Some Takeaways from “When Patents Attack! – Part 2″

I listened to This American Life’s new show on patents today; it’s a followup to the original, widely heralded show from two years ago. I think it was well reported, and worth a listen. Despite concerns about NPEs being worse now than two years ago, I thought the show was oddly more balanced than the last time (even though nearly half the show is just a replay of a portion of the original). The part of the show I want to focus on is a patent granted to Crawford based on a 1993 filing date, which claims a large part of the online backup business model/technology (depending on how you look at it).

In the original show, it was revealed that Intellectual Ventures (IV) purchased the patent in 2007, sold it to a shell company in Marshall, Texas, called Oasis in 2010, but retained a “back end” percentage of any settlements/litigation winnings. Oasis sued a bunch of online backup companies, settled with most, and then lost against the holdouts when a jury found that Crawford actually co-invented the patent but failed to include the other inventor on the patent application. In this part, we learn that IV’s back end percentage is 90%, and that Crawford got about 18% of IV’s take. In short, Oasis got 10% as an enforcement agent. I have a lot to say about this topic, but only a short amount of time now, due to deadlines on three different papers (who says professors take the summer off). I did want to note three takeaways:

1. The Intellectual Ventures part of the story is actually the least surprising/interesting part of the story. I think it’s a great piece of reporting; IV made a real gaffe by pointing to Crawford as its model inventor, and This American Life dug and found some answers. But the answer isn’t all that new if you’ve been following this area. At the time Oasis filed its suit, the conventional wisdom was that IV was mounting several lawsuits through shell companies. Maybe this was due to earlier IV statements that they preferred not to litigate, much like people never die at Disneyland.

It appears that the Oasis lawsuit featured in the show is one of those shell lawsuits, though I have no idea whether IV ceded control when it transferred the patent or retained control about who pursue. To this, I ask the same question I asked in my Wired op-ed: does it matter? Would we view this lawsuit or the patent differently if it were brought by IV? If IV had a 10% backend instead of 90%? If Crawford brought the suit? If Crawford’s company survived to bring suit? My answer is generally not, other than having concerns about misinformation and secrecy. Perhaps others feel differently.

2. Many software patents are too broad. This is nothing new, of course, but the show illustrates it nicely. I’ll discuss the Crawford patent below, but the first part of the show nicely illustrates this point with a segment on the podcasting patent. The show argues that the inventors never could make podcasting work, and resorted to audiocassette distribution; the argument is that the inventor merely invented the “idea” of podcasting.

This type of attack on the patent falls under a few different legal rules: written description (claiming more than the inventor actually invented), enablement (claiming more than the inventor actually taught), and functional claiming (claiming the function divorced from the way it was implemented). Further, in Life After Bilski we argue that an idea that is so broad that it is unmoored from any specific application might be an unpatentable abstract idea.

I don’t know where the podcasting patent stands, but my first read of it makes me think it’s pretty broad.

3. My favorite part of the show was the story about how Crawford obtained the patent. While the ending is not so great (invalidity due to non-joinder of inventor), the story itself is one that is rarely told in today’s patent bashing news cycle.  It turns out that Crawford and friends came up with the idea for online backup with passwords back in 1991, as part of a failed business venture to solve a very real problem that consumers faced – an easy way to back up data offsite. The story describes how the friends swapped floppy disks, but remember that 1991 was before writeable CDs, and floppy drives were 1.44MB. The average 20MB hard drive (can you imagine? how did we live like that?) would take many floppy disks.

Thus, they came up with a solution. Was it obvious? I don’t know. The first When Patents Attack show implied as much, but the patent survived whatever challenges the litigants brought on that front. For all the talk about many other patents in the same area, it might just be that those patents were improvements on this pioneering patent. It wouldn’t be the first time, but I don’t really have any idea.

The point I want to make, though, is that this is patent law working exactly as it was supposed to. It was people getting together to solve a problem, coming up with a solution, and attempting to protect it. (Well, there was one hiccup, which is that the inventors didn’t get together and file, apparently – but it was invalidated for that reason. This isn’t the case most of the time.) Indeed, the show confirms a key point that IV has always maintained, that a significant amount of money was paid to the inventor. That money might stimulate further investment in the invention in the future.

But another thing happened that often happens; the inventors were too early. They came up with a solution that wasn’t commercially viable yet. The world of 2400 baud modems where users pay for bandwidth by the minute was simply not ready for the online solution, and the business failed to materialize. Indeed, my own firm tried something similar in 1997 working with a Sparcstation and a client who was a Sun engineer; it was still too slow to use in-house, let alone online. Technology needed to catch up.

This is one reason why we often see patent assertions much later in a patent’s life, especially in software. Many really great software solutions–both in patents and in research–implement ideas nobody ever thought of on equipment that’s just barely ready to handle it. It’s not until years later that the solutions seem obvious because the enabling technology makes it commercially feasible.

