The Epic Crime Spree Unleashed By Onity's Ambivalence To Its Easily Hacked Hotel Locks

from the true-crime-story dept

Back in 2012, we wrote about Onity, the company that makes a huge percentage of the keycard hotel door locks on the market, and how laughably easy it was to hack its locks with roughly $50 of equipment. Surprisingly, Onity responded to the media coverage and complaints from its hotel customers with offers of fixes that ranged from insufficient (a piece of plastic that covered the port used to hack the door locks) to cumbersome (replacing the circuit boards on the locks entirely) and asked many of these customers to pay for these fixes to its broken product. Many of these customers wanted to sue Onity for obvious reasons, but a judge ruled against allowing a class action suit to proceed. That was our last story on the subject.

So... what happened? Well, Onity ended up springing for the fixes for some of their larger chain hotel customers, but not all of them. For the rest, it was on each hotel to decide to pay for the fix or not. Many, many of them absolutely did not and did nothing about the Onity locks on their doors, while those that did get the fix involving the plastic port cover quickly found out that the fix wasn't much of a fix at all. To see the fallout from all of that, one need only look at Wired's longform piece on the hellacious crime spree undertaken by one troubled young man, Aaron Cashatt, who managed to steal hundreds of thousands of dollars worth of stuff from hotel rooms using the afore-mentioned $50 worth of gear.

The entire post is worth your time, with its fascinating look into Cashatt's background, the revelations of the Onity lock's failures, and where those two stories converged. One of the key points in all of this was that even before Cashatt started his crime spree, everyone, from Onity to the hotel chains to any member of the public that cared to know, was aware of how laughably insecure Onity's locks were, except that, for the most part, nobody bothered to do anything about it.

Instead of Brocious' research protecting millions of hotel rooms from larceny-minded hackers, it served up a rare, wide-open opportunity to criminals. Soon other hacker hobbyists were posting YouTube videos of themselves demonstrating the vulnerability on real hotel doors, refining Brocious' gadget to work far more reliably. One security researcher in Chicago managed to miniaturize the components of the lock-hacking device until it fit inside the body of a dry-erase marker, with its plug hidden under the marker's cap. The attack became so notorious that it even made a brief cameo in the first season of USA Network's show Mr. Robot.

But out of everyone who learned about the Onity keycard hack, only one person, perhaps, had the right mix of desperation, tech savvy, and moral flexibility to use it to its full criminal potential: Aaron Cashatt.

Cashatt saw a news segment about the Onity flaw and began to use his own hacking device to exploit it almost immediately. With equipment that cost less than a AAA video game, Cashatt began hacking into hotels, starting at a Marriott. While perfecting his hacking tool and managing to hide it in a sunglasses case that he kept slung around his neck, he worked a waiter job during the day and smoked meth and broke into hotel rooms at night. Using the tool, Cashatt would walk out of hotel rooms with everything the visitor owned and much of what was owned by the hotels as well, including not just towels and toiletries, but flat-screen televisions as well. After deciding to skip a court hearing, he took his show on the road, leaving his corner of Arizona and trekking to the Midwest, where the spree continued. Even when he was arrested on completely unrelated drug charges, police had no idea that the string of hotel room robberies in progress across the country was his doing. When he was carted back to Arizona and let out on bail, he went right back to work.

Now with no job to hold him back, Cashatt, his friends, and an on-and-off girlfriend spent the next four months hitting hotels at a frenzied pace, sometimes as many as four in a day...working his way methodically across central Arizona.

It was a month into that run that Onity began rolling out the plastic port-blocker fix to its locks. Onity had finally begun distributing this fix for free to at least some of its hotel customers. But this barely slowed Cashatt down. Instead, he used a screwdriver to open the panel of the door lock and was able to access the port once more, the plastic blocker circumvented. With enough practice, he was able to do this in under half a minute. He went right back to work, fencing stolen goods through a network of friends and a jewelry store whose owner he trusted. It was only after one of his friends got pinched that the police managed to get wind of just how big Cashatt's operation had become. He once more hit the road and began breaking into hotels in Tennessee before trekking back west to California and hitting hotels there. It was there that the feds finally caught him, after he managed to steal an estimated half-a-million dollars worth of goods.

