The America Invents Act, passed Sept. 16, 2011, contains reforms that will affect businesses in many ways, including how they must pursue patents. One of the goals of this legislation is to standardize U.S. law with the way the rest of the world handles patents. The change that is receiving the most attention is the switch from first-to-invent rights to first-to-file. The new system goes into effect in March of 2013.

“The U.S. has its own version of first-to-file,” says Timothy E. Nauman, partner with Fay Sharpe LLP. “But generally, it will be similar to what the rest of the world has been doing. The patent will be issued not to who first thought of the new idea, but to who filed first.”

Smart Business spoke with Nauman about what you need to know about the changes, and how they may affect your business.

Have any of the act’s reforms gone into effect already?

Yes, a few. Accused patent infringers used to be able to claim the plaintiff’s patent was invalid because it didn’t describe the ‘best mode’ of practicing the invention. ‘Best mode’ as a defense is no longer supported by the patent act.

Second, there was a provision that allowed any third party to bring a lawsuit indicating that a patent owner was mis-marking its patents. For example, a manufacturer may make a product for which the patent expired years ago. However, the mold was never changed, so the expired patent number still shows up on recently manufactured products.

Someone figured out that you didn’t have to suffer competitive injury to file a false marking lawsuit. Companies grew tired of dealing with constant lawsuits, and there was a backlash. Now, you have to actually be competitively damaged to sue.

How will the act affect patentability or patent validity claims?

There are new procedures for challenging the patentability of an invention or to challenge the granting and validity of a patent. These changes aren’t going to be enacted until September, 2012.

One of the new procedures is the post-grant review process, a nine-month period in which a patent can be challenged. This is similar to what is called an ‘opposition’ overseas. For example, this provides a way to challenge the patent at the administrative level instead of going to court. This is useful, because going to court can be an expensive proposition and time-consuming.

For businesses, this opposition process could be looked at as a hassle, but it could also be considered helpful in removing the garbage from the family of valid patents. If your patent survives the challenges provided by these new processes, it’s probably a good patent. If your invention is worthy of a patent, it would likely pass these challenges anyway.

How will the act change the way rightful patent owners are determined?

The U.S. has always used a first-to-invent system. In that system, if you came up with an idea, and I came up with the exact same idea completely independent of you, and we each file a patent application, generally, the patent is awarded to the person who is determined to have been the first-to-invent.

You and I could end up in an interference proceeding, in which the Patent Office or the Court would evaluate the evidence of first-to-invent. We have to show when we first conceived the invention, when we reduced it to practice, and how diligent we were.

Inventors keep notebooks with this information, which are signed and dated by a lab partner or someone else who works closely with them. You can also prove you came up with the invention on a particular day by showing an e-mail that describes the invention. The e-mail recipient will be able to corroborate that evidence. Without evidence, you could lose to a party that conceived or reduced the invention to practice after you.

The switch to a first-to-file system is designed to simplify the process, and will make U.S. patent laws similar to procedures in most other countries in the world.

How will the change from first-to-invent to first-to-file change the way U.S. businesses operate?

Some will tell you the change to first-to-file doesn’t mean a thing for big businesses, because multi-national companies file applications around the world anyway. They have already been dealing with a first-to-file system in other countries. The fact that first-to-file is being enacted in the U.S. won’t change how these companies pursue patents.

Others will tell you there is a bit more urgency, an added pressure to reduce the time from when an invention is conceived to the time the patent application is filed to minimize the chance of a competitor filing first on a similar invention.

Newspapers have reported that this was a friendly patent act for the little inventor. The fees may have gone down some for them, but one potential problem is that the small inventor may have to invest in filing an application a little quicker than they would have wanted. This is no small issue, especially when you consider the thousands of dollars it costs to file and pursue an application. In the past, a patent attorney may have encouraged the inventor or company to test the market for six to nine months to see if there is a demand for the product, get a business plan ready, then decide whether or not to file. Today, a patent attorney may tell them to push their timeframe up a bit to complete a patent filing.

Timothy E. Nauman is a partner with Fay Sharpe LLP. Reach him at (216) 363-9136 or tnauman@faysharpe.com.

Published in Cleveland

Besides people, a company’s most valuable asset is its intellectual property. Because of this, organizations must ensure that they’re doing all they can to protect this vital asset.

Smart Business spoke with Rockie Brockway, GSEC, GCIH, GSNA, Cisco TSS/Security, the security practice director for LOGOS Communications, Inc. dba Black Box Network Services, about intellectual property and what businesses should be doing to protect their valuable data.

What threats do companies face when it comes to their intellectual property?