The question is, what do we do about this? In other areas of patent law, we tolerate long delays. We would prefer not to have them, of course. Indeed, one side benefit of the current assertion trend is that patentees are getting more savvy about commercializing earlier. For example, Crawford and friends could have approached folks with fast networks and computers – universities – with their solution back in the early 1990s. Maybe today they would have, and might have found some early adopters.

But even if patents are not exploited, other patent areas treat this as a feature of the system; most calls to reform the system to avoid this problem have been to commercialize earlier, not to kill off  the patents (so long as the patent is not hidden for too long). Software patents seem to be different, though. The collective wisdom seems to be less tolerant of this delay for software. I think the reason for this stems from my second point, above. Because software patents can be so broad, the concern is that a single broad patent –even a valid one– can render an entire industry infringers. Furthermore, patents filed in the early 1990s expire seventeen years after grant, not 20 years after filing. This effectively extended their life, perhaps for too long.

I’ll end by saying that I share these concerns about software patents, but I’m not so sure that they are so different from the rest of the patent world. There have been plenty of broad overarching patents in a variety of industries over time. Some had poor outcomes that stunted industries, and some fueled industries. People disagree about the software industry, I think.

These were my primary takeaways. I wish I had a clever solution, but I don’t; the show is worth listening to, however, with an open mind.

Is a broadcast to everyone private under the Copyright Act?

For the final post in my copyright series, I want to focus on another example in my series of discussions about formalism vs. policy in copyright. Today’s case is WNET v. Aereo, which allowed continued operation of a creative television streaming service. As I’ll discuss below, the case pretty clearly complies with the statutory scheme, much to the relief of those who believe content is overprotected and that new digital distribution methods should be allowed. This time, the policy opposition is best demonstrated by Judge Chin’s dissent in the case.

In the end, though, the case shows what all of the cases I’ve discussed show: copyright was not really developed with digital content storage and streaming in mind. While some rules fit nicely, others seem like creaky old constructs that can barely hold the weight of the future. The result is a set of highly formalistic rules that lead to services purposely designed inefficiently to either follow or avoid the letter of the law. This problem is not going to get any better with time, though my ownguess hope is that the pressure will cause providers to create some better solutions that leave everyone better off.

Continue reading

On Policy and Plain Meaning in Copyright Law

As noted in my last post, there have been several important copyright decisions in the last couple months. I want to focus on two of them here: Viacom v. YouTube and UMG v. Escape Media. Both relate to the DMCA safe harbors of online providers who receive copyrighted material from their users – Section 512 of the Copyright Act. Their opposing outcomes illustrate the key point I want to make: separating interpretation from policy is hard, and I tend to favor following the statute rather than rewriting it when I don’t like the policy outcome. This is not an earthshattering observation – Solum and Chiang make a similar argument in their article on patent claim interpretation. Nevertheless, I think it bears some discussion with respect to the safe harbors.

Continue reading

Solving the Digital Resale Problem

As Bruce Willis’s alleged complaints about not being able to leave his vast music collection to his children upon his death illustrate, modern digital media has created difficulties in secondary and resale markets. (I say alleged because the reports were denied. Side note: if news breaks on Daily Mail, be skeptical. And it’s sad that Cracked had to inform Americans of this…).

This post describes a recent attempt to create such a market, and proposes potential solutions. Continue reading

Academics Go To Jail – CFAA Edition

Though the Aaron Swartz tragedy has brought some much needed attention to the CFAA, I want to focus on a more recent CFAA event—one that has received much less attention but might actually touch many more people than the case against Swartz.

Andrew “Weev” Auernheimer (whom I will call AA for short) was recently convicted under the CFAA and sentenced to 41 months and $73K restitution. Orin Kerr is representing him before the Third Circuit. I am seriously considering filing an amicus brief on behalf of all academics. In short, this case scares me in a much more personal way than prior discussed in my prior CFAA posts. More after the jump.

Here’s the basic story, as described by Orin Kerr:

When iPads were first released, iPad owners could sign up for Internet access using AT&T. When they signed up, they gave AT&T their e-mail addresses. AT&T decided to configure their webservers to “pre load” those e-mail addresses when it recognized the registered iPads that visited its website. When an iPad owner would visit the AT&T website, the browser would automatically visit a specific URL associated with its own ID number; when that URL was visited, the webserver would open a pop-up window that was preloaded with the e-mail address associated with that iPad. The basic idea was to make it easier for users to log in to AT&T’s website: The user’s e-mail address would automatically appear in the pop-up window, so users only needed to enter in their passwords to access their account. But this practice effectively published the e-mail addresses on the web. You just needed to visit the right publicly-available URL to see a particular user’s e-mail address. Spitler [AA’s alleged co-conspirator] realized this, and he wrote a script to visit AT&T’s website with the different URLs and thereby collect lots of different e-mail addresses of iPad owners. And they ended up collecting a lot of e-mail addresses — around 114,000 different addresses — that they then disclosed to a reporter. Importantly, however, only e-mail addresses were obtained. No names or passwords were obtained, and no accounts were actually accessed.

