What about an Open Web Health Report?

report_card_1We often talk about the “Open Web” or “the web as a platform” and it certainly resonates from some, but for others, not so much. It’s a murky concept for sure. Prior to my time at Mozilla, I must admit that I didn’t spend a lot of cycles thinking about the web as a platform, what’s important about it, the key attributes, much less its health. Like most of us, I just used it and assumed it would always be there. My sense is that people think about the open web about as much as they did the “environment” before the environmental movement first gained broad traction in the early ’70s.

Given that much of Mozilla’s mission is about nurturing and creating a healthy web environment, it seems we should have some way to understand and track its health. Just like a doctor wants to understand your symptoms before treatment, or a business tracks its inventory, maybe we need the same thing for the open web. Perhaps there’s a need for some kind of report that tracks key metrics that would give us qualitative and quantitative insight into the health of this so called open web.

There are plenty of reports that monitor traffic like Keynote or Akami’s State of the Internet report that highlights attack traffic, connection speeds, Internet penetration, etc. These are all good but there’s more to the health of the open web than traffic, speed, and adoption.

A clear understanding of the current state and trends should inform our strategy and let us know where, when, and if we have been successful. It would also tell us when we weren’t. Knowing the problem is certainly the first step to solutions. Ten years ago when one browser had roughly 90% market share it was easy to see the problem. Today – not so much.

So how would you do it? First there would have to be some common understanding of the attributes of the open web we want to monitor. This itself is no easy task, but the 80/20 rule seems applicable here. Tantek did some great work a few years ago when he articulated three principle abilities that were essential to the “open web” namely:

  1. publish content and applications on the web in open standards
  2. code and implement the web standards that that content/apps depend on
  3. access and use content / code / web-apps / implementations

In “Long Live the Web: A Call for Continued Open Standards and Neutrality” Tim Berners-Lee articulated universality as the key principle of the web. He also noted that “some of its most successful inhabitants have begun to chip away at its principles.” The FCC’s Open Internet Order articulated four key concepts that encapsulate the idea of net neutrality – one core principle. Google’s Sergey Brin described some of the same principles and threats in a 2012 Guardian interview. In some of our public policy work we attempted to identify “open web DNA” so we could better address policy threats. These all assume the existence of some common set of principles that underpin the open web.

The world is even more complicated today and I would posit that there are a wide range of additional metrics that collectively indicate the health of the open web and the vitality of the principles we care about. Many of these are not the traditional technical components, but commercial and external market factors that could serve as indicators for the abilities described above. For example, it may include factors like:

  • Diversity of service providers and ecosystems
  • Concentration of service providers, publishers, and applications
  • Adoption of open standards, APIs and languages
  • Security
  • User choice and control
  • Public awareness and activism
  • Content restrictions
  • Transparency
  • Interoperability
  • HTML5 developers
  • Relevant economic/growth indicators
  • Usage patterns and trends
  • Maybe even a disruption index

If this kind of report already exists, let’s use it more. If it doesn’t should we try to create it?

Patent Matters – Don’t Hate the Player, Hate the Game

The recent acquisition of the Netscape/AOL patent portfolio reminded me that an update on Mozilla’s patent strategy is long overdue. This post is about what we’ve done and what we could/should do in the future.

As you may have seen, there’s been a lot of patent litigation activity lately. The Yahoo suit against Facebook is one of the most surprising – at least to me. And the US Supreme Court just recently weighed in to re-affirm a long held axiom of patent jurisprudence that laws of nature are not patentable subject matter, so the judiciary is getting more active as well.

What’s driving the increase of patent activity? There are numerous drivers in my view including increased competition in the mobile space, the desire for competitive advantage particularly if a company is struggling in the market, and demands for incremental license revenues. Invariably, patent portfolios become more attractive tools for revenue and market competition when a business is not doing well or threatened.

The traditional strategy has been for each company to develop the largest possible patent portfolio to act as a deterrent against potential plaintiffs. This is known as a defensive approach. Others make no such claim at all, and still others do a bit of both depending on the circumstances. For early stage companies and start-ups, patent rights may also be important. If the business fails in the market, IP rights may turn out to be the most valuable asset for investors.