Cybercrime has evolved over the last two decades, from brute force attacks for bragging rights in the ‘hacker’ communities to billion-dollar black and grey market profit centers. Today, we are seeing very sophisticated tools that can control millions of hacked ‘zombie’ computers for a single purpose, like mass spamming or attacking other Internet resources. And, these tools come with 800 numbers for live tech support just like any other software you might purchase at your favorite home electronics chain. The bottom line today is that it is easier and cheaper for new or developing companies to purchase stolen trade secrets in an effort to be competitive than it is to develop it themselves, and such incentive opportunities will always create markets, legal or not. This demand translates into exceptionally ingenious ways to exfiltrate critical intellectual property from organizations and presents a large challenge for the security industry as a whole to keep up with the innovations being developed as a result of these new markets.

The other primary threat to an organization’s intellectual property is geo-political in its nature — state-sponsored hacking with the intent to gather as much competitive intelligence not only through stolen IP and trade secrets but also through business methodologies in an effort to try to get a leg up on other countries in these shaky economic times.

What are some ways data can be stolen?

Lost USB sticks, stolen laptops, improper disposal of documents, disgruntled employees, third-party vendors, not to mention targeted hacking attempts and even ‘hacktivism.’ If you can think of a vector for data loss it probably can be done. But the tried-and-true threat vector in the war against data loss ends up being the human factor and social engineering, which has also vastly improved in the last decade. Today, spear and whale phishing high-impact targets, such as CEOs, presidents and board members, and getting them to navigate to a website that installs a malicious application that hasn’t been seen before is commonplace and once that foothold is in place, a little patience goes a long way. If you look at the recent slew of high-profile attacks that resulted in severe data loss like RSA, Oak Ridge Labs and others they all share the same MO — targeted spear phishing, malicious code execution, staying low and under the radar of existing security countermeasures and data exfiltration.

What preventive measures should companies put in place?

Process is key here, and the object is not to panic and throw solutions in place without having a clear understanding of what you are trying to protect, its impact on the business should they be stolen (or worse), the assets that support the business's critical data and the security compromises and risk the business is willing to accept — basic risk management, which unfortunately can be easily overlooked. This process defines the corporate security policies and comprises the strategic half of a good security model. The tactical half of the model is defined by these policies and needs to protect, detect and react to threats. Given the mobile nature of information technology, endpoint host protections are a must, and I am a big advocate of application whitelisting technology. If an organization has the ability to inventory and classify business-use applications, then whitelisting can be utilized to only allow those approved applications to be able to run on the user systems. For most organizations, malware doesn’t constitute a business-use application so it isn’t allowed to execute. And apart from the obvious countermeasures, such as firewalls and encryption use, identity and event correlation are also crucial to a strong security posture. Again, with the adoption of BlackBerrys, iPhones, iPads, Android devices and other mobile platforms, organizations cannot simply rely on their traditional perimeter defenses to protect their intellectual property. Security industry guru Richard Bejtlich recently tweeted that ‘identity is the new corporate perimeter’ and that is a very astute observation. On the correlation side, security information and event management (SIEM) systems gather, analyze and present information from network and security devices, vulnerability and identity management tools, OS and database logs and policy compliance tools and correlate and prioritize the data for not only lower administrative overhead but also for auditing and incident response.

How can businesses thwart attacks?

The answer to this question is almost always tied to the adjacent question, ‘Who is accountable if security is breached?’ Security is very subjective so there needs to be a powerful advocate within the organization that has the ability to fight the appropriate battles when necessary in order to ensure security isn’t glossed over as another optional insurance policy. That, combined with the adoption of an enterprise risk management program that weighs the business risks of everything from third-party vendor access to business critical assets to personal mobile devices on the business networks truly gives organizations the leg up on defending their business. One specific action that I highly endorse is the development of a real security awareness program, and not one that exists solely to satisfy a compliance audit checkbox. Regular awareness training can significantly reduce the potential for success of spear-phishing attacks and other social engineering efforts. Another idea is corporate peer groups, meetings of representatives of organizations in the same or similar verticals to discuss what they are seeing, what works, what does not work and share information security best practices and war stories. There is great value in measuring yourself to your immediate peers in terms of security statistics and practices.

What if, despite a business’s best efforts, IP theft occurs?

There are many variables that go into this equation, but in general, the process should go detect, disconnect from the Internet, determine the root cause of the data leakage, fix it, clean up and then resume operations. This is where the enterprise risk management program should already have answered questions like ‘Can the business afford to disconnect from the Internet in the event of a security incident?’ and ‘Should we make a public statement that could potentially harm our reputation?’ Your legal department should most definitely be involved in this process. Involving the appropriate local, state and/or federal authorities is a must. Both the FBI and Secret Service have been investigating security incidents for decades and are highly qualified to provide expert guidance during the investigation.

