Welcome to All Things IP!

Posted on Posted in Announcements

This blog is a place to discuss any and all things related to intellectual property.

Change is inevitable and the intellectual property that drives change is powerful.  Every day we see and experience something new that intellectual property created which was implemented and or litigated upon.

This is a online community where we can share ideas and communicate about topics that pertain to All Things IP!

Online Retail Platforms Offer Swift Justice in Trademark Infringement Cases

Posted on Posted in Copyright, Trademarks

Let’s say you develop a product (the coolest backpack ever), register your trademark (“Larkspur Designs”), and hit the market. Two months later, you discover that some other company (seller name: whodunit) is selling “Larkspur Designs” backpacks on Amazon—they are using your product photos, but you do not know whether they are reselling your product (presumably obtained from one of your distributors) or using your brand to sell an inferior product. You order one of the backpacks and discover that, although the packaging is virtually identical to yours, the product is not yours. You cannot find any contact information for the seller either on Amazon or anywhere online. What next?

You may consider filing a copyright complaint with Amazon based on whodunit’s use of your product photos, but if those photos are not registered with the U.S. Copyright Office, you cannot pursue an infringement claim. You cannot send a cease and desist letter because you have no contact information for the seller. What you can do is file a trademark infringement complaint with Amazon. Amazon will review the complaint and, if it appears to have merit, take down the infringing product listing. Amazon will not reinstate the product listing unless the trademark owner retracts its complaint, which can only be done if the complaint was filed in error.

Amazon has recently implemented a “brand registry” that is intended to expedite the process of removing infringing product listings. To register a brand with Amazon, a company must manufacture its own products, and the brand name (trademark) must be registered with the U.S. Patent and Trademark Office. In addition to proof of trademark registration, brand owners are required to submit the brand logo (that is, the stylized version of the trademark), an image of the trademark on the product or packaging, and a list of countries in which the product is manufactured and sold. The brand registry gives sellers greater control over their product descriptions, a more visible platform for promoting their brands on Amazon, and (in theory) faster resolution of disputes against infringers.

All trademarks registered with Amazon must include a literal element (i.e., one or more words); however, infringement complaints may be filed based on trademarks that are not part of the brand registry. For example, trade dress—which refers to the shape or design of a product separate and apart from any words—can be registered with the U.S. Patent and Trademark Office even though it cannot be registered with Amazon. For this reason, we encourage our clients to pursue trade dress protection in addition to or in lieu of design patent protection. (Amazon will not remove product listings based on a patent infringement complaint, but they will remove product listings based on a copyright or trademark complaint.)

The brand registry is not without risk, however. When Amazon receives a request to join the registry, it sends an email to the correspondence address on file with the U.S. Patent and Trademark Office for the registered trademark. This email contains a code that the trademark owner then uses to control its brand registry account (appoint administrators, etc.). Sophisticated infringers have begun changing the correspondence address in the USPTO records so that when the brand owner adds a trademark to the Amazon brand registry, the infringer will receive the email with the verification code. These email addresses are often from a secure private email domain so that the originator cannot be identified. One way to protect against this scam is to check the correspondence address for your registered trademark before adding it to the Amazon brand registry.

Amazon is not the only online retail platform that will remove infringing product listings based on a complaint submitted by the trademark owner. Sites such as Apple, eBay, Etsy, Jet, Bonanza and a myriad of others have similar takedown procedures. Review the site’s legal terms and conditions for details on how to submit a complaint. The development of a strategy for combatting infringers via third-party retail platforms can be particularly effective where the infringer is uncooperative (for example, in response to a cease and desist letter) or where it is impossible to identify the infringer.

Antoinette (Toni) Tease is a registered patent attorney who practices in the areas of intellectual property and technology law.