I personally struggle with the effectiveness of “build a big patent pool” as a one size fits all approach. It may not work if you’re way behind in the game or even conflicted about software patents. Also, if done organically, it simply takes too long. In other settings it may however make perfect sense, especially with enough resources and sufficient inventive material that is relevant to your competitors. I got to do this for a few years in my first in-house counsel job working for Mitchell Baker long ago where I was tasked with creating the initial Netscape patent portfolio.

So far Mozilla has not adopted the traditional strategy. A while back we made an exception to file four patent applications on some novel digital audio and video compression codecs co-invented with a contributor at the time. We assigned those applications to xiph.org, a non-profit focused on open video and audio codecs. The assignment included a defensive patent provision which prevents the patent from being used offensively. One of those applications has been published for examination as part of the standard USPTO patent application process. We believe that these applications may help in standards settings so we could achieve a better open standard for audio codecs. For better or worse, in the standards bodies participants use their IP to influence the standards and without some leverage, you’re left only with moral and technical arguments. We’ll see if our theory plays out in the future.

We haven’t filed other applications yet, but I don’t think the past should necessarily dictate the future. I can imagine many places where inventive developments are occurring that have strategic value to the industry, and where we want those protocols, techniques, and designs to stay open and royalty-free to the extent they are essential parts of a robust web platform. Ofcourse filing patent applications is one possible technique, but at those strategic intersections, I think we should entertain filing patent applications as one tool in our overall strategy.

In addition to patent filing strategies, there are other things we could  do including:

  • Adopting techniques to constrain offensive use, like the Inventors Patent Assignment with defensive use terms proposed by Twitter today. (+1 for Ben and Amac at Twitter for this)
  • Building out a robust defensive publication program. IBM wrote the book on this, maybe its time to make source code publications work the same way.
  • Developing an ongoing working prior art system available for defendants. We worked on a version of this a few years back, but the urgent beat out the important and no progress has been made since then.
  • Pooling patents with other like minded groups into safe pro-web entities with defensive protections. The pools need to be relevant to competitive threats for this to have value in my view.
  • Creating other disincentives to the offensive use of patents (similar to the MPL defensive patent provision) but relevant to larger parts of the web.

Sometime mid-year, I’d like to have a broader discussion to brainstorm further and prioritize efforts. Nonetheless, I’m pretty confident that given the changing landscape and markets, we’ll need to play in this domain more significantly one way or the other.

Comments supporting DMCA jailbreaking exemption

Every three years the US Copyright office, examines whether it will renew certain exemptions to the DMCA. In 2009 we submitted arguments supporting the EFF’s petition for the exemption of  jailbreaking from the DMCA. The Copyright office granted the exemption in 2010 which now expires at the end of 2012.

Although it seems a bit silly to have to do this every three years, we’re going to again file a brief supporting the exemption for jailbreaking, also known as “rooting.” EFF has more information here on the arguments and the process.

Based on feedback from developers around the Mozilla project, the brief will contend that rooting is important because it’s necessary to achieve competitive application performance on Android mobile platforms, to effectively debug applications, and for regression testing.  In addition, it’s even more critical now as mobile devices surpass desktop, and Internet access increasingly comes from mobile platforms.

We plan to file our comments on Friday afternoon. If you have ideas or thoughts that could be incorporated in the brief, please let us know. Alternatively, you can file your own comments, or if your flavor is petitions go here.

Homeland Security Request to Take Down MafiaaFire Add-on

From time to time, we receive government requests for information, usually market information and occasionally subpoenas. Recently the US Department of Homeland Security contacted Mozilla and requested that we remove the MafiaaFire add-on.  The ICE Homeland Security Investigations unit alleged that the add-on circumvented a seizure order DHS had obtained against a number of domain names.   Mafiaafire, like several other similar  add-ons already available through AMO, redirects the user from one domain name to another similar to a mail forwarding service.  In this case, Mafiaafire redirects traffic from seized domains to other domains. Here the seized domain names allegedly were used to stream content protected by copyrights of  professional sports franchises and other media concerns.

