Sunday, February 26, 2017

Software Patent Filings Abstract Snags

Software patent filings have gone through snags during the approval process.  For many, not having a clearly stated specific enhancement to preexisting software was a liability to the filing's success.  Failing to satisfactorily describe a technical improvement on providing the innovation to the previous invents is another snag.  Not distinguishing the innovation from previous filings and from what appears to be a conventional purpose and function is as well critical to its success.  The struggle is with the abstraction of the descriptive process about the functionality of the intended software.  What gets lost is the detail necessary to demonstrate valued distinctions that set it apart as a new filing from preexisting related applications and functions in the field within which the software inventor seeks.
The Supreme Court in the Alice[1] case, iterated the standard for overcoming a Rule 12(b) failure to state a claim for patent eligibility.  As articulated. “a patent may be obtained for “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof.” 35 U.S.C. § 101.”  Furthermore, the Court has held that “Laws of nature, natural phenomena, and abstract ideas are not patentable.” [2]  In Mayo, the Court stated that on the basis of patentability/validity determination that is determination that is independent of . . . any other statutory patentability provision.[3]  It is in Mayo, that the Court established its two-step process to assess patent filing that only provide for abstract ideas.
The first step was to determine if the filing’s claim point to a patent-ineligible concept. If that is established, then the next step would be to determine if the “the elements of each claim individually or in combination allows the filing to have the nature of the claim transform to a patent-eligible application.”[4]  As the Court filters through patent filings for software, the challenge is to discern what is truly novel and game changing on the software computing field and what is a routine process of imitation with different function, but still achieving the same without development and or improvement.
To this concern, the Court distills between software-related patent claiming an improvement to a process or system from those filings that are claiming language reciting an invention’s pinpoint discernable improvement to what has already been active in computing.  In its own discourse, the Court alludes to the close calls, i.e., “in other cases involving computer related claims, there may be close calls about how to characterize what the claims are directed to.”  That is, “some inventions’ basic thrust might more easily be understood as directed to an abstract idea, but under step two of the Alice analysis, it might become clear that the specific improvements in the recited computer technology go beyond “well-understood, routine, conventional activities” and render the invention patent-eligible.[5]
The Court in Bascom, stated that the patent filing claims to “filtering content is an abstract idea because it is a longstanding, well-known method of organizing human behavior, similar to concepts previously found to be abstract.”  But what was distinctive, was the order of description of the specific function for the individual claims apart from what was conventional among computers, Internet Service Providers, networks, and filtering. The analytical inquiry into a claim’s patent eligibility weighs on the specific description of the inventive concept claimed.
The Bascom Court further elaborated, “the claims do not merely recite the abstract idea of filtering content along with the requirement to perform it on the Internet, or to perform it on a set of generic computer components. Such claims would not contain an inventive concept.” “Filtering content on the Internet was already a known concept, and the patent describes how its particular arrangement of elements is a technical improvement over prior art ways of filtering such content.”   The specific location for the filtering system which was to be a remote ISP server, and allow the users to have the ability to adjust the filtering for their network accounts, distinguished it from the abstract concept of filtering in general.
Hence, a new way and an improvement was recognized as applicable to the claim being filed for a patent.  Description of steps of claims cannot solely be achieving a process by function but must key in on way is the distinguishing feature from the conventional understood prior existing application.  Or else, filing snags will continue for software patent filings seeking innovative ways to describe the same but with not so distinguishing improvements.
[1]Alice Corp. v. CLS Bank International, 134 S.Ct. 2347 (2014)
[2]Association for Molecular Pathology v. Myriad Genetics, Inc., 133 S. Ct. 2107, 2116 (2013) (quoting Mayo Collaborative Services. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1293 (2012).
[3] Mayo, 132, S. Ct. at 1303–04 (citing Bilski v. Kappos, 561 U.S. 593 (2010); Diamond v. Diehr, 450 U.S. 175 (1981), Parker v. Flook, 437 U.S. 584 (1978).
[4] Mayo, 132 S.Ct. at 1297.
[5] Bascom Global Internet Services v. AT&T Mobility, LLC, 827 F.3d 1341, 1350 (Fed. Cir. 2016).

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2017, all rights reserved Lorenzo Law Firm, P.A.

