Solving the Digital Resale Problem

As Bruce Willis’s alleged complaints about not being able to leave his vast music collection to his children upon his death illustrate, modern digital media has created difficulties in secondary and resale markets. (I say alleged because the reports were denied. Side note: if news breaks on Daily Mail, be skeptical. And it’s sad that Cracked had to inform Americans of this…).

This post describes a recent attempt to create such a market, and proposes potential solutions. Continue reading

Academics Go To Jail – CFAA Edition

Though the Aaron Swartz tragedy has brought some much needed attention to the CFAA, I want to focus on a more recent CFAA event—one that has received much less attention but might actually touch many more people than the case against Swartz.

Andrew “Weev” Auernheimer (whom I will call AA for short) was recently convicted under the CFAA and sentenced to 41 months and $73K restitution. Orin Kerr is representing him before the Third Circuit. I am seriously considering filing an amicus brief on behalf of all academics. In short, this case scares me in a much more personal way than prior discussed in my prior CFAA posts. More after the jump.

Here’s the basic story, as described by Orin Kerr:

When iPads were first released, iPad owners could sign up for Internet access using AT&T. When they signed up, they gave AT&T their e-mail addresses. AT&T decided to configure their webservers to “pre load” those e-mail addresses when it recognized the registered iPads that visited its website. When an iPad owner would visit the AT&T website, the browser would automatically visit a specific URL associated with its own ID number; when that URL was visited, the webserver would open a pop-up window that was preloaded with the e-mail address associated with that iPad. The basic idea was to make it easier for users to log in to AT&T’s website: The user’s e-mail address would automatically appear in the pop-up window, so users only needed to enter in their passwords to access their account. But this practice effectively published the e-mail addresses on the web. You just needed to visit the right publicly-available URL to see a particular user’s e-mail address. Spitler [AA’s alleged co-conspirator] realized this, and he wrote a script to visit AT&T’s website with the different URLs and thereby collect lots of different e-mail addresses of iPad owners. And they ended up collecting a lot of e-mail addresses — around 114,000 different addresses — that they then disclosed to a reporter. Importantly, however, only e-mail addresses were obtained. No names or passwords were obtained, and no accounts were actually accessed.

Let me paraphrase this: AA went to a publicly accessible website, using publicly accessible URLs, and saved the results that AT&T sent back in response to that URL. In other words, AA did what you do every time you load up a web page. The only difference is that AA did it for multiple URLs, using sequential guesses at what those URLs would be.  There was no robot.txt file that I’m aware of (this file tells search engines which URLs should not be searched by spiders). There was no user notice or agreement that barred use of the web page in this manner. Note that I’m not saying such things should make the conduct illegal, but only that such things didn’t even exist here. It was just two people loading data from a website. Note that a commenter on my prior post asked this exact same question–whether “link guessing” was illegal–and I was noncommital. I guess now we have our answer.

The government’s indictment makes the activity sound far more nefarious, of course. It claims that AA “impersonated” an iPad. This allegation is a bit odd: the script impersonated an iPad in the same way that you might impersonate a cell phone by loading to load the mobile version of Facebook. Go ahead, try it and you’ll see – Facebook will think you are a cell phone. Should you go to jail?

So, readers might say, what’s the problem here? AA should not have done what he did – he should have known that AT&T did not want him downloading those emails. Yeah, he probably did know that. But consider this: AA did not share the information with the world, as he could have. I am reasonably certain that if his intent was to harm users, we would never know that he did this – he would have obtained the addresses over an encrypted VPN and absconded. Instead, AA shared this flaw with the world. AT&T set up this ridiculously insecure system that allowed random web users to tie Apple IDs to email addresses through ignorance at best or hubris at worst. I don’t know if AA attempted to inform AT&T of the issue, but consider how far you got last time you contacted tech support with a problem on an ISP website. AA got AT&T’s attention, and the problem got fixed with no (known) divulgence of the records.