How can businesses ensure departing employees won’t take intellectual property with them?

The quick and dirty answer is through data loss prevention (DLP) systems. DLP systems give organizations the ability to classify certain data as important and then assign policies to those documents or files. Policies can range from very simple, such as blocking any outbound e-mails that contains Social Security numbers, to more complex rules, such as only members of the executive board are allowed to write documents classified as containing intellectual property to a USB drive. In reality, however, such systems can be cost-prohibitive to many organizations in the SMB market and many find themselves trying to piece together several disparate technologies with higher administrative overhead to accomplish similar results. Like security itself, the balance between capital expenses versus operating expenses is always going to be different from company to company and may dictate which controls are feasible and which are not.

How can businesses best handle having facilities in areas around the world that may be attempting to steal their intellectual property?

This is a continuing and evolving issue for many global organizations. Some have taken the view that any data that is accessible by users in facilities in certain countries should already be considered as compromised. For these businesses, the strategic action plan becomes one focused on designing system and network controls with the ability to enforce the principle of least privilege on the one hand but do not hinder any employees’ ability to do their jobs. Identity is critical in these situations, as is the ability to restrict who has access to sensitive information and control access to removable media. Some organizations are now deploying virtual desktop farms in these regions to address some of their concerns around losing intellectual property, so their sensitive data does not actually reside in these facilities. Others have decided that a certain level of data loss is an acceptable business risk of having facilities is these areas and keep their actual crown jewels under lock and key. At the end of the day, the business must make the decision on what is and is not acceptable and those decisions must be made through the organization’s enterprise risk management process.

Rockie Brockway, GSEC, GCIH, GSNA, Cisco TSS/Security, is the security practice director for LOGOS Communications, Inc. dba Black Box Network Services. Reach him at (440) 250-3673 or rbrockway@logosinc.com.

Published in Columbus
Wednesday, 06 July 2011 11:51

How to secure a patent for green technology

Green technology is an economic growth area for Ohio, while other areas of the economy are contracting or staying static. Many companies are looking to take advantage of this trend by developing technologies that reduce the use of nonrenewable resources and improve the quality of the environment, both globally and locally.

Because there is so much interest in this field, it’s important to draft a patent application that protects your invention against infringement by others. Particular attention should be paid to the claims of the application.

"As with any patent, it is up to you to find out who is infringing your claims and keep an eye on your potential competitors," says Ann Skerry, a partner with Fay Sharpe LLP.

Smart Business spoke with Skerry about how to obtain patents for green technology, and how the process works.

What sort of green technology patents are being sought?

Patents could fall into three main areas: energy generation, reduction in energy consumption, and improvements in environment quality.

In the energy generation field, there has been a lot of work done in Northeast Ohio in connection with wind turbines. There have been advances  relating to everything from the motors and blades for the turbines to the towers which carry them.

In Ohio, there are projects for large turbines as well as small-scale devices that can be used for an industrial site, or, perhaps in the future, people’s homes.

Other areas of energy generation include biomass (converting waste materials to energy),  solar cell technology, batteries, and fuel cells.

In the energy consumption category, companies are developing more efficient lighting products, and designing other devices that use less energy.

To improve environmental quality, companies are developing new products that are safer for the environment, like paints and hybrid vehicles, and ways for using recycled materials in their products.

What are the keys to developing patent claims for green technology?

As with other technologies, the goal is to draft claims for a patent that will cover not only your current idea of the product, but also  the potential designs that you may end up making when the product comes to market.

The claims should also provide enough of a barrier to prevent competitors from easily designing around your claims by making simple changes that take their product out of the claim scope.

The approach to achieving that sort of claim: know the market, see where it is going, and understand where your product is going to fit into the developing market. That, of course, is where you need your patent attorney.

When drafting a claim, how broad should it be?

Basically, the idea is to have the claims of the patent application be as broad as they can be without facing the possibility that there is something already known that will prevent you from getting those claims.

The Patent Office examiner who reviews the application typically raises rejections, based on a set of references, such as publications and patents, arguing that your claims are not patentable based on those references. Therefore, knowing the market and references that could be raised before you draft the claims is a great help when trying to determine how broadly you can claim an invention without facing a rejection.

How difficult is the process of proving your technology is, in fact, green?

It is not necessary to prove your invention is green, but the Patent Office currently provides an expedited examination process for patent applications in this area if you do.  Initially, the application had to fall into a particular one of a small number of Patent Office classes to be accepted into the program. Now, it has been made much easier because the applicant only has to show, either in the specification of the application or via a brief statement, that the invention materially enhances the quality of environment or materially contributes to the discovery or development of renewable energy sources, the more efficient utilization and conservation of energy resources, or greenhouse gas emission reduction.

