Current Issue: Volume 25
Living with the Merchandising Right (Or How I Learned to Stop Worrying and Love Free-Riding Stories)
Trademark scholars love to hate the merchandising right (i.e., the use of trademark law to give trademark owners control over product markets in which the trademark is the good—e.g., a BOSTON RED SOX baseball cap). We think that trademark law should protect consumer interests. If no one thinks that sports teams manufacture their own merchandise, then there’s no possibility of source confusion. Rather than benefitting consumers, the merchandising right artificially increases consumer costs by giving trademark holders an unwarranted monopoly over the use of their marks as products.
Questions over what constitutes “reasonable” cybersecurity reporting and operating practices have long vexed businesses and policymakers. Given a lack of clear guidance from Congress, states have filled the vacuum by passing a series of laws requiring “reasonable” cybersecurity such as for manufacturers of Internet- connected devices. Other states have elected instead to provide safe harbors, like Ohio, which rewards companies for investing in a pre- determined list of recognized cybersecurity standards and frameworks—such as the National Institute for Standards and Technology (NIST) Cybersecurity Framework—by minimizing liability in the aftermath of a data breach. This Article: (1) summarizes the current state of state-level cybersecurity policymaking with a special emphasis on how states are defining “reasonable” cybersecurity; (2) discloses the results of a statewide survey on cybersecurity perceptions and practices among organizations in Indiana done in partnership with the Indiana Attorney General’s Office; and (3) makes a series of suggestions based on these findings about how to better educate and incentivize firms about instituting reasonable cybersecurity best practices.
The law governing an “individual genome” (the genetic material and information extracted from a single person) in the United States has two key shortcomings. First, it adopts an absolute conception of ownership, permitting only one entity to claim ownership over an individual genome—either the person from whom it was extracted or someone else, such as researchers and law enforcement officials. Consequently, the law fails to represent and protect the legitimate concurrent ownership interests of multiple entities stemming from, e.g., personhood, labor, and possession. Instead, it prioritizes one interest at the expense of another. Second, the law fails to accommodate the multifaceted and relational nature of an individual genome. An individual genome consists of both genetic material and genetic information; involves personal, familial, and collective aspects; and has varying degrees of excludability and subtractability. The law, however, does not consider these characteristics together.
To combat bioterrorism and cybercrime in the 2000s, antitrust agencies stepped up where Congress failed repeatedly to pass a cybersecurity bill. Their actions were surprising both in content and method. Substantively, the policy the FTC and DOJ promoted was to encourage plausibly anticompetitive joint ventures to proceed, so long as these collaborations existed for cyber safety purposes. The administrative agencies pursued this policy not via either formal or informal rulemaking, but rather a network of non-binding guidance known as “soft law.” This technique structured industry incentives such that joint ventures would continue developing cyber defense mechanisms to protect the entire country. This analysis forces questions about ongoing debates within antitrust law and theories of agency activity. The Article also muses on why decentralized regulation, typically a polarizing subject, is so universally favored for cyber governance.