China cybersecurity lawsThe PRC government promulgated its Cybersecurity Law on November 7, 2016, with an effective date of June 1, 2017. To say that foreign tech firms are concerned about the impact of this new law on their business in China would be an understatement. In addition to tech firms, our China lawyers have received a steady stream of questions from clients with China WFOEs who are concerned about an entirely different set of issues. Article 35 of the law states that “personal information and other important data gathered or produced by critical information infrastructure network operators during operations within the mainland territory of the People’s Republic of China, shall store it within mainland China.” Our clients keep asking what this will mean for them.

The surprising answer is not much.

Any company that operates a WFOE in China collects personal information about its employees. China’s new cybersecurity law defines personal information as “all kinds of information, recorded electronically or through other means, that taken alone or together with other information, is sufficient to identify a natural person’s identity, including, but not limited to, natural persons’ full names, birth dates, identification numbers, personal biometric information, addresses, telephone numbers, and so forth.” Certainly, the standard information any company maintains on its employees will qualify as personal information under China’s new cybersecurity law.

In the EU and various other jurisdictions, such personal information must be maintained within the jurisdiction and there should be no transfer of such information across borders. This causes many problems for companies that seek to manage an international workforce through a central location.

So what clients keep asking our China attorneys is whether China’s new cybersecurity laws will establish the same sort of protective system within China? The simple answer is that it will not. China does not have a comprehensive law or regulations relating to the collection, processing or transfer of employee data gathered by a WFOE or other business entity in the normal course of its China business operations and China’s new cybersecurity law does not change that situation.

The cybersecurity law specifically provides that its personal data maintenance and collection rules apply only to critical infrastructure network operators. Network operator is defined as “network owners, managers and network service providers.” In more general terms, this means telecom operators and Internet ISPs. The requirements do not apply to the China business operations of normal private businesses with respect to their normal record keeping requirements for their employees.

Even though nothing has legally changed in China, it is still best practice for foreign companies employers in China to follow the basic rules the PRC government imposes more generally in the consumer context on the collection and maintenance of personal information, including the following:

1. Be sure the disclosing party (your employee) is aware that the company maintains personal information. The company should have a written policy (in Chinese and in English) on how long that information is maintained and that policy should be revealed to the employee.

2. You should not collect more personal information than necessary.

3. You should maintain the confidentiality of the personal information you collect and maintain. That means you should limit internal access to that information and you should take proper security measures to prevent a data breach of the company’s online systems.

4. You should not sell or otherwise transfer the personal information to any third party. Stated more bluntly, do not sell employee personal information to marketers or spammers.

China IP webinar for China lawyersOn October 18, I will be putting on a webinar, Doing Business in China: Structuring Your Deal and Protecting Intellectual Property. This webinar is aimed mostly at lawyers and it is eligible for CLE credits.

It is being put on by Commercial Law Advisors and they describe it as follows:

Who Should Attend? Corporate counsel, in-house counsel, attorneys advising companies or organizations, intellectual property attorneys.

Companies often cannot afford not to do business in China. Whether producing goods there or selling to the Chinese market, companies that engage in business with Chinese partners need up-to-date legal advice on how to protect their technology and other intellectual property (IP) interests from being counterfeited, pirated, or otherwise misappropriated. As IP theft is one of the top issues facing businesses operating in China, there are substantial risks companies must identify and address proactively to protect their valuable IP assets. Deals made in China can threaten IP rights not just in China, but in markets around the world. Understanding the Chinese IP landscape and how to manage the pertinent issues can go a long way to safeguarding your client’s valuable IP interests.

Please join Dan Harris as he explores the nuts and bolts of constructing a good business deal with a Chinese partner, what your agreements should include, and how to manage the Chinese IP rights framework to minimize your client’s IP-related risks.

WHAT YOU WILL LEARN
This webinar will cover:

How to choose a good Chinese partner
Identifying the IP assets that need protection
How to structure your deal
Drafting your deal papers
Drafting China employee contracts to protect your IP
IP registrations: What you should know about trademarks, patents, copyrights, and licensing agreements

China Law Blog readers who use promo code cw16dbc will receive $35 off. Go here to register.

I hope to “see” you there.

