The decision, IMHO, gives you what you need to know about the facts of the case in order to understand the significance of the decision. 56 pages is enough reading in my view, for our purposes. If you want more you can go on PACER and get hundreds of additional pages from the case file.

Yeah, definitely

1. I don't have a paralegal to work on my blog. I do all this stuff myself.

2. The guiding principle of Recording Industry vs The People since its inception in 2005 has always been that it is designed for readers who are smart enough, and serious enough, to read the actual litigation document rather than let someone else tell them what it means.

3. The blog post doesn't link to Slashdot for "more details" it links to it for "Commentary & discussion".

4. Most Slashdotters, I have found, do read the story and litigation document... not every word, but enough to form their own opinions.

5. And no, thanks, I am not looking for you to explain to me what the decision says; I read it, and I know exactly what it says.

Well he shouldn't call something "obscure" just because he's too lazy to read it, and wants someone else to tell him what it said.

Obscure? You calling my blog obscure?

There is no "backstory". Just read the front story.

We finally found the NSA mentioned in the same sentence as an actual, tangible, external threat. And now we see that instead of attacking them, they are giving them money?!? How can they get confused on this? You ATTACK enemies. You HELP friends.

The Exploit marketplace (here symbolized by VUPEN) is possibly the greatest threat to to existence of the internet. You can fight mistakes. You can fight attackers. But it is almost impossible to fight economics. The exploit market is creating an economy that creates and enables exploit. It is a great driving force reconfiguring the Internet for Attack, instead of Defense.

VUPEN is a worthy opponent. The NSA should hack them front, back and center. They should never pat them on the head and give them money.

It looks like the Exploit Marketplace was dreamed up, founded and sustained by the NSA. The leaked Black Budget showed that the NSA devotes huge resources to purchasing exploit. We have also learned that the NSA's budget included vast resources to create exploit:

So, the NSA creates exploit in everything they can influence. And they can influence almost everything. The NSA purchases exploit. Many times, they must be purchasing info on the exploits that they created. They preserve exploit. They mask everything in secrecy. And it all enhances the exploit marketplace. The NSA is no longer debating the Equities issue (https://www.schneier.com/blog/archives/2008/05/dualuse_technol_1.html ) They have only token interest in defending the Internet.

If we could just get the NSA out of the exploit market, the whole thing would probably collapse like 2008's Housing bubble.

I'd like to think that this mess is unintentional. But many of the recent changes to the USPTO appear to have optimized it to create lots of poor quality patents. I believe that we could reverse these changes. But, we would need to muster the political will to admit we have made mistakes. I have listed some of these obvious structural problems at: https://plus.google.com/b/101806809558932714222/101806809558932714222/about

I believe that the most serious problems with the structure of the USPTO are:

• 1) More patents are not better than fewer patents. Patents are not Innovation. Patents are not Progress. Patents are simply grounds to file a lawsuit against an industry. More Patents are simply more grounds for more lawsuits. An occasional lawsuit might spur innovation. BUT LAWSUITS DO NOT PRODUCE. Lawsuits are parasitic on innovation and production. Reform must recognize that patents are dangerous monopolies. Reform must place hard limits on the number of patents.
• 2) Running the US Patent Office as a cost-recovery operation is a mistake. The US Patent Office is a very small, but critical component of the US economy. It's purpose was "..to promote the Progress of Science and useful Arts.." (US Constitution Article One, Section 8(8).) But, once the USPTO started to become completely cost recovery, (See: Omnibus Budget Reconciliation Act of 1990, Title X, Subtitle B), that primary goal became overshadowed by the more pressing goal of securing funding via patent fees. The primary effect of cost recovery has been to promote the collection of patent fees. Reform is painful, but simple. Admit cost recovery is a failed experiment. Revert the funding model to the model used for the first 200 years. The USPTO must be centrally funded by the US government. Any collected fees should be returned to the US Government.
• 3) It is a mistake to organize the US Patent Office to create economic incentives to grant poor patents. Currently most of the revenue of the US Patent Office comes from GRANTING patents. See the USPTO FY 2013 President's Budget page 37: www.uspto.gov/about/stratplan/budget/fy13pbr.pdf "..More than half of all patent fee collections are from issue and maintenance fees, which essentially subsidize examination activities." A recent study by the Richmond School of Law found that the USPTO's actual grant rate is currently running at about 89%. In 2001, it was as high as 99%. See http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2225781 page 9. In 2001, it didn't matter if an application was overbroad, obvious, trivial, a duplicate, or unreasonable, they ALL got granted. Things haven't improved much since then. Reform could come in many forms, but the simplest and most reliable would be to eliminate and unify the Patent office fees into a single filing fee. This fee would provide no guarantee of receiving a patent, only a guarantee that your patent would be considered. This would free the Patent Office to be able to deny poor patents. The filing fee should be high enough to discourage spurious patent applications.
• 4) Scaling up the Patent Office to produce more poor quality patents is a mistake. Currently, we expand the number of patent examiners based on demand. See the USPTO FY 2013 President's Budget, page 60, Gap Assessment: "Meeting this commitment assumes efficiency improvements brought about by reengineering many USPTO management and operational processes (e.g., the patent examination process) and systems, and hiring about 3,000 patent examiners in the two-year period FY 2012 and FY 2013 (including examiners for Three-Track Examination)." Again, the assumption is, more patents are better, even if it means decreasing examination, and increasing the number of untrained examiners. Poor quality is an inevitable result of this patent process. Reform must tightly control and limit the number of patent examiners.
• 5) It is a mistake to grant all patents that meet minimum standards. A review of the last couple decades changes in the patent approval criteria will reveal that the minimum standard for granting a patent has consistently shifted downwards. We must abandon the idea that any patent that meets minimum standards is granted. Over time, the standard always degrades. Reform is easy. We rank Patent Applications according to an agreed measure of quality, and only grant the top few percent. Over time, the pressure will be to improve the quality of patent applications, instead of degrade them.
• 6) Finally, I suggest that it is a mistake to allow patent applicants to modify or extend their patents after submission. This complicates the patent pipeline. It facilitates ‘submarine’ patents. It enables capturing Standards. It also enables gaming the patent system. Reform must simplify and reduce the patent process. Patents should be quickly evaluated. Most should be denied. If an applicant wishes to modify a denied patent, they should alter it, resubmit, and pay a new filing fee.

