The need for a narrowly tailored Computer Fraud and Abuse Act

Authors: Derek Kan, Rohan Salantry, Shreyas, Max Gutman

Congress enacted its first anti-hacking law called Computer Fraud and Abuse Act (CFAA) in 1986, which was intended to address federal computer-related offenses. The CFAA was originally enacted to protect against the fraudulent use of federal government computers and computers used in financial institutions; with the recent proliferation of computer technology, Congress recently amended the act to include civil and employment liability. Now, the CFAA, which was initially intended to punish hackers and other digital trespassers who damage computer systems or steal customer information, can also be used to prosecute people inside a company who download sensitive data without his/her employer’s approval or possibly even those who access Facebook during working hours.

Critics argue that the language in CFAA is too vague and that the effect of a broad provision implies that any information access that we perform on the Internet, in violation of a private computer use policy, can be seen as a federal crime. Anyone who uses a computer for private use and different activities on the web might be affected by CFAA; this is particularly important when evaluating on-the-job use of computers by employees. One of the more debated areas of the law is centered on the notion that it is illegal to “intentionally access a computer without authorization or exceeds authorized access.” Can liability be imposed on an employee who is given lawful access to a computer and information on it, but later misuses that information in violation of the employer’s personal use policies? Or does it simply place liability on employees who are not permitted to access certain information, but do so anyway?

Under § 1030(a), an employer seeking reprisal in court must establish that an employee (a) had knowingly accessed a computer without authorization or exceeding authorized access; (b) had obtained private information; and (c) done so with intent to defraud that led to at least $5,000 of loss for the employer.

The U.S. Supreme Court has yet to clarify the scope of the CFAA, leaving companies to plead broad CFAA claims against disloyal employees for restitution, and thus leaving trial courts to tussle with the issue. Some employers have tested how CFAA might apply on former employees who captured or destroyed company information upon termination of his/her employment. The activity of employees in these instances is far cry from the innocuous activity of checking Facebook during office hours, but both fall on the spectrum of access. However, relevant case law has not provided a strong consensus on the matter.

In International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2006), courts considered whether an employer could pursue action against a former employee for intentionally erasing files from a company laptop before terminating employment and starting a competing business. The Seventh Circuit ruled that an employee who breaches loyalty for the purpose of furthering an act of disloyalty to the employer, becomes “unauthorized” to access the employer’s computer. To the contrary, the court ruled in LVRC Holdings, LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009) that an employee’s act of disloyalty does not render his/her access to an employer’s computer “unauthorized”. The court found that there is no statutory language to support that authorization concludes implicitly when an employee determines to act contrary to the interest of an employer: “It is the employer’s decision to allow or to terminate an employee’s authorization to access a computer that determines whether the employee is with or without authorization.”

A recent case involving the vagueness of language in the CFAA is United States v. Nosal, 642 F.3d 781 (9th Cir. 2011). As in the previously litigated cases, US v Nosal, involves a company claim that employees exceeded authorized access. The company also claims they were defrauded by the band of employees and Nosal (an ex-employee) who used information stored on company computers to start a new business. The majority opinion of the Ninth Circuit Court of Appeals concluded the definition of “exceeds authorized access” proposed by the US would lead to a broadening of the CFAA to the point where everyday computer acts would be criminalized. The charges involving the CFAA brought against Nosal were dismissed.

What does this convey to us when courts are unclear about what “unauthorized access” means?  Many companies take matters into their own hands and block unauthorized users from accessing specific file directories, intranet pages or Internet content. Unauthorized access in the context of technological enforcement seems clear cut but when employees find ways to breach these access protections to view Facebook, to use g-chat or listen to music during work hours they face the risk of prosecution under the CFAA.

Beyond computer use in the workplace, the effect of the CFAA on consumers is tremendous, as it is applicable to everyone who uses an Internet-enabled device, whether it is from a personal computer, smartphone or tablet. The CFAA has the ability to transform what many would consider to be minor dalliances into prosecutable criminal offences, such as lying about his or her age on social networking sites. Consumers access the internet everyday, in many cases from different devices at once; for consumers to be unaware of the private computer use policies as a whole presents challenges in terms of both adherence and prosecution.