Tuesday, February 14, 2017

Data Security Negligence

Data security responsibilities are, at times, not met with the requisite level of diligence for compliance.  Standards for compliance, for many businesses, institutions, and service entities, are not as specified as one would be drawn to believe.  The disjuncture between responsibilities and efforts are becoming more evident with passing days as cyber incidents leave alarming concerns with consumers and business establishments.

Commonly prescribed is that personal data embedded in digital record transmissions must be transferred securely.  However, the level of confidence that a service consumer, medical patient, loan customer, or even a student at an ATM demonstrates daily with their every swipe and approval is in the unseen information processing that the venue operates with, in order to provide the desired service.  If that confidence is shaken with the notion that the private information is not being handled securely, the digital transactions will experience a hick-up and the public consumer will seek other means to transact, and back to cash and brick-n-mortar, we go.  The integrity of the secure appearance of the merchant is held questionable and tenable.

At the point of transaction, the consumer is left with the confidence that the banking information provided to the institution is securely being transmitted and that the data is accurately being recorded, especially as balances are verified.  But what if the measures are not followed by the merchant?  How should a cyber incident be considered when negligence is involved in the cyber mishap? Who is to be held accountable for needing to demonstrate meeting the duty of care?

Negligence was an issue in In re Hannaford Bros.[1]  This Maine District Court case involved the data security incident arising from a third party stealing the consumer data from grocery transactions.  The question raised in the case was whether a customer can recover from the grocer for loss resulting from the third party’s data theft? It is conceivable that from the consumer point of view there will be the tendency to enjoy the convenience of the digital transaction by use of credit card at a store.  Yet, with the convenience, there is also the risk of fraud and misuse of the account information, i.e., PII.[2]  The average consumer believes that the law should address and protect their PII in circumstances where confidential information is stolen and allow for redress against the merchants and financial institutions. But how negligence should be analyzed in cyber incidents is a bouncing question dealt with traditional tort concepts of duty, breach, and causation with the ultimate tangible injury.  Long have been the treatment of analysis under Article III to settle in each case the criteria of requisite case and controversy.

Negligence, however, seems to stand on an island in cyber incidents.  To the individuals who have been affected by a cyber incident, the risk of fraudulent use of their account information is very real.  So, the argument goes that the law should provide some form of protection. How that protection is conceived is still debatable.  The grocery establishment in Hannaford Bros, typically argued that the law already provides protection to consumers by agreement.  For instance, by the provision of the Electronic Fund Transfer Act, which limits a consumer's liability for fraudulent debit card transactions to no more than $50 (or, if the consumer fails to notify his bank "within two business days after the consumer learns of the loss or theft," no more than $500). 15 U.S.C § 1693g(a).  Defendants usually argue that as well, the industry provides similar limits through contractual agreements with credit vehicles and associations such as Visa, MasterCard, etc. The store merchants will always seek to have the courts impose responsibility on the banks that issue the cards in order to facilitate any recourse to the consumer. So the cyber incidents that pertain to the misappropriation of digital transaction data pivot the consumer against the financial institutions to the liking of merchants or against the merchants to the liking of the financial institutions.

In the Hannaford case, the plaintiffs found themselves pivoted as such towards the merchant to determine the level care that the merchant undertook to care for the digital data of the credit and debit card transactions. The Plaintiffs argued that “... [they] made use of debit cards and credit cards issued by financial institutions to access their bank accounts or create credit relationships." Furthermore, that the merchant “provided electronic payment services," but failed "to maintain the security of private and confidential financial and personal information of ... credit and debit card customers" at supermarkets in . . .” in several states, including Florida.  Hannaford did not argue that it was not subject to a reasonable duty of care consideration, but what was pointed out was that it believed that it was not subject to an economic loss consideration arising out of the traditional personal injury and property damage considerations.  The court stated that “in a grocery transaction where a customer uses a debit or credit card, a jury could find that there is an implied contractual term that Hannaford will use reasonable care in its custody of the consumers' card data, the same level of care as the negligence tort . .”  Hence, the conclusion was that consumers can recover when payment data are stolen, against a merchant, if the merchant's negligence is the direct cause of the loss in the customer’s account.  In this case, the negligence analysis was drawn to delineate breach of a duty of care and causation of the loss of data security.

[1]In re Hannaford Bros. Co. MDL Docket No. 2:08-MD-1954. United States District Court, D. Maine. May 12, 2009.

[2] Personal Identifying Information
Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2017, all rights reserved Lorenzo Law Firm, P.A.