I’m referring to Section 409A of the tax code, which governs how “deferred compensation” is taxed when it isn’t part of a qualified pension, profit-sharing or other sort of plan.  In tax lingo, “deferred compensation” just means compensation that may be paid out in a later tax year than the tax year you had a legal right to it. Applying this definition, a payment that’s delayed from January to December would not be “deferred compensation,” but a payment that’s delayed from December to January would be. (All assuming that the company’s tax year is the same as the calendar year.)  Our situation above qualifies —  nobody disputes that the officer has earned the money and since it may be paid out in the next tax year, it’s deferred compensation.

Here’s the problem: if the deferred compensation arrangement doesn’t meet 409A’s requirements, then the IRS treats the compensation as if it was actually paid when the officer first had the legal right to the money, and taxes it accordingly.  On top of that, there’s interest AND a 20% penalty, in addition to whatever penalties the states impose (I’ve heard, but haven’t verified, that California imposes its own 20% penalty).  All of those taxes, interest and penalties are paid by the employee. The employer, meanwhile, has its own problems — penalties for incorrect withholding, penalties for incorrect reporting, penalties for underpaying Social Security/Medicare, penalties for failing to make required deposits, and so on.  What a mess.

What’s the easiest way out of this? That’s easy: don’t do that. Instead, see your attorney about how to structure the deferred compensation so it isn’t affected by Section 409A. One easy way is usually to make the payment subject to a “substantial risk of forfeiture,” which would mean that the IRS won’t consider it to be awarded until that risk goes away. But, in typical IRS fashion, they’ve defined “substantial risk of forfeiture” in its own byzantine way:

Compensation is subject to a substantial risk of forfeiture if entitlement to the amount is conditioned on the performance of substantial future services by any person or the occurrence of a condition related to a purpose of the compensation, and the possibility of forfeiture is substantial. . . . 

So, basically, there’s only a risk of forfeiture if (i) it depends on somebody (either you or somebody else) providing substantial services in the future, or (ii) if it depends on a condition related to why you’re getting the compensation.  With that understanding, the “you’ll earn $8,000 per month, but we’ll pay you later” can be fixed by changing how and why it’s awarded: “If you are successful in obtaining external financing in excess of $200,000, we will pay you $8,000 for each month between now and the date the financing comes in.” Now, there’s a “substantial risk of forfeiture,” and the 409A problem, along with all those taxes, penalties and interest, goes away.

Two important caveats: 409A also requires the plan to be in writing, and has some specific requirements for what has to be in it, and when the plan has to be written.  But, that’s easy to deal with. And, see an attorney who knows about this stuff. 409A is just too complicated to be adequately addressed in a blog post.

[Graphic courtesy of DonkeyHotey on Flickr.]

Recall that many corporations incorporate in Delaware partially because of the Delaware Court of Chancery, which handles matters related to its corporate law. The Court’s judges (called “Chancellors” in Delaware) are well known for their expertise in corporate law.  Further, because the Court of Chancery is considered to be a “court of equity,” juries are rarely involved — the Court’s decisions are made by its Chancellors. And, unlike in many other states, the Delaware General Assembly considers its courts to be assets and funds them better than many other states. The end result is that Delaware provides a fast and fair forum to resolve disputes.

That’s all fine and good, but how do you know that your dispute will end up in the Court of Chancery? After all, most states (including North Carolina) take the view that their courts should be open to hearing about disputes between corporations and their shareholders, even if the corporation is organized in a different state. Sure those courts should still use Delaware’s corporate law to decide the case, but non-Delaware courts are not as expert as the Court of Chancery, they’re probably not as well funded and they probably use juries. As a result, plaintiff’s attorneys will try to maximize settlement values by suing anywhere but Delaware, frustrating one of the reasons that companies incorporate in Delaware to begin with.

Now, getting into Delaware is pretty easy if there’s a contract involved since many contracts between corporations and shareholders require disputes arising from the contract to be resolved there. But, what about disputes that don’t arise from contracts, like suits against directors for a claimed breach of fiduciary duty or derivative suits?

