Preparing for Cyber Patent DisputesAttorney Says All Organizations Should Build Defenses
As cyber patent lawsuits become more common in regulated industries, organizations should take steps to protect their patents and fight infringement claims, says Washington, D.C.-based attorney James Denaro.
Claims of patent infringement targeting technology and software are increasing, especially when it comes to those used by banking institutions, says Denaro, who leads the intellectual property practice at the CipherLaw Group.
The filing of eight lawsuits against U.S. banking institutions for alleged technology, software and systems infringement proves these types of cases are growing, he adds (see Patent Lawsuits Target Eight Banks).
"One thing that can be done would be to develop one's intellectual property portfolio for use in cross-licensing," he says during an interview with Information Security Media Group [transcript below].
So, if an institution is accused of infringement by another organization, a deal could be potentially worked out where the patents could be traded, Denaro explains.
"That doesn't always work, but that may help," he says.
Denaro says institutions and other organizations have started to take that approach. "Recognizing the significance of the technology, some of these companies are building out portfolios in this space," he says.
During this interview, Denaro discusses:
- Why the so-called "patent-trolling" business model is growing;
- Steps organizations can take to work together to protect patents and fight infringement claims;
- The legal pros and cons of open-source versus proprietary security solutions.
Denaro's practice at the CipherLaw Group focuses on strategic patent prosecution and counseling, patent portfolio management and patent litigation. He has worked on patent issues for many Fortune 100 companies. Denaro also has experience representing applicants at the Board of Appeals at the U.S. Patent and Trademark Office and conducting informal interviews with patent examiners.
Recent Patent Lawsuits
TRACY KITTEN: Tell us about some of these recent lawsuits that have been filed against leading U.S. banking institutions such as Chase and Bank of America.
JAMES DENARO: What's happened is a company known as Intellectual Ventures has instituted patent litigations against eight major financial institutions in the U.S. based on two general classes of technology. For those who aren't familiar with Intellectual Ventures, it's a patent holding company that was founded in 2000 and currently has 70,000 IT "assets." ... They've acquired their intellectual property by purchasing it from other companies that either went bankrupt or were just selling their intellectual property to generate revenue. They've purchased it from individual inventors and they also have something they call Intellectual Ventures Lab where they do their own independent research and development, obviously with the intent of patenting that work. Since the founding of Intellectual Ventures, they claim to have brought in revenues of several billion dollars from licensing of intellectual property. In the past, they have sought licenses from quite a wide range of different industries in the United States, but this marks the first time that Intellectual Ventures has pursued the financial services industry with some of the patents in its portfolio.
KITTEN: What is it about these particular disputes that are so concerning?
DENARO: What made these interesting is that the patents in question, at least some of them, are not directed to the financial services products, in their essence. In other words, the patents are directed to functions that a lot of different industries might be using but are not particular to banking. For example, several of the defendants are accused of patent infringement based on their use of unspecified "security practices," and the patents that are alleged to cover the security practices relate to public key encryption, packet filtering, firewall-type technologies, which these technologies and these patents were not conceived of, in connection with necessarily being used in any particular industry, certainly not necessarily with the financial industry, yet they're now leveraged against the financial industry. I think one can kind of see why that could happen. Specifically, the financial industry has certain data security requirements that it must meet, such as PCI-DSS [Payment Card Industry Data Security Standard] for example, and this is the complaint specifically alleged that by adhering to the PCI-DSS standard some of the patents are infringed.
KITTEN: These cases involved what has been referred to as patent trolling. Can you define for us what patent-trolling is?
DENARO: Patent trolling is a term that has been use to describe certain uses of patent rights. Obviously, the term patent troll has a certain negative connotation to it, and, in an effort to have a more balanced discussion of the issue, they're also referred to as patent-assertion entities, or PAEs. It's a little bit hard to define what a patent-assertion entity actually is. There are some distinctions that are not very clear.
For example, if you were to think of some really interesting technology on your way home today and got a patent on it, but you weren't able to come to an agreement with some potential licensees and you sued them, would you be considered a patent troll? You're not practicing the invention. You don't have a product that you sell. You're just an individual with an idea. We probably wouldn't call you a patent troll, because you're just an innovator with an idea. But nonetheless, you're not a practicing entity.
For some guidance on what a patent assertion entity is, we can actually turn to President Obama, who recently said, to quote, "A patent assertion entity is an entity that doesn't actually produce anything themselves and essentially leverages and hijacks someone else's idea to see if they can extort some money of them." Obviously that's some pretty colorful language there, but I think he's kind of really getting at the core idea here - that a patent-assertion entity, or a patent troll, is doing something that's kind of unfair. Obviously, one of the core values we have here in the United States, especially in the legal system, is that we want fairness and justice. Somehow this is a perceived injustice going on here as a result of the way companies are able to exploit the intellectual property portfolios.
KITTEN: How have these suits over patents affected other industries beyond financial services?
DENARO: That's a great question. What we're seeing is that patents covering information security-type technologies - probably construed as everything from cryptography to digital rights management, firewalls and so on - have been asserted against a remarkably diverse group of defendants. One of the things that's really interesting about the way the patent suits are playing out in this industry is that what you generally don't see are major information security companies suing each other.