Antoinette M. Tease, P.L.L.C. Toni can be contacted at: toni@teaselaw.com

The information is provided for informational purposes only and should not be considered legal advice. Please consult a qualified
attorney for advice on a specific legal matter. © 2018 Antoinette M. Tease, P.L.L.C. All Rights Reserved. Visit www.TeaseLaw.com

Patent Scams Come in All Shapes and Forms

Posted on Posted in Patent Law

Patent scams do come in all shapes and forms—and I am not referring just to the people who advertise on tv (we will save that article for another day). I have never seen an ad for a patent attorney on tv (there are plenty of ads for invention development firms), but I have encountered a number of different patent schemes perpetrated by patent attorneys. I describe some of these schemes below, but there are two things you (as the client) can do to ensure that you are working with someone who is not only admitted to practice before the U.S. Patent and Trademark Office but also a competent patent attorney.

The first thing you can do is to look that person up in the patent office database: https://oedci.uspto.gov/OEDCI/. If you cannot find that person in this database, then he or she is not a registered patent attorney or agent. It does not matter that the attorney has litigated patent cases (he or she has never filed or prosecuted a patent application) or “managed” patent portfolios; if the individual whom you are considering engaging is not in this database, you should not retain him or her for the purpose of preparing, filing, or prosecuting (which means dealing with all the aspects of getting the patent through after it is filed) a patent application for you.

Once you have established that you are dealing with a registered patent attorney, the second thing you can do is look up how many issued patents that attorney has to his or her name. (I will leave agents out of this discussion for now; a patent agent is a non-attorney who is authorized to file and prosecute patent applications but who cannot do any other legal work, such as trademark filings, contracts, etc.) To conduct this search, go here (http://patft.uspto.gov/netahtml/PTO/search-bool.html); enter the first and last name of the attorney and select “Attorney or Agent.” When you view the results, keep in mind that anything beginning with the letter “D” signifies a design patent. There is relatively little legal work entailed in a design patent (design patents rely almost solely on the drawings), so the better measure of a patent attorney’s ability is the number of utility patents to his or her name. As of this writing of this article, our office has nearly 200 issued patents, roughly 90% of which are utility patents. You can also skim the list of titles included in the search results to ascertain whether the attorney has handled other patent filings in your industry (for example, firearms, agricultural equipment, medical devices, etc.).

In the two cases I am about to describe to you, the client could have avoided being the victim of a scam if these two steps had been followed. In the first case, I inherited a patent portfolio from a local client who had been working with a patent attorney in South Carolina for years. It took me about two seconds to enter her name into the patent database and discover that her name did not come up. That was the first red flag. Then I wondered how it was that she had “handled” this client’s patent filings for the past two years. This scam occurred back when the patent office was still accepting paper filings only, and her scheme was to mail things to the patent office, get a return stamped postcard from the patent office mail room, and then send a copy of that postcard to the client with a cover letter informing him that whatever it was (a new patent application, a response to an Office Action, etc.) had been filed. When I contacted the Office of Enrollment and Discipline (which handles all matters relating to the admission and practice of attorneys before the U.S. Patent and Trademark Office), I learned that this person had been disbarred several years ago and that none of her “filings” was actually being entered by the patent office. This meant that several of my client’s patent applications had been abandoned, unbeknownst to him. We did what we could to salvage the client’s patent portfolio, but the client never recovered any of the sums he had paid to this attorney.

Most patent filings today are handled electronically, which means that the “paper” scam just described would no longer work. Just a few weeks ago, however, I encountered the electronic version of this scam. My client had gone to someone who professed to be a patent attorney, that person had filed a patent application for this client, and the client had received a filing receipt issued by the patent office. In this case, the attorney who took the case was an attorney but was not admitted to the patent office. Because he was not admitted to the patent office, he could not file an application on behalf of the client, so he filed the application in the client’s name individually (In other words, he pretended to be the client when he filed the application). Thus, there was no attorney of record on file for this application (a fact which surprised the client when I pointed it out to him), and this attorney’s “fingerprints” were nowhere to be found in the electronic record. The prejudice to the client came when the patent office issued the first Office Action, and this attorney made arguments that fell on deaf ears because he was not intimately familiar with the patent prosecution process. Furthermore, the attorney took the client’s money without any meaningful discussion of patentability up front. The client ended up abandoning the patent application altogether.