China SaaSCountless foreign software companies wish to deliver their software as a service (SaaS) to China. But since China requires commercial ICP licenses for commercial Internet services within China and generally forbids foreign enterprises from obtaining such licenses, directly providing SaaS through a server in China is typically not possible for foreign software companies.

So what can be done? How can a foreign software company get its software to China’s consumers via SaaS? Two methods for providing foreign SaaS in China have been developed. These methods depend on whether the server will be located outside of China or within China. If the server is located outside of China, we use the reseller model. If the server is located within China, we use the license model.

Many foreign software companies waste a lot of time and money in searching for or trying to develop a third model. Many Chinese companies — out of either ignorance or greed — encourage such searching and trying.

In the reseller model, the foreign SaaS provider brings on one or more resellers in China. At a minimum, the reseller locates customers for the foreign company’s SaaS product. The reseller provides the ultimate customer with a user name and password that allows the customer to connect to the foreign server hosting the SaaS product. The reseller collects the fee from the customer and deducts and pays applicable Chinese business and income taxes and then remits the remaining amount to the foreign software provider.

Though very common, this SaaS reseller system does not strictly comply with Chinese law, since the Chinese Government has never reviewed or approved the software content. However, to date, the Chinese government has permitted the reseller model to be used. This reseller model is permitted because it includes the following safeguards that protect the interests of the Chinese government:

  • Access to the offshore server can easily be blocked by using China’s Great Firewall. If the SaaS content is not acceptable to the PRC government or if the SaaS is used for an unacceptable purpose, the connection to the offshore  server can and will be blocked with no prior notice. This happens regularly in China, often to SaaS/cloud products that seem innocent on the surface. The risk of being blocked is therefore the most significant risk in using the reseller model. Some SaaS is at much higher/lower risk of being blocked than others and part of our role as China lawyers is to help our clients analyze this risk.
  • The reseller is liable under Chinese law for the content of the SaaS product. The reseller is not treated as a neutral, ISP type entity; the reseller is treated as though it is the developer of the SaaS product. This is true even where completely independent third parties are the source of content on the SaaS platform. More important, the reseller is liable for quality as well as content. Consider the potential liability here: some SaaS platforms are used for off site medical diagnosis. What happens if the diagnosis is wrong and the patient is injured or dies? The reseller is potentially liable.
  • All applicable taxes are withheld and paid. Through the reseller approach, the PRC government is able to impose double taxation. Taxation first on the income of the reseller and then taxation on the income remitted to the foreign software company. This access to tax revenue results in a more accommodating regulatory response from the Chinese government, but also in lower income for the foreign software provider.

There are several reasons foreign SaaS providers decide they must locate their server in China. Many do so for the generally faster service speed and connection reliability. Others do so to lower their risk of having their software blocked. Some simply cannot find reliable resellers willing to take on the substantial work and risk. Foreign software companies that use a Chinese server do so via a licensee model.

Under the licensee model, the foreign software company does not directly offer its SaaS product in China nor does it directly control the China server. It instead licenses its software platform to a Chinese entity. that obtains the commercial ICP license that allows for offering the SaaS service to Chinese customers through a Chinese server.

The minimum terms of this sort of SaaS Licensing Agreement are as follows:

  • The Chinese licensee owns the ICP license. Acquiring a commercial ICP license is expensive, and the licensee must pay all the costs. Because of the considerable expense, it is difficult to find Chinese companies willing to take on the financial burden of acting as a licensee.
  • The licensee owns the URL that provides access to the server.
  • The licensee holds a license for the entire content of the SaaS platform software. As with resellers, the licensee is liable for the content and performance of the software.
  • If the SaaS platform is hosted on a cloud server, the licensee has the the contractual relationship with the cloud service provider.
  • The licensee has direct contact with and collects the income from the customers The licensee pays a license fee to the foreign software provider under normal license royalty rules.
  • Since the server is located within China, the Chinese government has the right to access the content of the server at any time.

