Stupid Patent Of The Month: Veripath Patents Following Privacy Laws

from the your-privacy-is-infringing dept

What if we allowed some people to patent the law and then demand money from the rest of us just for following it?

As anyone with a basic understanding of democratic principles can see, that is a terrible idea. In a democracy, elected representatives write laws that apply to everyone, ideally, based on the public interest. We shouldn’t let private parties “own” legal principles or use technical jargon to re-cast those principles as “inventions.” 

But that’s exactly what the U.S. Patent Office has allowed two inventors, Nicholas Hall and Steven Eakin, to do. Last September, the government proclaimed that Hall and Eakin are the inventors of “Methods and Systems for User Opt-In to Data Privacy Agreements,” U.S. Patent No. 10,075,451

The owner of this patent, a company called “Veripath,” is already filing lawsuits against companies that make privacy compliance software. With Congress and many states actively engaged in debates over consumer privacy laws, Veripath might soon be using this patent to extract licensing cash from U.S. companies as well.

Privacy-For-Functionality isn’t an “Invention,” it’s a Policy Debate

Claim 1 of the ‘451 patent describes a basic data privacy agreement. An API provides personal information from a software application; then the user is asked for a “required permission” for the use of that information. There’s one add-on to the privacy deal: in exchange for the permission, the user gets access to “at least one enhanced function.”

The next several claims go on to describe minor variations on this theme. Claim 2 specifies that the “enhanced function” won’t be available to other users. Claim 3 describes the enhanced function as being fewer advertisements; Claim 4 describes offering the enhanced function in exchange for a monetary payment.

To say this “method” is well-known is a major understatement. The idea of exchanging privacy for enhanced functionality or better service is so widespread that it has been codified in law. For example, last year’s California Consumer Privacy Act (CCPA) specifically allows a business to offer “incentives” to a user to collect and sell their data. That includes “financial incentives,” or “a different price, rate, level, or quality of goods or services.” The fact that state legislators were familiar enough with these concepts to write them into law is a sign of just how ubiquitous and uninventive they are. This is not technology this is policy.

(An important aside: EFF strongly opposes pay-for-privacy, and is working to remove it from the CCPA. Pay-for-privacy undermines the law’s non-discrimination provisions, and more broadly, creates a world of privacy “haves” and “have-nots.” We’ve long sought this change to the CCPA.) 

Follow the Law, Infringe this Patent

Veripath has already sued two companies that help website owners comply with Europe’s General Data Protection Regulation, or GDPR, saying they infringe its patent. Netherlands-based Faktor was sued [PDF] on Feb. 15, and France-based Didomi was sued [PDF] on Feb. 22

Some background: Venpath, Inc., a company with a New York address that appears to be a virtual office, assigned the rights in the ‘451 patent to VeriPath just days before the patent issued in September last year. As it happens, the FTC began enforcement proceedings against VenPath last September. The FTC’s complaint [PDF] alleged that VenPath’s website represented that “VenPath participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.” The FTC alleged a count of “privacy misrepresentation.” It claimed that VenPath “did not complete the steps necessary to renew its participation in the EU-U.S. Privacy Shield framework after that certification expired in October 2017.” The FTC issued a Decision and Order [PDF] requiring VenPath to remove the misrepresentations. 

An exhibit [PDF] attached to the complaint shows that one of the named inventors on the patent, Nick Hall, contacted Faktor to ask what its prices were. Hall identified himself as the CEO of VenPath. Once Faktor responded, Veripath sued Faktor in federal court in New York.

In its lawsuits, Veripath claims that basic warnings about cookies on websites, a now-common method of complying with the GDPR, violate its patent. The lawsuit against Faktor notes that Faktor’s own website “might not work properly” unless a user consents to having her browser accept cookies.

Veripath and its legal team argue that this simple deal?accepting cookie use, in order to visit websites?is enough to infringe the patent. They also claim that Faktor’s Privacy Manager software infringes at least Claim 1 of the patent, and facilitates infringement by others. 

The ‘451 patent should never have been granted. In our view, its claims are clearly ineligible for patent protection under Alice v. CLS Bank. In Alice, the Supreme Court held that an abstract idea (like privacy-for-functionality) doesn’t become eligible for a patent simply because it is implemented using generic technology. Courts have struck down similar claims, like a patent on the idea of conditioning access to content on viewing ads. 