Recently, corporations have been solving this problem by putting similar language in their bylaws or certificates of incorporation — at last count, 195 corporations have done this.   Netsuite, Inc. has a very typical clause:

Unless the Corporation consents in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware shall be the sole and exclusive forum for (i) any derivative action or proceeding brought on behalf of the Corporation, (ii) any action asserting a claim of breach of fiduciary duty owed by any director, officer or other employee of the Corporation to the Corporation or to the Corporation’s stockholders, (iii) any action asserting a claim arising pursuant to any provision of the DGCL [the Delaware General Corporation Law], (iv) or any action asserting a claim governed by the internal affairs doctrine. Any person or entity purchasing or otherwise acquiring any interest in shares of capital stock of the Corporation shall be deemed to have notice of and consented to the provisions of this Article VI, Section 8.

Of course, this type of provision may not always be a good idea — litigating in Delaware can be expensive and inconvenient when all the evidence is in a different state. So, the cost/benefit analysis doesn’t always favor this sort of provision. That makes this a good thing to talk with your lawyer about.

One caveat: in early 2011, a Federal Court in California refused to uphold this sort of provision when Oracle’s board of directors had injected it into the company’s bylaws without a stockholder vote. (Interestingly, nearly a third of the companies with these provisions are based in California.) Further, there are a bunch of class-action suits pending in Delaware seeking to void these bylaw provisions when the company’s board placed them in the bylaws without a stockholder vote. So, right now, the best practice appears to be to place the restriction directly in a corporate charter, with stockholder approval.

SOPA is intended to fight piracy of both copyrighted works (like music and movies) and physical goods (like face Gucci purses) by going after the websites and other internet services that make these goods available. That makes a lot of sense if the people who are running those websites are held responsible. Unfortunately, SOPA is an enormous overreach that tramples all over the rights of overseas internet services.

Here’s the problem: these bills require advertising networks and payment processors (e.g. credit-card companies or paypal) to cut off access to websites when they receive a complaint that the website infringes either a copyright or trademark. There’s no court-order required: if they get a complaint, they have to cut off the website. Further, if the advertising network or payment processor doesn’t, then the person giving the notice can hale them into court to demand an explanation of why they didn’t!

Now, yes, the site has a chance to contest the order once they find out about it — if they do, then they have to both identify themselves to the person (or company) who issues the complaint and agree to be sued in the United States! But, even if they do, there’s no requirement that the advertiser or payment processor reinstate service. In fact, it’s likely that the site would continue to be cut-off until a judge says they’re legit.

The big problem is that the companies who would be most likely to issue these complaints — the content industry — has a horrible track record. The Digital Millennium Copyright Act has a vaguely similar notice-and-takedown procedure, and the content industry is famous for issuing completely bogus complaints. Consider, for example, the bogus takedown of a video that supported filesharing or Warner Brothers’ admission that it issued takedown requests on material it didn’t own.  SOPA would allow the content industry to similarly impede the speech of foreign websites, without any judicial oversight. (Even worse, think about the havoc one rogue guy issuing bogus complaints could cause.)

The EFF has more in their article What’s Wrong With SOPA. Well worth the read.

Take a deep breath — chances are that you don’t owe anywhere close to that much. There are two ways to compute franchise taxes, and Delaware has simply calculated the taxes for what is often the more expensive method, known as the “Authorized Shares Method.” In this method, if you have 5,000 or fewer authorized shares, the franchise tax is $75; if it’s between 5,000 and 10,000, it’s $150; and it goes up by another $75 for every 10,000 shares thereafter.  Note that these are authorized shares, not issued shares. So, a company with, say, a million shares would owe $7,575 under this method.

Luckily, the other “Assumed Par Value” method typically leads to much smaller taxes. In this method, take your gross assets (from your federal tax return) and divide them by the number of issued shares to get your “Assumed Par Value.”  Then, look in your certificate of incorporation for the “par value” of each of your authorized shares (It’s typically very close to $0 — I typically use $0.0001 ) and add them up, BUT if the par value for any share is less than the Assumed Par Value you just calculated, then use the Assumed Par Value.  Divide by $1,000,000, round up, and then multiply by $350.  That’s your new franchise tax. As you can see, the minimum value this way is $350.

