| | | | | |
Douglas Panzer
December 6, 2013

Overwhelming Support for House Anti-Patent Troll Bill

The US House of Representatives yesterday passed a proposed patent litigation reform bill aimed at making it much more difficult for non-practicing entities or “patent trolls” to bring patent infringement suits.  The bill passed with major bipartisan support in a 325 to 91 vote.  This bill, introduced by Representative Bob Goodlatte, sets new standards for suits by NPE’s, including such highlights:

  • Significant increases in the pleading specificity requirements for patent suits
  • Disclosure of the ultimate beneficiary of any damage award or settlement
  • New double-patenting rules
  • Judicially limited early discovery
  • Early determination of patent validity

The passage of this bill, referred to as The Innovation Act, is sure to be followed quickly by introduction in the Senate of a sister bill sponsored by Representative Patrick Leahy, one of the sponsors of the American Invents Act, which introduced the most sweeping patent legislation reforms in decades last year.

The Innovation Act is sure to continue the dialogue/debate regarding patent infringement suits brought by those not commercializing the patented subject matter.  On one extreme the argument will be raised that shell companies sweeping up dozens or even thousands of patents solely for the purpose of litigating them for profit is stifling of innovation, in contravention to the Constitution and the Patent Act.  On the other extreme we’ll find the argument that in this age of costly, complex and time-intensive litigation, such enforcement represents the only real means for individual or small company inventors to protect their inventions and in turn spur further innovation.  In true Goldilocks fashion, the answer likely lies somewhere in between.  Whether the Innovation Act becomes law and whether it finds the happy medium is one step closer to determination.

New York Times report: http://www.nytimes.com/2013/12/06/business/house-bill-raises-bar-for-suits-over-patents.html?emc=edit_tnt_20131206&tntemail0=y&_r=0

August 12, 2013

The Trouble With Executive Overrides of ITC Exclusion Orders (Samsung v. Apple)

Posted By Douglas Panzer @ 1:52 pm
Filed under: ITC 337 Actions,Litigation,Patents,Technology Law

Ambassador Michael Froman – the U.S. trade representative – and the Obama administration created much buzz last week by overturning a June decision from the U.S. International Trade Commission (ITC) that would have prevented Apple from importing the iPhone 4 and certain iPads into the United States. The executive decision brings to a swirling head numerous troubling issues in the cross-governmental-branch battle instigated by Samsung and Apple in their ongoing strategic legal battle for mobile device market supremacy in the U.S.

Have Apple, Samsung, the ITC and the executive branch finally pried the lid off Pandora’s Box or have they tactfully attempted to close it?

What is the ITC and why is Samsung v. Apple There?

The ITC is a “quasi-judicial” agency of the federal government tasked by Congress with numerous responsibilities and granted various powers to enforce and advise upon international trade issues affecting U.S. markets. Among its responsibilities, the ITC is tasked under its “Section 337″ (19 USC §1337) for protecting U.S. markets from harm brought about by imports of goods that, among other fouls, infringe U.S. intellectual property rights, including patents.

In recent years, numerous patent holders have chosen to bring cases of alleged patent infringement to the ITC seeking issuance of an “exclusion order” relating to the accused imports.  If granted, an exclusion order instructs U.S. Customs to seize the identified goods at the U.S. border and preclude them from entering the country.  In effect this achieves the same outcome as a complete victory in more typical patent litigation. However, such an outcome through patent litigation typically involves several years of litigation, millions of dollars in legal fees, extended, costly discovery and – since the 2006 case of eBay v. Mercexchange – hard-to-come-by injunctive relief granted by the court.

Litigants view the ITC as a faster, less expensive means of achieving this powerful position, with the added bonus that exclusion orders are enforced by the federal government as opposed to enforcement of a judicially issued injunction, which if granted in the first place and then violated, requires the party to return to court to seek enforcement.

Clearly Samsung felt an ITC action was the better strategic choice in its attempt to assert its U.S. patents to block Apple’s sales in the U.S. But Samsung had to know, even in victory, that an executive override was a possible result. Did Samsung calculate and assume the risk?

Executive Override Power of ITC Orders

Under 19 USC   §1337, ITC exclusion orders are subject to review and “disapproval” by the executive branch.  After issuance of the order, the President or his delegate (currently the U.S. Trade Representative) has sixty days to override the order, generally based on public policy concerns of harm to a domestic industry. However, such disapproval is exceedingly rare.  In the history of the ITC, the executive branch had disapproved of only five exclusion orders prior to this weekend’s disapproval and had not done so since 1987.

