SMALL BUSINESS AND E-COMMERCE: STRATEGIC AND LEGAL CONCERNS

 

Joseph Geiger, University of Idaho

Jerry Wegman, University of Idaho

 

ABSTRACT

 

Small businesses are employing electronic commerce to reach regional, national, and even international markets.  However, security problems are threatening this advance.   Businesses have suffered denial of service attacks, viruses, defacement, and theft of their intellectual property.  This paper examines current practices that a small business can use to combat this problem.  It will examine managerial and organizational approaches, technical solutions, and legal strategies that small business owners may use to defend themselves from both internal and external attack.

 

INTRODUCTION

 

The Computer Security Institute (2002) found that 90% of businesses responding to its most recent survey detected computer security breaches within the past year, 80% acknowledged financial losses due to security breaches, and the most serious losses involved intellectual property.  As small businesses become more effective in competing with much larger firms for regional, national, and even international markets, computer crime and fraud in e-commerce have become a threat to growth and profitability.  Pendegraft  (1999) and Desmond (1999) have analyzed the response to the computer security problem by focusing on four basic areas: (1) Control/Access via effective management policies and procedures, (2) Authorization processes, (3) Private Key Identification,  and (4) Software designed for “perimeter security” and diagnosing weaknesses in firewalls.

This paper will use the Pendegraft/Desmond approach to describe the security threats facing the small business in e-commerce.  It will also provide cost-effective strategic solutions for those threats.  First, managerial and organizational considerations will be discussed.  Then technical solutions will be examined.  Finally legal protections and legal strategies will be reviewed that will help to protect the firm’s valuable intellectual property.

 

MANAGERIAL AND ORGANIZATIONAL CONSIDERATIONS

 

Many firms, both large and small, fail to develop policies and procedures that protect their IS infrastructure.  For example, in the early 1990’s, unhappy employees locked a small business owner out of all his information systems during a dispute over bonus pay (Geiger 1999).  The result was nearly the loss of the firm.  Only the timely intervention of a professional hacker re-instated control before the customer base disappeared. More recently a small Dotcom, without its knowledge and due to a lack of internal controls, had its website copied and used to create a competing firm (Wegman 2001).  A small firm needs active security planning and should consider hiring an outside specialist or firm to periodically review its IS infrastructure for weaknesses.

Firms should maintain careful control over password authorization and use.  Many owners have told the authors that the only way for a very small business (fewer than 25 employees) to survive information system crime is for the owner to be the head of the firm’s IS security.  Passwords, along with barriers to access such as locations protected with smart card or biometric assess devices create both electronic and physical barriers to a firm’s information resources.  In order to detect employee or external attacks, the owner should also have the local area network (LAN) and server managers maintain electronic transaction logs that can be audited.  In some cases, outsourcing all or part of the firm’s information systems may be the most cost effective way to create acceptable security. However, Ploskina (2001) has written that managed security firms are undergoing rapid consolidation. The result is a danger of entrusting vital information and records to a firm that may disappear with little warning. Thus, a balanced approach of internal and outsourced security management may be the safest approach.

Help is available for small businesses at reasonable cost. Several firms offer focused computer security training for employees.  For example, the “Intense School” in Ft. Lauderdale, Fla., offers courses for employees that are customized to the specific systems used in their firms, such as Cisco or Microsoft.  Several ‘self help’ sites can also be found by accessing the National Institute of Standards and Technology’s Computer Security Research Center.  These sites lead thoughtful business owners to upcoming conferences, end user newsletters, working peer groups, training seminars, and vendor program opportunities.  These programs also address the growing problem of security incidents occurring from within organizations, such as employee theft and sabotage.

 Finally, management should have response plans when attacks and disasters occur. Small firms can contract with large organizations such as IBM which have emergency response teams trained to help recover from both internal and external attacks.  Firms can also develop an ‘in-house’ disaster recovery plan.  Internal security incident response teams, or SIRTS, can be effective if (1) key people in every functional area become involved, (2) training is provided by competent outside consultants, (3) the scope of the training includes detecting and/or preventing internal as well as external attacks, (4) the plan includes off site data storage, and (5) periodic attack simulations are run, sand (6) the firm documents its processes so that continuous training of new staff can occur without undue expense.  Finally, the entire process needs to be audited by an outside specialist.