Now, it’s possible to really minimize your franchise taxes by only authorizing 5,000 shares and using the Authorized Shares method — that reduces it from $350 down to $75. But, 5,000 shares isn’t much, especially if you want to grant stock options or seek investors. At that point, the money you spend increasing the number of shares probably eclipses the $275 you save in franchise taxes.

Fair warning here: one mistake that I’ve seen lay people make, especially when they try to save money by using forms they found on the internet or using one of those “we’re not attorneys, we just help you fill out and file your forms” services, is to create their shares with no par value. That’s completely legal under Delaware law, but without par values, the assumed par value method isn’t available.  And that can turn a $350 tax bill into a $7,575 bill.

[Graphic courtesy of DonkeyHotey on Flickr.]

However, that precision comes at a cost: most people find that very precise legal-speak very hard to read. So, those terms won’t help if you actually want to communicate your expectations to your users. And, if they understand your expectations, maybe they won’t want to bring that claim to begin with.  So, instead of thinking about terms as a legal fortress around a service, it might be a good idea to think of them as a trade-off between protecting your legal needs and effectively communicating with your users.

Of course, that doesn’t mean that terms of service should be sloppy or not well-thought through.  It’s still possible to write well, and precisely, in everyday language (or, at least, in language that’s close to everyday language). And an occasional legal term won’t necessarily destroy the readability of the terms.

I’ve attached a sample “Plain English” Terms of Service on the Resources page to demonstrate how Terms of Service don’t have to be written in legal-speak. These terms cover the seven basic concepts listed in this blog post while still being readable enough for most people to understand. Unfortunately, it’s hard to avoid legal language entirely, but I think it’s better than most Internet terms I’ve seen.

That was 1998, and the Copyright Office then put out some interim regulations about how to tell them about the agent.  Basically, you put the required information on a piece of paper (the Copyright office provides a sample form, but there’s no requirement to use it), attach a check for $105, and mail it to them.  The Copyright Office then scans all the paper and posts them on its website. It’s a bit low-tech for the Digital Millennium Copyright Act, but it works.

Now, 13 years later, the Copyright Office is finally getting around to thinking about the final regulations and they’re asking for comments. They are proposing an electronic system to replace the paper-based system, and requiring people who registered in paper under the old rules to re-file through the new electronic system.  That, combined with a new requirement that companies renew their registrations every two years, will help deal with one current problem the Copyright Office has: the directory contains hundreds of registrations for defunct services.

The changes have been needed for a long time. Luckily, it seems that the Copyright Office has gotten it substantially right.  The proposed system should be faster, more reliable and much easier to use, both for service providers and for content owners.

Concerns? The Copyright Office is requesting that comments be submitted electronically at their website.  All comments have to be in by November 28 and will be posted on the Copyright Office’s website.  Following that, replies to the first set of comments will be accepted until December 27.

On September 15, Sony followed this up by modifying their Terms of Service to include this:

Any dispute resolution proceedings, whether in arbitration or court, will be conducted only on an individual basis and not in a class or representative action or as a named or unnamed member in a class, consolidated, representative or private attorney general legal action, unless both you and the Sony entity with which you have a dispute specifically agree to do so in writing following initiation of the arbitration. [Uppercase converted to lowercase for readability.]

Sony’s terms allow users to opt out of arbitration and the class action waiver within 30 days of first accepting the terms. They also allow claims in small-claims court, without arbitration.

Why would I want this in my terms of service?

Arbitration and restricting class actions are two ways to avoid the high cost and slow speed of litigation and by reducing the amount of formality in lawsuits and by significantly restricting discovery (the process by which litigants collect documents, conduct depositions and so on.)  In arbitration, litigants can have their disputes resolved by experts in their field. Further, arbitration is typically a private matter; judicial proceedings are not — most of the evidence will become public. As a result, they are a good way to ward off the occasional sleazy attorney who wants to extract a quick settlement from a company that wants to avoid the cost and distraction of a multi-year lawsuit, even if there is little to no merit behind the suit.

But, arbitration is not for everybody — many Internet services do not require it at all, instead relying on “forum selection” clauses to push suits into their local courts. The answer often revolves around the service provider’s comfort with the informality of arbitration and the likelihood that a dispute will arise.

