Using Patents To Prevent Researchers From Pointing Out Security Holes In Your Technology
from the a-new-low dept
Someone who prefers to remain anonymous writes: "We've seen people use bogus DMCA claims to shut up speech they don't like. Now, it turns out that if you demonstrate security vulnerabilities, you may have to deal with the threat of patent lawsuit as well. IOActive, a security firm based in Seattle, built a hand-held device capable of reading and cloning the prox cards used for building access in many companies. They demo'd the device at the RSA Conference and were going to give an in-depth talk at Black Hat in DC. HID Global, who makes the cards, found out about it and sent them a letter claiming that the cloning device infringes on HID patents. Faced with the threat of a patent infringement lawsuit, IOActive pulled the presentation." Jennifer Granick, over at Wired News, does a good job highlighting the ridiculous consequences of an action like this: "Imagine if, in the 1970s, the tobacco companies had patented devices to measure the health effects of smoking, then threatened lawsuits against anyone who researched their products. The use of patent law to prevent vulnerability discovery and discussion is bitter irony, because a fundamental purpose of patent law is disclosure." Yet another example of the patent system doing exactly the reverse of what it's supposed to do.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
ACLU to present instead
Nicole Ozer, Technology and Civil Liberties Policy Director for the ACLU of Northern California will be presenting at BlackHat in place of the IOActive researchers.
Her presentation is at 1:45pm, Wednesday. It will be followed by a press conference.
[ link to this | view in chronology ]
so what's the story?
If a company holds a patent on a device it can bring a lawsuit to prevent another company from selling a substantially similar device. That's it.
To infringe you have to have a commercial interest. If Bobs Saussage Factory has a patent on "pork sizzlers" then I can't set up shop selling pork sizzlers. However, there's nothing Bob can do to stop me making my own pork sizzlers for my private BBQ party, even if I use the exact same tecnique and recipe. There must be a commercial activity to infringe.
Now, IOActive made a proof of concept device. It may well "infringe" on some patents of HID Global (I fail to see how at this point, but let's admit that assumption), but there is absolutely jack that HID can do about it until IOA bring the device to a commercial market.
Merely exhibiting it at a non-profit conference means nothing, it is private use. They already exhibited it at RSA and should have continued to exhibit it at the next one in DC.
But:
"Faced with the threat of a patent infringement lawsuit, IOActive pulled the presentation."
They made a cowardly mistake. Unless they were producing this device commercially HID haven't got a let a leg to stand on HID can posture and threaten and bawl and scream like a little bitch throwing her toys around the nursery but there's nothing that they can do to stop IOA from exhibiting the device and publicly discussing it's operational details. Patents are not tools to protect trade secrets.
So IOA screwed up by getting frightened and caving in to mafioso style threats. That's all the story says. There is no point of law or principle to debate here. Perhaps IOA should grow some balls.
[ link to this | view in chronology ]
Re: so what's the story?
On the face of things, this appears to be pure and simple case of abuse of the patent system, which was never intended to have any application on speech or the dissemination of information.
Mike, I am surprised at your sensationalism, although maybe I shouldn't be. I know you are a vocal opponent to the current patent system, but this is not the patent system doing anything. Rather it is some corporate head employing attorneys to abuse the patent system.
[ link to this | view in chronology ]
Re: Re: so what's the story?
However your second phrase I would agree with. It is not merely a broken patent system that is damaging society and industry, it is a combination of
1) A broken patent system
2) A runaway broken legal system that rewards agressive rather than defensive stances.
3) Widespread mental problems with people in positions of high pressure responsibilty who "shoot first and think later" and are too quick to behave in an abusive manner.
I detect a little of that in your reply, you are on the back foot from the outset and far too quick to criticise without any substance other than your emotional response.
[ link to this | view in chronology ]
Re: Re: Re: so what's the story?
Note that selling is different from using, and that they are both infringing. So, in the US, there is no requirement that there be an economic interest for an act to be infringing.
[ link to this | view in chronology ]
Re: Re: Re: Re: so what's the story?
I can see now why so many believe that patents law should not merely be reformed but absolutely abolished.
As it stands the above definition is an encumberance on *ALL* human behaviour whether commercial or not. As such it is abhorrent and unworthy of recognition.
What you quote also changes the facts of this case. In the USA the HID Global company are not abusing the civil law system by threatening the researchers, they are quite within their rights as given by law to stiffle legitimate research by others.
The only question then is whether we are prepared to stand for this as citizens who desire progress and promotion of the arts and sciences.
As a businessman, entrepreneur and inventor my position is that I am not prepared to accept the advantages granted to me by such a draconian unfair system against the damage that it does to my fellow members of society. Only a dysfunctionally selfish person could hold that position.
[ link to this | view in chronology ]
Re: Re: Re: so what's the story?
[ link to this | view in chronology ]
Re: Re: Re: Re: so what's the story?
As I say above in the post responding to Grimace, this knowledge changes my view on what is at stake here. It is no longer an "abuse" of patent law to impede other peoples research. Your patent law grants the power to do that.
