[ISN] Google and Yahoo Sued for Hosting Content That Allegedly Infringes Trademarks -- (ISC)2 v. Degraphenreed

From: InfoSec News (alerts@private)
Date: Tue Nov 20 2007 - 08:30:16 PST


http://blog.ericgoldman.org/archives/2007/11/google_and_yaho.htm

By Eric Goldman
Technology & Marketing Law Blog
November 17, 2007

International Information Systems Security Certifications Consortium v. 
Degraphenreed, 2:07 CV 1195 (S.D. Ohio complaint filed Nov. 16, 2007)

International Information Systems Security Certifications Consortium 
("ISC2") offers a professional designation entitled "Certified 
Information Systems Security Professional," or "CISSP" for short, that 
individuals can earn by meeting the published requirements. The 
Consortium has a federally registered certification mark (#2045256) for 
the term "CISSP." The complaint alleges that Degraphenreed was once a 
registered Certified Information Systems Security Professional but he 
failed to satisfy the continuing standards. As a result, the complaint 
alleges that Degraphenreed now describes himself as a "Chief Information 
Security Systems Practitioner," also abbreviated as "CISSP," thereby 
continuing to claim CISSP status without meeting the ISC2's standards.

These allegations appear to support trademark infringement and false 
advertising claims, although interestingly I can't find any examples of 
Degraphenreed's usage of the term "Chief Information Security Systems 
Practitioner." (I got zero results in both Google and Yahoo searching 
for the term "Chief Information Security Systems Practitioner."). ISC2 
also alleged trademark dilution but that should be a non-starter because 
I doubt CISSP will qualify as widely recognized among the general 
consuming public.

The most interesting aspect of this case is that ISC2 also sued Google 
and Yahoo for trademark infringement for hosting content that contained 
Degraphenreed's impermissible CISSP usage. Specifically, the complaint 
alleges that Google hosted six blogs that contained the CISSP mark (at 
least 2 of which contained the term in the blog title), and that Google 
refused to take down these blogs after the plaintiff's notice. The 
complaint also alleges that Yahoo hosted 5 Yahoo Groups referencing 
CISSP and a Flickr account containing ISC2's CISSP logo, and that after 
plaintiff's notice Yahoo only removed one group and left everything else 
up. The complaint claims direct (not contributory) trademark based on 
these allegations.

>From my outsider's perspective, it looks like a significant tactical 
error to bring Google and Yahoo into this lawsuit for at least four 
reasons:

1) The plaintiff's theories of trademark liability against Google and 
   Yahoo are untested and lack any useful precedent. In fact, to date we 
   really don't have an exemplar lawsuit discussing the liability of a 
   service provider for hosting trademark-infringing content, and I 
   can't think of a case where a service provider has been held liable a 
   trademark infringer for hosting user content. This claim reminds me a 
   little of the Jews for Jesus v. Google Blogspot lawsuit from Dec. 
   2005 (which ultimately settled irresolutely), where Jews for Jesus 
   complained about a third level domain/blog title selected by a blog 
   user. When that lawsuit was filed, I speculated about some of the 
   possible theories of liability and defenses, but the law was murky at 
   best. So in this case, suing Google and Yahoo makes a relatively 
   straightforward case much more complex and expensive.

2) Often, individual defendants in these types of cases don't hire 
   top-flight IP defense lawyers....but Google and Yahoo most assuredly 
   will. As a result, ISC2 has ensured that some very skilled attorneys 
   will line up on the defense to break every aspect of its case.

3) I couldn't investigate everything, but what I saw of Degraphenreed's 
   activities on Google and Yahoo didn't look immediately problematic. 
   For example, some of the blogs really lack any substance at all (see, 
   e.g., here), but they don't look like splogs. If anything, it looked 
   like ISC2 may be trying to shut down some griping. For example, two 
   of the Yahoo groups are entitled "cissp-clueless" and 
   "cissp-censorship," and the cissp-censorship group is a restricted 
   access group with only three members. It's not clear how this group 
   could possibly contribute to a trademark infringement claim. Instead, 
   it looks like ISC2 might be overreaching, perhaps to shut down some 
   unwanted commentary, and this may increase the judge's sensitivities 
   to the public interests at stake here.

4) The plaintiff can get all of the relief it needs just by suing 
   Degraphenreed. If the plaintiff wins that lawsuit, they can get an 
   order forcing Degraphenreed to remove the infringing material. 
   Further, I imagine that Google and Yahoo would happily take down any 
   content that a court has adjudged infringing.

Please email me [1] if you have any thoughts about why ISC2 decided to 
go after Google and Yahoo (let me know if I can post your comments). For 
now, I'm classifying it as a blunder. It will be interesting to see how 
aggressively Google and Yahoo respond to this lawsuit.

[1] http://www.ericgoldman.org/contact.html


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Tue Nov 20 2007 - 08:42:39 PST