Home > Publications > Blog

WHD Technology Law Blog

Outsourcing Review: PCI Data Security Standards for Mobile Payments

by Andrew J. Schlidt, posted Monday, June 18, 2012

The mobile payment industry is exploding and the framework of regulations governing mobile payments is evolving at a similar speed. Gartner, Inc. projects that worldwide mobile payment transaction values will surpass $617 billion and 448 million users by 2016. In recognition of the revolution in mobile payment solutions, on May 16, 2012, the PCI Data Security Standards Council published guidance on best practices for securely accepting payments via mobile devices – “At a Glance: Mobile Payment Acceptance Security.”  
Merchants that accept credit card payments through participating brands such as American Express, Discover, MasterCard, and Visa are required to implement security programs in compliance with the PCI Data Security Standards. All merchants engaged in mobile payment acceptance are well-advised to review this newly released guidance for compliance with PCI Data Security Standards in the context of mobile payments. 
Outsourcing Review provides commentary on legal developments affecting companies engaged in technology outsourcing (ITO) or business process outsourcing (BPO).

Outsourcing Review: 2012 Working Paper on Outsourcing IT to the Cloud

by Andrew J. Schlidt, posted Tuesday, June 12, 2012

Image Companies continue to move IT operations to the cloud given the efficiencies and convenience offered by cloud environments. While the cloud is often seen as a practical technological and financial solution by CIOs and CFOs, it conversely raises liability concerns for company risk managers, compliance officers, and in-house lawyers. An International Working Group on Data Protection in Telecommunications recently published a Working Paper in April 2012 to help this latter group wrap its arms around the privacy and data protection issues arising from cloud computing. The Working Paper contains guidance on 44 “best practices” that should be of interest to all cloud customers, especially those with operations, customers, or employees located in the European Union.
Outsourcing Review provides commentary on legal developments affecting companies engaged in technology outsourcing (ITO) or business process outsourcing (BPO).

Outsourcing Review: A Case of “Text Spam” and Vicarious Liability for Vendor Acts

by Andrew J. Schlidt, posted Tuesday, March 13, 2012

Image Many companies outsource portions of their marketing program to third party marketing firms. With the continued popularity of text messaging, marketing firms often encourage clients to enhance brand awareness through multiple channels of electronic communication, including text messaging.

Keep in mind that the sending of unauthorized, automated commercial text messages likely violates the Telephone Consumer Protection Act. In a recent “text spam” class action case before the U.S. District Court for the Southern District of California (In re Jiffy Lube International Inc., S.D. Cal., No 11-2261, 3/8/12), six named plaintiffs claimed that the defendants violated the Act for sending unauthorized, automated text messages to cell phones. One of the defendants sought dismissal from the case on grounds that its third party marketing firm sent the messages. The court rejected this particular defendant’s argument and ruled that the defendant should not be relieved of liability under the Act “merely because it hired a different firm to send advertisements to its customers.”

This ruling is a reminder that companies may be held vicariously liable for the acts of their outsource providers. Companies are well-advised to address compliance with laws and allocation of liability for non-compliance in their underlying outsourcing agreements.

Outsourcing Review provides commentary on legal developments affecting companies engaged in technology outsourcing (ITO) or business process outsourcing (BPO).

The Risk of Using Adwords Continues to be Unclear ...

by Christian D. Lavers, posted Tuesday, December 14, 2010

The pending 4th Circuit case Rosetta Stone Ltd. v. Google Inc. continues to create interest and argument about the use of Adwords. Amici briefs filed in the case are highlighting both the variety of trademark law matters raised in the case, as well as several splits in jurisdictions on these issues.  
Last year, the district court granted summary judgment to Google, finding that Google’s sale of trademarks owned by Rosetta Stone as Adwords was not trademark infringement because: (i) Google’s use of these trademarked terms was not likely to confuse internet users, and (ii) under the functionality doctrine, Adwords were an essential function of Google’s product and therefore were protected use. This application of the functionality doctrine was in opposition to the 9th Circuit case Playboy Enter., Inc. v. Netscape Communications Corp., where the 9th Circuit rejected the functionality doctrine when finding that the marks at issue performed a source-identifying function for Playboy, and therefore functional use by Netscape was irrelevant. The Rosetta Stone case also involves nominative fair use issues, similar to the 2nd Circuit case Tiffany (NJ) Inc. v. eBay Inc., 600 F.3d 93, (2d Cir. 2010), where the 2nd Circuit held that a defendant “may lawfully use a plaintiff's trademark where doing so is necessary to describe the plaintiff’s product and does not imply a false affiliation or endorsement by the plaintiff of the defendant.” Finally, the lower court opinion in Rosetta Stone also touched on contributory infringement liability – specifically whether Google’s sale of trademarks owned by one party as Adwords to another party is intentionally inducing trademark infringement.
Over 30 parties have filed amici briefs with the 4th Circuit in Rosetta Stone, and with so many issues that will potentially be addressed, the case may be a seminal case on the intersection of the internet and trademark law. Stay tuned...