Now in prison, Cashatt doesn't think much has changed.

"I guarantee you that if you tried this at some hotel in the Midwest, it would still work 19 out of 20 times," he says. For that, he blames Onity's negligence. "They just don't get it."

For its part, Onity remains opaque on how many fixes have been rolled out to how many hotel door locks, as well as exactly what form those fixes take, either the plastic port-blocker variety or an actual circuit board replacement. The fact that the company isn't screaming about how many circuit board replacements its doled out should tell you all you need to know about the answer to that question. The Wired author himself tested it out and managed to get his own hacking tool to unlock a hotel door on his fourth try. This isn't hard data of any kind, but with Onity itself ducking any kind of transparency, it's the best that can be done.

What should stick out most to everyone about this story is how the flaws in Onity's locks were uncovered only through the help of security researchers, oft maligned, whose work then went largely ignored. That willful ignorance allowed someone like Cashatt to go bananas on the hotel industry, all because Onity couldn't be bothered to fix its flawed product.

Filed Under: aaron cashatt, fixes, hotel locks
Companies: onity

Some Thoughts On Fixing Problems In The Patent System

from the lots-of-ideas,-but-the-will-to-implement? dept

I've been procrastinating for the last week and a half or so (admittedly with a Thanksgiving holiday thrown in the middle) writing up my impressions of the recent conference at Santa Clara University called Solutions to the Software Patent Problem. If you want something of a play-by-play on what happened, Groklaw has a pretty good tick-tock on the specifics. Unfortunately, I'm not sure that really covered some of the larger important themes that the conference brought out.

First off, I know that some patent system defenders took great offense to the idea that the event wasn't "balanced" with system supporters. Nearly every speaker presented an aspect of how the system was broken with suggestions to fix it. But I see this complaint as being misleading. There's this random belief out there that conference panels need to be "balanced" with "pro & con" and then let the panelists argue things out. I've argued against this in the past when setting up panels for other events, and with the events that we run, we've tried to avoid that concept as well. While just setting up pro vs. con can make for an entertaining session, it rarely leads to productive discussions that move the conversation forward. They just lead to people arguing past each other. A productive event is one in which people agree on a basic premise or problem and are then working towards possible responses. That's what this was. It was a conference for those who believe the system is broken. Given that assumption, the point of the event was to suggest possible solutions. There are plenty of events where patent system defenders and skeptics can argue against each other, but I can't think of another where people were able to dig in deep on possible fixes.

Given all that, there were a lot of different ideas proposed -- some broad, some specific. Many of them required people to have pretty deep knowledge of how the system works. For patent system geeks, it was really fascinating -- but for those less aware of the inner workings of the system I could see how the basic play-by-play seems confusing or uninteresting. However, in reality, there were a number of interesting ideas presented on ways to fix various problems, from getting Congress involved to having the courts better adhere to the law to getting the Patent Office to better adhere to rules to increasing maintenance fees to carving out software entirely... and many more. The conference schedule has links to more detailed versions of various proposals, sometimes both the "academic" versions and more "mainstream" versions at Wired Opinion. I'll point to a few of the suggestions I found to be more compelling in a bit.

However, what I found really useful about the event was twofold:

1. There are a lot of smart people thinking about the very obvious problems of the system, and they are trying to come up with solutions. That's a good thing, even if there are many (powerful) interests who don't want the system to change at all. You can only deny reality for so long.
2. There are also many ideas for solutions, some of which are quite clever, others of which seem like blunt force attempts to deal with symptoms rather than actual problems. Also, as was raised by some people in the comments, many of the suggestions could have significant unintended consequences that weren't readily considered. This is important -- for as much as I believe that the system needs fixing (and I have my own suggestions for solutions), thinking through the consequences of any change is an important exercise (though always keeping in mind that defenders of the status quo seem to argue any change will destroy the American economy and probably take apple pie and motherhood with it).