As the above discussion makes clear, neither the reseller model nor the licensee model are ideal solutions for companies wanting to provide SaaS to China. Most of our foreign SaaS developer clients have used the reseller model successfully. However, the licensee model has been the only solution for some of our clients. For example, for SaaS software that will be used by a Chinese government institution such as a hospital or university research center, Chinese government regulation normally requires the SaaS software be housed on a server located in China. The same rules typically apply for SaaS software used by PRC banks and other financial institutions. Since these situations require a server located in China, the licensee model is the only choice available.

Bottom Line: If you are a software company looking to sell your SaaS software in China, you can do so using either the reseller or licensee model.

China LawyersWe started a China Law Blog Group on Linkedin to create a spam-free forum for China networking, information and discussion. We have more than 11,000 members and the number and quality of our discussions continues to increase as well.

We have had some great discussions, as evidenced both by the numbers (discussions sometimes get 50-100 comments) and on their substance. Our discussions range from the practical (“how do I open a China bank account” or ”what do I need to do to comply with China’s work visa policies) to the ethereal (“when will we know China is taking innovation seriously”).

The group’s diversity is its greatest strength. We have a large contingent of members who live and work and do business in China and a large contingent of members who do business with China from the United States, Australia, Canada, Europe, Africa, the Middle East and other countries in Asia. Some of our members are China lawyers, but the overwhelming majority are not. We have senior personnel (both China attorneys and executives) from large and small companies and a whole host of junior personnel as well. We have professors and we have students. All of these mixes help elevate and enlighten the discussions.

I am, however, proudest of how we block anything that even resembles spam from ever showing up on our site. We have become so proficient at this that virtually nobody even tries to inject spam into any of our discussions. Many of our members have commented on how much they appreciate this.

If you want to learn more about doing business in China or with China, if you want to discuss China law or business, or if you want to network with others doing China law or business, I urge you to check out our China Law Blog Group on Linkedin and join up. The more people in our group, the better the discussions.

We will see you there. Click here and join us.

And if Facebook is your thing, please check out our rapidly growing China Law Blog Facebook page, where we post anything and everything that is China relevant. Our focus there is to educate and to entertain and that means we post about more than just China law and China business. We post on China politics and diplomacy, China culture and history, China travel and tourism, China food and fashion; really on just about anything we find interesting that day. More than 12,000 people “like” us there so we must be doing something right, so please check out our Facebook page too, by clicking here.

And last and least, after a three year hiatus, I went back on Twitter and I even occasionally post there as well. Click here for that.

China stock optionsThe China lawyers at my firm have been experiencing a big uptick in the number of companies and individuals contacting us after having been offered stock in a Chinese company as an alternative to payment in cash. This swapping of stock for pay is a relatively new phenomenon, so I want to explain how it works and, most importantly, why it cannot work for foreigners.

This is how this stock scam typically goes down. The Chinese company — usually in the tech sector — is in desperate need of the expensive skills or knowledge of a foreign person or entity. The Chinese company states: “we need your services, but we are a start up.” So, instead of paying hard cash, the Chinese company offers founders’ stock or employee stock options in their Chinese entity. Just as is the case with Silicon Valley founders stock/stock options, the idea here is that the Chinese entity will go public (“do an IPO”) and the stock it is giving will then provide a windfall benefit to the foreigners to whom they have given the founders stock or the stock options.

Unfortunately, this is all an illusion for the simple reason that no foreign person can own stock in a Chinese domestic company not already listed on a stock market. So any such option or stock transfer is void from the start. Foreigners are not permitted to be shareholders of Chinese domestic companies, nor does China recognize the concept of nominee shareholders.

Even though the offering of stock in Chinese companies is a fraud, we are still seeing many foreign individuals and companies taken in by such offers, most commonly in the fintech sector. Whatever the sector though, the Chinese company will use the “standard” Silicon Valley approach of offering a stock option package as a key benefit in the employment package. By offering stock options, the Chinese company can pay less and secure greater loyalty, while still exploiting the skills/extracting the knowledge of foreign individuals in developing an innovative software or other high tech product.

This exploitation/extraction period typically lasts one to three years, at which point the Chinese company tells the foreign individual, “sorry, the Chinese government has now informed us that we cannot issue stock options to you.” Sometimes, to better hide the scheme, the Chinese company will propose a series of fantasy work arounds, such as elaborate nominee schemes illegal under Chinese law. These proposals often convince the foreign person to waste another year or two with the Chinese company. But, in the end, the result is always the same. The Chinese company defaults on its promise to provide the foreign individual with stock in the company and the foreign individual is left high and dry. Since the founders stock/stock option scheme was void from the start, there is nothing the foreigners can do to enforce their rights in China, since they never had any such rights.