Under § 1030(a)(2)(C) the Justice Department prosecuted Lori Drew, a woman who posed as a 17 year old boy to cyberbully her daughter’s classmate on the social network, Myspace. Like those of other social networking sites, the Myspace Terms of Service prohibit users from falsifying his/her identity and personal information. It has become quite common, however, for consumers to falsify information on social networking sites to invent an impressive web persona or disguise their true identities for security purposes. Despite the fact that many could deem misrepresenting one’s age a harmless act, under the breadth of the CFAA, those who do so could be prosecuted criminally.

Although the government assures us that it would not prosecute “minor violations”, this term is open to interpretation and it is unclear how the term will be evaluated by prosecutors in the future. Recent judgements have adopted a broad interpretation of the statute, as it would criminalize common computer related activities. The Circuit Court suggested that previous decisions, delivered by lower courts, had not considered the effect of the statute on ordinary citizens. Furthermore, they suggest that vague criminal statutes such as CFAA should be construed narrowly, as it is not the court’s position to put words into the mouths of lawmakers. Finally, the courts have also suggested the rule of lenity that ensures that citizens have fair notice about what conduct of theirs would be considered criminal by law.

The ubiquity of computers and the ease by which information can be transported and corrupted by users has led to the enforcement of an act that needs refinement. The CFAA was crafted before the Internet was omnipresent in the workplace. Employees today have access to an array of sensitive company information, leading to scenarios that the writers of the law may never have envisioned. The language defined by Congress at the beginning of enterprise adoption of computers is not sufficient for today’s work environments and the courts are struggling to make sense of it. In many cases, the result hinges on what authorization and access means in the new paradigm of work. The final word will come from Congress, but for now, the most recent cases have affirmed that computer users will not be thrown in jail for violating company use policies or other terms of service agreements.

 

The Potential of Thingiverse vs. The Threat of History

Authors: Andrew Lomeli & Sasaki Masanori

Thingiverse is a popular website where users can upload original digital design files that can be created by personal 3D printers and laser cutters. While users generally rely on public and Creative Commons licenses, they can choose whichever type of license to apply to their design. The site is most popular in the 3D-printing community, and it currently hosts over 15,000 designs. The open-source nature of the site further allows users to build off of each other’s designs, inevitably resulting in the creation of many mashup and collaborative projects.

This past February, one of the first copyright lawsuits involving 3D printing almost came to fruition, as Artur Tchoukanov sent Thingiverse a DMCA takedown notice after Ulrich Schwanitz posted a design for a 3D Penrose Triangle that Tchoikanov had originally publicized via a YouTube video. Tchoukanov eventually dropped the claim, but the threat of DMCA stalling innovation is ever-present.

Thingiverse provides a unique service that could make the procurement of consumer goods and everyday tools easier. For example, one user with a broken doorknob could log on, download a comparable doorknob design, and print it using his or her personal 3D printer–rather than having to travel to a physical store and paying money out of pocket. The potential is truly limitless as a means for consumers to instantly trade not only ideas but also physical objects across thousands of miles without any of the logistical challenges and fees of shipping.

As wonderful as this service may appear, there are obviously serious copyright issues at play. Much like other file-uploading services, Thingiverse provides a medium for potential infringers to post designs for objects either copyrighted or patented, whether they be a figurine of a popular cartoon character or a practical medical device. This potential for this threat, however, is insignificant, compared to the plethora of other potentially beneficial services Thingiverse may provide.

The Sony v. Universal case is of particular interest to Thingiverse developers, as it provides us with a unique test for determining whether such a service threatens copyright. The case set the fundamental precedent that the service/equipment “does not constitute contributory infringement if the product is widely used for legitimate, unobjectionable purposes.” Home recording devices escaped running afoul of copyright through their ability to fulfill the practical, non-infringing practice of private, non-commercial time-shifting. Moreover, copyright holders could not prevent other copyright holders from authorizing such time-shifting, and even non-authorized recording could be classified as fair use.