We already explored the suggestions from Richard Stallman and Mark Lemley in earlier posts, so we'll look at a few other interesting suggestions.

• There was some interest in using patent fees as a way that the patent office might be able to fix some of the worst problems without requiring a change in the law. James Bessen pointed out that bad patents are a form of pollution and, as such should be taxed as polluters. Christina Mulligan pushed back against attempts at doing the opposite, as urged by some patent system defenders, noting that "Cheaper patent applications mean more – and lower-quality! – patents. Lowering filing fees will make more people more likely to file patents. But if the marginal difference in patent fees is holding inventors back from filing applications, the patent is probably covering a low-value invention."
  
• Related to this, Brian Love presented some research and a proposal for using higher fees to decimate trolls. Part of his argument is that the data shows that trolls quite frequently become much more active as a patent is close to expiring: "Of all patent suits litigated within the final three years of the asserted patents' term of protection, trolls file more than 70%. Of all companies accused of infringing a patent within three years of its expiration, trolls accuse more than 83%." His suggestion is that shortening the term length of patents would deal with this problem, and would likely hurt only trolls or failing companies that are lashing out at more innovative competitors (he highlights Kodak and Encyclopaedia Britannica). But rather than actually go through the process of shortening patents, he argues just increasing the maintenance fees to keep a patent for the full term. He notes that many other countries already do something like this. The data here was compelling, though the risk is that it would just mean that patent trolls would become more active in earlier years...
  
• Peter Menell picked up on the point that many have raised that patents aren't at all clear in what they cover. So he thinks that we should force patents to be much clearer in what the claims cover. Specifically, he argues for a form-based system where you have a series of check boxes and pull downs in defining a claim to make it clear what you're actually trying to cover. I like the idea that patents should be much more precise over what they claim, but I'm not sure it's realistic to think that a form would (a) do this well or (b) be properly used.
  
• Arti Rai pointed out that the software crowd probably screwed up years ago, by not doing what the bioinformatics world did in claiming that you can't get a patent unless you provide the actual working algorithm. This seems like something of a no-brainer. The USPTO has regularly rejected bioinformatics claims on the basis of a lack of "definiteness" for not supplying the algorithm. There's no reason that the same couldn't be done in software. Of course, that would require the USPTO to actually notice this point...
  
• I thought John Duffy's proposal was one of the most interesting (and, in the past, I've found myself disagreeing with Duffy more often than agreeing with him) in which he argued the most "elegant" solution to the software patent problem that isn't all that far off from my own suggestion: fix the "non-obviousness" standard by noting that multiple parties simultaneously, independently inventing the same thing is a sign of obviousness and should lead to no patents being allowed. Duffy's presentation was the one that set Richard Stallman off for arguing that Stallman's solution was "kludgey" rather than a full solution. On this one, I side with Duffy. Duffy's solution here would likely be a lot more effective that Stallman's because patent lawyers could easily write around Stallman's solution of not allowing patents on "general purpose" computing.
  
• Samson Vermont highlighted that we should take into account social harm (Word doc). That is, he suggests courts should base remedies on the amount of harm on the public rather than on the harm on the patentee. "More specifically, in cases in which the defendant's infringement clearly makes the world better off, the court should deny the patentee both money damages and injunctive relief." More specifically, he argues that if the patent isn't actually being used to put a product on the market (either by the inventor or a licensee), the accused infringer is an independent inventor and is actually putting a product out there and the "costs to find the patentee's version of the invention beforehand were greater than the defendant's costs to invent it on his own" then courts should reject any awards. As he notes, when all three conditions are met, "it is very hard to come up with plausible reasons to believe that the defendant's infringement is a bad thing."

