Meet the Lawyer Suing Anyone Who Uses SSL

Sparrowvsrevolution writes "Since 2008, Dallas, Texas attorney Erich Spangenberg and his company TQP have been launching suits against hundreds of firms, claiming that merely by using SSL, they've violated a patent TQP acquired in 2006. Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented. So far Spangenberg's targets have included Apple, Google, Intel, Dell, Hewlett-Packard, every major bank and credit card company, and scores of web startups and online retailers, practically anyone who encrypts pages of a web sites to protect users' privacy. And while most of those lawsuits are ongoing, many companies have already settled with TQP rather than take the case to trial, including Apple, Amazon, Dell, and Exxon Mobil. The patent has expired now, but Spangenberg can continue to sue users of SSL for six more years and seems determined to do so as much as possible. 'When the government grants you the right to a patent, they grant you the right to exclude others from using it,' says Spangenberg. 'I don't understand why just because [SSL is] prevalent, it should be free.'"

So

[Ultra64]

Who's up for forming a lynch mob?

So...

[MozeeToby]

Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented.

Now, don't get me wrong, this is patent trolling at it's absolute worst, but what exactly is this quote supposed to mean? We (rightly) complain all the freakin time how people shouldn't be granted patents just by adding "on the internet" or "on a computer", we can't have it both ways. If there is a valid patent to provide secure communications through USPS and the key steps of that patent are being performed as part of secure communications online, why shouldn't that be considered to be violating the patent?

The real problem

[dachshund]

Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented.

The problem here is not that the patent was filed before SSL was invented (about 1995) -- that could be fine, if SSL was using a patented technology that pre-dated its own invention.

The problem here is that the attorneys are accusing the practice of 'sending network records over a wire and encrypting them with a stream cipher', where in this case the cipher is (I believe RC4). However RC4 was invented in the 1980s and should pre-date this patent. I'm certain that somebody used it to encrypt network traffic in an almost identical manner, so there should be prior art.

Moreover, stream ciphers in general have been around for much longer than that. Someone somewhere has published/deployed this idea before. It should not be a live patent. Note that the case has never been tested by a court.

'New' SSL users 'safe'

[beaverdownunder]

According to TFA, the patent apparently infringed upon has expired, however this mob can still sue people who used it in the past for the next six years.

So, if you start a new company now that uses SSL you should be in the clear.

See also Marconi being sued by telegraph companies

[dbIII]

Marconi was sued by telegraph companies that thought they had a fifty year monopoly on morse code. The communications IP legal situation has been a sick joke since at least then.

Err what?

[kiriath]

'I don't understand why just because [SSL is] prevalent, it should be free.'

This statement is one of those really douchebaggy things that douchebags douche out.

All of that being said, SSL needs to be replaced with something better anyway.

Re:So

[jd2112]

Who's up for forming a lynch mob?

Depends. Who are you going to lynch? The scumbag lawyer? The patent official(s) who granted this patent? The politicians who have been dragging their feet on patent reform? I mean, are we out to change the system, or just to vent on a shrewd individual who is exploiting it?

Note to self: Invest in companies that make rope.

Re:So...

[History's Coming To]

We need some reductio ad absurdem on the part of the courts here. Side with the lawyer, outlaw all uses of SSL without a license from him, and have all companies using SSL remove the facility for one day. He's after a little bit of money but he's claiming to want to protect the patent. OK, call his bluff, no money and a protected patent, then let's see how the rest of the world responds when they see what's happening. No more internet banking? No more online trading? No more secure internet sessions? Go on, call his bluff, let's open Pandora's Box Of Patents, it's the only way to bring this nonsense down once and for all.

Re:So

[CuteSteveJobs]

> So even if you win the lawsuit, you might end up losing money in the end.

Try definitely. In the US your legal fees usually aren't reimbursed, so you will be out of pocket $3-5M *EVEN IF YOU WIN*. Kiss that money goodbye. Under UK rules the winner does get their legal fees reimbursed, but lawyers charge a lot more than that amount so you will still be out of pocket for say half that amount.

As soon as someone sues you for patent violation - even if their suit is a sham - you're a few million out of pocket. In theory the judge should throw out sham suits, but judges in patent troll counties are a different breed.

Re:So...

[Luckyo]

"If you're a small garage inventor, you're not big enough to be paid for your inventions".

Nice ethics you have. No wonder there are so many "too big to fail" companies now and so many small ones are destroyed just to make sure these big failures stay up.