Applying this test to the Thingiverse case, we ask ourselves if the file-sharing enabled by Thingiverse fulfills other legitimate, unobjectionable purposes. Moreover, does Thingiverse fully grasp the potential for users to infringe as they log onto the site? What potential safeguards are in place to monitor such practices?

Secondly, we see that cases in which people may build upon a copyrighted design, users are in fact finding a fair use of the design. By adjusting and building upon these existing products, users are in fact transforming it into a different object. Of course, such an application of the fair use case may not always be ideal, but such discussions would at least be thought-provoking and have tremendous implications in the future.

Thirdly, the spread of 3D-printers may bring potential questions related to not only liability rules of copyright, but also liability rules of design patent. As we saw Apple’s patent claims, US design patent covers the ornamental design for an object having practical utility. In coming 3D-printing era, how will industrial design rights be protected?

For example, using a 3D-printer, we will easily be able to copy plastic goods with very low cost. Imagine the situation: a user of Thingiverse bought a neatly-designed smartphone case, which is protected by design patent; if he/she scanned and uploaded its 3D-CAD data on Thingiverse, what problems may arise?  Many people would start printing the smartphone case instead of buying it. In that case, smartphone case manufacturer might sue Thingiverse for second liability for infringement of their design patent.

One problem is that current patent law does not have “safe harbor” rules like DMCA. DMCA sometimes stalls innovation based on web community, but it is also true that it provides “safe harbour” from troublesome liability for web industry such as internet service providers. However, there are no established procedures to avoid second liability for such kind of patent infringement. This can be a serious risk for them and the chilling effect might impede growth of 3D-printing online community.

We must remember the history that intellectual property law has balanced the right against the use along technological evolution. When a pen was the only tool to copy information, we did not have any such copyright rules. After the invention of letterpress which significantly decreased costs of copying books, the first copyright act was enacted in England.

After a long period, when Sony released VCR which enabled copying TV programs and movies at home, the court showed the new balance between the social profit and expense of it. Furthermore, digitization of the information reduced a copy expense to 0; the government and the congress made DMCA to make the balance of digital era. The court also showed new balance in Grokster case.

The intellectual property law and policy has co-evolved with technology for a long time. 3D printing, which is fusional technology of Atoms and Bits, will urge changes in not only copyright, but also design patent. We should keep watching these changes.

Much as the printing press revolutionized the sharing of the written word, the player piano shifted the value of music, the radio made songs more accessible, and VHS and cassette tapes allowed for the easy copying of music, 3D printers and the Thingiverse community is facilitating the easy exchange of simple inanimate objects. And much like all of these revolutionary technologies, this new force is meeting extreme blowback from rights-holders looking to preserve their status quo business practices. These examples ended up surviving the test of time as a service that only expanded audiences, and it will be exciting to see whether Thingiverse will mimic history and how exactly it will revolutionize the market for consumer goods.


Secondary Copyright Liability and the End of Megaupload

By: Julia Kosheleva, Kate Rushton, Ryan Baker, Corey Hyllested, and Christine Petrozzo

Megaupload, a Hong Kong-based online file storage service, was founded in 2005 by Kim Dotcom, a resident of New Zealand. Until recently, the company provided cloud storage, or cyberlockers, to its 66.6 million users and deployed hundreds of servers throughout the world, including the U.S., Netherlands, and France. The company made money by selling advertisements and premium subscriptions. The basic function of Megaupload allowed users to upload files to “lockers”, where the file was stored on a company server. Then users could publish the name of the file and the locker URL on public blogs, from which anyone could download or stream the content. In its Terms of Service, Megaupload required its users to agree not to upload copyright protected materials. The company also claims that it took down unauthorized content when its registered DMCA agent was notified of such material by copyright holders during the years of its operation. It also created a so called “abuse tool” which allowed copyright holders to remove files.

