jump to navigation

Massachusetts data privacy law, outwards and upwards September 28, 2011

Posted by Brandon in Tenet Forum - The Law.
Tags: , , , , , ,
2 comments

Last week, Massachusetts Attorney General Martha Coakley announced that she may be investigating Apple Inc. for breaches of personal data laws in Massachusetts, and is otherwise stepping up enforcement.  With 480 reports of data breaches this year, Coakley has estimated that 1 in 3 Massachusetts residents are victims of personal data breach.  Her comments leads some to believe what some may consider an obscure law will be enforced not just in Massachusetts, but nationwide.

In 2007, Massachusetts enacted a new law in Chapter 93H to protect security breaches of personal data.  Under the law and its accompanying regulations, anyone who owns or licenses personal information of Massachusetts citizens must develop a plan to protect that personal data, report security breaches, and dispose of personal information.  Ostensibly, this means that any company in any jurisdiction, worldwide, may breach the law if they maintain accounts containing personal data of Massachusetts’ residents.

Chapter 93H was spurned on in part by a major data breach at the Massachusetts company TJX, in 2007.  In that incident at least 45.7 million credit and debit card numbers were stolen by hackers who accessed the TJX computer systems.  However, the regulations promulgated under Chapter 93H did not go into effect until March 2010, and the first fine was not issued until a year later.

The Massachusetts regulations for the data protection laws, 201 CMR 17, sought to change the conception of personal data for the commonwealth, and are written to be technology neutral.  The law is enforced by the Massachusetts Attorney General’s Office, and there is no private right of action under Chapter 93H. Katz v. Pershing, No. 10-12227-RGS, at 9 (D. Mass. August 23, 2011).  This lack of a private right of action in Chapter 93H may be to blame for a lack of enforcement, as public resources have been strained since the laws went into effect.  Nonetheless, the regulations are prescriptive rather than reactionary to illegal conduct by requiring companies to draft and maintain a “written information security plan”, or a WISP.

Under a company’s WISP, there must be procedures for how employees access and use client’s personal information, and a specific description for how personal information will be protected.  “Personal Information” is defined as the first and last name of the Massachusetts citizen, combined with a social security number, credit card number, account number or state ID number.  It is not clear at this point whether numbers for documents such as rental applications are considered personal information, or if  personal information must be protected after the person is deceased.

Liability for breach of the Massachusetts data protection laws extends to contractors and agents of the company, and penalties may be severe, extending to each and every breach.  Where breaches accumulate, the damage awards can be high.  For example, the Briar Group, a conglomerate of Boston area restaurants and taverns, settled for $110,000 with the government last year.  If you are a company which handles personal data, it may be advisable to keep detailed and clear records of your compliance with the law, including your procedures for an internal breach and reporting mechanisms.  Other solutions may include encrypted emailing with customers, security assessments, policy development and employee trainings.

Some commentators note that a private right of action may exist for breaches of data privacy under Chapter 93A as an unfair and deceptive trade practice.  Outside Massachusetts, while there may be practical enforcement and jurisdictional issues with policing Chapter 93H and 201 CMR 17, Coakley could be signaling that her office will bring the issue to the courts.  Her comments should signal companies both in and outside Massachusetts to tighten up their privacy policies.

Do you agree or have other points on this topic?

Ideal pre/post endurance meals…you already have September 22, 2011

Posted by Brandon in Technique Forum - the Training.
Tags: , , , , , , , ,
3 comments

Everyday I go for a 3+ mile jog, but for the last nine months or so, I haven’t increased my endurance or energy levels.  After reading a few articles and talking with other runners, it became clear that I wasn’t properly eating before or after my runs.  Fortunately, the nutrients that I needed before and after a workout already exist in my kitchen.

Pre-Workout Options

Prior to an endurance workout, whether that’s running, swimming or biking, a main goal is to fill your liver with glycogen.  Glycogen, basically, fuels your nervous system.  You also want to make sure to get plenty of carbohydrates, which provides short term energy.  However, be careful to avoid proteins, fat and fiber, which takes up important space for more critical nutrients.