The last type of conduct I think inappropriate when it comes to advising clients on patent matters is when the well-meaning general practice attorney (or, frankly, even an intellectual property attorney who is not a registered patent attorney) advises the client on patentability. In one case, a client of mine had first been to a general practice attorney who told her that her apparel-related product was not patentable. He said this without doing a patent search and without any experience whatsoever in prosecuting patent applications. I happened to agree with him in this particular case, but non-patent attorneys need to be very careful about rendering casual opinions about patentability because “simple” inventions (even in the apparel area) may very well be patentable. A case in point is the pre-curved fishing wader that our office has patented for Simms fishing Products; this invention is now patented in the U.S., Canada and Europe. For similar reasons, I would recommend not going to an attorney who dabbles in intellectual property law but rather one who specializes in that area.

Regardless of which law firm you ultimately decide to retain, take the two steps outlined above to ensure that you are working with someone who has the proper credentials and expertise to get the job done. Nothing in the patent process is guaranteed, but you can increase your odds of obtaining a return on your investment (in the form of an issued patent) by doing a bit of homework up front.

Antoinette (Toni) Tease is a registered patent attorney who practices in the areas of intellectual property and technology law.

Antoinette M. Tease, P.L.L.C.  Toni can be contacted at:  toni@teaselaw.com

The information is provided for informational purposes only and should not be considered legal advice. Please consult a qualified attorney for advice on a specific legal matter. © 2017 Antoinette M. Tease, P.L.L.C. All Rights Reserved.  Visit www.TeaseLaw.com

PASSWORD MISERY!

Posted on Posted in Uncategorized

PASSWORD MISERY!

Donald B. Johnston, Aird & Berlis LLP

We all hate passwords. Anyone who says s/he doesn’t is fibbing.

I had an experience last year, while at the International Bar Association conference in Washington, that renewed my hatred for passwords. The word “hatred” is inadequate to express how I actually feel about passwords – it’s more like the white-hot radiation of a million simultaneous supernovas.

I was in Washington doing a public presentation, and my notes were on my smartphone. What I didn’t know was that our IT guys – God love ‘em – changed our firm’s password policy without notice and rolled it out just before my presentation. Of course they did. So, right in the middle of my presentation, when I wanted to access my notes, I got a message that told me it’s time to change my password.

At this point I’m somewhere between gruntled and disgruntled, but I typed in a new password – twice – as instructed, expecting to access my notes.

But that was not to be.

No. The password I had chosen was apparently no good, because it didn’t have at least 8 characters. So I tried it again, but then I got a new message: it didn’t have a capital letter, a number and a “special” character.

When you’ve got thumbs like mine, all characters are special – but I digress.

Anyway, I managed to put in a compliant password, twice, while my audience bemusedly looked on, and got my notes. I finished my presentation to a positive frenzy of enthusiastic snoring.

But what do you think happened when I tried to access my smartphone later on?

Of course you know. I couldn’t get in.

For some reason, in the middle of my presentation, I must have made the same error twice. My smartphone, thinking (after a few erroneous attempts at logging in) that it was being hacked, finally erased itself, immolating my data, including all my messages and plane tickets and so on.

It was lovely. Words cannot express the transports of pure joy with which I was seized.

Which brings me to what I really wanted to talk about, and that is the latest in password advice from the U.S. National Institute for Standards and Technology (NIST), enshrined in Special Publication 800-63-3 and 800-63B: Digital Authentication Guidelines Authentication and Lifecycle Management. The documents are still in draft form now, but they read very well. You can get the password advice here: https://pages.nist.gov/800-63-3/sp800-63b.html

Essentially what the draft guidelines say about passwords (which NIST glibly calls a Memorized Secret Authenticator) are the following:

  1. Passwords have to be at least 8 characters in length if chosen by a human being, and may be much longer if you like. In fact, if there is to be an upper limit, it has to be more than 64 characters.
  2. Or no less than 6 characters if chosen by a machine, e.g., 7*%?4T.
  3. The characters could include a space, an emoji, all ASCII characters (see https://en.wikipedia.org/wiki/ASCII) and all UNICODE characters (see https://en.wikipedia.org/wiki/List_of_Unicode_characters).
  4. There should be no password “hints”. They just help hackers guess. No, the name of my first dog was NOT “Spot”, it was “Schlep”. And the name of my first girlfriend was not one of the girls in the high school yearbook. (I had no girlfriend, for reasons obvious to anyone who knows me well enough.)
  5. Passwords can’t be on a list of previously used passwords, passwords that were subject to a previous breach, passwords that are found in a dictionary or passwords that are related to the user or the service (“donspassword” or “officeaccess”).
  6. There should be a limit on the number of failed password entry attempts – then the user is locked out. (Or, as in my case, the smartphone commits suicide after 10 tries.)
  7. There should be no composition rules, such as “four numbers, three symbols, two uppercase letters and a partridge in a pear tree”. Instead people should write a unique password or passphrase that they can remember and no one else can guess. (I recommend against, “Now is the time for all good men to come to the aid of the party”, but not because it’s not a good phrase, rather because the party doesn’t deserve the aid.)
  8. There should be no requirement to change passwords from time to time unless there is evidence of a breach. (Good news!)
  9. Stored passwords have to be “hashed” to make them resistant to hacking.
  10. Two-step (or two factor) authentication is recommended. (We have that at Aird & Berlis: a password combined with a number that constantly changes. Both have to be correct for access to be permitted.)
  11. SMS should never be used in two-step authentication, because it’s unsafe.

So there you have it. I think that these new rules are pretty user-oriented and friendly, particularly because of the ability to have a long passphrase that uses spaces and because of the non-expiry policy.

Don Johnston

Don is Co-chair of the Technology Law Group, Co-chair of the Privacy & Data Security Group, and a member of the Corporate Commercial, Intellectual Property Law and Energy Law Groups for Aird & Berlis LLP .  Don can be reached at djohnston@airdberlis.com.

KEYWORDS:

password

passphrase

NIST 800-63-3

NIST 800-63B

security

privacy

data protection

HOW BLOCKCHAINS WILL CHANGE STOCKHOLDER DEMOCRACY

Posted on Posted in Blockchain Technology

Donald B. Johnston, Partner, Aird & Berlis LLP

Gesundheit!

Generally speaking, when Delaware sneezes, everybody else gets a cold.

That’s because Delaware is the undisputed jurisdictional leader in corporate finance in the U.S., with well over a million companies incorporated in that state.

Delaware sneezed big time on August 1, when the new Delaware Blockchain Initiative became law. Thanks to this initiative, the Delaware General Corporation Law now permits Delaware corporations to register their shares of stock, and transfers of shares, on a blockchain.

The reason that’s revolutionary is this: Delaware companies can now cryptographically link a particular number of shares of stock to a particular owner in a manner that cannot effectively be challenged, due to the more or less bulletproof nature of modern cryptography.

Moreover, because that cryptographic link is recorded on a blockchain, any dealing in any of those “linked” shares can be easily tracked and known to anyone who cares to download a copy of the electronic ledger.

Even better, every dealing in those shares is certain to have been authorized, because that dealing can only be accomplished by the owner of the shares, who possesses the secret “private key” that can cryptographically unlock the shares for transfer to a new owner.

Let’s unpack that a bit.

First, the shares are registered electronically on a blockchain.

Second, a blockchain is a distributed ledger (i.e., anyone can have a complete copy) that is mathematically tamper-proof.

Third, only the possessor of the correct cryptographic key can deal with the shares and assign them to a third party. Once the third party is registered as owner, then only that third party can subsequently deal with them. And so on.

Why is this an important initiative?

Traditionally, there has been a good deal of uncertainty of information in share registries. The vast majority of shares public company stock are registered in “street name” with stockbrokers, and the names of the “real” owners may not be known to the issuing companies, only to the stockbrokers. These days, when an annual general meeting is called, it is the brokers, not the beneficial owners, who get the notice of meeting. Hardly anyone has a paper stock certificate, despite what you learned while playing Monopoly as a kid.