A similar scam is often perpetrated on foreign entities. The foreign entity has a technical service of great value to the Chinese company. The Chinese company then says: “We really need your services, but we are growing so fast these days that we simply do not have the free cash to pay you in cash for that. However, since we are growing so fast, it is certain we will soon do an IPO on the Shanghai stock exchange. So, instead of our paying you in cash, we will agree to pay in you in stock options. Our stock will provide you with far more monetary value than the paltry fee we would pay you for your services and by working with us, you will gain entry into the lucrative Chinese market and highly profitable work for Chinese companies will follow.”

This scam results in the same sad result as the employee stock option scam. First, as with employee stock options, a foreigner cannot own stock in the Chinese entity, so the option is void from the start. Second, the private Chinese entity never does an IPO on the Shanghai market, so the whole concept was an illusion. Third, the only thing the foreign entity achieved was to identify itself as an easy mark, which means there was no future profitable work available in China. Finally, the foreign company does not figure out the scam until after it has already transferred its service or valuable information to the Chinese entity.

There are a couple of elegant variants Chinese entities use to implement the Chinese stock scam. In the rare case where a private Chinese company actually completes an IPO, the listing is on a foreign exchange: usually either Hong Kong or the United States or London, where due to Chinese law requirements the actual listing entity is not the Chinese company for which stock options or stock were purportedly given. Instead, the listing entity is some form of subsidiary or other affiliate of the Chinese company, so that when the IPO takes place, the holder of the scam option or stock in the Chinese company can be told: “your stock option (or stock) is with the Chinese parent; you do not have an option with the affiliate actually listed. Sorry.”

Private companies in China are effectively locked out of China’s domestic IPO market. On the other hand, such companies have become attractive targets for private equity financing. But the story here is the same. The private equity financing occurs in China, resulting in a big payout to existing shareholders of the Chinese entity. The foreign stock option holder looks for an equivalent benefit. The Chinese entity then responds: this was a private equity deal, not an IPO. You did not own any stock at the time of the private financing, so you are not entitled to any benefit.

Bottom Line: Foreign individuals and companies should not accept promises of stock options or stock in a Chinese company in place of employment compensation or payment for services. Any Chinese company that makes the offer of payment in stock is either ignorant of the requirements of Chinese law or intentionally committing fraud. Either way, foreign individuals and companies should refuse to work with any Chinese company that makes this kind of stock offer. We have seen many of these deals. None have ever worked out well, and it will not work out well for you.

China AttorneysWe write about this particular China bank scam every six months or so because it just keeps happening, and in ever greater numbers. The Wall Street Journal did a story on it today, entitled, New Techniques Used to Target Business Email and in the last month alone, our China lawyers have received emails from at least three companies (Two U.S. and one from Spain) that were bilked out of between $46,000 and $270,000.

According to the Wall Street Journal (and this jibes with most of what our China attorneys have seen as well), criminals breaking into email accounts and changing bank-account information to capture payments intended for suppliers:

The increasing prevalence of the schemes has drawn the attention of law enforcement. Attackers who once pretended to be executives directing subordinates to transfer money are using new techniques, including malicious software to break into email systems and redirect the payments, said Rick Alwine, a supervisory special agent with the Federal Bureau of Investigation’s Cyber Division.

“We’re seeing an evolution of business email compromises that started around 2013,” he said.

The number of these bank account email scams is increasing, but what remains the same is that most of these wire-transfer requests are for China and Hong Kong:

In an analysis of 44 recent fraudulent transfers, 84% of the transfers went to accounts in China and Hong Kong where it is more difficult for victims to recover their money, the FBI alert said. The FBI says it has logged nearly 18,000 reports of business email scams since 2013 accounting for $2.3 billion in losses, and complaints about these scams more than tripled last year, compared with 2014.