There were plenty of other presentations, but those were the ones that seemed most interesting and worth thinking about more deeply. As for the biggest waste of time? That award goes to Dan Ravicher, of PubPat, who plays both sides of the patent troll fence. He started off his presentation by haranguing everyone for not showing enough "respect" for the existing system and various people, and then proceeded to yell at everyone in attendance that they "failed" because they didn't raise their hands fast enough when he mentioned various patent troll lawsuits that he didn't think were that problematic. One of his larger points was sound -- that if you want to convince anyone in the government that the patent system is broken you have to focus entirely on "jobs, jobs, jobs." But there's no reason he had to be completely obnoxious in getting that point across. Many of his other points were specious, at best. However, it has set for me a new "Ravicher Rule": if someone starts off a talk by arguing that everyone needs to be more respectful of everyone else, the probability that they will disrespect pretty much everyone quickly approaches one.

Overall, it was a really great and thought-provoking event. I'm happy that there's a lot of detailed thought going into ways to solve the patent trolling problem, though I'd argue we need to be careful not to just think that this is a "software patent" issue. I think the problems of the system apply equally elsewhere -- which is why I like system-wide fixes, such as those suggested by Duffy and Vermont.

And, just to address this one point before one of our regular patent lawyer commenters tries to make it in the comments: there is an argument among patent system supporters that there is no such thing as a "software patent" and thus any argument that uses that term is meaningless. This is both slightly true and (more importantly) a distortion of the larger issue. As was discussed at the conference, there is a difference between software and hardware that can't be denied. One involves moving around bits. One doesn't. So it's not difficult to define software differently from hardware. The real problem is that if we did carve out software from patentability, it's likely that crafty patent lawyers would quickly figure out how to rewrite patent claims to make them broadly cover the same concepts in a way that could be seen as not being "software." Given all that, I think it's quite legitimate to discuss "patents that cover software" as "software patents," even while I agree that merely targeting "software patents" misses the larger problem.

Filed Under: artia rai, brian love, christina mulligan, dan ravicher, fixes, james bessen, john duffy, mark lemley, patents, peter menell, problems, richard stallman, samson vermont, software patents

Planet Money Explores 'How To Fix The Patent Mess'

from the in-case-of-emergency,-call-mark-lemley dept

In something of a follow up to This American Life's famous episode about the horrors of software patents, the Planet Money team brought on Mark Lemley to talk about how to fix the patent system. If you're aware of Lemley (or read Techdirt) what he talks about isn't all that surprising. He does note that, even if software patents are particularly silly, he doesn't agree with trying to carve them out specifically. Instead, he's still mostly focused on fixing the patent system by properly enforcing the laws already on the books. That means having the USPTO and the courts actually recognize that too many software patents are on general ideas ("functional claiming") when that's not allowed.

Next, the courts and the USPTO need to get much better at rejecting patents for obviousness. He doesn't quite get into how to do this, though I'm still a big fan of using independent invention as a sign of obviousness. He does note that the KSR case (which isn't named in the story) helped move the needle just slightly in the right direction. In that case, the court noted that merely combining two existing inventions is obvious. From there, he suggests recognizing how many patents stack up into an existing innovation -- and what that means. So, using the 250,000 patents in a smartphone as an example, he notes that it's ridiculous for any one patent to hold up innovation in such a scenario, pointing to the MercExchange ruling (again, not named) that said the courts shouldn't issue automatic injunctions for infringement. In other words, when you have 250,000 patents in a smartphone, infringing on one shouldn't hold up the entire device.

The last bit, which still needs work, is fixing damages. Again, using the smartphone example, he points out that when you have 250,000 patents, you can't claim that each patent deserves 5% of the revenue. Otherwise, you don't have smartphones anymore. Of course, fixing damages is still a work in progress. Congress tried to do it with the patent reform bill that was debated for about seven years -- and patent system supporters hit back hard on damages reform, such that the real fixes didn't make it into the final bill. The hope is that the courts will take care of it, but that still seems like a crapshoot.

Filed Under: damages, fixes, functional claiming, injunctions, mark lemley, patents, software patents

Hotel Lock Company Wants Hotels To Pay For Fixing Their Hackable Product

from the and-probably-will-next-time,-too dept

Picture yourself on vacation. You leave your hotel room, listening to the fully-licensed music in the lobby on your way out. You make sure not to ask the hotel staff for anything as you leave, lest something called a PARFF come after you. And as you're out frolicking on the beach, sucking in that gut and puffing out your chest (asexual insults FTW!), Zero Cool takes a small electronic device that costs less than your average Electronic Arts videogame and hacks your hotel room's lock, giving him access to all the tourist crap you bought in the past three days.