 

PROTECTING THE INFORMATION SYSTEMS INFRASTRUCTURE

 

The traditional approach to protecting the firm’s IS infrastructure calls for the installation of a ‘firewall’.  While several vendors have attempted to add on services to their software, many users have been disadvantaged by complex configurations problems causing ‘leaks’ in firewalls.  As a result, the most popular firewalls perform only basic security functions.

Firewalls are, however, evolving into applications that include encryption and authentication. These capabilities enable firms to create virtual private networks (VPN’s). VPN’s effectively create secure paths through otherwise public networks. Small business owners can find cost effective applications from a variety of vendors including Check Point Software, Internet Devices, NetScreen Technologies, IBM, and Watchguard.

For the more sophisticated end user, web sites such as the Firewall Product Selector (www.spirit.com/) provide users with the ability to comparison shop in choosing the most popular form of computer security. Recent surveys indicate that 60% of all computer security software purchased involve firewall applications followed by 10% for filtering devices and 7% for biometrics and smart card applications.

Having created a firewall/encription/authentication/VPN system, it remains the task of the small business owner to periodically test its system for weaknesses and attempted and/or successful attacks.  In order to assist in this important task, firms have developed intrusion detection systems (IDS). These systems enable a firm to detect both internal and external attacks. The IDS can reside on the firm’s host server where it logs unauthorized access and unusual transaction or communication behavior. Host based systems are limited in that they operate in batch mode, that is, detection is noted after the fact by analyzing the logs.  These frequently create false alarms. Network-based IDS applications are placed as ‘sensors’ on servers, operate in real time, and constantly monitor traffic against attack patterns or signatures. The literature suggests they have a lower rate of false alarms and they also provide more timely warnings.

 

ACCESS AUTHORIZATION

 

Even with a secure electronic perimeter, the firm remains vulnerable to internal attack.  To deter such attacks, the firm should employ tools that promote selective access to intellectual property, information, and records. Different internal users should be able to do different things, but not all things.  Traditional measures, which focus on denying access except for certain specific activities have become untenable as firms, vendors, and customers create a seamless continuum of business actions.  The alternative, however – granting broad access with limited exceptions – simply adds to the problem.

 Experts in the field typically recommend a middle ground where data is classified in a limited number of categories and access is structured accordingly.  For example Forrester Research (2002) suggests only four categories: public data, employee data, business partner data (including vendor data), and data only for the top executives. Software is included on the firm’s servers that automatically limits access depending upon the user’s classification.  These approaches constitute a good start but are insufficient when individual transactions involve large amounts of money. Many firms use private key identification (PKI).  PKI technology employs software that provides strong customer identification, certificate authority and digital certificate issuance capabilities. The technology is relatively new and must overcome several practical concerns including safely storing private keys and merging legacy systems with newer digital certificate systems.  As a result, cost effective applications may be a few years away from general small business use.

 

LEGAL STRATEGIES

 

            As noted in the introduction, the most serious losses resulting from security breaches in e-commerce involve intellectual property.  The intellectual property of a firm is a valuable asset that presents a tempting target to thieves and unscrupulous competitors.  Even a small business must protect its trademarks, trade secrets including its customer list, its patents and its copyrights.  Many small businesses do not realize that they have legal rights to their websites that includes protection from those who would copy their sites or parts of them.  The following section will assist small business owners and mangers to understand the nature of their intellectual property assets.  It will also provide them with cost-effective strategies for protecting those valuable assets.

 

Copyright

 

Copyright is perhaps the most important form of legal protection of intellectual property.  One reason is that copyright provides lengthy protection: up to the lifetime of its author plus 70 years.   Copyright protects “original works of authorship” including “literary works … sound recordings … motion pictures”[1].  The 1980 amendment to the Copyright Act added computer software to copyrightable works.[2]  Copyright law is governed by the U.S. Copyright Act[3], also known as the Lanham Act (which also affects trademark).  The federal act preempts state law.  Copyright confers on its owner exclusive right of use.  In effect, the owner has a temporary monopoly on the copyrighted work.  Copyright and patent share the distinction of being included in the U.S. Constitution.  Article I, Sec. 8 grants Congress the power “To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries”.