So what will happen when shares are registered cryptographically on a distributed ledger like a blockchain?

  • It is easy for stockholders to register their holdings directly with the public company, rather than having a broker hold them (although the existing system of having brokers hold the shares is also enabled by blockchain technology)
  • Public companies would be better positioned to know who their “real” stockholders are
  • Ownership and control over shares would be demonstrably authentic, while still providing anonymity
  • Legal issues with legal versus beneficial ownership would disappear, and the “real” stockholders would be able to enforce their rights directly, and with the status of actual stockholders, and not merely as persons with “security entitlements” through a “securities intermediary”
  • Public companies could communicate directly with stockholders whose shares are registered on the blockchain – and vice versa!
  • The creation of an accurate cap table would be as simple as making a blockchain database query
  • Stockholders will be able to vote their own shares at annual general meetings, instead of signing proxies (or, more usually, throwing the proxy forms in the trash or forgetting to send them in)

As a result of these changes, it can be argued that the Delaware Blockchain Initiative brings the actual situation much closer to the original intent of the General Corporation Law, which was built on the assumption that stockholders own their shares directly, and not through nominees.

What’s more, stockholder engagement will be enhanced, with companies knowing more about who their stockholders are, and being able to talk with them directly rather than through public communications or through brokers and bankers.

This is all good for stockholder democracy and engagement and, if all the other jurisdictions get the “cold” that Delaware is spreading, this initiative could signal a universal change in stockholder engagement and stockholder democracy.

A reminder about blockchain technology

Just in case you are still learning about blockchain technology, here’s a bit about what it is.

A blockchain is a peer-to-peer managed, publicly readable, secure database, located in multiple, but isolated/independent, places on the Internet. The data recorded by the blockchain keep on expanding and nothing gets dropped. Every event is date-stamped, encrypted and exceptionally hard to tamper with. Each “entry” in a blockchain ledger is broadcast to every node on the network, which validates and rebroadcasts it. So the blockchain is evidence of “consensus” that all the data are correct.

A blockchain database (sometimes also called a “distributed ledger”):

  • is pseudonymous – every user is represented by a unique mathematical identity, but not by name
  • is a continuously self-linking ledger that potentially has a beginning but no end – each entry is linked to prior entries in a chain-line fashion
  • contains data that are strongly encrypted
  • employs digital signatures of users that are strongly encrypted and bound to the data that the users upload
  • contains data that are time-stamped
  • is recognized as containing valid and correct data that can be relied upon
  • contains records of transactions that have been authorized and confirmed by virtue of unique digital signatures – the signatures are combined with the data to create virtually certain mathematical confirmation of correctness
  • denies incorrect information by virtue of a challenge/response mathematical method
  • is publicly searchable

So there you have it: everything you wanted to know about how blockchain technology is changing corporate law and practice.

I’ll write more soon!

Don Johnston

Don is Co-chair of the Technology Law Group, Co-chair of the Privacy & Data Security Group, and a member of the Corporate Commercial, Intellectual Property Law and Energy Law Groups for Aird & Berlis LLP .  Don can be reached at djohnston@airdberlis.com.

SaaS Escrow – Don’t be Caught “Dead in the Water”

Posted on Posted in Technology Escrow

Do you want to avoid being caught “dead in the water”!

Providers, subscribers and legal counsel are all well aware of the benefits and burdens that surround implementation and use of SaaS applications for mission critical requirements. Disaster can strike in any number of ways and the need for a risk mitigation tool such as SaaS Escrow is more important for SaaS application than it is for a distributed (non-hosted) application.

There are several reasons:

Application Access: Imagine is the lights really went out.  When lights shut off with a SaaS application the disaster is immediate and swift. Unlike a distributed application where the customer has access to the application and their data when a SaaS customer is denied access they are dead in the water.