Before I get to academia, let me add one more point. To the extent that AA should have known AT&T didn’t desire this particular access, the issue is one of degree not of kind. And that is the real problem with the statute. There is nothing in the statute, absolutely nothing, that would help AA know whether he violated the law by testing this URL with one, five, ten, or ten thousand IDs.  Here’s one to try: clickhere for a link to a concert web page deep link using a URL with a numerical code. Surely Ticketmaster can’t object to such deep linking, right? Well, it did, and sued over such behavior. Itclaimed, among other things, that each and every URL was copyrighted and thus infringed if linked to by another. It lost that argument, but today it could just say that such access was unwanted.  For example, maybe Tickemaster doesn’t like me pointing out its ridiculous argument in the case, making my link unauthorized. Or maybe I should have known because the Ticketmaster terms of service says that an express condition of my authorization to view the site is that I will not “Link to any portion of the Site other than the URL assigned to the home page of our site.” That’s right, TicketMaster still thinks deep linking is unauthorized, and I suppose that means I risk criminal prosecution for linking it. Imagine if I actually saved some of the data!

This is where academics come in. Many, many academics scrape. (Don’t stop reading here – I’ll get to non-scrapers below.) First, scraping is a key way to get data from online databases that are not easily downloadable. This includes, for example, scraping of the US Patent & Trademark Office site; although data is now available for mass download, that data is cumbersome, and scraper use is still common. That the PTO is public data does not help matters. In fact, it might make it worse, since “unauthorized” access to government servers might receive enhanced penalties!

Academics (and non-academics) in other disciplines scrape websites for research as well. How are these academics to know that such scraping is disallowed? What if there is no agreement barring them from doing so? What if there is a web-wrap notice as broad as Ticketmaster’s, purporting to bar such activities but with no consent by the user? The CFAA could send any academic to jail for ignoring such warnings—or worse—not seeing them in the first place. Such a prosecution would be preposterous, skeptics might say. I hope the skeptics are right, but I’m not hopeful. Though I can’t find the original source, I recall Orin Kerr recounting how his prosecutor colleagues said the same thing 10 years ago when he argued the CFAA might apply to those who breach contracts, and now such prosecutions are commonplace.

Finally, non-scrapers are surely safe, right? Maybe it depends on if they use Zotero. Thousands of people use it. How does Zotero get information about publications  when the web site does not provide standardized citation data? You guessed it: a scraper. Indeed, a primary reason I don’t use Zotero is that the Lexis and Westlaw scrapers don’t work. But the PubMed importer scrapes. What if PubMed decide that it considered scraping of information unauthorized? Surely people should know this, right? If it wanted people to have this data, they would provide it in Zotero readable format. The fact that the information on those pages is publicly available is irrelevant; the statute makes no distinction. And if one does a lot of research, for example, checking 20 documents, downloading each, and scraping each page, the difference from AA is in degree only, not in kind.

The irony of this case is that the core conviction is only tangentially a problem with the statute (there are some ancillary issues that are a problem with the statute). “Unauthorized access” and even “exceeds authorized access” should never have been interpreted to apply to publicly accessible data on publicly accessible web sites. Since they have, then I am convinced that the statute is impermissibly broad, and must be struck down. At the very least it must be rewritten.

Scratching my Head Over the SHIELD Act

I get that many people hate patent trolls. I get that many people would like to find a way to limit NPE activities in enforcing patents. But I’m scratching my head over the rhetoric and content SHIELD Act, which was reintroduced last week. For the uninitiated, the proposal would mandate fee shifting for all losing NPEs. Carved out of this group are initial assignees of a patent (that is, individuals and companies who obtained the patents themselves), universities, and companies that spend “substantial” resources making something. Further, NPEs must post a bond for the fees before they can even get into the courthouse.

I should start by saying that I don’t have a strong position on fee shifting. I think that mutual fee shifting might actually do some good to reduce litigation costs and force more reasonable licensing negotiations. I’m also in favor of all sorts of behavior based fee shifting: filing frivolous cases, demanding license fees that far exceed reasonableness, ridiculous claim construction arguments, frivolous discovery requests, unrealistic damages expert reports, etc. I think the threat of fee shifting is a stick that could be used to tame costs. But note that all of these proposals are based on behavior, not identity.

This leads to my concerns with the SHIELD Act, which leave me scratching my head. As a taste of my further thoughts, I’ll note that the EFFs poster child for the act, a podcasting NPE, is actually excluded from the act, and would not have to pay fees on loss.