Unfortunately, the law surrounding class-action waivers outside of arbitration is not so clear — the Supreme Court’s opinion only applies to waivers in arbitration, not in court. And, different states may have different rules regarding whether waivers are enforceable outside of arbitration — California, for one, does not enforce them. So, for now at least, the only sure way to avoid class-actions is to require individual arbitration.

While many of the changes only clarify the existing rules, there are five main places which might impact smaller service providers:

1.  Broadening the amount of information protected

The proposed rules would classify the following as “Personal Information” about a child:

• Photographs, videos or recordings of the child, even if it is not linked to other information
• Persistent IDs like cookies, IP addresses or hardware serial numbers when they are used beyond supporting the service’s internal operations, even if they are not linked to other information
• User/screen names when used beyond supporting the services’ internal operations
• Any identifier which links the activities of a child across different websites or services
• Geolocation data

These changes reflect a shift toward the understanding that children have on-line identities which may not identify their real-world persona, but which should still be protected anyway.

2. Improving notification of the service’s practices

In an attempt to make privacy policies more usable by parents, the proposed rules change the information that must be provided.  In particular, each operator must provide contact information (including, newly, a physical address), and cannot have a single operator be the point-of-contact for a service where multiple operators may collect children’s information. The notice has been made shorter — it still must contain a description of what information is collected and how it is used and disclosed, but no longer needs to mention whether the information is collected directly or passively and does not need to provide as many specifics about third party recipients of information or the notice that the operator cannot condition a child’s use of the service on providing more personal information than is necessary.

In addition, the proposed rules require service providers to put a link to their privacy policy close to where information is collected and have spelled out the requirements of the various notices which the rules require to be sent directly to parents.

3. Tightening “verifiable parental consent”

Most significantly here, the old “email plus” method, where a service would email a parent and then follow up with another contact (even another email) sometime later has been abandoned — the FTC is concerned that the child will just supply his/her own address. In its place, the FTC would allow service providers to ask the FTC to approve a new mechanism for obtaining parental consent. The FTC would have 180 days to respond and, if they approved it, then any other service provider could use the same mechanism.

4. Dealing with third party recipients

Under the proposed revisions, when service providers disclose children’s personal information to third parties, the service provider would have to take “reasonable measures” to make sure that the third party actually had reasonable procedures to protect that information. This section is new — the current version has no similar restriction and relies on the recipient to act appropriately.

5. Deleting information when done with it

Under the proposed changes, a service provider may only keep information for “as long as is reasonably necessary to fulfill the purpose for which the information was collected,” after which it must be deleted. This addition is also brand new.

Have input?

The FTC is asking for public input and is specifically asking 26 (!) questions in the notice of the rule (see pp. 105-112) — instructions for sending comments are on the front page of the notice.

[Photo courtesy of Oleg1975 on Flickr.]

DMCA Notices. The Digitial Millennium Copyright Act grants website owners some immunity from suits based on infringing material the site’s users post, provided that they jump through a few hoops. One of those hoops is that the website list somebody who content owners can contact if they find infringing material on the website. The Terms of Service is a great place to find this.

Termination Provisions. For users who have accounts on the service, how do they terminate their account? What happens to material they’ve previously uploaded to the service? When can the website operator terminate the user’s account? Getting back to DMCA protection, the website must have a policy of terminating accounts of repeat infringers to be covered by the DMCA — this should be mentioned in the Terms.

Amendment: How can the Terms be updated? What sort of notice will the user get? Are there terms that cannot be amended? Just a few years ago, the answer to this last question would have been of course not. But, in the wake of the dropbox fiasco, users sometimes demand specific protections that cannot be taken back out.

Privacy Policy: While not usually included in the Terms of Service, the service should have a privacy policy that lists what personal information the service collects, how it’s collected and what the service does with that information.

That, like the original post, is only a partial, and necessarily incomplete, list — the terms of service itself has to be customized to the service it’s intended for.

[Photo courtesy of Lee Maguire]

There are, however, a few more technical requirements that website operators often miss, possible losing their protection:

(1)  You have to register an agent to receive those notices of claimed infringement.  The copyright office publishes a form for doing this — that and $105 will get the agent registered.

