I screwed up the first point of my argument. There is really 2 points there:

• 1) Running the US Patent Office as a cost-recovery operation is a mistake.

  The US Patent Office is a very small, but critical component of the US economy. It's purpose is "..to promote the Progress of Science and useful Arts.." (US Constitution Article One, Section 8(8).) But, once the USPTO became cost recovery, the primary goal became overshadowed by the more pressing goal of securing funding via patent fees. The primary effect of cost recovery is to guarantee immediate bureaucratic capture by the patent industry.

  The patent industry want's patents. Lots of them. They don't care about quality. In fact, most of the patent industry prefers to have vague, sweeping patents. Currently, patent quantity is up. Patent quality is down. Lawsuits are up. This is a desired outcome for the patent industry. But, what is good for the patent industry is not good for the rest of the country.

  Reform is painful, but simple. Admit cost recovery is a failed experiment. Revert the funding model to the model used 30 years ago. The USPTO must be centrally funded by the US government. Any collected fees should be returned to the US Government.

• 2) It is a mistake to organize the US Patent Office to create economic incentives to grant poor patents.

  Currently most of the revenue of the US Patent Office comes from GRANTING patents..

The rest of my arguments should have followed from there.

I apologize for my previous poor logic and exposition.

Miles

The process of reforming the US Patent Office appears to be fairly straight forward. Unfortunately, it requires political commitment.

The heart of the US Patent problems are both conceptual and economic. But the problems are easy to understand.

First, we have adopted the idea that more patents are better than fewer patents. This idea has been proven false. We believed that US Patents were a license to create. But, this is not true. US Patents are nothing more than a license to hire lawyers and sue a competitor. They don't guarantee creation or progress. They only guarantee legal action. A little legal action is necessary, but a lot destroys economies.

Since we believed that more Patents were better, in the last couple decades we have 'reformed' the US patent process to maximize the creation of patents.

We need to a admit we are wrong. Once we have managed to do that, reform is fairly easy. Reform should address:

• 1) Running the US Patent Office as a cost-recovery operation is a mistake.

  Currently most of the revenue of the US Patent Office comes from GRANTING patents. See the USPTO FY 2013 President's Budget page 37: www.uspto.gov/about/stratplan/budget/fy13pbr.pdf "..More than half of all patent fee collections are from issue and maintenance fees, which essentially subsidize examination activities."

  Also, if you examine the fee structure in Public Law 112 - 29 - Leahy-Smith America Invents Act, you see that patent application fees are 1/3 or less that the Issue fee. See: http://www.gpo.gov/fdsys/pkg/PLAW-112publ29/content-detail.html

  This means that, regardless of merit, about 1/3 of all patent applications must be granted in order to fund the US Patent Office. This economy creates unavoidable pressure to grant many patents that should not otherwise be considered. It also creates economic pressure that greatly decreases the time that can be devoted to examination.

  Reform could come in many forms, but the simplest and most reliable would be to eliminate and unify the Patent office fees into a single filing fee. This fee would provide no guarantee of receiving a patent, only a guarantee that your patent would be considered. This would free the Patent Office to be able to deny poor patents.

• 2) Granting too many Patents is a mistake.

  Currently, we expand the number of patent examiners based on demand. See the USPTO FY 2013 President's Budget, page 60, Gap Assessment: "Meeting this commitment assumes efficiency improvements brought about by reengineering many USPTO management and operational processes (e.g., the patent examination process) and systems, and hiring about 3,000 patent examiners in the two-year period FY 2012 and FY 2013 (including examiners for Three-Track Examination)."

  Again, the assumption is, more patents are better, even if it means decreasing examination, and increasing the number of untrained examiners. Poor quality is an inevitable result of this patent process.

  The resulting flood of patents creates patent thickets. These thickets eliminate competition and stagnate markets.

  Reform would require somehow limiting the number of granted patents in a field. This could be accomplished several ways. The easiest would be to restrict the number of Patent examiners. If you eliminate the idea of cost recovery, then the natural process of limited congressional funding would probably suffice to limit the examination staff. Patent quotas would also work, but an PTO quota would be subject to regulatory capture. Patent Quotas would work best if they were set by Congressional Act.

• 3) It is a mistake to grant all patents that meet minimum standards.

  A review of recent Patent Law will reveal that the minimum standard for granting a patent has consistently shifted downwards during the past few decades. We must abandon the idea that any patent that meets minimum standards is granted. Over time, the standard always degrades.

  Reform is easy. You rank Patent Applications according to an agreed measure of quality, and only grant the top few percent. Over time, the pressure will be to improve the quality of patent applications, instead of degrade them.