Let’s start with the rhetoric. It seems like few people have actually examined the act in detail, and thus support for it sounds like a propagandistic echo chamber. I joined Twitter only recently, and originally attributed this to the 140 character limit. Get rid of trolls! $29 billion in costs! Meritless patents! However, it turns out that longer discussion also repeats the same claims without much analysis, albeit with more words. Indeed, very few of the reports actually link to the text of the act, which is here, but instead link to each other, all saying the same thing.

I have a problem with this rhetoric for two reasons. First, the facts are way, way more complicated than that (see Kesan & Schwartz, for example, for a critique of the $29 billion estimate, and see the PWC study on patent judgments since 1995 for discussion about how often and how much NPEs and practicing entities win).

Furthermore, there are many types of NPEs out there, from pre-adoption technology houses to the most abusive frivolous claim filers. The SHIELD Act and its proponents consider none of this nuance.

This leads to my real problem with the rhetoric: it is driven by large companies and presented as if it will benefit small companies. If we were so worried about small companies, why wouldn’t we make the act apply to all patent plaintiffs? After all, large companies routinely assert their patents against smaller, disruptive entities in order to stake out market position or even put them out of business. Just compare the Barnes & Noble submission to the FTC about Patent Assertion Entities with the Barnes & Noble complaints about Microsoft’s licensing practices. The complaint is the same, so it is unclear why the solution should not be the same.

I am bothered by any rhetoric purportedly intended to “protect innovation” that does not, well, protect innovation by its own terms. The EFF campaign focus on a patent that would not actually be subject to the act is just one example. And the fact that no one pushing the SHIELD Act—many of whom I respect even though I disagree—is asking these questions makes my knees jerk to oppose it.


My general point of view is that we should address the behavior, not the owner. Yes, it’s bad that an NPE has asserted what many think is a meritless podcasting claim against Adam Corolla. (I won’t address the merits here, but I will note that the initial patent application was filed in 1996, not last year).

But would we really feel better if it were a product company making the same claim? A meritless claim hinders innovation no matter who makes it. That’s about all I will say about the core question of whether NPEs should be required to post a bond just to get into the courthouse. I think they should not—nor should anyone,—even if fee shifting were mutual. But defending that statement is more than I can do in this blog post. I’ve written at least two articles that address the topic and there are a multitude of other studies that address the role of NPEs in licensing as well as the parallels between NPE and product making patentee behavior.

Thus, my questions about the Act relate to the particulars and their unintended consequences. Note that the text of the act has been carefully written to carve out everyone who might object to it, except NPEs. This is the root of the problem, because “patent troll” means different things to different people.

Some points:

1. The act mandates a fee award to any party victorious on noninfringement or invalidity. This means that a company can sue for declaratory relief and force fee shifting, even though the patentee never filed suit. I realize that many people would say, “Great! No more demand letters!” But consider two things. First, there are many, many transactions – millions, if not billions of dollars worth – that are undertaken between technology licensing companies and product companies without the imprimatur of “trollishness.” This provision could disrupt that ecosphere in an effort to fix a different one. Second, this provision could have a perverse effect of multiplying the number of litigations. I don’t believe that patent holders should overclaim in order to seek higher licenses, but I also don’t believe that potential infringers should underclaim in order to force litigation.

2. The act excludes parties that have a “substantial investment” in the exploitation of a patent via production or sale. This is fraught with difficulty. First, what does “substantial” mean? Presumably it is intended to ensnare NPEs that decide to make things, but not make enough (or good enough) things. But why should a court get to decide what is enough? And what do we do about start-ups who have patents but have not yet commercialized their invention? Are they trolls, too?

And what is to stop NPEs from becoming distributors? They could buy competing products wholesale (perhaps products where they have secured licenses) and sell them. This only makes sense; by being resellers, they can claim that the competition of the infringing product is harming their sales business. This points to the general complexity of licensing in the first place: companies might license patents when their opponents do not in order to gain a competitive advantage, even if the patent is old.

3. This exploitation prong leads to other questions. What if a claim construction goes against the patentee, and the patent isn’t quite as broad as the owner thought. This happens all the time, to patentees of all types. Does this mean that the product selling patent holder is no longer exploiting the patent? The language seems to say so, and even the biggest producer would be ensnared.