Why might companies want to expedite their green technology patent application?

If you have an invention in the early stages of development, and you are not ready to go to market with it, you may decide not  to  expedite your patent application.

On the other hand, if you are ready to go to market, have someone who is ready to license the technology, or you think that other people are likely to enter this area, it could be advantageous. Small businesses working in the wind turbine field, for example, may be looking to larger companies to take over and develop their inventions. Having a patent in hand can help with that.

An expedited patent application can issue in about a year — a sizable time savings. The Patent Office is generally quite slow, and it has a large backlog of unexamined applications. It takes two years, on average, for the Patent Office to provide an initial review of your application. Then, it can take another year or more after that for the patent to issue. In these rapidly developing fields, three years is a long time.

The Patent Office does have several routes for expediting patent applications. The one that is most applicable to green technology is the Green Technology Pilot Program, which is quite liberal in its approach. Other methods for expediting applications can make the applicant jump through quite a few hoops and pay high fees for expediting. The Patent Office has worked hard to make it easier for inventors to file an application via the Green Technology Pilot Program, and the additional fee can be waived entirely.

It is only a pilot program, so it will run out at the end of 2011, but based on the positive feedback it has received, it may be continued.

Ann M. Skerry, Ph.D., is a partner with Fay Sharpe LLP in Cleveland, a law firm focused on intellectual property. Reach her at (216) 363-9000 or askerry@faysharpe.com.

Published in Cleveland

With 70 percent of the world's intellectual property within the United States, U.S.-based companies continue to dedicate extensive resources to research and development, achieving substantial value and benefit from their intellectual property.

Smart Business spoke to Ron Williams at Talon Companies about what companies can do when that valuable property is undermined by a theft.

Can businesses protect their intellectual property 100 percent of the time?

Although proactive security is the most mature and effective manner to safeguard a company's intellectual property, minimizing the likelihood that it will be stolen, the reality of risk management dictates that it is impossible to achieve a level of security that can, with 100 percent certainty, neutralize all forces seeking to successfully engage in the theft of intellectual property. As such, and in response to the theft of intellectual property through computer-based means, companies have the obligation to undertake well-orchestrated and thoughtful reactive measures to respond to the theft of intellectual property in a manner that will ensure electronic evidence is preserved and to establish a sustainable posture for internal or legal action.

Who should a company turn to in the incidence of an IP theft?

At the core of a company's response to the theft of intellectual property is the initiation of computer forensics and an enterprise investigation to identify, gather, analyze and preserve electronic evidence by experienced and certified professionals using dedicated forensic investigative tools. The discovery, collection, investigation and production of electronic information for investigating and handling computer-related crimes or misuse surrounding the theft of intellectual property is a well-defined process grounded in government and law enforcement guidelines.

What are the steps a company should take after a theft?

The following 10 high-level steps are meant to provide clarity with respect to the collection of electronic evidence:

  • Send a letter of notification to all involved parties
  • Include specifications regarding electronic evidence in the written
  • discovery request
  • IT staff should be deposed via Rule 30(b)(6)
  • Gather backup tapes
  • Gather removable media, such as CD-ROMs and zip drives
  • Question all available employees about their specific computer usage
  • Create a forensic duplication of the computer hard drive(s) in
  • question
  • Mathematically authenticate forensically duplicated data
  • Ensure the proper chain of custody is followed
  • Initiate the computer forensics efforts and enterprise investigation

Does the issue of IP theft affect all business?

All companies possess intellectual property that must be safeguarded from abuse, disclosure, theft and destruction. However, too many companies are operating with a false sense of security surrounding their ability to prevent against the theft of intellectual property, contributing to the dramatic rise in occurrence and escalation in intensity of intellectual property theft.

Proactively working to prevent intellectual property theft is a manageable undertaking and is the only way to attain a true level of trustworthiness within a corporate environment. As no company can possibly be totally proactive by predicting and neutralizing every possible risk and threat to intellectual property, defensive tactics and reactive techniques are vital to efficiently respond to the theft of intellectual property.

All predictions demonstrate that intellectual property will continue to increase in value over the next decade and, as such, intellectual property theft will remain a growing problem that companies must consider, address and react to.

Ron Williams is the CEO at Talon Companies. Reach him at (800) 808-2566 or rwilliams@talonexec.com. Reach Talon Companies Headquarters at service@talonexec.com, (800) 808-2566, or www.TalonCompanies.com.

