What Does a First-To-File System Mean and What Will This Change to the Patent Process Mean for Inventors and Companies?

Posted by Megan McGovern at 12:46 PM

The America Invents Act (AIA) is the latest reform in U.S. patent law signed into effect on September 16, 2011. With a set of rolling changes, on of the main modifications takes place on March 16, 2013, which will transition the patent system from a “first-to-invent” system to a “first-to-file” system. This will bring serious change for inventors and companies in their strategies for filing patents.

The United States patent system has operated under a first-to-invent system for the last 200 years. Under this system a patent is granted to the inventor who first effectively invented the patent, regardless if they were the first to file for a patent application on the invention. For example if Inventor A invents a patentable invention but does not yet file an application with the United States Patent and Trademark Office (USPTO), but then Inventor B invents the same patent and does file an application with the USPTO claiming the invention, A would be entitled to the patent if A later filed an application. Even thought A filed after B, A would be granted the patent if he showed documentation of having an earlier invention date and showing he actually or constructively worked to “reduce the invention to practice.” This system is time consuming and difficult as attempting to deduce a date on which a person actually invented something can prove quite difficult.

March 16, 2013 brings about a first-to-file system, which de-emphasizes the actual invention date while focusing on who filed first. This change will further synchronize U.S. patent law with most of the rest of the world who also implement a first-to-file patent law system. The main question this change brings about is not who first conceived an invention (as in under a first-to-invent system), but rather who was the first to file a patent application with the USPTO. Some critics of the system change argue that this first-to-file system will boost patent troll activity, which will a person to be able to file patent applications on inventions that have been released but not yet filed on by smaller companies or underfunded startups. Some argue this will also give larger companies an advantage over smaller companies who do not have equal funds or resources to file patent applications at the same rate large companies do. However something to understand with this change is that while a first-to-file system will go into effect, it is not a true first-to-file system because the one-year grace period on public disclosure will stay in effect. An inventor can publically disclose his invention, through for example a blog post, and is given a one-year grace period from that time of disclosure to file for a patent application. If an inventor publically discloses his invention but does not file with the USPTO right away, he still has one year from that disclosure and will be granted a patent over any other inventor who disclosed later but may have filed earlier. This essentially means that the USPTO will now look to who first filed a patent application or who first publically disclosed the invention, both easier to deduce than which inventor first conceived the invention.

Under this new system well-timed disclosures of inventions by smaller companies will be able to block better funded companies from receiving patents. Disclosure will become of utmost importance as delay of disclosure can allow a competitor to file a patent application on the same technology that they invented later, but filed first. The competitor in that situation would receive the patent under this new system. Companies should begin to create processes that will quickly and effectively identify inventions, as well as whether it is financially beneficial to file a patent application or to publically disclose first.

The Law – Promoting Data Insecurity

Posted by Hillary Cheng at 12:40 PM

The MBTA, U.S. Customs, Apple, and Cisco would like you not to know that their data was or is insecure. Yes, I repeat, their data was, or is, insecure, and they don’t want you to know. Rather than promoting information security by working with security researchers, the MBTA, U.S. Customs, and Cisco would rather file criminal complaints against researchers who find vulnerabilities in their security.

With the advent of the Internet, data stored on computers with access to the Web are prone to access by hackers. Infosec specialists and researchers work hard to protect our data, but the policies that make hacking a criminal activity sometimes also encompasses the work of security researchers. While some organizations agree to have their security measures inspected by researchers, other researchers find vulnerabilities in a company’s security without their express consent. In the name of research, infosec specialists often disseminate their findings at security conferences for the benefit of other researcher’s knowledge and development of techniques.

However, this well-meaning effort to develop better information security has met extreme pushback from companies wishing to maintain their bottom line and avoid bad publicity. Companies with security vulnerabilities may threaten researchers with legal action and filing of criminal complaints in efforts to suppress their findings. This is counterproductive to improving data security, and policy should be construed in favor of promoting more security and public awareness of security breaches.

Minnesota Department of Administration Rules License Plate Reader Data is Private

Posted by Lloyd Chebaclo at 12:12 PM

On Monday March 18, 2013, the Minnesota Department of Administration ruled data collected on the license plate readers is private, including plate numbers, times, dates and locations of vehicle scans, and vehicle photos. Automatic license plate readers (ALPRs) are used by law enforcement to rapidly scan plates and can be used to track wanted vehicles. These cameras take a photograph of every license plate that passes them by, often storing that photo of the vehicle in addition to the plate number, meta-tagging each file with a GPS location, time and date, and converting each number into text that is searched in a database of plate numbers entered manually or selected by an agency. In December of 2012, the City of Minneapolis released a database of over 2 million license plate scans, as reported in the StarTribune.

The reclassification of license plate reader data as private is temporary through 2015. The Minnesota House of Representatives Civil Law Committee addressed Rep. Mary Liz Holberg’s (R) bill to regulate automated license plate reader data to make it classified, require log of use, and require data to be destroyed.

When the City disclosed the data, it nonetheless sought to protect the locations of its stationery cameras by redacting the locations across much of the entries. ALPRs are generally mounted on stationery objects like telephone poles and under bridges or on patrol cars. Among the seven people that requested and received the data from the city were a web developer, a University of Minnesota researcher, and a StarTribune reporter.

This practice sparked a debate in the legislature, a push to reclassify the data as private from Minneapolis Mayor R.T. Rybak (among those tracked), and calls from privacy advocates to narrow limitations on retention policies for such data. Arstechnica reported that a local Minnesota firm, Datalytics had received the database. The firm caught the local police department’s attention when it advised that it was able to pin the locations of the stationery cameras, underscoring the vulnerability exposed by making all of the data collected freely accessible for the police itself. The data had been public by default, and could be stored indefinitely absent state law on the matter. StarTribune reported last August that in Minneapolis the location data is stored for one year, while St. Paul discards it after 14 days, and State Patrol erases it in 48 hours.

The discourse over how to manage the data echoes the concerns of nationwide public interest groups and privacy advocates like the American Civil Liberties Union (ACLU). ACLU noted in July 30, 2012 that only two states had passed legislation barring retention of “non-hit” plate data, which is data on cars that are not wanted by the police. This locational information provides potential for data mining, generating profiles on plate owners and potentially sensitive information about where they have been, raising privacy concerns similar to those raised by warrantless GPS tracking. The license plate reader data in effect becomes a retroactive warrantless surveillance tool. States and municipalities have a valuable tool in license plate readers, but should regulate them with considered data retention and access policies that address the privacy interests of the public to prevent unfettered tracking and abuse of sensitive information.