Digital technology poses new challenges to copyright.  The Internet has been described as “a gigantic international copying machine”.[4]  The Internet and computers have made it easy to make digital copies that are identical to the original.  The entertainment and software industries are particularly threatened by this.  These industries have lobbied Congress to strengthen their intellectual property rights.  As a result, the Copyright Act as amended now provides extensive and lengthy legal protection.

 Duration of copyright depends upon whether it is held by an individual or a corporation.  An individual’s copyright protection now lasts the lifetime of the author plus 70 years.  A corporation’s copyright protection now lasts 120 years from the year of first creation, or 95 years from the year of first publication, whichever is shorter.  Some feel this is excessive[5].

Registration of copyrighted work is not required but it is desirable.  If the work is not registered copyright protection begins as soon as the work is fixed in a tangible medium.  But the burden of proof as to whether and when that occurred is on the author.  A copyright notice, while no longer absolutely required[6], is useful to refute a claim of innocent infringement.  Registration is highly recommended also because it gives the plaintiff the right to bring an action in federal court based on the Lanham Act and to recover statutory damages under the Act.  The Act allows recovery of actual damages suffered plus profit made by the infringer.  It also provides the option of awarding statutory damages in lieu of actual damages.  Statutory damages were increased by the 1999 amendments to a maximum of $30,000 per work infringed. 

Another reason the Copyright Act is important is that it is a strict liability statute. No proof of intent is required.  However, if the copyright holder is able to prove an intentional, willful infringement, statutory damages go up to $150,000 per work infringed plus reasonable attorney’s fees.  In addition to monetary damages the court can also order the destruction of infringing works and issue an injunction preventing future infringement.  The copyright holder must first show that he or she owns the copyright.  Registration makes that easy.  Infringement can be proved either by direct evidence of copying or by inference.  In most cases infringement is proved by inference where the copy is substantially similar to the copyrighted work and the defendant had access to it.[7]

 

Security strategies for small business: The small business can economically register its entire website with the U.S. Copyright Office.  However, merely registering will not protect the firm from unfair competition.  The firm should monitor for infringement by using an effective search engine like Google to search for copyrighted words, phrases or sentences.  The small business should also use a search engine to identify competitors and then to examine their websites for copying.  Also, the firm might want to employ the service of firms like Ranger Online[8] that uses proprietary software to search the Internet for copyright violations.

 

Trade Secrets  

 

Some valuable intellectual property, such as customer lists, is not legally protect-able by copyright, patent, or trademark.  When other protections are either unavailable or unsuitable, trade secrets may provide protection.  If information legally qualifies as a trade secret, then it is the private property of its owner and protected potentially forever.  The formula for Coca-Cola, which was first used in 1886, may be the best example of this.  On the other hand, if the secret is discoverable by reverse engineering, trade secret would bee a poor choice.

The Uniform Trade Secrets Act[9] (UTSA) states that in order to qualify as a trade secret, two elements must be present.  The first is “independent economic value … from not being generally known”.  The second is that it must be protected by “efforts that are reasonable … to maintain its secrecy.”[10] 

Independent economic value is relatively easy to establish.  Information which is commonly sold or leased, such as a list of persons interested in a particular product or service, has independent  economic value.  Reasonable efforts to maintain secrecy may be more difficult to establish.  Such efforts usually involve expense and inconvenience.  Safes, security systems, limited access and passwords all add cost and inefficiency.  A problem with passwords is that users tend to choose ones that are easy to remember. This also makes them easy to hack.

Once a plaintiff establishes that the information qualifies as a trade secret, a “misappropriation” must be proved.  UTSA Section 1 defines misappropriation as obtaining through “improper means”.  Courts have held improper means to include disclosure by a former employee.  Both the person who acquired the secret and also the person who knowingly received the secret are liable.  Damages can be substantial.  They can include both the actual loss caused by the misappropriation and also the gain to the defendant.  Alternatively, damages can be calculated based on what a reasonable royalty might have been.  If the court finds that the misappropriation was “willful and malicious”, exemplary damages equaling up to twice the actual damages can be added, and the court can also award reasonable attorney’s fees.  Thus it is possible to recover three times the actual damages plus attorney’s fees where the misappropriation has been willful and malicious.