The CPSC Launches Into Social Media

by Melinda Giftos, posted Monday, November 22, 2010

Today, the Consumer Product Safety Commission announced its launch into social media:
In keeping with its commitment to protect the lives of children and families, the U.S. Consumer Product Safety Commission is launching “CPSC 2.0,” a comprehensive social networking initiative that will make lifesaving and other safety information more accessible to consumers. Utilizing a variety of technologies and social media sites, CPSC will rapidly expand its reach to millions of consumers.
Through social media, CPSC can directly reach millions of the moms, dads and others who need our safety information the most,” said CPSC Chairman Inez Tenenbaum.
To read the full text of the announcement, click here.

New Incoterms® Effective January 1, 2011

by Andrew J. Schlidt, posted Wednesday, October 27, 2010

Image If your company buys or sells goods internationally, whether online or otherwise, you will want to familiarize yourself with the newly released Incoterms® 2010. The Incoterms® are an internationally recognized standard in commerce published by the International Chamber of Commerce and are used worldwide in both international and domestic contracts for the sale of goods (such as equipment, parts and computers). The Incoterms® were first published in 1936 and offer internationally accepted rules of interpretation for many common commercial terms.
The Incoterms® help contracting parties avoid expensive misunderstandings by clarifying the responsibilities and risks involved in the delivery of goods overseas. The rules are developed and maintained by experts identified by the International Chamber of Commerce with expertise in international business transactions. The Incoterms® are updated generally every 10 years. A copy of the Incoterms® 2010 can be purchased through the ICC website.
Now is a perfect time to review your standard purchase and sale agreements to determine whether updates are appropriate. Consider both your paper contracts as well as your online agreements (such as terms and conditions of sale, purchase orders, acknowledgments and the like). For companies that outsource manufacturing and fulfillment operations to foreign parties, now is the time to update those agreements. Likewise, if your company sells and markets products through foreign distribution channels, now is a good time to confirm that those distribution agreements are in conformance with changes to international commercial law.

Be Careful Letting Your Friends Use Your Software!

by Christian D. Lavers, posted Wednesday, October 27, 2010

Image On October 18, the Fifth Circuit ruled that a software licensee violated a license agreement by allowing its lawyers to access and use the software. The court found that this use was a violation of the license because the license expressly prohibited any use of the software other than that explicitly granted by the license—and no right to allow use "on behalf" of the licensee was granted. (See Compliance Source Inc. v. GreenPoint Mortgage Funding Inc.). The Fifth Circuit reversed the summary judgment motion that had been granted in favor of the licensee at the district level.
In the case, GreenPoint installed software that develops and prepares loan documents, and then allowed its attorneys to access and use the software to prepare loan packages for GreenPoint loans. The court found this to be a violation of the license, and stated that it would not "look past the actual language of a licensing agreement and absolve a licensee who grants third-party access merely because that access is on behalf of, or inures to the benefit of, the licensee." In distinguishing prior cases, the court held that the license itself must allow use "on behalf of" the licensee in order for third-party contractors or agents to have the right to access or use the software. While the concept that those rights not granted are reserved is certainly not new, this case highlights the importance of carefully drafting or negotiating license agreements to insure that all of those people you need to use the software actually have the right to do so.

Federal Circuit Raises the Stakes in Patent Marking Cases

by Mindi Giftos, posted Thursday, September 02, 2010

Image On August 31, 2010, the United States Court of Appeals for the Federal Circuit issued its decision in Stauffer v. Brooks Brothers. In its opinion, the Federal Circuit held that the plaintiff patent attorney did have standing to sue Brooks Brothers as a qui tam plaintiff. The court also held that the United States had a right to intervene in the patent marking case. This much anticipated decision is likely to embolden would-be patent marking plaintiffs and the number of patent marking lawsuits will undoubtedly continue to grow. If your company has not yet completed product review to ensure markings are correct and up-to-date, now is a very good time to do so.