Our approach is to comply with valid court orders, warrants, and legal mandates, but in this case there was no such court order.  Thus, to evaluate Homeland Security’s request, we asked them several questions similar to those below to understand the legal justification:

  • Have any courts determined that the Mafiaafire add-on is unlawful or illegal in any way? If so, on what basis? (Please provide any relevant rulings)
  • Is Mozilla legally obligated to disable the add-on or is this request based on other reasons? If other reasons, can you please specify.
  • Can you please provide a copy of the relevant seizure order upon which your request to Mozilla to take down the Mafiaafire  add-on is based?

To date we’ve received no response from Homeland Security nor any court order.

One of the fundamental issues here is under what conditions do intermediaries accede to government requests that have a censorship effect and which may threaten the open Internet. Others have commented on these practices already.  In this case, the underlying justification arises from content holders legitimate desire to combat piracy.  The problem stems from the use of these government powers in service of private content holders when it can have unintended and harmful consequences.  Longterm, the challenge is to find better mechanisms that provide both real due process and transparency without infringing upon developer and user freedoms traditionally associated with the Internet.  More to come.

New European Commission Privacy Recommendations

The EC released its new privacy recommendations on Thursday to update the 15 year old EU privacy regime.  The report contains the Commission’s findings from their analysis over the past year and announces an intention to investigate a number areas in more depth with the goal of proposing legislation in 2011.  The impetus as described by the Commission is that today’s challenges “require the EU to develop a comprehensive and coherent approach guaranteeing that the fundamental right to data protection for individuals is fully respected within the EU and beyond.”

I suspect that for some the principles may be perceived as new administrative overhead and obstacles to an “optimum user experience.”  My quick take (personal opinion) is that the findings and areas of study represent a move in the right direction.  Ofcourse, the devil is in the details which will evolve over the coming year, so we’ll see. As the EC develops its new framework, finding reasonable and practical ways to implement the proposals will be essential to their success.

This is even more interesting given that the US Federal Trade Commission has indicated its coming out with recommendations soon. These would also likely result in legislation next year as well.  It would be great (if not just common sense) to see as much harmonization between the two frameworks as possible. We can still dream.

Welcome any thoughts or observations about the proposal. Some highlights from the report are shown below, but the report is worth the read.

  • The Commission will consider how to ensure a coherent application of data protection rules, taking into account the impact of new technologies on individuals’ rights and freedoms and the objective of ensuring the free circulation of personal data within the internal market.
  • The Commission will examine ways of clarifying and strengthening the rules on consent.
  • The Commission will consider:
    • introducing a general principle of transparent processing of personal data in the legal framework;
    • introducing specific obligations for data controllers on the type of information to be provided and on the modalities for providing it, including in relation to children;
    • drawing up one or more EU standard forms (‘privacy information notices’) to be used by data controllers.
  • The Commission will therefore examine ways of:
    • strengthening the principle of data minimisation;
    • improving the modalities for the actual exercise of the rights of access, rectification, erasure or blocking of data (e.g., by introducing deadlines for responding to individuals’ requests, by allowing the exercise of rights by electronic means or by providing that right of access should be ensured free of charge as a principle);
    • clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired;
    • complementing the rights of data subjects by ensuring ’data portability’, i.e., providing the explicit right for an individual to withdraw his/her own data (e.g., his/her photos or a list of friends) from an application or service so that the withdrawn data can be transferred into another application or service, as far as technically feasible, without hindrance from the data controllers.
  • The Commission will examine the following elements to enhance data controllers’

    • making the appointment of an independent Data Protection Officer mandatory and harmonising the rules related to their tasks and competences31, while reflecting on the appropriate threshold to avoid undue administrative burdens, particularly on small and micro-enterprises;
    • including in the legal framework an obligation for data controllers to carry out a data protection impact assessment in specific cases, for instance, when sensitive data are being processed, or when the type of processing otherwise involves specific risks, in particular when using specific technologies, mechanisms or procedures, including profiling or video surveillance;
    • further promoting the use of PETs and the possibilities for the concrete implementation of the concept of ‘Privacy by Design’.