Even when a patent is invalid, defendants face pressure to settle. Patent litigation is expensive and it can cost tens or hundreds of thousands of dollars just to get through the early stages. To really protect innovation we have to ensure that patents like the ‘451 patent are never issued in the first place. The fact that this patent was granted shows the Patent Office is failing to apply the law.

We are currently urging the public to tell the Patent Office to stop issuing abstract software patents. You can use our Action Center to submit comments.

Republished from the EFF’s Stupid Patent of the Month series.

Filed Under: , , , , ,
Companies: venpath, veripath

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Stupid Patent Of The Month: Veripath Patents Following Privacy Laws”

Subscribe: RSS Leave a comment
Anonymous Anonymous Coward (profile) says:

The courts are a long way from the answer, what is the short way

Unfortunately the Supreme Court seems to have little ability to enforce its ruling unless a similar case is granted Certiorari, and then they seem only to be able to remand, though in some instances rebuke the offending court, sometimes in very certain terms. The ruling in Alice thus appears to be superficial, at least to the Patent Office, unless someone brings a case that relates and then reaches the Supreme Court.

Given the Supreme Courts reticence to workload (significantly reduced in recent decades, I could not find the link), and the number of cases submitted, and the number of cases actually granted Certiorari, it certainly appears that it will be some time before anything is done about the issues presented in the above article. That is unless the pertinent people in the Executive act, and in the interest of the people, rather than in the interest of…well how to characterize them is difficult, they might be friends or they might just be business participants. Hard to say, either is bad.

That the Patent Office is either ignoring or obfuscating the Alice decision seems to be a violation of law, regardless if they have the approval of higher ups. Just following orders hasn’t worked since the Nuremberg trials, especially if those orders were illegal. Not that I would expect the DoJ, who should be on this like a tiger on a deer, to do anything, as they have much more important things to do. What were those again?

Coyne Tibbets (profile) says:

Re: The courts are a long way from the answer, what is the short

If the patent examiner disapproves an application, there is endless fuss with appeals. The examiner’s job performance suffers because they are spending their time on appeals instead of reviewing more patents. That means their pay suffers and their job is at risk.

So their bias is always going to be to approve, even if the patent doesn’t seem worth approving. At least, until their job performance includes measures of quality of patents approved, which is about as likely to happen as hell freezing over.

Scary Devil Monastery (profile) says:

Re: The courts are a long way from the answer, what is the short

This is the main issue which keeps cropping up by allowing patents to be made on "ways of doing things". When they allowed patents to be made on mathematical formulas and software they opened the door for any idiot to patent any form of human behavior – from silly walks to policy processes.

And every such patent must be considered valid, assuming a brief examination by someone often hideously unsuited to make that decision. And when it turns out to fail all standards of common sense it ends up with a supreme court having to waste their time spanking a thousand patent trolls.

The answer ought to be obvious – behaviors, math, software and any other form of immaterial description on "How to do stuff" shouldn’t be subject to patents since the patent criteria become disproportionately open-ended.

Anonymous Coward says:

To really protect innovation we have to ensure that patents like the ‘451 patent are never issued in the first place. The fact that this patent was granted shows the Patent Office is failing to apply the law.

There’s easily a staggering amount of prior art for this – pretty much everything privacy-related on the Internet. I can only conclude that the patent examiner is either a complete idiot or has never used (or even heard of) a website.

OldMugwump (profile) says:

Re: has never used (or even heard of) a website

I’ve been told that patent examiners are not allowed to search the web, or use online references, for prior art.

It has to be on published on paper or it doesn’t count.

Patent office rules, obviously, not legislation.

(This was some years ago – things may have changed.)

Anonymous Anonymous Coward (profile) says:

Re: Re: has never used (or even heard of) a website

I have heard the same thing. I suppose the justification (by those in the Patent Office) is that if it hasn’t been previously patented there is no possibility that prior art could exist. The absolute arrogance of such a position is astounding. To believe that their system of patents is so absolutely perfect that they could not possibly have missed the creation of anything without going through their obtuse process.

As others have argued here, some folks think security through obscurity is a good idea and use trade secrets rather than patents to protect their IP. Then there are other possibilities as well, such as something entirely different was performing the same function but no one ever applied for a patent on that function.

Thad (profile) says:

Re: Re:

I can only conclude that the patent examiner is either a complete idiot or has never used (or even heard of) a website.

