This Week In Techdirt History: July 14th - 20th
Furnished content.
Five Years AgoThis week in 2014, new revelations from Edward Snowden painted a bad picture of the culture at the GCHQ while, in an interview, he also described the NSA practice of "routinely" passing around intercepted nude photos — something the agency quickly insisted it would stop if it knew about it. The NSA was also saying it had more emails from Snowden when he still worked for the agency, but would not release them.Also this week in 2014: Google finally dumped its ill-fated real names policy, the MPAA was going after Popcorn Time, and the Supreme Court refused the Arthur Conan Doyle estate's last-gasp attempt to stop Sherlock Holmes from becoming public domain.Ten Years AgoThis week in 2009, we saw the ninth misguided lawsuit over trademark in Google AdWords, the Guinness Book of World Records used a bogus takedown to try to hide the records of a very embarrassing website fail, New Zealand was considering copyright reform but not really anything meaningful, and the newly-hugely-popular So You Think You Can Dance was blocked from doing a Michael Jackson tribute. A Norwegian ISP was fighting back against the Pirate Bay ban, the National Portrait Gallery was threatening Wikimedia over downloading public domain images, and Stephen Fry stepped up as an ally against corporate copyright abuse.Fifteen Years AgoThis week in 2004, the CEO of Streamcast was presenting evidence of collusion among record labels to blacklist file sharing companies, while a somewhat unclear study was suggesting BitTorrent usage was way up. The RIAA was predictably defending the INDUCE Act (which it basically wrote) in a letter full of misleading and untrue statements, while at the same time some people were asking if the agency's new anti-filesharing system Audible Magic was in violation of wiretapping laws, and its counterpart in Canada was fighting against a court ruling that said ISPs don't have to turn customer names over to the industry.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 21-Jul-2019
path: /Policy | permalink | edit (requires password)
Researchers Build App That Kills To Highlight Insulin Pump Exploit
Furnished content.
By now the half-baked security in most internet of things (IOT) devices has become a bit of a running joke, leading to amusing Twitter accounts like Internet of Shit that highlight the sordid depth of this particular apathy rabbit hole. And while refrigerators leaking your gmail credentials and tea kettles that expose your home networks are entertaining in their own way, it's easy to lose sight of the fact that the same half-assed security in the IOT space also exists on most home routers, your car, your pacemaker, and countless other essential devices and services your life may depend on.Case in point: just about two years ago, security researchers discovered some major vulnerabilities Medtronic's popular MiniMed and MiniMed Paradigm insulin pumps. At a talk last year, they highlighted how a hacker could trigger the pumps to either withhold insulin doses, or deliver a lethal dose of insulin remotely. But while Medtronic and the FDA warned customers about the vulnerability and issued a recall over time, security researchers Billy Rios and Jonathan Butts found that initially, nobody was doing much to actually fix or replace the existing devices.So Rios and Butts got creative in attempting to convey the scope and simplicity of the threat: they built an app that could use the pumps to kill a theoretical patient:"We've essentially just created a universal remote for every one of these insulin pumps in the world," Rios says. "I don't know why Medtronic waits for researchers to create an app that could hurt or kill someone before they actually start to take this seriously. Nothing has changed between when we gave our Black Hat talk and three weeks ago." To target a specific insulin pump, a hacker would need to know the proper serial number of the device they're targeting. But the app simplifies this process by quickly running through all potential serial numbers until it hits the correct one. The gambit seems to have worked: a week after the team demonstrated its proof of concept app to FDA officials in mid-June of this year, Medtronic announced a voluntary recall program. Years after Medtronic first learned about the flaws in these devices, there's now a structure in place that allows patients to use the devices if they want, and replace them for free if they don't.That said, the researchers are still quick to point out that this kind of dysfunction (offering potentially fatally compromised products but having no avenue to correct them) is fairly common in the medical sector:"...the climate for medical device vulnerability disclosures is still clearly fraught if researchers feel that they need to take extreme, and even potentially dangerous, steps like developing a killer app to spur action."If you think about it, we shouldn't be telling patients, 'hey, you know what, if you want to you could turn on this feature and get killed by a random person.' That makes no sense," QED Security Solutions' Rios says. "There should be some risk acceptance; this is a medical device. But an insecure feature like that just needs to be gone, and they had no mechanism to remove it." And of course that's not just a problem in the medical sector, but most internet-connected tech sectors. As security researcher Bruce Schneier often points out, it's part of a cycle of dysfunction where the consumer and the manufacturer of a flawed product have already moved on to the next big purchase, often leaving compromised products, and users, in a lurch. And more often than not, when researchers are forced to get creative to highlight the importance of a particular flaw, the companies in question enjoy shooting the messenger.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 20-Jul-2019
path: /Policy | permalink | edit (requires password)
Gibson Guitar Formalizes Its Hands-Off IP Enforcement Approach With Authorized Partnership Program
Furnished content.