Data Access:  Picture trying to switch vendors during a calm period?Switching vendors is never a simple process, what would it be like if you had zero days due to a failure? Do you have your data? If not, where does it reside and how do you get it? Will you get it in a usable format for migration to a new provider? Can you find a new provider quickly? All this takes time, costs money and does not avoid disaster.

Code Access: Subscribers who wish to access the run time environment must have the object code, source code and the data.

Hosting: If disaster strikes and you have a SaaS Escrow agreement in place will you host the application?

Business Continuity:  Remember, in order to avoid a disaster you need to have plan, test your plan, and test that plan yet again.  A good insurance plan comes in more than one form.

SaaS Escrow, testing and back-up hosting should be part of the disaster plan because it’s simple, because it’s cost effective and because it makes good business sense. InnovaSafe, a SOC2 Type II Compliant technology escrow service provider can provide you with all these solutions.

Technical Verification

Posted on Posted in Technology Escrow

With source code escrow (SCE), a developer gives assurance to its licensee that business-critical software will be maintained by the developer or, if necessary by the licensee, using the source code and related materials the developer deposits (the Deposit Materials) with InnovaSafe. (We make the Deposit available upon a developer’s written instructions.) Because it is one of their most valuable assets, no developer puts source code in escrow unless he or she is confident in their commitment to maintain the application.

SCE is a form of insurance. It compensates the “policyholder” (licensee) for a loss. Instead of paying cash to settle a claim as an insurer would for profits lost due to business interruption, InnovaSafe releases the Deposit Materials, after the developer’s failure to maintain, to enable a licensee to maintain the software to prevent business interruption.

Insurance and SCE help manage risk. They do not reduce it. For example, no company would ever conclude that because they have business interruption insurance, they can do without data recovery procedures. That would be insane. It is cheaper to reduce the risk of business interruption by paying for redundant systems, including a duplicate data center, then paying the insurance premium and picking up a claim check for “lost profits.”

Yet, this is exactly what licensees do with SCE, telling themselves, in effect, “If the developer doesn’t maintain the application, I can have access to and use the source code.” But, risk reduction is just beginning.

Enter technical verification of Deposit Materials. It is a process where InnovaSafe with the assistance of the developer, both acting to benefit the licensee, to ensure that the Deposit can be assembled, compiled, and built into executable programs and is usable if the Deposit Materials are ever released to the licensee (Beneficiary). Generally speaking, the party requesting the verification pays for the verification and the cost for this service is small as compared to the cost of reducing the risk of business interruption.

Is there a need for technical verification? You bet there is. An industry axiom says that around 90% of Deposits are incomplete, because they are complex, not because of anything a developer does intentionally.

Here’s a thought. What would the marketplace for business-critical software look like if a developer included a technically verified SCE in its standard offer to its customers? For example, would it cut a SaaS vendor out of the herd? Think about it.

Your comments?

Cloud Computing and the Need for Technology Escrow

Posted on Posted in Cloud Computing, Technology Escrow

SaaS subscribers may be unaware that they are in the path of the perfect storm. Today’s massive economic crisis has collided with the allure of new software delivery models, putting many businesses at risk.

Delivery models like cloud computing and Software as a Service (SaaS) are here to stay. In fact, Gartner says the SaaS market is expected to more than double, with revenue reaching $14.8 billion in 2012. These models’ promises of lower cost ownership and quicker time to deployment are certainly attractive to any business.

But, add today’s economic climate to the mix and those promises are quickly broken. Rampant vendor consolidation, mergers, business insolvencies, contractual issues, and business disagreements can result in the loss of application functionality and access to all of the SaaS subscribers proprietary data. As we all know, this can happen whether you’re working with start-ups or industry leaders.

That’s why Forrester analyst Liz Herbert advises companies to make sure their legal team is “involved in SaaS negotiations as SaaS contracts today are more like marriages than experimental flings.”

