One-click becomes none-click

Amazon's 1997 patent on the 'one click' system has been successfully challenged by a New Zealander who has studied commercial law and lists 'American patents' as a hobby. Peter Calveley of Auckland discovered a prior claim. In 2005, Peter filed a challenge with the US Patent Office that has now overturned Amazon's patent. Amazon say they will appeal the decision.

SCO loses the will

An extended intellectual property/copyright dispute between SCO Group (Santa Cruz Organization) and Novell over Unix and UnixWare has resulted in SCO's defeat in court. It has now filed for Chapter 11 bankruptcy protection from its creditors, partly due to losing the copyright case but also it appears because of its failure to adapt to the open systems form of software licensing. Linux companies generally provide their operating systems software for free (or near enough), making their money from support services. SCO stuck with the older model, charging heavily for the software itself, and has paid the price in the long run.

MP3 IPR worth more than $1.5bn

A federal jury in San Diego has ordered Microsoft to pay $1.5 billion to Alcatel-Lucent in a patent dispute over MP3 audio technology used in Windows. In its verdict, the jury assessed damages based on each Windows PC sold since May 2003. The case could have broader implications, should Alcatel-Lucent pursue claims against other companies that use the widespread MP3 technology. An Alcatel-Lucent representative praised the ruling.

"Praised the ruling" hardly seems to do it justice. It's not every day your company makes $1.5bn from its IPR!

The jury decision is certainly not the end of the matter. The article in cNet News points out parallel patent disputes involving Lucent and Microsoft. With such huge sums at stake, the IP lawyers are having a field day.

More IPR links

Google Germany site hijacked

Don't forget that domain names are intellectual property and as such are vulnerable to information security issues. Google temporarily lost control of google.de earlier this week when someone, somehow, managed to get the DNS entries transferred from Google's ISP to another.

A spike in the incidence of domain hijacks made headlines three or so years ago but the numbers fell when ISPs and registrars improved the registration and transfer process controls. It is quite difficult now even for the legitimate domain owner to transfer it - one of the typical hidden costs of security.

More IPR links

Foreign spies in America

2006 Technology Collection Trends in the U.S. Defense Industry, an unclassified report released in June 2006 by the US Defense Security Service Counterintelligence Office, notes espionage incidents involving 106 foreign countries in 2005 (up from 90 the year before), a handful of which are briefly outlined in the appendix. Information systems are not surprisingly the most frequent targets for those seeking, um, information. The body of the report summarizes typical spy tactics and presents countermeasures in succinct tables like the one shown above. The same tactics and countermeasures apply whether the targets are military secrets or proprietary IP - in fact, they are often one and the same (so-called 'economic espionage').

More IPR resources

Anti-piracy FAQ

The Software & Information Industry Association (SIIA) has a handy FAQ about software piracy. Their newsletters are one way to keep up with copyright, patent and other IPR news stories - good material there for case studies and anecdotes to bring management up to speed with IPR issues. Even their tagline might be a good for an awareness poster: "It's more than a copy. It's a crime."

More IPR resources

Intel - Transmeta patent dispute

Another high technology patent dispute has flared up. Transmeta accused Intel of violating some of its patents at last October. Intel has now retaliated in like fashion.

More IPR resources

Trademark spat over "i"-anything

Precis: whereas Apple holds several "i" trademarks such as "iPod" and has built a family of "i"-branded products, CISCO holds the US trademark specifically for "iPhone". Having attempted to obtain the "iPhone" trademark for themselves, Apple launched their own "iPhone" at a US trade show. CISCO responded by filing suit in a Californian court claiming trademark infringement, unfair competition, false description and injury to business reputation.

Analysis: IANAL but, prima facie, CISCO appears to have the stronger legal case being the current holder of the US trademark at issue (having purchased its original corporate owner - it is conceivable that the trademark was the only genuine asset in the deal). Apple may have believed they were sufficiently close to agreement with CISCO to just take a chance on launching the product. Alternatively, Steve Jobs may indeed have "brass balls" as stated in the News.com story. He may well be working on the basis that "there ain't no such thing as bad publicity", in other words win or lose, people will at least be aware that Apple has a new product. Maybe he thinks going poublic will force the negotiations to a close in order for both parties to avoid expensive legal action? CISCO does not have an entirely clear run though due to Apple already having a family of other "i" products. Other companies have also released iPhones, apparently without CISCO's approval.

