Schrems II – Invalidation of the US-EU Privacy Shield

It’s hard to believe that it’s been almost five years since the Court of Justice of the European Union (“CJEU”) decided Schrems I, invalidating the safe harbor provisions for transfer of personal data of European nationals to the United States. The safe harbor provisions were a set of data privacy principles US companies would agree to follow in order to receive personal data of EU and Swiss persons. That decision required a lot of technology agreements to be modified so they did not rely on the safe harbor provisions.

One of the reasons the safe harbor provisions were struck down was because they did not bind the US government. While US companies may agree to follow the principles, that would not stop the US government from collecting data in ways that, while legal in the US, may not be in the EU.

After Schrems I, the US and EU entered into negotiations on a new set of privacy principles that would be implemented by the US government. One result was the passage of the Judicial Redress Act that gave non-US nationals the right to sue in US courts for privacy violations, including violations by the federal government of the Privacy Act of 1974.

On July 16, 2020, the CJEU issued another opinion in the case brought by Max Schrems. In this latest opinion, the CJEU has invalidated the US-EU Privacy Shield. The Privacy Shield, while providing EU and Swiss persons with protections like those of US nationals, was found invalid because US domestic law permits the government to carry out surveillance activities that the CJEU believes are not permitted in the EU.

The decision may have impacts well beyond data transfers from the EU to the US. The rationale of the opinion would likely apply to transfers of data to countries with similar or less protective surveillance laws. If agreements with other countries, such as China, are allowed to continue, the US would have a good basis to claim that the invalidation of Privacy Shield is discriminatory and that the EU is in violation of its obligations as a WTO member.

Parties, however, remain able to utilize the Standard Contractual Clauses adopted by the European Commission. In fact, the CJEU specifically upheld the Commission Decision establishing these clauses. In doing so, though, the court stressed that the inclusion of the clauses is not enough. Companies in the US and the EU will need to implement policies and procedures to monitor compliance with, and effect enforcement of, the clauses.

Garmin’s Ransomeware Hack

I’m a runner and Garmin user. My current watch is a ForeRunner 645M. I love their devices and services. I first noticed that Garmin was having technical issues when a run wouldn’t sync with the app on my phone and their Garmin Connect website. I soon saw a number of tweets about the outage.

After a day or so, I saw speculation about a ransomware attack, and that Garmin was refusing to pay. Unfortunately, it appears the bad guys may have gotten their payday. This was a bad situation that could have been much worse. Thankfully, it appears only Garmin’s commercial fitness business was compromised. That at least shows they are compartmentalizing the affected systems from their military, aviation, and marine products.

As the situation dragged on, more users were noticing, and after a couple of days many were complaining on social media, especially Twitter. However, I was surprised to see a number of users cheering on Garmin. These users were under the impression that Garmin was refusing to pay the ransom and, instead, was rebuilding the affected databases. Many users seemed to prefer a prolonged outage to rewarding the hackers.

Unfortunately, it has been reported that Garmin paid the ransom. While this has gotten Garmin’s services up and running and without a loss of customer data, it rewards the hackers. From a public relations view of how these situations are handled, this episode certainly makes it appear that the best course of action is to avoid paying ransoms, even if it leads to downtime.

Of course, it isn’t as simple as not paying. Service providers need to have back up systems that are secured separately, updated frequently to minimize data loss, and the means to quickly move that back up data into production systems. Depending on the hack, that can be extremely difficult, and it will almost always be costly.

There are other wrinkles in the story that make this hack troubling. In particular, it looks like the hackers may already be subject to sanctions imposed by the U.S. government. That could put Garmin, or it’s third-party contractor, Arete IR, that validated the decryption keys and paid the ransom, in violation of those sanctions. It also highlights the odd incentives creates for companies like Arete IR.

These companies provide a service in the event of a ransomware hack. While that puts them in a position of benefiting from these crimes, that doesn’t bother me too much. Someone has to serve as a mutually trusted go-between. What did get my attention was the white paper Arete IR published the day after the attack started. The ransomeware was identified as WastedLocker, which some have tied to Evil Corp, a Russian group that has been under U.S. sanctions. The brief paper attempts to throw cold water on the connection, but does not do so convincingly. It read like a defensive piece written quickly to allow Arete IR and Garmin to claim they had a good faith belief that whoever was attacking Garmin with WastedLocker was not the sanctioned entity.

Do We Need More Legislation to Curb the Patent Trolls?

There is a strong push for additional patent reforms in Congress. Much of this has to do with the perceived problem of patent “trolls.” I’ve written before that patent litigation hasn’t exactly exploded over the years, though there may be a current uptick in complaints filed by NPEs. Despite the uptick, two recent evolutions in the law are making things far more difficult for the trolls.

Two recent developments make me feel the need for further legislative reform has declined. First, the IPR system has proven very effective at invalidating questionable patent claims, and Second, the Supreme Court’s recent decisions about fee shifting in litigation have created a substantial downside for plaintiffs.

First, the America Invents Act (AIA) was passed in September 2011, and most of its provisions went into effect over the next 18 months. We are just now seeing the impact of this legislation. One powerful new tool that is helping those accused of infringement is the Inter Partes Review or IPR. Like the older reexamination procedures, IPR allows a challenge to an issued patent in the USPTO. However, with the creation of the Patent Trials and Appeals Board (PTAB), a group of skilled administrative judges has been provided to review these proceedings.

In an IPR, the challenger files a Petition citing prior art they believe invalidates the claims of the patent. The fees are steep to file these challenges, but can be spread out over a group of petitioners joining a single petition. Even if filed by a single petitioner, the filing fees of an IPR will be substantially less than the cost of litigating the patent.

The challenger must file the petition within one year of being served with an infringement complaint. While not a sure thing that the petition will be granted, nearly 80% have been so far. Once a petition is granted, the PTAB has one-year (extendable by six months for good cause) to issue a final order. This is an incredibly fast timeline so petitioners need to be sure they are ready to proceed. Of those cases proceeding to a final order, 95% of the previously issued claims have been cancelled.

While the opportunity to cancel asserted claims in the USPTO is a great option for an accused infringer, it also serves as a shield in litigation. District courts have been very open to staying infringement litigation pending an outcome of IPR proceedings. Numerous cases have been stayed pending IPR proceedings. The cost savings to the client will be substantial, and there is a strong likelihood that the patent claims will be invalidated. In fact, in may stays, the defendant didn’t even file the IPR, so they are not even paying for those proceedings if someone else has.

IPRs are proving to be a viable mechanism for destroying bad patents.

Second, the Supreme Court recently issued opinions in Octane Fitness and Highmark. These two decisions will make is substantially easier for a prevailing party to obtain attorney fees and costs from the other side. Previously, the Federal Circuit had used a very strict test for such awards. The effects are already being felt as cases are being sent back to the Federal Circuit and the district courts to make determinations about attorney’s fees.

I don’t think IPRs and changes to the common law rules of fee shifting alone will remove the entire problem posed by trolls. However, anything that does will also adversely impact small companies, start-ups and other patent owners. We may be at a good balancing point, but the only way to know is to wait and see how this plays out. Further legislative changes would be premature. It could be that the current uptick in patent troll litigation is the reaction of a distressed business model.

 

A Myriad of Issues in Gene Patents

This June the Supreme Court issued it’s opinion in Myriad. In a Solomonish move, the Court split the baby of biotech. Here, all nine members of the Court chose to cleave at a point between isolated DNA being ineligible subject matter on the one hand, and complimentary DNA (cDNA) being eligible on the other.

Without belaboring the point too much, isolated DNA is just that: a portion of a DNA molecule isolated from its natural environment in a cell. Generally, this is a very specific portion of the genome encoding a particular gene or genes. DNA, however, includes long portions that don’t code for proteins. These segments may be removed to yield a modified DNA strand that only has the active, coding portions of molecule. This “refined” version is cDNA and exists nowhere in nature.

In effect, the Court put levels of human manipulation on a spectrum and drew a line, albeit a bit fuzzy, that separates patent eligible DNA based inventions from those that are not. According to the Court, isolating DNA is not enough of a transformation to be patentable, but removal of introns to yield cDNA is. The problem is that “isolated” DNA doesn’t exist in nature either. Further, the requirement of a specific utility for the DNA sequence claimed already limits the scope of inventions to those isolated sequences with a known usefulness.

An Alternative Approach

The line drawn between isolated DNA and cDNA is an arbitrary one that, while allowing more uses of the genes for basic research, arguably still protects the most valuable components of genetic tests. I believe Section 101 is a very broad declaration of patent eligibility and limiting it in an arbitrary way is not helpful. Stronger application of obviousness to prevent the patenting of known elements would improve things without creating an unpredictable regime with little basis in the statute.

Bowman v. Monsanto: Planting of Patented Seeds to Make a Second Generation of Seeds Infringes RoundUp Ready Patents

On Monday, the Supreme Court decided Bowman v. Monsanto and held that a farmer monsanto-logowho purchases patented seeds from a grain elevator and then plants those seeds and harvests the crop, infringes the patent. Previous cases had held farmers liable for holding over a portion of their crop for planting the next year, but those cases involved the violation of the license agreement the farmer must sign when purchasing the licensed seeds. In this case, the farmer purchased the seeds from a grain elevator with no contractual strings attached.

The result shouldn’t be a surprise, and some people even expected a unanimous opinion, which the Supreme Court issued. The issue in the case was “patent exhaustion” and it is the principle that once a patented article is the subject of an authorized sale, the owner of the article is free to use it as they see fit or resell it to another person. Patent exhaustion, however, doesn’t allow the purchaser to make copies of the patented article.

A patent doesn’t give the patent holder the right to do anything themselves (after all, there could be other patents that cover other aspects of the same product). What a patent does give is the right to exclude others from making, using, selling, offering for sale, or importing the patented article. This is much like the deed to real property that gives the owner the right to keep trespassers off, but doesn’t actually allow the owner to do any particular activity on the land (you have to look to zoning laws and permitting agencies for that).

Patent exhaustion applies to only some of that bundle of rights that the patent holder has, namely making, selling, and offering for sale the patented article that was previously bought. A person can’t make copies of the article they bought and claim that the copies don’t infringe because of patent exhaustion. In Monsanto, Bowman claimed that planting the soybeans was really just a normal use of them and their “self reproduction” was the natural result. The Court, however, saw this process of planting and harvesting as the natural way of “making” a second generation of seeds. The beans Bowman bought from the elevator could have been resold, used for animal or human food products, or even used as a feedstock for bio-fuel.

The question that then comes up is how does a farmer ever plant patented seeds without infringing the relevant patents? The answer is actually pretty simple and has been used by Monsanto and other seed companies for decades. When purchasing seeds (which of course comes with the right to resell or use them for feed) farmers must sign a license agreement granting them the right to “make” one descendent generation by planting. That descendent generation may then be sold or used but not planted.

This really is the same outcome that would be expected in other technology areas where a purchaser can freely use or resell the product, but not replicate it. The difference here is the self replicating nature of biological organisms.

Moving to Kutak Rock

Kutak_logoI’ve been terrible about writing for this blog for the last month. A major part of that is the fact that I have changed jobs. On April 1, I started at Kutak Rock LLP, a general practice firm in Omaha. In some ways, Kutak is a more traditional law firm than my previous employer which means not as much flexibility to work from home with the dogs by my desk, but it is an entrepreneurial atmosphere and I am really excited about the opportunity to help build this practice.

The attorneys at Kutak have built an impressive IP/IT practice. We can handle any type of IP/IT related legal work from licensing to litigation for trademarks, patents, copyrights, an trade secrets. We can also handle procurement, due diligence and product clearance. My skills fit in very well with the work they do, and their platform works very well with the practice I want to build.

Believe it or not, the practice of law it is a profession I enjoy and am passionate about. Being at Kutak will help me move even deeper into the overlapping area between my passion, my skills, and a market I can serve (a la Good to Great). I’ve created a BHAG (big hairy audacious goal), and I know some really great things are going to happen over the next few years.

Now I need to get to the list of post topics that has been accumulating.

Facebook Sued for Patent Infringement – Will Their Lawyers be Sued for Malpractice Next?

Facebook has been sued by Rembrandt Social Medial, LP for patent infringement. Rembrandt Social Media doesn’t run a social media site, but was created by Rembrandt facebook_logoIP Management, LLC, with the family of the deceased inventor of the patents and the inventor’s company Aduna. According to the complaint Rembrant works “to help inventors and patent owners, who often do not have the requisite capital or expertise, enforce their rights against companies that use their inventions without paying for them.” In other words, Rembrandt is a Non-Practicing Entity – what some people call a patent troll.

Rembrandt alleges infringement of two U.S. patents: the ‘362 Patent and the ‘316 Patent. Both patents have filing dates back to 1998.  The ‘316 Patent discloses a personalized web diary that can be shared with other users. The ‘362 Patent relates to the features such as the “Like” and “Share” buttons.

Beyond the patent infringement allegations, the complaint also alleges a potential conflict of interest for the patent attorneys who prosecuted the cases. According to Rembrandt, the law firm that represented the inventor in prosecuting the patents began prosecuting applications for Facebook in 2008. The law firm then continued to represent both Facebook and Aduna until July of 2012 when the law firm terminated its relationship with Aduna.

The case probably looks worse for the law firm than it really is. The Aduna patents issued in 2003 and the law firm’s involvement was likely limited to the docketing and and paying of maintenance fees. While it can’t be determined from the complaint, the law firm may have only discovered the relationship of the subject matter in June 2012, when Facebook acquired a patent in which the ‘362 Patent was cited as prior art.

There isn’t enough information in the complaint to gauge the severity of the conflict, or if there really is one. It does, however, show the potential for “subject matter conflicts” to develop into direct conflicts among clients.