Certainly, there are numerous foods that contain glycogen and carbohydrates, but here is short list of some of the most prevalent in a home.  Interesting, Coca Cola can be ideal for boosting energy prior to a workout.  Caffeine and sugar provide short term fuel that triggers energy production, even if it is short lived.   Therefore, it’s best to have a Coke 30-60 minutes before a workout, and sip it slowly.  However, pretty much any other time of the day, you should avoid Coke.  It’s loaded with high fructose corn syrup, has zero electrolytes, and packs 140 empty calories per 12 once can.

Bagels are also a great source for pre-workout nutrients.  They’re rich in carbohydrates, bland and easily digestible, not to mention portable.  Be careful of cream cheese and butter, which are fast burning and will crash your energy levels once you get moving.  Instead, swap in peanut butter or banana slices, where you’ll get more carbs.  Banana’s on their own are also excellent pre-workout meals, as they’re loaded with carbs and low in protein and fat.

The more obvious pre-workout meals are energy bars, which are designed to be easily digestible and provide a boost of carbohydrates.   More importantly however, energy bars help stabilize glycogen levels for longer workouts.   To maximize this high-carb/low-fat option, cut up the bar into pieces to eat sporadically during the workout.  However, energy bars may at times be too heavy for some stomachs, and are a poor daily snack with high calories and sugar.

Post-Workout Options

Following a workout, it’s important not only to replenish carbohydrates and glycogen, but also repair muscles and replace missing nutrients.  This is best done by loading up on protein and fiber.  One of the best, and most surprising options, is chocolate milk.  Chocolate milk is best immediately after a workout, when muscles are most prepared to absorb nutrients.  The chocolate adds anti-oxidants and carbohydrates, nearly twice as much as regular milk, keeping in mind that low-fat milk is ideal.  In combination with the milk, it replenishes glycogen stores and provides protein to repair muscles. Along with reloading stores of calcium, vitamin D, potassium, magnesium and B vitamins, the anti-oxidants clear out free radicals, which has links to aging.  But make sure to have it within 20 minutes after you exercise.

Another surprising post-workout meals that provides many essential nutrients is pizza.  With lots of veggies and some lean meat, pizza can deliver all the macro nutrients you need, from carbohydrates to fat to protein.  The best option would be whole wheat with olive oil, basil, garlic, chicken and some mozzarella.  Be careful not to go too heavy on the cheese and meats, and have it within an hour of exercising to maximize the benefits.

Bananas are also ideal after a workout because of the potassium levels they provide, which is lost in sweat and helps repair muscles.  Other general tips for post-workout foods include those with electrolytes (sports drinks), salt, oxidants (berries) and protein that provide critical amino-acids (meats).  Be wary of portion sizes however, as nothing more than a palm-sized amount for any type of food is the recommended size.

Overall, it’s a good idea to focus on carbohydrates before a workout, and proteins afterwards.  As far as timing, eat no less than 30 minutes before endurance exercise, but no more than 30 minutes afterwards, depending on your tolerance.

Did I miss any other common foods that are great for pre or post workouts?  Suggest some below!

Trademarks in Notre Dame and Michigan throwback uniforms September 15, 2011

Posted by Brandon in Technology Forum - the Art.
Tags: , , ,
add a comment

This last weekend with the Notre Dame and Michigan football rivalry underway, I wanted to examine the trademark background of their commemorative uniforms.  Adidas released throwback uniforms for both teams for the game, with a more pronounced Adidas mark.

Before going into some preliminary research on the trademark rights in the designs, it would be helpful to outline some basic trademark concepts and practices.  The power to protect and enforce trademarks comes from the Lanham Act, and from state law.  A trademark can be anything from words and symbols, to colors and sounds, but in order to obtain ownership over that mark, there must be an intent to use it.

Deciding whether to register a mark is very important.  While it can be expensive and time consuming, the benefits often far outweigh the burdens.  Registration improves your ability to enforce the mark because registered marks get nationwide priority and apply retroactively against unregistered marks.  Registered marks are categorized by design codes, and made publicly available to the world to place everyone on constructive notice of their existence.  A registered mark becomes uncontestable for five years, and as long as the mark is in use, the rights to the mark are indefinite.  Rights to unregistered marks are also indefinite, but it more difficult to prove continued use because registered marks carry a presumption of intention to use.

The University of Michigan claims to have registered at least five marks, and claim rights to all iterations of the classic “M” logo.  There are also a dozen or more marks which Michigan considers protected without registration.  If Michigan had to enforce these registered and unregistered marks, the process for each could be significantly different.