Net Neutrality – Comments to the FCC

The FCC recently asked for additional comments in its ongoing proceeding regarding Open Internet Principles. In particular, the FCC sought specific input on whether the openness principles should apply to both wireline and wireless networks.

We submitted comments in response to the FCC’s inquiry supporting application of the Open Internet principles to wireless networks. Relevant portions of the submission are shown below:

There is, and should be, only one Internet. Historically, the Internet has not distinguished between various forms of content or how users access such content. This non-discrimination has allowed consumers and software developers to choose between locations, platforms, and devices, all without complex negotiations with transport networks. This freedom has been a key reason why the Internet is so creative, competitive, and consumer-friendly. Internet users now benefit from this flexibility as they access the Internet across a wide range of devices and access points including 3/4G, WiFi, and wired networks. The wave of new Internet enabled mobile devices, such as the iPhone, iPad, and a broad range of smartphones, including Blackberry, Palm, and Android based devices, will continue to drive exponential increases in mobile Internet access. The central fact is that wireless Internet access is as important as wired Internet access.

The increasing importance of mobile networks is not the only reason policy should be network agnostic. Users should not have a significantly different experience as they move back and forth between connection types, and they should not have to be aware that one regulatory regime (applicable to wired and WiFi access) protects their ability to access content of their choosing, while another regime (for mobile wireless) does not. At the end of the day, users are not deciding to access a “wired platform” and then a “wireless platform” – they are simply deciding to access the Internet, and their access to content should not depend on how they happen to connect at any given moment. Given the undisputed importance and growth of wireless Internet access, the value created by keeping all Internet access open and neutral, and user expectations of a single Internet, it is imperative that the Commission protect the entire Internet, not just the wireline portion. The best way to do this is to extend the open Internet principles to wireless providers and protect the Internet, not the network.

We trust the FCC will consider these comments, and the many others like them, in reaching its final decision.  You can submit your own comments here.

Related Links:

Search FCC for other comments

Open Internet Coalition Comments

CDT Comments

Updating the MPL

On Monday we announced a public process to update the Mozilla Public License. The goal of the update is to incorporate learnings gathered over the years so we can simplify, modernize, and make the license easier to use.  Mitchell Baker’s post this morning provides some good historical context and you can find more information about the process, rationale, and how to get involved on the MPL update web site. I’m pretty excited about the prospects although it’s going to be a big chunk of work and with any open process some respectful disagreement from time to time, but that’s ok.

More than a decade ago, I had the chance to work with Mitchell on the MPL. At the time, I had never worked on an open source license – nor had most attorneys back then. It seemed like another cool project to work on, but I certainly didn’t fully comprehend the possibility at the time. It was also my first exposure to creating legal artifacts in an open and transparent way. It was a bit of shock and I’m still in awe at how open source products are created.

In my experience practicing law, transactions come and go, and not often do you work on the same “deal” again. Especially in the Internet sector, it’s rare that that you get two shots at anything.  So this means either that the license is enduring, relevant, and worth working on again or perhaps more simply that I’m getting old. I opt for the former.

Helping Users Avoid Fraud Sites and Get the Real Firefox

A while back I posted on some of the various Firefox fraud schemes and deceptive sites that trick users into paying for Firefox or downloading malware branded as Firefox. The goal was to explain how we analyze these matters and discuss the tools available to address the problem.  Gerv recently posted on this as well – which was great.

What my last post on this subject didn’t do was talk about the specifics of particular cases. I can’t do that for a number of reasons – there are legal implications and in some cases what we say is constrained by law. However, we can do a better job of keeping those that submit reports informed, and a general update is long over-due, so here goes:

Over the past nine months, these are some of the activities we’ve undertaken in response to user reports we’ve received and activities we’ve discovered:

  • Asserted claims that caused 15 European (mostly German) sites to discontinue their deceptive practices involving Firefox and Thunderbird. These were the result of injunctions or cease and desist efforts (German courts have issued seven legal injunctions in response to our applications);
  • Reviewed more than 4,300 sites;
  • Reported a host of sites to regional consumer protection agencies;
  • Recovered 50 or so domains that were engaged in questionable activities (i.e. subscription traps or distributing malware);
  • Caused 122 US sites to discontinue unauthorized or infringing  practices in response to our requests; and
  • Alerted search engines to these practices when we thought they would act.