Talon Cyber Tec is dedicated exclusively to providing proactive and reactive security solutions to combat the escalating threat and reality of cyber crime, helping organizations address the critical business issues of security, privacy and compliance. Talon Cyber Tec integrates the proven and well-established principles of physical security into the realm of information security by bringing together leading human capital, information security expertise, in-depth research, and extensive real-world experience to help organizations strike a balance between business and security goals.

Talon Cyber Tec is a subsidiary of Talon Executive Services, an independent risk management firm providing full spectrum services to secure corporate assets and prevent loss due to malevolent acts.

Talon Provides MCLE Training Programs

Published in Los Angeles

Ideas and closely held information, designs and processes are often a business’s most valuable assets, and the law provides companies with tools to protect those assets.

Patent, trademark and copyright laws are the most widely known ways to protect new ideas, but, while lesser known, the laws protecting trade secrets provide the better tool for companies to protect their confidential intellectual property.

“Protecting one’s valuable trade secrets is not only a good business practice, it is also often necessary to maintain the protections afforded by trade secret law,” says Donald Tarkington, the managing partner of Novack and Macey.

Smart Business spoke with Tarkington about how to protect trade secrets and how to make sure departing employees don’t walk out with valuable information.

What information is covered by trade secret protection?

Trade secrets can include technical or nontechnical data, compilations of information, marketing or financial data, manufacturing processes and lists of actual or potential customers. It covers virtually any information that is sufficiently secret that it derives economic value from the fact that it is not generally known and that the business makes a reasonable effort to keep confidential. Even information derived from public sources may be a trade secret if accumulating that information requires significant effort.

Courts look to six factors in evaluating whether information is a trade secret: the extent to which the information is known outside the employer’s business; the extent to which it is known by employees and others involved in the business; the extent of measures taken by the employer to guard the secrecy of the information; the value of the information to the employer and to its competitors; the amount of effort or money expended in developing the information; and the ease or difficulty with which the information could be properly acquired or duplicated.

Do trade secrets need to be registered?

Trade secrets are not registered like a trademark or copyright. Nor are they applied for as with a patent. Unlike ideas that are patented, trademarked or copyrighted — which are protected even though they are publicly known — trade secrets are protected because they are secret and because their secrecy makes the information valuable. As long as the information is secret, used in the business and valuable, it will be protected if the business takes reasonable steps to keep it confidential.

Why is it important for companies to protect their business practices, products, services or intellectual property?

Trade secrets are, by definition, confidential and valuable. They are assets and should be protected. Businesses should be no more tolerant of someone taking their trade secrets than they would be of someone walking out the door with a valuable piece of equipment.

Protecting trade secrets is also important to preserving a business’s legal rights. Under the Uniform Trade Secret Act, information is not a trade secret, regardless of how valuable it might be, if the business does not make reasonable efforts to protect its confidentiality. Businesses’s efforts to protect confidentiality don’t have to be perfect. What is reasonable will depend on the size and sophistication of the parties, as well as the relevant industry. But a business must take affirmative measures to protect the secrecy of its information.

How can businesses protect their trade secrets?

There are several measures a business can take, including marking information as confidential, keeping information in a secure place, restricting access to those who need to use it, password-protecting electronically stored information, developing policies that require employees to keep the information secret and requiring anyone with access to sign a confidentiality agreement. For particularly sensitive information, businesses should work with their data processing professionals to restrict offsite access to electronically stored information and limit the ability to download or copy information.

How can businesses ensure departing employees won’t take trade secrets with them?

As long as information qualifies as a trade secret, the law precludes employees from using that information after they leave. The best protection, however, is to require employees to sign confidentiality agreements in which they acknowledge that the information they were given is confidential and that they will not disclose it if they leave.

Confidentiality agreements can even protect information that does not meet the strict definition of a trade secret. When one employee with access to secret information leaves, disable his or her password and e-mail access and take back company issued laptops. It is also a good idea to review the usage logs on the employee’s laptop and the company’s computer network to see if there is any unusual copying or downloading activity.

If a nondisclosure agreement is violated, what steps should a company take?

If a business learns that someone is disclosing trade secrets to third parties, it should consider taking action against that individual and against the former employee’s new employer.  Possible actions include a suit for damages resulting from improper use of information and/or an injunction action against the former employee and new employer prohibiting the use or disclosure of the information.

Knowingly allowing trade secrets to be disclosed to third parties risks damaging a business’s claim that the information is a trade secret. Deciding whether to take action against a former employee or a new employer should be considered on a case-by-case basis, but one thing that should be taken into account is that allowing the trade secret to be disclosed could destroy the value of the information and destroy the business’s ability to seek protection of the information in the future.

Donald Tarkington is the managing partner of Novack and Macey. Reach him at (312) 419-6900 or dtarkington@novackmacey.com.

