Our ongoing Reclaim Invention campaign urges universities not to sell patents to trolls. This month’s stupid patent provides a good example of why. US Patent No. 8,473,532 (the ’532 patent), “Method and apparatus for automatic organization for computer files,” began its life with publicly-funded Louisiana Tech University. But in September last year, it was sold to a patent troll. A flurry of lawsuits quickly followed.
Louisiana Tech sold the ’532 patent to Micoba LLC, a company that has all the indicia of a classic patent troll. Micoba was formed on September 8, 2016, just a few days before it purchased the patent. The patent assignment agreement lists Micoba’s address as an office building located in the Eastern District of Texas where virtual office services are provided. As far as we can tell, Micoba has no purpose other than to sue with this patent.
So what does Micoba’s newly acquired patent cover? Claim 13 reads:
A computer system comprising a processor, memory, and software for automatically organizing computer files into folders, said software causing said computer system to execute the steps comprising:
a. providing a directory of folders, wherein substantially each of said folders is represented by a description;
b. providing a new computer file not having a location in said directory, said computer file being represented by a description;
c. comparing said description of said computer file to descriptions of a plurality of said folders along a single path from a root folder to a leaf folder; and
d. assigning said computer file to a folder having the most similar description.
In other words, put files into folders that contain similar files. Do it on a "computer system" (in case you were worried office workers from the 1930s might have infringed this patent).
For a software patent, the ’532 patent is unusually free of patent jargon and pseudo-technical babble. Its specification (this is the description of the invention that comes before the claims) does describe a method for determining when the contents of a file match a folder description. The patent proposes representing folders and files as vectors (which should reflect the frequency of particular words found within). The patent suggests assessing similarity by calculating the dot product of these vectors. But, even assuming this was a new idea when the application was filed in 2003, many of the patent’s claims are not limited to this method. The patent effectively captures almost any technique for automatically sorting digital files into folders.
The ’532 patent issued in June 2013, about a year before the Supreme Court’s decision in Alice v. CLS Bank. In that case, the Supreme Court held that an abstract idea (like sorting files into folders) does not become patentable simply because it is implemented on a computer. The ’532 patent should be found invalid under this standard. In our view, this patent has no value after Alice except as a litigation weapon.
Louisiana Tech represents that it “seeks industrial partners to commercialize the technology developed at Louisiana Tech for the benefit of society.” But it completely failed to consider this public interest mission when it sold the ’532 patent to Micoba. Within two months of the sale, Micoba had filed nearly a dozen cases in the Eastern District of Texas, suing companies like SpiderOak and Dropbox, alleging they infringed at least claim 13 of the ’532 patent. Instead of benefiting society, Louisiana Tech unleashed a torrent of wasteful litigation.
According to RPX, Micoba is associated with IP Edge, which itself is associated with eDekka (the biggest patent troll of 2014) and Bartonfalls (the winner of our October 2016 Stupid Patent of the Month for its patent on changing the channel). Bartonfalls’ trolling campaign recently collapsed when a judge ruled that its patent infringement contentions were “implausible on their face.” If RPX is correct that these companies are connected, Louisiana Tech has hitched its wagon to one of the biggest trolling operations in the nation.
EFF’s Reclaim Invention project was launched to stop universities from feeding patent trolls like this. The project includes a Public Interest Patent Pledge for universities to sign stating that they will not sell their patents to trolls. We also drafted a model state law to help ensure that state-funded universities don't sell their inventions to patent trolls. You can ask your university to sign the pledge.
Yesterday a draft letter was leaked from acting USTR Stephen Vaughn to Congress on the Trump administration's intentions towards NAFTA. The letter describes the administration's intention to "update" NAFTA to include provisions on topics such as copyright and e-commerce that had been contained in the TPP:
Most chapters are clearly outdated and do not reflect the most recent standards in U.S. trade agreements. For example, digital trade was in its infancy in 1994. ... Rules for intellectual property rights, state-owned enterprises, rules of origin, customs procedures, and ensuring the benefits of trade benefit small and medium businesses have all been improved in newer trade agreements.
On copyright, the letter promises to "seek commitments from the NAFTA countries to strengthen their laws and procedures on enforcement of intellectual property rights, such as by ensuring that their authorities have authority to seize and destroy pirated and counterfeit goods, equipment used to make such goods, and documentary evidence." On e-commerce, it commits to tackling "measures that impede digital trade in goods and services, restrict cross-border data flows, or require local storage or processing of data, including with respect to financial services".
Both of these are consistent with the wholesale transfer of TPP obligations into NAFTA, although they are annoyingly vague about what specific rules the U.S. will be including, other than the examples given. However it is worth noting that in at least one respect—the extension of the data localization ban to the financial industry—the letter proposes going beyond what was contained in the TPP. Exclusion of the financial services industry from those rules was one of the main sticking points with the TPP for Republicans while Obama was promoting it.