The Wall Street Journal article does a good job explaining the nature of these scams, but it mostly throws up its hands on how to prevent them and does not discuss at all what its victims can do to try to secure at least some recovery:

SecureWorks says such scams are known in Nigeria as “wire-wire” and are openly discussed in songs and online discussions. A Facebook group calling itself “Wire wire zone” offers to connect scammers with money mules who will transfer funds. “It’s an open bazaar for money laundering,” said Joe Stewart, a director of malware research with SecureWorks.

 

*    *    *    *

When the buyer sends an order, the scammers step in, ultimately intercepting the seller’s invoice and changing payment instructions before sending it back to the buyer. With the modified invoice, funds are sent to the criminals instead of the seller.

In the U.S., companies are becoming more aware of the risks of email fraud, but Mr. Stewart worries that most businesses aren’t protecting themselves against this newer variation. “True business email compromise is almost invisible to both victim companies involved in the transaction,” he said. “It’s going to take a lot more effort to stop it than a simple reminder to phone the CEO before wiring money on his behalf.

 

What can you do to prevent it from this scam happening to you? We recommend you do the following:

  1. Get to know your suppliers who speak English (if you don’t speak Chinese) and get your supplier’s landline phone numbers as that cannot be hacked. Call if you have any concerns.
  2. Get your supplier’s bank account information in advance and ask them to refer to “bank account information document” on their invoices, rather than listing out full bank details every time.
  3. Check your bank account every day, maybe even twice a day. If you catch a wire early enough you can sometimes stop it.
  4. Do a first small wire to confirm the account.
  5. Note that paying a Chinese company in mainland China is generally safer for you than paying them overseas, be it Hong Kong, Taiwan or anywhere else.
  6. Have a special procedure for confirming bank account changes with your suppliers.
  7. Have an internal procedure for confirming all payments over a certain amount.
  8. Get an insurance policy that covers computer hacking or fraud.

 

I have said it before and I will say it again, but this time with the Wall Street Journal to back me up: the bank switch scam is the most common, most pernicious and most difficult to detect international scam of which I am aware, and it just unrelentingly keeps happening. And even though the business relationship is often between a Chinese company and a Western company (though we have dealt with this issue on multiple occasions where there was never a Chinese company involved), the perpetrator of the scam oftentimes is in Nigeria or in some country other than China.

This scam usually involves your regular Chinese supplier asking you to make a payment or payments to a new bank account, though it sometimes can involve your very first payment to a new Chinese supplier. Then even after you make the payment or payments, your China supplier insists you still owe it the full amount (oftentimes with added fees) because it never received your payment. When you explain to your China supplier that you in fact did pay it, your supplier points out that the bank account to which you sent the funds is not theirs and that you still owe the money.

This all happened because your Chinese supplier got hacked, either by someone outside or within the company and you indeed have yet to pay it. Or maybe it was you who got hacked.

What can you do if you have already been victimized? We do the following when retained by a company that has been victimized by this fraud:

1. We determine whether there are any insurance claims to be made. This is usually your best chance of recovering all that you have lost, but do not expect your insurance company (as is often true) to pay without a fight. We help by explaining to the insurance company how these scams happen and why you are entitled to coverage under your policy and we get the Chinese supplier to help as well.

2. We try to get some monetary contribution from your Chinese supplier by letting it know that it was (or might have been) their computer system that the scammer hacked and therefore it should pay at least some of our client’s loss. Much depends on our client’s relationship with its Chinese supplier and on what the Chinese supplier perceives its future relationship with our client will be.

3. We try to determine if there is any chance in recovering anything from the perpetrator. This is a very expensive and time-consuming process and there usually has to be a lot of money involved for it to make much sense. Nonetheless, we find that our at least having run this option to ground helps immensely in dealing with both the Chinese supplier and with our client’s insurance company, neither of whom want to pay anything until they are convinced that we have done all that we can to try to recover from the crooks themselves.

Please, please, please, be careful out there.