  My personal favourite measure of Patent quality is to rank them according to the damage they do to society. Compare the application to last years applications. Then, based on that comparison, give the patent application points for:

  • Relative lack of clarity in the invention description;
  • Relative lack of precision in the claims;
  • And lack of originality.

  Then only grant the top applications with the fewest points. This has the advantage of being fairly easy to measure, thus it is hard to challenge in court. Plus this ranking will greatly reduce the need to go to court to discover the scope of a patent.

As you can see, decreasing the number of future stupid patents is straight forward. The pressures that currently give rise to bad patents are fairly obvious. We can mitigate those pressures and institute processes that tend to increase patent quality. It is much harder to figure out how to survive the current flood of crappy patents.

Miles

The security group at USU documents, blocks and reports attack. It is part of our security response. We feel it is a cost effective part of our security posture. We have been doing it for 5 years.

We provide instructions to our users to help them setup and manage their SSH servers: https://it.wiki.usu.edu/ssh_description

We detect, document, block and report SSH portscans and SSH password guessing. We also have several SSH honeypots setup to collect lists of attack credentials. We check the honeypots to see if a USU credential has been exposed. A while ago, the FBI came by and asked about 9 IP addresses used in a hostile government sponsored attack. We were able to document that they had been detected and blocked. We were also able to provide the credentials that the attackers used.

When we first started reporting attack, the response was very poor. But now, about 1/3 of the abuse reports (to non-Chinese sources) result in confirmed, remote resolution. Now, almost all ISP's, CERTs, and large organizations are eager to receive a polite, accurate, and detailed abuse report. It is the easiest (and most common) way to learn that you have a compromised system.

As you have noticed, the hardest part is determining the proper point of contact. Most of the time, we can find one by carefully searching the whois and DNS information.

Our rational for documenting and reporting attack is given at: https://it.wiki.usu.edu/SingSingRational It includes:

USU IT Security attempts to document all attacking IPs on Singsing. This accomplishes 3 primary goals:

• * It creates memory of how USU is attacked. We need to know how we are attacked, so our defenses are anchored in reality.
• * It blocks attacking IPs at the USU border. We can specify a duration that is appropriate to the occasion.
• * It notifies the owner/ISP of the computer that they are attacking USU. Usually they are also innocent victims.

Lately (March 2012), at least 1/3 of the abuse reports (to non-Chinese sources) appear to result in remote resolution.

In addition, documenting/blocking/reporting has important secondary benefits:

• * Once a week, summary reports go out to our peers across the state, and to the FBI.
• * It keeps USU IT Security from developing the habit of ignoring attack.
• * Blocking attackers gives us a great deal of satisfaction. (Normally, we can't get no.)
• * It sends a message to attackers, that USU is not cheap, soft pickings.
• * We have demonstrated a couple times that the number of attacks drop off sharply a couple weeks after we begin religiously reporting attacking IPs.

Finally, we are convinced that reporting of compromise/attack is one of the few pathways that can lead to a more secure internet.

• * Computer owners/admins must know about their compromise to make sound decisions.
• * The current hacking environment is controlled by the economics of hacking. Reporting attack/compromise increases the risk/cost of hacking and decreases the reward.
• * If we help others to know they have problems, maybe someday, somebody will have similar mercy on us.

Miles

Nobody at the US Air Force seems to be thinking strategically.

• There are 2 major problems with offensive cyberwar:
• The USA has the most to lose. We are the most dependent on the Internet. It doesn't matter who initiates a cyberwar act, the USA will take the most damage. And, any cyberwar act by the US legitimises all other cyberwar activity. The USA has nothing to gain and everything to lose by offensive cyberwar preparation. This is why Schneier is advocating cyberwar treaties: https://www.schneier.com/blog/archives/2012/06/cyberwar_treati.html
• US offensive cyberwar preparations make the US internet more vulnerable. The NSA calls this effect the "Equities Issue". In order to create an offensive capability, we have to rob resources from our defence. In order to have an attack surface, we have to weaken our defences to create a vulnerability. For example, in order to have a "0 day" vulnerability, we have to chose to not disclose or fix it.

Granted, we can do some things to improve our defences without destroying ourselves. But, attempts at creating offensive cyberwar capability are careful and meticulous preparations for suicide. Any clear-thinking opponent will swiftly realize that they have everything to gain and nothing to lose.