As I mentioned when we recently discussed Dean Guitars' pushback and counter-suit against Gibson Guitar's trademark lawsuit, Gibson CEO James Curleigh's vague declaration of a relaxed position on IP enforcement has calcified into something of an official corporate program. It's not all bad, but it's not all good either.We'll start with the good. Gibson has decided to recognize that there are fans inspired by its designs who want to create their own guitars and even sell them on occasion. In recognition of this, Gibson is starting an "authorized partnership" program to allow those creators to build guitars without fear of legal threat.The initial stages of the Program will see Gibson grant several boutique builders permission to create guitars based on the body shapes that it claims to own. The agreement involves specific terms set by Gibson, reports NewsChannel 5: chief among them that the boutique brands must acknowledge these shapes do indeed belong to Gibson.“We’ve entered into some agreements with three or four boutique guitar companies, and basically, they actually love Gibson, and we actually love them,” Curleigh said in the interview. “We just have to have a conversation around where the lines are between shapes and names, etc. And what’s amazing is, as soon as we enter into those conversations, it leads to a collaborative, creative conversation. So it’s going to work basically, it’s essentially an agreement where they acknowledge: ‘Yup, these are your shapes,’ and we say, ‘you can use them.'” While it's a step forward for Gibson to enable these companies to create and build off of the inspiration from Gibson, you can already see hints of that old protectionist attitude creeping back in. In order to enter into this sort of agreement, first these companies must bow at the alter of Gibson by acknowledging that it holds trademarks on many of its designs. While that may be something approaching SOP for these types of partnership or licensing agreements, the current legal battle with Dean Guitars puts this very much in question. Whether Gibson does in fact hold valid trademarks on its most treasured guitar designs is subject to the outcome of Dean's counter-suit, in which Dean attempts to invalidate many of those trademarks entirely.Regardless, putting so much emphasis on the acknowledgement that Gibson has these valid trademarks feels like the vestigial remains of the company's old protectionist policies. And, while Curleigh insists that he isn't trying to build this as a revenue stream for Gibson, the agreements do also allow the company to control how many of these 3rd party guitars get sold and to demand royalty fees, so there's that.Add to all of that that Curleigh isn't exactly giving up litigation as an option, too, and one wonders just how much a shift in company culture this is all going to be.“My last resort, I can tell you as a leader, is always going to be legal. But if a company or a brand leaves us, or me, with no choice, I have to follow that direction,” the CEO continued. “I don’t want to, but part of our brand and our business is intellectual property, and kind of half of the value of some companies are in that. We have to preserve and protect [our trademarks], but I think we can do it in a way that’s not confrontational, it’s more collaborative.” These types of subtle changes can indeed have outsized effects, but it's all in the follow through. Again, this is for sure a step in a positive direction for Gibson, which has traditionally been very protective of its perceived IP. What remains to be seen is if this is really the cultural change Curleigh promised.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 20-Jul-2019
path: /Policy | permalink | edit (requires password)
Dean Guitar Counter-Sues Against Gibson Guitars, Attempts To Invalidate Several Trademarks
Furnished content.