In January 2012, the federal grand jury in Alexandria, Va., charged Megaupload with abetting criminal copyright infringement, claiming illegal distribution of at least $500 million worth of copyrighted music, TV shows, movies, video games, software, books, and images. It claims that 90 percent of the content uploaded to Megaupload was infringing and that Megaupload’s employees were well aware of the fact that the site was used for uploading infringing materials as evidenced by internal email exchanges and chat logs. Moreover, internal communications indicated that employees understood the importance of this content to the success of the business.

Megaupload’s case is similar to Viacom v. YouTube in many respects and it will raise similar legal questions. Does general awareness of the illegal materials disqualify the service provider from DMCA safe harbor protection or is it knowledge of only specific files? Does the DMCA provision speak to “willful blindness”? Is it conceivable that a service provider which receives financial benefits directly attributable to infringing activity qualify for safe harbor? On the other hand, this case will expose additional complex legal issues as it expands beyond U.S. borders and deals with a substantially large volume of known infringing content.

The DMCA’s 17 U.S.C. § 512(c) provision specifies a set of requirements that a service provider must meet in order to be eligible for safe harbor immunity. The first of these requirements stipulates that the provider must not have actual subjective knowledge that the material or activity on its network was infringing, and that it must not be aware of facts or circumstances that would lead an objective, reasonable person to find a likelihood of infringing activity (as interpreted by Second Circuit in Viacom v. YouTube).

In Viacom, the Court of Appeals clarified that disqualifying knowledge must be of “specific and identifiable infringements,” and that “mere knowledge” of the presence of infringing materials on the site is not enough to disqualify a provider from DMCA safe harbor. That court found several internal YouTube communications that suggested that staff members did indeed have awareness of specific cases of infringement, and may not have acted to remove them expeditiously. The court found that YouTube may have been ineligible for safe harbor protection, and remanded to the District Court for fact-finding.

Similarly, the government’s case that Megaupload employees had actual knowledge of specific infringement cases is supported by looking at certain site features and internal communications. One contention is that the site’s “Top 100” download lists were doctored to remove mentions of infringing material, and did not “actually portray the most popular downloads” (Ars Technica). This suggests that Megaupload’s staff may have had direct knowledge that a file was infringing and affirmatively hid it from view. The government also points to internal emails in which employees mention infringing files by name, with no indications of concern or plans to remove them. There are also allegations that employees themselves uploaded a copyrighted “BBC Earth” episode in 2008.

If these facts were presented to the same Second Circuit Court as in Viacom, the court would be highly unlikely to find that Megaupload was entitled to DMCA safe harbor protection, based on the “actual knowledge” provisions set forth in 17 U.S.C. § 512(c)(1)(a).

In § 512(c)(1)(b) of the DMCA, a website service provider only benefits from safe harbor if it has the “right and ability to control” infringing activity, and does not directly benefit financially from the acts of the infringement. According to the Viacom case, the court examined two interpretations of the statutory phrase brought by the defendant and the plaintiff: 1). YouTube doesn’t know of the infringing material, therefore how can it control the activity, and 2). YouTube has the right to remove or delete any of the videos on its servers, therefore it has the ability to control the infringing activity. The same arguments can be made for Megaupload, even though its evident the employees of the company had actual knowledge of the infringing material. The court remained vague on the phrase in Viacom, but suggested there needs to be “something more” other than removing or block access to the content. The “something more”…? The Court never specified, and still remains vague today as its been turned back to the trial court for more fact-finding.

 

Although there’s still room for interpretation regarding the “right and ability to control”, it can be argued YouTube directly benefitted from the infringing content through its display advertisements. Similarly, it’s been reported Megaupload generated more than $175 million in illegal profits through advertising revenue (Ars Technica). Until the lower Court clarifies the phrase “right and ability to control,” disqualification for safe harbor benefits remain unclear for Megaupload.

