Using Patents To Prevent Researchers From Pointing Out Security Holes In Your Technology
from the a-new-low dept
Someone who prefers to remain anonymous writes: "We've seen people use bogus DMCA claims to shut up speech they don't like. Now, it turns out that if you demonstrate security vulnerabilities, you may have to deal with the threat of patent lawsuit as well. IOActive, a security firm based in Seattle, built a hand-held device capable of reading and cloning the prox cards used for building access in many companies. They demo'd the device at the RSA Conference and were going to give an in-depth talk at Black Hat in DC. HID Global, who makes the cards, found out about it and sent them a letter claiming that the cloning device infringes on HID patents. Faced with the threat of a patent infringement lawsuit, IOActive pulled the presentation." Jennifer Granick, over at Wired News, does a good job highlighting the ridiculous consequences of an action like this: "Imagine if, in the 1970s, the tobacco companies had patented devices to measure the health effects of smoking, then threatened lawsuits against anyone who researched their products. The use of patent law to prevent vulnerability discovery and discussion is bitter irony, because a fundamental purpose of patent law is disclosure." Yet another example of the patent system doing exactly the reverse of what it's supposed to do.