Earlier this month, we discussed how Gibson Guitar CEO James Curleigh had recently announced a shift in its IP enforcement strategy to try to be more permissive. That has since calcified into an actual formal plan, but we'll get into that more in a separate post because there is enough good and bad in it to be worth discussing. What kicked Curleigh's reveal, however, was backlash from a recent lawsuit filed by Gibson against Armadillo Distribution Enterprises, the parent owner of Dean Guitars. Dean sells several guitars that Gibson claims are trademark violations of its famed "flying v" and "explorer" body shapes. There are differences in the designs, to be clear, but there are also similarities. Even as Curleigh's plans for a more permissive IP attitude for Gibson go into effect, this lawsuit continues.But not without Armadillo punching back, it seems. In response to the suit, Armadillo has decided to counter-sue with claims that Gibson's designs are not only too generic to be worthy of trademark protection, but also that Gibson's actions constitute interference with its legitimate business. We'll start with the trademarks.The most potentially impactful aspect of the filings relates to the issue of the trademarks of the Flying V, Explorer and ES-335 body shapes. These marks were a key part of Gibson’s original counterfeiting claim, and as part of its defence, Armadillo is not only trying to prove that the claims are without merit, but crucially it also seeks to get the trademarks cancelled altogether.“The above designs have been prominently used and promoted for years and, in some instances, decades,” the suit reads. “All the while, Gibson sat on its purported rights and failed to object.” The suit goes on to claim that Dean has invested millions of dollars promoting and marketing guitars with those shapes in that period, and as such, “some of Gibson’s accused trademarks are invalid because they are generic and/or incapable of serving as a source identifier for guitars”. As the article points out, there is precedence for this. A decade ago, Fender lost the right to trademark several guitar designs that it had failed to protect, while Gibson itself fell victim to this same thing in the early 2000s. While some may point to this as being evidence that companies must aggressively protect their intellectual property, I would argue that such designs of guitars are not great source-identifiers for the public and probably shouldn't have been afforded trademark protection to begin with. Regardless, if Gibson once again allowed others to use variations of these designs, that point is moot, as the designs would have become generic in the marketplace.As to the interference with Dean's business in the market, it seems that Gibson didn't only contact Dean about the alleged infringement, but dealers of guitars as well.The suit cites the example of Carlino Guitars – a guitar shop in Medford, Massachusetts – which it claims was sent cease and desist letters by Gibson in April and May 2019. The letters allegedly demanded the removal of all Dean V and Z guitars from the shop’s website, accused them of being party to trademark infringement by stocking Dean instruments, and threatened the store with legal action if they didn’t comply.The suit claims that based on “information and belief” that Gibson sent similar letters to other dealers and retailers, “with the intent of disruption Armadillo’s sales and contractual relationships”. This is fairly aggressive on the part of Gibson, as these guitar dealers are stocking Dean guitars with the good faith understanding that they aren't selling counterfeit products. And, frankly, given Gibson's failure to protect their supposedly valid trademarks in the past, it sure reads as though Gibson jumped the gun on sending out these legal notices to dealers before getting its own lawsuit over the trademark claims adjudicated. With that move, Dean's counterclaim probably rests on how the court judges the trademark issue, which is an avenue of legal exposure that is unnecessary for Gibson to have endured. I'm a bit surprised the company's legal team wasn't more cautious.In the end, because of Gibson's aggressive enforcement stance, even as the company is proclaiming a new era of relaxed IP enforcement, there is now the very real risk of the company losing its trademarks and incurring costs.The counterclaim demands the cancellation of Gibson’s Flying V, Explorer and ES-335 body shape trademarks, and seeks the “maximum damages permitted by law” for the alleged interference caused by the company’s communication with Dean and Gibson dealers. The outcome of this will be interesting, if only to see if Gibson will suffer one final blow for its previously aggressive trademark enforcement.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 19-Jul-2019
path: /Policy | permalink | edit (requires password)
|
|