Four Questions with Michael Fleming
Position: Chair of the American Bar Association Section of Business Law’s Committee on Cyberspace Law
Roles: Helping define cyberspace law; aiding lawyers to understand rapidly changing technologies and associated laws; and serving as an expert in data security and privacy, intellectual property, the operation of an online business and Web site related business negotiations.
Internet domain names seem like a confusing mess. Should a company try to secure a portfolio of domain names for its Web site?
From a marketing perspective, you’re going to want to put your effort behind only one address, because it’s a lot easier to sell one address, one phone number, one e-mail than it is the whole panoply of possibilities—dot-org, dot-net, dot-com.
Some people think, “If I don’t get it, someone else will, and they’ll use that to compete against me.” But that is an overblown concern, because if they truly are using it to compete against you, you have plenty of other methods to go after them, such as trademark laws and the unfair competition law.
Is the biggest risk in selling from a Web site the online credit cards?
That is only the more popular one in the news today. But things like failure to enter into an enforceable contract with the customer or whether or not there is a warranty on the products you are selling are also dangerous. You may unintentionally give a warranty to the products that you’ve sold through the Web site that you normally don’t give to your retail customers. If you haven’t set up the online contract mechanisms correctly, that may be the case. Those cases don’t make the news, but they cost a lot of companies a lot of money. I don’t want to say that privacy is the only concern. It’s just the one that gets more news than others.
Should a small to medium-sized business that has a Web site be afraid of getting its Web site hacked? Aren’t those attacks primarily aimed at big businesses?
I think a lot of people are concerned about it in the way that gets in the news: a bank was robbed and everyone’s credit card numbers were revealed or something like that. In a day-to-day world, that’s not where all the action is. All the action is in folks who are hacking into any kind of Web site and using that Web site to deliver viruses—Trojans and other sorts of malware—to other people who visit that site, without the site owner’s knowledge. That’s the big concern I have for any business, small or large. If a business is not maintaining security of its Web server, maintaining its patches, running its own virus checker, it is very vulnerable, and these attempts at attacks are happening thousands of times per day.
What is the most common error businesses— particularly manufacturing businesses—make in terms of the Web?
When you create a Web site, you’re usually using third parties’ intellectual property, most often a copyright in a photograph, or a copyright in a text that may have been used on your site. A lot of folks presume that their Web developer is taking care of clearing permission for that use. Then a couple of months go by and the site owner gets a nasty-gram from a photograph owner saying, “I see you never purchased a license from us. I need $50,000 from you to settle the lawsuit I’m going to file against you.” Do not presume that all works have been cleared, and demand that the developer provide written proof of license. That’s where people get into deep trouble, and it happens all the time.