There are also far too many patent applications and not enough examiners to take the time to properly review them. Here’s a good piece at Ars, by the EFF’s Daniel Nazer: Theranos: How a broken patent system sustained its decade-long deception

It’s not directly related to this story — it’s about patents for inventions that don’t work, not patents for "inventions" that already exist — but there’s some overlap in how and why bad patents are granted.

bobob says:

Re: Re: Re:

I don’t believe there are too few examiners. If anything, it should take less time to reject shit like this than to make a case (even in one’s own mind), for awarding a patent. The awarding of a patent ought to require meeting a very high bar.

Also, the award of a patent does not require proof that the idea in the patent works. However, the patent application ought to at least be required to show that the invention in question has some chance of working given current scientific knowledge and whatever additional knowledge in the patent application, to make that seem plausible. I really don’t believe theranos met that bar.

Scary Devil Monastery (profile) says:

Re: Re: Re: Re:

"The awarding of a patent ought to require meeting a very high bar."

Ideally yes. But it ends up in the same problem that we keep having with copyright cultists not understanding "scale".

How many people work at the patent office? How many of those are multi-disciplinary academics capable of even understanding what the patent is about? How well are they paid?

How many thousand patent trolls regularly spam the ever-living sh*t out of said patent office with pre-templated patent applications on everything from better mousetraps to "walking in a constipated manner"?

The average patent examiner needs to do a lot of things, but I’m guessing they have roughly a few minutes to look over every patent application, find that they can’t understand a single word of what it actually applies to, and then flip a coin on whether they’re going to approve or reject the patent.

This is one of the very good reasons why it is NOT a good thing to make patent application too easy or too wide.

Especially all forms of patents applying to HOW things are done should be rejected unlessthe process ends in manufactured physical goods of some sort, because patents on information, conveyance, and communication, leave the bar so low you end up having patents for "answering cell phones" (tentatively held by Apple, I believe).

bobob says:

Re: Re: Re:2 Re:

Multidisciniplary expertise ought to be a requirement for the job. It should scale fine because a patent that is obvious can be rejected for obviousness without having to research anything.

Also, the patent system itself has been perverted in that the constitution allows only awards to individuals, not corporations. To do an end run around that, the "Assingnee" field was created, so that the patent shows the "ownership" of that patent as the actual people who did the inventing, but they don’t really own it. Getting rid of the assignee field would reduce the corporate shit patents by the zillions.

Anonymous Coward says:

Re: Re:

You’re talking about a dumbfuck who would patent crossing the streets like a buffoon under the name of Ministry of Silly Walks.

Ignoring the fact that Monty Python has a claim to that name, of course, because IP fanatics like blue boy and John Sanford Smith apply IP enforcement selectively.

Fuck ’em.

Anonymous Coward says:

The usa would be better without software patents ,they seem to mainly benefit patent trolls and lawyers .
They are like nuclear weapons , they are an extra cost on taxpayers and the public.
If All software patents were cancelled the only losers would be patent trolls and the legal experts they employ .
How many billions are wasted on legal action and paying lawyers to protect
American companys against patent trolls .
So someone could just make a patent to look at users history on social media and youtube, and offer them videos that they might want to see
based on previous viewing history .
Or recommend music and songs based on previous songs that users have played in the past .
Look at simple basic procedures that users do every day and make a patent
that copys that process and you could sue 1000,s of companys .
The process of opting in to accept cookies in order to acess a web site
is well known.
Theres nothing new or innovative about click the accept cookie box to
view a website .
Its part of the law under gdpr.
No one needed expert programming knowledge to write this patent ,
they maybe needed legal expertise to write it in the legal ,tech jargon
that patents are written in .
Companys can already use copyright law to protect the programs they
write .
So software patents are not needed .
Microsoft was able to make the windows OS without the benefit of software patents .

ECA (profile) says:

Re: Software

The EU used to NOT patent Software, but until recently…
It was a big push from the Major distributors..

MOST of the problem here is like the Board game industry..

Software is obsolete after 5 years..Period..The changes and updates after that point make it Mostly a different program..
At one point and I think it still is, you could CR, a line of code or a short, sorting solution, and no one could use it without asking/paying. The creater of ZIP, asked for money, he got quite abit, but died Of alcoholism, and right after that…MS took over Zip..

To many corps are sitting waiting to pick up CR on many products, they dont want to pay for the programs.
MS has beaten companies to the ground for having something SIMILAR to a prog they had, but the small company had one better…

Its alwasy amazed me, that Courts cost money, unless the cops take you to jail, because someone Else complained…

Anonymous Coward says:

Re: Re: Software

Software is obsolete after 5 years..Period..