While misappropriation of trade secrets is unlawful, it is perfectly legal for a former employee to use general knowledge and skill gained at that former employment.  Trade secrets law tries to strike a reasonable balance between protecting a firm’s intellectual property rights and a former employee’s right to earn a livelihood  In Vermont Microsystems Inc. v. Autodesk, Inc.[11]  a software designer who was the self described “chief architect” of a major software product left his employer.  He then went to work for a competitor and developed a similar product.  The court acknowledged his right to use the skill obtained previously, but held that the two software products were so close that copying could be inferred. This case also illustrates the importance of having effective  non-compete and non-disclosure agreements, discussed below. 

 

Security strategies for small business:  One of the most valuable assets of a small business it is customer list.  This can only be protected as a trade secret.  The small business should protect its customer list and other trade secrets by employing reasonable security measures including limiting access, passwords, and possibly encryption.  A major source of trade secret leakage is through current or former employees.  The small business can deter this by making use of non-compete agreements.  These non-compete agreements should be reinforced by reminding departing employees of them during an exit interview.  The exit interview also gives the firm an opportunity to communicate to the departing employee the seriousness with which the firm takes its intellectual property rights and its willingness, if necessary, to defend those rights via civil and criminal legal process.

 

Patent

 

            Patents confer a temporary monopoly of twenty years.  However, patents present serious problems to small businesses.  The most serious of these is the cost of defending the patent.  A competitor can easily change a small detail and claim that it has created a new invention.  One author estimates the average cost of defending a patent to be $1.5 million (Cheeseman 2001).   Another problem is that certain forms of intellectual property such as customer lists do not qualify for patent protection.  Nevertheless, in some situations patent may be the best choice.

The federal statute governing inventions is the Patent Act of 1952.[12]  To qualify for patent protection, the invention must be novel, useful and non-obvious.[13]  Ideas, concepts, and formulas such as e=mc2 are not patentable.  Until World War II patents were issued only for tangible things including “process, machine, manufacture, or composition of matter, or any new and useful improvement thereof”.[14]  The industrial Age produced tangible inventions like the light bulb.

The Information Age brought intangible products like computer software.  At first American courts did not allow patentability of these new forms of invention, considering them mere ideas and formulas and therefore not entitled to patent protection.  However in 1981 the U.S. Supreme Court  in Diamond v. Diehr[15]  held that computer software programs were patentable.  This was a breakthrough case and it led to the widespread use of patents for computer software.  Recently courts have expanded patent protection to include Internet business processes and models.  The patentability of Internet processes and business models is a hotly debated topic.  Some critics complain that many such patents are obvious should not have been granted.[16] 

            The recent spate of Internet patents has drawn criticism from some who claim that they are not warranted, that they increase costs to e-commerce generally and that they generate unnecessary litigation expense.[17]  Even Jeff Bezos, president of Amazon which received a patent for its “one click” checkout process, has said "I now believe it's possible that the current rules governing business methods and software patents could end up harming all of us."[18] 

           

Security strategies for small business:  Given the uncertainty over the validity of Internet business process patents, a prudent strategy would be to consult with a patent attorney and patent any innovative process that the firm has developed.  However, the cost of defending a patent is high.  Two alternatives are available.  First, instead of seeking patent protection the small business might employ trade secret law, as described below.  Second, the small business could take the opposite tack and publish its process.  This would make its invention available to all, including its competitors.  The benefit to this strategy is that it would foreclose a worst-case scenario where the originator chooses not to patent its original process and then a competitor goes ahead and patents it.  The originator would then have to either pay royalties in order to use its own invention, or mount an expensive legal challenge to the competitor’s patent.  By publishing, the originator prevents a competitor from later claiming that its invention is novel, that is, new and original.

 

Trademark

 

            Trademarks and other trade symbols are highly valuable intellectual property.  It is hard to imagine the loss, for example, to the Coca-Cola Company if it could not use its trademarked name.  Trade symbols inform consumers of the origin of goods and services.  They also protect the goodwill that a firm has developed.  Trademarks are protected by the Federal Trademark Act[19], also know as the Lanham Act.  Trademarks can also be protected under state law. Trademarks must be registered.  The U.S. Office of Patents and Trademarks (OPT) is the preferred registrar because in order to sue in federal court and to obtain the benefits of the Lanham Act the marks must be registered with the OPT.  Federal registration lasts ten years but is infinitely renewable.  If the infringement is intentional, treble damages plus reasonable attorney’s fees may be awarded.