The USTR letter also indicates that the administration intends to maintain the controversial Investor-State Dispute Settlement (ISDS) provisions of NAFTA, which allowed pharmaceutical company Eli Lilly to sue Canada for the country's decision not to grant two drug patents. Although Canada recently won that case, the ability for foreign companies to challenge legislation and court decisions that go against their financial interests was one of the TPP's most controversial provisions, and will remain divisive as the NAFTA renegotiation goes forward.
Concern on E-Commerce Rules in Trade
The news about Trump's plans for NAFTA coincides with EFF's workshop on electronic commerce rules in trade agreements at RightsCon in Brussels today. (An introductory slide presentation from that workshop is attached to this post.) One of several workshops on trade at the event, the panelists were united in their concern about the risks of new digital issues being addressed in trade agreements that are closed, opaque, and lobbyist-dominated.
Panelist Michael Geist pointed out that many e-commerce rules had formerly been dealt with in more open fora, and attempting to address then in trade agreements may result in rules that are flawed, weak, and inconsistent in their enforceability. While accepting that there are some digital rules that are relevant to global trade, panelist Meghan Sali from OpenMedia noted that "The devil is in the details, and the details are kept secret", suggesting that a more open process would better reflect users' priorities. Marília Maciel from DiploFoundation stressed the need to separate out the issues that are best dealt with in a trade context, from those that may be better dealt with by other, more specialist global institutions. Burcu Kilic from Public Citizen agreed, pointing out how viewing digital issues through a trade lens results in them being treated in a way that doesn't benefit users and developing countries. The final panelist, Maryant Fernández from European Digital Rights (EDRi), gave an example of the topic of data flows and data localization. Trade negotiators tend to see data protection rules as a trade restriction, rather than as legitimate measures to preserve the human right to privacy.
This discussion has a direct bearing on the future of NAFTA, presenting the U.S. with a choice either to focus its reforms on traditional trade issues that would directly impact the manufacturing sector, or to load the deal up with a grab bag of rules on unrelated digital policy issues, which is the approach that led to the implosion of the TPP. Although the administration has since downplayed the significance of the leaked draft letter, it does give us an insight into a least some of the thinking that is going into the NAFTA renegotiation process. Since President Trump has been so scathing of the TPP and abandoned the deal with such fanfare, it would be disappointing if the new NAFTA were little more than a regurgitation of that failed agreement.
President Trump will soon be asked to sign into law a bill that gives tremendous power to some of the most hated companies in America, the cable and telephone industry. If he cares about protecting our privacy from the very special interests he campaigned against, he’ll veto the bill.
In the last week, Congress rushed through and approved S.J. Res. 34, handing away our privacy protections as a favor to Comcast and other cable and telephone companies who want to sell records of our online activity. Tens of thousands of American called and wrote to their lawmakers, asking them to oppose the measure and protect our privacy; the President should stand with them.
How did we get here? It’s simple: our privacy got lost in the D.C. swamp that the President promised to drain.
As soon as the cable and telephone companies learned that we, the customers, had a legal right to privacy around what we do online, they plotted to change the law. In their corporate offices near Capitol Hill they mapped out which politicians had taken their money and began to lobby them at fundraisers, dinners, in the halls of Congress, and in their home states.
Thanks to the swamp, the Senate and House voted to hand our private information over to the cable and telephone industry. There is no doubt that many of the lawmakers who voted for the repeal did so because of the campaign contributions by the telecom lobby.
Americans across the political spectrum believe that the records of what they do on the Internet should not provide another opportunity for cable or telephone companies to make money off of their customers. And, so far, the law has agreed. But the industry sees enormous value in recording and selling everything we do online, such as information we search for related to our medical conditions, religious, and political activity, as well as the news sources we read, the websites we visit, the things we buy, and who we talk to. Once they begin collecting all of our activity, the government will no doubt start demanding that data from them, too.
The President promised to protect us from being ‘sold out’ to special interests by a distant and corrupt establishment in DC. He should make good on that promise by stopping politicians and corporate lobbyists from auctioning off our privacy without our permission and putting us even more at the mercy of our cable and telephone providers.
The President should veto this bill and tell Congress that he’s not going to let them sell our privacy for campaign contributions.
Within days of Congress repealing online privacy protections, Verizon has announced new plans to install software on customers’ devices to track what apps customers have downloaded. With this spyware, Verizon will be able to sell ads to you across the Internet based on things like which bank you use and whether you’ve downloaded a fertility app.