4. The potential for producers to be liable doesn’t stop there. Consider Palm, which developed WebOS, and made stuff. Consider HP, which has spent billions of dollars in research and development. HP bought Palm, and made WebOS tablets. For various reasons, maybe in part due to patent claims from other tablet makers like Apple, HP decides to stop selling WebOS tablets. HP then decides to enforce Palm’s patents. Mind you, HP didn’t just buy the patents, it bought the company. And then it made stuff, it researched, it developed, and it has even licensed WebOS out to LG try to resurrect it for televisions. Is HP a troll now? It falls under the text of this act. I think that just cannot be right, and yet there it is, in black and white. By the way, HP sold some patents to HTC, who then asserted them against Apple. Soon after, HTC and Apple settled a long running, very costly litigation. Would the SHIELD Act change the dynamic of this dispute? I hope not, my family bought HTC phones.

5. Universities and technology transfer organizations are excluded. This offers a potential way for NPEs to avoid the law. They can become technology transfer organizations for small colleges that cannot afford them, or perhaps coordinate with each other to offer 1 year programs that satisfy the higher education requirements. This latter likelihood is a longshot, I think, but when money is at stake, you never know. This exception also ignores the role of universities in the patent ecosystem; do universities really never assert meritless claims? What happens when they start bringing more lawsuits? Maybe NPEs should team with tech transfer organizations and the tech transfer folks can bring suit instead; it would only take a few large university related intermediaries to make the entire bill fall apart.

6. Excluded are “original assignees,” which are assignees prior to patent issuance that appear on the face of the patent. This leads to two issues. First, what if the assignment is done late, even at a product company? It happens. I suppose they would rely on the “investment” prong, but the company might not be making the patented product.

Second, many NPE patents are assigned to the NPE as the initial assignee. NPEs often buy patents while they are in process and assign continuation applications to themselves; those continuations are often the broadest claims (and thus the least likely to be meritorious as a matter of logic). In other words, the patents we worry about most are the patents that are least likely to fall under the rule. Some of the most highly-litigated, most-litigated patents were originally assigned to the NPE enforcing them now. This brings us to the point I made above, Personal Audio, with its podcasting patent, is initially assigned to….Personal Audio. Sorry folks, this is not the SHIELD you are looking for.

Furthermore, to avoid this issue, NPEs can simply buy shell companies that continue to hold the patents, while the original owner, if still active, can spin off any business to a new entity. I think Acacia does a fair amount of this already, and will surely do more. The more I think about it, the more I think that this rule, intended to protect “real” inventors, will instead render the much of the act toothless.

7. Finally, the original inventor can always sue. This leaves me scratching my head on both ends of the spectrum. On the large company end, I cannot comprehend why fee shifting is a bad thing if BigCo enforces patents, but a good thing if BigCo creates BigCoIPSubsidiary to enforce its patents. Are these two worlds really that different? Perhaps it is to those BigCo supporters of the bill that enforce their own patents. I should add that I’m told, but have not verified, that the tax code rewards companies that spin out their patents. The law gives with one hand and takes away with the other. Perhaps a better solution would be to get rid of the tax benefits, but I won’t hold my breath.

On the small side, I see the SHIELD Act as changing the way NPEs enforce patents. Original inventors aren’t covered, so perhaps the original inventor should be a nominal plaintiff and just get funded by the NPE. That’s a great incentive at a time when people are clamoring for more transparency in the system.

One more point: Individuals are a primary source of NPE patents. Small businesses have always held their own as patent plaintiffs in the system and continue to do so. But the number of patents represented by individual inventors is double with NPE participation. It’s easy to see why: it costs a lot to enforce a patent, or even to license it, and NPEs have skill and finances that individuals lack.

And so when we discuss the SHIELD Act, we should be crystal clear about what we are talking about: a system that favors big companies over individuals. I’m not making a value statement; there may be good reasons why we want fewer patents by individuals enforced. For example, individuals invent a lot of software, and a lot of software patents are really bad. But are individual software patents worse than everyone else’s? I’ve read thousands of software patents, and my belief is that big companies can write crappy patents just like everyone else. My point is that we should be truthful about what is at stake, what the impacts will be, and whether those are the results we want. Then, given that truth, we should look at some evidence to decide what to do.

A comment below notes that the podcasting patent might indeed fall under SHIELD because it was assigned by a family trust of one of the inventors instead of the inventor. This highlights another problem with the bill that I hadn’t even thought about. I noted issues with purchases of companies above.