Imitation is the Strongest Form of Flattery: Just How Strong is the FACEBOOK Trademark?

by Christian Lavers, posted Wednesday, September 01, 2010

Image In what will be a test of just how broad the scope of protection of the FACEBOOK trademark is, Facebook, Inc. has filed suit against Teachbook.com LLC for trademark infringement and related causes of action in the Northern District of California.  Teachbook.com LLC operates a social networking site for educators and teachers (http://www.teachbook.com/), which according to Facebook is deliberately and willfully misappropriating the FACEBOOK brand.  Facebook is arguing that if third parties can use any "generic plus BOOK" mark for online networking services, the word "book" will become generic for online community services, thereby diluting the FACEBOOK trademark.  Key to this argument is Facebook's position that the word "book" is highly distinctive as used in the context of online communities and networking sites.  Further supporting Facebook's complaint, Teachbook touts its service as a substitute for Facebook on its website.  However, the USPTO saw no likelihood of confusion when they approved Teachbook's federal trademark application in September of 2009.  (Facebook has opposed this registration as well.)
This should be an interesting case in evaluating the scope of protection of famous marks.

Federal Data Security Law... Take Three!

by Christian D. Lavers, posted Tuesday, July 20, 2010

Image On July 14, members of Congress introduced a proposed federal data security law for the third consecutive Congressional session, even though the previous two versions of the bill were not acted on. The bill would require businesses to implement, maintain, and enforce reasonable data security policies and procedures, and would apply to all businesses regulated by Gramm-Leach-Bliley, businesses covered by the Fair Credit Reporting Act, and the big catch-all—businesses that maintain or communicate sensitive account or personal information in providing services to covered financial entities. Importantly, the bill would pre-empt the 46 different state laws on data security that already exist—eliminating the conflicting standards that exist today, and closing the gaps where no such law exists.  The bill would only require notification to consumers of breaches of security when harm was reasonably likely—not automatically after any breach. A good idea whose time has come?  We will see...

Shortcomings of the UDRP and Domain Name Disputes

by Christian D. Lavers, posted Monday, May 03, 2010

Image The Uniform Domain Name Dispute Resolution Policy (UDRP) was designed to provide a quick, low-cost arbitration-like process for resolving domain name disputes.  Governed by the World Intellectual Property Organization, a UDRP complainant must establish that (i) the domain name at issue is confusingly similar to their trademark, and (ii) that the domain name is used in bad faith. While the UDRP is effective in many situations, the case Volvo Trademark Holding AB v. Volvospares.com illustrates one of its big problems—proving bad faith in "grey areas."
In this case, the domain name www.volvospares.com was used to sell low-priced parts for Volvo cars; the problem was that the registrant had no connection with Volvo. When Volvo filed a complaint under the UDRP, the arbitrator did not find the domain to have been registered in bad faith because the website had a disclaimer that it was not related to Volvo, and there was no other proof of misrepresentation. However, when Volvo filed a federal cyber-squatting complaint, where the discretion of the judge is far broader, Volvo won transfer of the domain name. The court found what should have been clear in the UDRP—there was intent to divert sales using the Volvo mark.
The case illustrates one of the problems with the UDRP. While the UDRP is very efficient and effective in open-shut cases, it is often better to file a cyber squatting complaint where more complex issues of fact will arise.