For example, we're all very aware of the Apple versus Samsung litigation; you don't really see that happening in this space yet. We're not really seeing the MacAfees versus the Symantecs going head-to-head, and that sort of activity. More of what we see looks like patents that cover some information security technology being asserted against companies that use those technologies as an incidental part of some other business that really doesn't have anything to do with the information security or information at all.
A pretty good example of that has been a company called TQP, which received some coverage in late 2012. They have one patent that's alleged to cover HTTPS, essentially SSL plus RC4, and this patent was asserted against many, many companies, simply on the basis of having a secure Web connection between their servers and some end-user out there on the Internet. Obviously, those companies were not in the business of information security, yet they're on the receiving end of a patent lawsuit that relates to these types of technologies.
Protections for Entities
KITTEN: Some of these entities that have been sued, do they have any protections?
DENARO: There are a couple of things that the companies can do. Obviously, if a company is sued for a patent infringement, they can defend themselves in court. That's always an option. Of course, that can be expensive. That's one of the concerns that has been raised about the way patents are being used, in that it's relatively less expensive to bring a case than to defend a case, which seems like it might create some possible inequities in the system.
Beyond that, the one other thing that can probably be done would be to develop one's intellectual property portfolio for using cross-licensing. What we're seeing is that a number of financial institutions have started to do that, even though these institutions are not really in the business of information security. Recognizing the significance of the technology, some of these companies are building out portfolios in this space, and those portfolios could possibly then be cross-licensed.
For example, if one of these institutions was accused of infringement by Intellectual Ventures, perhaps a deal could be worked out. And not just Intellectual Ventures, but whoever it happened to be, it might work out a deal where you could trade patents essentially. That doesn't always work, but that may have some help.
Addressing Patent Trolling
KITTEN: Can you talk about what's being done to actually address some of these patent-trolling worries?
DENARO: This issue is receiving quite a bit of attention in Washington now, and the Obama administration has really been quite outspoken about it. Obama recently offered up a series of executive and legislative actions that are proposed to be taken. The outstanding question is whether or not these are likely to be successful, whether or not they're likely to have any effect. Even if whether they would have effect is contrary to their intended purpose.
In 2011 the America Invents Act was passed and that included a provision which required patent infringement cases against multiple defendants to be filed against those multiple defendants individually in many cases. The way it used to be done is if you thought someone was infringing your patent, you could just sue everybody all over the United States all at once. You could have dozens and dozens of completely unrelated defendants all together in the same lawsuit, and this was very efficient for patent owners or patent assertion entities in particular. The law was changed so that one would have to file individually against all of those potential defendants. As predicted, as a result, patent owners just filed individually against everybody. There's an example where it was expected to be a significant legislative change but actually had probably no effect at all. In fact, it might have made it even harder to manage it because now we had more cases on the same issues. It's hard to say whether these will have any effect, but in any event any real change will have to come probably from the legislature, from Congress, with some significant action. As we've all seen, it's very hard for Congress to take concerted significant action on an issue where there's a lot of money at stake and many divergent interests.
Reforming Intellectual Property Laws
KITTEN: We know that Congress has been very slow at reforming intellectual property laws.
DENARO: For example, one of the most significant changes that could be made to make the system perhaps more fair would be to require that plaintiffs or patent owners pay for the defendants' costs if the patent owner loses, and this would certainly have a pretty big turn in effect on the bringing of a lot of cases, because the defense cost could be in the millions of dollars and it really would force one to think very hard and carefully before bringing a case. That sort of thing could make a big difference, but that's not the way our system works. The way our legal system is structured, one can bring a case and if one loses one doesn't have to pay for the other side, except in extraordinary circumstances. It would require a fundamental change. The contrary argument is sometimes people lose in litigation for the wrong reasons. There are a lot of ways to lose that don't necessarily mean that you were wrong or you had a bad argument. They're unforeseen interpretations of claims or prior art comes out to invalidate a patent that nobody anticipated. That might be kind of unfair for plaintiffs to make them responsible. You can have these debates at great length, and certainly Congress would, which of course decreases the chance of any of those things being passed.
Risks to Organizations
KITTEN: What are some of the concerns or risks that organizations that depend on commercial security products should be considering?
DENARO: There's a certain amount of surprise. It's just inherent in the way the system works and it's not possible to really quantify all of them. It's always possible that there's a patent out there that will cover your core business activities that you didn't know about that gets asserted against your company. But one of the things that you can for sure look out for is open-source software and indemnification provisions that may or may not be lacking in that software. To the extent that you build your own system or use a system that's free open-source with no indemnification behind it, you as that organization will ultimately be responsible for any patent infringement that arises as a result of using that. However, if you use systems that are procured from an outside third-party that come with some indemnification provision, that may help reduce your risk because, while you would still be possibly sued as being a defendant in the patent litigation, at least you would have an agreement with the third-party. That would require that party to come in and defend the litigation and then pay the damages that might be found if there's infringement.
Preparing for Patent Disputes
DENARO: Based on what we were talking about before, it's probably safe to assume there won't be any significant legislative change. Companies need to budget for patent defense. That means probably putting aside a reasonable sum to cover at least potential legal fees for defending cases and possibly even paying out a damages award in the interim. Beyond that, I think companies can think about maybe developing their own intellectual property portfolio, which would have some inherent value in and of itself, as well as being potentially a bargaining chip with at least some of the potential plaintiffs that one might come across.