But if we also say that a wholly owned and controlled intermediary cannot assign the patent on behalf of the original inventor, then SHIELD has the potential to throw a wrench into the works of corporate financing and restructuring. Every day of the week, companies reform through mergers or financing, often creating “NewCo” shell companies that will serve as intermediate owners of assets or will take on new names post financing. I have known lawyers who have such companies already formed so they can use them on a moments notice.

If we say that the intermediary trust excludes the next assignee from being the “original inventor,” then many restructured startup, merged, and financed companies may be in for a rude surprise when the attempt to enforce their patent portfolios. Now, if you dislike patents generally, this realization would lead to rejoicing. I doubt that’s how this act was intended, though.

Update 2
Colleen Chien has a helpful post on NPE litigation activity at Patently-O. The post notes two interesting points related to this post:
1. It confirms that individual plaintiff cases have descreased significantly as NPE cases have risen. This stands to reason NPEs are better at enforcing patents than individuals. But it also means that we always had individual patentee type patent litigation, and NPEs will figure out a way to go there again if they have to.

2. It argues that the SHIELD Act will be helpful because 9 out of the top 10 “high impact” trolls would fall under it. My response, assuming that this definition of high impact is accurate, is that:
a) These may be high impact today, but don’t know what tomorrow will bring. The high impact NPEs of today were not the most litigious of just 2 or 3 years ago. In the future, these patents will be assigned in a way that keeps them with their original owner.
b) The high impact NPEs are the ones that will be least deterred by the act. They are high impact because they have been adjudged valid multiple times, there is little prior art, and many seemingly infringe. They will have the funds and the motivation to post bonds and keep going, collecting winnings and settlements down the way.
c) I scratch my head even more at the scattershot approach of this act. Highly overinclusive, underinclusive, and really just targeted at a few high impact patents that happen to have been purchased in a particular way — a way that is used by many legitimate businesses. It feels like there’s got to be a better way.

Incentive Granularity and Software Patenting

I would like to address a comment repeatedly seen on my prior post at Prawfsblawg: “Show me an invention that would not have happened for the entire patent term, and maybe then we can discuss whether the patent system does any good.”

I’m not convinced this is the right level of granularity. But first, a couple caveats:

  1. I tend to think the patent term is too long for the speed at which technology develops today, especially computer software. This may not be true for pharmaceuticals, which leads to tension in the system.
  2. Of course we should look at whether individual patents were incentivized by the patent grant. It would be a bad system indeed if we protected everything that would have occurred anyway. Note that I think the “inducement” standard proposed by Duffy & Abramowicz and discussed in my previous post has some real merit.

But even with these two caveats, that’s not the question we should be starting with. The goal of the patent system is to promote progress of the useful arts. That might happen by encouraging investment in start-ups. That might happen by encouraging research & development funding. That might happen by inventions that come earlier than they would have, even if they would have otherwise come within 20 years. That might happen by allowing inventors some breathing room to invest in commercialization and dissemination of the invention. That might even happen by ending duplicative (wasteful) races carried out in secret. And all of these things might create costs, perhaps tremendous costs for some who come later.

To be sure, there is great (and I do mean tons of) study and debate about whether any of these benefits actually materialize and outweigh the costs. The analysis, though, takes place at a higher level than whether each and every invention would have come about within 20 years. That analysis – or something like it – certainly has its place, but not when assessing the system as a whole. And that’s all I have to say about that.

Two Worlds of Software Patents

I recently participated in Santa Clara Law School’s great conference on “Solutions to the Software Patent Problem.” The presentations were interesting and thoughtful, and…short! A total of 34 presentations in one day, including some Q&A from the audience. Op-Eds from the conference are continuing to appear at Wired Magazine’s blog, and Groklaw has a fairly thorough article summarizing the presentations.

I want to focus this post on an epiphany I had at the conference, one that is alluded to at the end of the Groklaw article. In short, there appear to be at least two world views of software patenting (there is probably a third view, relating to natural rights and property, but I’m going to put that one to the side). More after the jump.

On the one hand, you have the utilitarians, who believe that the costs of patenting might be worth the benefits of patenting. Or maybe they aren’t, but that’s the important question to them: to what extent does allowing software patent drive innovation? The Groklaw article implies that this group is primarily large corporate interests, but I think that’s too restrictive. For example, I’m unabashadly a member of this world view, and my affinity is toward start-ups.