Rescuecom Drops Google Adwords Lawsuit After Six Years of Litigation

by Melinda Giftos, posted Tuesday, March 09, 2010

Image After six years of battling with Google in the courtroom over Google's sale of Rescuecom's trademarked adwords, Rescuecom has dropped its trademark infringement lawsuit.
As we previously wrote, in April 2009, the Second Circuit Court of Appeals held that Google's sale of trademarked adwords constituted "use in commerce."  This holding was a major victory for Rescuecom as some courts had previously been readily dismissing adwords cases on this issue at the very early stages of litigation.  The case was remanded to district court where Rescuecom next had to prove that the sale of trademarked adwords also constituted "likelihood of confusion," the second prong of a trademark infringement action.  The case has been closely followed by both the business and legal communities since the issue of whether use of trademarked adwords can constitute trademark infringement is largely unsettled.
So why would Rescuecom simply drop its important case after years of litigation?
Apparently Rescuecom found itself on both sides of the adwords action.  Rescuecom purchased the Google adwords "geek squad" to optimize its own search engine ranking.  In October 2009, Best Buy demanded that Rescuecom stop using "geek squad" as an adword.  Rescuecom then quietly brought a declaratory judgment action in the Northern District of New York claiming that its use of the "geek squad" adwords was legitimate.  Best Buy counterclaimed, alleging trademark infringement and substantially the same allegations Rescuecom had asserted in its Google case.  That case is still pending.  It appears, however, that Rescuecom found it difficult to argue both sides of the issue.  Unfortunately, this means the Rescuecom case will not result in the precedent many were waiting for.
Interestingly, however, this issue is still percolating internationally.  In September 2009, the European Court of Justice's Advocate General issued an advisory opinion which held that use of trademarked keywords by Google or third-party users through Google's AdWords program did not constitute trademark infringement.  Instead, the Advocate General found that Google was providing information society services.  The advisory opinion, however, is not binding and several cases are still pending in European courts, including the heated adwords lawsuit between Louis Vuitton and Google.

Does Your Company Have a Social Media Policy? You Should ...

by Christian D. Lavers, posted Thursday, February 11, 2010

Image The use of social media in the workplace (Facebook, Twitter, Myspace, LinkedIn, etc.) is fraught with legal issues. Questions regarding ownership of information and data, potential copyright infringement risks, and personal privacy issues all intermingle when employees use employer-owned equipment to access and use social media. Concerns about confidentiality and trade secret information are raised when employees discuss company actions, plans, or decisions on social media. Additionally, the decision about how a company should interact with its customers in the social media marketplace is a difficult one. At the end of the day, there may be no one "right" answer—but there certainly are some wrong ones.
It is important that every company have a social media policy to address the risks and rewards of this new communication medium. Even the Florida State Bar is weighing in on the issue, issuing an opinion on November 17, Op. 2009-20 whereby a majority of the Florida Supreme Court judicial ethics committee found "friending" between judges and lawyers to be inappropriate! While there is significant disagreement on whether this position is correct even among legal scholars, it illustrates the increasing importance of social media in all industries. Use of social media is a cutting edge issue that requires some significant thought by businesses of all size.

Another Step Towards Requiring More Security In Online Transactions?

by Christian D. Lavers, posted Friday, February 05, 2010

Image The case Patco Construction Co. Inc. v. People's United Bank d/b/a Ocean Bank, D. Maine, No. 2:09-CV-00503-DBH, 1/19/10) is one of several recent cases alleging breaches of online security in financial transactions that may provide some guidelines as to what constitutes "reasonable care" in online financial transactions. The case alleges that use of several "challenge questions" added no practical safety beyond a password, and that additional mechanisms such as authentication tokens are required to meet the commercially reasonable standard. (Commercial banks are required to take "commercially reasonable" steps to protect customers against fraud.)
This case could be one more step towards a requirement of multi-factor authentication in financial transactions.

Court Confirms that No Trademark Registration is Required to Pursue an Anticybersquatting Case

by Christian D. Lavers, posted Monday, December 21, 2009

Image The US District Court for the Central District of California confirmed that the trademark ownership that is necessary to pursue a claim under the Anticybersquatting Consumer Protection Act (ACPA) does not require ownership of a federal trademark registration. (See Monex Deposit Co. v. Gilliam, C.D. Cal., No. CV 09-287, 12/3/09.) In making this decision the court recognized that common law trademark rights and ownership will support an ACPA claim even if the trademark owner has not obtained a federal trademark registration. While this decision is not surprising based on the language of the ACPA statute, (which requires trademark ownership, not specifically registration), it provides case law for common law owners to rely on in asserting these claims.
The court also held that the fact that a third party may own a registration for the same mark at issue but on different and distinctive goods and services, (thus preventing confusion between the marks), will not prevent assertion of an ACPA claim by a common law trademark owner. This decision is also consistent with federal trademark law, but provides further ammunition for common law trademark owners in ACPA suits, and presumably in UDRP actions and other domain name dispute resolution procedures.

