 523-9350

F: (215) 523-9395

100 Crescent Court

7th Floor

Dallas, TX 75201

P: (212) 871-5711

F: (212) 871-5712