Now, I know what you're thinking. You're thinking that this couldn't possibly happen. After all, Johnny Lee Miller is probably still too busy spinning in place from the speed with which Eli Stone was cancelled after two seasons (and again, I'm reminded that Firefly lasted one. Sigh...) to be stealing stuff from your hotel room. And besides, it can't be that freaking easy to hack into a hotel lock, can it?

Yes, it can. Forbes has the story of hotel lock-maker Onity's reaction to Cody Brocious revealing at a Black Hat security conference how to hack the company's locks (found on over 4 million hotel room doors) with $50 worth of equipment.

The company’s response to that epic security bug has two parts–a quick fix, and a more rigorous one, both of which it plans to make available by the end of August: First, it’s issuing caps that cover the data port Brocious’s hack exploited, which can only be removed by opening the lock’s case. To further stymie hackers who would try to open the locks and remove that cap, it’s also sending customers new, more obscure Torx screws to replace those on the cases of installed locks.

The second fix is more substantial: Onity will offer its customers new circuit boards and firmware that ostensibly fix the problems Brocious demonstrated.

Not bad, right? We've certainly seen companies in the past react poorly when shown the security flaws in their products, attempting to silence those that point them out rather than just fixing the problems. So this would seem to be a step in the right direction, yes? Maybe, except for this:

But Onity is asking owners of some models of its locks of some to pay a “nominal fee” for the fix, while offering others “special pricing programs” to cover the cost of replacing components. It’s also asking its customers to cover the shipping and labor costs of making hardware changes to the millions of locks worldwide.

That's ridiculous. Onity sold hotels a product that had one job to do: keep the wrong people out of hotel rooms. The product does the job so poorly that $50 worth of equipment and a little technical know-how defeats it entirely. And now you want customers to pay to fix your bad device?

Even Brocious himself pushed back on Onity's statement.

Brocious criticized Onity’s move to put the financial onus for the fix on its customers after selling them what he’s described as fundamentally insecure products. While the free mechanical cap solution could create hurdles for hackers, he says that’s only a partial fix replacement until the lock’s circuit boards are replaced–something that’s not likely to happen if it requires millions of dollars in costs for Onity’s customers. “This will not be insignificant, given that the majority of hotels are small and independently owned and operated. Given that it won’t be a low cost endeavour, it’s not hard to imagine that many hotels will choose not to properly fix the issues, leaving customers in danger,” he writes.

It's an especially bizarre move in terms of public relations. How quickly do you think word will get around to other hotel owners, particularly small independent hotels, about how Onity designs their locks and treats their customers? This could be a win for Onity, if they go out of their way to properly fix their flawed product, but instead they appear to want to turn this into a double-dip of bad business.

Filed Under: cost, fixes, hotels, locks, security
Companies: onity

Judge Posner On A Mission To Fix Patents; We Have Some Suggestions

from the preach-it dept

It's really great to see that Judge Richard Posner has decided to take on our broken patent system in a big bad way. He's had a long-term interest in intellectual property (and even wrote a very good book on the subject, which I keep on my desk), but he's rarely had to rule on patent issues, in part because of our ridiculous setup in which all patent cases are funneled to the Federal Circuit, which historically has been "captured" by patent expansionists (including some former patent attorneys, at points). However, Posner made it clear to a nearby district court that he was interested in maybe heading over to hear a patent case if one arose, and he got a big one: a key patent battle between Apple and Motorola over smartphone patents. As you probably know by now, he dismissed that case with prejudice, and slammed both parties in the process.

