Are Juries the problem?

Our legal system actively excludes jurors with expertise from cases–we want the experts to be testifying and the jurors to be blank slates, pure reasoning machines without bias that weigh only the facts presented in court. I’m sure I’m not alone in wondering whether this is ever a good idea, but I’m particularly convinced that it’s a poor idea for technical matters. People who don’t understand the difference between copyright and trademark shouldn’t be in the jury for a copyright infringement case, and people who apparently don’t understand that public-key cryptography and secret-key cryptography have about as much in common as a gamalan performance does with Kelly Clarkson’s Breakaway shouldn’t be deciding a crypto patent case.TQP is a company whose entire business model is to buy patents and sue people they believe are infringing them. The sole owner of TQP also owns 8 other businesses that do the exact same thing. If not to make countersuits less profitable, what is the point of having 9 identical non-producing companies instead of just 1? And roughly 80% of the time–or 800 separate cases–the owner has sued an allegedly infringing company before ever contacting them in any other fashion or trying to seek a licensing deal.

The facts are these:

  • In 1969, James Ellis may or may not have invented public-key cryptography, but it was kept secret by the British government until 1997.
  • in 1975, all of the pieces needed to create public-key cryptography had been invented/discovered, and publicized.
  • In 1976, Whitfield Diffie and Martin Hellman published the paper that is the basis of modern public-key cryptography. They are generally considered the inventors of public-key cryptography, as the others were still secret.
  • Two months later, Malcolm Williamson, building on Ellis’ work, writes a paper basically outlining modern public-key cryptography, but this is again a secret government document, not publicized.
  • In 1982, the book Cryptography and Data Security, by Dorothy Denning, was published. It describes an encryption system nearly identical to the patent at the heart of this lawsuit–all the pieces are there.
  • The RC4 encryption cipher was invented by Ron Rivest at RSA Security in 1987.
  • In April 1988, a working version of Lotus Notes, with the RC4 cipher, was demonstrated for Bill Gates. Alan Eldridge is the person who incorporated the RC4 cipher into Lotus Notes. In May 1988 Lotus Notes (using RC4) was shown to the world and offered for sale.
  • Sometime prior to 1989, Telequip started selling encrypted modems. These modems used symmetric encryption, essentially the same as both the RC4 cipher and what was described in Denning’s book.
  • On October 6, 1989, Jones, the owner of Telequip, applied for a patent on using a cipher that includes a pseudo-random number generator for what we would today call VPNs.

SSL uses public-key cryptography to make it possible to securely connect computers and share a private key, and then switches over to that private key to encrypt the bulk of the communication. The system doesn’t have to use symmetric private-key cryptography, but doing so requires less computing power. And the specific symmetric cipher used can be more or less anything–RC4 is just one of the more popular ones. The system must use public-key encryption, and couldn’t exist without it.

So, the patent TQP is suing over is predated in a demonstration product (which did ship) by a year and predated in theory by 7 years. And the product they are suing against–SSL–only uses their patent incidentally, but is based on a completely different technology that predates their patent by 13, 14, or 20 years. I don’t see how the patent is valid, and even if it is valid, I don’t see how SSL is infringing.

The fact that it was the TQP lawyer who made a big point about how the core of SSL wasn’t invented in ’76, but at some earlier time, is why I think that the jurors simply weren’t technical enough.

But even more importantly: how is NewEgg infringing for using a commercial product that incorporates the RC4 cipher? Even if you accept every part of TQP’s argument–that their patent applies to implementations of RC4, that the prior art isn’t, and that RC4 is more important than the public-key cryptography that actually makes secure web connectinos possible–shouldn’t the only people TQP can sue be the folks who actually created the product that is infringing? Can I now be held liable for buying a phone that is, years later, found to infringe on a patent? Do I now have to research the inner workings of everything I buy or use, or I am responsible if it should turn out to be infringing?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s