Technology escrow can protect SaaS subscribers from this storm – as long as the escrow technology takes the cloud computing/SaaS paradigm into account. According to a recent ThinkStrategies white paper, “This means employing escrow services that can not only store and secure valuable source code, but also continuously track changes, allow inspection of the real-time version of the source code and ultimately ensure that the source code can be built into an up-to-date, working version of the software.”

InnovaSafe Technology Escrow technology can help protect subscribers from today’s cloud computing pitfalls. InnovaSafe’s Dynamic Escrow Solution, using patent-pending technology, allows the solution provider to set up a secure, central repository for source code and mission-critical data that can be updated in a secure manner and on regular basis. Version control features keep track of changes and give the solution provider the ability to roll forward or backward to the version of their choice. Plus, detailed content and activity reports provide an accurate view of repository functions.

To learn more about how this technology can help you, contact us today at info@innovasafe.com for a free consultation. We look forward to explaining how our technology can help you weather the perfect storm.

“SaaS: should software and/or database escrow be a mandatory requirement when using a Software as a Service application?”

Posted on Posted in Technology Escrow

SaaS applications are becoming more and more common. With a SaaS solution, the software supplier hosts the software and stores client’s data on its web servers or leased servers. The requirement for a technology escrow agreement is important because the source code, object code and access to the client data are controlled by the software supplier.

On Dec 18, 2006, Forrester Research announced an Enterprise Software Licensee’s Bill of Rights (the LBoR). While it is nothing like the Founding Fathers’ declaration of rights, Forrester boldly proclaimed that licensees need certain rights to free themselves from “onerous [software] ownership restrictions.” For example, enterprise software can be one of a company’s largest investments, subscribers of SaaS applications, like distributed applications, have constraints on how they may use the application. For example, unilateral modification and or maintenance of the software are generally not permitted without the software vendor’s approval. It is simple business that a supplier, who owns the IP, is more than justified in charging its customers a reasonable fee for the use as well as the modification of the application. That is the sole purpose of business and we all understand and appreciate it. However, over time as the customer invests more time and money in training its staff to use the software solution and it buys equipment and develops expertise in using the software solution to take care of its customers, it creates enormous asset value for its own account. This investment could easily equal or outspend the annual licensing and or maintenance fees the customer pays for the use of the software. All things being equal, software suppliers encourage such activity and in deed have a vested interest in the success of its subscriber customers in the use of the application. In fact, software suppliers want nothing more than their subscribers to effectively use the software application in furtherance of their own business success. This creates a successful long term business relationship.

Ray Wang, the Forrester analyst who is one of the authors of the LBoR, mentioned above, talks about a “slow shift” in the pendulum in favor of the licensee with “new deployment options” such as SaaS. For this reason, plus because of increasing vendor consolidation during this, the Great Recession, on July 7, 2009 Forrester added 11 more items to its LBoR. Based on discussions with CIOs, business process and apps professionals, systems architects and IT licensing experts, Forrester concluded SaaS vendors should provide their customers with software and database escrow protection from a reputable, established escrow agent. Forrester says the [technology] escrow company should keep in trust a copy of the source code, the customer’s databases, object code and related material to reproduce the SaaS environment in the event the SaaS vendor fails to provide services at the contracted level or worse, goes out of business.

And why not? Think about it. Having a reasonable and balanced technology escrow agreement already in place assists the SaaS provider in numerous ways. For example, (1) it address its customer’s immediate and real concerns about being totally dependent on the vendor, (2) it cements a business relationship based on trust and (3) assists the provider in adding a new client.

Conversely, the same technology escrow agreement assists the provider’s customer because the supplier, its IP, subscribers’ databases, maintenance activity, data center operations and virtually every significant function associated with using an application, resides with the vendor and should a pre-determined event occur that may require release of the intellectual property, a properly drafted technology escrow agreement gives the subscriber access to critical information in a reasonable time period to keep the solution running and allow the subscriber to avert its own disaster.

Technology escrow is a modestly priced protection tool that helps subscribers’ mitigate the risk of total reliance on a single supplier for a vital business function and a technology escrow helps SaaS vendors close more deals and do more business. Its win-win.
Your thoughts?