Using iOS 6’s VIP Feature to get In-To-Empty Without Getting Bogged Down

I’ve written before about using Getting Things Done, and my Weekly Review. Like a lot of people, I have trouble leaving my email alone. A lot of us seem to feel that emails must be at least read, if not responded to, on a real-time basis. This habit can destroy our productivity, and what’s worse is that we know it. Part of the problem for me is that I have a near obsessive tendency to move “in-to-empty.” This has lead me to handle email on a near real-time basis so I have the psychological satisfaction of an empty inbox.

In is empty.
In is empty.

Another reason I’ve handled email this way is my fear of missing anything, or being perceived as unresponsive to someone I should be responding to quickly. I’ve just started a technique to help me with my email addiction.

I work predominantly on Apple devices, and during my weekly review I have started utilizing a technique to let me keep up on urgent emails, while not becoming bogged down in email and destroying my productivity. Basically, I’ve been employing iOS 6’s VIP feature in email to allow me to quickly set rules, on a weekly basis, that let me focus on the most important emails during the coming week. As I review my projects, I put anyone who is associated with an urgent matter on the VIP list, at least for the coming week. If I expect a lot of back and forth with someone, I don’t want to build in the significant delay that would result from only checking my email once or twice per day. I also update the VIP list if a new and urgent project surfaces during the week.

So far, this has helped me let go of my inbox and only get in to empty once or twice per day. At the same time I’ve been able to keep up with urgent topics and projects. A similar technique can also be employed in Outlook by setting various rules, but that may be a bit more cumbersome.

I don’t know if this is something I’ll keep doing for the long term. It will depend on how time consuming it becomes versus the productivity benefit I receive. I do believe that this will at least let me train myself to focus on those emails that require immediate action, and put off those that don’t.

What workflow techniques do you use to keep out of email?

Means Plus Function Claims – Literally Equivalent

Dennis Crouch at Patently-O posted an interesting article about the drop in the percentage of patent applications that have claims utilizing means plus function language. Means plus function claims are based on 35 U.S.C § 112(f) which states:

Element in Claim for a Combination.— An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The data presented shows a drop from near 25% to roughly 7% of patent applications include a means plus function claim. This may not be surprising as these claims are viewed as somewhat arcane. However, there is good reason, in some cases, to include such claims.

misuseofliterallyIn a typical infringement analysis, the first determination is whether or not an accused device or process literally infringes a claim. If not, it is possible that the accused device or process could still infringe under the doctrine of equivalents. That doctrine states that an accused device, while not literally containing an element of the claim, may still infringe the claim if an aspect of it performs substantially the same function, in substantially the same way, to achieve substantially the same result.

However, the doctrine of equivalents often is not even used because of prosecution history estoppel. This opposing doctrine means that when a claim is amended during prosecution, the patentee surrenders the claim scope, including equivalents, removed by the amendment. This means many claim elements will not be amenable to application of the doctrine of equivalents.

This result can conceivably be avoided in a claim that uses a means plus function limitation. Based on the statute above, the literal interpretation of a means plus function element includes equivalents. That means, regardless of the prosecution history, the patentee may be entitled to cover equivalents.

One strategy to exploit this includes reviewing the claims before submitting an amendment. Often, the elements being amended are at the core of the inventive concept. If you have multiple embodiments disclosed, it may make sense to add a new claim that replaces the narrowed elements with means plus function language so the patentee can still avail themself of the doctrine of equivalents for those elements.

I’d be surprised if only 7% of patent applications would benefit from such a strategy.

GTD Weekly Reviews: A Trick to Keep Myself Up-to-Date

People who work with me know I am a big fan of David Allen’s Getthing Things Done system. It’s a great way to manage all your “stuff” and in particular your work. It’s an intuitive and powerful system that uses contexts for helping you know quickly what tasks Getting_Things_Doneyou can best spend your time on.

At the core of the system is the weekly review. For me, the weekly review serves as a last check to make sure everything is captured in my system. However, like a lot of other people, I have not been perfect about doing my weekly review. I have developed a trick for keeping me honest.

I generally do my weekly review early on Thursday mornings in my home office before heading into work. This keeps distractions to a minimum and leaves me with all day Thursday and Friday to handle anything that may need to be attended to before the end of the week.

I have an old Seth Thomas mantel clock in my home office. The clock needs to be woundSeth Thomas Clock every eight days or else it stops. At the end of my weekly review, I wind the clock. The lack of the rhythmic tick-tock is conspicuous when I work in that office in the evenings or early mornings. It has become an effective reminder and adequately inflicts the requisite guilt to push me to do my review.

If the weekly review doesn’t happen, the clock stops. What’s more, it means my system isn’t working as well as it should. It’s a trick that works for me and helps keep me up to date.

I’d love to read what tricks other people employ to keep themselves honest and up-to-date with their system.