Trademark infringement typically involves diversion of customers to the infringing firm.  However, a new form of trademark abuse in e-commerce has recently surfaced.  This consists of using another’s trademarked terms as part of the metatag of a web site, invisible to the site visitor.  The purpose of this infringement is to give a firm a high placement in a customer’s search for another firm’s site, as explained below.

A metatag consists of source code imbedded in the hypertext markup language (HTML) of a web site.  It is invisible to the site visitor but a search engine “sees” it and uses it to place it appropriately in a search.  It may be viewed as follows: using Netscape Communicator 4.7, go to a site e.g. eBay, then click on the “view” button and choose “page source”.  The HTML will be displayed.  At the top of the HTML the “meta name” lists the metatags associated with that site.  Ebay’s metatag terms include “auction”, “bid”, and “memorabilia”.  A customer entering those terms in a search engine would find eBay among the first sites listed.

An unethical dotcom could include a competitor’s trade name or trademarked terms in its metatag.  This could cause a customer looking for the legitimate business to go to the infringing site.  Once there, the customer would realize the error, but might be enticed to do business at that site.  This has been described as “invisible trademark infringement”[20].  

 

Security strategies for small business:  Trademarks should be registered with the U.S. Office of Patents and Trademarked and periodically renewed.  This is not expensive.  Federal registration will not only help to establish infringement, it will also prevent “cybersquatting”, the improper use of a firm’s name as part of an Internet domain name. The small business can economically make use of an effective search engine like Google to find other sites that might be using its trademarked terms.  Once a suspected site has been identified, an examination of its HTML will reveal invisible metatag infringement.

 

Non-Compete Agreements, Employment Contracts and IP Policies

 

Employee turnover is inevitable.  The employee who leaves is capable of taking proprietary source code, trade secrets and knowledge of new products and strategies.  The departing employee also takes with him or her, the personal good will that has been built up with customers, suppliers and others.  All of these can be turned against the original employer if the former employee goes to work for a competitor or starts a competing business.  Courts have held that an employer is entitled to reasonable protection from such abuse.[21]  On the other hand, the courts have also held that an employee must be reasonably free to pursue employment and he or she is entitled to use the general skill and knowledge gained at one firm when working for another firm.[22] 

Perhaps the most useful tool an e-commerce small business can use to protect itself from former employees is the non-compete agreement.  This is a written agreement the employee signs in which the employee promises not to compete with the employer for a certain period of time after leaving that employer.  Courts will enforce these agreements if they are deemed to be “reasonable”.  The test of reasonableness contains three elements:  First, how long a period of time the employee is being restrained.  Second, how extensive is the geographic area in which the employee is being restrained.  Third, what kinds of work are being restrained.[23] 

With regard to the period of time, one to two years has generally been held to be reasonable.  With regard to the geographic area, courts insist that the area in which competition is being restrained must not be greater than necessary.  A local business, e.g. a bakery, could reasonably restrain a former employee from competing within the local area, but not 500 miles away. The bakery will suffer no loss of business from such a distant competitor. 

With regard to the kind of work the employee has engaged in, the court will limit restraint on competition to those kinds of work in which the employee has gained access to trade secrets or other proprietary information.[24]  For example, a computer programmer may have been working on missile guidance systems for a defense firm.  That firm could enforce a non-compete agreement that prevents the employee from doing the same type of work for a competitor.  But the programmer is free to go work for another firm developing for example word processing software.

The small business can easily and economically require its employees to sign appropriate non-compete agreements.  It should also develop a written IP policy and make it known.    The Computer Associates[25] case illustrates the need for this.  In that case employees were permitted to remove proprietary source code from the business premises.  This made it easy for a departing employee to take it with him or her.  A clear policy that limits employees’ right to copy or remove IP might discourage abuse by employees and is probably necessary to maintain the trade secret status of certain IP.  Violation of the policy would provide legal grounds for termination, which otherwise might provoke a counterclaim of wrongful termination by the employee.  The IP policy should be reinforced by exit interviews and contact with the new employer.  This will  discourage misappropriation of the firm’s IP, but if it does not it will help to prove willful infringement, which carries greater liability than innocent infringement.

