The Public Privacy

Tag: Microsoft

Foolish patents or the inventive step of idiocy

January 12, 2016 / / 0 Comments

It is very frustrating that the rationale of a legal mechanism such as patents, intended to enable inventors to recover from their creative efforts, the investment of time and of financial resources that they have put into the development  of new and non-obvious inventions, and therefore promote innovation, has been subverted for the monetary compensations it entails when infringement occurs.

Patents confer an exclusive right upon their owner, enabling him to exclude others from making, using, importing, and selling the patented innovation for a limited period of time and making the practice of those acts by third parties dependent of an authorization of the patent owner, i.e., a license.

In this context, patents are intrinsically linked to competition. A particular concern is to not attribute such an exclusive right to creations that do not amount to an invention, i.e., based upon a basic or common function which does not contain any inventive step considering the prior art. Indeed, patenting something that is elementarily required to produce a given functionality would amount to conferring to the right owner a monopoly that would prevent any further competition and, consequently, future innovation.

In the computer software context, considering that most patents are conferred for very restricted elements of a given product, a particular danger is the development of patent thickets, which can be described as a web of interdependent and overlapping IP rights which require new inventions to depend upon licensing from different patent owners. This is so because it is possible to own a patent on an element crucial for the proper functioning of other parts of a software product.

Understandably, patent trolls can find here the greatest of motivations.

It is important to distinguish, in this context, design patents and utility patens, with which most of us are more familiar with.

Utility patents are meant for new, non-obvious and, as their name might have you guessing, useful inventions, having into consideration the specific functionality of the product.

By contrast, design patents address new, non-obvious, non-functional, aesthetic or ornamental aspects of products, provided that the design is not exclusively mandated by the function of the product. In practice, this amounts to demonstrate that alternative designs enabling the same function exist. Therefore, these patents are often associated with the ‘look and feel’ of the product.

As with any other patent, the exclusive right conferred by design-patents aim to prevent competitors from copying another company’s products designs. Hence, these patents assume particular importance when a product presents key features which enable consumers to immediately associate a design with a particular brand.

Design patents have been particularly popular in the field of computer software, namely in regards of the user experience and user-interfaces. From what I have had the chance to learn last trimester in the respective module of the post-grad program I am currently undertaking, I would risk saying that computer software patents do not really need any more complexities added to them. In fact, I am still recovering from the European Patent Office’s case law regarding what constitutes the proper technical character of an invention.

Thus said, a design patent was at stake, among other claims, in the Apple v. Samsung case regarding the ‘slide-to-unlock’ patent, describing a way to unlock a touch screen device. I still fail to comprehend how taking the general existing logic of opening gates, doors or fences and applying it to a computerized device passes the assessment of the inventive step test.

Similarly, just recently, among other allegations, Microsoft claimed that its patent over the design of a slider, which it named “User Interface for a Portion of a Display Screen” and which allows users to zoom in or out of documents, has been infringed by Corel.

Just so you get a complete idea of the claim, you can find below the design at stake:

Microsoft slider.

In its defence, it must be noted that the patent claim does not refer to a generic slide, but to the specific design of the slider and its placement in the bottom right corner of the User Interface.

Disregarding the consideration if the design at stake qualifies as new and non-obvious version of existing designs (i.e., prior art), such claim – if successful – might have serious economic repercussions for Corel as it will entitle Microsoft to all of the profits attributed to that design even if respecting a part of the product and not the entire product.

Nevertheless, the Electronic Frontier Foundation (EFF) has qualified this claim as the most stupid patent of December 2015. And despite any good will one might want to manifest in favour of Microsoft, it is indeed difficult to escape the obviousness of all this nonsense.

Microsoft or the rider on a white horse of modern times

January 19, 2015 / / 0 Comments
My hero!

My hero!

Microsoft has been challenging a USA search warrant, issued within an ongoing narcotics trafficking related investigation, seeking to access the content information of the electronic communications of one of its customers, which are stored exclusively outside the jurisdiction of the USA authorities, more specifically hosted in a data centre in Dublin, Ireland.

The abovementioned warrant would require an extraterritorial search and seizure of data stored in Microsoft’s Dublin datacenter. The very particular question at stake is if and to what extent a USA warrant compels a USA communications service provider to provide data stored abroad. What is to determine territoriality for a USA based provider with data stored abroad: the location where the data is stored or where the company is headquartered?

As any other service provider company, Microsoft stores the e-mail messages sent and received by its users and related information in datacenters, both in the USA and abroad, according to the users own location and proximity, given at registration, in order to increase the quality of the communications and decrease the network latency[1]The concept refers to the time it takes for data to get from one designated point to another..

In this specific case, considering that the content is hosted outside the EUA, it is quite possible that the customer at stake is a non-US citizen. And this makes this issue all the worse in the post-Snowden age.

In fact, this situation is not so vaguely reminiscent of the statements of Robert Hannigan, the head of the GCHQ, which qualified tech companies as ‘the command and control networks of choice’, precisely because they do not agree to cooperate on some very dubious terms. Or those of James Comey, the FBI director, a strong opponent of the growing market for secure private telecommunications, namely through data encryption technologies that companies such as Apple and Google have inserted to their Smartphone operating systems.

Needless to say that a “trapdoor” access to the tech companies networks by intelligence agencies and law enforcement authorities, in order to collect information about its users, is not a good idea. With such a free access door, there is no guarantee about who else would be able to gain access to these networks.

And it is quite hard to accept the need of such doubtful mechanisms when existing legal mechanisms do exist and allow achieving the same result. They are called warrants.

But it seems that when even when using the proper legal mechanisms, some governments fail to understand its territorial limitations in regards of competence and jurisdiction. That is certainly why a USA court assumes to have the authority to issue warrants for the search and seizure of property outside the territorial limits of the United States.

According to the Court which issued the warrant, the specific nature of an SCA[2]The Stored Communications Act, which authorizes the Government to seek the contents of information stored through a warrant, a subpoena or a court order. warrant differs from a normal warrant, compelling the service provider to gather and produce the data itself, rather than authorizing the entrance into the physical premises in order to conduct a search and seizure. In this context, it is not bound by the geographical restrictions of a search warrant and therefore no elements of extraterritoriality are at stake as Microsoft is merely required to produce information in its possession or control, regardless the location of that information.

The Court further considered that otherwise it would be sufficient for an individual intending to engage in criminal activities to give false residence information or to establish its residence abroad in order to have his account assigned to a server outside the USA and, thus, evade an SCA warrant.

There are, for what I managed to gather, substantial theoretical ambiguities regarding the interpretation and the historical drafting of the SCA. Nevertheless, there are others which are quite straightforward.

For instance, at an international level, such a unilateral initiative risks of negatively interfering with the sovereignty and jurisdiction of another country and may even damage diplomatic relations and foreign policies. The German Government has already stated that it will cease the storage of data in USA cloud providers.

There are indeed proper specific procedures established in bilateral agreements aimed at obtaining criminal evidence located in another country. Take for instance the Mutual Legal Assistance Treaty (MLAT), which is an international instrument designed to facilitate cross-border criminal investigations, concluded between Ireland and the USA. This is precisely because a USA Court Order is no more binding in Ireland as an Irish Court Order would be in the US. For this very reason, the data shouldn’t be transferred from Ireland to the USA other than through such a formal and official channel of co-operation.

However, this mechanism was deemed “slow and laborious” by the USA Court, which also outlined the possibility for one of the parties to decline the request for assistance as a negative feature. Apparently, the main issue is that the requested party may oppose “the exercise of jurisdiction which is in its view extraterritorial and objectionable”. The same Court considered that the fact that some MLAT require the execution of a search warrant to be operated in accordance with the laws of the requested party to be an issue.

Humm, quite self-explanatory, isn’t it? The intention is to access private emails of any customer of a USA based service provider disregarding where the data is located, and without the knowledge or consent of the subscriber or the relevant foreign government where the data is stored.

The interpretation according to which the search of digital data occurs where the data is remotely accessed is just a not so smart and very unfortunate attempt of bypassing the proper existing mechanisms. And it opens the door for legal uncertainty.

The search of digital data undoubtedly occurs where the data is stored when the company at stake is required to copy the data from the server. The location should dictate the competent jurisdiction. If the court has no competence to obtain through a court warrant some evidence, it cannot circumvent that limitation by compelling Microsoft to do what it has no authority to do itself.

Considering that USA-based companies can be constricted to produce documents stored anywhere worldwide – just because they are based in the USA – fails to acknowledge that different laws apply depending on the jurisdictions where the user is located. For instance, Microsoft would be compelled to breach EU data protection laws, namely the Data Protection Directive[3]Directive 95/46/EC and the Framework Decision which regulates data transfers to non-EU Member States[4]The Council Framework Decision 2008/977/JHA.

In this context, in a statement issued last November, the Article 29 WP stated as follows:

a public authority in a non-EU country should not have unrestricted direct access to the data of individuals processed under EU jurisdiction, whatever the conditions of this access and the location of the data. Conflicts of jurisdiction shall be resolved only under certain conditions–e.g. through prior authorisation by a public authority in the EU or through a mutual legal assistance treaty, respectively covering access by foreign law enforcement authorities to data transferred from the EU or to data stored in the EU. Foreign requests must not be served directly to companies under EU jurisdiction.

Moreover, allowing for the USA government such an access would create a dangerous precedent, potentially leading other countries to disregard the existing legal mechanisms to seek data stored abroad. Such an anarchy is certainly not a desirable outcome to be achieved!

Anyway, considering the company’s previous relation with the National Security Agency (NSA), I must admit this came as a surprise. After all, among the several very inconvenient and ugly truths, namely regarding the PRISM program, the documents provided by Edward Snowden revealed that Microsoft has collaborated closely with USA intelligence services in order to allow users’ communications to be intercepted, including enabling the NSA to circumvent the company’s own encryption.

This can really be the first time that a company challenges the USA government over a domestic warrant for data held overseas. In the meantime, the Irish government has already manifested its support, along with several other tech companies and consumer privacy advocates.

While this situation outlines the increasing role of private companies as the ultimate defendants our rights, it brings to the spotlight that the right of protection against illegal access, search and seizure of physical property needs to clearly apply also to the digital world. I mean, if governments are not entitled to freely conduct searches in a building located in another country, I cannot fathom any reason for considering that this power of search would be bestowed to them in regard of the content of an email stored overseas. The information located in the cloud should be covered by an equally high standard of protection and any exchange should be covered by a strict framework. Otherwise, it is the very cloud model that is put at risk and we all know that the trust of customers has been quite challenged already.

References

References
1 The concept refers to the time it takes for data to get from one designated point to another.
2 The Stored Communications Act, which authorizes the Government to seek the contents of information stored through a warrant, a subpoena or a court order.
3 Directive 95/46/EC
4 The Council Framework Decision 2008/977/JHA

© 2023 The Public Privacy

Theme by Anders NorenUp ↑