 

Internet of Things IoT
Internet of Things = Shenzhen

A little more than a year ago, I did a post, entitled, Shenzhen As China’s Most Competitive City. It Just Might Be…. I wrote that post in response to the Chinese Academy of Social Sciences having just named Shenzhen as “China’s most competitive city.” I talked of how our China lawyers were seeing a shift to Shenzhen among our clients:

Five years ago, my law firm’s clients would nearly always set up their China operations in either Shanghai or Beijing. Beijing if they were in media or entertainment or software and Shanghai if they were in consumer goods or finance or pretty much everything else. Though we would occasionally get strays who would set up in Qingdao or Dalian because they were in the fishing or shipping industry or Xiamen or Xi’an because they liked those cities or knew someone there, or Shenzhen because they knew the city from having gone there so many times to oversee their product manufacturing outsourcing, certainly our bigger and more sophisticated clients were choosing Beijing or Shanghai.

But in the last few years, many of our China WFOE formation clients are requesting we set them up in Shenzhen.

I noted that our clients were giving us the following reasons for choosing Shenzhen:

1. It’s close to Hong Kong but cheaper.

2. It’s become the electronics hardware center for China, and not just for manufacturing, but for design and engineering.

3. It may not be as exciting as Shanghai or Beijing, but it’s the best place for business.

4. It is a nice place with a number of good international schools.

5. It is a lot less expensive than Shanghai or Beijing.

In just the last year since I wrote the above, Shenzhen (despite getting considerably more expensive) has almost taken over our China practice. Not so much with WFOE formations (though those for Shenzhen have increased) but with anything having to do with hardware and with the Internet of Things (IoT). At least half of our new clients in the last year are involved with Shenzhen. Some are seeking to go into Shenzhen via WFOEs, but most are working with the electronics manufacturers there and with them they are looking to manufacture, do joint ventures or technology licensing deals. If we were to subtract out our China media and entertainment work (virtually all of which takes place in Beijing) Shenzhen is without a doubt the most important city for our law practice right now.

As part of that, Steve Dickinson and I will be going to Shenzhen in late September to speak on the legal issues related to hardware and the Internet of Things. We have spoken countless times in Beijing and in Shanghai (and even in Qingdao and Dalian) but until about a year ago, never in Shenzhen, and yet we will be speaking at least twice there in September.

Of course it is not just lawyers who are taking note of Shenzhen’s increasing importance. Renaud Anjoran, on his Quality Inspection Blog, recently did a post entitled Shenzhen, the Best City in China for Manufacturing? Renaud started his post by talking of how views of Shenzhen vis–à–vis (I’m using French here as a nod to Renaud) Hong Kong have so radically changed:

Many Hong Kong people still shriver when they hear “Shenzhen”. It used to be a very poor patch of land along their border with the mainland. Unsurprisingly, Hong Kong people were seen as an easy target for some Shenzhen criminals. But things have changed a lot.

Nowadays, most Shenzhen residents are happy with their lives. When they visit Hong Kong, they wonder how people can survive in such a tiny, cramped environment, where the basic necessities of life are so expensive.

Renaud then writes about how so many tech companies are located in Shenzhen:

Recently a bunch of glowing articles about Shenzhen appeared in the Western press. They tend to focus on the long list of tech companies headquartered in Shenzhen: Huawei and ZTE (telecom equipment, phones…), Tencent (the only other internet company at Alibaba’s scale in China), DJI (drones), OnePlus (mobile phones)…

MakerBot, the famous 3D printing company, was a big advocate of “Made in USA”… until they moved production to Shenzhen!

Renaud then puts forth the following proposition: “Quite simply, the North of Shenzhen might be the best location in China, and even in Asia, for a manufacturer of complex products.”

I will raise Renaud one by saying that for most hardware and for virtually all IoT products, Shenzhen seems to have become just about the ONLY place for manufacturing in China, and, to a large extent, in the world.I cannot even think of even one of our IoT clients not tied in with Shenzhen. It’s possible such a client exists, but every single one that springs to mind is linked to Shenzhen.

As IoT continues to boom, Shenzhen no doubt will as well.

What are you seeing out there?