Mel Brooks gave a good summary of our current situation: https://www.youtube.com/watch?v=Z_JOGmXpe5I

Miles

A good part of the ongoing patent mess is caused by the funding model of the US Patent Office. The problems become fairly obvious if you read the proposed 2013 US Patent and Trademark Office budget proposal at: www.uspto.gov/about/stratplan/budget/fy13pbr.pdf

Here are a few of the problems in the funding model:

• Page 37 of the budget: "..More than half of all patent fee collections are from issue and maintenance fees, which essentially subsidize examination activities."
• They charge a small, fairly trivial fee to file, and a much larger fee once your patent is granted. The ratio is about 3 to 1.
• Because Issue fees subsidise all other aspects of the P.O., they HAVE to approve roughly 1/3 of all patent applications to stay afloat.
• Page 12 of the budget: Currently they are backing up patent applications much faster than they clear them. 506924 patents filed last year. 669625 backlogged patents. So, they are currently trying to clear 1,176,549 patents using about 6600 examiners (178 patents per examiner per year.)
• Page 60 of the budget: "Gap Assessment: Meeting this commitment assumes efficiency improvements brought about by reengineering many USPTO management and operational processes (e.g., the patent examination process) and systems, and hiring about 3,000 patent examiners in the two-year period FY 2012 and FY 2013 (including examiners for Three-Track Examination)."
• So, the plan is to streamline the process even more and hire many more inexperienced patent examiners, and make them work faster.

So, we have a monstrous machine for issuing patents. It has to issue patents to stay alive. It is currently in severe pain because it can't issue patents fast enough. The current plan is 'fix' the situation by issuing patents faster and cheaper.

If congress really wanted to improve the quality of granted patents, the fixes seem fairly obvious:

• CHARGE ALL THE FEES UP FRONT on application.
• Don't tolerate modification after submission. This just allows people to game the system.
• One nation should never respect another nation's patents. This just lets a bad patent system wage war on everybody's economy.
• Incoming patents should be ranked on the quality of the patent application. Grade them on the curve, and only process the top few percent.
• Score incoming patents on the clarity of the invention description. Only the most clear should be approved. Unclear descriptions enable patent war.
• Score incoming patents on the precision of their claims..
• Score incoming patents on their lack of originality. Only the most original should survive.
• Total up the scores and quickly reject all but the best applications.
• A society should only pay for as many patent examiners as they can afford. More examiners always yields more patents. More patents are not better than fewer, higher quality patents.

Miles

The great Prophet Mel Brooks predicted our Cyberwar strategy in his metaphorical vision: Blazing Saddles:

• https://www.youtube.com/watch?v=Z_JOGmXpe5I
• http://www.imdb.com/title/tt0071230/quotes

Our (that is, the US's) Cyberweapons threaten ourself more than any other target. We are the most dependent on the internet We have the most to lose. We wave these weapons of self-mutilation around in the hopes that our intimidated foes will not force us to destroy ourself.

What could go wrong?

ALL Praise Irony and His Prophet Mel!

Miles

We just need to be patient, and keep publishing good code.

It takes decades to teach Government new tricks. At this point, it is barely aware that software exists. But, it is learning. It just takes time and lots of informed input.

Judge Alsup (the current judge in Oracle vs Google) is an example for our future. Once Government is seeded with individuals that understand software, we will finally see changes that make sense.

It is inevitable that eventually the Patent Office will acknowledge Free and Open Source Software (FOSS) as a partner. Both have the same general objective: To Advance Art and Science. Patents are an ancient tool. Patents are a poor tool for software. Patents are optimised for the physical world. FOSS is a modern tool that is optimised to properly handle societies need to advance the art and science of Software.

In the field of software, FOSS is a superior solution. FOSS provides all the goals of patents without the enormous costs of patents. FOSS provides: Publication; Implementation; and Motivation. FOSS creates stable and enduring infrastructure. All cheap and self organising. And without a crippling burden on the legal system.

The end-game is certain. Eventually Patents will not constrain FOSS. Probably we will see a statement along the lines of: FOSS has an automatic license to all patents. Therefore FOSS can not be sued for patent infringement. The only bit of uncertainty is the time-frame. It could be decades. It could be centuries.

The future for proprietary software is less simple. Proprietary software appears to be in need of patents. Proprietary software doesn't Publish. Society can't inspect Proprietary implementations. Society can't learn from and extend Proprietary software. And, any Proprietary software infrastructure can vanish in the blink of a vendor's eye. There are good reasons to keep Proprietary Software shackled to the Patent Office.

Miles

I'm allowing the immense scope of the problem to intimidate me.

