Meet The Patent Troll Suing Hundreds Of Companies For Encrypting Web Traffic
from the the-system-is-broken dept
The patent in question, 5,412,730 is quite simple, with just two claims:
1. A method for transmitting data comprising a sequence of blocks in encrypted form over a communication link from a transmitter to a receiver comprising, in combination, the steps of:
- providing a seed value to both said transmitter and receiver,
- generating a first sequence of pseudo-random key values based on said seed value at said transmitter, each new key value in said sequence being produced at a time dependent upon a predetermined characteristic of the data being transmitted over said link,
- encrypting the data sent over said link at said transmitter in accordance with said first sequence,
- generating a second sequence of pseudo-random key values based on said seed value at said receiver, each new key value in said sequence being produced at a time dependent upon said predetermined characteristic of said data transmitted over said link such that said first and second sequences are identical to one another a new one of said key values in said first and said second sequences being produced each time a predetermined number of said blocks are transmitted over said link, and
- decrypting the data sent over said link at said receiver in accordance with said second sequence.
2. The method as set forth in claim 1 further including the step of altering said predetermined number of blocks each time said new key value in said first and said second sequences is produced.
Of course, the patent actually expired back in May (17 years after it was granted), though the company is still suing, since there's a "look back" period of six years, and the company apparently intends to use as much of the next six years as it can getting people to pay up for encrypting their web traffic. Can anyone explain how this is a reasonable system?
What Ars leaves out of the story is that TQP is part of a much larger operation. TQP is one of Erich Spangenberg's companies -- he has hundreds of different patent trolling operations, and even had to pay a huge fine a few years back for shuffling around patents between companies and suing DaimlerChrysler twice over the same patent, even though the original settlement promised he wouldn't sue them over the same patent again. He's also the guy who got smacked down after sending "anonymous" threat letters in which he would not name the client or the patents -- but demanded the company he reached out to first sign a gag order to even find out what the patent was.
Spangenberg has also proudly stated that his mantra is "sue first, ask questions later," which might explain the hundreds of cases filed by TQP.
Andy Greenberg at Forbes actually got Spangenberg on the phone where he tried to defend TQP's actions:
“When the government grants you the right to a patent, they grant you the right to exclude others from using it,” Spangenberg says simply when I reach by phone him in his Dallas office. He makes no apology for the fact that TQP doesn’t use the encryption patent itself, or even have a website. “If you buy a hundred-foot lot in the middle of Manhattan, you’re not required to develop it…Companies have the right to protect their IP dollars.”Greenberg also points out that many of TQP's lawsuits refer to sites that encrypt with the RC4 algorithm -- and RC4 predates the patent by two years. Apparently, despite other claims against various websites that use RC4, Spangenberg changes his story:
But when I point out to Spangenberg that RC4 was invented by MIT cryptographer Ron Rivest in 1987, two years before the filing date of TQP’s patent, he counters that defendants’ infringement actually has nothing to do with RC4. Instead he claims the infringement lies solely in the use of the SSL or TLS “handshake” that establishes a secure connection between a web browser and a web server, a technology invented in 1994 and used by virtually every secure web page.Greenberg notes that basically the entire internet uses SSL or TLS for security these days, and Spangenberg, ridiculously, claims it's because of how great the "invention" in the patent is.
There's a lot more in Greenberg's interview, including Spangenberg trying to claim that the patent is valid, in part because famed security expert Bruce Schneier was "advising" him when they got the patent. But Schneier tells Greenberg a very different story:
Schneier says he worked with Michael Jones on a technology related to secure payment systems in the 1990s. But since Jones’ work was acquired by TQP and used for lawsuits, he’s actually consulted to a half-dozen defendants in Spangenberg’s cases, many of whom settled for undisclosed sums rather than risk an expensive trial.But, of course, none of that matters when there are hundreds of companies to shake down...
Schneier describes TQP as a “really bad patent troll” and the intellectual property it’s using to cudgel defendants as a “crappy patent” that ought to be invalidated by prior art–evidence of previous invention of the same technology.