More info on European and US activities is available here. While this is really good, there’s more to be done.  Ultimately, we’ll need to address some of the even larger syndicates using legal tools. It seems operators of some of these sites are making so much money from the scams that they will spend even more money to assert frivolous defenses to keep it going.   Fortunately, the courts have to date, seen through these technical defenses.

Cease and desist campaigns, or filing injunctions where possible, is not a scalable or cost effective approach in the long run however.  Already, about 30% of Mozilla’s legal matters are trademark enforcement related.  Long term, to really scale to meet this problem, we’re going to need to explore alternative approaches that utilize organizations like Stopbadware.org, so users can be notified in advance when they end up on these sites.  In combination, we may also need more messaging to warn users about the subscription traps that exist. In the interim, however, we’ll continue to utilize the tools we have so fewer users are scammed and more get the really great product contributors have created.

As Asa Dotzler Tweeted recently: “If you’re being asked to pay for Firefox, it’s a scam! Firefox is absolutely 100% free. Always get Firefox from http://mozilla.com Please RT”

More to come.

Thoughts on Microsoft’s Settlement Proposal in the European Commission’s Tying Investigation

When the European Commission (EC) investigation started we articulated some principles we thought were essential for any remedy. Asa Dotzler did an exhaustive comparison of those principles against Microsoft’s proposal that can be found here. We’ve had some time to think more about Microsoft’s settlement proposal with the benefit of further clarifications from Microsoft about their intent. Overall, the proposal is a good step forward that if earnestly executed could improve browser choice and reduce the likelihood that non-IE choices are undermined by operating system behavior. The ultimate success of the proposal,  however, will depend on Microsoft’s long-term commitment to realize not just the words of the proposal, but its spirit, so a lot still remains to be seen.

Mitchell Baker provides some big picture observations about the proposal here. In the material below we’ve tried to articulate in detail those key aspects of the proposal that need modification (Protecting User Choices and the Ballot Mechanism). Our assumption is that the EC and Microsoft may be close to a resolution; thus, the ability to radically change the proposal may be constrained as a practical matter, but I’d welcome feedback on other essential terms or clarifications that may be missing.

Protecting User Choice of Non-IE Browsers:

Our most urgent concerns in the EC investigation related to protecting a user’s choice of a non-IE browser. The proposal largely addresses those concerns and should merit support if certain deficiencies are corrected.  These are described below:

Windows Update.  Not offering updates through Windows Update to an off-switched IE is a good start.  But most users won’t have IE turned off, even if they have other browsers as their default.  When IE is not the default, any launch of IE, user intended/initiated or not, may prompt the user to restore IE as his default browser. This may be a reasonable action for an intentional user-initiated launch of IE, but it’s an abuse when it’s not user-initiated and has the impact of undoing user choice.  Perhaps the language in Section 1, Paragraph 1 which states that “it [IE] can only be turned on through user action specifically aimed at turning on Internet Explorer” is designed to capture this, but it could be clarified to eliminate any uncertainty. Thus, the proposal should be modified to expressly state that Microsoft cannot use Windows Update to trigger any “Make IE the default” consideration unless the user launched IE intentionally and not just as a requirement of another process.

Tie-ins with Microsoft Applications.  Not including links, shortcuts, or icons for launching an install or download inside of Office 2007 is a good start; however, it’s just not enough.  Microsoft Office 2007 and other Microsoft programs should not “hard code” links, shortcuts, or icons to launch an already installed IE when IE is not the default browser.  If Microsoft applications need to launch a browser, they should only launch the user’s default browser.  Otherwise, with every launch of IE from its other applications, Microsoft is prompting the user to restore IE to the default status.  This has the effect of pressuring users to undo their default browser choice.  Thus, the proposal should be modified such that this provision applies to all Microsoft desktop software, and certainly to the already announced Office 2010.