(2) You have to put a notice on the website informing copyright owners how to get in touch with that agent.  Typically, this is put either in a section in the Terms of Service or in a separate link from the front page called something like “DMCA complaints.”

(3) You have to have a policy of terminating repeat infringers, and you have to tell your users about this policy.  Again, something that should go into the Terms of Service.

Now, failing to do these things does not mean that a website owner is automatically liable for any infringing content his users put on his site.  BUT, not doing those things sure makes it easier for copyright owners to sue him for those infringements.

[Copyright logo from Mike Seyfang via Flickr.]

But, what does it mean to consent? What, exactly, does a service provider have to do?

Luckily (or not), the EU has a Working Party that, in a wonderful display of over-bureaucracy, recently published a 38-page “Opinion on the definition of consent” to help explain what service providers have to do to obtain consent. The useful stuff is on p. 35, where six requirements of consent are given:

1. Consent must be freely given, without “risk of deception, intimidation or significant negative consequences.”
2. Consent must be specific, and cannot simply be a “blanket consent.”
3. Consent must be informed: first, users have to be able to understand what they are consenting to, and why — in particular, “the use of overly complicated legal or technical jargon would not meet the requirements of the law”; and second, the information “should be clear and sufficiently conspicuous so that users cannot overlook it.”
4. Consent must be explicit with regard to sensitive data — there must be an active response.
5. Consent must be unambiguous.
6. Consent cannot be based on inaction or silence. There must be some affirmative indication.  (Yes, there’s some overlap here.)

On top of that, the opinion talks about the need to be able to withdraw consent.

Now, technically, that’ s just an opinion of a “working party” and is not binding law, but if you’re planning to offer services to customers in the EU, it’s a good place to start to see how you should go about getting your users’ consent.

Luckily, an awful lot of this can be done at the same time that users agree to their terms of service. Presenting a prominent statement, written in plain English (or plain French or . . .) describing the cookies that would be placed in the user’s browser and how they are used and asking the user to click a check-box to consent would probably do it. The statement should also tell the user what he should do if he wants to revoke that consent. But, if the use of the cookies changes, the request has to be made again.

The downside is that a lot more planning has to go into using cookies, especially when it comes to third-party cookies.

[Picture courtesy of Yuri Long, used with permission under a Creative Commons Attribution 2.0 license.]

Now, the original documents are targeted specifically for Delaware Corporations. That’s great–Venture Capitalists often want their portfolio companies to be incorporated in Delaware–but Delaware doesn’t always make sense for early stage companies (See, this blog post and others in the series for why). So, I modified them for North Carolina corporations and, along the way, made a variety of other tweaks. The results are posted on the Series AA Financing Documents page, along with a lot more information about them.

Please note that while the Y Combinator has been kind enough to allow the revised documents to be posted here, they weren’t involved in the changes (they haven’t even seen them yet) and, as a result, do not endorse them. If you need a useful set of Delaware docs, please check out the original versions at the Y Combinator website. Also, please note that I have never been involved in any financing in which Y Combinator was involved, and, apart from a couple of emails, have no relationship with them at all apart from thinking they’re pretty cool.

[Piggy Bank photo used under a Creative Commons License courtesy of Ken Teegardin. Original Here. He asked for a link to SeniorLiving.org. Happy to oblige.]

The complaint asks for three main things. First, there’s a request for an injunction preventing Universal from using the Cezanne font and from making or selling any new products that contain the font. Second, destruction of all articles “bearing unauthorized and infringing copies of the CEZANNE Font Software” as well as any materials that “bear the result of” Universal’s use of the font. And, third, a bunch of monetary damages, which they claim exceed $1.5M.

Unless Universal decides to settle for nuisance value, this is going to be an uphill battle for P22.

First, copyright protection of typefaces is a bit complicated.  The general rule is that the typeface itself cannot be protected by copyright, but the font software used to create the typeface can be. P22′s attorney is going to have a tough time asserting otherwise, since he said the following on his website:

By law, type designers in the U.S. cannot protect their work by copyright. Currently, copyright law is meant to protect the expression of a creative idea; it does not cover any object or design that is intrinsically utilitarian, which the Copyright Office considers type fonts to be. The Copyright Office will, however, protect the software as a literary work that creates the font. The Copyright Office still requires that no claim be made for the actual design of the font.