When a trademark application is filed, the Patent and Trademark Office [PTO] conducts a search of existing marks and examines the distinctiveness of the mark from others.  Arbitrary marks that have no relation to the product, for example “apple” for computers, have a high level of distinctiveness, and accordingly enforceability.  However, marks which are only descriptive, such as “M” for Michigan, would require a secondary meaning to be protected.  Secondary meaning would be granted if the mark clearly denotes a single source or meaning, such as immediately signaling a brand.  After years of use, the Michigan “M” in the context of its color and shape would likely pass, but the analysis could be contentious.

The distinction that is important to recognize is that if a mark is registered, this process takes place in the PTO, where examiners are presumably knowledgeable and specialize in certain marks.  Unregistered marks would be litigated in court.  This is a much more expensive process, and presents more risk to a disputed trademark owner.  For example, the party challenging the mark can show there is consumer confusion between the mark at issue and another mark through public surveys.  Depending on the scope of these surveys, rights to the contested mark could be lost forever.

It is unclear why Michigan has not attempted to register the dozen or so other marks, but it could be because they do not appear to be very distinct, or even original.  The PTO may have already rejected them outright.  Interestingly, the shamrock image on the Notre Dame helmet for this uniform does not appear to have been registered.  As the shamrock image is prolific, there may be litigation over this uniform in the future.

License or Contract?: the form of the Open Source license September 7, 2011

Posted by Brandon in Tenet Forum - The Law.
Tags: , ,
2 comments

In looking at open source licenses, you may discover that there are basic assumptions overlooked in most of the research involving the General Public License, or GPL.  This question never seems to be asked: is the GPL an actual license, or is it a contract?  The answer may have implications for enforcement and remedies when the GPL is alleged to be breached.  Fortunately, there is some discussion of the topic, but the issue is yet to be resolved.  Problems may lie ahead for the open source community if these agreements are ultimately challenged.

Copyright v. Contract

Copyrighted works are often licensed, not sold.  Copyright licenses are governed by federal law, where the remedy for breaching an agreement is an injunction, attorney’s fees and statutory damages.   Contract law however is governed by state law, which can garner damages for violations of express and non-express terms, as well as specific performance.  The consequences of this is that if the GPL is deemed a license, the owners of the open source code may not be able to enforce the clauses governing free distribution or regulating the integrity of the code.

There is a small but growing debate whether the GPL is a license or a contract.  Some believe that the GPL is a type of contract known as a browsewrap agreement.  At lease one court has taken this view, noting that some terms may be viewed as covenants under a contract, not license conditions, for example by number of users.  See Netbula LLC v. Storage Technology Corp., 2008 WL 228036 (N.D. Cal., 2008). Otherwise, it could also be a unilateral contract without express acceptance, until the GPL code is modified or distributed, where the agreement then becomes a bilateral contract.

However, this view is undermined by the fact that there are many ambiguous or missing terms in the GPL, such as a termination provision. Also,  browsewrap agreements are not recognized in all jurisdictions.  More importantly, when it comes to damages, contracts may not be a preferable view of the GPL from the licensor’s point of view.  This is because there would be no expectation damages.  The licensor of open source code does not expect or demand any financial compensation.  There are no expected earnings to be made from the open source code itself.  It is given away for free.  For that reason, plaintiff’s may argue that the GPL is not a contract at all.

Unsurpringly, the enforcers of the GPL [the Free Software Foundation] and some circuit courts view the GPL as a license. See Eben Moglen, Enforcing the GNU GPL, The Free Software Foundation, September 10, 2001;  Jacobsen v Katzer, 535 F.3d 1373 (Fed. Cir., 2008).  The courts rest their analysis on the fact that open source licenses state “provided that”, which implies a condition to a license, not a covenant to a contract.  This is the property rights theory.  Any material breach of the GPL would result in revocation of the license, which leads to copyright infringement liability for the defendant licensee.  By viewing the GPL as a license, the owners of the code can refuse to extend the right to use for any subsequent user of GPL code.  This may get around issues of privity, where users who do not agree to the GPL directly with the owners of code may be free to use it.