Ballot Mechanism:

If a ballot is going to help provide consumers a meaningful choice, the proposal needs to be modified a bit. Below are some key aspects of the ballot that are currently not addressed sufficiently or that need modification.

Ballot Application.  The proposal states in Section 2, Paragraph 7 that “Microsoft will distribute a Ballot Screen software update to users within the EEA of Windows XP, Windows Vista and Windows Client PC Operating Systems, by means of Windows Update as described hereafter:..” The proposal later states in Section 2, Paragraph 8 that “The Ballot Screen will give those users who have set Internet Explorer as their default web browser an opportunity to choose whether and which competing web browser(s) to install in addition to the one(s) they already have.” It is unclear how this applies in the OEM channel. If Microsoft or other 3rd parties have paid for pre-installation of IE (or an IE derivative) in the OEM channel, the ballot mechanism should still apply. As currently drafted the ballot mechanism seems to only apply to “those users who have set Internet Explorer as their default web browser.” Does this include users who bought a PC with IE pre-installed? If not, it should. Perhaps this is an oversight or unintentional ambiguity.  Nonetheless, this aspect of the proposal should be modified such that it is clear that the ballot mechanism applies if IE is pre-installed by OEMs.

There’s another more complex question of whether the ballot should apply to any browser pre-installed with OEM distributions.  Some would say it should, since there are only a few parties who can compete economically in the distribution game, so why tie Microsoft and leave everyone else free to engage in the same behavior. Conversely, such other parties are unlikely to have monopoly power in the operating system market, nor are they the subjects of an investigation based on practices found to be anti-competitive. In the absence of an overwhelming and compelling justification, it seems unwise to tinker with this any more than is necessary, but it still doesn’t seem quite right.  I suspect these are exactly the kind of unintended consequences Mitchell Baker expressed concern about initially.

Download Process. A download link is insufficient for fulfilling user intent.  If a user clicks the download Opera link in the ballot, he is signaling intent to, at a minimum, try out Opera. Our data shows that only ~55% of users who click a download link will be able to complete the process of downloading and installing so that they may at least try out the new browser.  A download link, therefore, is insufficient to fulfill user intent. The most valuable change to promote the likelihood of fulfilling user intent would be to have the link trigger both the download and the execution of the installer at download complete. The second most important change would be to have the download also launch the vendor’s instruction page for completing download and install of the new browser.  Obviously this is a complex process that will take some thinking, and to make it really work, we would strongly recommend that the proposal include a Microsoft commitment to work with browser vendors directly in an informal group (including the EC) so the ballot implementation can be informed by the knowledge and experience of other browser providers. To date, Dave Heiner, Microsoft’s Vice President and Deputy General Counsel, has been receptive to comments from those outside of Microsoft. We hope this continues as the development teams engage more fully in making the ballot work as intended.

Ballot Screenshot.  The ballot as described in the screenshot is not unbiased as MS claims in the written proposal. It suffers from two major bias issues.

The first is that IE may become the default browser in more scenarios than the alternative browsers. IE may become the default by being selected. It may also become the default if the user simply ignores the ballot. It may also become the default if the user is unable to figure out how to use the ballot. Finally, it may become the default even if the user expresses a desire to try one of the other browsers but fails to achieve an alternative browser install (point 1. above.) The other browsers have only one, difficult and failure prone scenario to becoming the default. I don’t know how one would remedy this except partially by requiring the user to make a choice rather than treating no choice as a user preference for IE.

The second issue of bias is the ordering of the browser choices on the ballot. When presented with a question that interrupts the user’s “flow” the most common user response is to take actions, without serious consideration, that will remove the interruption. That often results in users simply closing the Window containing the interruption or in choosing the button or option they believe is most likely to remove the Window.  We strongly suspect that placement matters, and being the farthest most left position has some inherent advantage. Thus, having a mechanism to equitably mitigate this inherent advantage would make this a much better remedy. This will likely require further evaluation and testing, so the notion that the proposal can be adopted, implemented, and filed away, without subsequent iteration doesn’t seem plausible.