According to § 512(c)(1)(c) of the DMCA, a website hosting user-generated content is offered safe harbor as long as it “responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.” YouTube complied with this portion of the DMCA, promptly deleting videos when it received notice of infringement. In fact, Viacom notes that all of the videos disputed in the case have since been taken down. YouTube also developed the ContentID system, which allows copyright holders to scan through audio and video and automatically detect and flag content similar to their own.

In contrast, one of the strikes against Megaupload is that its “Abuse Tool,” allegedly designed to allow DMCA takedown notices, only removed links to infringing content, rather than the content itself. This loose interpretation of the “remove, or disable access to” requirement may prove to be its downfall, because the architecture of Megaupload is such that there may be many links to the same file. The reason for this is technical–if a user wanted to upload a file that Megaupload already had, it would simply provide a new link to the file rather than re-upload it. However, this also means that removing a single link does not remove access to the infringing content, because other links to the same thing still work. As a result, courts will likely find this to be non-compliance with safe harbor provision 512(c)(1)(c).

As far as new developments arising out of the Megaupload case, Kim Dotcom is working on a few projects, Mega, a newer digital locker with more protection for users and MegaBox, a music-sharing service that allows artists to sell their art and reap 90 percent of the revenue.

Mega, which after the shutdown in Gabon (me.ga) is slated to go live in January 2013 on the anniversary of the raid on the MegaUpload servers.  Mega, like MegaUpload before it, is a cloud-based service that allows users to upload, access and share files. The new service will also provide a one-click encryption of files. The decryption key will be given to the user, and not stored by Mega. This prevents Mega from being able to review or be aware of what files are uploaded to its servers. Another key difference, is Mega will not remove duplicate copies. Thus, ten uploads of the film “The Big Lebowski” creates ten different copies–each encrypted with a different key. Kim Dotcom maintains this will not be a “middle finger” to Hollywood or the U.S. Department of Justice. It will also allow content creators such as film studios, the ability and access to remove files. Prior to having access to the tool, content creators must agree not to sue Kim Dotcom or the Mega service. The EFF’s Julie Samuels hinted its just the next iteration of a cat-and-mouse game on the Internet.

MegaBox, the not-yet-release music service, will allow users to purchase music or they can install a tool that will replace up to 15 percent of their Internet ads with ads provided by MegaBox.

205 in the news article:
http://tech.fortune.cnn.com/2012/07/11/megaupload-cyberlocker-copyright/

Other sources:
http://arstechnica.com/tech-policy/2012/01/why-the-feds-smashed-megaupload/
http://www.wired.com/threatlevel/2012/10/megaupload-mega/

Patent Law: A Hurdle for the Software Industry and Innovation

By: Divya Karthikeyan, AJ Renold, Ashley Christopher Bas Desouza, Haroon Rasheed, and Jake Hartnell

Overview:

The purpose of a patent is to provide incentive for technological innovation, not only to conceive of an invention, but also to allow the idea/concept to enter the market, so that a substantial benefit can be derived by the public. Yet in light of the Information Revolution, software has presented a unique challenge to the US Patent System. As more and more of the world economy conducts its business online and more and more people become dependent on software in one form or another, the importance of software patents as a means to differentiate oneself in the marketplace has become proportionally important. However, many have come to view current patent law as problematic to the software industry and a hindrance to innovation. Justice Kennedy noted in Bilski v. Kappos, ‘With ever more people seeking patent protections for their inventions, patent law faces a great challenge in striking the balance between protecting inventors and not granting monopolies over procedures that others would discover by independent, creative application of general principles.’ This balance is very much under threat in the Software industry.

Who benefits?