The net effect is that it’s an infringement to copy font files, but the font owner’s rights to use the font end when the font hits the page. So, the T-shirts themselves, since they do not contain the font files are not infringing and the “impoundment” remedy of Section 503 of the Copyright Act doesn’t apply. If there’s any copyright infringement here at all, it would only be in the copying of the font software during the creation process.

So…. Next stop is the license agreement. (Side note: don’t use small grey text on a slightly lighter grey background for your EULA.) Unfortunately for P22, its license agreement is a mess. Most importantly, it does not clearly delimit what the user can, and cannot, do with the software. It includes nebulous language like “Most alphanumeric fonts are allowable without additional licensing provided that the Grant of License guidelines are met.” Which ones? Did they decide after the fact that Cezanne was not one of those “most alphanumeric fonts”? That’s ambiguous language–we can’t tell from the agreement if Universal was obligated to pay more, or not–and, unfortunately for P22, ambiguous language is construed against the drafter.

But, it’s even worse for P22: let’s assume that the license agreement is crystal clear, and that Universal breached it. Does that make Universal liable for copyright infringement? Not yet, because now we run into the same problem that the 9th Circuit ran into in MDY v. Blizzard. Did Universal’s breach implicate copyright law, or was it just a breach of contract? Under MDY, limits on use are generally treated solely as contract obligations. For P22, that means they’d be limited to what Universal should have paid originally. Now, MDY isn’t binding law in New York, where this action was filed, but it’s pretty likely that the judge will, at least, pay attention to it.

Now, P22 does have one potentially winning argument: if. during the design and production of the merchandise, Universal made unauthorized copies of the Cezanne font file beyond any clear limits in the license agreement, then could be liable for those infringements. But, that would only entitle P22 to a single award of statutory damages, for a maximum of $150,000, not the $1.5M it’s seeking.

However, now they’ve opened up a new can of worms for themselves surrounding when they can disclose it. Here’s what their new Terms of Service say:

To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.

That sounds exactly like what I’d want. As an attorney, if I stored client information in Dropbox, I’d be particularly concerned about whether they can disclose it to law enforcement without my permission. It is surprising, though . . . what happens if law enforcement comes to them with a warrant?  Unfortunately, what the Terms of Service gives, the Privacy Policy takes away:

We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request . . .

In my view, that’s perfectly reasonable, but certainly conflicts with what their Terms of Service say.  I wonder how long it’ll be before this little nugget starts making the rounds.

To the software publisher, client-sharing its source code can have some of the same problems that plain open-sourcing the code would: potential loss of control and potential embarrassment if the code doesn’t look as professional as the publisher would like. Plus, there’s the question of whether the publisher really wants his customers to know about each other and start talking. And, finally, there’s also the risk that the source code could be released beyond just authorized customers. But, client-shared source also creates the opportunity to fix bugs faster and to see exactly how your clients are using your software, possibly discovering new uses for your software. Further, it can boost client confidence — it’s like source-code escrow on steroids.

If you’re thinking about client-sharing your source code, here are a few things that your license agreement should address:

1. How and when will customer-contributed code be incorporated back into the main branch of your software development?
2. Who owns contributed code? What if it contains code that the customer doesn’t really have the rights to?
3. What are your responsibilities when a customer modifies your code and the combined result breaks?
4. Will your customers pay to have access to your source code?
5. How will you monitor compliance with the license?

Clyde: Hey Karen, how’s the startup going?

Karen: Hi Clyde. It’s going great — we almost have our alpha product ready and there’s a lot of excitement, but . . . Well, we’re running out of money and need to find some more investors.

Clyde: Hey! I can help! I know some investors who might be interested in your business. How about if I introduce you for, say, 2% of what you take in? You don’t have to pay me unless they invest.

Any attorney who works with startups has seen a version of Clyde at some point. Sometimes, Clyde is just a friend of the founder. Sometimes, Clyde is trying to make a business out of introductions. And, sometimes, Clyde hangs around startup events, chatting up founders, talking up his ‘introduction’ services.