Congressman Holt,

Thanks for your efforts. But please remember that you have other, more effective tools at your disposal. The NSA has shown themselves a master in creative interpretation of law. Any new law will be twisted to their purposes. Then there will be years of appeals in the courts. Before you attempt new laws, you should immediately reassert Congress's most basic and irresistible power: The power to control the purse.

Your first act should be to slash the NSA's budget in half.

It is like working with a mule. First, you have to get their attention. As you slash their budget, explain that many of the NSA's actions have been dishonest. They have created long term problems for the rest of the country. And they have been spending their budget in ways that congress does not approve.

After you slash their budget, ask them to give the complete Congress a full accounting of how they intend to spend their remaining budget. Give them a week.

If they waffle or present an incomplete accounting, then cut their remaining budget in half.

Don't worry about the NSA. They have tens of billions of budget. You can cut their budget in half several times and they will still be able to support their best analysts. Their hardware is cheaper and more powerful than ever before. Even after the cuts, they will be as effective as any time in the past few decades. But, the cuts will remove their ability to dominate entire industries. And they will not be able to use that support to justify their illegal and unethical acts. And that is a good thing.

Above all, don't let the executive branch deter you. Controlling budget is your natural, constitutionally mandated role. Congress has been shirking their duties lately. The Black Budget has been a shameful abrogation of your responsibilities. Controlling the budget of the executive branch is your job. Don't let anybody talk you out of it.

It may take several rounds of budget cuts, but eventually they will come back in line. Then you can use law to guide them.

Unless the product has been certified for use with classified information, that's not much of an assurance. The government has its own internally-developed tools -- which presumably it has confidence in (SIPRNet, etc.) -- for protecting information that it deems sensitive. The NSA might well decide that subverting a commercial tool is worth the risk of compromising something that's used by the government, but only in relatively trivial ways.

I don't know enough to impugn Zimmerman et al, but I don't think "it's used by the government!" is necessarily a great seal of approval, unless it's a formal certification (e.g. NSA Type 1 listing) saying that it can be used to protect classified information. And I'm not aware of any COTS software products that are on the Type 1 list; the NSA only approves particular hardware implementations (at least that I've seen, though I'm happy to be corrected although I'd be surprised).

As a security professional, one of my greatest threats is the Exploit Marketplace. You can fight mistakes. You can fight attackers. But it is almost impossible to fight economics. The exploit market is creating an economy that creates and enables exploit. It is the greatest driving force optimizing the Internet for Attack, instead of Defense. Now, it looks like the Exploit Marketplace was justified, founded and sustained by the NSA. We have learned that the NSA has enormous budgets devoted to purchasing exploits. Today we learn:

"The NSA spends $250m a year on a program which, among other goals, works with technology companies to 'covertly influence' their product designs."

So, the NSA creates exploit in everything they can influence. And they can influence almost everything. The NSA purchases exploit. Many times, they must be purchasing info on the exploits that they created. They preserve exploit. They mask everything in secrecy. And it all enhances the exploit marketplace.

If we could just get the NSA out of the exploit market, the whole thing would probably collapse like a real-estate broker's wet dream.

The other chilling revelation is the names of these programs:

"The NSA's codeword for its decryption program, Bullrun, is taken from a major battle of the American civil war. Its British counterpart, Edgehill, is named after the first major engagement of the English civil war, more than 200 years earlier."

The NSA has crappy internal discipline. Instead of using meaningless codewords for project names, their codewords frequently describe the project. PRISM described how the NSA collects info. These project names shout that the NSA is fomenting civil war. They are at war with the rest of the country.

• * The NSA must be stripped of it's ability to create exploit.
• * The NSA must be stripped of it's ability to purchase exploit.

If we survive as a nation of liberty, the NSA must serve us, not attack us.

Oh sorry.

Yeah, who reads the USPTO blog anyway? :)

I'm afraid I have to agree with you. It just doesn't make sense to me. Something doesn't compute.

That's not the comment form for the actual report, that's just a post for blog post comments.