Well, I have just installed BRL-CAD, and it has been under continuous development for 35 years, and it is far from obsolete. Emacs is 43 years old, and was the first piece of the GNU project written by RMS. Bash is 29 years old. VIM is 27 years old. wget is 23 years old.

Software can have a very long life.
Well written code can have a very long lifetime.

Anonymous Coward says:

Re: Re: Re:2 Software

All programs listed are still being maintained or developed, but a large amount of the original code is still being used. A potted history of all of them is available on Wikipedia, and the source code repositories are all available to the public, and contain most, if not all of the development history.

Qwertygiy says:

Re: Re: Re: Software

I think that is meant to be covered by the next statement: "The changes and updates after that point make it Mostly a different program."

I would still question this, however, as bug fixes, security updates or protocol changes, and graphical interfaces can be added without changing the basic purpose, functionality, and procedures of the program.

You can see this in any program that follows some form of Semantic Versioning in the mold of A.B.C, such as "version 2.1.32" or "version 3.1.0".

C = "patch release". You fixed a bug or otherwise changed something internally without adding any new functionality to the public API.

B = "minor release". You added something new to the public API, but every other program that was designed to work with the last minor release should still work with this one. In other words, you maintain backwards compatibility.

A = "major release". You changed or deleted part of your public API, so things made with the previous major version may not work anymore. This is the best general definition of "a completely different program" for most software. While it’s more commonly seen in Linux or software development, you’re probably familiar with a few of these — Java 8 vs. Java 7, or HTML 5 vs. HTML 4, or the different major versions of Internet Explorer.

While some software changes major versions rapidly (my version of Firefox is 65.0.1, for example, and there’s a new Android almost every year) others can last for a very long time. For example:

  • GIMP is now on version 2.8.22. Version 2.0.0 came out 15 years ago in March, 2004.
  • The most recent update to Python 2 was 9 months ago for Version 2.7.15. Version 2.0.0 was released in October, 2000, almost two decades ago.
  • One of the most important Linux packages, dpkg, is still in version 1 ( was released just days ago). It was first released January, 1994, over 25 years ago, and anything released for that first version should still work fine with a modern version of dpkg.
ECA (profile) says:

Re: Re: Re: Software

It is…
but using it is great…and I dont think its the original COBOL.
A few things should have been added/changed..

I learned RPG, COBOL, BAL, Basic, Fortran, and a few others…
It dont mean its not used, or needed, its just abit obsolete.
There are machine designed for Certain languages.. A friend has seen a C64 in the military, and I have in a hospital…
Its the idea that DATA only needs ?? dont need a fancy machine to do 90% of the work.
90% of office work could probably be done on an old C64… there is not much special about using MS OFFICE that requires you to have the Newest computers…

ECA (profile) says:


Can you see the PROOF to identity?? requirement??
OH! please pass this and make it so, everyone data is Spread World wide…because we have no Privacy on the internet..(we really dont anyway)..
Let all out bank and CC# and SS# spread around the world…
FORCE the Corps to have MORE paper work trying to decide WHO was where trying to buy WHAT from Which corp/company and If all of this was REAL, and not just Sent in by a computer to get MONEY from the Banks…


How many SITES, require you to sign a EULA before you can use the site…MANY..

Anonymous Coward says:


I don’t think you understand what as patented here. It’s not about the data sharing itself. This is about how a user is presented the choice to opt into sharing. Those who are sharing this data with others today skipped that whole step and could not have violated the patent.

bobob says:

Personally, I hope the patent holds up. This is not because I think it rises even to the level of patenting dog shit, but because the only way to overcome the inertia of patent regulations that are already allowing dog shit to be patented, is to sink low enough to cause a large backlash from entities who have enough money to be a nusiance to congress and the patent office. It’s truly unfortunate that collateral damage to less moneyed entities has to occur before congress and the patent office and are motivated.

Once someone is forced to think about raising the bar, it might get raised a bit, so that even idiots (e.g., a particular judge or two), can’t hesitate to invalidate a patent on something that matters, like an API. It’s the marginal patents that allows the patent office to defend themselves and twiddle their thumbs, but I’m not quite sure this patent sinks low enough. The bar is really low.

I have to believe that the person who awarded the patent only did so because not awarding it would have been a bad career move at the patent office. He or she can’t really be that stupid.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...