While the dismissal was technically over failures in how the damages calculations were done, the rulings and statements he made certainly hinted at the failings of our patent system. Since then, he's not held back on the issue, giving an interview where he questioned the need for patents in "most industries." And, now, he's written an opinion piece for The Atlantic, in which he explains that there are too many patents, and that the system is broken. Basically, he dives in and explores his earlier statements that few industries probably need patents. He starts out by explaining why he thinks patents work in the pharma industry (something that I'm not sure is really true, but let's accept it for now), and then notes that the conditions that make patents work there simply don't apply to most other industries:

But few industries resemble pharmaceuticals in the respects that I've just described. In most, the cost of invention is low; or just being first confers a durable competitive advantage because consumers associate the inventing company's brand name with the product itself; or just being first gives the first company in the market a head start in reducing its costs as it becomes more experienced at producing and marketing the product; or the product will be superseded soon anyway, so there's no point to a patent monopoly that will last 20 years; or some or all of these factors are present. Most industries could get along fine without patent protection.

The key thing that he realizes -- which many patent system supporters ignore -- is that for patents to make sense, you have to have a situation where the invention wouldn't otherwise be created. But in a dynamic industry, where there are many normal incentives -- innovation to beat the competition, for example, or merely innovation to build a better product for you own needs -- it's not at all clear why patents are needed. In fact, because every single party other than the one who gets the patent is blocked from making use of their own efforts, the patent system creates a massive amount of waste. Sure, the "first" one to get to the patent office gets "ownership," but every other person is denied ownership of their own innovation.

In an industry in which teams of engineers are employed on a salaried basis to conduct research on and development of product improvements, the cost of a specific improvement may be small, and when that is true it is difficult to make a case for granting a patent. The improvement will be made anyway, without patent protection, as part of the normal competitive process in markets where patents are unimportant. It is true that the easier it is to get a patent, the sooner inventions will be made. But "patent races" (races, induced by hope of obtaining a patent, to be the first with a product improvement) can result in excessive resources being devoted to inventive activity. A patent race is winner take all. The firm that makes an invention and files for a patent one day before his competitors reaps the entire profit from the invention, though the benefit to consumers of obtaining the product a day earlier may be far less than the cost of the accelerated invention process.

He goes on to discuss the problems of the way the court system handles patent cases, noting that judges don't understand technology, and juries are even worse. Yet, most patent trials demand a jury trial, and juries quite frequently side with the patent holder, "believing that they must be worthy inventors defending the fruits of their invention against copycats -- even though, unlike the rule in copyright law, a patentee need not, in order to prevail in an infringement suit, show that the defendant knew he was infringing."

He goes on to highlight a few other issues, including the terrible job the Patent Office does in reviewing patents. He notes that the examinations are "perfunctory," and that this has resulted in way too may patents being issued, which only exacerbates the problem. I actually think he understates it there as well, because the more patents are granted, the more likely you are to get bad patents, and with bad patents come bad decisions and massive victories for some useless troll. And that just encourages people to apply for more bad patents, which overloads the system even more.

Posner has some suggestions, some of which I think might improve things a small amount, some of which probably won't. While he definitely recognizes that there's a problem, I'm not convinced he's really gotten to the heart of it yet -- though I'm hopeful that will come, as he spends more time on the subject. Here are his suggestions:

reducing the patent term for inventors in industries that do not have the peculiar characteristics of pharmaceuticals that I described; instituting a system of compulsory licensing of patented inventions; eliminating court trials including jury trials in patent cases by expanding the authority and procedures of the Patent and Trademark Office to make it the trier of patent cases, subject to limited appellate review in the courts; forbidding patent trolling by requiring the patentee to produce the patented invention within a specified period, or lose the patent; and (what is beginning) provide special training for federal judges who volunteer to preside over patent litigation.

I know there's a lot of support for that first suggestion, and I definitely can see how it might be helpful, but it does feel like a cheap way out to just "carve out" certain industries. It's treating the symptoms, not the problem. Also, if that happens, I'd bet that patent lawyers will quickly work out loopholes and workarounds. The compulsory licensing system, again, seems like an iffy suggestion. Beyond the fact that some might deem it unconstitutional (because the Constitution specifically says that patents and copyright are about the right to "exclude" -- and a compulsory license eliminates that), it still does keep the same basic friction. It certainly wouldn't stop patent trolling or bogus patents. Eliminating jury trials might be helpful at the district court level, but many of these cases end up on appeal anyway (and, again, some might debate the legality of taking away the right to a jury trial).

