Patent Trolls getting bolder

[chris_meier]

Is some part of your website using the RC4 encryption cypher? Once TQP Development are done shaking down the big boys they may well end up targeting small, individual sites for some royalties

An unknown company's four-year campaign to sue hundreds of companies for offering encryption on their websites shows no signs of abating, with Intel, Yelp, and MovieTickets.com being targeted in the past month, court records show.

The patent infringement complaints, which have also named Google, Apple, eBay, and Expedia, claim that Marshall, Texas-based TQP Development is entitled to royalties for the companies' use of the secure sockets layer and transport layer security protocols. Together, SSL and TLS form the basis for virtually all encryption used to authenticate websites and to encrypt data traveling between them and end users. The lawsuits assert US Patent No. 5,412,730, which is titled "Encrypted data transmission system employing means for randomly altering the encryption keys."

They have already sued hundreds of companies since 2008, and just keep adding more names to their list. Apple and a few others reached confidential settlements. It should be noted that TQP Development fit the profile of Patent Troll perfectly - they're a non-practising entity. They are not developing anything using this patent, or rather they have not developed anything using this patent - the patent expired in May this year, but they have a "look-back" period of 6-years on which they can assert the patent. For more details on the suit, and details of companies previously identified, go here.

A complaint filed on Friday against Intel, Wind River Systems, and Hertz Corporation calls out the use of the RC4 encryption cipher in combination of the SSL or TLS protocols. Over the past 14 months, Google, Twitter, and a variety of other companies sued by TQP have begun favoring the use of RC4 because it is immune to a recently unveiled attack that can silently decrypt encrypted data that's passing between a Web server and an end-user browser. Unlike AES and many alternative algorithms, RC4 doesn't rely on cipher block chaining, an encryption mode that's exploited in the so-called BEAST attacks.

"If there is some kind of attack that is known and there is some kind of vulnerability to the alternative ciphers, that would make them perhaps completely unsuitable for continued commercial use," Denaro, who recently blogged about the patent infringement cases here, said. "That would be a good argument to suggest that there really are no practical alternatives to RC4 and that would increase the value of the patents going forward once that vulnerability becomes known."

A comment from the article which raises an interesting point:

If this is upheld (and I really hope it isn't), can this company and all people associated with it be sued and held personally responsible for any flaws in their method that lead to security breaches? After all, if they're going to claim benefit they should be responsible for issues.

Elsewhere you had a jury find that Google, and other parties, had infringed on old Lycos (remember them?) patents, with Google having to pay $15.9 million to Vringo, the company that now owns the patents:

Aside from patents, there isn't much to Vringo's business. That's why its stock price has been so reactive to court developments. It has a "video ringtone" operation with thousands of customers, mostly abroad. That has seen little success, though, and Vringo has hemorrhaged cash for years. In a last-ditch shot at success, Vringo bought two patents, Nos. 6,314,420 and 6,775,664, that originated at Lycos, an early search competitor. It set those patents up in a shell company called I/P Engine and sued Google last year.

Vringo must be more than a little disappointed - they were after $493 million. The jury also awarded them ongoing royalties, but it remains to be seen whether the judge in the case will agree with this.

However, Vringo is now in a position to go after other websites that use Google advertisements.

Cisco is taking a novel approach:

Cisco Systems Inc. has unveiled a new strategy for dealing with so-called patent trolls: accuse them of breaking the law.

The networking-equipment maker has captured the attention of patent experts and lawyers across the country by filing strongly worded legal claims against two companies that buy up patents and seek to make money from them through licensing and litigation.

Cisco's attempt to turn the tables on those companies, more formally known as "non-practicing entities," comes as Congress and the federal courts have largely failed to stem a wave of patent lawsuits that has roiled the technology industry.

Cisco's suit against Chicago-based Innovatio IP Ventures LLC targets a tactic that some NPEs have employed in recent years. Rather than allege that a big technology company has infringed one or more of their patents, Innovatio and other NPEs have gone after the tech company's customers.

Cisco, which is based in San Jose, Calif., and co-plaintiffs Netgear Inc. and Motorola Solutions Inc., claim that Innovatio has sent 8,000 "threatening" letters to coffee chains, hotels and other retailers using Wi-Fi equipment that includes the three companies' technologies.

Innovatio's tactics, Cisco argues in its lawsuit, are "misleading, fraudulent and unlawful." It says they effectively amount to an extortion scheme, and therefore violate federal antiracketeering laws.

[....]

"A win by Cisco isn't necessarily going to stop the NPE industry in its tracks," said Ann Fort, a defense lawyer in Atlanta who isn't involved in the cases. "But it could halt some of the tactics used by NPEs, like going after companies' customers."

Why are they targeting customers?

Some of the more recent suits target technology companies' customers. Patent experts say that approach is aimed at extracting dozens or hundreds of smaller settlements from companies that may lack the legal firepower to fight back.

"If Innovatio sues Cisco, Cisco knows how to handle its defense," said Colleen Chien, a law professor at Santa Clara University and a patent-law expert. "But if you're a coffee shop or hotel and aren't in the business of making Wi-Fi equipment, you're more likely going to settle" to avoid a lawsuit.

A response which highlights just one of the many problems with patent law as it currently stands

Innovatio argues that its tactics are completely legal: federal law lets a patent holder bring infringement claims against anyone who makes, sells, or uses a patent without permission.

 

[JStrike]

Good. Lodsys has been doing the same for 2 years now, targeting small developers