Slashdot Mirror
Meet the Lawyer Suing Anyone Who Uses SSL
Sparrowvsrevolution writes "Since 2008, Dallas, Texas attorney Erich Spangenberg and his company TQP have been launching suits against hundreds of firms, claiming that merely by using SSL, they've violated a patent TQP acquired in 2006. Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented. So far Spangenberg's targets have included Apple, Google, Intel, Dell, Hewlett-Packard, every major bank and credit card company, and scores of web startups and online retailers, practically anyone who encrypts pages of a web sites to protect users' privacy. And while most of those lawsuits are ongoing, many companies have already settled with TQP rather than take the case to trial, including Apple, Amazon, Dell, and Exxon Mobil. The patent has expired now, but Spangenberg can continue to sue users of SSL for six more years and seems determined to do so as much as possible. 'When the government grants you the right to a patent, they grant you the right to exclude others from using it,' says Spangenberg. 'I don't understand why just because [SSL is] prevalent, it should be free.'"
Who's up for forming a lynch mob?
Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented.
Now, don't get me wrong, this is patent trolling at it's absolute worst, but what exactly is this quote supposed to mean? We (rightly) complain all the freakin time how people shouldn't be granted patents just by adding "on the internet" or "on a computer", we can't have it both ways. If there is a valid patent to provide secure communications through USPS and the key steps of that patent are being performed as part of secure communications online, why shouldn't that be considered to be violating the patent?
I don't understand why the WWW was mentioned. SSL isn't tied to web technology. It makes me wonder if the submitter (and editors) have any idea what SSL is.
Cases like this might be bringing the patent system closer and closer to some form of "Intellectual Property Eminent Domain," which would be very suitable for something as widespread and important as SSL.
Now I am in danger if I activate SSL on my website? Why didn't Apple grind them to dust? Are their lawyers too busy duking it out with Samsung?
C'mon Google, take aim and give 'em both barrels!
"Your sure about that are you?"
Yes? The web was invented in '92.
Or are you saying the patent wasn't granted in '89?
All it would take is Google or one other company with adequately deep pockets to actually take this guy to court and that would be the last we'd hear of Mr. Spangenberg or his trollish little company.
The problem here is not that the patent was filed before SSL was invented (about 1995) -- that could be fine, if SSL was using a patented technology that pre-dated its own invention.
The problem here is that the attorneys are accusing the practice of 'sending network records over a wire and encrypting them with a stream cipher', where in this case the cipher is (I believe RC4). However RC4 was invented in the 1980s and should pre-date this patent. I'm certain that somebody used it to encrypt network traffic in an almost identical manner, so there should be prior art.
Moreover, stream ciphers in general have been around for much longer than that. Someone somewhere has published/deployed this idea before. It should not be a live patent. Note that the case has never been tested by a court.
You must see the good in this man. He has set up well over 200 companies to make the point that software patents is a bad thing. He even tells this to all the companies and judges he can find. He will finally succeed and software patents will be abolished.
Patents should be like Trademarks. Use it and protect it or lose it.
According to TFA, the patent apparently infringed upon has expired, however this mob can still sue people who used it in the past for the next six years.
So, if you start a new company now that uses SSL you should be in the clear.
He may be on the correct side of the law as far as current patent law goes, but I'm of the opinion that, at least sometimes, the fact that it's prevalent means that it should be free. Particularly when it comes to computer software, and particularly when it comes to communications and the exchange of information. File formats should be able to be written and read without a license. You should be able to make your software communicate with others using network protocols that are unencumbered.
I don't know that I have an objection to software patents per se, but when it comes to file format standards and network communications standards, you should not have to pay in order to participate.
Marconi was sued by telegraph companies that thought they had a fifty year monopoly on morse code. The communications IP legal situation has been a sick joke since at least then.
*ahem*
https://pbs.twimg.com/media/A7fS7U1CYAADS0g.jpg
"Your sure about that are you?"
Yes? The web was invented in '92.
Or are you saying the patent wasn't granted in '89?
And, more relevantly, HTTPS didn't appear until 1994. (Netscape originated it, as an extension to the HTTP standard -- you needed their browser, and their webserver to be able to use it.)
So, clearly this is all Netscape's fault.
'I don't understand why just because [SSL is] prevalent, it should be free.'
This statement is one of those really douchebaggy things that douchebags douche out.
All of that being said, SSL needs to be replaced with something better anyway.