I read the US Patent Office 2013 budget proposal: www.uspto.gov/about/stratplan/budget/fy13pbr.pdf I didn't believe what it said, so then I read the Patent Office fee structure: http://www.gpo.gov/fdsys/pkg/PLAW-112publ29/content-detail.html (see section 11).

The fee structure is all wrong. When you submit a patent application, you pay a small fee and cause the Patent Office to do a very expensive process. The process is documented on page 58 of the Budget Proposal. The Patent Office only collects more money if it approves the patent.

They discuss this problem on page 37: "..More than half of all patent fee collections are from issue and maintenance fees, which essentially subsidize examination activities."

The fee structure demands that REGARDLESS OF MERIT, the patent office has to approve about 1/3 of all patents submitted to it.

The Budget Proposal repeatedly discusses the problem of improving the quality of approved patents, but none of their proposals will cause businesses to submit better patent applications. Instead, they propose streamlining the evaluation process and hiring more patent examiners. See the Gap Assessment on Page 60.

So, we have this immense machine. It is central to our economy. It can only survive by approving patents. It is currently in pain because it can't approve patents fast enough. It is currently creating about 200,000 patents per year. You have to go to court to find out if a patent is valid, and what it covers. It costs about $20,000,000 to go to court. 200,000 * $20,000,000 = $4,000,000,000,000 (4 Trillion dollars) just in court costs. AND that is just this years patents.

When I think about giving this kind of money and influence to patent lawyers, I'm scared shitless.

That is why I think it would be better to just disable all existing patents and start over.

Miles

I have spent an instructive afternoon reviewing the nature of US Patent Office Funding:

• * www.uspto.gov/about/stratplan/budget/fy13pbr.pdf (United States Patent and Trademark Office FY 2013 President's Budget)
• * http://www.gpo.gov/fdsys/pkg/PLAW-112publ29/content-detail.html (Public Law 112 - 29 - Leahy-Smith America Invents Act)
• * http://www.nature.com/nbt/journal/v30/n2/full/nbt.2110.html (Nature paper on patent office funding.)
• * http://www.bloomberg.com/news/2011-10-05/congress-must-ensure-patent-office-funds-university-leaders-say.html (Bloomberg article on Patent Fee diversion.)

My initial impression that there was a 'greatest funding mistake' is way too optimistic. There is just no bottom to the Patent's office barrel of broken funding bits. But, let me list just a few:

• * Congress loves to steal the Patent office fees to fund other stuff.
• * Page 37 of the budget: "..More than half of all patent fee collections are from issue and maintenance fees, which essentially subsidize examination activities." They charge a small fee to file, and a much larger fee once your patent is granted. The ratio is about 3 to 1. Roughly 1/3 of all patent applications are granted. So, inherent in the design is a perverse financial incentive to grant patents regardless of the merits.
• * Page 12 of the budget: Currently they are backing up patent applications much faster than they clear them. 506924 patents filed last year. 669625 backlogged patents. So, they are currently trying to clear 1,176,549 patents using about 6600 examiners (178 patents per examiner per year.)
• * Page 60 of the budget: "Gap Assessment: Meeting this commitment assumes efficiency improvements brought about by reengineering many USPTO management and operational processes (e.g., the patent examination process) and systems, and hiring about 3,000 patent examiners in the two-year period FY 2012 and FY 2013 (including examiners for Three-Track Examination)." So, the plan is to streamline the process even more and hire many more inexperienced patent examiners. Yea! More crap patents!

So, we have a monstrous machine for issuing patents. It has to issue patents to stay alive. It is currently in severe pain because it can't issue patents fast enough. We need to 'fix' the situation by issuing patents faster.

Seems like the real fix would be:

• * Collect most of the money up front.
• * Force simpler patent applications
• * Say no a lot more often.
• * And slap any silly congresscritter that thinks this should be a money-making operation.

Miles

The patent debate has fallen victim to 2 big lies:

• 1) Patents are good. More patents are more good.
• 2) Patents belong to the patent holder.

Patents are monopolies. Years ago, they were monopolies of action. Modern software and business method patents are monopolies of action, expression, and speech.

Monopolies are expensive. They damage free markets. They always drive up the cost of goods and services. They are taxes on market places. We have forgotten that patents are monopolies. Somehow the patent lawyers have convinced us that patents are a measure of innovation. This great lie has blinded us to the fact that patents actually measure the decay and destruction of free markets.