However, the remedy would still be limited to damages and an injunction from further use.  There is a concern that the licensor could not enforce the distribution of his or her code by simply withdrawing consent to those who threaten to breach the GPL terms.  Specific performance is not available under the copyright act, only under contract, and even then it is a disfavored remedy.  Therefore, there is no easy answer for whether the GPL is a license or contract, because the law is always catching up to the technology and implications for both have downsides.

Massachusetts

Massachusetts for the moment has shelved the issue.  Until specific legislation has passed, Massachusetts courts will treat software licenses as contracts subject to the UCC.  See I. Lan Systems v. Netscout Service Level Corp 183 F. Supp. 2d 328, 331 (D. Mass., 2002).  At this time, there is no such legislation in Massachusetts, and therefore this state may not be a favorable venue for defending the GPL.

Behind the Minimalist Running Movement September 1, 2011

Posted by Brandon in Technique Forum - the Training.
Tags: , ,
6 comments

Last summer, I read “Born to Run” by Christopher McDougall on the recommendation of a friend.  The story details the culture and lifestyle of Mexico’s sandal-wearing Tarahumara Indians.  The ideas underlying the book, that traditional running shoe design promotes an unnatural heel strike and barefoot running strengthens and improves running ability, influenced me to experiment with minimalist shoes.  Over the last year, I’ve been running in the Nike Free and haven’t felt stronger or enjoyed running more in years.

With this new-found interest and success with minimalist running techniques, I think it’s interesting to see the ergonomic and commercial interests behind the movement.   The main tenet of minimalist running is that our bodies are already perfectly designed to run.  A natural gait places the ball of the foot on the ground directly under the body, where the impact absorption is performed by the arch of the foot.  Minimalists argue that traditional running shoes encourage a traumatizing heel strike by incorrectly supporting the arch while overcompensating with soft padding in the heel and boxing the toes.  This leads to weakened control and stability by emaciating important muscles in the foot.

Transitioning to a shoe that doesn’t modify the mechanics of our foot allows the runner to return to a mid foot strike.  This forces other parts of your back and calves to provide balance and control, which strengths your whole body.  The difference between traditional running shoes and minimalist versions is the thickness of the cushioning and geometry of the heel.  The bigger the shoe, the less contact the runner has with the ground, which can decrease responsiveness and consciousness of your surroundings.  Of course, the ability to splay the toes and shorten the gait increases strength in your legs and feet as well.  It has been emphasized however that caution should be taken when beginning barefoot running, as your body may not be prepared to make such a dramatic transition.

Critics of minimalist running warn that it can injure your arches, makes you vulnerable to debris, and otherwise ruins your feet.  Minimalists assume that running is a natural movement of our bodies, rather than one that needs to improved by support and cushioning.  While our ancestors ran barefoot, critics note that they didn’t do so on concrete or at the peril of broken glass or metal.  Apart from this however, there is empirical evidence that barefoot running makes you a faster and more efficient runner.   Research has shown that 100 grams of extra weight on the feet translates into a decrease of your running economy by about 1%.  In fact, weight on the feet makes running more difficult than weight in a person’s midsection.  This is because weight on the feet is subject to constant acceleration and deceleration during running, which has exponential energy consequences.  A simple calculation shows that two 10-ounce shoes will make you more than 5% less efficient.

Apart from the ergonomic rationale for promoting barefoot running, there is a commercial one as well.  “Minimalist” running shoes are prolific and are now produced by most athletic shoe manufacturers.  The Nike Free, first introduced in 2004, is the most widely known and retails for more than $70 a pair.  While some claim that barefoot running is a grassroots movement, these shoe companies apply and are issued patents on their designs.   Most recently, the designs underlying the vibram “five-finger” shoes have been patented and the company has taken a not-so-subtle approach to infringement.

To be expected, litigation has followed.

Similarly, less than three years after the Nike Free entered the market, Reebok sued Nike for patent infringement over the technology.  Reebok claimed that they patented a shoe which could be rolled up and dispensed from a vending machine.  While the case presumably settled when Reebok voluntarily dismissed the case less than three months later, the financial incentive in obtaining patents on minimalist technology is growing with the market.  Currently, Nike has patent applications for automatic lacing as well as a “tent” athletic shoe, which is designed to “urge or influence” the upper shroud material away from the foot, allowing for a more natural running experience.  While the barefoot movement may be premised on the idea of returning to simplicity, it does not appear to have had that impression on manufacturers.  What are your thoughts?

%d bloggers like this: