Header graphic for print

LimeGreenIP News

Cyber Security: NCSC warns over global DNS hijacking

The National Cyber Security Centre (NCSC), an organisation of the UK Government that provides cybersecurity advice and support for the public and private sector, published an article earlier this year relating to a recent large-scale global DNS hijacking campaign. The article discusses the risks and solutions for protecting organisations against such attacks, whereby the Domain Name System (DNS) records of websites are changed and visitors are subsequently redirected to malicious websites.

In simple terms, the DNS is the service that helps internet users navigate to a domain name by correctly pointing the web browser to an IP address. DNS hijacking does not just impact internet traffic but also email and other kinds of connections to services on the hijacked domain name.

  • According to a recent report by Avast, over the last year, a large number of Brazilian users have been targeted with router attacks.  The report claims that the DNS settings of more than 180,000 Brazilian routers have been modified by attackers in the first six months of 2019.
  • Earlier this month, Cisco Talos also published a report on recently noticed activities from Sea Turtle, a threat group that uses DNS hijacking techniques for cyber-espionage purposes.

The NCSC had first noticed the attempts by attackers to hijack DNS earlier in the year. At the time, the NCSC published an alert to warn organisations, and also revealed that the hijacking campaign had hit several government and commercial organisations worldwide. While most of the affected entities were located in the Middle East region, some organisations were also targeted in the US and Europe.

Comment

Domain name hijacking is not something new and although there is no perfect solution to prevent such security breaches, there are actions that domain name owners can take to limit the impact of these attacks on their web services and users, such as: Continue Reading

How blockchain might change the whole fashion industry – and safeguard the authenticity of your goods

So far you have probably only heard of blockchain in connection with financial transactions and Bitcoins.

Well, that should change soon. Blockchain is the catch-all term for technology that permanently records transactions in a digital, tamper-proof database. Information is distributed across a network of computers rather than being controlled by a single entity, is updated automatically and is accessible to anyone in the network, but cannot be altered or deleted. So when a user enters information in the digital ledger, that entry becomes linked to every other entry, or “block,” and every other copy of the ledger is automatically synchronized via the internet. The interconnection among all the blocks in the “chain” makes the ledger unhackable, at least in theory, because a hacker trying to alter a single entry would have to alter every other link in the chain as well.

The distributed nature of blockchain also makes the supply chain more transparent, because every user can see the entire history of entries in the ledger. Contrary to earlier times, transparency concerning the origins of products became an advantage: Consumers are demanding it increasingly and businesses are using it as a selling point. A blockchain can be public or private, accessible to everyone or only to selected companies and individuals. Furthermore, as already mentioned, blockchain can be used to reduce payment costs. Using crypto currencies instead of money transfers between countries can save the company from high transfer costs. Blockchain also can be of use for inventory management and verification of companies’ claims e.g. regarding product origins or ethical standards.

Why do businesses need to take note?

One question that has recently become more and more urgent in the fashion industry is how to ensure the origin, quality, and authenticity of fashion products and how to prevent the purchase and sale of fake products.

Blockchain, when combined with radio frequency identification and other Internet-of- Things technologies, can instantaneously track shipments of raw materials from source to factory. It can then track the finished product through its entire distribution chain to the consumer, thereby, giving rise to greater transparency about the origins of garments and accessories not just for brands, but for consumers as well, should brands opt to share this information.

Looking beyond manufacturing and distribution, blockchain also has the potential to enhance intellectual property protection for designers and brand owners. Especially in the fashion industry, which is determined by seasonal trends, blockchain might be a cost-efficient alternative to design registrations if a long-term protection for a seasonal design is not necessary. When branded goods can be tracked through blockchain, their authenticity can be easily verifiable by brand owners, retailers, and consumers, potentially helping to reduce unintentional purchases of counterfeit goods. In the highly competitive world of luxury fashion, blockchain’s main role is to connect brands and retailers that normally wouldn’t share information with rivals. For example, consignment sellers and even individual consumers could verify an item’s authenticity by comparing its digital signature to entries in a decentralized database.

Launch of brand protection service for adult oriented gTLDs

The Registry Minds + Machines Group Limited (MMX), which owns 32 new generic Top Level Domains (gTLDs) such as .VIP, .WORK or .LUXE, has recently launched a blocking service that enables trade mark holders to protect their rights across the adult namespace.

This new service enables trade mark holders to block domain name registrations under the four adult oriented gTLDs XXX, .PORN, .ADULT, and .SEX that are operated by ICM Registry, which was acquired by MMX last year.

According to MMX’s press release, this service allows “trademark holders to affordably block both exact match terms […] as well as the many look-alike variations that can be easily generated by bad actors using alternate IDN scripts and homoglyphs to spoof users to visit websites containing malicious code used in phishing and malware scams.”

There are indeed two blocking mechanisms in place, which are called AdultBlock and AdultBlock+.  They both afford protection across the four adult-themed new gTLDs but their scope is different.

The AdultBlock service allows trade mark owners to block terms that are either already registered in the Trademark Clearinghouse (TMCH) or already registered in the Sunrise B program.  As Anchovy News readers may recall, Sunrise B was a program that was put in place at the launch of .XXX in 2011 to enable trade mark holders to block .XXX domain name registrations matching their trade marks.  The AdultBlock service only covers one term (label) that exactly matches the trade mark.

The AdultBlock+ service significantly increases the level of protection.  Contrary to the AdultBlock service, it is not limited to one label and allows trade mark holders to block all of the labels that are contained in the record (SMD file) of their trade mark registered at the TMCH, or all of the available labels derived from the trade mark used in the .XXX Sunrise B program.  For example, for a trade mark HOGAN LOVELLS, labels would include both “hoganlovells” and “hogan-lovells”.  In addition, the AdultBlock+ service blocks all of the confusingly similar homoglyph variations of the trademarked terms/labels in all languages and scripts supported by the Registry.  Using the example of a trade mark BANK, variations would include “bànk”, “Ьαnk”, “Ьanκ”, “Banκ” and thousands of others.

Brand owners whose trade marks are registered at the TMCH and those who participated in Sunrise B may wish to consider this blocking service to protect their rights in the adult namespace.  The AdultBlock+ service is certainly interesting in view of the increasing trend by unscrupulous parties to register look-alike variations of trade marks in order to deceive internet users.


This post is selected from our Anchovy News publication: Anchovy® is our comprehensive and centralised online brand protection service for global domain name strategy, including new gTLDs together with portfolio management and global enforcement using a unique and exclusive online platform developed in-house. For more information please contact us at  anchovynews@hoganlovells.com 

Innovation Lounge held in D.C. on 17 July

On 17 July 2019 we hosted our most recent Innovation Lounge at our Washington, D.C. office. The Innovation Lounge is an associate networking event series which focuses not only on IP-issues, but on healthcare, regulatory issues, and privacy issues.

Summer associates, in-house counsel, IP associates, and members of advocacy groups listened to a panel of C-level executives and directors from Appian, Genesys, Results Redefined, and Frontpoint address concerns over data privacy, the balance of innovation and regulation, the changing face of healthcare, and how in the not-so distant future, anyone could develop software.

Chaired by Senior Associate Keith O’Doherty, the event featured pointed questions that fostered a lively dialogue on issues that included:

  • The wary public perception on data privacy against the growing need for it in a data-driven world;
  • The interactions of privacy and AI;
  • The differences between a law firm and in-house career;
  • A shift toward value-based healthcare in fixing a fragmented system; and
  • Whether data is bound by jurisdictions.

To those who came to the event, thank you! Please be on the lookout for our next quarterly Innovation Lounge event.

IoT webinar recording: Cyberthreats in the Internet of Things

On July 16, 2019, our Privacy and Cybersecurity and Litigation teams presented a webinar, “Cyberthreats in the Internet of Things”. Speakers explored some techniques to exploit potential vulnerabilities in connected devices and how those types of events impact organizations from a regulatory and litigation perspective.

Many of the nearly 20 billion Internet of Things (IoT) devices deployed worldwide perform critical functions or have access to networks that process highly sensitive information. The proliferation of connected devices across industry sectors has led to the emergence of a significant and distinct threat to many types of organizations, from electric utilities deploying IoT devices across its smart grid to financial institutions using IoT devices in conference rooms that may connect to the same network that financial data flows through.

Topics include:

  • Different types of hacks and how they may be exploited in the IoT space
  • Ways that compromised IoT devices can present unique types of security risks
  • Unique legal implications of IoT cyberthreats
  • Litigation risks and strategies

To view the recording of the webinar and download the presentation slides, please click here (registration required)

CJEU: Trademark use in clinical trials, no bar to non-use revocation

This month, the Court of Justice of the European Union (CJEU) addressed a case of particular interest for pharmaceutical companies that are in the process of developing a new product. Regulatory and commercial considerations may cause marketing authorisation for the product to follow different timelines across jurisdictions. The Viridis Pharmaceuticals Ltd. (C-668/17 P) judgement, handed down by the Court of Justice on July 3, 2019 shows pitfalls that may occur when timing and interplay with the regulation are not carefully considered.

Background

An appeal was brought by Viridis against a judgement of the General Court (GC), upholding the decision of the Board of Appeal of the European Union Intellectual Property Office to revoke its trademark “Boswelan”, for pharmaceutical products. The revocation was sought by a third party on the ground that the trademark was not put to genuine use in the European Union (EU) for a period of more than 5 years.

The applicant appealed, claiming firstly that the trademark had actually been used in the EU, even if only in the course of clinical trials. Secondly, Viridis contended that conducting clinical trials also clearly constitutes a proper reason for non-use, thus avoiding revocation.

Clinical trials and genuine use Continue Reading

CJEU: Online commerce – Provision of contact details clarified

The European Court of Justice (CJEU) has ruled that online sales platforms are not necessarily obliged to always provide consumers with a contact telephone number in order to meet statutory obligations. Other means of communication via which the consumer can communicate quickly and efficiently with the company may also be sufficient.

Background

The plaintiff, a German consumer protection association sought a declaration before German courts that an online sales platform was violating its statutory obligation to provide consumers with an efficient means of making contact. In particular, the association alleged that consumers were not informed in a clear and understandable manner of the platform’s telephone and fax number. According to the association, the callback service that was set up did not fulfil the duties to provide information as many steps were required to contact with the company. It stated that, under German law, a businessperson was obliged to always provide a telephone number before concluding a consumer contract in cases of distance or off-premises selling.

The German Federal Court of Justice sought clarification from the CJEU on whether Consumer Rights Directive 2011/83/EU precludes a provision of national law such as this and whether an online sales platform can rely on other means of communication such as online chat or a call-back system.

Ruling Continue Reading

Privacy and Cybersecurity KnowledgeShare event: Sept 19, London

Join us on Thursday 19 September for our Privacy and Cybersecurity KnowledgeShare in London. We’ll share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops.

Topics will include:

  • Nailing the basics – Fast insights into key issues such as lawful grounds for processing, people’s rights and DPIAs.
  • Enforcement – What the risk-based approach truly means.
  • Privacy challenges of the digital economy – AI, life sciences, biometrics, facial recognition, IoT and product development.

The workshops will focus on key compliance topics such as incident response, international data transfers, privacy litigation, Brexit, CCPA and e-Privacy.

For the full programme, speaker information and registration, please contact Joshua Prietzel.

We look forward to seeing you!

It’s Official: Foreign Trademark Applicants Will Need a U.S. Attorney

On July 2, the United States Patent and Trademark Office (“USPTO”) published a final rule in the Federal Register requiring all non-U.S. individuals and businesses seeking a trademark registration be represented by a U.S. attorney.  See our earlier posts here and here. The rule comes in response to the uptick in the number of fraudulent pro se trademark applications received by the USPTO; particularly from China.  The new rule mirrors similar requirements in other countries, such as the European Union and Japan.

What do you need to know about the new rule?

The final rule will go into effect on August 3, 2019, and applies to individuals and businesses whose permanent legal residence or principal place of business is outside of the United States.

The rule will also apply retroactively to pending applications filed with the USPTO prior to August 3rd.  Non-U.S. applicants with pending applications who have not retained U.S. counsel will be informed in an Office action that appointment of a qualified U.S. attorney is required.  The applicant will have the usual six-month period to respond to the Office action and identify U.S. counsel.  Failure to comply will result in abandonment of the application.

Additionally, U.S. attorneys representing clients in trademark matters before the USPTO will be required to confirm that they are an active member in good standing of their bar and to provide information concerning their bar membership, as well as other information.

What Next?

Foreign applicants are still allowed to directly file applications and continue prosecution matters with the USPTO without U.S. counsel until August 3rd.  However, foreign applicants should prepare for the rule change by retaining qualified U.S. counsel to prevent any prosecution interruptions at the USPTO.

CJEU: Sweet victory for well-known trademark against registered design

In its judgment C-693/17 earlier this year, the CJEU confirmed a decision of the GC in design invalidity proceedings, in which the proprietor of a trademark protecting the image of product packaging successfully took action against the filing of a design featuring similar packaging filled with coloured sweets.

Background

The plaintiff manufactures coloured oval sweets and in 2007 filed a Community Design for the packaging shown below for “comfit boxes and containers”.

The intervener at first instance, known internationally for manufacturing sweets packaged in small, transparent boxes, among other products, filed an application for a declaration of invalidity of the design, based on its registered figurative trademark shown below.

The Cancellation Division and the Board of Appeal of the EUIPO granted the invalidity application.

The action to overturn the Board of Appeal decision, brought before the GC, was unsuccessful. The GC supported the Board of Appeal in all points at issue under substantive law. Among other things, the plaintiff pointed out that the overall impression of its design filing was determined primarily by its rounded edges, the prominent logo on the label and the coloured oval sweets that can be seen in the photographs included with the filing. In all these points, the plaintiff contended that the design in question differs from the trademark of the opposing party. The GC was unable to find anything legally relevant in any of these arguments. On the contrary: it took the view that the overall impression of the opposing product packaging is not determined by the (rounded) edges and that the logo is not of any consequence, since the label in its basic form – extending from the front of the box over the lid to the back – is similar and that the relevant group of consumers are generally not expected to pay much attention to confectionary packaging. The court found that the fact that the photograph shows the packaging filled with coloured sweets is also irrelevant as the design was filed precisely only for “comfit boxes…”, i.e. the packaging of the actual product, and not for the product itself.

The plaintiff proceeded to appeal before the CJEU, arguing among other things that the GC had incorrectly treated the trademark as a three-dimensional trademark and not as a pure figurative trademark. In addition, it stated that the court had ignored characteristic design features of the design filing; the coloured oval sweets shown in the photographs and the logos on the product packaging.

Decision Continue Reading