Beware of Trademark Registry Scams

by Melinda Giftos, posted Wednesday, November 18, 2009

Image Have you recently received an invoice for an international trademark registration fee and wondered in which country the mark was registered? Was the invoice legitimate looking, yet somewhat confusing? Were you wondering why you received the invoice directly rather than through your trademark attorney? Hopefully you thought about all of the above and inquired into the situation a bit more. The sad reality is that there are several overseas organizations, such as www.patentonline.org, which use these types of letters and their hoax websites to extort money from unwitting businesses. You are more likely to become duped if you have a large, international trademark portfolio, so registration and maintenance costs are nothing out of the ordinary; or if you typically handle all such fees directly in house.
A client recently received an invoice for the registration fee of one of its marks for almost $2,500 from the "Register of International Patents and Trademarks." It contained a drawing of the client's trademark with a registration number (which coincidentally corresponded with the client's U.S. Reg. No. for the mark) and a "Published" date (which corresponded to the U.S. Registration Date). The fine print: 
"Dear madam, and sir, the publishing of the public registration of your patent is the basis of our offer. We offer the registration of your Patent dates in our private Database. ... Our offer will be accepted, with the payment of the amount, and becomes a binding contract between you and ODM srl, is irrevocably binding for one year. Please notice that this private registration hasn't any connection with the publication of official registrations, but is a solicitation without obligation to pay, unless our offer is accepted...." 
Had they paid the fee, they would have received registry in nothing more than an unofficial, private registry. It was a scam. The clear lesson is to always carefully review invoices and correspondence such as this. If you receive any invoices for trademark or patent fees, carefully review the invoice to ensure it matches up with your company's trademark portfolio. Be vary of invoices that do not clearly indicate a known patent and trademark registry, such as the U.S. Patent and Trademark Office. If your attorney has assisted you with the trademark application/registration, you should not be receiving invoices directly. Last but not least, always read the fine print. Of course, if you have any doubt, be sure to consult with your trademark attorney to verify whether it is legitimate. While you would never want to miss an important fee deadline, you certainly do not want to fall prey to this type of scam.

Court Rejects Settlement Proposal for Data Breach Case Stating There is No Benefit to the Victims

by Christian D. Lavers, posted Wednesday, November 04, 2009

Image The District Court for the Northern District of California rejected a proposed settlement in a class action data breach case against TD Ameritrade Inc., stating that the settlement provided no value to the class. In re TD Ameritrade Accountholder Litig., N.D. Cal., No. 3:07-cv-02852-VRW, 10/23/09.) TD Ameritrade suffered a data breach in 2007 where the personal date of approximately 6 million customers was hacked into. The rejected settlement provided approximately $1.9 million in attorneys' fees but no financial award to the class. The judge stated that requirements in the settlement for TD Ameritrade to conduct data security tests and hire independent experts to analyze the breach were measures any responsible company would take independent of litigation, and that the data security software that would be provided to the victims was available at no charge online already. TD Ameritrade suffered a data breach in 2007 where the personal date of approximately 6 million customers was hacked into. The rejected settlement provided approximately $1.9 million in attorneys' fees but no financial award to the class. The judge stated that requirements in the settlement for TD Ameritrade to conduct data security tests and hire independent experts to analyze the breach were measures any responsible company would take independent of litigation, and that the data security software that would be provided to the victims was available at no charge online already.
In a rapidly evolving area of law, this case indicates that it may be harder than you think to "get out of" a data breach case once it is initiated, providing yet another reason to get the right security in place at the outset.

Red Flag Rules Take Multiple "Hits"

by Christian D. Lavers, posted Wednesday, November 04, 2009

Image On October 30, 2009, the FTC decided for the second time to extend the enforcement date of the "Red Flag Rules"—this time to June 1, 2010. This decision comes as the ranks of the critics of the rules continues to grow. On the litigation front, on October 29, 2009, the District Court of the District of Columbia granted a permanent injunction preventing the FTC from enforcing the Red Flag Rules against attorneys. On the legislative front, on October 20, the House of Representatives passed a bill that would exclude health care practices, accounting practices, and legal practices with 20 or fewer employees from the Rule, and would also exempt any business: (i) where all the clients or customers were known individually; (ii) that only perform services in or around residences of their customers; or (iii) have not experienced identity theft and are in an industry where identity theft is rare.
The continuing extension of enforcement dates, the pending legislative modifications, and the success of legal challenges mean that the Red Flag Rules, when they are eventually enforced, will likely apply to a smaller number of businesses, and will likely have additional provisions that "water-down" the requirements.