More IPR links

New DVD copy protection scheme hacked

A scene reminiscent of the satellite TV crypto wars is emerging with Advanced Access Copy System (AACS), a new copy protection scheme designed to control the playing and copying of protected DVD/video content. A hacker claims to have broken AACS, the protection technology used by both the competing standards HD-DVD and Blu-ray. Blu-ray apparently has the capability to encode alternative protection mechanisms on the DVDs themselves which mitigates the risk a little but if the hacker's claims are true, HD-DVD is already in deep trouble.

Breaking/bypassing copy protection mechanisms to steal protected copyright content is clearly unethical and most likely illegal under copyright law and DMCA but, if the satellite TV situation is anything to go by, there is a substantial underground market both for pirated movies and for the cracking devices. Perhaps it's time for the movie studios and music business to disarm the pirates not (just) by technical wizardry but (also) by reducing the retail prices of the legitimate goods?

More IPR resources

Deep-linking not 'fair use'

Granting a preliminary injunction, a Texan judge has declared it unlawful to hyperlink to an audio webcast against the wishes of the copyright owner. Robert Davis, operator of Supercrosslive.com, had been deep-linking to live streaming audio of motorcycle racing events, bypassing the sponsored advertising on SFX Motorsports' website. The judge said "the link Davis provides on his website is not a 'fair use' of copyright material".

More links on IPR and laws, regulations and standards

Vista license management

In advance of its release by Microsoft, some people are concerned at the license management schemes in the new Vista operating system. In particular, it is claimed that MS can hobble a Vista system that is not properly authenticated as a legitimate licensed copy, and that Vista disables certain digital interfaces when playing protected content. MS finds itself in a tight spot, balancing the rights and requirements of the copyright owners (including MS) against the rights and requirements of its customers. These are strategic issues concerning the future direction of the IT industry, given the prevalence of Windows.

More IPR links

Online banking dongle

Dongles are cryptographic hardware devices with which the PC communicates, firstly to establish that the device is present and secondly that the device is authentic. They are commonly used as copy-protection devices to unlock protected software but one vendor is selling a dongle for Internet banking. It communicates with the PC via the headset jack, rather than say USB.

More authentication and IPR resources

New awareness module on IPR

The knowledge economy depends on the exchange of proprietary information between trading partners, or between suppliers and consumers. Intellectual Property Rights (IPR) are crucially important. Without effective IPR controls, there would be few if any real barriers to the theft or plagiarism of creative ideas, inventions etc., meaning less motivation to create and share materials for fear of losing control. I, for one, would be out of a job in no time!

From a security awareness perspective, “IPR” is a rather dry concept to put across so we use more familiar terms such as copyright, patents and trademarks. Through the seminars and briefing materials in the new NoticeBored awareness module, we explain the link between IPR, copyright and software licensing and briefly describe other important IPR controls inclding DRM and contracts.

January's newsletter provides an analysis of the risks associated with IPR. Sign up for your free copy.

Please bear in mind that we do not dispense legal advice. IPR is one of those areas where it pays to take advice from qualified professionals familiar with the ins-and-outs of copyright, patent, trademark and contract law, especially if your business operates in more than one country.

IPR links collection here

Your pig, my name

Isn't the World Wide Web Wabsolutely Wonderful? In the course of researching DMCA, DRM, copyright, patents and trademarks for the next NoticeBored awareness module on IPR, I chanced across this bizarre story of a Danish artist who is providing "free" pigs and goats to Ugandan villagers in exchange for them adopting his surname. It's only a click or two away from genuine research materials ...

Links to further IPR and perhaps piggy resources will follow, next month.