Under the current system, it has been found that the substantial benefits of software patents have been accrued by a few individuals or corporations. Lately there have been a number of high profile cases involving large companies—Apple v Samsung or Apple v Motorola—suing each other for patent infringement. While these “Patent Wars” generate a lot of interest in the media with commentators lamenting the potential damage to the idea of innovation, these large companies usually reconcile with each other through cross-licensing of their respective patents. They escape most of the trouble patents cause, while enjoying a large share of the power patents confer. This is why the chief supporters of software patents are multinational corporations. They have a great deal of influence with governments.

Large companies also force small companies/developers to cross-license with them. Because of their influence and deep pockets, large companies often try and succeed in getting their features incorporated as industry-wide standards. An example of this took place in the late 1990s when Microsoft, at the time at the peak of its powers, menaced the online community, by obtaining a patent affecting style sheets—after “encouraging” the W3C to incorporate the feature in the standard. This was not the first time that a standards group has been lured into a patent’s maw. Public outcry on that occasion forced Microsoft to refrain from enforcing this patent; but other large corporations might not be so merciful because the economic benefits of enforcing a patent are simply too great.

While small companies can benefit from a patent, they often do not own sizeable patent portfolios. Thus, a large or complicated product risks infringing some previously issued patent. In addition, it is a lot harder for a small inventor to obtain a software patent. With the many recent Supreme Court cases, software innovators now must adhere to various new laws and regulations before obtaining a patent, increasing the costs for preparing and obtaining software patents. A small inventor usually has a difficult time commercializing their products and enforcing a patent. They also lack the resources to track every instance of patent infringement or defend their patents or file petitions to invalidate dubious patents. Litigation is quite complex, even without the difficulty of explaining technologies to juries and judges. All these factors contribute to reducing the incentive for smaller developers to innovate—a departure from the intent of the framers of the patent system.

It is in this environment that the 2nd beneficiary of the current patent system steps in – The “Patent Troll”. These are basically individuals/companies/groups who purchase software patents usually from small inventors who are unable to or unwilling to bring their products to market. Their rationale is that they are leveling the playing field between big companies and inventors and small patent holders, who previously “were getting their rights steamrolled by big companies.” The small inventor gets compensated for his/her work and is not bullied by the big companies to cross-license. Surely, this gets us back to the intent behind patents – i.e. innovation and promoting science and technology. However, a closer look at the business model of the Trolls reveals that they are more opportunistic than altruistic. Trolls run a virtually risk-free business. They buy patents and enforce them through licensing or litigation. They don’t build products but earn revenue by suing others, a very lucrative business model indeed. The key point is that the licensing fee should be low enough to entice the “infringers’ to settle rather than go through messy litigation. They also don’t discriminate between which companies to target. Large companies prefer to settle to avoid unwanted publicity while small companies do so out of compulsion as they lack the resources to defend themselves.

One such Patent Troll is Webvention, which has a patent (United States Patent No. 5,251,294) for the functionality known as a “mouse over” or “preview” that displays a short summary of the information to be found through an internet link when a computer user points the mouse or cursor at the link. Webvention “claims that 339 companies, including Google, Nokia and Orbitz, have paid the one-time licensing fee of $80,000” over the 4 years it has owned the patent. Yet another troll is “PersonalWeb Technologies.” which sued Rackspace for hosting GitHub service. This case is a prime example of the deficiencies of the current Patent Law. GitHub is the one doing the innovating while PersonalWeb is taking advantage of a bad Law for profit. It is uninterested in innovation or the public good.

In the hands of the Trolls, Software patents are weapons of mass extortion. Indeed, there are many technologists who argue that software patents are deleterious to the public good and should be abolished altogether.

Consequences and losers:

The increasing number of Patent lawsuits within the software and technology industry has created a chilling effect on innovation that the media has been quick to point out. In his recent Wired article on software patents, Richard Stallman, a programming freedom advocate, opines that patents protecting computational ideas are stifling the development of software. In part this is due to the fact that software draws on thousands of ideas, many potentially patented designs or computations, to create innovative products. Stallman also asserts that the patent system produces ‘bad quality’ patents, which we will later explore in SurfCast’s recent lawsuit against Microsoft. (Wired Article). Ultimately, the volume of software patents and the volume of patent litigation create huge legal costs and can stifle innovation for both small and large corporations.

