Hackers steal tools from NSA, hack everyone with them

From the New York Times:

Hackers exploiting data stolen from the United States government conducted extensive cyberattacks on Friday that hit dozens of countries, severely disrupting Britain’s public health system and wreaking havoc on tens of thousands of computers elsewhere, including Russia’s ministry for internal security.

Link

There are really only two things that need to be said about this, both said well by others:

  1. “Remember last year when a whole bunch of people wanted Apple to create a special version of iOS for the U.S. government, under the promise that it would never escape their safe hands and get into the wild?” John Gruber, Daring Fireball (link)
  2. “Either everyone gets security or no one does.” Bruce Schneier (link)

The point is there’s no such thing as a security backdoor that “only I can use.” If you want systems to truly be secure, they must truly be secure.

“Visually negligible” is not an indefinite term: Sonix Technology v. Publications International

Sonix owns a patent on using a “graphical indicator” on a surface such as a children’s book to subtly encode information about the surface. It can be used with an optical reader to allow the reader to play, for example, a pig sound when placed over the image of a pig.

The claims say that the graphical indicator has to be “visually negligible.” When Sonix sued someone on that patent, they (eventually) said that term was indefinite.

The district court agreed, and as seems to be common in these indefinite cases, the Federal Circuit reversed:

a skilled artisan would understand, with reasonable certainty, what it means for an indicator in the claimed invention to be “visually negligible.”

The decision cites examples of visually negligible indicators called out in the patent specification. But the decision also states that the parties’ own behavior during the litigation supports the result.

  • No one involved in either the first or the second reexamination had any apparent difficulty in determining the scope of “visually negligible.”
  • During the second reexamination, the examiner was able to understand and apply the term in performing a search for prior art and make an initial rejection.
  • The parties’ experts also had no difficulty in applying “visually negligible.”

I’m not a fan of citing litigant behavior in support of legal conclusions. Litigants make many complex decisions about which arguments to pursue and which to drop, and it’s impossible to reconstruct that calculus on a cold record. Courts should stick to the law and focus on providing predictable guidance on that basis. But it does seem common for courts to cite such behavior so you have to be careful.

Even More Claims Unpatentable Under 101: Apple v. Ameranth

Ameranth owns a few patents related to the automatic generation of menus, like in a restaurant setting where subsequent menu choices change depending on initial selections. These patents got involved in a Covered Business Method review by the PTO, which found that some of the claims were unpatentable under section 101.

On appeal to the Federal Circuit, the panel decided that in fact all the claims were unpatentable under 101.

Some claims already ineligible. The PTO had decided that some of the claims were directed to the abstract idea of generating a second menu from a first menu, and sending the second menu to another location. According to the Federal Circuit panel, the claims:

  • “do not claim a particular way of programming or designing the software”;
  • “are directed to certain functionality” (emphasis mine); and
  • “are not directed to a specific improvement in the way computers operate”

Thus the claims were generic enough to qualify as an abstract idea.

Any other claimed steps (input/output, network communications, etc.) were “insignificant post-solution activity” of a type already known in the case law.

Even more claims ineligible. Most significantly, the PTO had found a few claims eligible because they required linking a menu to a specific customer at a specific table. The PTO had decided this functionality was novel (at least for mobile devices) in 2001. But the Federal Circuit reversed, citing in part a concession made at oral argument that restaurants have always been able to keep track of which customer at which table ordered which meal: “Merely appending this preexisting practice to those independent claims does not make them patentable.”

My views. On the whole, I agree with the outcome here: these claims are generic, don’t solve a truly technical problem, and simply involve automation of well-known activities. But as a side note, I dislike some formulations of this argument.

Petitioners argued that the table-linking claims were ineligible because they were a “classic example of manual tasks that cannot be rendered patent eligible merely by performing them with a computer.” There are many, many manual tasks performed by humans that would be amazing if computers could do them. We go much too far if we make this kind of argument without the appropriate qualifications.

Eligibility of Patents for CBM Review is Narrowed: Unwired Planet v. Google

Covered Business Method (CBM) Patent Review is a special PTO procedure designed to allow reexamination of a certain class of patents popularly criticized for their overbreadth and lack of “true innovation.” These are the so-called “business method patents.”

By statute a patent is eligible for CBM review if it claims a method for “data processing . . . used in the practice, administration, or management of a financial product or service” but specifically excepting patents for “technological inventions.” This is sort of vague, and that leads us to the Unwired Planet v. Google decision.

Unwired Planet sued Google on a patent for restricting an app’s access to location information. Google asked the PTO to reexamine the patent in a CBM proceeding because the patent says the app might be associated with sales services such as a restaurant or store. The PTO decided that the patent was in fact “incidental or complementary to the financial activity” because location services could involve an eventual sale of services.

This analysis didn’t work for the Federal Circuit panel.

The main problem was the PTO never adopted this “incidental or complementary” language in a formal regulation. That language isn’t in the statue, and applying it now against Unwired Planet was improper.

But perhaps more importantly, the panel emphasized:

[I]t cannot be the case that a patent covering a method and corresponding apparatuses becomes a CBM patent because its practice could involve a potential sale of a good or service. All patents, at some level, relate to potential sale of a good or service.

(emphasis added)

Thus, “[i]t is not enough that a sale has occurred or may occur, or even that the specification speculates such a potential sale might occur.”

Net result: the PTO should not have accepted the patent for CBM review. Reversed and remanded.

A Fight Over Reasonable Diligence: Perfect Surgical Techniques v. Olympus America

Patents filed before March 16, 2013 are governed by the “first-to-invent” standard. The inventor can try to prove she was the first to invent (even if second to file) and still get a patent, even if prior art already disclosed the invention when the patent was filed.