The idea of expanding the authority of the USPTO to make it the place where patent cases are heard has a pretty big problem, in that the USPTO tends to be very pro-patent already, and you're basically asking it to police itself. Requiring a patentee to produce the product is an idea that I know has a lot of support around here, but I'm not convinced that it makes sense. You could see situations where someone really does just focus on ideas/research and wants to pass those on to others to make. Perhaps a slight adjustment to that would be not that the patentee has to produce the product, but that they have to either produce it themselves or partner/license to someone who is producing it. Finally, I also worry about the suggestion of "special training." Because who's going to do the special training? Chances are, it'll be patent attorneys. It's not going to be software geeks. We've already seen what happens when we have "specialized" judges. It's called CAFC, and it massively expanded patents.

So what might actually be effective? Here are a few of my own ideas that I hope Judge Posner will consider at some point:

• Independent invention defense. In his article, he even mentions that copyright already (effectively) has this. Copyright infringement has to involve copying. Patent infringement does not. The fact that so many patent infringement cases involve independent invention is lost on most people who don't understand the system. Adding an independent invention defense would fix a very, very large percentage of the problems with the patent system today.
• Independent invention as evidence of obviousness. This is very similar to the idea above, but slightly more nuanced. Patents are only supposed to be given if something is both new and non-obvious to a person of ordinary skill in the art. For the most part, patent examinations focus much more on the "new" part, and not whether the idea is "non-obvious." Some people think that if an idea is new then clearly it's non-obvious, but that's not the case. Often there are obvious ideas that don't go anywhere because the technology/market/etc. just isn't ready yet. But if a number of different people "of ordinary skill in the art" are all coming to the same solution at around the same time, that certainly suggestions the invention itself is an obvious next step, and all such patents should be declared invalid.
• Actually asking those skilled in the art. Patent examiners are often very skilled and highly educated, but they're working in the patent office, not out in the field innovating. It's not as easy as many people think to really keep up on the state of the art if you're not working on it. Just think how many ridiculous patents we see all the time. Many of those bad patents could have been prevented if a patent examiner just went to people in the field and asked them. I know that some people criticize this idea, because they claim that (1) everything looks obvious in hindsight and (2) this will just lead jealous others to insist something is obvious to deny a patent, and then copy the idea themselves. Neither of these are convincing. I'm not saying to just ask, and if someone says it's obvious, the patent is dead. Rather, the patent examiner could ask a few people for an explanation of why it's obvious, and then determine if the reasons are convincing. Already, inventors effectively have "advocates" who argue for them that a patent is valid, so why not create the same sort of thing on the other side -- setting up a true adversarial process -- by seeking out experts who can explain why something may be obvious.
• Get patents going back to the different circuit appeals courts, rather than funneling them all through CAFC. Having a single "patent" appeals court was an experiment, and I think it's clear that it's failed. The court, constantly spending time with patent lawyers, but not with innovators, clearly has an expansionist view of patents, and multiple judges refuse to recognize that patents could have any downside. Spread the cases around a bit, and hopefully you get some more judges who get past the cover story and see the real problems.

There are some other suggestions that I think might be helpful at the margins. But these suggestions would help address many of the biggest problems with the system today.

Filed Under: fixes, patents, richard posner, software patents

Can PROTECT IP Be Fixed?

from the might-be-tough dept

Earlier this week, I went to see Rep. Bob Goodlatte speak at a State of the Net West event in Palo Alto. It was basically a Q&A session, hitting on a variety of points concerning legislation that impacts the tech industry. Honestly, there wasn't too much surprising said, though he was clearly well-briefed and ready for a variety of questions on copyright, patents and privacy -- which were the main themes of the discussion. The one thing that really caught my attention was in response to a question about PROTECT IP asked by EFF lawyer Michael Barclay. Goodlatte noted, correctly, that the current PROTECT IP bill being discussed is the one in the Senate, and that the House has yet to introduce its version, but will in the next few weeks. He claimed that the people working on the bill were definitely aware of the criticism being leveled at the Senate version, and he expected that people would be surprised at the House version. He insisted that it aimed to fix some of the problems of the Senate version, but that it might include some "other things" that might upset the tech community. We'll see what's in there when it's ready, though we've already heard that a version of S.978 -- the bill that can put people in jail for embedding YouTube videos -- will be rolled into the House's version of PROTECT IP. Still, while admitting pretty clearly that the bill was "being driven by" the recording industry and the movie industry, he also noted that they "might not be too happy" with some of the things in the bill when it comes out.