Do you find this acceptable as a citizen of the USA? I would not.
Perhaps you have faith in your democratic process to correct this problem. From where I stand I am far more pessimistic and believe that the way forward for scientists, artists and industrialists in the US is to engage in wholesale civil disobediance and simply make it clear that you do not recognise such laws as a precursor to forcing reform or abolition.
[ link to this | view in chronology ]
Re: so what's the story?
[ link to this | view in chronology ]
Legal notice you are in trouble now
Please desist from this practice now.
------------------------------------
Seriously this isn't about law, or whats right
It's all about what you can get away with and who you can pay to help you achieve it,
Law is never about whats right, it's just about how society retains control. In America that just happens to be primarily tied to the power behind the flow of money.
If we want to change it, then it starts in the way we each personally act and what we tolerate (Or if you want to use the existing system: then in this case what we pay for).
Be free, practice your own law...
[ link to this | view in chronology ]
Re: Legal notice you are in trouble now
But I disagree that "Law is never about whats right, it's just about how society retains control." That may be true in minds of many in the United States right now because your legal system and government has been hijacked. And I salute those of you who have the balls to challenge that and take it back by whatever means you see fit. That is the American spirit at its finest. But ideally it is about both these things. It's fine for educated and balanced people to "practice their own law". In most cases they will arrive at a lifestance greatly superior to the prescriptive standards deemed by a society which must necessarily balance all kinds of behaviour with the greatest possible permissiveness.
However, not everyone is capable of that self regulation and (real) laws exist to enshrine some form of normative ethics, much as religion "believes" it can. Before you can act as a patriot and upstanding citizen by breaking and changing objectively bad laws you must admit to recognising good laws and the rule of law generally, even when you do not personally agree with them. Otherwise you are just anti-social and selfish.
The difference is simply a practical one. When enough people do not recognise an erroneous law it is defacto void. For example when the state tries to interfere with the sexual behaviour of its citizens. Homosexuality was once "illegal" in England (yes I appreciate the irony), but it was a non-law from the outset because fully 20% of the judges and politicians also like a bit of uphill gardening.
Actually 20-25% is probably a very useful figure in this respect. If you don't have the support of 1/4 of your population no law is ever going to prosper no matter how much state sanctioned violence and terrorism you apply to the people.
[ link to this | view in chronology ]
Whatever happened to people having to have something to protect with a patent? Now we are not protecting anything with patents, we are just limiting the market with them. They were never intended to prevent two products from doing the same thing, but rather to prevent one company from copying another directly.
[ link to this | view in chronology ]
Today, HID Global has made a statement, where they claim:
But, the letter they sent a week ago is not consistent with their story today:
[ link to this | view in chronology ]
Reasons of Law
However, Ii do stand by the statement: law is a tool for society to exert control of the general population by a smaller group of people holding the power.
Now, a truth is that it isn't a the most efficient way to exert control. Your point supports my point. If we as point dont support a stupid law, its nullified.
In England and Europe with an accumulation of a thousand years of laws, your country has had a decent amount of practice at ignoring hundreds of silly laws, still on the books, that have no modern practical application. However, those laws at the time of creation were created to guide and control human reaction within the society itself. To help establish a baseline of conduct ... to work along side with the non-written rules passed on through the ever changing practices of social etiquette. To also stop people who "cross the line" of behavior. The law will always tolerate a certain level of lawbreaking... many laws exist only to punish the more extreme offenders.
However, I look at this from a Taoist point of view. Pay attention to the laws which show respect to my nature, and stand against the ones which are bullshit and that directly impact me.
The fact of the matter, lots of money is at stake here with the emergence of rapidly changing technology. Money is power, and people are simple being "dicks" to get that money and power. Since they can run rings around the court system, they will do so , and continue to abuse the system to gain more power and money: since it works as a tactic.
Of course misuse is happening, and right now these actions are shaping the rules of social conduct for the future. Using lawyers and expensive court cases are a great way for those with the most amount of money to retain and steal control of as much as they can grab.
Look at how Disney rewrote US copyright laws to protect and extend their cash flow.
This process is going to continue until enough people take the time to actively resist this. Something most people are unwilling to do, since its easy to be comfortable and go with the flow right now.
So unless people get off their arse...which also means losing many comforts of the established system also... not much of this behavior will change no matter how much "we scream" at this is bullshit...
so it goes..
Its not frustrating, rather its just basic human behavior. The problem is many of us in the Technology Field can see how these firms and people in power are raping the system for profit. However, the "common man" doesn't see this , after all it doesn't directly impact them other than to increase cost of service here and there currently...
oh well. no easy solutions,
So I only suggest to people to be themselves. It seems the most efficient solution if enough people feel the same way, then things will change.
peace in your journey
[ link to this | view in chronology ]
I will patent...
Or we can just start shooting stupid illogical people and make the world a better place, one dead idiot at a time.
[ link to this | view in chronology ]