  • Presidential Determination of April 22, 1978, 43 Fed. Reg. 177898 (April 22, 1978) (disapproval of Inv. No. 337-TA-20);
  • Presidential Disapproval of Determination of the U.S. International Trade Commission in Investigation No. 337-TA-82, 46 Fed. Reg. 32361-01 (June 22, 1981);
  • Determination of the U.S. International Trade Commission in Investigation No. 337-TA-99, Certain Molded-In Sandwich Panel Inserts and Methods for Their Installation, 47 Fed. Reg. 29919-02 (July 9, 1982);
  • Determination of the President Regarding Certain Alkaline Batteries, 50 Fed. Reg. 1655-01 (Jan. 11, 1985) (disapproval of Inv. No. 337-TA-165);
  • Presidential Disapproval of a Section 337 Determination, 52 Fed. Reg. 46011-02 (Dec. 3, 1987) (disapproval of Inv. No. 337-TA-242).

Did Samsung simply see the benefits of quick resolution, government enforcement and exceedingly rare Presidential override as a risk worth taking? It certainly seems that way.  But one further fact, identified or not, has to sting Samsung greatly – executive disapproval of a Section 337 exclusion order is  not appealable. After a complete victory at the ITC, Samsung has lost its case.

Why Did the Obama Administration Step In?

Did the Obama administration simply bow to corporate lobby pressures from Cupertino or is something more calculated at the heart of this rare exercise of executive oversight? As a basis for his disapproval, Ambassador Froman cited exertion of “undue influence” from patent rights. At first blush this is counter to the exercise of patent rights and free markets. After all, a patent is not just a legal, government-approved limited monopoly for the patented invention; it’s one that originates in the text of the Constitution itself. The purpose of patents is to exert the influence that comes as a reward for inventiveness in order to benefit the inventor and encourage further invention. Critics will urge us to quickly accept that this is a protectionist action of an executive branch under the undue influence of big business financial power. But a larger scheme may be in motion here.

In recent months the Obama administration has been very vocal about patent reform. From patent trolls to forum shopping, the administration has expressed several standpoints on the patent litigation landscape that are largely, agreeably beneficial regardless of political bent, financial position, etc. The latter of these – forum shopping – may be at play.

Statistics overwhelmingly show, regardless of corporate domicile or factual nexus, the filing of patent actions in federal district courts in the District of Delaware based on its speed and patent expertise, and the Eastern District of Texas based on its staggering willingness to rule for patent plaintiffs. Patent plaintiffs have also shown a major trend toward patent enforcement through the ITC for the reasons discussed above. But along with increased speed and reduced expense, this act of forum shopping into the ITC also stems from avoidance of the heightened burden required for acquisition of injuctive relief in judicial patent actions after the Supreme Court’s 2006 holding in  eBay Inc. v. MercExchange, L.L.C., 547 U.S. 388 (2006).

As quoted in Ambassador Froman’s disapproval letter, the legislative history of Section 337 guides the President to consider the effect of an exclusion order on “competitive conditions in the U.S. economy.” The Obama administration has simply seized upon the Samsung v. Apple case, not so much for its particular merits, but more as a good vehicle for tamping down heightened litigation risk for companies contributing to the U.S. economy. By disapproving the Apple exclusion order, the Obama administration waters down incentive for litigants to forum shop into the ITC where they may seek the equivalent of injunctive relief without meeting the 4-point burden for injunctions extended to patent cases under  eBay. As a corollary, the rejection of the exclusion order reduces the costs of managing litigation risk for potential defendants as they will be less likely to face conflicting bodies of rules depending upon the forum in which they are accused.

Evidence of this goal is apparent in the disapproval letter itself, in which Ambassador Froman summarizes:

My decision to disapprove this determination does not mean that the patent owner in this case is not entitled to a remedy. On the contrary, the patent owner may continue to pursue its rights through the courts.

The message, though obscured by the commotion of feverish discussion around it, could not be more clear. The Obama administration has fired the first shot – and a loud one – in its battle for patent litigation reform and it is aimed squarely at quelling litigation forum shopping.

June 4, 2013

Should General Counsel Audit Sales Promises vs. Technical Requirements?

The consulting company’s “sales guys” do a great job of bringing in the client, promising efficiency from a quickly implemented, not-overly-complex integration of out-of-the-box-technology. Management is thrilled to win the contract. The tech folks are intrigued by the prospect of curing a big client’s business pains. And then reality hits. The technology architects have to square their real-world solution and the consulting costs of its implementation with the sales team’s promises regarding time, price and disruptive effect (or lack thereof). As both a technology attorney and a former software/web developer I’ve seen it a hundred times and – to turn a phrase – sixty percent of the time it’s a mismatch every time.