De-selection of IE. Section 2, Paragraph 8 further states that “Microsoft shall ensure that in the Ballot screen users will be informed in an unbiased way that they can turn Internet Explorer off.” Merely advising the user with text on how to turn IE off in the ballot is simply not enough to achieve the intended purpose of the remedy. The commitment should be modified so that IE is turned off seamlessly when the user selects a non-IE browser through the ballot screen, rather than through a separate procedure.  Even if a user does succeed in choosing and successfully installing an alternative browser as his default, IE will still occupy prominent real estate on the Desktop and Start Menu. The other browsers do not have this luxury and the advertising opportunity it provides merely through placement.  Consequently, the best way to ameliorate this is to offer the user the opportunity to _replace_ IE rather than to simply join it on the desktop. This could take the form of a “make this browser the new default and turn IE off when that’s done” option in the ballot.  Alternatively, Microsoft could provide an API to the IE off switch that could be used in the installers of other browsers to effect the same change.

Education. The ballot, as proposed, does nothing to educate the user as to what a Web browser is or how different browsers might offer different experiences. A user with no understanding of what a browser is and no explanation in the ballot to educate him will likely just dismiss the window as an unexplainable interruption. The ballot should introduce the user to at least a simple definition of what a browser is before offering the user a choice in browsers. It should probably go one step further and explain that the different browsers compete for superiority in the areas of ease of use, security, and customizability. A two-sentence introduction with this information will help users make a meaningful choice.

Testing and Evaluation. The term of the proposal is five years; however, there are no interim evaluation milestones. To evaluate the efficacy of the remedy, there must be some ongoing evaluation, otherwise how will we know if the ballot proposal made a difference, and if so, what did it actually change. Thus, an annual review by the EC should be part of the proposal. The review should include only data derived from public sources and Microsoft that comports with all applicable privacy directives.


For now, these seem to be the minimum set of changes required for an effective remedy. There are numerous other terms that could be adjusted, but these key points should be considered and addressed before adopting the proposal.

I’d like to thank Asa Dotzler who made significant contributions to this post.

FOSS Projects Working Together to Invalidate Patents

As many of you may know, there are a number of initiatives around regarding prior art that all tackle the problem of software patents from different angles.  Whether its Open Invention Network’s  Linux Defenders, post issue P2P, or our own infant Prior Art Share project, each relies upon an underlying principle of cooperation.  The fact is that the ultimate defense – the way to eliminate a patent – is via prior art. It’s no doubt harder, but permanent, like sunlight to vampires.

Non-infringement arguments work, but only for the specific implementation. Ofcourse when you’re the defendant, you’ll gladly take either, but the real challenge is finding good prior art and developing it into admissible evidence within the time constraints of an actual patent case with a tight trial schedule. It can both invalidate the claims and/or narrow infringement arguments. Even if you can’t invalidate, prior art can establish safe zones — you can’t infringe by practicing what was “known” prior to the invention.

Notwithstanding the various projects, imagine a world where an attack on one is an attack on all, and developers across multiple FOSS communities responded to a call to action, in a coordinated and organized fashion, to find relevant non-patented prior art in response to the assertion of a patent against a FOSS project. Something like a NATO pact, but workable and without all the politics. The global hunt for prior art would happen not after the 3rd or “N” settlement, but in the first instance. In such a setting, a potential plaintiff would have to carefully evaluate the risk of asserting its patent because if found invalid, the asset would be worthless, and the licensing/royalty game would be over.  We did this once before years ago in the Wang v. Netscape patent case, and it worked. In response, developers provided a massive amount of prior art we would have never found on our own.

This theory is again in action, see Red Hat’s blog on the subject. If you want to contribute your knowledge on prior art related to the Tom Tom case (programs, documents, publications, prior to the date of the patent, that disclose the elements of the claims) they’re collecting prior art references here. Obviously, there are other long term techniques like defensive publications, advance tagging of software programs so prior art is found more easily, eliminating software patents via legislation, but in the short term, cooperation may be the most effective technique.  For those interested, the network is already in place, and if you’d like to get involved let me know.


Get every new post delivered to your Inbox.

Join 435 other followers