Let me paraphrase this: AA went to a publicly accessible website, using publicly accessible URLs, and saved the results that AT&T sent back in response to that URL. In other words, AA did what you do every time you load up a web page. The only difference is that AA did it for multiple URLs, using sequential guesses at what those URLs would be.  There was no robot.txt file that I’m aware of (this file tells search engines which URLs should not be searched by spiders). There was no user notice or agreement that barred use of the web page in this manner. Note that I’m not saying such things should make the conduct illegal, but only that such things didn’t even exist here. It was just two people loading data from a website. Note that a commenter on my prior post asked this exact same question–whether “link guessing” was illegal–and I was noncommital. I guess now we have our answer.

The government’s indictment makes the activity sound far more nefarious, of course. It claims that AA “impersonated” an iPad. This allegation is a bit odd: the script impersonated an iPad in the same way that you might impersonate a cell phone by loading http://m.facebook.com to load the mobile version of Facebook. Go ahead, try it and you’ll see – Facebook will think you are a cell phone. Should you go to jail?

So, readers might say, what’s the problem here? AA should not have done what he did – he should have known that AT&T did not want him downloading those emails. Yeah, he probably did know that. But consider this: AA did not share the information with the world, as he could have. I am reasonably certain that if his intent was to harm users, we would never know that he did this – he would have obtained the addresses over an encrypted VPN and absconded. Instead, AA shared this flaw with the world. AT&T set up this ridiculously insecure system that allowed random web users to tie Apple IDs to email addresses through ignorance at best or hubris at worst. I don’t know if AA attempted to inform AT&T of the issue, but consider how far you got last time you contacted tech support with a problem on an ISP website. AA got AT&T’s attention, and the problem got fixed with no (known) divulgence of the records.

Before I get to academia, let me add one more point. To the extent that AA should have known AT&T didn’t desire this particular access, the issue is one of degree not of kind. And that is the real problem with the statute. There is nothing in the statute, absolutely nothing, that would help AA know whether he violated the law by testing this URL with one, five, ten, or ten thousand IDs.  Here’s one to try: clickhere for a link to a concert web page deep link using a URL with a numerical code. Surely Ticketmaster can’t object to such deep linking, right? Well, it did, and sued Tickets.com over such behavior. Itclaimed, among other things, that each and every URL was copyrighted and thus infringed if linked to by another. It lost that argument, but today it could just say that such access was unwanted.  For example, maybe Tickemaster doesn’t like me pointing out its ridiculous argument in the tickets.com case, making my link unauthorized. Or maybe I should have known because the Ticketmaster terms of service says that an express condition of my authorization to view the site is that I will not “Link to any portion of the Site other than the URL assigned to the home page of our site.” That’s right, TicketMaster still thinks deep linking is unauthorized, and I suppose that means I risk criminal prosecution for linking it. Imagine if I actually saved some of the data!

This is where academics come in. Many, many academics scrape. (Don’t stop reading here – I’ll get to non-scrapers below.) First, scraping is a key way to get data from online databases that are not easily downloadable. This includes, for example, scraping of the US Patent & Trademark Office site; although data is now available for mass download, that data is cumbersome, and scraper use is still common. That the PTO is public data does not help matters. In fact, it might make it worse, since “unauthorized” access to government servers might receive enhanced penalties!

Academics (and non-academics) in other disciplines scrape websites for research as well. How are these academics to know that such scraping is disallowed? What if there is no agreement barring them from doing so? What if there is a web-wrap notice as broad as Ticketmaster’s, purporting to bar such activities but with no consent by the user? The CFAA could send any academic to jail for ignoring such warnings—or worse—not seeing them in the first place. Such a prosecution would be preposterous, skeptics might say. I hope the skeptics are right, but I’m not hopeful. Though I can’t find the original source, I recall Orin Kerr recounting how his prosecutor colleagues said the same thing 10 years ago when he argued the CFAA might apply to those who breach contracts, and now such prosecutions are commonplace.

Finally, non-scrapers are surely safe, right? Maybe it depends on if they use Zotero. Thousands of people use it. How does Zotero get information about publications  when the web site does not provide standardized citation data? You guessed it: a scraper. Indeed, a primary reason I don’t use Zotero is that the Lexis and Westlaw scrapers don’t work. But the PubMed importer scrapes. What if PubMed decide that it considered scraping of information unauthorized? Surely people should know this, right? If it wanted people to have this data, they would provide it in Zotero readable format. The fact that the information on those pages is publicly available is irrelevant; the statute makes no distinction. And if one does a lot of research, for example, checking 20 documents, downloading each, and scraping each page, the difference from AA is in degree only, not in kind.

The irony of this case is that the core conviction is only tangentially a problem with the statute (there are some ancillary issues that are a problem with the statute). “Unauthorized access” and even “exceeds authorized access” should never have been interpreted to apply to publicly accessible data on publicly accessible web sites. Since they have, then I am convinced that the statute is impermissibly broad, and must be struck down. At the very least it must be rewritten.