Published in Chicago

With 70 percent of the world’s intellectual property within the United States, U.S.-based companies continue to dedicate extensive resources to research and development, achieving substantial value and benefit from their IP.

Given the high degree of emphasis companies place on their intellectual property, a dangerous trend has emerged. Recent studies conducted by the American Society of Industrial Security (ASIS) and the FBI that demonstrate that more than one-third of surveyed Fortune 2000 and middle-market companies have no formal program for safeguarding intellectual property and spend less than 5 percent of their budgets on security.

As the regularity and intensity of IP theft continues to escalate, with losses calculated by ASIS at more than $150 billion per year, the protection of a company’s intellectual property and information assets has become a critical business issue. Although managerial and legal steps can and should be taken to safeguard such sensitive information, today’s technologically advanced world where information can be shared globally in a matter of seconds has changed the nature of how companies create, identify, maintain — and, thus, safeguard and protect — intellectual property.

Smart Business spoke to Ron Williams at Talon Companies about how businesses should approach the all-important process of protecting their valuable intellectual property.

What threats do companies face when it comes to their intellectual property?

Although companies struggle to prevent hackers from stealing intellectual property by fortifying their enterprise networks from external entities, the real threat continues to arise from employees, former employees and other direct members of a company’s work force. With more than three out of four instances of intellectual property theft perpetrated by inside employees or contractors, as continuously modeled by ASIS and FBI studies, the most devastating thefts of intellectual property have come from individuals who were deemed trusted insiders.

In light of this reality, the weakest link of a company’s security program is the human element. Anyone who has physical or electronic access to information assets, including contract workers, temporary workers, visitors, interns, and support and maintenance workers, has the opportunity to access unlocked computer workstations, computer servers, paper files and any passwords or other sensitive data left unprotected. Evenif a company has extremely robust IT security controls in place, all it takes is one careless, uninformed, or disgruntled person with access to the physical office space or enterprise network to engage in the theft of intellectual property.

How can businesses mitigate this risk?

The following high-level and summary guidelines can be employed to directly minimize this risk and further facilitate the protection of a company’s intellectual property:

  • Ensure that access privileges, such as passwords, are disabled immediately following the resignation or termination of an employee.
  • Restrict employees from sharing a single authorized account used to gain access to network resources or physical assets.
  • Inform all employees that their usage of network resources and interaction with information assets will be monitored and audited.
  • Track the inventory of portable computing devices, such as laptops and PDAs, to ensure no systems that may contain intellectual property go missing or remain in the possession of ex-employees.
  • Implement console locking mechanisms on computer workstations so that systems left unattended will automatically log off and become password protected.
  • Assign access privileges to employees based on their specific function and need to access intellectual property so that employees who do not require access to sensitive information assets do not have it.
  • Instill a corporate culture in which safeguarding intellectual property is a high priority and each employee understands his/her responsibility to adhere to security practices, policies and controls.

What if, despite a business’s best efforts, IP theft occurs?

Although proactive security is the most mature and effective manner to safeguard a company’s intellectual property, the reality of risk management dictates that it is impossible to achieve a level of security that can, with 100 percent certainty, neutralize all forces seeking to successfully engage in the theft of intellectual property. As such, and in response to the theft of intellectual property through computer-based means, companies have the obligation to undertake well-orchestrated and thoughtful reactive measures to respond to the theft of intellectual property in a manner that will ensure electronic evidence is preserved and to establish a sustainable posture for internal or legal action.

At the core of a company’s response to the theft is the initiation of computer forensics and an enterprise investigation to identify, gather, analyze and preserve electronic evidence by experienced and certified professionals using dedicated forensic investigative tools. The discovery, collection, investigation, and production of electronic information for investigating and handling computer-related crimes or misuse surrounding the theft of intellectual property is a well-defined process grounded in government and law enforcement guidelines.

The following high-level steps are meant to provide clarity with respect to the collection of electronic evidence:

  • Send a letter of notification to all involved parties.
  • Include specifications regarding electronic evidence in the written discovery request.
  • IT staff should be deposed via Rule 30(b)(6).
  • Gather backup tapes.
  • Gather removable media, such as CD-ROMs and zip drives.
  • Question all available employees about their specific computer usage.
  • Create a forensic duplication of the computer hard drive(s) in question.
  • Mathematically authenticate forensically duplicated data.
  • Ensure the proper chain of custody is followed.
  • Initiate the computer forensics efforts and enterprise investigation.

What should businesses remember about protecting their valuable IP?

Too many companies are operating with a false sense of security surrounding their ability to prevent against the theft of intellectual property, contributing to the dramatic rise in occurrence and escalation in intensity of intellectual property theft. Proactively working to prevent IP theft is a manageable undertaking and is the only way to attain a true level of trustworthiness within a corporate environment.

