June 23, 2017

Annemarie Bridy

Annemarie Bridy has been a member of the faculty of the University of Idaho College of Law since 2007. Professor Bridy teaches Contracts, Copyrights, Introduction to Intellectual Property, and Cyberspace Law. Before joining the faculty, Professor Bridy was an associate with the lawfirm of Montgomery, McCracken, Walker & Rhoads in Philadelphia, where she practiced in the area of complex commercial litigation. Bridy holds a B.A from Boston University, a M.A from the University of California, Irvine, a Ph.D. from the University of California, Irvine, and a J.D. from Temple University James E. Beasley School of Law.

Cyberterrorism or Cybervandalism?

When hackers believed by the U.S. government to have been sponsored by the state of North Korea infiltrated Sony Pictures’ corporate network and leaked reams of sensitive documents, the act was quickly labeled an act of “cyberterrorism.” When hackers claiming to be affiliated with ISIS subsequently hijacked the YouTube and Twitter accounts of the U.S. military’s Central Command, military officials called it an act of “cybervandalism.” A third category of cyberattack, which presents definitional challenges of its own, is “cyberwarfare.” In terms of the nature and scale of any official response, it obviously matters quite a lot which bucket the government and the media choose when they categorize a cyberattack to the public. So how is that choice made as a descriptive matter? And how should it be made?

It seems to me that there are several potentially relevant factors to assess when drawing the semantic line between cyberterrorism and cybervandalism. The ones that spring to mind are the origin of the attack (e.g., state-sponsored v. state-aligned v. unaligned); the target of the attack (e.g., public infrastructure v. corporate infrastructure; critical infrastructure—however defined—v. non-critical infrastructure); the nature of the harm caused (e.g., personal injury v. injury to property); and the reach and severity of the harm caused (e.g., minor or major; isolated v. pervasive). Are these the right factors to take into account? If so, what configuration of factors makes a cyberattack an act of cyberterrorism as opposed to an act cybervandalism? And how should we distinguish both cyberterrorism and cybervandalism from cyberwarfare? Is cyberwarfare only state-to-state?

As the Internet is increasingly beset by attacks of all kinds from all quarters in the name of all different ideologies (or just lulz), it seems vital to have in place a stable, rational way of classifying cyberattacks so that official responses can be appropriate and proportional. I know there are a lot of cybersecurity experts who read FTT. I am definitely not one. I’d love to hear your thoughts about a principled taxonomy for cyberattacks. If there’s a good article about this out there somewhere, I’d be happy to get the citation.

Four Fair Use Takeaways from Cambridge University Press v. Patton

The most important copyright and educational fair use case in recent memory (mine, at least) was decided by the Eleventh Circuit Court of Appeals last week. The case, Cambridge University Press v. Patton, challenged Georgia State University’s use of e-reserves in courses offered by the university. The copyrighted works at issue were scholarly books–i.e., a mix of monographs, edited volumes, and portions thereof–not textbooks. This case is important because of its broad applicability to similarly situated academic institutions throughout the country that routinely engage in the same practices for which GSU was sued. It’s also important because the court’s decision re-articulated and faithfully followed some foundational fair use principles from prior case law. Readers of the case who are proponents of a vigorous fair use doctrine shouldn’t be disheartened by the fact that the Eleventh Circuit reversed the district court’s ruling in favor of GSU and remanded the case for reconsideration. Ultimately, this case is good news for educational fair use. Here are four reasons why:
[Read more…]

Google Fights Genericide Claim (and Wins)

Google’s famous trademark in its name has just survived a challenger’s attempt to have it declared generic. In Elliott v. Google, a federal court in Arizona held last week that despite the public’s use of the word “googling” to mean “searching on the Internet,” the “Google” word mark still functions in the minds of consumers primarily to identify Google, the Mountain View-based Internet company, as the source of the search service associated with the “Google” mark. The plaintiff in the case argued that the public’s use of a trademark as a verb necessarily signifies that the mark has become generic. The court disagreed:

Verb use of a trademark is not fundamentally incapable of identifying a producer or denoting source. A mark can be used as a verb in a discriminate sense so as to refer to an activity with a particular product or service, e.g., “I will PHOTOSHOP the image” could mean the act of manipulating an image by using the trademarked Photoshop graphics editing software developed and sold by Adobe Systems. This discriminate mark-as-verb usage clearly performs the statutory source-denoting function of a trademark.

The court went on to explain that a problem arises for a mark owner only if mark-as-verb usage is indiscriminate, and the mark becomes referentially unmoored in the public’s mind from the mark owner’s product or service.

[Read more…]