On the other hand, you have what I’ll call the friends of free software (more fully called FOSS – Free and Open-source Software). These individuals believe that software is thought, and math, and that no one can own it. I’ve found that some take this view to the extreme – they have no problem with a circuit that performs the same thing as software, so long as it is performed in hardware. Members of this group believe that software patents should be unpatentable as a matter of principle, and that by allowing any kind of software patenting bad things will happen to individual programmers, to free software, and in the world generally. As further evidence that the divide is not just about large corporate interests, there are plenty of people who subscribe to this world view that started large successful companies.

Now, here is the epiphany – I belive that bridging these two worlds is  possible if one believes that any software patent should issue. (If you agree that software patents can never satisfy utilitarian ends, then you can bridge the worlds. Benson Revisited  by Pamela Samuelson is a great example of such a bridge.)

Believe me, I tried to make the leap. I wrote a lengthy post at Groklaw that garnered more than 1300 comments where I tried to better understand the free software view and they tried to understand mine.

Surely, I thought, they might see that there are some lines that can be drawn that would allow for inventive software innovations. Surely, I thought, we can discuss some tweaks that would help alleviate the deleterious effects of low quality patents but save the system for one good software patent.

Surely, they thought, I would see how software patents are a bane to society, and must just go. Surely, they thought, I would see that there is no such thing as a good software patent.

The problem is that the goals of each world view are just too different. The following exchange from the Santa Clara conference between John Duffy and Richard Stallman drives the point home. I’m paraphrasing the statements, of course:

[Stallman's keynote]: Companies don’t need software patents to innovate – just look at the rise of Google. [later] My proposal is that we can enforce software patents in standalone devices but not in general purpose computers.

[Duffy's talk]: I’m glad Stallman points out that software companies don’t need patents – I think we agree on a solution. My proposal is that if an inventor is not induced to invent because of the prospect of a patent, then the invention is obvious and no patent should issue.[later]Stallman’s proposal, though, is a kludge – a patch on the system rather than an elegant solution like redefining obviousness.

[Stallman in response to Duffy]:It doesn’t matter if the patent induced the invention, it is still a bad patent. It may actually be worse, because now it can’t be invalidated. My solution is not a kludge, because it handles the very real problem of software patents and eliminates it.

[Duffy]: But you have to look at the ex ante incentive to invent. If we don’t allow patent enforcement, inventions might not happen that would have happened with the patent system.

[Stallman]: It’s OK if we don’t get those inventions. Maybe
they will be developed, maybe they won’t, maybe they will take longer, but the harm to any future software programmer/company is never justified by encouraging that investment with a patent.

And there you have the core of the problem. Utilitarians like Duffy (and me) believe that it is worth driving the ex ante incentive to innovate, but trying to hone the system to minimize collateral damage. Free software folks like Stallman (and probably 99% of Groklaw readers) believe that the collateral damage never justifies the ex ante incentive in a practical way.

You can see the core of these arguments in the debate about whose invention is elegant and whose is a kludge. Duffy believes that tweaking inducement to invent is elegant because that’s what utilitarianism is all about. Just barring patents on general purpose computers is a patch, because there might be valuable innovations in the use of general purpose computers that are worth encouraging. Investment in standalone software might decline if there is not general purpose application at the end of the rainbow, especially in the age of smartphones.

On the other hand, Stallman believes that barring enforcement on general purpose computers is elegant, because it eliminates the most harmful effects to programmers. He believes that changing obviousness is a kludge, because it refuses to acknowledge that even the patents that come from the new rules will be bad for society. As Stallman commented to me after the conference: “There may be weak patents, and there may be strong patents, but they are all bad patents.”

So, where does that leave us? I don’t know, but I have to think it is helpful to understand why we can’t seem to understand each other. I’m not sure where it leaves the utilitarians. They seem to be winning in policy circles, as this recent speech by PTO director David Kappos shows, but utilitarians can’t even seem to agree among themselves the best course of action with software patents. Perhaps this recognition will aid those with the free software view to hone their arguments in a way that will get more policy traction – by making their same important points, but somehow framing them in a langauge utilitarians will hear. Samuelson’s Benson Revisited article is a good example.