But there’s a catch. We don’t want inventors making things and then waiting years before filing a patent. We require inventors be diligent in working on their invention and filing for the patent. But this standard for diligence is a little loose and hard to apply.

In a 2-1 decision, a Federal Circuit panel reversed a PTO decision that found no diligence in the critical time period. The panel concluded (entertainingly) that continuous exercise of reasonable diligence is different from reasonably continuous diligence:

A patent owner need not prove the inventor continuously exercised reasonable diligence throughout the critical period; it must show there was reasonably continuous diligence.

(emphasis original)

In this case the inventor of a surgical tool tried to prove he invented the tool before the publication of a certain Japanese patent application. The Japanese patent application predated his own patent filing by about three months. The inventor testified that he was “reasonably diligent” in working on his invention and patent during that time period, but the PTO found his explanations lacking for some gaps of time during those three months.

The majority said the PTO was too strict by unduly focusing on the gaps:

[T]he point of the diligence analysis is not to scour the patent owner’s corroborating evidence in search of intervals of time where the patent owner has failed to substantiate some sort of activity. It is to assure that, in light of the evidence as a whole, “the invention was not abandoned or unreasonably delayed.”

Basically the PTO couldn’t see the forest for the trees.

Judge Schall, writing in dissent, disagreed and argued (1) those gaps still needed to be explained; and (2) the PTO wasn’t clearly wrong, which is what the Federal Circuit needs to determine.

In any case, this kind of esoteric dispute is one of the primary reasons patent law is so unpredictable and expensive. This isn’t even an opposed proceeding. Imagine the litigation.

Fed. Cir. Permits Trademark Registration with “De Minimis” Sales: Christian Faith Fellowship v. Adidas

A unanimous Federal Circuit panel concluded that the sale of just two hats across state  lines will trigger the “use in commerce” provision for purposes of trademark registration.

A prerequisite for Federal trademark registration under the Lanham Act is “use in commerce.” But is there some minimum threshold, like “substantial use”?

Nope. The decision reviews Commerce Clause jurisprudence (including the infamous Wickard v. Filburn teaching case about a farmer growing wheat for personal use) and finds that even small sales are “part of an economic ‘class of activities’ that have a substantial effect on interstate commerce.” That’s all that’s required.

Meeting the “use in commerce” test for Federal trademark registration isn’t that difficult.

Federal Circuit narrowly reverses another 101 invalidation (Amdocs v. Openet Telecom)

What exactly is the test for 101 eligibility? The Federal Circuit is still trying to figure that out.

In a 61 page opinion, a Fed. Cir. panel reversed invalidation of four patents on 101 grounds. These patents described a system that allows network providers to more easily bill for use of their networks. The system works by capturing network load information in a distributed manner, and this obviates the need for all network load information to flow through a specific point.

The decision was 2-1, and the central dispute was over the test for patent eligibility. Is there a single, articulated test for eligibility as the dissent urged? Or should these cases be taken on case-by-case basis and compared to all prior decisions to determine which they most closely resemble? The latter view prevailed.

Here the claims were eligible because the generic components operated in an unconventional manner, even though they were generic:

[The claims purposefully arrange] . . . the components in a distributed architecture to achieve a technological solution to a technological problem specific to computer networks.

Interestingly, the dissent focuses on the claims’ functional language and concludes that they therefore recite only abstract ideas:

Rather than reciting structure, claim 1 defines the program product using only functional limitations. Looking at those limitations, I find no specific process for accomplishing the abstract goal of combining data from two sources.

Functional claiming is rampant and insufficiently policed, but the remedy is application of means-plus-function limitations, not patent ineligibility.

These claims are probably eligible, and I particularly like the “technological solution to a technological problem” language that is being used more often. In any case, the fall out from Alice continues.

Third Circuit: Product hopping not per se illegal

“Product hopping” occurs when a drug maker creates a new version of their drug. The drug maker “hops” from one version (a 75mg tablet) to a new version (a 150mg tablet). The changes are not usually related to the efficacy of the drug. Perhaps the new version has to be taken less often.

But the hop can complicate generic substitutions. A generic (cheaper) drug must be shown bioequivalent to receive fast approval and allow pharmacists to make substitutions. The alleged goal of many product hops is to complicate the ability of generics to compete.

Does product hopping violate antitrust laws? Not without good evidence of monopoly power.

In a Sept. 28, 2016 decision the Third Circuit concluded there was insufficient evidence that the makers of Doryx acne medication had sufficient market power to support a claim for antitrust.

Takeaway: product hopping isn’t per se illegal and won’t necessarily be analyzed any differently from other alleged antitrust violations. Indeed the Third Circuit echoed concerns by the District Court that product hopping allegations could discourage routine innovation:

The prospect of costly and uncertain litigation every time a company reformulates a brand-name drug would likely increase costs and discourage manufacturers from seeking to improve existing drugs.

 

Don’t Click Links in Emails, John Podesta Edition

The news today thinks it knows how John Podesta, Hillary Clinton’s campaign chairperson, got badly hacked.

John gets an email. It’s allegedly from no-reply@accounts.googlemail.com. It tells him that “someone” from the Ukraine tried to login to his Gmail account, and he should change his password.

John’s IT person inexplicably says the email is legit and that he should change his password immediately. John apparently clicks the provided link and gives his Gmail password away.

Red flags that the email is not legit:

  • The subject is *Sоmeоne has your passwоrd*. Hmm… odd phrasing. Odd-looking o‘s.
  • The change password link is to a bitly.com address. (Don’t go there.)

Do not click links in emails. Especially do not click links in odd emails or on links behind link shortening services.

I don’t really blame Mr. Podesta. We expect too much of users regarding computer security. But still. This is avoidable.