As no company can possibly be totally proactive by predicting and neutralizing every possible risk and threat to intellectual property, defensive tactics and reactive techniques are vital to efficiently respond to theft of IP. All predictions demonstrate that intellectual property will continue to increase in value over the next decade and, as such, intellectual property theft will remain a growing problem that companies must consider, address and react to.

Ron Williams is the CEO at Talon Companies. Reach him at (800) 808-2566 or rwilliams@talonexec.com. Reach Talon Companies Headquarters at service@talonexec.com, (800) 808-2566, or www.TalonCompanies.com.

Talon Cyber Tec is dedicated exclusively to providing proactive and reactive security solutions to combat the escalating threat and reality of cyber crime, helping organizations address the critical business issues of security, privacy and compliance. Talon Cyber Tec integrates the proven and well-established principles of physical security into the realm of information security by bringing together leading human capital, information security expertise, in-depth research, and extensive real-world experience to help organizations strike a balance between business and security goals.

Talon Cyber Tec is a subsidiary of Talon Executive Services, an independent risk management firm providing full spectrum services to secure corporate assets and prevent loss due to malevolent acts.

Published in Los Angeles

You’re proud of your website. It's your face on the Internet, your online presence, and it may provide a robust suite of services for your customers. But if you aren't careful, cyber-looters may be able to snatch elements of your site for their own use, leaving you without legal recourse.

"Be vigilant about your website," says Sandra M. Koenig, a partner with Fay Sharpe LLP. "Generally there seems to be a thought process that because it's on the Internet it's fair game. It's really not."

Smart Business spoke with Koenig about how to protect your website from copyright and trademark infringement.

How do standard copyright and trademark laws affect websites?

The traditional copyright and trademark rules still apply in the electronic world. So copyright protects copyright owners' rights, and it gives them the right to decide who can copy it. So if you own the copyright for your website, somebody should not be copying your website, or elements of your website, or taking photographs from your website, because that is still an infringement. It's still stealing.

What are some website-related copyright infringement issues companies should be aware of?

Most often, we get calls from clients telling us that someone took a photograph, text or other image from their website and copied it to their own site. Also, sometimes a competitor might emulate the overall look and feel of a website a little too closely.

There are a lot of relevant  trademark issues  that end up in legal battles, as well.

Perhaps unique to the Internet are the use of  someone else's trademark in your website's source code, domain name hijacking, or registering a misspelled version of another's trademark  as a domain name to direct consumers to your site.

How can 'metatagging' be used for copyright infringement?

Sometimes a competitor will insert another person's trademark in their own website's source code. So when people are searching online for that trademark, the competitor's website will show up at the top of the search results.

The trademark is buried in the source code – it's not visible to viewers of the site.

How can a company prevent competitors from copying tangible elements or intangible aspects of its website?

Primarily, companies must be concerned with vigilance. There are mechanisms by which you can lock your website by disabling certain options. That way, people can’t copy and paste elements that you want to keep secure.

Another important step is registering your copyright for the website or  sections of the website that are of critical importance. For instance, if you have detailed photos of your product line, you could register those instead of the entire website. Registration is beneficial  if you needed to sue someone. To ensure you are able to legally retaliate in a copyright infringement matter, it is important to have your registration in place or in the works, if it's not done already.

Keep your copyright and trademark notices visible on each web page. This is particularly useful because hyperlinking can create trouble, too. If a link doesn’t go to a company's home page but goes deeper into the website, the site visitor may not see the copyright or trademark notice. Many companies only put the copyright notice on the first or last page. It's a good rule to put legal notices on every page just in case someone links to a 'middle' page.

What steps can you take if you believe a copyright infringement has taken place?

Depending on the situation, you might begin with a cease and desist letter from your lawyer to try to negotiate a resolution right away, without going through the court process. A C&D letter is more economical, but it is always an option to file suit for copyright infringement. Arbitration is also an option.

Does a letter get results right away?

Surprisingly it often does. It wakes people up. You can request damages or you can just request someone stop using the copyrighted element or infringing trademark.

Aside from sending a nasty letter or filing suit, if the alleged infringement is a domain name issue, there are Uniform Domain-Name Dispute-Resolution Policy (UDRP) proceedings where the two parties go to arbitration over the domain name.

How do you know if you truly own the elements of your website?

There are two parts to a website, the underlying code and the visual images -- what you see on your screen. If you are working with an outside web site developer, ownership rights should be negotiable. They will often want to own the 'building block' code, which allows them to re-use this code without needing to reinvent the wheel. They should however, assign any images and text they might create to you.  Also, any content you are asking them to incorporate into the site needs to be owned by you.  So if you like a particular picture you want to be sure you have title or the right to use the content.  In other words, do not go online and just download content or take content from a book.

