However, there may be a disruptive change afoot. Consider two brief articles that appeared this week on Reuters.com.
In the first (itself apparently relying on an article that appeared in The Telegraph), entitled “Hackers steal Dominos Pizza customer data in Europe, ransom sought”, here, it was reported that hackers appear to have stolen data (names, addresses, phone numbers, email addresses and passwords) of about more than 600,000 customers of Dominos Pizza in Belgium and France; via an anonymous Twitter account, a cash ransom in the amount of 30,000 Euros was demanded. A spokesperson for Dominos Pizza acknowledged that such data had been taken, but advised that the company would not pay any such ransom, if in fact it had been sought. No credit card information was taken.
In the second article, “Nokia ‘paid millions to software blackmailers six years ago’, here, the Finnish television station MTV reported that the Finnish telecoms company six years ago paid a ransom of several million euros to hackers who otherwise threatened to disclose some of the source code used as part of the Symbian operating system of the company’s (then) smartphone line. Kat readers should be reminded that, as late of 2007, Nokia had a 50% share of the market and the proprietary Symbian operating system was used by the company as well as by other phone manufacturers. Today, Nokia is out of the mobile phone business, having first adopted the Microsoft Windows software for its own phones and later selling the entire business to Microsoft. The hackers had obtained the encryption key for an important part of the Symbian operating system, which it threatened to make public if its demands were not met. According to the report, Nokia paid the ransom in coordination with the police, but the police ultimately lost track of the extortionists. The matter is still being investigated as a suspected act of “felony blackmail”.
What do we make of these reports? Both involve “generic” acts of out-and-out criminality (steal and threat to disclose personal data; steal and threat to disclosure the source code of an operating system). This Kat does not know about other Kat readers, but criminal extortion has never been part of his IP practitioner’s playbook. True, he has encountered mass illegal copying of software and the counterfeiting of trade marked goods, which sometimes has led to the filing of a criminal action with the courts. Also, from time to time, this Kat has had the sense that the infringers/counterfeiters in such circumstances might have connections with criminal elements. But the underlying paradigm is still the act of infringement, i.e., copying and the like, with its roots in civil (in the common-law sense) tort malfeasance. I understand this paradigm and I am comfortable acting within it (either on behalf of the rightsholder or the alleged infringer). But criminal extortion is a quite different matter, one for which this Kat is not certain that he fully understands or is prepared for. It is as if he is being thrown into the set of the iconic crime movie, “The Usual Suspects”, here, uncertain even at the end who exactly are the bad guys. With apologies to Bob Dylan, the IP field is “a-changin” and this Kat is struggling a bit to adapt.
There are two additional points to be made. First, the report of the hacking of the Dominos Pizza servers and the taking of data underscores the increasing importance of data and confidentiality as central forms of intangible assets in our on-line world. The IP kittens in our firm sense this, one having observed this week that classic IP, in comparison with data protection, seems “oh so yesterday”. Second, even within the more traditional IP world, as exemplified by the report about Nokia, the circumstances surrounding infringement are being altered. One can presumably find acts of copyright infringement in the sequence of events described, but infringement qua infringement does not lie at the heart of the wrong-doing, which are found in breaking the Symbian encryption key and blackmailing the company in the face of a threat of disclosure of the proprietary software. I can hear proponents of open source software saying that “in our paradigm, this could not have happened.” Perhaps so, but it is naive to think that the open source approach is the solution to all present and future threats of extortion in connection with classic IP rights.
Who are the good, the bad, and even the IP ugly is changing. How will we in the IP community prepare ourselves and those after us to deal with these changes is very much an open book and not even the introduction has yet been written.
For Kat readers who want to hear more about the “good, the bad and ugly”, listen here.
I think trainee patent attorneys get the ethics shaken out of them (or at least rewired) prosecuting or defending too many bad patent cases with clever arguments. Our profession defends IP rights to the hilt, without thinking objectively about their function in the economic ecosystem. I think recent US Supreme Court patent decisions are a reaction to that. I think the general public is increasingly anti-IP. All of this impacts on perceptions on the rights and wrongs of data theft.
ReplyDeletePoor quality trainees might. I didn't.
ReplyDeleteI disagree completely with Anonymous @ 11:51.
ReplyDeleteThe choice of his words reveals rhetoric often employed by anti-patentists. It is mere propaganda (no really the common people all believe in our cause...)
Pay no attention to the man behind the curtain.
You say "open source" and you know you will hear from me. I don't think the open source community would consider the theft of an encryption key any less alarming than you do; in fact in my experience it is a community that is extremely attentive to security. The only difference is the nature of the threatened harm in this particular instance. Since the threat was the disclosure of code it indeed wouldn't hold any sway with open source software, but that's like saying a nude model is immune to all threat because publishing photos of her nude wouldn't scare her. There are many threats one could make that would be harmful to any business--disclosure of credit card information, for example. And every business, open source or proprietary, would be alarmed by that.
ReplyDelete