For more on China and the Internet of Things, check out the following:

 

China copyright takedownsThis is the fifth in our series about online copyright takedowns in China. In Copyright Takedowns in China, we provided a general summary of the regulations that establish the takedown procedures. These regulations enable enforcement of the “right of communication through an information network” as it applies to sound recordings and audiovisual recordings. In Copyright Takedowns in China Part II: Searching, Linking or Storing? we looked at how providers of storage space face more liabilities than those merely providing searching or linking services. In Copyright Takedowns in China Part III — Audiovisual and Sound Recordings in the Cloud, we discussed how China’s takedown regulations apply to cloud service providers. In Copyright Takedowns in China, Part IV: Whatever you do, Register your Copyrights First, we made clear that “if you ever expect to have infringing content taken down the single most important thing you should do is register your copyright in China in advance.”

In this post we discuss your options after you have succeeded in taking down copyright material.

One of the problems with China’s notice and takedown system is that, after the material has been taken down, a copyright owner’s further recourse against an infringer is uncertain. This is because it’s hard to identify an infringer who has allowed material to be taken down in response to a notice. Infringers are only required to identify themselves to the copyright owner if the infringers object to the takedown. Without the identity of the perpetrator it’s hard, though not impossible, to initiate copyright infringement proceedings in China. The infringer tends to remain anonymous.

Solutions and practices are only slowly emerging in response to this problem in China and elsewhere.

One possible solution is a “notice and trackdown” procedure. With such a procedure in place rights owners can identify infringers and hunt them down. The implementation of something like this would require a balancing of the rights of copyright owners with rights of privacy. It would require an exploration of whether there should be an expectation of anonymity in cyberspace.

Some time ago, Frederick Mostert and Martin Schwimmer provided an excellent discussion of the issues in “Notice and Trackdown,” a paper published in Intellectual Property Magazine.

The issue is one of several covered recently in “Notice and Takedown in Everyday Practice“, a report by Jennifer M. Urban and Brianna L. Schofield, both of UC-Berkeley School of Law, and Joe Karaganis, of Columbia University. Part of the “Takedown Project“, the report considers the effectiveness of the notice and takedown process since The Digital Millennium Copyright Act was passed by Congress in 1998. In their findings, the authors conclude that, “Analyzing the effectiveness of [the] procedures in responding to infringing materials on specific sites, balancing copyrights and speech rights … is severely limited by the law’s lack of requirements for publicly disclosing information on notices sent and [online service provider] responses.”

Will we see the balance tip away from online anonymity in China? It would certainly suit copyright owners but it will be hard to say where anonymity should end and accountability should begin.

China IoT. Who owns what?
                          China IoT. Who owns what?

China (Shenzhen mostly) remains the primary destination for manufacturing of small electronic consumer products. And since Internet of Things (IoT) products are red hot, this means our China lawyers are getting a steady diet of China IoT legal matters.

The issue we see on a day to day basis is this: the IoT product has now reached the mass production stage and is being produced in large quantities. Now that it has a commercial product, the U.S. buyer now seeks financing for its young company. The financier (be it angel, VC, private equity, or even someone’s father-in-law) then asks: who really owns the intellectual property in the product? Do you own it, does the Chinese factory own it, or does some third party own it? It is always awkward for the (usually) young entrepreneur to answer that question. However, with the rise of the Internet of Things (IoT), the question has become even more difficult to answer in a definitive way.

How did we get to this point? The process has worked its way through three general stages:

Stage One. In the good old days (say 1981 to 1995), the situation was simple. There were two possibilities. In the first, the Chinese manufacturer made a standard consumer product. The U.S. buyer merely purchased that existing product and perhaps required the manufacturer take the extra step of placing the U.S. buyer’s own trademark/logo on the product. In that setting, ownership of the intellectual property was clear: the Chinese manufacturer owned the product design and the U.S. buyer owned its trademark/logo. In the second, the product was a long standing, well developed product of the U.S. buyer. The buyer brought the completed product to the Chinese manufacturer and contracted with the manufacturer to make a copy. In that setting, ownership of the intellectual property was clear: the U.S. buyer owned all of the intellectual property and the Chinese manufacturer owned nothing.

The simplicity of the relationship encouraged the lazy practice of documenting the entire manufacturing relationship through simple purchase orders. NNN agreements, product development agreements and OEM agreements were seldom used, since the IP ownership was clear and the price and delivery terms were taken care of by the purchase order. This lazy approach then led to the subsequent disasters resulting from product defects. But that is an issue for another post.