Security awareness for outsource partners

A security manager outlines the security issues he is tackling during a tour of various offshore partners in parts of the world where intellectual property rights don't necessarily mean quite what they do at home. He describes doing an hour's security awareness presentation , starting with an explanation of intellectual property by analogy to the [secret] recipe for chocolate chip cookies. Fair enough but I'm left with the impression that his well-meaning pep-talk will be forgotten as soon as he leaves the premises. Do they even eat chocolate chip cookies there, I wonder?
The article hints at the issues involved in generating security awareness amongst culturally diverse populations, something that we are constantly reminded of in our own security awareness products. On the trivial end of the scale, we sometimes let the odd English spelling or phrase slip into our US-biased writing and very occasionally someone feels compelled to tick us off about it (now that's a culturally charged phrase!). At the other extreme, we are struggling to make any headway whatsoever into the Middle and Far Eastern markets and I suspect the problem goes much deeper than the language of our materials. It is entirely possible that "security" means different things in different cultures, despite being generally accepted as a fundamental human/animal concept.
The Japanese lead the world in BS 7799-2/ISO 27001 certificates so information security is clearly important to them but I can't recall offhand a single sales inquiry from Japan. If anyone can tell me how the Japanese tackle security awareness, I'd love to know and to learn more.
Read our security awareness white paper and find more links on intellectual property protection

RFC3751 Omniscience Protocol

I can't believe I missed this one - an RFC proposing a new Internet Protocol, published on April 1st 2004. RFC3751: Omniscience Protocol defines "a set of requirements for a new protocol to be used by prosecutors to determine a person's intent, thus reducing the need to dilute the historical legal requirement to show intent and by groups such as the MPAA and RIAA to be sure they are dealing with lawbreakers and not 60 year old non computer users." The main purpose of Omniscience Protocol as described is to control copyright infringement although plagiarism by students is also mentioned. The security requirements in section 3 present something of a challenge with current technology, let alone the functionality required in section 2.2 to determine the user's intent.
More copyright links

Economic espionage, a clear and present danger

The latest CSO ezine contains an eye-opening assessment of the risk of 'economic espionage' (a.k.a. industrial espionage or intellectual property theft). Secrets Stolen, Fortunes Lost recounts several case studies and makes the point that traditional security measures are no longer effective in today's e-everything world. Information security threats require different controls, and in turn this requires senior management to update their attitudes towards securing the company's crown jewels. Simply acknowledging the value of their proprietary and personal information would be a good start, let alone recognising the vulnerabilities and impacts of information security breaches.
More IPR resources

Faking an entire company

An amazing piece in the International Herald Tribune covers the discovery of a counterfeit operation that faked NEC - not just a few NEC goods, this was a parallel manufacturing and marketing outfit living off the back of the genuine NEC. "Evidence seized in raids on 18 factories and warehouses in China and Taiwan over the past year showed that the counterfeiters had set up what amounted to a parallel NEC brand with links to a network of more than 50 electronics factories in China, Hong Kong and Taiwan." This takes theft of intellectual property to a new level.
More intellectual property links

When a hobby gets out of hand?

I trust the owner of this home CD/DVD duplication facility is familiar with copyright law.
More IPR resources

Plagiarism alleged in (ICS)2 book

(ISC)2, the organization responsible for the well-known CISSP information security qualification, has allegedly published copyrighted materials in the Official CISSP Study Guide, apparently without the explicit prior permission of the copyright holders and without acknowledging its sources. The public embarrassment and reputational damage this kind of situation can create is a seldom recognized impact of Intellectual Property Rights (IPR) incidents, regardless of the truth of the matter. The material in question appears to have been sourced from information on public websites and research papers, and the copyright owners may even approve of its use in this manner, but the outcry is hardly helpful for a security organization’s image.
More IPR resources

BBC DJs 'unaware of copy law'

It appears that some BBC DJs are illegally copying and using digital copies of music despite a new music licensing scheme in the UK, and of course the Copyright Act. The BBC news story fails to mention how many non-BBC DJs are also breaking the law in this fashion but judging by the number of remote control joggers I see on the streets, it must be quite a few.
More Intellectual Property Rights links

Amazon pays $40m in patent dispute

If anyone still doubts the economic value of intellectual property, Amazon 's out-of-court settlement of a $40m claim by a patent holder should be a salutary lesson. The patents relate to Internet shopping processes used by Amazon ... and Gap ... and presumably many other eCommerce-enabled companies. Amazon has deeper pockets than most but the writing is on the wall for those who flagrantly ignore patent infringements.
More intellectual property resources