14 Comments

Summary:

Newegg’s use of industry-standard online encryption techniques infringed on an obscure modem patent, a Texas jury found. However, the e-commerce outfit has promised to appeal, which has worked out well for it in the past.

Just as the web is clamoring for more encryption, a Texas jury has set a terrifying precedent for companies that want to deploy it. Late Monday, the jury said online retailer Newegg was infringing on a patent that supposedly covers such security techniques. The court ordered Newegg to pay $2.3 million in damages, essentially for the sin of protecting its e-commerce transactions from online criminals.

U.S. Patent 5412730 (the ‘730 patent) was filed in 1992 by and granted in 1995 to one Michael Jones, at the time of a company called Telequip. It now belongs to TQP Development, an outfit established by Erich Spangenberg for the sole purpose of extracting cash from companies that allegedly infringe on its claims. Such outfits are officially known as “non-practising entities” and unofficially as “trolls”.

TQP has already used the patent to wring around $40 million in settlements out of Amazon, Microsoft and many smaller companies. The cost of defending a patent trial in the U.S. is so onerous that most companies will pay to make the troll go away – but not Newegg, a firm that has such a strong anti-troll stance that it even sells T-shirts declaring: “Settling Feeds Trolls”.

Prior art

Newegg seemed to have a pretty good case. The patent itself doesn’t refer to the web – it describes “a modem suitable for transmitting encrypted data over voice-grade telephone line” — and TQP’s interpretation of the patent’s claims in the web context (which only existed in a public sense from 1993 onwards) don’t stand up as novel technology. We’re talking about broad, fundamental encryption techniques here.

Indeed, Newegg was able to point to solid “prior art” – examples of the described techniques being used before the patent was even filed. According to TQP, Newegg was infringing on the patent’s claims by using the Secure Sockets Layer (SSL) protocol together with the RC4 encryption algorithm. RC4 came out of RSA Security in 1987, the invention of RSA cryptographer Ron Rivest.

Netscape released SSL in 1995, but using public-key cryptography techniques that date back to Whitfield Diffie and Martin Hellman’s work in 1976 (as we know now, these techniques were actually invented separately and secretly in 1970 by James Ellis, an employee of the British NSA equivalent GCHQ). And in any case, as Newegg’s lawyers argued, the ‘730 patent doesn’t even describe public key cryptography, but rather a more primitive method of symmetric cryptography.

Newegg managed to get testimony from Diffie, Rivest and even former Microsoft tech chief Ray Ozzie, whose Lotus Notes email software was using RC4 in the late 1980s. But to no avail: the 8-person jury found Newegg to be infringing on all 4 of the asserted claims, and ordered it to pay $2.3 million in damages (TQP wanted $5.1 million).

Not the end

On the face of it, this is a disastrous outcome. Thanks to the hyperactivity of the NSA and other intelligence agencies, and the ever-present criminal threat, we all need more encryption in our lives – yes, the NSA may be able to crack it if it tries, but encryption almost certainly remains a valuable shield against dragnet surveillance, and it’s definitely needed to protect consumers against online fraudsters.

The verdict sets an ominous precedent for the many other suits TQP has on the boil, with defendants including the likes of Google and LinkedIn — although the patent expired in 2012, TQP was still able to sue over its past “infringement” for a further 6 (now 5) years. It also reinforces TQP’s strategy, which is to convince targets to pay up without going to trial.

However, this story isn’t over yet. Newegg has been here before – when the company won its greatest anti-troll triumph at the start of this year, defeating a firm called Soverain that claimed to own the rights to basic online shopping cart technology, it was only on appeal. And Newegg will definitely appeal the TQP verdict, arguing that the ‘730 patent should be invalidated. Which it should; its claims are being interpreted way too broadly, and it doesn’t actually describe a novel invention.

“We respectfully disagree with the verdict that the jury reached tonight,” Newegg legal chief Lee Cheng told Ars Technica after the trial. “We fully intend, as we did in the Soverain case, to take this case up on appeal and vindicate our rights.”

This article was amended at 10.30am PT to include a detail about the patent’s expiration.

You’re subscribed! If you like, you can update your settings

  1. The fact that East Texus is used so much for this type of trial and they can make such stupid decisions does not bode well for the intelligence of the jurres of said county.

  2. As far as I know TimB, there is nothing that states that jury members have to be intelligent, if there would be such a prerequisite then we wouldn’t be reading this article and other like it…

    1. It is supposed to be a jury of your “peers”.

      So no, there is no such requirement.

  3. The jurors should have been required to be able to fog a mirror.

  4. The precedent established here is more than about infringement, but the ability of a patent holder to sue secondary parties. It is Citrix that provided the equipment that utilized RC4 over SSL and therefore the primary infringer, but instead TQP goes after buyers of the product.

    Imagine being in Corporate Procurement, or even worse being a small business owner and having to identify if the products you buy are stepping on someone else’s IP. Trust me this will have chilling effect on the industry.

  5. I think it would be wise for the USA to suck all these cases into a specialised technology court rather than allow states to muck up the economy like this.

  6. Why would they still be using SSL and RC4? Both contain flaws that deem them unsuitable for use. They should upgrade to TSL and somethign secure like AES.

    See the “Cipher table” here: http://en.wikipedia.org/wiki/Transport_Layer_Security

  7. this is why we can’t have nice things. and i agree with the comment about a special court, and I almost feel something should be required to qualify jurors

  8. this is y the US is a dumb country, the fact that any BS is accepted there.

    1. Yet it is you that can’t spell out words and use proper capitalization.

      So, it must be safe to say that you were born and raised in the U.S.?

  9. another mockery placed on the table for all developers and companies that innovate todays society with innovation. Lets buy a patent on the saddle of a horse, then go after companies that make car seats. I mean they both accompany riders and serve the same purpose so we need our royalties.

  10. I hop Amazon sticks it up their toll ass.

Comments have been disabled for this post