Stage Two. In stage two (1995 to 2015), a new form of relationship developed. U.S buyers began coming to China with no completed project in mind. Instead, they came to China with a product idea or proposal. The buyer then worked with the manufacturer to co-develop the product. In some cases the role of the Chinese manufacturer was simply to take a completed prototype and then commercialize that prototype for mass production. In these cases, the U.S. buyer arrived with little more than a very basic idea, and the two sides worked to co-develop the product.

Normally, the Chinese manufacturer offered to perform all of the development work at its own expense, with the implied agreement that the manufacturer would be the exclusive manufacturer of the product. This co-development process typically proceeded using the same lazy “purchase order only” approach from stage one. This lazy approach then has led to the typical issues we see today that make answering the “who owns what” question so difficult. In order to do the co-development process properly, the parties must define their relationship with three agreements: 1) NNN Agreement, 2) Development Agreement and 3) OEM Agreement.

Where these agreements do not exist, as is common, a set of standard issues arises: Who owns the product design? Who owns the molds and other tooling? Who owns the manufacturing know-how and similar trade secrets? If the buyer decides to have the product made by a different factory, what compensation is owed to the manufacturer who co-developed the product? What is the obligation of the manufacturer to comply with price and quantity requirements of the buyer? If the manufacturer terminates its relationship with the buyer and manufacturers the product under the manufacturer’s own trademark/logo, is this a violation? Absent clear, written agreements, all of these questions have very unclear answers. In that unclear situation, the Chinese factory will generally be in the strongest position and in the event of a dispute the Chinese factory will typically prevail.

Stage Three. In stage three (2015 to today), we arrive at the IoT era. In the design, development and manufacture of consumer products for the IoT market, the already unclear and problem-filled relationships of the stage two era have now become magnified. In the IoT era we are now just entering, a whole new set of issues has arisen. In the stage two era, there was at least the simplicity of two entities designing and/or manufacturing a single product. In the IoT era, the situation is much more complex. In most of the IoT projects we have seen over the last six months, the development process has expanded to include the following:

1. Product “concept” from the U.S. buyer.

2. Product external design, from an international design firm.

3. Internal design and function, owned by:

a. The U.S. buyer;

b. The Chinese manufacturer;

c. The provider of sensors and other components required to connect the IoT product to an outside network.

4. Design of the IoT product “app” (usually for a smart phone). This then involves two completely separate sets of software: the communication sending software residing on the IoT product and the communication receiving software residing on the application in possibly multiple forms. In the same manner as the internal design, these software components may be written/designed by multiple parties: the U.S. buyer, the Chinese manufacturer and (quite often) third party software design firms.

So now consider: the product is complete, manufacturing is ready to start, and the U.S. buyer goes out for funding. The funding source then says: who owns this IoT product? Who owns its underlying IP? What we have found when we ask the U.S. buyers is that they usually don’t know. And their initial backers and sourcing companies don’t know either.

As you can imagine, the “we don’t know” response does not sit well with sources of serious financing. Even worse, when the U.S. buyer is now pushed to answer the question, they more often than not find out that the answer is that it is not clear who owns the new product, but what is clear is that the one entity that clearly does NOT own the rights to the product is the U.S. buyer. Even worse, it is often not possible to fix the situation when this stage is reached.

So the message is that as the manufacturing setting becomes more complex, it becomes even more important to enter into clear written agreements that answer the obvious questions in advance. It makes little sense to devote time, energy and money on developing an IoT product that someone else will own.

For more on the issues we are saying involving China and the Internet of Things, check out the following:

Increase your odds of hanging on to your IP
Increase your odds of hanging on to your IP

One of our internet of things hardware clients recently told me how none of what he has learned about the need to protect his intellectual property from China had ever been even hinted at in any of the many IoT seminars he had attended nor in the Indiegogo Hardware Handbook he had “religiously consulted” before he did his first IoT product.

I am about halfway through Marshall Goldsmith’s truly stellar book, What Got You Here Won’t Get You There, so I was quickly able to provide a compelling exclamation for why this was the case:

Continue Reading China, Indiegogo, Kickstarter, The Internet of Things, Marshall Goldsmith, and Suing Your Lawyers and Sourcing Agents Because It Is Getting Really Really Bad Out There