I doubt they'll be too disappointed (other than being upset that it's not draconian enough), but his statements at least raised some basic questions about how you could fix PROTECT IP. Larry Downes takes a stab at the five essential changes needed to fix the bill. He goes into more detail at that link, but the quick version:

1. Don't destabilize the domain name system
2. Leave search engines and hyperlinks out
3. No private enforcement
4. Correct ongoing abuses by DHS
5. Clearly define "rogue" Web site

If I had to guess, I would think that the House bill might actually tackle number one, but I doubt any of the others are under serious consideration. There has been some push for number three, but the entertainment industry lobbyists are salivating so heavily over that one I can't see them giving it up. I haven't seen any indication that anyone (other than Rep. Lofgren) in the House seems to care about the DHS's abuses, so that's out.

But, really, a bigger question may be whether PROTECT IP is needed at all? I agree that the five changes listed above would be a massive improvement, and would make the bill significantly less objectionable. But, why is this even needed? In this era when we're supposed to be focused on evidence-based copyright changes, the industry doesn't show any evidence of actual harm caused by these "rogue sites." They just insist that they must be "losing" billions. But that ignores the point made over and over again in the research: which is that this is a business model issue, not a legal issue. If the industry spent one-tenth the effort it spends on crafting bad legislation on actually innovating and creating services that people like, this wouldn't even be considered a problem at all.

Filed Under: copyright, fixes, protect ip

Why Do We Assume No One Is Fixing The Financial Crisis?

from the things-are-happening... dept

While some keep insisting that the government needs to step in, in a big way, to fix the financial crisis, Paul Kedrosky posits an interesting and worthwhile theory, as well: lots of folks within the industry are scrambling to fix things every day, and if we just gave them a chance they might get stuff done. He's not saying this is definitely happening, but he uses the Y2K crisis as an analogy. Many people were totally freaked out about it, insisting that there was no possible way all the problems could get fixed in time. But they did. They did because a lot of people worked really hard to get things done and solve most of the problems. And he's wondering if the same sort of thing is happening today with the financial markets:

I hear too many naive projections, too many scenarios constructed via extrapolating early failures forward and assuming the same thing can happen in the same way, so systemic collapse is ahead. While that is possible, and this time is different (tm), it's at least worth wondering what if the Y2K lesson matters more than we might have thought. Government aside, independent and fiercely survival-minded actors are doing what they can throughout the economy and the financial system to mitigate the risks they face from the current depression. Credit default swaps are being netted and torn up; banks are trying to unwind swaps and other derivatives. Some financial institutions are accidentally healing, at least a little, under the flood of savings pouring into them from petrified and security-seeking citizens. There are myriad other examples, but the point is that the bell has been rung, people are acting, and communication networks are afire -- and history says these are circumstances in which people can, by protecting themselves, surprise us all with the outcome.

It's definitely a point worth thinking about. We've been told over and over again that only the government can help us out of this mess, but people seem to think that the rest of the financial world is sitting around picking their noses as the world collapses -- and there's little reason to believe that's actually true. In fact, if you listen to this week's This American Life "Act 2" (starting about 45 minutes in) covers a couple of entrepreneurial guys who are doing their part: buying up "toxic" mortgages on their own and restructuring them -- and they're making decent money doing so. While even they're a bit skeptical about that on a larger scale, as Kedrosky noted, the same was true of the individuals working on solving the Y2K crisis as well.

Filed Under: financial crisis, fixes, paul kedrosky, y2k