The second lie is actually more pernicious, since it blocks our pathway forward. Patents actually belong to society, not the patent holder. Patents are restrictions imposed on EVERYBODY BUT the patent holder. Patents are voluntarily imposed on a society, by that society, for the good of the society. If a patent was the property of the patent holder, it would be worthless, since no patent holder has the ability to enforce a patent. Only society has the ability to enforce a patent.

Since patents belong to society, then they can (and ultimately must) be managed for the good of society.

Once we dispel these 2 grand deceptions, the way forward is fairly clear:

• First, we must stop the hemorrhaging. Our society can't tolerate a patent office that produces enormous numbers of crappy patents. The damage to our economy is literally in the trillions of dollars. A limited nuclear exchange on US soil would be less expensive. We must shutdown the patent office until we can figure out how to restructure it to produce limited numbers of high quality patents.
• Second, we must produce a method to cheaply dispose all our toxic, crap patents. Litigating them would destroy us. We need a cheaper way to get rid of them. The best would be an executive order (or legislative act) disabling every patent granted (or in process) for the last 20 years.

I suspect we can ultimately fix almost all our patent problems by returning the patent office to central funding. Funding the patent office from patent fees has got to be our greatest mistake.

Miles

Well, yah. But:

1. We have closely monitored our part of the internet for years. No other search engine behaves like this.
2. A University really, REALLY doesn't want anybody indexing all the things that respond to TCP/80. Again, Yandex is the only one trying.
3. They pay me good money for that paranoia.

And, yes, we also react to any other form of external vulnerability analysis, including TCP/25 scanning. It's funny. There is an endless number of hackers willing to find our vulnerabilities, but they almost never give us a chance to fix the problems. It's amazing the number of people trying to make a buck out of our misfortune. Here was a fun one: https://it.wiki.usu.edu/20120101_China_Test

Miles

I have seen Yandex searching wide ranges of IPs for web servers. See: https://it.wiki.usu.edu/20111007_BeEvil You may want to give some thought to blocking the Russian Google-wanna-be Yandex. They may have have flipped their 'Evil' bit. In 2012, you should not find public web servers by scanning for TCP/80 and TCP/443. If you want to find public web servers, you spider the web. Or ask Google. If you scan the internet for TCP/80 and TCP/443, you will find private management interfaces. You find printers, routers, switches, control systems, web cams, network attached storage devices, and work-flow services. You will probably find more SCADA devices than actual public web servers. The results of this search are of great interest to the hacking community. It has very limited utility for anybody else. This is not trustworthy internet behavior.

Thanks for the link to Macaulay on Copyright. It is extremely relevant. His summation was amazingly prescient:

"And you will find that, in attempting to impose unreasonable restraints on the reprinting of the works of the dead, you have, to a great extent, annulled those restraints which now prevent men from pillaging and defrauding the living."

This is the modern copyright wars in a nutshell. Copyright can NOT exist in defiance of common sense. It must be reasonable or it will destroy our respect for the law. If we wish to continue as a lawful nation, we must restore reason to copyright.

Reason would look like:

• Copyright should last 20 years.
• Things that can't be copied (IE works with effective technical copying restrictions) are not subject to copyright.
• And, either no punishment for non-commercial copying or the punishment is limited to just the actual cost of buying a copy.

But, when negotiating with a crazy opponent, you can't begin with reason.

Our initial negotiating position must be:

• Copyright is only granted to works submitted to the Library of Congress.
• Mandatory licensing. Anybody can get a copy from the Library of Congress at any time for $1
• Copyright duration is 5 years, with 1 renewal.

Miles

I remember the Michaelangelo virus. Lets see.. Yep. I still have a copy. I suppose I ought to throw that old box of floppies away. I've still got: Michaelangelo, Stealth, Stoned.. I used to use them to test and calibrate virus checkers. A month before Michaelangelo triggered, we did some sampling and determined that it was on hundreds of University computers. So, a couple dozen of us had a hectic month chasing it down and eliminating it. It was everywhere. President's office. Multiple Deans. Tons of Researchers and Faculty. If we ignored it, then the loss would have been immense. Come March 6th and we only lost 2 computers. We all breathed a big sigh of relief. Next day, the University paper complained that we had over-rated the threat. I told them I had copies of the virus. I would be glad to put it back on their computers and change the date. Didn't get any takers. Security is full of no-win situations. Sometimes, the best you can do is keep them alive to complain.

I am also security @ public .edu. Our approach to security and network monitoring is similar to the parent's. At one point, I made a YouTube video on USU's approach to security monitoring: https://www.youtube.com/watch?v=dQc5FU_jqCk Basically, we feel that you can't have good thinkers, or great researchers if you tighten the screws too tight. Miles