FTC Active in Enforcing Online Security Requirements Regarding Personal Information

by Christian D. Lavers, posted Thursday, October 22, 2009

Image Choicepoint has agreed to pay $275,000 to the FTC, and to conduct bi-annual assessments of their information security program and provide these assessments to the FTC for 20 years, in a modified settlement order issued by the Northern District of Georgia stemming from charges brought by the FTC related to Choicepoint's violations of a previous court order requiring implementation of a comprehensive information security program. The modified settlement order also imposes additional reporting obligations on Choicepoint regarding changes in corporate structure that may impact compliance, bi-monthly reporting on security incidents and the responses to them for the next two years, and other detailed reporting and record-keeping requirements.
In 2005, Choicepoint suffered a data breach that resulted in at least 800 cases of identity theft, imposition of more than $15 million in fines and damages, and a court order to maintain a comprehensive data security program. In 2008, this security program was significantly weakened when a key electronic security tool was turned off for four months resulting in additional data breaches. Choicepoint self-reported the breach, which resulted in the modified settlement order.
This order illustrates the point that the FTC is becoming more active in enforcing information security requirements—and once they start looking into your business, it may be hard to get them out.

Simply Complying with PCI May Not Be Enough To Prevent Data Breach Claims

by Christian D. Lavers, posted Wednesday, October 14, 2009

Image Heartland Payment Systems, the fifth largest payment processor in the United States, is the defendant in a class action lawsuit brought by nine banks and credit unions claiming that Heartland did not do enough to safeguard against security breaches. (See In re: Heartland Payment Systems Inc. Data Security Breach Litigation, S.D. Texas, No. 4-09-md-02046, 9/23/09.) Heartland's system was breached by hackers beginning in late 2007, resulting in the theft of personal financial information associated with millions of credit and debit cards, resulting in large expenses by the associated banks and credit unions that issued the cards—costs associated with destroying comprised cards, issuing new accounts, reimbursing consumers for fraudulent transactions, etc. Heartland's system was breached by hackers beginning in late 2007, resulting in the theft of personal financial information associated with millions of credit and debit cards, resulting in large expenses by the associated banks and credit unions that issued the cards—costs associated with destroying comprised cards, issuing new accounts, reimbursing consumers for fraudulent transactions, etc.
Interestingly, Heartland was compliant with the Payment Card Industry Data Security Standards (PCI-DSS) at the time of the hack. The PCI-DSS are standards issued by the major credit card companies requiring certain security standards and data management protocols by vendors using or accessing credit card information. (The standards are available at www.pcisecuritystandards.org. The complaint alleges that Heartland knew before the hack that the "bare minimum PSI-DSS standards were insufficient to protect it from attack by sophisticated hackers." In fact, according to the complaint, a statement made by Heartland in a 2008 Earnings Call acknowledged the need for greater data security beyond the PSI-DSS.
The case goes to show the continued need for online vigilance in the financial industry. It also raises a warning: don't simply rely on standards developed by others for your own security; be pro-active and go beyond what the baseline requirements may be.

Novel Applications of Trademark Law: "Reflashing" Cell Phones Could Constitute Trademark Infringement

by Christian D. Lavers, posted Tuesday, October 06, 2009

Image The Northern District of Texas has held that the question of whether modifying a cell phone so that it could work on a third party's mobile phone network (or "reflashing" the phone) constitutes trademark infringement must be determined at trial—and not by summary judgment. The key question: does reflashing constitute "use in commerce" as required under the Lanham Act?
In the case, MetroPCS Inc. v. Virgin Mobile USA LP, MetroPCS took branded Virgin Mobile phones and "reflashed" them so that they could work on the MetroPCS cell network. The Virgin Mobile phones were originally locked so that they could only function on a Virgin Mobile cell network—and obviously the phones bear the Virgin Mobile trademark. Virgin Mobile is arguing that reflashing the phones to operate on a different network in effect creates new phones—thus satisfying the "use in commerce" requirement—and therefore the fact that the phones still bear the Virgin Mobile trademarks constitutes trademark infringement.
The case illustrates a novel application of trademark law, and while its ultimate success is still undetermined, it may open the door to new application of trademark law in the information technology arena.