Employment contracts should be written to include non-compete agreements, non-disclosure agreements, promises to abide by the firm’s IP policies, and agreements that recognize the firm’s ownership of any IP created by the employee.

The employment contract should also cover the topic of proper use of the firm’s computer equipment and Internet access.  Downloading of pornography or gambling can be made the basis for termination.  Many firms spot check employees’ use of company equipment to make sure it is being used for business purposes.  Court decisions support this kind of surveillance, so long as it has a legitimate business purpose.  For example, in Smith v. Pillsbury[26] the court denied a wrongful termination claim by an employee who had been fired after employer surveillance discovered offensive email on his office computer.  The court held that he had no reasonable expectation of privacy.  And in U.S. v. Simons[27] a federal appeals court upheld a criminal conviction that was based on an employer’s search of computers used at work.  That court also stated that the employee had no reasonable expectation of privacy.  Notifying the employee of the possibility of such surveillance destroys any expectation of privacy the employee may have.  Currently three quarters of major U.S. firms spot check employees’ email, internet activity and computer hard drives.[28]

 

Security strategies for small business:  The firm should employ an experienced employment attorney to draft employment contracts that contain non-compete agreements, telecom use policies, and intellectual property management provisions.  These will be vital should the need arise to terminate an employee and to defend against a potential wrongful termination lawsuit.  They may deter leakage of trade secrets by employees.  Should such leakage occur, they will enhance the firm’s legal position.  The contract should also give notice of possible surveillance of telecom use, so as to prevent any expectation of privacy or allegation of violation of that privacy.  In addition, these provisions should be followed up with effective enforcement.  Software is readily available that will catalog Internet use, including email.  Key word identifiers such as “sex” can also by used to detect improper use of the firm’s telecom equipment.  Exit interviews reinforce these policies.

 

CONCLUSIONS

 

Management should develop IS infrastructure policies and procedures with the assistance of all employees, and then monitor their implementation.  Internal use of applications, databases, and hardware must be subjected to user access restrictions in a way that does not materially degrade efficiency.  Comprehensive firewall systems involving intrusion detection, encryption, authentication, and virtual private networks must be integrated into the information systems infrastructure.  A balance between internal expertise and external contract specialists should be developed to both monitor and test the IS infrastructure and to aid in disaster or intrusion recovery.

Legal remedies and strategies should be developed and implemented to protect the firm’s intellectual property.  These include appropriate use of copyrights, patents, trademarks and trade secrets.  Managers should consult with counsel to determine with forms of protection are most appropriate.  The importance of having a comprehensive intellectual property policy can not be overemphasized.  Trade secrets must me given adequate protection.  Non-compete and non-disclosure agreements can limit the leakage of valuable proprietary information to competitors.  Exit interviews should be used to reinforce these policies.  The manager/attorney team can devise strategies that carry little cost but can be of immense value to the firm.

 

REFERENCES

 

2002 Computer Crime and Security Survey.  Computer Security Institute April 7, 2002. Retrieved July 16, 2002, from http://www.gocsi.com/press/20020407.html

Cheeseman, Henry (2001).  Business Law:  Ethical, International and E-Commerce Environment (4th ed.).  Upper Saddle River, NJ: Prentice-Hall.

Copyright Act of 1976, 17 U.S.C. Sec. 101 et seq. as amended 1980, 1990, 1995, 1998 and 1999.

Desmond, J., A guide to e-commerce security.  TechRepublic Nov. 16, 1999.  Retrieved July 16, 2002 from http://www.techrepublic.com/article.jhtml?id=r00519991116dnd77.htm&src=search

Economic Espionage Act of 1996, 18 U.S.C. 1831-1839 (1996).

Federal Trademark Act, 15 U.S.C. 1051-1127 (1988).

Ferrera, G. R., Lichtenstein, S. D., Reder, M. E., August, R. and Schiano, W. T. (2001).  Cyberlaw.  St. Paul, MN: Thompson Learning.

Firewall Product Selector.  Retreived July 16, 2002, from http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view

Forrester Research, Turning security on its head: authorization angst.  Cited in TechRepublic Mar. 3, 2000.  Retrieved July 16, 2002 from http://www.techrepublic.com/article.jhtml?id=r00620000303gcn02.htm&src=search

Garten, J. (April 2, 2001).  Intellectual Property: New Answers to New Questions, Business Week.