But, if Karen’s not exceedingly careful with Clyde and folks like him, she may end up in a heap of trouble.

Here’s the problem — Clyde is basically offering to help arrange securities transactions for Karen — he wants to broker the deal for her.  But, by law, brokers have to register with the Securities & Exchange Commission and, usually, with state regulators where the customers live. And, using an unregistered broker to sell securities is a violation of the securities laws.

What does that mean?  Well, the big thing is that the investors get the right to get their money back, plus interest.  That’s a “heads, we win, tails, you lose” situation: If the company does well, the investors simply hold onto their shares; if the company does not due well, then they just sue to rescind the transaction.  On top of that, the company can sometimes be held criminally liable.

There is, in theory, a narrow exception to these rules that allow people to help in securities transactions, without being a broker.  I say “in theory,” because there’s no rule or specific case which sets out this exception. Instead, it’s arisen from a few cases where somebody told the SEC what they were planning to do, and the SEC told them whether they thought that violated the law. Here’s how the SEC explained it in 2008:

Here are some of the questions that you should ask to determine whether you are acting as a broker:

• Do you participate in important parts of a securities transaction, including solicitation, negotiation, or execution of the transaction?
• Does your compensation for participation in the transaction depend upon, or is it related to, the outcome or size of the transaction or deal? Do you receive trailing commissions, such as 12b-1 fees? Do you receive any other transaction-related compensation?
• Are you otherwise engaged in the business of effecting or facilitating securities transactions?
• Do you handle the securities or funds of others in connection with securities transactions?

A “yes” answer to any of these questions indicates that you may need to register as a broker.

Last year, the SEC modified this even further, saying “ . . . any person who receives transaction-based compensation in connection with another person’s purchase or sale of securities must register as a broker-dealer . . .”

What does that mean for Clyde and Karen? Well, a 2% commission is definitely “transaction-based compensation,” since Clyde would get paid based on how successful the sales were.

What can Karen do? That’s easy — avoid doing those things that the SEC warned about. Karen may be OK if she only pays Clyde a flat fee and all he does is introduce Karen to investors without telling them anything about Karen’s company. But, once he starts telling investors about Karen’s company, or she starts paying him based on the fundraising, that’s where they both start getting in trouble. (Of course, without a clear-cut law, there’s no guarantee either way.  So, talk to your attorney.)

In my view, Karen’s best bet would be to ignore Clyde and generate some buzz by releasing her alpha product–nothing attracts money like success. And, all along, she should have been developing her network so that when the time came, she had a few potential leads to talk with.

By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service.

The concern was that the first part of this grant is very broad — it basically says “we can do whatever we want with your content, anywhere in the world, without paying you, and we can let other people do that too.” All that, however, was limited by the second “to the extent” part. So, the end result was, basically, “You grant us a license to use your content to provide our services.”

Personally, I think people got worked up over nothing. But, DropBox recognized the public relations angle and modified it as follows (changes in bold):

By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services.

Ok, that’s marginally better — now, it’s not to the extent that Dropbox thinks it’s necessary, but is to the extent that it actually is necessary. While I dislike “reasonably necessary” (It’s either necessary or it’s not), it’s better than what they “think” is necessary — who is the thinker? The CEO? An engineer? What if they didn’t think about it? And, what about the second sentence — does it further limit the license, or not? I suspect they just added it in to explain what they were trying to do, but they did so at the risk of adding potential confusion if they ever tried to enforce this provision.

One other thing that bugs me is the listing of rights being granted — use, copy, distribute, prepare, etc…  First of all, this is a copyright license, and the copyright owner doesn’t have the right to keep others from “using” a work — imagine the mess if you bought a book, but had to get a license to read it. So, that part is superfluous. The rest of the rights are intended to track with the list of exclusive rights in Section 106 of the Copyright Act. Some lawyers like to list out exactly which of those rights are being licensed. But, while listing out those rights makes sense in some contexts, doing so is not necessary to grant a license and just complicates this section. Plus, what happens if the work is displayed in a country that has a different copyright regime?

Here’s a first pass at a re-write:

You grant us, our subsidiaries and affiliates a license to your stuff as is reasonable or necessary for us to provide the Service, as it is currently implemented or as we may change it in the future. This license is royalty-free, is not exclusive and is effective world-wide. You also grant us the right to sublicense this license to others as is reasonable or necessary for them to help us provide the Service.