Sorry if this is totally off, but aren't patents supposed to prevent the manufacturing and distribution and/or selling of the patented items, and have nothing to do with the usage? That means this statement is at least misleading, if not down right lying: “When the government grants you the right to a patent, they grant you the right to exclude others from using it.”
To clarify: If I use SSL on my website, I don't think this patent applies to me. I didn't make SSL, and I'm not providing SSL for download. Go sue the OpenSSL guys, or sue Debian, Red Hat and Canonical for distributing your patented thingy, and hope the EFF doesn't chime in.
The big guys who settled are making and selling products that ship SSL within. Except Exxon Mobil - I have no idea what they could sell me with SSL in it, and appear to have settled just because the inconvenience of a lawsuit wasn't worth it. If he isn't asking for crazy amounts, the big guys may not even twitch and just pay up. As in "hey, I see your patent, it doesn't look like it could hold in court, but... you're asking for peanuts, so here you go, please go away". Because in that case the lawyers would cost a lot more just to throw the case out of court, and this guy's company doesn't have any assets that can be reposessed to cover the costs.
Conclusion: he's not going to sue anyone small, and he'll stop when all the big cows have been milked - unless he meets the wrong kind of cow before then.
Question for religious people: where do unrepentant masochists go when they die?
Read the article, the guy has different companies for each patent. That is one of the signs to recognize a patent troll, create a shell company with no assets and no product so if you loose, you loose nothing and they can't counter sue because you have no product so nothing that can infringe.
Many big companies just consider this the cost of doing business and just pay up, thereby feeding the leech to become ever stronger. But fighting it would gain you nothing except a warm feeling.
mind you, most of the big companies are jealous they didn't think of it first. Apple sued by a patent troll? Awh!
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
All it would take is Google or one other company with adequately deep pockets to actually take this guy to court and that would be the last we'd hear of Mr. Spangenberg or his trollish little company.
From the summary:
And while most of those lawsuits are ongoing, many companies have already settled with TQP rather than take the case to trial, including Apple
A company with deep pockets? $100 billion dollars isn't "adequately" deep enough?
I don't know anything about this patent but if there was a company that thought they'd have the money to shut these guys up, it'd be the elephant in the universe with so much money they have a dividend and share repurchase program.
My work here is dung.
a Proposed penalty is if you get convicted of being a "patent troll" and try to use a submarine patent (or purchase an otherwise inactive patent to use as a submarine patent) ALL patents held by you are rendered VOID and are now Prior Art as applies.
also to violate a patent you should have to hit each and every claim (no partial claims allowed) unless the claims form a complete set but have Common Sense branches (deploying a patent in a Fixed Mobile land Mobile Air Mobile Water manner would be one)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Now I am in danger if I activate SSL on my website?
No, because the patent has expired.
You are in danger if you enabled SSL[*] on your web site back when the patent was active. Then you can be sued now over it.
[*]: Or used any other of a wide range of symmetric encryptions facilitated by a handshake, web or no web.
Also, to clarify, this seems to not be over SSL itself, but rather over "using a shared seed value to generate pseudo-random key values at a transmitter and a receiver." RTFA on CipherLaw Blog.
Isn't CTR-mode use of a cipher block prior art? This was invented in 1979 by Dife and Hellman and in effect turns a key into a series of pseudo random values which are xored with the plain text.
When the democrats say, "you didn't build that", maybe they mean this guy?
Actually, Google has a track record of doing exactly that. They just fought (and lost) a case this last week to a patent troll company. In it, the jury awarded a 3.5% royalty of (bear with me here) the amount of demonstrated revenue increase for the previous year of infringement for U.S. revenues, plus 3.5% going forward until the patent expires. This amounts to an estimated $700-900 million over the next 4 years. http://www.reuters.com/article/2012/11/08/idUS136757+08-Nov-2012+HUG20121108
They could have settled for about half that based on the offers the patent holder made, but they went to the mattresses, and lost big time, even though the evidence was CLEARLY in favor of the patent inventor. (He was CTO at Lycos, who owned the patent before they went tits up and sold it back to the inventor, who formed the company which sued Google.)
So, even when Google KNOWS they're infringing on a valid patent, they still fight it to the end. Why would they start settling cases in which they know they are not infringing a patent?
http://en.wikipedia.org/wiki/Stream_cipher apparently somebody has patented something related to stream ciphers in 1946 , so I assume there is prior art somewhere there..
erich@ipnav.com
"practically anyone who encrypts pages of a web sites to protect users' privacy"
but conspicuously not the U.S. Govt.
Some see the vessel as half full; others see it as half-empty; We pour it out on the floor and laugh
I don't see why patent troll lawyers shouldn't be set ablaze for free.
They're suing within the statute of limitations for infringement that happened before the patent expired.
Double-tap to the forehead, then exfil with the tango wrapped in a carpet. In unmarked ocean, give him a burial at sea.
This guy probably has a legitimate patent on handshaking that has the capacity to switch encryption keys. However, he's generating massive collateral damage in exchange for his personal profit, at the expense of industry.
That in itself is not an efficient solution, and means he's essentially taking from each of us each time he unnecessarily raises costs...
Which brings me back to the SEALs. Hoo-rah!
This nutjob has not change in hell he will win in our courts even though +500.000 of our users are U.S. based.
Damn, I love the EU. Truly the land of the free*.
*excluding guns, hard drugs,...
Erich Spangenberg embodies everything Apple stands for! Countless lawsuits for pure profit. Will they offer him a job?
Only thing from Shakespeare I remember LOL.
The problem is that in the US, you (or a corporation) can't take a patent owner to court (seeking to overturn his patent) unless you/the corporation have "standing" -- ie, an infringement suit has been filed against you. And the patent's owner can drop the suit against you at any time up to the final moment the judge rules it invalid (preventing the troll from suing YOU again, but not others). I might be wrong, but I believe that in China, it *is* possible for a coalition of likely victims to gang up on the patent's owner & sue to get it overturned.
In the US, you CAN seek "re-examination", but it's expensive, the odds are overwhelmingly stacked against you, and (afaik), the only thing "winning" gets for you is immunity from treble damages if you act upon your victory, get sued for infringement anyway, and they prevail.
The huge bug in the US patent system is that patents are presumed valid unless overturned in court, but courts operate on the assumption that patents wouldn't have been granted without merit, and there have been plenty of instances (particularly the late 90s/early 00s) when overwhelmed examiners approved questionable patents on the theory that the courts could sort out their mess later.
The problem is compounded by American patent law's willingness to grant total blocking power to even the most incidental case of infringement. IE, if I hold the first patent on some primitive implementation that barely even works (if it works at all), and you *profoundly* improve upon it and make it viable, I can still block you from using it because my patent covers something more fundamental. I'm pretty sure that in China, there's a statutory process for compulsory licensing where someone who has the profoundly-improved patent could file the paperwork, then tell the owner of patent #1, "Shut up, take your fair share of the money, and file a lawsuit if you think you deserve more."
In the US, patent owners have too much power to prevent their patent's use by others at *any* cost, sane or otherwise.
There's no legal process to say, "Yes, I agree his patent is valid, but he's an asshole/troll/sociopath and is demanding more than its fair market value relative to the whole product, or is flat-out refusing to licence it at all." So, we have cases of companies restricting patent use to force you to go with one service provider or another -- RESTRICTING innovation, forcing consumers into false dichotomies, and preventing them from being able to have ideal devices that combine the best of everything -- from Edison's hated, inferior stock tickers to TiVo-vs-Dish/DirecTV/AT&T (cablecards don't work with them, so you CAN'T buy and use your own DVR) and Apple-vs-Samsung.
... someone with far greater provenance in this matter, than you, already decided it should be free.
You're treating those businesses like sentient beings. Stop with that. A business does no more and no less than what the people in charge of the business want done. If you're a money-at-all costs scumbag, sure, that's how your business will operate. It's not a law of any sort that a business has to be run that way. And stop spreading the fiduciary-duty-to-shareholders bullshit, because it's tired and old and not true at all. Shareholders who invest in a business decide for themselves if their investment goals are aligned with those of the business. Nobody forces them to invest in a business that is not all about maximizing shareholder ROI.
A successful API design takes a mixture of software design and pedagogy.
"Tim Berners-Lee, a scientist at CERN, invented the World Wide Web (WWW) in 1989."
"The Web" was retroactively defined to allow CERN to be its inventor to help deflect the focus of the Internet being a US-only invention it let the rest of the world play on. The Internet pre-dates and is independent from "the web".
Learn to love Alaska
He is just suing to make sure the patent he worked so hard on researching and developing isn't stolen so that he can use it to develop a business around it. Oh wait, he just bought it so he could just use it to extort money from deep pockets and those that can't afford to defend themselves.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
not to stereotype but the clue to him being a douchebag is in his surname.
week after week day after day the same name styles crop up whenever trouble is happening, coincidence ?
So if there were an empty lot of that size left in Manhattan, you, as a buyer, are required by law to develop it? I know some places have rules on what you can do, but I didn't know any required that if you bought land, you then are required to add to it.
Learn to love Alaska
It don't need to be bad, just an opportunity to change things. Why not sue not big/small internet companies, but politicians, government and associated consultants, lobbyists and so on? If they can't use encrypted communication, will force the government to be truly transparent. Or abolish that kind of patents (that will be less costly for them, they can break all the international laws for chasing someone that hints that could disclose a small portion of what they really do). In either case, we win.
I'm a little confused by this.
I'm the owner of a (potentially) patient violating Galaxy phone. Could Apple go after me or only Samsung? If only Samsung, why is SSL different? If I enabled SSL on my-little-webpage.invalid then I'm enabling a feature provided by a 3rd party (Apache or Microsoft depending on the box).
Wow, I should not post when knackered.
Because it was violated before it expired..
I take the opportunity to directly blame Netscape for Firefox's memory leaks.
How soon before a "white hat" patent-holding company starts licensing patents under these conditions:
1) implementations (i.e. software implementing the patent) be licensed, not sold (to avoid "doctrine of first sale" and "patent exhaustion" issues)
and
2) that any implementations made be licensed on the conditions that
2a) they are never used for a certain set of blacklisted purposes, such as being used in the preparation of any lawsuit to prosecute a "software patent,"
and
2b) that they are never used by certain of companies or individuals, such as a specific list patent-troll companies, a specific list of their executives, and a specific list of their lawyers.
While I doubt any such "condition" would survive court challenge, it would get a lot of publicity while it was working its way through the courts.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
looks exactly like I expected it to...
targets have included Apple, Google, Intel, Dell, Hewlett-Packard, every major bank and credit card company
It would be very interesting if these companies filed some sort of class action in retaliation. Partly because it would be a rare occurrence, and partly because of the combined might that those companies could vent upon TQP.
Marconi bought all the patents from Oliver Lodge for radio, aswell as moving coil loudspeakers.
Lodge was after Telsa, but patented stuff.
SSL involves more than just usage of the RSA algorithm (and doesn't necessarily depend on that algorithm).
I'm a little confused by this.
I'm the owner of a (potentially) patient violating Galaxy phone. Could Apple go after me or only Samsung?
They could go after you. They won't, because there's nothing in it for them, but they could.
35 USC Â 271 states:
(a) Except as otherwise provided in this title, whoever without authority makes, uses, offers to sell, or sells any patented invention, within the United States or imports into the United States any patented invention during the term of the patent therefor, infringes the patent.
That said, many patent case settlements with manufacturers will have a clause barring the patent holder from going after the end users.
'I don't understand why just because [SSL is] prevalent, it should be free.' With logic like this, how could we ever run into problems. Apparently prevalence is the main benchmark of viable patents. Why didn't I realize this before? Calling a lawyer now to patent water...oh, and my genes.
This is just another in a long series of slashdot articles that have pointed out the broken nature of our patent system. What I have not seen is any serious proposals for fixing the issues beyond "throw it all out". I have to agree that making software (even software running in specific hardwire specifications) something that you cannot patent is superior to the current patenting solution. Something similar could be said about some of the pharmaceutical patenting that is going on as well (make it last "seven days" instead of "one", get to extend my patent).
What if we made patents peer reviewed by a group of high profile experts in the field in which the patent is filed. So notable software professionals would be consulted for software patents. This group would use a high bar on the "obviousness" and "prior art" test so that rewriting prior art into a different language and giving a slightly different spin would not make it past this group. The group would be paid based by on the (likely to be substantial) fees charged to the person filing the patent. This is how research articles are handled for the best scientific journals. If a patent is laughably far from being publish worthy for a reputable scientific journal, why are we letting it control millions (or billions) of dollars of commerce? Currently, we are forcing our higher courts to learn all types of arcana before they are able to kill a patent based on prior art and obviousness. Using a group of true experts (not the underpaid and overworked staff at the patent office) would do a lot to improve the situation. Patent lawyers are not a sufficient substitute.
Have gnu, will travel.
The internet is older than the web.
SSL stands for 'secure socket layer' and can be used to channel any protocol.
E.g. my eMail comes via POP 3 via SSL on port 995.
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
In some places it's legal to stone women to death for getting raped.
I'm the owner of a (potentially) patient violating Galaxy phone.
Is it an S III and the (potential) patient goatse?
"I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
No - it's a randomly changing keys, but even that's patently (excuse the pun) obvious to anyone within the encryption community. So this patent fails the obvious test as well.
The cesspool just got a check and balance.
2012 - 1989 = 21
Isn't it expired by now?
It should be free precisely because it's prevalent.
The problem is that in the US, you (or a corporation) can't take a patent owner to court (seeking to overturn his patent) unless you/the corporation have "standing" -- ie, an infringement suit has been filed against you. And the patent's owner can drop the suit against you at any time up to the final moment the judge rules it invalid (preventing the troll from suing YOU again, but not others). I might be wrong, but I believe that in China, it *is* possible for a coalition of likely victims to gang up on the patent's owner & sue to get it overturned.
No, you can file for declaratory judgment that you don't infringe a patent. I'm not certain about declaratory judgment to have the patent invalidated, though Wikipedia states that you can. All it requires is a reasonable belief that there's an imminent threat of being sued. See Wikipedia for more.
In the US, you CAN seek "re-examination", but it's expensive, the odds are overwhelmingly stacked against you, and (afaik), the only thing "winning" gets for you is immunity from treble damages if you act upon your victory, get sued for infringement anyway, and they prevail.
If the USPTO rejects a patent as part of a re-examination, that patent is no longer valid. The re-examination process is more or less just like the original application process, so the successive appeals can take a few years. It's up to the judge if they want to delay a case pending the outcome of a re-examination.
The problem is compounded by American patent law's willingness to grant total blocking power to even the most incidental case of infringement.
A judge doesn't necessarily have to grant an injunction. It might be rare for a judge to refuse to grant an injunction, but it is allowed.
There's no legal process to say, "Yes, I agree his patent is valid, but he's an asshole/troll/sociopath and is demanding more than its fair market value relative to the whole product, or is flat-out refusing to licence it at all."
That's true, but it's no different than someone selling a Ford Pinto for $50,000. If you don't like the asking price, you can still steal the car and hope that the judge and/or jury orders restitution for the actual value of the car and not the ridiculous asking price. Patent infringement cases work the same way; just because the patent owner says that the patent is worth $5 billion, the judge and/or jury don't have to agree.
When greed is rewarded by the government. Greed is what you get.
Tesla even gave Marconi his blessing.
' The purpose of patents is to advance science and the useful arts by providing inventors with a motive to publish the details of their inventions, so that other inventors can learn from them, and either license them or explore new possibilities."
-Then by definition there should be no "generic" patents. These patents don't actually explain how things are accomplished, they only state the end result. That does not benefit anyone.
Yes, that is indeed a thing. In Rendmond, WA, part of the city has this law in effect. A local business there that I deal with had this issue, they had a chunk of land for "future development", and had a timeline given to them by the city in which it had to be developed, or sold to someone else who would (which, of course, ended up being sold to Microsoft, who practically owns the entire city)
Another great reason for patent/copyright law reform.
If the punchline of your joke has been reduced to an abbreviation, then it's time to get a new joke.
OMG WTF BBQ!
Actually it splits up his illicit profits between 247 "on paper only" companies so he can't be counter-sued when he overextends his claims.
I don't know what the current legal state is, but patents should be like trademarks: if you don't assert the patent for a number of years, then it should be invalidated, to prevent patent owners from pulling out these surprise patents after allowing the technology to gain market share unimpeded.
Only people living in a country where software patents are legal. This is why I'll be skipping Silicon Valley on my next round of investment hunting.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Not America Sucks; your Legal and Patent system sux. Fix it before you spoil the internetz again with boring stories...
West of the Rockies, it's known as Diffie and Best Food ;>)
Just a joke, people, just a joke.
Good. Because what we need are a LOT more lawsuits just like this one so the whole software patent fiasco finally implodes.
Software patents are fundamentally wrong for reasons we all know too well to recite here. But what is going to stop the system? Thew surest way to stop the system is to have it collapse under its own weight. Everyone always suing everyone over everything is the final place software patents will go if left unchecked. We have been saying this for a decade at least now. So why interfere with your enemy while he's busy committing suicide?
Or are you saying the patent wasn't granted in '89?
It was granted in 95
No. The patent has expired.
"many companies have already settled with TQP rather than take the case to trial, including Apple, Amazon, Dell, and Exxon Mobil."
secede already!
Two of my imaginary friends reproduced once
Yes, I think all sentences are punishment. That's why you get fined or put in prison.. for punishment.
"We refer you to the reply given in the case of Arkell v. Pressdram."