Verizon’s use of “AppFlash”—an app launcher and web search utility that Verizon will be rolling out to their subscribers’ Android devices “in the coming weeks”—is just the latest display of wireless carriers’ stunning willingness to compromise the security and privacy of their customers by installing spyware on end devices.
“collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device.”
Troubling as it may be to collect intimate details about what apps you have installed, the policy also illustrates Verizon’s intent to gather location and contact information:
“AppFlash also collects information about your device’s precise location from your device operating system as well as contact information you store on your device.”
And what will Verizon use all of this information for? Why, targeted advertising on third-party websites, of course:
“AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experiences and in other places, including non-Verizon sites, services and devices.”
What are the ramifications? For one thing, this is yet another entity that will be collecting sensitive information about your mobile activity on your Android phone. It’s bad enough that Google collects much of this information already and blocks privacy-enhancing tools from being distributed through the Play Store. Adding another company that automatically tracks its customers doesn’t help matters any.
But our bigger concern is the increased attack surface an app like AppFlash creates. You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not, the damage to Americans’ cybersecurity could be disastrous.
Verizon should immediately abandon its plans to monitor its customers’ behaviors, and do what it’s paid to do: deliver quality Internet service without spying on users.
Thanks to the First Amendment and longstanding copyright limitations, copyright holders don’t have the legal right to prevent others from using their works to express messages that they disagree with or find offensive, nor do they have a right to prevent someone who lawfully purchases a copy of their work from reselling it, repurposing it, or destroying it entirely.
That’s because copyright law in the United States doesn’t provide authors the ability to launch lawsuits over their “moral rights” (except for some works of visual art covered by the Visual Artists Rights’ Act). And that’s a good thing – by limiting authors’ abilities to control how their works are used, U.S. copyright law creates space for downstream creators and users to adapt and remix existing works to create new interpretations and meanings, without facing a veto from the original author. It also allows those who own physical copies of copyrighted works to use those copies in the ways that make most sense for them – they can annotate them, take them apart and reassemble them into new creations, give them away, or even destroy them.
We have fought for decades to improve copyright law to create more space for downstream uses, but the Copyright Office sought comments [PDF] on proposals that would do the exact opposite: creating a new right of integrity “to prevent prejudicial distortions of the work” and an unnecessary and potentially damaging attribution right (to be credited as the author).
The fight over moral rights, particularly the right of Integrity, is ultimately one about who gets to control the meaning of a particular work. If an author can prevent a use they perceive as a “prejudicial distortion” of their work, that author has the power to veto others’ attempts to contest, reinterpret, criticize, or draw new meanings from those works.
These sorts of uses are paradigmatic fair uses, protected under traditional copyright law. But in countries that have adopted moral rights frameworks, authors (and their heirs) have the power to restrict certain uses or interpretations of their works that they disagree with. For example, as Peter Baldwin notes in his book The Copyright Wars, in France, George Bizet’s heirs succeeded in having Otto Preminger’s reinterpretation of the opera Carmen, Carmen Jones, banned, because they objected to the filmmakers’ setting of the opera among African Americans.
Further, U.S. defamation law already provides remedies in appropriate cases when false, harmful statements are made about a person. If a work is used or falsely attributed in a way that causes real reputational harm to the author, defamation law provides the appropriate remedy. And, unlike a new right of integrity, defamation law contains safeguards designed to prevent the law from suppressing or punishing speech protected under the First Amendment.
The proposed attribution requirement presents lesser, but still significant harms, without adding much benefit. An additional right of attribution is likely to be redundant to existing rights under copyright law, which already provide copyright owners with broad powers to control dissemination of their works. With a right of attribution, copyright holders would have yet another tool to police otherwise non-infringing uses of a work, like fair uses.
A fixed, statutory attribution right is also inconsistent with the rapid and diverse participatory cultural practices that prevail online. Cultural symbols are often rapidly reworked and shared, and norms around attribution vary dramatically across contexts. Many creative communities have established norms regarding when and to what extent attribution is needed [PDF]. A rigid attribution requirement could disrupt these practices and impede valuable downstream creativity, while creating further opportunities for copyright trolling.
A statutory right of attribution could also interfere with privacy protective measures employed by online platforms. Many platforms strip identifying metadata from works on their platforms to protect their users' privacy, If doing so were to trigger liability for violating an author’s right of attribution, platforms would likely be chilled from protecting their users’ privacy in this way.
For centuries, American courts have grappled with how to address harm to reputation without impinging on the freedom of speech guaranteed by the First Amendment. And as copyright’s scope has expanded in recent decades, the courts have provided the safeguards that partially mitigate the harm of overly broad speech regulation.
As we told the Copyright Office, introducing new rights to control the use and meaning of copyrighted works would be a step in the wrong direction.