For Small corporations, with limited capacity to defend their new software products, the mess of software and design patents creates a blind spot to potential lawsuits from large corporations and patent trolls. A 2011 lawsuit filed by Lodsys against multiple iOS and Android developers alleging their infringement on a patent covering in-app purchases is believed to have targeted small developers in hopes that they would settle for a small licensing fee. Relative to the income of app developers, the licensing percentage would have been less than the cost of litigation and a small business might opt to settle a lawsuit without questioning the validity of the patent. (Lodsys article) In a 2008 case Vlingo was sued by Nuance over five patents relating to voice recognition technology. Vlingo won the first case at a cost of $3 million, yet ultimately sold its business to Nuance because of the financial risk in defending the four remaining patent suits. (NYT) The small innovator’s patent litigation blind spot and their lack of defensive capacity disincentives risk taking and innovation, a result contrary to the objectives of U.S. Patent Law.

Large corporations developing new software and technology products also have a complicated position in software patent law. The well-publicized ‘patent-wars’ have dramatized actors such as Apple, Samsung, Google, and Microsoft, as assembling arsenals of patents and legions of lawyers. Their deep pockets also attract lawsuits from patent trolls, as we will later examine in Surfcast’s suit against Microsoft. The risk of patent litigation has led them to adopt a policy of ‘patenting everything’, as Steve Jobs famously ordered Apple executives, and the rise of the ‘patent everything’ policy likely contributes to the volume of bad-quality patents pointed out in Stallman’s Wired article. (NYT) From the perspective of a manager or developer within a large corporation, the knowledge and responsibility of having a product be the target of scrutiny by corporations possessing arsenals of patents undoubtedly creates a chilling effect on risk taking and innovation. A manager who is not careful might put their job on the line if their product attracts costly litigation.

Taken together, the costs of software patents to small innovators and large corporations alike are estimated to create a so-called patent tax on software and technology products. Boston University researchers estimate that this adds as much as 20% to companies’ research and development costs. (NYT) At the end of the day, these costs are passed to consumers in the form of increased prices and fewer products due to slowing or foregone innovation.

Problems and challenges in resolving patent infringement issues: SurfCast v. Microsoft

There is doubt as to whether the current patent laws are the best suited to resolve software patent issues. Following the launch of Windows 8, which includes self updating dynamic ‘Live tiles’ displaying content from various sources, a Portland based company SurfCast filed a patent infringement claim against Microsoft stating that the concept of tiles was covered in their patent in 2004. To Microsoft’s defense they also had a patent for their ‘Live Tiles’ in 2011.

This brings us to one of the most pressing challenges facing the patent system. The patent office does not determine if an invention to be patented infringes any prior patents. So it is extremely difficult to know during the patent filing process, if a patent infringes prior patents. This being the reason that both SurfCast and Microsoft held patents for the invention of tiles showing dynamic content. In this case when a patent infringement issue comes up, determining whether the two ideas are similar is a complicated problem.

From section 101 of the patent laws, given that ‘Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.’ justifies the patent approval for both the companies as there was innovation in both patent claims. It is not obvious if the fact that SurfCast did not use the idea to produce a product be used against it thereby creating an ambiguity resulting from the inability of current laws to satisfactorily resolve software related patent issues

Microsoft has cited SurfCast’s patent (6,724,403) under the References in their ‘Live Tiles’ patent. So it is obvious that Microsoft was aware of the technology that SurfCast had patented. SurfCast alleges in the lawsuit that Microsoft was aware of the ‘403 patent as early as 2009 much before Microsoft patented the Live Tile design. Sometimes the existing patents are very vague and cover a broad domain. It is difficult to know if someone has already patented a technology that you are independently working on. Unfortunately, independent invention cannot be used as a defense for patent infringement. Companies are often sued for violating patents that they never knew existed.