One thing to keep in mind is if you create the site internally, the company owns it. Sometimes elements are created by those outside the company. You might hire a photographer or someone to make illustrations. It's important to clear up who owns the copyright for those elements ahead of time because it will become important if someone were to steal one of those elements.

Sandra M. Koenig is a partner with Fay Sharpe LLP. Reach her at (216) 363-9137 or skoenig@faysharpe.com.

Published in Cleveland

The success or failure of an idea often hinges upon timeliness. Was the time right for a particular innovation? If you have a great idea and want your business to capitalize on it, you need to apply for a patent. However, the average patent application takes almost three years to process. By the time you obtain your patent, someone else may have taken your patent pending idea to the marketplace, and your innovation may not be innovative anymore.

“The Fast Track Exam enhances your intellectual property by expediting the patent process,” says Jay Moldovanyi, partner with Fay Sharpe LLP. “Getting that patent prevents competitors from copying your patented idea themselves.”

Smart Business spoke with Moldovanyi about how to determine if you should fast track your idea.

How does a Fast Track Exam enhance your IP?

The Fast Track Exam is helpful for situations when you introduce a new product to the marketplace and you want to prevent another company from creating and selling a knock-off version of your intellectual property.

For example, say you run a stapler company and you want to introduce a brand new stapler. How are you going to prevent a competitor from introducing the same stapler?

It’s important to note that a patent is a negative right, not a positive right.  Let’s assume your patent is for a new shift mechanism for a bicycle and someone else has a patent on the bicycle itself. Can you sell bicycles with your shift mechanism? No, because someone else has the patent on the bicycle. Can the owner of that patent sell a bicycle with your shift mechanism? No, because they need your permission to put your patented shift mechanism on their bicycle.

You have to make a deal with the bicycle’s patent-holder in order for you to sell bicycles with your shift mechanism. Conversely, he has to make a deal with you; otherwise he is unable to sell a bicycle with your shift mechanism.

You can’t enforce that negative right if you don’t have it. That’s why it is important for businesses to patent-protect their intellectual property.

What are the pros and cons of using a Fast Track Exam?

The upside of the Fast Track Exam is that you are going to get a patent faster. Normally, patents take almost three years to make it through the system. The average is 34 months. A Fast Track Exam can get the examination done in 12 months.

The downside is simple: It is very costly to expedite a patent’s consideration. The cost of a Fast Track Exam is $4,000 on top of normal patent application filing fees, which are dependent on your company’s total number of employees.

The total cost is broken out into a basic filing fee, a search fee and an examination fee. When you add those up, for a large entity (more than 500 employees) the fees are $330, $540 and $220, so the total is $1,090 for a normal patent application (there can be other costs for additional claims, etc.). For a small entity of fewer than 500 employees, the total cost for normal patent application is $545.

That is just for the patent application — in effect, just to get the show rolling. There are many more fees as you go through the process.

What are some examples of ideas that may be critical enough to fast track their patent application?

A new cell phone design, new engine design for motor vehicles, new antenna design for cell phones, new polymer composition to be used in tires — these are all examples.

The business owner has to decide which applications are important enough to fast track. That decision should be made in consultation with the lead engineer/VP of engineering and a patent attorney.

You have to have justification for spending that money. You certainly don’t want to do it cavalierly and file a Fast Track Exam for every application. The patent office has actually made this more difficult by capping the number of applications for expedited patents at 10,000 per governmental fiscal year.

Why does it take so long for patent applications to be considered, and why are all the fees necessary?

The reason for all those fees is that the patent office is fully user-funded; no taxpayer money goes to the patent office.

The process takes 34 months, on average, because the patent office is overloaded with patent applications. There is an avalanche of patent applications that have been submitted in the last five to 10 years. Because of the backlog, the patent office created the Fast Track Exam as a stopgap measure — prioritized examination for a fee.

Also, the patent office hasn’t been able to hire as many examiners as they would like because Congress controls its budget. Even though the patent office is fully user-funded, Congress has to appropriate that money to the patent office in order for them to use it. Bills have been introduced in Congress to overhaul the patent system, but so far none has been passed.

Fast track is indefinitely postponed because Congress has hit the USPTO with a $100 million budget cut for the 2011 fiscal year (ending October 1, 2011).

Jay Moldovanyi is a partner with Fay Sharpe LLP. Reach him at (216) 363-9127 or jmoldovanyi@faysharpe.com.

Published in Cleveland
Page 4 of 4