This starts off with what Dropbox can do, instead of granting a very broad license, and then trying to limit it. While I’m not a fan of “your stuff,” that expression is built into the entire Terms of Service. And, this is only a first pass — if I were to think about it further, I’d also want to consider addressing rights beyond just copyright, like rights of privacy or rights of attribution.

As Dropbox has learned, getting this stuff right is hard, and that difficulty is made worse by trying to put the terms in everyday language.

[Note: Ken Adams has a great blog entry that talks about "reasonably necessary."]

Clawback provisions are actually fairly common in option agreements, although they’re often much more limited. One popular provision, for example, provides for the clawback if the (ex-)employee’s non-compete agreement is held to be unenforceable. Another allows the company to claw exercised shares back if the employee is terminated for some sort of dishonesty. And, both Sarbanes-Oxley and Dodd-Frank actually require clawbacks in certain cases when a company needs to restate its accounting and financial reports. In general, those sorts of provisions are not terribly controversial. (Of course, anytime you’re taking something away from a departing employee, you should be prepared for some anger and, occasionally, litigation.)

The Private Equity firm that owns Skype, naturally, has a different take, approximately, “We hired him to help get the company sold.  He quit before that happened, so he shouldn’t get the benefit of his options.”

I don’t have an issue with Skype making that bargain with its employees. But, that’s a much different deal than many employees expect. That’s why I try to make sure that clawback provisions in an option grant are obvious. Hiding them only generates ill will among employees and, as Skype has found out, in the press.

[Image courtesy of Meredith Harris, used with permission under a Creative Commons License. Thanks Meredith!]

But, what is a good strategy? Here’s what I generally recommend:

1. Start with getting a good strong trademark — something fanciful that’s not already a real word in use and that’s not close to another mark.   In general, a Google search will give you a good idea if it’s in use, but you also probably want to check the US Patent & Trademark Office’s database.   Say you choose “Xatronym”
2. Next, apply to the US Patent and Trademark Office for a registration of that mark.  While the USPTO has an easy-to-use interface, the registration itself can get a little complicated, so this is a good place to use an attorney.
3. Then, register those domains you expect people to use to get to you, and the most likely typos.  So, in my example, register xatronym.com, xatronm.com, zatronym.com, etc…  If you’re targeting a foreign country, register the name in whatever domain is appropriate for that country.  The point here is to make it easy to be found, not to try to cover every conceivable domain.
4. Do what you need to do to get ranked in the search engines.   There’s all sorts of advice on-line about doing this, most of which boils down to: have good content that people are interested in.
5. If you find that somebody has registered a domain name that’s similar to yours, first check to see if their use is actually causing you any harm — are they selling something similar to yours, or is it just a parking page?
6. If there is some harm to your business, then pursue the owner through the uniform domain-name dispute resolution policy.   If you followed the first 4 steps, getting the domain turned over to you should be relatively easy.

Of course, that’s only general advice and there are lots of potential reasons why those recommendations would not work for you.  So, you should talk with an attorney with experience in trademark matters before naming your company and embarking on a strategy to protect that name.

[Photo from Widjaya Ivan at Flickr under a creative commons license.]

What’s this about?  Well, there is a kernel of truth — corporations are supposed to have annual meetings at which directors are elected. And corporations generally have to file annual reports with the Secretary of State, or they will (eventually) be dissolved. But, the two are not related — the annual report is usually just filed with your taxes, and is unaffected by whether the corporation has ever had an annual meeting. Further, missing annual meetings is rarely a particularly big deal.  (There are cases where it can be significant, but that’s a topic for a different post.)

I posted about annual meetings here — the forms on post are free, and are probably better than whatever “Corporate Services, Inc.” produces for you, but it’s always a good idea to check with your own attorney before using any forms you find on the web. Why? Lots of reasons. For example, your bylaws or articles of incorporation may place specific requirements on annual meetings, and there’s no way for a standard form to deal with that situation. Having a document that was “prepared by an attorney” is much, much different than having a document “prepared for you by an attorney.”