USPTO inadvertently makes applicant emails public, responds to community concern
- Up to 21,000 applicant email addresses published on 24 May
- Practitioners scrambling to answer client concerns
- USPTO taking action to minimise effect
Trademark practitioners reacted with concern to the discovery that, on 24 May, the USPTO made the private email addresses of up to 21,000 applicants publicly available in its Trademark Status & Document Retrieval (TSDR) system. The USPTO has subsequently confirmed that it is taking measures to address the issue and prevent it from happening again.
On Tuesday, practitioners discovered that the office had published the email messages of up to 21,000 applicants as PDF documents in TSDR. “[N]ow, the spammers and spearphishers of the world have certainly already scraped my client’s secret email address from that PDF document,” attorney Carl Oppedahl, partner at Oppedahl Patent Law Firm, declared in a blog post assailing the reveal.
Oppedahl furthered the cause on 25 May by circulating for signature a lengthy letter to USPTO Commissioner of Trademarks David Gooder demanding that the office drop the requirement (which first arose in July 2019) that trademark applicants “divulge to your Office where they sleep at night”. The letter notes that exceptions have been made allowing famous people (eg, Robert DeNiro) to hide their personal information out of security concerns. As of 26 May, the letter had collected 67 signatures from people who “have collectively 35,000 US trademark files under management, and who have collectively paid $180 million to the USPTO in the past ten years”, Oppedahl said.
WTR reached out to the USPTO, which said it is in the process of determining how many registrants were affected, along with steps to ameliorate the situation. "We were recently made aware that email addresses of certain trademark registrants were inadvertently exposed on courtesy notices of registration during our transition to electronic registration certificates", a USPTO spokesperson told WTR. "We have taken immediate action to retract the courtesy notices and are replacing them with ones that no longer contain this information. We take great pride in our ability to provide our brand community with the high-quality service it deserves and have taken steps to prevent the issue from occurring again."
Expanding, the office explained that, on 24 May, it sent over 21,000 courtesy emails, called “notices of registration”, to the email addresses of record of applicants whose marks had obtained registration. For those registrants represented by an attorney, the courtesy notice posted in TSDR included the owners’ email address, which was made publicly visible, even though the USPTO typically masks that data field for represented applicants. It confirmed that “this was an oversight in the transition process to e-registration certificates… [And] We are working through these notices and will know the full number of impacted registrants in a few days.”
In the meantime, the office is removing the courtesy notices from the affected records in TSDR and will replace them in the coming days with a regenerated notice that does not contain the email address for represented registrants.
Examination guide changes
The use of applicant emails has been a hot topic in recent months, the USPTO having previously reacted to pushback from trademark practitioners against its plan to make the personal email addresses of trademark applicants publicly available.
The USPTO sent an alert on 7 February 2020 notifying users that a new examination guide would be effective as of 15 February, requiring an email address for “each applicant” even if they had an appointed attorney. The email address would need to be regularly monitored and would be publicly viewable in the filed documents tab on the TSDR platform. What is more, it could not be an email address owned by outside counsel or a foreign law firm.
This requirement met with a protest letter written by Oppedahl and signed by 199 practitioners, sent to the acting commissioner for trademarks, Meryl Hershkowitz, and other USPTO officials. The USPTO then scaled back the requirements, issuing a revised new examination guide related to mandatory electronic filing. This still required an email address to be provided with applications. However, it allowed email addresses for counsel representing trademark owners, including those created specifically for this purpose. Such addresses would be made public. Personal email addresses would be shielded from public view.
The Trademark Manual of Examining Procedure states: “The email address listed in the owner field for trademark applicants who are represented by a qualified US attorney will not be publicly viewable. Only the e-mail address of the attorney will be publicly viewable, and the USPTO will use the attorney’s email address for correspondence.”
On Tuesday, however, came the discovery that the office had published the email messages applicants as PDF documents in TSDR.
“My clients were being contacted directly”
Lindy Herman, senior counsel at Rutan & Tucker, was cited by Oppedahl as the first to notice the problem on 24 May. She told WTR (before the USPTO response): “I discovered that my clients were being contacted directly when I received the first round of digitally issued trademark registration certificates and saw my client’s email address in the CC line. I then went to the USPTO’s publicly available database and found a copy of that email – which included the header and email addresses – available for viewing and download. I then spent the afternoon sending explanation emails to my clients.”
Herman expands: “The publicly viewable information of applicants results in applicants getting a slew of scam ‘invoices’ for supposed fees due, which appear to be legitimate communications from the USPTO. The USPTO is well aware of this.”
Up until now, the only public information was the name and physical address of the client. Thus, the scam invoices were typically hard-copy mailings. “One way we have sought to protect our client is to explain that, as their counsel of record, all legitimate communications from the USPTO will come through us,” Herman says. “The release of client emails creates a new channel for these nefarious actors to reach our clients, and adding to that, it is now the same communication channel as legitimate USPTO communications. From a more practical perspective, this simply confuses clients: ‘what is this email I got?’, ‘should I click on the link?’, ‘is this legitimate?’”
A “major unforced error”
Richard A Schafer, principal at Schafer IP Law, has called this week’s action “a major unforced error by the USPTO that will cause problems for both registrants and trademark practitioners”.
Oppedahl’s first blog post reflected the views of many trademark practitioners, Schafer says, but it failed to acknowledge another problem when it was written. “Not only has the USPTO broken its promise to keep our client’s email information confidential, it’s also misusing the email address for a purpose it was not intended,” Schafer says. “We already know that data miners have scraped this email data from that USPTO correspondence and begun sending out emails to those email addresses, so many practitioners will have to get their clients to change that email address to a new email address to avoid such unwanted correspondence. In other words, even if the USPTO goes back now and masks the email address in TSDR, it’s too late for the over 20,000 registrations that already published that information.”
In addition, he says: “Because the USPTO has now communicated registration information directly to the client, contrary to its claim that the client’s email address wouldn’t be used for such purposes, it has bypassed what trademark practitioners have carefully set up to make sure the client gets important information regarding the registration that the USPTO’s sparse email doesn’t include. And the USPTO is also including those client email addresses in emails regarding abandonment, we have since learned.”
The only “right” thing for the USPTO to do, according to Schafer, is “to change registration and abandonment notices to stop including the registrant’s email address as a recipient of the email in all future correspondence”.