Lawyers at EFF, the ACLU, and the National Association of Criminal Defense Lawyers released a report today outlining strategies for challenging law enforcement hacking, a technique of secretly and remotely spying on computer users to gather evidence. Federal agents are increasingly using this surveillance technique, and the report will help those targeted by government malware—and importantly their attorneys—fight to keep illegally-obtained evidence out of court.
A recent change in little-known federal criminal court procedures, which was quietly pushed by the Justice Department, has enabled federal agents to use a single warrant to remotely search hundreds or thousands of computers without having to specify whose information is being captured or where they are. We expect these changes to result in much greater use of the technique, and the guide will arm attorneys with information necessary to defend their clients and ensure that law enforcement hacking complies with the Constitution and other laws.
In the largest known government hacking campaign to date, the FBI seized servers running a website accused of hosting child pornography and, instead of shutting down the site, continued to operate it. Relying on a single warrant, the FBI then hacked into users that accessed the site, totaling nearly 9,000 devices located in 120 countries around the world. The FBI charged hundreds of suspects who visited the website, several of whom are challenging the validity of the warrant. In briefs filed in these cases, EFF says that the warrant that enabled this massive hacking exercise is unconstitutional and evidence gathered using it should be suppressed.
As with every new surveillance power obtained by the government, it’s just a matter of time before these secret malware attacks are used in other cases. That’s why it’s important for criminal defense attorneys to get educated about how these attacks work and how they can vigorously defend their clients rights when the technique is used.
The report, “Challenging Government Hacking in Criminal Cases,” explains how to recognize the use of government malware in a criminal case, and it outlines the most important and potentially effective procedural and constitutional arguments to raise when hacking was used to gather evidence. Our hope is that the guide will help attorneys fight back against illegal surveillance, and ultimately place important and needed checks on the government’s ability to hack into our personal electronic devices.
Getting a new job, recovering from an abusive relationship, engaging in new kinds of activism, moving to a different country—these are all examples of reasons one might decide to start using Facebook in a more private way. While it is relatively straightforward to change your social media use moving forward, it can be more complicated to adjust all the posts, photos, and videos you may have accumulated on your profile in the past. Individually changing the privacy settings for everything you have posted in the past can be impractical, particularly for very active users or those who have been using Facebook for a long time.
The good news is that Facebook offers a one-click privacy setting to retroactively change all your past posts to be visible to your friends only. With this tool, content on your timeline that you’ve shared to be visible to Friends of Friends or Public will change to be visible by Friends only. And the change will be “sticky”—it cannot be reversed in one click, and would be very difficult to accidentally undo.
Watch this video for a step-by-step tutorial to change this setting and make your posts more private.
Keep in mind that, if you tagged someone else in a past post, that post will still be visible to them and to whatever audience they include in posts they are tagged in. And, if you shared a past post with a “custom” audience (like “Friends Except Acquaintances” or “Close Friends”), this setting won’t apply
Finally, this setting can only change the audience for posts that you have shared. When others tag you in their posts, then they control the audience. So share this blog post and video with your friends and encourage them to change their settings, because privacy works best when we work together.
Putting the interests of Internet providers over Internet users, Congress today voted to erase landmark broadband privacy protections. If the bill is signed into law, companies like Cox, Comcast, Time Warner, AT&T, and Verizon will have free rein to hijack your searches, sell your data, and hammer you with unwanted advertisements. Worst yet, consumers will now have to pay a privacy tax by relying on VPNs to safeguard their information. That is a poor substitute for legal protections.
Make no mistake, by a vote of 215 to 205 a slim majority of the House of Representatives have decided to give our personal information to an already highly profitable cable and telephone industry so that they can increase their profits with our data. The vote broke along party lines, with Republicans voting yes, although 15 Republicans broke ranks to vote against the repeal with the Democrats.
Should President Donald Trump sign S.J. Res. 34 into law, big Internet providers will be given new powers to harvest your personal information in extraordinarily creepy ways. They will watch your every action online and create highly personalized and sensitive profiles for the highest bidder. All without your consent. This breaks with the decades long legal tradition that your communications provider is never allowed to monetize your personal information without asking for your permission first. This will harm our cybersecurity as these companies become giant repositories of personal data. It won't be long before the government begins demanding access to the treasure trove of private information Internet providers will collect and store.
While today is extremely disappointing, there is still tomorrow. Without a doubt Internet providers (with the exception of the small providers who stood with us) will engage in egregious practices, and we are committed to mobilizing the public to push back. EFF will continue the fight to restore our privacy rights on all fronts. We will fight to restore your privacy rights in the courts, in the states, in Washington, D.C., and with technology. We are prepared for the long haul of pushing a future Congress to reverse course and once again side with the public.