This appears to be precisely the situation in the recently settled suit between Lehigh Valley chemical manufacturer Avantor and IBM, in which Avantor’s business was, per their federal district court complaint (PACER login req’d.), crippled by the mismatch between IBM’s sales promises and their allegedly amateurish and unsuitable implementation.

Tech consultancy general counsels need to involve themselves in these situations from the inception to assure sales teams have adequately consulted technology resources prior to the sale and that technology and business leaders have properly understood and prepared to deliver their contractual obligations to the client.

IBM was said to be “surprised” by the suit. While this is likely PR speak, it should also be a red flag. While it is likely inappropriate for in-house counsel to insert its judgment into the process of each sale, GC’s need to educate their organizations to measure and accurately quantify/qualify their promises to clients. Whether this involves establishing technology/business/sales team collaboration processes or even direct involvement from legal is a question for the organization. However, general counsel cannot remove itself from the establishment of such procedures. In order to manage litigation risk, consulting companies’ general counsel should establish review, collaboration and/or audit procedures to appropriately match contractual promises to technical capabilities Anything less leaves litigation risk management to chance.

April 22, 2013

Dear General Counsel, Is Your Customer-Facing Website Storing Plain Text Login Credentials? (Part 1)

Your business relies on its website to provide information and service to customers and to increase the business’s own efficiency. What happens when that efficiency is stymied by a customer’s “senior moment”…the all-too-common forgotten password? If the answer is a reminder email to the customer containing his or her username and password in plain text, you may want to notify your insurance carrier and replenish your litigation counsel retainer.

Now, I’m not saying the practice of emailing usernames and passwords is a slamdunk path to civil or criminal liability. However, the risks associated with such a practice may be greater than you know and are undoubtedly greater than your business should be willing to subject itself. Perhaps customers manage their contact information or email subscriptions online. Perhaps you provide true e-commerce and store credit card information. In providing their information, your customers rely on your business to provide reasonable safeguards for the personal information you store about them and your business has a duty – in the truest legal sense of the word – to do so.

E-Mail: Just One Link in Your Non-Secure Communication Chain

Did you know that email is not a secure means of communication? It’s true. Of course, many readers will already know that the vast majority of email messages traverse the Internet as unencrypted messages; binary strings simply transmitted from sender to recipient without any form of obfuscation. Some small comfort may be found in knowing that the email programs used to send and receive these messages require usernames and passwords, but this does not remove the fact that the messages themselves, if intercepted, require no translation or decryption to reveal their full contents. If the message is intercepted, any private information contained therein is visible for all to read. But even the ability of your business to send plain text login credentials signals larger technical shortcomings.

Plain Text Means Something is Plain Wrong in the System Architecture

In order for a customer support system or representative to be able to retrieve a username/password combination and send it to the user, one of two scenarios must be at play: Either a) your tech folks are storing the information in your company’s database as plain text; or b) the login information, though stored encrypted, uses reversible encryption. In either case, your business is not using tech security best practices and arguably you are failing in your duty to safeguard private customer information. Heck, that practice doesn’t even comport with common state privacy laws’ definition of encryption.

Massachusetts statute 201 CMR 17.00 (that state’s data privacy law), for example, defines “Encrypted” as “the transformation of data into a form in which meaning cannot be assigned without the use of a confidential process or key.” If your company’s customer-facing system can decrypt stored user credentials, there is at least one software developer who has seen the key or process while coding it. If your company’s email system can then send that decrypted information over standard email, there is likely at least one system administrator who can see those sent emails on your system. We’re up to two people who shouldn’t have access…shall I continue? What if – please don’t be the one reader whose company does this – your CSR’s can look up usernames and passwords in order to communicate them to customers? What’s the number now? By the letter of the law (at least Massachusetts’ law…which, by the way, is nearly identical to many others) your process may not even represent encryption at all since the process or key is arguably no longer confidential.

Do a Legal Review and Work With IT to Craft a Policy

In order to minimize the risk of data loss by and resulting negligence claims against the organization, it is incumbent upon counsel to apprise themselves of the practices used by their company with regard to login credential storage, encryption, communication and reset procedures. Find out what your tech people are doing now and work with them to craft a written policy for the future. Then, be sure to follow up at regular intervals to ensure compliance with the policy. Anything less may be less than due care.

Next Time: Is plain text credential storage criminal?


* indicates required