Geiger, J. J. and Pendegraft, N., Sporting Goods Distributors, Journal of the Academy of Case Studies, Winter 1999.

Gurley, J. W. (July 19, 1999). The trouble With Internet Patents, Fortune.

Kutter, R. (July 30 2001). Sorry, But The New Economy Demands New Regulations, Business Week.

Maggs, P. B., J. T Soma & J. A. Sprowl (2001).  Internet and Computer Law.  St. Paul, MN:  West Group.

Miller, R. L. & G. A.  Jentz  (2002).  Law for E-Commerce.  St. Paul, MN:  West, Thompson Learning.

National Institute of Standards and Technology’s Computer Security Research Center.  Retrieved July 16, 2002 from  http://csrc.nist.gov/

Patent Act of 1952, 35 U.S.C. Sec. 101-112.

Pendegraft, N. (1999).  Protect Your Information Systems from Lurking Dangers, American Business Perspectives.

Ploskina, B. (Aug. 27, 2001).  Shakeout threatens managed security clients,  Interactive Week.

Uniform Trade Secrets Act, 14 U.L.A. 433 (1990). 

Wegman, Jerry (2001).  Legal Issues In A Dotcom Copycat Case, Academy for Studies in Business Law Journal 4/1&2.

 

  

ENDNOTES

 


[1]    Copyright Act of 1976, 17 U.S.C. Sec. 101 et seq. as amended 1980, 1990, 1995,

     1998 and 1999.

[2]    Id. Sec. 101.

[3]    Id. note 1.

[4]    Jeffrey Garten, Intellectual Property: New Answers to New Questions, BUSINESS

     WEEK (April 2, 2001).

[5]    Robert Kutter, Sorry, But The New Economy Demands New Regulations, BUSINESS

     WEEK (July 30, 2001).

[6]    The requirement of a notice of copyright was eliminated in 1989 when the U.S. signed

      the Berne Convention, an international copyright treaty. 

[7]    Ty, Inc. v. GMA Accessories, Inc., 132 F.3d 1167 (7th Cir. 1997).

[8]     Lee Nagel, Digital Millenium Copyright Act Leaving Citizens Guilty Until Proven

      Innocent, INTERNET LAW JOURNAL (Nov. 7, 2001).

[9]    Uniform Trade Secrets Act, 14 U.L.A. 433 (1990).  This Act has been adopted by 40

      states.

[10]   Id. Sec. 4.

[11]   Vermont Microsystems Inc. v. Autodesk, Inc., 88 F.3d 142 (2nd Cir. 1996).

[12]    Patent Act of 1952, 35 U.S.C. Sec. 101-112 (1952)..

[13]   Id., Sec. 101-103.

[14]   Id., Sec. 101.

[15]   Diamond v. Diehr, 450 U.S. 175 (1981).

[16]   J. William Gurley, The trouble With Internet Patents, FORTUNE (July 19, 1999).

[17]   Id.

[18]   Scott Thurm, The Ultimate Weapon, WALL ST. JOURNAL INTERACTIVE (April

      17, 2000).

[19]   Federal Trademark Act, 15 U.S.C. 1051-1127 (1988).

[20]   GERALD FERRERA, STEPHEN LICHTENSTEIN, MARGO RADER, RAY

      AUGUST AND WILLIAM SCHIANO, CYBERLAW TEXT AND CASES (2001).

[21]   Brunswick Floors, Inc. v. Guest, 506 S.E.2d 670 (Ct. App. Ga. 1998).

[22]   RICHARD MANN & BARRY ROBERTS, SMITH AND ROBERSON’S

      BUSINESS LAW (11th ed. 2000).

[23]   Id.

[24]   Id.

[25]   Computer Associates International, Inc. v. Altai, Inc., 61 F.3d 6 (2nd Cir. 1995).

[26]   Smith v. Pillsbury, 914 F.Supp. 97 (E.D. Pa. 1996).

[27]   U.S. v. Simons, ___F.3d___ 2000 WL 223332, (4th Cir. 2000).

[28]   Carl Kaplan, Reconsidering the Privacy of Office Computers, THE NEW YORK

      TIMES (July 27, 2001).